cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15118 commits 4 branches 1 tag 499 MiB
Commit graph

2273 commits

Author SHA1 Message Date
Anton Khorev
6624beff11 Move diary comments index action to comments controller 2024-06-10 16:32:53 +03:00
Anton Khorev
ebaae09797 Fully encode wikipedia tag values 2024-06-08 15:59:30 +03:00
Anton Khorev
24c138ac8d Ensure that Open Graph image url is absolute 2024-06-06 18:01:23 +03:00
Anton Khorev
a73e20cd5c Set Open Graph image to first image for diary entries 2024-06-06 17:28:57 +03:00
Anton Khorev
c7353c9ac1 Add image method to get first image from rich text 2024-06-06 17:09:21 +03:00
Anton Khorev
5add2d7e1d Reload only changeset element subpages 2024-06-03 14:16:09 +03:00
Anton Khorev
b072c2935f Add titles to changeset element page links 2024-06-03 14:07:23 +03:00
Anton Khorev
5a22464224 Don't include language prefix in wikipedia links 2024-06-01 04:56:57 +03:00
Tom Hughes
15e86708f1 Merge remote-tracking branch 'upstream/pull/4847' 2024-05-30 16:20:54 +01:00
Milan Cvetkovic
15623aa35a Social sign-in: avoid re-authorization in users_controller#create 
It does not add any additional guards against malicious users:

Malicious user may attempt to invoke `POST /users/new` with bogus
values for `auth_provider` and `auth_uid` resulting
with a new account to which user would have a way to login, other than
sending a password reset request.

In some cases, re-authorization would introduce additional
"Please login to your social account", or "Are you sure you want to be logged in"
popup triggered by identity provider.

This PR removes the re-authorization request from `POST /users/new` in authorization flow.
 2024-05-30 05:43:45 +00:00
Andy Allan
0bbfe922ea Test the versions and capabilities api in various statuses 
These both need to keep working, even when the rest of the api is
unavailable, since that's how we communicate that status with the
api clients.
 2024-05-29 14:51:47 +01:00
Tom Hughes
514836a497 Merge remote-tracking branch 'upstream/pull/4795' 2024-05-19 19:21:45 +01:00
Hidde Wieringa
036c87b355
OpenID connect icons to SVG 
re-add whitespace

