Omniauth-microsoft_graph correctly populates 'email' and 'name' fields used by OpenStreetMap.
It also uses updated endpoints for Microsoft identity provider.
Use email address returned by microsoft_graph provider as a verified address.
Upgrading exisiting users from windowslive to microsoft_graph:
- upon next login existing `windowslive` users will have to authorizei
OpenStreetMap application to "Read Your Profile," required for proper reading
of display name field.
The name of the identity provider in OSM is kept to 'windowslive':
- the entries in users table with `provider == 'windowslive'`
can be reused for microsoft_graph provider, since
the uid field is preserved. Users will not need to repeat the sign up process.
- OAuth2 callback is still `/auth/windowslive`, no updates to Microsoft Identity Provider portal
App registration are necessary.
The kramdown converter for markdown uses inline styles for table
column alignment which gets lost when we strip the styles so add
bootstrap classes to replace it.
All the entries in the new framework defaults were enabled a while
ago, apart from the cookies serializer which is already defined in
config/initializers/cookies_serializer.rb
The delayed_job gem does not currently perserve keyword arguments
properly leading to errors when running under ruby 3 and try to run
a job that requires them.
This affects our deferred mail deliveries so we monkey patch the
mail delivery job to unpack the hash from the normal arguments and
use it to provide the expected keyword arguments.
https://github.com/collectiveidea/delayed_job/issues/1134
This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.
As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.
