cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12910 commits 4 branches 1 tag 499 MiB
Commit graph

2201 commits

Author SHA1 Message Date
Michal Migurski
a67ff9c038 Added JSON support to user preferences 2021-04-06 21:27:54 -07:00
Tom Hughes
e0d501f832 Don't allow deleted users to be confirmed 2021-04-01 17:28:03 +01:00
Tom Hughes
25510b6616 Add additional limits on sending messages 
Additional limits apply to new accounts and accounts with
unresolved issues reported against them.

Fixes #3135
 2021-03-31 22:40:34 +01:00
Tom Hughes
bf3743f190 Add missing callbacks to session controller 2021-03-29 20:36:07 +01:00
Andy Allan
f18baae22e Refactor login/logout into sessions controller 
Certain controller methods are shared with oauth-based logins, and these have been
moved to a concern.
 2021-03-24 11:32:46 +00:00
Tom Hughes
4c2e4de5c0 Handle errors checking for gravatars 2021-03-21 10:24:53 +00:00
Tom Hughes
93b8c47c8f Reject referers that do not include an absolute path 2021-03-16 11:07:34 +00:00
Tom Hughes
afb22209bf Allow form submission to any location from the login page 
This allows openid login to work on browsers like chrome that enforce
the form-action rule for redirect POST requests.

Fixes #3131
 2021-03-14 10:18:32 +00:00
Andy Allan
38ad8fbc36 Use login_path instead of explicit controller and actions 
This makes future refactoring easier.
 2021-03-10 14:31:55 +00:00
Tom Hughes
2233edbcfa Use a 307 Temporary Redirect to redirect to authentication 
When the user wants to enable an external authenticator we need
to redirect to omniauth but that now needs to be a POST so use a
redirect that preserves the POST method.

Fixes #3114
 2021-03-03 09:27:33 +00:00
Tom Hughes
ff3a30d245 Fix new rubocop warnings 2021-03-02 08:24:15 +00:00
Tom Hughes
1f136a84a6 Prevent CSRF bypass with login form 2021-02-10 20:39:23 +00:00
Tom Hughes
51af102c00 Prevent CSRF bypass with password reset form 2021-02-09 23:00:21 +00:00
mmd-osm
c49e400aa3 Prevent CSRF bypass unblocking users 2021-02-09 20:39:04 +00:00
Tom Hughes
7810734ac4 Prevent CSRF bypass updating account details 
Fixes #3089
 2021-02-08 12:24:43 +00:00
Tom Hughes
bc233420dd Allow form post to third party authentication providers 2021-02-06 11:10:14 +00:00
Tom Hughes
66b5e85845 Merge remote-tracking branch 'upstream/pull/3078' 2021-02-03 14:48:24 +00:00
mmd-osm
4e6d729529 Remove /api/0.6/changes endpoint 
Also removes sql functions which are only used by this endpoint
 2021-02-03 14:06:34 +00:00
Tom Hughes
5912a8011b Update to Omniauth 2.x 
This requires converting all use of the /auth endpoints
to use the POST method as GET is no longer supported.
 2021-02-02 19:49:03 +00:00
Tom Hughes
812f5b44e8 Redirect after saving settings in case the username has changed 
Fixes #3059
 2021-01-19 18:57:34 +00:00
Tom Hughes
0654be27f9 Fix new rubocop warnings 2021-01-11 19:17:31 +00:00
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Andy Allan
4f304e2301 Remove SystemTimer and use stdlib Timeout directly 
SystemTimer was only needed on ruby 1.8, and we dropped support for
that a long time ago.
 2020-12-23 14:25:58 +00:00
Tom Hughes
88ba316abe Merge remote-tracking branch 'upstream/pull/2999' 2020-12-09 14:51:04 +00:00
Sarah Hoffmann
a7b95e2a63 Improve guessing of labels for Nominatim results 
This adapts to two changes in place handling by Nominatim:

* Place links that are computed by Nominatim are now found in
  extratags['linked_places']. Keep the check for extratags['place']
  as this may contain an explicitly mapped place label.
* Use address rank for guessing the admin level. This gets normalised
  by Nominatim with respect to country-specific use of admin_level.

