cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13728 commits 4 branches 1 tag 499 MiB
Commit graph

2007 commits

Author SHA1 Message Date
Andy Allan
cb4f99fef2 Use implicit style for associations with factory overrides 
This matches our usage of implicit style for associations generally,
e.g. `user`.
 2023-09-06 10:20:23 +01:00
Tom Hughes
dc6e30bab6 Merge remote-tracking branch 'upstream/pull/4231' 2023-09-05 17:22:04 +01:00
Tom Hughes
dc54ce7d0a Update argon2 tests for change in library default costs 2023-09-05 17:16:53 +01:00
Anton Khorev
caf49bb25d Show user id on profile pages to moderators and admins 2023-09-05 13:35:08 +03:00
Anton Khorev
7e6de66444 Swap older/newer diary entries buttons 2023-09-04 16:32:54 +03:00
Tom Hughes
be3baea4de Merge remote-tracking branch 'upstream/pull/4222' 2023-09-03 18:54:18 +01:00
Anton Khorev
11df872c3e Add bbox parameter to notes search api 2023-09-03 11:26:05 +03:00
Anton Khorev
0ef4a299bb Check required bbox parameter presence outside of BoundingBox class 2023-09-03 09:47:27 +03:00
Anton Khorev
963b8f43f1 Change issue count logic from (n-1)+ to n+ 2023-09-01 08:05:01 +03:00
Tom Hughes
75bde83a13 Improve testing of changeset comment rate limits 2023-08-30 19:11:08 +01:00
Tom Hughes
e210b4efbf Improve naming of changeset comment rate limit settings 2023-08-30 18:25:06 +01:00
Andy Allan
b595b87c48 Use trace instead of gpx_id in queries 
This makes the queries easier to read.
 2023-08-30 17:08:46 +01:00
Andy Allan
f5db9cbb20 Avoid using _id in queries 
This makes the queries shorter and easier to read.
 2023-08-30 17:08:16 +01:00
Andy Allan
a1657f03a8
Merge pull request #4202 from tomhughes/changeset-comment-limit 
Add rate limiting for changeset comments
 2023-08-30 11:12:40 +01:00
ENT8R
26a092fbf7 Add checks to ensure that the response is empty 2023-08-26 13:01:05 +02:00
ENT8R
bc71737f05 Change tests to expect a successful (empty) response even if the user is not visible anymore 2023-08-26 09:37:06 +02:00
Tom Hughes
a274726f46 Add rate limiting for changeset comments 
Fixes #4196
 2023-08-25 19:53:04 +01:00
Tom Hughes
6759130cb3 Test that suspended and deleted users can't use OAuth tokens 2023-08-25 12:10:32 +01:00
Tom Hughes
477f700cfa Logout while testing OAuth 1 token usage 
This ensures we're not accidentally inheriting any session permissions.
 2023-08-25 09:44:25 +01:00
Tom Hughes
b9f9c0f3cc Separate authenticating user from application owner in OAuth 1 tests 2023-08-25 08:51:41 +01:00
Tom Hughes
7054cea48e Merge remote-tracking branch 'upstream/pull/4190' 2023-08-20 18:49:32 +01:00
Tom Hughes
2a1689f962 Merge remote-tracking branch 'upstream/pull/4169' 2023-08-20 11:04:28 +01:00
Milan Cvetkovic
ad164d384e Change provider name to "microsoft" 2023-08-20 10:19:30 +01:00
Milan Cvetkovic
b3e13eb752 Update tests for microsoft_graph endpoints 2023-08-20 10:17:42 +01:00
Anton Khorev
0bd5838f51 Respond with plaintext when user not found in changeset query 
The response used to be of type xml with empty body, which is not valid xml.
 2023-08-19 20:26:13 +03:00
Anton Khorev
3f6e344e6a Expose note query limit values in api capabilities 2023-08-19 05:40:34 +03:00
Anton Khorev
a654071beb Add missing changeset query limit capabilities test 2023-08-19 05:40:05 +03:00
Anton Khorev
df60444d05 Use max note query limit setting in tests 2023-08-19 05:23:42 +03:00
Anton Khorev
5bdaf0b73b Add JSON output to /api/versions 2023-08-18 05:16:39 +03:00
Tom Hughes
54164f6cc6 Merge remote-tracking branch 'upstream/pull/4171' 2023-08-17 19:07:37 +01:00
Milan Cvetkovic
7428da74c2 Use omniauth-microsoft_graph instead of omniauth-windowslive 
Omniauth-microsoft_graph correctly populates 'email' and 'name' fields used by OpenStreetMap.
It also  uses updated endpoints for Microsoft identity provider.

