cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12100 commits 4 branches 1 tag 499 MiB
Commit graph

2097 commits

Author SHA1 Message Date
Tom Hughes
3d0b94abda Merge remote-tracking branch 'upstream/pull/3768' 2022-10-25 19:28:10 +01:00
Tom Hughes
460ed0c844 Fix new rubocop warnings 2022-10-25 19:19:57 +01:00
Anton Khorev
225b260640 Pass min/max lat/lon to notes index rss builder 2022-10-25 13:52:28 +03:00
Anton Khorev
0c8b9eabf3 Pass min/max lat/lon to notes rss feed builder 2022-10-25 13:35:18 +03:00
Robbendebiene
ed1112bcef Allow setting HTTP ACCEPT header for notes API 
Previously the notes API return type could only be specified by appending the file extension like .json or .rss
 2022-09-23 11:40:19 +02:00
Tom Hughes
09263bc4a1 Cancel running queries when a timeout occurs 2022-09-21 22:47:16 +01:00
Tom Hughes
9cd96bd452 Fix new rubocop warnings 2022-09-09 22:45:58 +01:00
Tom Hughes
fa93526f76 Use nominatim_url setting more consistently 2022-09-07 08:45:27 +01:00
Tom Hughes
cd5b793dca Redirect to open issues when an issue is reassigned 2022-08-26 13:49:09 +01:00
Andy Allan
a0d0dee886 Return to issue index if you can't view reassigned issue 
Fixes #3652
 2022-08-24 14:05:19 +01:00
Tom Hughes
e9f62a8c30 Rename piwik to matomo and merge configuration into settings 2022-08-01 22:42:04 +01:00
Tom Hughes
2cbf6062fc Don't try and write directly to the user status 
This causes an exception when processing the authentication callback for
providers like google where we treat the email address as verified.
 2022-07-26 00:52:22 +01:00
Tom Hughes
aa32dba482 Require a logged in user for the iD frame 
The frame will error if the user is not logged in as it wants
to be able to access their OAuth token.
 2022-07-26 00:52:22 +01:00
Tom Hughes
0ae438a5c1 Add a configuration option to disable HTTP basic authentication 2022-07-08 17:25:20 +01:00
Tom Hughes
0c524b2408 Log any use of basic authentication 2022-07-08 17:13:02 +01:00
Tom Hughes
1a4faa4507 There is no need to do setup_user_auth and authorize for the same action 2022-07-08 16:38:51 +01:00
Tom Hughes
35cd8f80cc Restore intended title for GPS trace view 2022-06-19 12:52:47 +01:00
Tom Hughes
40ec4734fb Fix new rubocop warnings 2022-05-16 19:16:53 +01:00
Harry Wood
fcbccb6a44 Report verification render not redirect 
Fix an issue with the report verification, causing it to lose the text of a report if the user fails to fill in a category.

By using a `render` instead of a `redirect_to`, the rails standard verification behaviour works better. It means we also get a nice red "can't be blank" message highlighting the specific missing field.
 2022-05-04 19:42:36 +01:00
Tom Hughes
9c0582f88f Merge remote-tracking branch 'upstream/pull/3523' 2022-04-12 17:12:16 +01:00
Tom Hughes
7f619c6484 Check API status before authorizing access 
Fixes #3530
 2022-04-11 20:47:52 +01:00
Andy Allan
561ee71129 Rubocop autofix: ambiguous operator precedence 
This simply adds braces to clarify which mathematical operator comes
first.
 2022-04-06 14:55:29 +01:00
mmd-osm
4ec85171fd JSON output added to changeset(s) endpoints 2022-03-14 15:52:49 +01:00
Tom Hughes
385272bdae Mark redirects which need to be open with allow_other_host 2022-03-09 22:43:02 +00:00
Tom Hughes
44ac569d28 Merge remote-tracking branch 'upstream/pull/3493' 2022-03-08 20:30:19 +00:00
mmd-osm
c9e836a6cb JSON output added to permissions endpoint 2022-03-08 20:21:35 +01:00
Tom Hughes
5d67fa3908 Fix some Naming/AccessorMethodName rubocop warnings 2022-03-08 19:10:05 +00:00
Tom Hughes
cfb4a70129 Fix Lint/DuplicateBranch rubocop warnings 2022-03-08 19:05:37 +00:00
Tom Hughes
cbcc7dc49f Fix some rubocop Naming/PredicateName warnings 2022-03-03 22:47:55 +00:00
Tom Hughes
b5f06e06c1 Fix rubocop Rails/TimeZone warnings 2022-03-01 22:55:10 +00:00
Tom Hughes
1f8df781be Merge remote-tracking branch 'upstream/pull/3398' 2022-02-16 18:13:16 +00:00
Tom Hughes
53aa7259bb Merge remote-tracking branch 'upstream/pull/3345' 2022-02-13 18:39:21 +00:00
Andy Allan
6c1d73a509 Allow users to delete their own accounts 
This PR allows users to delete their own accounts. The logic implemented matches
that currently used by the admins when they manually close accounts, although
there is room to be more complex in future e.g. completely removing accounts
with no content.

