cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15143 commits 4 branches 1 tag 499 MiB
Commit graph

63 commits

Author SHA1 Message Date
gobinathal
2d8feb6d79 Remove hardcoded rate limit value 
Name is chosen to match the equivalent setting in the configuration
of the rate limits for edits.

Fixes #4427.
 2024-11-07 18:33:53 +00:00
Tom Hughes
973d62a25e Drop support for basic authentication 2024-09-02 19:00:57 +01:00
Tom Hughes
17bc0853a0 Drop support for OAuth 1 2024-09-01 03:43:02 +03:00
Milan Cvetkovic
0db47f3f76 Add Messages API 
as discussed in [Issue #4509](https://wiki.openstreetmap.org/w/index.php?title=Messaging_API_proposal)
and documented in [Messaging API reference](https://wiki.openstreetmap.org/w/index.php?title=Messaging_API_proposal)
 2024-07-29 10:42:38 +00:00
Tom Hughes
f61ac2586f Add support for per-user limits on the size of changes that can be made 2024-06-19 00:46:34 +01:00
Andy Allan
ad4ab4603b
Merge pull request #4496 from tomhughes/disabled-auth-error 
Return an error when a disabled authentication mechanism is used
 2024-05-15 16:33:33 +01:00
Tom Hughes
741ed58838 Add a limit on the number of points in a GPS trace 2024-02-25 09:50:02 +00:00
Tom Hughes
519c13d4cd Allow OAuth 1.0a to be disabled 2024-02-25 08:56:09 +00:00
Tom Hughes
31659bedbe Allow registration of OAuth 1.0 applications to be disabled 2024-01-31 19:18:16 +00:00
Anton Khorev
dfe299eff9 Add user account deletion delay setting 2023-11-22 16:15:59 +03:00
Tom Hughes
2f11b77309 Add support for per-user limits on the rate changes can be made 2023-11-02 08:59:57 +00:00
Tom Hughes
c8fc2218e5 Merge remote-tracking branch 'upstream/pull/4226' 2023-10-03 19:39:41 +01:00
Milan Cvetkovic
64bcf7652b Add openid connect support using doorkeeper-openid_connect gem 
... as discussed in [Issue 507](https://github.com/openstreetmap/operations/issues/507)
and described by @mmd-osm.

To activate, set the value of `doorkeeper_signing_key` to RSA private key.

Allows using openstreetmap as an identity provider.

Adds `openid` scope to OAuth2 authorizations, required to login to OSM.

Currently, the only claims returned are:
 - "openid" scope: "sub" and "preferred_username"
 - "read_email" scope: "email"
 2023-10-03 18:53:47 +01:00
Andy Allan
0a046673d6
Merge pull request #4201 from AntonKhorev/issues-limit-settings 
Move max value of issues counter to settings
 2023-09-27 15:47:44 +01:00
Paul Norman
00d085ed5d
Add Tracestrack Topo as featured layer 2023-09-19 22:16:42 -07:00
Anton Khorev
963b8f43f1 Change issue count logic from (n-1)+ to n+ 2023-09-01 08:05:01 +03:00
Anton Khorev
fff98f2afb Move max value of issues counter to settings 2023-09-01 07:14:45 +03:00
Tom Hughes
e210b4efbf Improve naming of changeset comment rate limit settings 2023-08-30 18:25:06 +01:00
Andy Allan
a1657f03a8
Merge pull request #4202 from tomhughes/changeset-comment-limit 
Add rate limiting for changeset comments
 2023-08-30 11:12:40 +01:00
Tom Hughes
a274726f46 Add rate limiting for changeset comments 
Fixes #4196
 2023-08-25 19:53:04 +01:00
Tom Hughes
63bf18a3c3 Add support for rate limiting signup requests 2023-08-22 18:45:17 +01:00
Tom Hughes
2a1689f962 Merge remote-tracking branch 'upstream/pull/4169' 2023-08-20 11:04:28 +01:00
Milan Cvetkovic
ad164d384e Change provider name to "microsoft" 2023-08-20 10:19:30 +01:00
Anton Khorev
bc9f081841 Move note query limit values to settings 2023-08-19 05:06:00 +03:00
Milan Cvetkovic
7428da74c2 Use omniauth-microsoft_graph instead of omniauth-windowslive 
Omniauth-microsoft_graph correctly populates 'email' and 'name' fields used by OpenStreetMap.
It also  uses updated endpoints for Microsoft identity provider.

Use email address returned by microsoft_graph provider as a verified address.

