cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13084 commits 4 branches 1 tag 499 MiB
Commit graph

239 commits

Author SHA1 Message Date
Gregory Igelmund
a4edd3fd04
Annotate models 2023-10-14 11:19:13 +08:00
Tom Hughes
e210b4efbf Improve naming of changeset comment rate limit settings 2023-08-30 18:25:06 +01:00
Tom Hughes
a274726f46 Add rate limiting for changeset comments 
Fixes #4196
 2023-08-25 19:53:04 +01:00
Tom Hughes
6982903ae7 Fix predicate method names in the user model 2023-08-15 18:53:14 +01:00
Anton Khorev
033c032ed6 Add home location condition to user model 2023-08-11 21:44:15 +03:00
Tom Hughes
445e8162e9 Revoke authentication tokens when a user is deleted 2022-12-23 16:24:10 +00:00
Andy Allan
561ee71129 Rubocop autofix: ambiguous operator precedence 
This simply adds braces to clarify which mathematical operator comes
first.
 2022-04-06 14:55:29 +01:00
Tom Hughes
cbcc7dc49f Fix some rubocop Naming/PredicateName warnings 2022-03-03 22:47:55 +00:00
Tom Hughes
03fdc6d67f Add inverse_of to relationships that can't detect it automatically 2022-02-23 19:23:51 +00:00
Tom Hughes
53aa7259bb Merge remote-tracking branch 'upstream/pull/3345' 2022-02-13 18:39:21 +00:00
Andy Allan
2d47d6b4f8 Ensure that deactivate isn't available in production 
It's only used as a workaround for factories not being able to create
pending users while keeping active as the default
 2022-02-02 17:48:17 +00:00
Andy Allan
2731e7244a Add extra user transitions needed by the administrators 2022-02-02 16:37:50 +00:00
Andy Allan
1a11c4dc19 Use a state machine for user status 
The user status is a bit complex, since there are various states and
not all transitions between them make sense.

Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
 2022-01-12 18:16:14 +00:00
Tom Hughes
0ca2e10b1d Merge remote-tracking branch 'upstream/pull/3404' 2021-12-22 15:36:25 +00:00
Tom Hughes
5a70476d38 Merge remote-tracking branch 'upstream/pull/3403' 2021-12-22 15:26:23 +00:00
Andy Allan
99a64ba8c1 Remove unused require statement 
The corresponding code was removed in a65cb84288
 2021-12-22 15:08:06 +00:00
Andy Allan
40e8482825 Alias the user creation_time column 
This allows rails to set the created_at automatically, and so avoids
us from having to do so in a callback. It also hides the unusual
db column name from the rest of the app.
 2021-12-22 14:48:07 +00:00
Andy Allan
a863be8831 Rename User#delete to User#destroy 
"delete" is generally used for immediate SQL deletion without running
any callbacks or other ruby code, whereas "destroy" will trigger callbacks.

Although we don't currently use any callbacks, let's rename this method to
align better with the convention.
 2021-12-22 11:32:33 +00:00
Tom Hughes
ef85e8c7b3 Make the storage service to use for avatars configurable 2021-12-16 18:45:31 +00:00
Tom Hughes
f1935b1c57 Merge remote-tracking branch 'upstream/pull/3257' 2021-07-21 19:24:31 +01:00
Tom Hughes
377f394a7c Treat association between users and OAuth 2 applications as polymorphic 2021-07-21 11:52:10 +01:00
Andy Allan
9b8f2bbcbe Remove code complexity around resetting language preferences 
This was originally introduced since we saved the user and showed
the result on the same action. Now that the preferences controller
saves and redirects, the user model and associated language preferences
are reloaded between requests, and this code is no longer required.
 2021-07-14 17:40:20 +01:00
Tom Hughes
b4a1e41968 Switch web site to use OAuth 2 2021-06-27 19:00:36 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
9603d718c2 Fix calculation of friendship rate limit 2021-05-11 15:49:48 +01:00
Tom Hughes
84c601460f Add rate limiting to user friendships 2021-05-11 12:10:36 +01:00
Tom Hughes
25510b6616 Add additional limits on sending messages 
Additional limits apply to new accounts and accounts with
unresolved issues reported against them.