The error handling has been slightly adapted for namespaced controllers, by
anchoring the controller name with a leading forward slash.
 2022-02-09 16:15:24 +00:00
Tom Hughes
446837c351 Merge remote-tracking branch 'upstream/pull/3419' 2022-02-03 18:37:12 +00:00
Andy Allan
2731e7244a Add extra user transitions needed by the administrators 2022-02-02 16:37:50 +00:00
Tom Hughes
988d7cd90d Remove form_action restrictions for sessions#login 
Login may redirect to ouath2_authorizations#create which may then
redirect to arbitrary schemes if the application is already authorized
so we need to allow login to redirect to any scheme.

Fixes #3424
 2022-01-17 11:01:07 +00:00
Tom Hughes
ff995e7ea3 Restore form_action restrictions for ouath2_authorizations#create 2022-01-17 11:00:41 +00:00
Tom Hughes
707ebddbb5 Remove form_action restrictions for ouath2_authorizations#create 
Fixes #3424
 2022-01-17 09:33:28 +00:00
Andy Allan
1a11c4dc19 Use a state machine for user status 
The user status is a bit complex, since there are various states and
not all transitions between them make sense.

Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
 2022-01-12 18:16:14 +00:00
Tom Hughes
d6da1499fc Avoid putting ActionController::Parameters objects in the session 2022-01-11 19:43:43 +00:00
Tom Hughes
8e8f6ef990 Attempt to avoid polynomial time matches on user supplied data 2022-01-05 18:38:15 +00:00
Tom Hughes
d2337810a3 Remove redundant OpenID URL expansion code 
It was only used for Google who have long since dropped OpenID support.
 2022-01-04 12:02:02 +00:00
Tom Hughes
fea1b5b88d Fix new rubocop warnings 2021-12-28 19:47:51 +00:00
Andy Allan
a863be8831 Rename User#delete to User#destroy 
"delete" is generally used for immediate SQL deletion without running
any callbacks or other ruby code, whereas "destroy" will trigger callbacks.

Although we don't currently use any callbacks, let's rename this method to
align better with the convention.
 2021-12-22 11:32:33 +00:00
Tom Hughes
0410596908 Switch traces to use ActiveStorage 2021-12-16 18:45:31 +00:00
Andy Allan
a8e8ba1a64 Refactor the account edit/update pages out into a separate accounts controller 2021-12-08 15:17:50 +00:00
Tom Hughes
1a65c279aa Merge remote-tracking branch 'upstream/pull/3382' 2021-11-25 17:19:26 +00:00
Andy Allan
3aa8292d6d Drop the trace_use_job_queue option 
This has been set as true by default, and in production, for many
years. I don't think there's much use in keeping the setting around
any longer.
 2021-11-24 15:23:27 +00:00
Andy Allan
18c70fa2de Add a user link to the heading of the diary comments page 
Fixes #3369

This makes the heading match the layout of the user's Notes page,
which also has a short heading and a subheading with a link.

Additionally, add a page title, again for consistency
 2021-11-24 10:55:09 +00:00
Tom Hughes
abbd5a30d4 Validate any origin passed the auth failure callback 
Fixes #3375
 2021-11-23 17:33:19 +00:00