cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11229 commits 4 branches 1 tag 499 MiB
Commit graph

912 commits

Author SHA1 Message Date
Adam Hoyle
59e6cdebdc add osm-community-index and parse in communities 2021-08-11 23:45:44 +01:00
Adam Hoyle
86912a61df stub model and show in view 2021-08-08 23:28:44 +01:00
Tom Hughes
f1935b1c57 Merge remote-tracking branch 'upstream/pull/3257' 2021-07-21 19:24:31 +01:00
Tom Hughes
cd9a72e669 Merge remote-tracking branch 'upstream/pull/3263' 2021-07-21 12:16:08 +01:00
Tom Hughes
377f394a7c Treat association between users and OAuth 2 applications as polymorphic 2021-07-21 11:52:10 +01:00
Andy Allan
37b03e47c6 Fix various code comments 
These were found as part of #3233
 2021-07-21 11:24:23 +01:00
Tom Hughes
4d47cff5e1 Merge remote-tracking branch 'upstream/pull/3237' 2021-07-21 11:24:17 +01:00
Andy Allan
9b8f2bbcbe Remove code complexity around resetting language preferences 
This was originally introduced since we saved the user and showed
the result on the same action. Now that the preferences controller
saves and redirects, the user model and associated language preferences
are reloaded between requests, and this code is no longer required.
 2021-07-14 17:40:20 +01:00
Tom Hughes
da546af22e Allow acls to match on parent domains 2021-07-06 10:13:33 +01:00
Tom Hughes
b4a1e41968 Switch web site to use OAuth 2 2021-06-27 19:00:36 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
9603d718c2 Fix calculation of friendship rate limit 2021-05-11 15:49:48 +01:00
Tom Hughes
84c601460f Add rate limiting to user friendships 2021-05-11 12:10:36 +01:00
Tom Hughes
25510b6616 Add additional limits on sending messages 
Additional limits apply to new accounts and accounts with
unresolved issues reported against them.

Fixes #3135
 2021-03-31 22:40:34 +01:00
Tom Hughes
2d50a84004 Fix new rubocop warnings 2021-02-16 21:14:54 +00:00
Tom Hughes
3c4f32a760 Validate avatar images 
Closes #3097
 2021-02-16 17:37:18 +00:00
Tom Hughes
0654be27f9 Fix new rubocop warnings 2021-01-11 19:17:31 +00:00
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Tom Hughes
384ac46102 Convert id column for oauth_nonces to bigint 2020-12-14 14:48:59 +00:00
Tom Hughes
88ba316abe Merge remote-tracking branch 'upstream/pull/2999' 2020-12-09 14:51:04 +00:00
Tom Hughes
bfffe7ed96 Prefer string interpolation to concatenation 2020-11-13 11:32:28 +00:00
Tom Hughes
582402ba8f Prefer keyword arguments when method has optional boolean arguments 2020-11-13 10:22:55 +00:00
Andy Allan
a65cb84288 Remove unused code 2020-11-11 16:43:58 +00:00
Tom Hughes
7db541d697 Invalidate existing sessions when changing email or password 
As we don't have any way to actually find the active sessions for
an account we instead store a fingerprint in the session, and refuse
to use any session with a different fingerprint.
 2020-09-29 14:34:08 +01:00
Tom Hughes
c694c78c9a Delete any outstanding tokens when a user changes their email 
This ensures that any tokens previously sent to the old email address
can no longer be used if somebody were able to access that address.
 2020-09-29 13:47:40 +01:00
Tom Hughes
18b9b9f14c Fix new rubocop warnings 2020-09-07 07:11:22 +01:00
Tom Hughes
c2af89c00e Fix rubocop Style/SoleNestedConditional warnings 2020-09-02 18:54:55 +01:00
Tom Hughes
b7432e9432 Handle new rubocop warnings 2020-09-02 07:18:21 +01:00
Tom Hughes
ea59d95f4a Fix some new rubocop warnings 2020-08-06 22:27:30 +01:00
Tom Hughes
0e2a66e8de Fix new rubocop warnings 2020-08-06 18:42:16 +01:00
Tom Hughes
2d3972249c Fix some rubocop todos 2020-08-02 19:38:58 +01:00
Tom Hughes
6c159b9673 Fix the Command Injection warnings from Brakeman 2020-07-31 15:54:06 +01:00
Tom Hughes
9f993fe8c8 Fix new rubocop warnings 2020-07-07 10:44:52 +01:00
Tom Hughes
3abeeb7f41 Require open3 before using it 2020-06-26 19:40:37 +01:00
Tom Hughes
39b60219fe Fix new rubocop warnings 2020-06-11 19:21:41 +01:00
Andy Allan
0a33c66146 Convert lib files to model concerns 2020-06-03 16:44:26 +02:00
Tom Hughes
7e925c3c00 Look at all note comments to find the close event 
Fixes #2612
 2020-05-06 14:06:04 +01:00
Andy Allan
32e46ad4e3 Remove tempfile patch for trace data 
Effectively reverts c0d2ad40c3

This patch is no longer required, since we only use send_data in
combination with Tempfile.read and that all works fine.
 2020-04-22 15:16:46 +02:00
Tom Hughes
64b3e289ac Merge remote-tracking branch 'upstream/pull/2597' 2020-04-22 13:34:19 +01:00
Andy Allan
35db86714b Use Open3.capture2 instead of backticks, to avoid command line injection risks 
In this situation, trace_name can be trivially checked as legitimate, but this
removes any lingering risks from interpolating into a command line instead of
passing parameters explicitly.

Refs #2229
 2020-04-22 13:57:32 +02:00
Andy Allan
a219df24ca Ensure that urls are only valid if the entire string is a url 
This replaces our homegrown regexps (that didn't quite work) with
ruby built-in regexps, and uses the termination anchor to ensure
that the entire string, not just the first part, is validated.
 2020-04-01 17:53:37 +02:00
Andy Allan
73c95847a6
Merge pull request #2485 from mmd-osm/patch/json2 
JSON output nodes, ways, relations, map
 2020-02-26 15:55:48 +01:00
Tom Hughes
7b0d3aaf9f Fix translation names 2020-01-09 11:00:46 +00:00
Tom Hughes
b1e1572af3 Don't validate the revoker for a block if it hasn't changed 
The revoker only has to be a moderator at the time they make the
revocation - as things stood trying to view a block that had been
revoked by somebody that was no longer a moderator failed.
 2020-01-09 10:59:34 +00:00
mmd-osm
b54333fa6d Unify lat/lon formatting for json output 2020-01-02 14:52:53 +01:00
Andy Allan
040302286f Remove ignoring of nearby column 
This is the final stage in the process. Now that the migrations are run,
and apps restarted, it is safe to remove the ignore_column declaration.
 2019-12-11 18:08:31 +01:00
Andy Allan
a41d500b9f Create an ApplicationRecord for models to inherit from 
This is the default for Rails 5+, and also paves the way for
multiple database support.
 2019-11-27 11:50:48 +01:00
Tom Hughes
6ec02bcdb2 Merge remote-tracking branch 'upstream/pull/2440' 2019-11-20 19:01:13 +00:00
Andy Allan
8ad88b9ddc Move user preference XML generation to a view 2019-11-20 16:39:23 +01:00
Andy Allan
bc850d1d37 Move Relation.to_xml and to_xml_node out of the model and into tests 2019-11-20 15:45:28 +01:00