Use email address returned by microsoft_graph provider as a verified address.

Upgrading exisiting users from windowslive to microsoft_graph:
 - upon next login existing `windowslive` users will have to authorizei
   OpenStreetMap application to "Read Your Profile," required for proper reading
   of display name field.

The name of the identity provider in OSM is kept to 'windowslive':
 - the entries in users table with `provider == 'windowslive'`
   can be reused for microsoft_graph provider, since
   the uid field is preserved. Users will not need to repeat the sign up process.
 - OAuth2 callback is still `/auth/windowslive`, no updates to Microsoft Identity Provider portal
   App registration are necessary.
 2023-08-17 13:01:15 +00:00
Tom Hughes
6982903ae7 Fix predicate method names in the user model 2023-08-15 18:53:14 +01:00
Anton Khorev
1e8cd9bedd Add tests for changeset order + from..to queries 2023-08-15 19:29:05 +03:00
Tom Hughes
e2cb2327f9 Merge remote-tracking branch 'upstream/pull/4144' 2023-08-13 10:50:33 +01:00
Tom Hughes
a1798fe6fb Merge remote-tracking branch 'upstream/pull/4159' 2023-08-13 10:38:58 +01:00
Tom Hughes
3539328d1c Check that the /api/0.6/capabilities.json route is recognised 2023-08-13 10:33:43 +01:00
Tom Hughes
6d74aa2873 Merge remote-tracking branch 'upstream/pull/4158' 2023-08-13 10:00:29 +01:00
Anton Khorev
8c42c39a67 Use Settings.generator string in tests 2023-08-12 19:07:36 +03:00
Anton Khorev
24d6b3c55f Add JSON output to /api/0.6/capabilities 2023-08-12 06:00:46 +03:00
Anton Khorev
0abab48f5d Add order parameter to changeset query api entry point 2023-08-12 03:57:48 +03:00
Anton Khorev
abdce62a03 Add ordered changeset test method 2023-08-12 03:40:52 +03:00
Anton Khorev
41f8607810 Use article html elements for diary posts 2023-08-12 01:40:34 +03:00
Anton Khorev
113c32f65e Remove custom css for OpenID logo 2023-08-10 19:43:54 +03:00
Anton Khorev
665bde6ccd Use max changeset query limit setting in tests 2023-08-08 03:43:35 +03:00
Andy Allan
aceef47cd8
Merge pull request #4106 from tomhughes/diary-paging 
Replace page numbers with ID based selection for diary indexes
 2023-08-02 16:57:26 +01:00
Andy Allan
a56cdd547e
Merge pull request #4125 from tomhughes/oauth-scopes 
Only show granted permissions in the authorized application list
 2023-08-02 15:52:41 +01:00
Andy Allan
9619e699e1
Merge pull request #4107 from tomhughes/diary-visibility 
Allow administrators to see deleted diary entries
 2023-08-02 14:47:05 +01:00
Tom Hughes
c376962c9c Only show granted permissions in the authorized application list 
Fixes #4124
 2023-07-30 20:35:13 +01:00
Tom Hughes
f29ba01eb9 Replace page numbers with ID based selection for diary indexes 2023-07-27 20:37:07 +01:00
Tom Hughes
b57ed0bf23 Improve testing of paged access to trace lists 2023-07-27 20:30:15 +01:00