Also adds additional labels for admin levels, so that we now have
complete coverage for all levels that are in use in OSM.
 2020-12-01 22:52:40 +01:00
Tom Hughes
582402ba8f Prefer keyword arguments when method has optional boolean arguments 2020-11-13 10:22:55 +00:00
Andy Allan
78b9d92207 Prefer keyword arguments when method has optional boolean arguments 2020-11-12 11:24:44 +00:00
Andy Allan
e6d7da3a62 Preload traces for the selected points 
It doesn't make a huge difference, since rails caches all the results
of the queries generated by point.trace lookups, but at least it cuts
down on the logs.
 2020-11-11 17:52:33 +00:00
Andy Allan
a15a3744da Use point.trace instead of an additional gpx_file variable 
Every point knows which trace it's associated with, so there's no
need to search for it separately
 2020-11-11 17:51:52 +00:00
Tom Hughes
20ce10a9ef Allow redirects to authentication services from the settings page 
Chrome and Safari require redirects to match the form-action rule
as well as the original submission address.
 2020-10-29 21:29:35 +00:00
Andy Allan
2559226be3 Avoid various uses of html_safe 
We can avoid using `html_safe` in various circumstances, through alternative approaches like i18n keys ending in `_html` or using `safe_join` to avoid converting via unsafe string types.

The `_html` keys approach only work for ActionView helper version of `t`, not the base `I18n.t` method.
 2020-10-21 15:43:14 +02:00
Andy Allan
2c1033f62d Rename Notifier to UserMailer 
It's a convention in rails to name your mailers with a Mailer suffix, and is also common to name the class after the recipient (e.g. User, Admin). So UserMailer seems a reasonable choice.
 2020-10-14 15:04:58 +02:00
Tom Hughes
ddac660f3b Merge remote-tracking branch 'upstream/pull/2839' 2020-09-30 11:54:30 +01:00
Tom Hughes
7db541d697 Invalidate existing sessions when changing email or password 
As we don't have any way to actually find the active sessions for
an account we instead store a fingerprint in the session, and refuse
to use any session with a different fingerprint.
 2020-09-29 14:34:08 +01:00
Tom Hughes
c694c78c9a Delete any outstanding tokens when a user changes their email 
This ensures that any tokens previously sent to the old email address
can no longer be used if somebody were able to access that address.
 2020-09-29 13:47:40 +01:00
Andy Allan
f70ec18989
Merge pull request #2809 from tomhughes/bootstrap 
Convert some more forms to use bootstrap
 2020-09-16 10:43:21 +02:00
Tom Hughes
70c4a750d7 Fix new rubocop warnings 2020-09-16 08:28:25 +01:00
Tom Hughes
18b9b9f14c Fix new rubocop warnings 2020-09-07 07:11:22 +01:00
mmd-osm
0fb725ea61 API User details JSON format 2020-09-06 22:11:23 +02:00
Tom Hughes
21adea321b Convert password reset forms to use bootstrap 2020-09-04 00:36:43 +01:00
Tom Hughes
c2af89c00e Fix rubocop Style/SoleNestedConditional warnings 2020-09-02 18:54:55 +01:00
Tom Hughes
b7432e9432 Handle new rubocop warnings 2020-09-02 07:18:21 +01:00
Tom Hughes
8d34b03232 Only show the "too many messages" error once 
Fixes #2790
 2020-08-23 10:41:39 +01:00
Tom Hughes
abca51e4d8 Fix some Style/StringConcatenation warnings 2020-08-09 19:48:16 +01:00
Tom Hughes
75e135869e Fix Style/ExplicitBlockArgument warnings 2020-08-09 19:06:04 +01:00
Tom Hughes
ea59d95f4a Fix some new rubocop warnings 2020-08-06 22:27:30 +01:00
Tom Hughes
0e2a66e8de Fix new rubocop warnings 2020-08-06 18:42:16 +01:00
Tom Hughes
2d3972249c Fix some rubocop todos 2020-08-02 19:38:58 +01:00
Tom Hughes
f881a8c83c Register warning and error flash types 
Fixes #2743
 2020-08-02 15:53:13 +01:00
Tom Hughes
77f9aec772 Fix some rubocop todos 2020-07-31 22:45:53 +01:00