cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11252 commits 4 branches 1 tag 499 MiB
Commit graph

2036 commits

Author SHA1 Message Date
Adam Hoyle
8f529a337f Localise local chapters 2021-08-24 21:38:05 +01:00
Adam Hoyle
62ecf15975 Merge branch 'master' into feature/add-communities-page 2021-08-12 19:41:12 +01:00
Andy Allan
d797de4317 Use user_account_path for links to settings page 
Much easier to read than having to be explicit about controllers etc
 2021-08-12 17:09:07 +01:00
Adam Hoyle
26aecfb2bf add route to pass locale 2021-08-10 10:13:24 +01:00
Adam Hoyle
86912a61df stub model and show in view 2021-08-08 23:28:44 +01:00
Adam Hoyle
d8d1ab1776 add route for communities 2021-08-07 15:46:39 +01:00
Andy Allan
36f6d8d85d Fix redirect to terms path when not logged in 
This was missed during #3147 since it wasn't covered by a test.
 2021-07-28 16:36:13 +01:00
Tom Hughes
f1935b1c57 Merge remote-tracking branch 'upstream/pull/3257' 2021-07-21 19:24:31 +01:00
Andy Allan
403c8941a6 Ensure that flash message is shown in the updated language 2021-07-21 18:58:47 +01:00
Andy Allan
29efa4337c Remove incorrectly spelled helper_method 
The spelling of language is wrong here, and the correct version
is already there further down at the preferred_language method definition
 2021-07-21 17:28:23 +01:00
Tom Hughes
cd9a72e669 Merge remote-tracking branch 'upstream/pull/3263' 2021-07-21 12:16:08 +01:00
Andy Allan
37b03e47c6 Fix various code comments 
These were found as part of #3233
 2021-07-21 11:24:23 +01:00
Tom Hughes
4d47cff5e1 Merge remote-tracking branch 'upstream/pull/3237' 2021-07-21 11:24:17 +01:00
Andy Allan
caf2e2a242 Move profile-related settings to their own form 
Refs #3167
 2021-07-14 17:45:19 +01:00
Andy Allan
9b8f2bbcbe Remove code complexity around resetting language preferences 
This was originally introduced since we saved the user and showed
the result on the same action. Now that the preferences controller
saves and redirects, the user model and associated language preferences
are reloaded between requests, and this code is no longer required.
 2021-07-14 17:40:20 +01:00
Andy Allan
2403630da8 Split user preferences into a separate page 
Refs #3167
 2021-07-14 17:40:20 +01:00
Tom Hughes
e4ce1c5f2f Check that the permission is non-zero 
Fixes #3241
 2021-07-01 16:35:29 +01:00
Tom Hughes
ef092045e0 Fix some broken translation lookups 2021-06-29 19:14:50 +01:00
Tom Hughes
b4a1e41968 Switch web site to use OAuth 2 2021-06-27 19:00:36 +01:00
Tom Hughes
608aafbf14 Make /api/0.6/permissions work for OAuth 2 clients 2021-06-27 00:38:16 +01:00
Tom Hughes
8d76be71bb Merge remote-tracking branch 'upstream/pull/3177' 2021-06-24 08:43:18 +01:00
Andy Allan
0876ea0bee Refactor terms declined flash message to use a partial 
This allows us to include a link in the flash message, without having
to use html_safe. Also refactor to avoid having html angle brackets in
the translation strings, while still allowing locale-specific urls.
 2021-06-23 20:11:19 +01:00
Andy Allan
24f6aeda6a Use hash-based flash objects to render complex flash messages 
Since flash objects can only be String, Hash or Array (notably excluding SafeBuffers), then this approach is necessary to render complex html in a safe manner.

Each local can be treated as an (unsafe) string, and therefore escaped normally when rendered into the template. The template (and translation strings) can
contain html since they are no longer stored in the flash as a plain string.