trigger CI

revert size attribute
 2024-05-16 21:16:28 +02:00
Tom Hughes
334c856021 Test unicode values in user preference keys and values 2024-05-16 17:51:33 +01:00
Andy Allan
ffda8d7ac5
Merge pull request #4680 from tomhughes/validate-page-numbers 
Add parameter validation to pagination
 2024-05-15 17:43:04 +01:00
Anton Khorev
822466c6c6 Add warnings when creating notes anonymously 2024-05-14 19:42:59 +03:00
Anton Khorev
d9e650fde1 Use inline svgs for user role icons 2024-05-07 15:51:23 +03:00
Tom Hughes
0b18937384 Merge remote-tracking branch 'upstream/pull/4757' 2024-05-06 11:15:12 +01:00
Anton Khorev
f418d0bbb4 Simplify message paths in tests 2024-05-06 12:37:57 +03:00
Tom Hughes
b625eefdeb Merge remote-tracking branch 'upstream/pull/4455' 2024-05-06 09:15:03 +01:00
Tom Hughes
51d778097f Merge remote-tracking branch 'upstream/pull/4753' 2024-05-05 18:54:57 +01:00
Anton Khorev
926788ff9a Remove tests for message paths without ids 
These tests don't fail because they reuse ids from previous requests.
 2024-05-05 17:14:37 +03:00
Anton Khorev
5da2957591 Redirect to inbox after marking a message as read/unread disregarding referer 
Avoids staying on the message page after the "Mark as unread" button is clicked and immediately reading the message again.
 2024-05-05 15:32:47 +03:00
Anton Khorev
4c21a09b32 Rename unread_message to message in messages controller test 
There's only one message in the affected test methods. That message becomes read during the test.
 2024-05-05 15:21:09 +03:00
Tom Hughes
b3759c0d58 Merge remote-tracking branch 'upstream/pull/4747' 2024-05-02 17:52:45 +01:00
Anton Khorev
15e1459f25 Link to previous/next nonempty user's changeset on changeset pages 2024-05-01 15:02:59 +03:00
Anton Khorev
f554e14b7f Use common sidebar_browse_check in notes controller test 2024-05-01 13:21:24 +03:00
Anton Khorev
eaacfbb911 Restore constraints on note id parameter 2024-05-01 13:17:14 +03:00
Milan Cvetkovic
4965c19b7a Re-introduce additional round trip for verifying auth_provider 2024-04-29 11:32:54 +00:00
Milan Cvetkovic
c486dd5532 Rename verified_email to email_hmac parameter in /users/new 2024-04-29 11:32:54 +00:00
Milan Cvetkovic
9649b192c0 Add preferred provider social signup 
- Add preferred provider for authorization to login and signup pages.
  To use, the 3rd party application would have to add `preferred_provider=...`
  parameter to OAuth2 authorization request.
- Resize 3rd party provider icons
- Add "login to authorize" heading to login and signup screens
 2024-04-29 11:32:54 +00:00
Anton Khorev
acac5fcc89 Use .align-text-bottom for feed icon images 2024-04-28 02:07:53 +03:00
Anton Khorev
a2e7b5db56 Remove border=0 from feed icons 2024-04-28 02:02:15 +03:00
Milan Cvetkovic
0c7c950149 Add social signin buttons to signup screen, avoid repeating round trip to auth provider. 2024-04-27 12:44:10 +01:00
Milan Cvetkovic
f8a606869e Remove email confirmation field in signup form 2024-04-27 12:44:09 +01:00
Milan Cvetkovic
1276fb944a Merge login and terms screens, assume TOU and contributor terms are accepted on /user/new form 
This eliminates the need for "terms" screen after /user/new form..
Terms screen is still required for legacy users who never accepted the terms.
 2024-04-27 12:44:09 +01:00
Tom Hughes
f99d7374a9 Merge remote-tracking branch 'upstream/pull/4703' 2024-04-23 17:20:08 +01:00
Tom Hughes
a34fa95af4 Fix rubocop warning 2024-04-21 19:07:16 +01:00
Tom Hughes
43db18ae91 Merge remote-tracking branch 'upstream/pull/4708' 2024-04-21 18:54:16 +01:00
Josh Thompson
130a2ed7c1 calculate hash once per test run, per thread 2024-04-18 18:07:03 -06:00
Josh Thompson
4cac6b0354 unburden call for User fabrication 
Speeds up tests rather nicely, derived via trial and error
reasonably confident that this is nice. overheard it mentioned by Vladimir
Dementyev in a Codewithjason podcast, so when my intuition already led me
to the user factory, I figured 'on principle/correctness, I should at least
look at what happens if we sidestep the native hashing library, because it's
something i was already curious about.
 2024-04-17 14:03:52 -06:00
Anton Khorev
fdd596bd60 Remove .inbox-row and use .table-success instead of .inbox-row-unread 2024-04-16 00:44:53 +03:00
Anton Khorev
ea47f9bc68 Test rows inside messages table body 2024-04-16 00:44:53 +03:00
Tom Hughes
d8b468e7a1 Add validation for maximum ID passed to changesets#index 2024-04-11 10:08:20 +01:00
Tom Hughes
e3c43e4a1a Add validation for before/after parameters to pagination concern 2024-04-11 10:08:20 +01:00
Tom Hughes
5d887a37bf Add validation for page number passed to notes#index 2024-04-11 10:08:20 +01:00
Tom Hughes
feff501b25 Add framework for parameter validation using rails_param gem 2024-04-11 10:08:20 +01:00
Anton Khorev
98ad72c6eb Force body background on avatars 2024-04-10 04:36:16 +03:00
Anton Khorev
33ff4fbd06 Use avatar.svg on osm web pages 2024-04-10 04:16:54 +03:00
Anton Khorev
5cb04d5ee0 Use secondary text color in header menu 2024-04-08 17:40:01 +03:00