cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15741 commits 4 branches 1 tag 499 MiB
Commit graph

256 commits

Author SHA1 Message Date
Andy Allan
aebacc88de
Merge pull request #5514 from AntonKhorev/pd-declaration 
Remove public domain checkbox from signup and terms pages
 2025-02-15 14:03:55 +00:00
Tom Hughes
43f40c5d03 Stop using session flash to communicate with callbacks 2025-02-12 00:09:40 +00:00
Anton Khorev
0b802240df Move api way version test to integration tests 2025-02-10 22:25:22 +03:00
Anton Khorev
1da870fd48 Move api node version test to integration tests 2025-02-10 22:25:21 +03:00
Anton Khorev
9254f0c2be Remove pd checkbox from signup page 2025-01-18 19:17:03 +03:00
Anton Khorev
606b5c1b6a Use resourceful routes for terms view/accept/decline 2025-01-08 22:19:35 +03:00
Anton Khorev
13994ca6ca Use resourceful routes for user new/create actions 2025-01-03 11:45:26 +03:00
Anton Khorev
84f3bd6e91 Move user preferences routes to api namespace 2024-12-20 06:00:54 +03:00
Tom Hughes
60c1ae79d6 Fix warnings about tests with no assertions 2024-09-17 20:39:31 +01:00
Tom Hughes
973d62a25e Drop support for basic authentication 2024-09-02 19:00:57 +01:00
Tom Hughes
17bc0853a0 Drop support for OAuth 1 2024-09-01 03:43:02 +03:00
Anton Khorev
a448c9d0e0 Update block-api integration test to revoke block by editing 2024-08-23 13:11:32 +03:00
Anton Khorev
cff4c63713 Add deactivates_at date to user blocks 
Block deactivation dates that take needs_view-block views into account were derived using updated_at. This was possible because inactive blocks couldn't be edited and their updated_at date wouldn't change. With editing of inactive blocks enabled deactivation date needs to be saved explicitly.
 2024-08-19 14:33:20 +03:00
Milan Cvetkovic
15623aa35a Social sign-in: avoid re-authorization in users_controller#create 
It does not add any additional guards against malicious users:

Malicious user may attempt to invoke `POST /users/new` with bogus
values for `auth_provider` and `auth_uid` resulting
with a new account to which user would have a way to login, other than
sending a password reset request.

In some cases, re-authorization would introduce additional
"Please login to your social account", or "Are you sure you want to be logged in"
popup triggered by identity provider.

This PR removes the re-authorization request from `POST /users/new` in authorization flow.
 2024-05-30 05:43:45 +00:00
Milan Cvetkovic
4965c19b7a Re-introduce additional round trip for verifying auth_provider 2024-04-29 11:32:54 +00:00
Milan Cvetkovic
c486dd5532 Rename verified_email to email_hmac parameter in /users/new 2024-04-29 11:32:54 +00:00
Milan Cvetkovic
0c7c950149 Add social signin buttons to signup screen, avoid repeating round trip to auth provider. 2024-04-27 12:44:10 +01:00
Milan Cvetkovic
f8a606869e Remove email confirmation field in signup form 2024-04-27 12:44:09 +01:00
Milan Cvetkovic
1276fb944a Merge login and terms screens, assume TOU and contributor terms are accepted on /user/new form 
This eliminates the need for "terms" screen after /user/new form..
Terms screen is still required for legacy users who never accepted the terms.
 2024-04-27 12:44:09 +01:00
Anton Khorev
bde2faac58 Remove assert_response when followed by assert_redirected_to 2024-03-03 10:56:50 +03:00
Andy Allan
52f755cb27
Merge pull request #4535 from tomhughes/rails-tokens 
Use rails generated tokens for emails
 2024-02-25 11:32:15 +01:00
Tom Hughes
1b5200b797 Treat github and wikipedia provided emails as confirmed 
Fixes #4270
 2024-02-25 10:04:18 +00:00
Tom Hughes
4dff06a629 Use rails tokens for signup confirmations 2024-02-24 13:53:05 +00:00
Anton Khorev
5411be6750 Test changeset commenting 2024-02-12 01:23:23 +03:00
Anton Khorev
61c32388a9 Test notices of disabled changeset commenting 2024-02-12 01:23:23 +03:00
Tom Hughes
db0a80e563 Test that mismatched passwords are rejected 2024-01-12 17:55:16 +00:00
Tom Hughes
1fd10c0935 Test that signups can be confirmed and can authenticate afterwards 2024-01-12 17:55:16 +00:00
Andy Allan
f22ecd6309 Avoid running integration tests in every locale 
We have over 200 locales, and so this takes a long time. This reduces
time taken from around 200 seconds to 6 to run these tests.
 2023-12-20 11:45:08 +00:00
Tom Hughes
12b4d11d44 Use SecureRandom to generate user tokens 2023-12-04 17:25:57 +00:00
Tom Hughes
3e3873a7c2 Fix test as rails no longer seems to return a body for redirects 2023-10-18 18:26:14 +01:00
Milan Cvetkovic
408f2918d0 Load openid signing key from endpoint during openid connect test 2023-10-03 18:55:10 +01:00
Milan Cvetkovic
2d5acd199b Add test for openid discovery 2023-10-03 18:55:10 +01:00
Milan Cvetkovic
1f62a2b342 Add a test for openid connect support 2023-10-03 18:55:10 +01:00
Tom Hughes
6759130cb3 Test that suspended and deleted users can't use OAuth tokens 2023-08-25 12:10:32 +01:00
Tom Hughes
477f700cfa Logout while testing OAuth 1 token usage 
This ensures we're not accidentally inheriting any session permissions.
 2023-08-25 09:44:25 +01:00
Tom Hughes
b9f9c0f3cc Separate authenticating user from application owner in OAuth 1 tests 2023-08-25 08:51:41 +01:00
Milan Cvetkovic
ad164d384e Change provider name to "microsoft" 2023-08-20 10:19:30 +01:00
Milan Cvetkovic
b3e13eb752 Update tests for microsoft_graph endpoints 2023-08-20 10:17:42 +01:00
Milan Cvetkovic
7428da74c2 Use omniauth-microsoft_graph instead of omniauth-windowslive 
Omniauth-microsoft_graph correctly populates 'email' and 'name' fields used by OpenStreetMap.
It also  uses updated endpoints for Microsoft identity provider.