Fixes #3215
 2021-06-23 20:10:55 +01:00
Tom Hughes
d02b8d9f1e Merge remote-tracking branch 'upstream/pull/3226' 2021-06-16 18:07:38 +01:00
Tobias Jordans
f4e998804d Traces#index: Introduce tab navigation, fix tag-filter 
- introduce bootstrap tabs to switch the views
- introduce `content_for :heading_class` to remove the padding below the bootstrap tabs
- update the rss-image to use a svg, adopted from https://icons.getbootstrap.com/icons/rss/ (without the outer border)
- move rss- and new-button away from the view-switching actions
- the `@tag` logic was broken. introduce new link to remove the tag-filter; the tabs keep the filter once given; use params[:tag] directly in the view
- use `&.` syntax nil-safety so we can remove `@display_name`
 2021-06-16 15:55:55 +01:00
Andy Allan
4e45f3a76f Fix the email address that's suggested for whitelisting 
Refs #3215
 2021-06-16 15:37:40 +01:00
Andy Allan
63c82ed72f Set updated_by when resolving issues 
Refs #3211
 2021-06-09 15:47:31 +01:00
Tom Hughes
b96f3867e6 Allow OAuth 2 authorizations to redirect to anywhere 2021-05-18 12:12:36 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
bf851691bf Fix deprecation warnings 2021-05-12 18:49:21 +01:00
Tom Hughes
84c601460f Add rate limiting to user friendships 2021-05-11 12:10:36 +01:00
Andy Allan
28af501924 Merge branch 'pull/3164' 2021-04-14 16:13:29 +01:00
Andy Allan
6bb18436a3 Add tests for routing and to ensure output format 
This avoids the tests passing if the json output is an array of kv pairs,
instead of the desired hash of attributes.
 2021-04-14 16:11:57 +01:00
Andy Allan
094d6c8bb9 Move confirmation methods into ConfirmationsController 2021-04-07 16:05:32 +01:00
Andy Allan
7a66c6d4eb Split password reset functionality into PasswordsController 2021-04-07 16:05:28 +01:00
Michal Migurski
a67ff9c038 Added JSON support to user preferences 2021-04-06 21:27:54 -07:00
Tom Hughes
e0d501f832 Don't allow deleted users to be confirmed 2021-04-01 17:28:03 +01:00
Tom Hughes
25510b6616 Add additional limits on sending messages 
Additional limits apply to new accounts and accounts with
unresolved issues reported against them.

Fixes #3135
 2021-03-31 22:40:34 +01:00
Tom Hughes
bf3743f190 Add missing callbacks to session controller 2021-03-29 20:36:07 +01:00
Andy Allan
f18baae22e Refactor login/logout into sessions controller 
Certain controller methods are shared with oauth-based logins, and these have been
moved to a concern.
 2021-03-24 11:32:46 +00:00
Tom Hughes
4c2e4de5c0 Handle errors checking for gravatars 2021-03-21 10:24:53 +00:00
Tom Hughes
93b8c47c8f Reject referers that do not include an absolute path 2021-03-16 11:07:34 +00:00
Tom Hughes
afb22209bf Allow form submission to any location from the login page 
This allows openid login to work on browsers like chrome that enforce
the form-action rule for redirect POST requests.

Fixes #3131
 2021-03-14 10:18:32 +00:00
Andy Allan
38ad8fbc36 Use login_path instead of explicit controller and actions 
This makes future refactoring easier.
 2021-03-10 14:31:55 +00:00
Tom Hughes
2233edbcfa Use a 307 Temporary Redirect to redirect to authentication 
When the user wants to enable an external authenticator we need
to redirect to omniauth but that now needs to be a POST so use a
redirect that preserves the POST method.

Fixes #3114
 2021-03-03 09:27:33 +00:00
Tom Hughes
ff3a30d245 Fix new rubocop warnings 2021-03-02 08:24:15 +00:00
Tom Hughes
1f136a84a6 Prevent CSRF bypass with login form 2021-02-10 20:39:23 +00:00
Tom Hughes
51af102c00 Prevent CSRF bypass with password reset form 2021-02-09 23:00:21 +00:00
mmd-osm
c49e400aa3 Prevent CSRF bypass unblocking users 2021-02-09 20:39:04 +00:00
Tom Hughes
7810734ac4 Prevent CSRF bypass updating account details 
Fixes #3089
 2021-02-08 12:24:43 +00:00