cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13227 commits 4 branches 1 tag 499 MiB
Commit graph

2222 commits

Author SHA1 Message Date
Tom Hughes
45f0589e62 Merge remote-tracking branch 'upstream/pull/4329' 2023-11-28 22:21:50 +00:00
Tom Hughes
2153e00f9f Drop ACL check from notes#comment as we no longer allow anonymous comments 2023-11-23 16:56:07 +00:00
Anton Khorev
b5f8df642a Disallow account deletion after confirmation 2023-11-22 17:37:04 +03:00
Tom Hughes
f08fb4f30f Prevent API tokens without write_notes creating attributed comments 
Fixes #4362
 2023-11-22 12:30:39 +00:00
Milan Cvetkovic
aeb4271a27 Do not merge zoom/lat/lon options with oauth_return_url 2023-11-21 13:01:52 +00:00
Milan Cvetkovic
1fbd1d11c4 Extract welcome_options function to simplify save function 2023-11-21 11:56:09 +00:00
Milan Cvetkovic
87a5a0844b Welcome screen works with confirmation email too 2023-11-21 11:56:09 +00:00
Milan Cvetkovic
60c885d071 Welcome screen displays 'Continue with authorization' 
do not hide notes
 2023-11-21 11:56:09 +00:00
Anton Khorev
f23993a4df Remove 'need to return bbox' comment on conditions_bbox 2023-11-21 13:55:35 +03:00
Tom Hughes
aaed886890 Hash passwords as soon as a new user is created 2023-11-16 01:02:11 +00:00
Tom Hughes
b1553135fc Preserve pass_crypt_confirmation in the new user hash 2023-11-16 00:29:49 +00:00
Tom Hughes
cebda5ffb9 Merge remote-tracking branch 'upstream/pull/4319' 2023-11-15 17:14:49 +00:00
Tom Hughes
ba503e02d2 Enforce rate limit for API calls which make changes 2023-11-02 08:59:57 +00:00
Tom Hughes
898a3882c5 Avoid storing user records in the session during signup 
This works around an issue with rails failing to preserve attribute
change flags and is in line with upstream advice against storing models
in the session in this way.

https://github.com/rails/rails/issues/49826
https://github.com/rails/rails/issues/49827
 2023-10-29 10:13:28 +00:00
Tom Hughes
f6d1b6cda4 Fix rails 7.1.0 deprecation warning 2023-10-06 19:07:47 +01:00
Andy Allan
1700c23dd1 Prefer find_by() instead of where().first 
These are very similar, differing only if we would expect multiple
results and the sorting is important. However, in all our cases
we're only expecting one result to be returned, and so find_by is
easier to read.
 2023-10-04 17:53:58 +01:00
Tom Hughes
85b17a1f2a Merge remote-tracking branch 'upstream/pull/4240' 2023-09-14 17:42:04 +01:00
Tom Hughes
144c48737b Merge remote-tracking branch 'upstream/pull/4239' 2023-09-10 18:47:07 +01:00
Anton Khorev
9c9edb6054 Remove authorize_web call from traces api controller 2023-09-09 19:40:28 +03:00
Anton Khorev
71654e563e Add show user block api endpoint 2023-09-09 15:53:22 +03:00
Anton Khorev
e143726f1a Combine comments and traces pagination partials 2023-09-09 14:33:59 +03:00
Anton Khorev
a780a7456f Don't interpolate in pagination partial 2023-09-09 14:33:58 +03:00
Anton Khorev
c213abb8e3 Refactor diary paging queries 2023-09-09 14:23:11 +03:00
Anton Khorev
299c59e34f Change diary comments pagination to before/after id 2023-09-09 14:23:10 +03:00
Tom Hughes
d1d3c2597e Handle timeouts inside a view for API calls 2023-09-07 00:32:11 +01:00
Tom Hughes
be3baea4de Merge remote-tracking branch 'upstream/pull/4222' 2023-09-03 18:54:18 +01:00
Anton Khorev
11df872c3e Add bbox parameter to notes search api 2023-09-03 11:26:05 +03:00
Anton Khorev
0ef4a299bb Check required bbox parameter presence outside of BoundingBox class 2023-09-03 09:47:27 +03:00
Tom Hughes
0b1cf53fb9 Drop non-functional check for nil email 2023-09-02 11:51:43 +01:00
Tom Hughes
431ff96b66 Merge remote-tracking branch 'upstream/pull/4216' 2023-09-02 11:48:56 +01:00
Tom Hughes
704781ad0b Add some additional preloads to notes#feed 2023-09-02 11:44:59 +01:00
Anton Khorev
f5c20527aa Move email-related methods to mixin 2023-09-02 13:43:41 +03:00
Tom Hughes
f32b4bc044 Move changeset comment rate limit check to a predicate method 2023-08-30 18:36:33 +01:00
Tom Hughes
a99450f558 Merge remote-tracking branch 'upstream/pull/4210' 2023-08-30 18:10:20 +01:00
Andy Allan
4af54ce93b Use Activerecord '#or' method for queries 
That let's us use relation names (like `sender`) and avoid dealing
directly with ids.
 2023-08-30 17:17:15 +01:00
Andy Allan
f5db9cbb20 Avoid using _id in queries 
This makes the queries shorter and easier to read.
 2023-08-30 17:08:16 +01:00
Andy Allan
124909a64c
Merge pull request #4193 from AntonKhorev/lookup-friend 
Lookup friend user before make/remove friend action
 2023-08-30 15:17:11 +01:00
Andy Allan
e68d4efc3c
Merge pull request #4197 from AntonKhorev/user-resources 
Move user lookup/error methods from app controller to concerns
 2023-08-30 15:11:57 +01:00
Andy Allan
a1657f03a8
Merge pull request #4202 from tomhughes/changeset-comment-limit 
Add rate limiting for changeset comments
 2023-08-30 11:12:40 +01:00
Tom Hughes
3422bb541d Merge remote-tracking branch 'upstream/pull/4198' 2023-08-27 09:46:10 +01:00
Tom Hughes
c7a31ebc5d Restore ordering of results from the users#index API call 2023-08-26 17:41:22 +01:00
ENT8R
be96aa7cb4 Sort users by their ids 2023-08-26 10:14:40 +02:00
ENT8R
b9c85c2697 Use where instead of find to prevent 404 2023-08-26 00:31:18 +02:00
Tom Hughes
a274726f46 Add rate limiting for changeset comments 
Fixes #4196
 2023-08-25 19:53:04 +01:00
Tom Hughes
63bf18a3c3 Add support for rate limiting signup requests 2023-08-22 18:45:17 +01:00
Anton Khorev
d6ec3bbc60 Lookup friend user before make/remove friend action 2023-08-21 17:44:50 +03:00
Anton Khorev
7de9f6a977 Lookup user before action in user's notes list 2023-08-21 17:31:59 +03:00
Anton Khorev
2d39ba7954 Render unknown user with concerns code in notes controller 2023-08-21 17:30:23 +03:00
Anton Khorev
4ceebefefa Move user lookup and error render to concerns 2023-08-21 17:29:55 +03:00
Tom Hughes
7054cea48e Merge remote-tracking branch 'upstream/pull/4190' 2023-08-20 18:49:32 +01:00