Fixes #3135
 2021-03-31 22:40:34 +01:00
Tom Hughes
3c4f32a760 Validate avatar images 
Closes #3097
 2021-02-16 17:37:18 +00:00
Andy Allan
a65cb84288 Remove unused code 2020-11-11 16:43:58 +00:00
Tom Hughes
7db541d697 Invalidate existing sessions when changing email or password 
As we don't have any way to actually find the active sessions for
an account we instead store a fingerprint in the session, and refuse
to use any session with a different fingerprint.
 2020-09-29 14:34:08 +01:00
Tom Hughes
c694c78c9a Delete any outstanding tokens when a user changes their email 
This ensures that any tokens previously sent to the old email address
can no longer be used if somebody were able to access that address.
 2020-09-29 13:47:40 +01:00
Tom Hughes
18b9b9f14c Fix new rubocop warnings 2020-09-07 07:11:22 +01:00
Tom Hughes
ea59d95f4a Fix some new rubocop warnings 2020-08-06 22:27:30 +01:00
Andy Allan
040302286f Remove ignoring of nearby column 
This is the final stage in the process. Now that the migrations are run,
and apps restarted, it is safe to remove the ignore_column declaration.
 2019-12-11 18:08:31 +01:00
Andy Allan
a41d500b9f Create an ApplicationRecord for models to inherit from 
This is the default for Rails 5+, and also paves the way for
multiple database support.
 2019-11-27 11:50:48 +01:00
Andy Allan
dd294f89b8 Ignore the users.nearby column 
This is the first step of removing the column, see #2417. It needs to be
deployed before a migration to remove it, since the columns are
cached in ActiveRecord and things break if objects exist in memory
that expect the column to be there.
 2019-11-13 14:19:32 +01:00
Tom Hughes
8a39c6b4a2 Drop old user image columns 2019-07-17 19:12:30 +01:00
Andy Allan
0444187cb6 Update annotations after 91a37235ac 2019-07-17 10:39:10 +02:00
Tom Hughes
91a37235ac Remove support for old style user images 2019-07-16 22:33:26 +01:00
Tom Hughes
905a7eadb6 Defer deletion of avatars to a background job 2019-07-16 08:27:14 +01:00
Tom Hughes
6c202448ad Move user images to Active Storage with paperclip as a fallback 2019-07-09 19:17:30 +01:00
Andy Allan
d33b1f6b29 Pass the models, not the ids, when dealing with friendships 2019-06-19 16:56:31 +02:00
Andy Allan
2169c503ef Rename user.friend_users to user.friends 
This is possible now since we've renamed Friend to Friendship
 2019-06-19 16:51:35 +02:00
Andy Allan
1cf8fec58d Rename Friend model to Friendship 
This better describes what the model represents, which is the relationship
between the two users.
 2019-06-19 16:39:25 +02:00
Andy Allan
4377e2bd55 Update annotations to correctly show bigint types 2019-05-29 11:52:20 +02:00
Simon Poole
077834704e Add links to the ToU and include them in signup 
- this adds links to the ToU in the Welcome box and on the About page
- adds a timestamp column to the users table to record acceptance of the ToU
- require ToU to be accepted before signup can proceed
- rearrange and change text on signup page
 2019-05-13 16:52:18 +02:00
Andy Allan
d102c9aaf4 Move all settings to settings.yml 
We leave the STATUS setting alone, since it's required before rails
boots. The test-specific settings now live in config/settings/test.yml
 2019-03-13 18:06:23 +01:00
Tom Hughes
7ccf6964e3 Prevent leading and trailing whitespace on email addresses 2019-03-08 11:17:51 +00:00
Tom Hughes
e174eb762f Strip leading and trailing whitespace for email authentication 
Fixes #2173
 2019-03-08 10:59:57 +00:00
Tom Hughes
d73a5d4bc0 Merge character validators 2018-11-05 18:54:19 +00:00