Use email address returned by microsoft_graph provider as a verified address.

Upgrading exisiting users from windowslive to microsoft_graph:
 - upon next login existing `windowslive` users will have to authorizei
   OpenStreetMap application to "Read Your Profile," required for proper reading
   of display name field.

The name of the identity provider in OSM is kept to 'windowslive':
 - the entries in users table with `provider == 'windowslive'`
   can be reused for microsoft_graph provider, since
   the uid field is preserved. Users will not need to repeat the sign up process.
 - OAuth2 callback is still `/auth/windowslive`, no updates to Microsoft Identity Provider portal
   App registration are necessary.
 2023-08-17 13:01:15 +00:00
Andy Allan
e9e4b10473
Merge pull request #3907 from Dimitar5555/patch-1 
Facelift `offline.html` and use Bootstrap classes for "notifications" under the search bar
 2023-06-14 14:08:38 +01:00
Dimitar
318064b2a7 Facelift offline.html and use Bootstrap classes for "notifications" 
Update site_controller_test.rb

Update site_controller_test.rb

Remove whitespace

Reset Settings.status after test is done

Update test for offline page

Update site_controller.rb

Fix indentation

Update offline controller

Update offline.html.erb

Remove flash CSS classes and fix missed tests

Updated tests

Address most PR comments

Update _flash.html.erb

Update _flash.html.erb

Update edit.html.erb

Update offline.html.erb
 2023-03-26 13:57:51 +03:00
Tom Hughes
2b3133d2e8 Fix new rubocop warnings 2023-02-28 15:20:33 +00:00
Andy Allan
415ac577f3 Remove some old debugging comments 2022-12-21 12:05:15 +00:00
Tom Hughes
f4749eccf1 Test that verified emails from OAuth signups are accepted automatically 2022-07-26 17:33:59 +01:00
Andy Allan
934d81aa55 Bootstrap 5: Replace all form-group classes with mb-3 2022-07-20 14:42:57 +01:00
Tom Hughes
03cad948e3 Fix new rubocop warnings 2022-03-15 19:24:09 +00:00
Harry Wood
02338a80e1 Make oauth register app link into button 
Cosmetic tweak. On the OAuth 1 setting tab, make "Register your app" into a button not a link

Also put the applications in a <ul>
 2022-03-08 15:18:53 +00:00
Tom Hughes
b5f06e06c1 Fix rubocop Rails/TimeZone warnings 2022-03-01 22:55:10 +00:00
Andy Allan
a8e8ba1a64 Refactor the account edit/update pages out into a separate accounts controller 2021-12-08 15:17:50 +00:00
Andy Allan
2b84452222 Remove custom margins on sidebar headings 
Margin-top in particular is best avoided. The removal of some top
margins required a few corresponding changes to add bottom margins
to other features, mostly done by converting bare text strings to
live within paragraphs.
 2021-11-03 18:16:38 +00:00