openstreetmap-website

Author	SHA1	Message	Date
Tom Hughes	a42b654606	Make the "remember me" option work as intended	2024-11-13 12:18:23 +00:00
Tom Hughes	20bdbb05c3	Switch to using rails builtin content security policy support	2024-05-22 16:38:59 +01:00
Tom Hughes	74cc88fce4	Stop using the session to persist the referer during login	2024-05-06 10:55:07 +01:00
Milan Cvetkovic	9649b192c0	Add preferred provider social signup - Add preferred provider for authorization to login and signup pages. To use, the 3rd party application would have to add `preferred_provider=...` parameter to OAuth2 authorization request. - Resize 3rd party provider icons - Add "login to authorize" heading to login and signup screens	2024-04-29 11:32:54 +00:00
Tom Hughes	4dff06a629	Use rails tokens for signup confirmations	2024-02-24 13:53:05 +00:00
Simon Legner	a0aef5c722	SessionsController: strip username	2024-02-11 21:53:03 +01:00
Tom Hughes	dc28f1dccc	Fix new rubocop warnings	2022-11-22 18:32:02 +00:00
Andy Allan	972249ce9d	Reconfigure the suspended flash message to avoid html_safe This also avoids having raw html in the translation strings	2022-11-17 12:04:28 +00:00
Tom Hughes	40ec4734fb	Fix new rubocop warnings	2022-05-16 19:16:53 +01:00
Tom Hughes	988d7cd90d	Remove form_action restrictions for sessions#login Login may redirect to ouath2_authorizations#create which may then redirect to arbitrary schemes if the application is already authorized so we need to allow login to redirect to any scheme. Fixes #3424	2022-01-17 11:01:07 +00:00
Tom Hughes	407b61857e	Improve fallback behaviour for unsafe referer redirects	2021-11-23 17:18:41 +00:00
Tom Hughes	bf3743f190	Add missing callbacks to session controller	2021-03-29 20:36:07 +01:00
Andy Allan	f18baae22e	Refactor login/logout into sessions controller Certain controller methods are shared with oauth-based logins, and these have been moved to a concern.	2021-03-24 11:32:46 +00:00

13 commits