Upgrading exisiting users from windowslive to microsoft_graph:
 - upon next login existing `windowslive` users will have to authorizei
   OpenStreetMap application to "Read Your Profile," required for proper reading
   of display name field.

The name of the identity provider in OSM is kept to 'windowslive':
 - the entries in users table with `provider == 'windowslive'`
   can be reused for microsoft_graph provider, since
   the uid field is preserved. Users will not need to repeat the sign up process.
 - OAuth2 callback is still `/auth/windowslive`, no updates to Microsoft Identity Provider portal
   App registration are necessary.
 2023-08-17 13:01:15 +00:00
Anton Khorev
a5d14a1815 Move changeset query limit values to settings 2023-08-08 03:33:04 +03:00
Tom Hughes
1c420158f6 Remove default imagery blacklist 2023-07-13 20:14:13 +01:00
Pavel Zbytovský
b78bdd0b70
Block mapy.cz as non-approved imagery 
Issue: https://github.com/openstreetmap/openstreetmap-website/issues/4085
 2023-07-13 19:04:24 +02:00
Richard Fairhurst
b7887b049f Remove Geonames and geocoder.ca 2023-01-09 21:23:48 +00:00
Christian Beiwinkel
85f627c5c2 added valhalla routing engine 2022-12-16 17:05:36 +01:00
Tom Hughes
a9063f8369 Allow credentials to be sent with overpass calls 2022-10-13 19:12:25 +01:00
Tom Hughes
e9f62a8c30 Rename piwik to matomo and merge configuration into settings 2022-08-01 22:42:04 +01:00
Tom Hughes
0ae438a5c1 Add a configuration option to disable HTTP basic authentication 2022-07-08 17:25:20 +01:00
Tom Hughes
16210d9f4f Rename id_oauth_application to id_application in settings 2022-06-08 13:28:07 +01:00
Martin Raifer
c55d346d5f
Update to iD v2.21.0 
major changes in this release:
* dropped support for Internet Explorer 11
* switched authentication to OAuth 2

for further changes please refer to https://github.com/openstreetmap/iD/blob/release/CHANGELOG.md#2210
 2022-06-03 15:32:27 +02:00
hlfan
73f0be9647
variant B 
Reducing regex complexity and broadening the domain match
 2022-04-09 22:28:01 +02:00
hlfan
29c199d581
google imagery blacklist entry update 
Updated google imagery blacklist entry to include the pb implementation of the vt endpoint for URLs like these:
https://www.google.at/maps/vt?pb=!1m4!1m3!1e{z}!2i{x}!3u{y}!2m2!1e1!2sm!3b0
 2022-03-26 02:02:32 +01:00
Tom Hughes
92b122759f Remove support for legacy trace files 2022-03-03 19:47:40 +00:00
Tom Hughes
28900676f3 Default to allowing TLS for SMTP but without peer verification 2022-02-17 00:54:11 +00:00
Andy Allan
2fabc46421
Merge pull request #3440 from mmd-osm/relationmemberlimit 
Introduce relation member limit
 2022-02-16 14:58:30 +00:00
Tom Hughes
1612ea75c5 Allow trace image URL to be configured in the CSP policy 2022-02-13 19:25:42 +00:00
mmd-osm
2efd73c672 Introduce relation member limit 
Adds a new parameter `max_number_of_relation_members` in settings.yml
 2022-02-02 13:15:40 +01:00
Tom Hughes
0410596908 Switch traces to use ActiveStorage 2021-12-16 18:45:31 +00:00
Tom Hughes
ef85e8c7b3 Make the storage service to use for avatars configurable 2021-12-16 18:45:31 +00:00
Andy Allan
3aa8292d6d Drop the trace_use_job_queue option 
This has been set as true by default, and in production, for many
years. I don't think there's much use in keeping the setting around
any longer.
 2021-11-24 15:23:27 +00:00
Tom Hughes
b4a1e41968 Switch web site to use OAuth 2 2021-06-27 19:00:36 +01:00
Tom Hughes
84c601460f Add rate limiting to user friendships 2021-05-11 12:10:36 +01:00
Simon Poole
37df9af7f7
Remove GL and SH cantonal WMS servers from black list 
The previously restrictively licensed material is now available on relatively open terms directly from swisstopo per 1. March 2021, so these entries can be removed.
 2021-03-13 20:25:43 +01:00
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Andy Allan
7b0de13c61 Allow smtp settings to be configured through the settings system 
This allows easier configuration using the settings.local.yml files

Fixes #2571
 2020-11-25 16:12:49 +00:00