cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11776 commits 4 branches 1 tag 499 MiB
Commit graph

11776 commits

This branch
This branch
All branches
Author SHA1 Message Date
translatewiki.net
36dd599507 Localisation updates from https://translatewiki.net. 2022-01-24 13:12:09 +01:00
translatewiki.net
0afae71af6 Localisation updates from https://translatewiki.net. 2022-01-20 13:11:20 +01:00
Tom Hughes
3a534ea895 Merge remote-tracking branch 'upstream/pull/3426' 2022-01-19 18:19:10 +00:00
Andy Allan
722b9d27be Allow blank issue templates 
This was originally intended in #3397 and I'm not sure why I set this
to false.
 2022-01-19 16:14:03 +00:00
Tom Hughes
c59471842f Merge remote-tracking branch 'upstream/pull/3420' 2022-01-18 19:03:32 +00:00
Tom Hughes
38613c0283 Update bundle 2022-01-18 08:12:14 +00:00
Tom Hughes
c59604b75e Merge remote-tracking branch 'upstream/pull/3425' 2022-01-18 08:10:59 +00:00
dependabot[bot]
0dc14b6e79
Bump eslint from 8.6.0 to 8.7.0 
Bumps [eslint](https://github.com/eslint/eslint) from 8.6.0 to 8.7.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.6.0...v8.7.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-17 23:00:46 +00:00
translatewiki.net
c0291f4025 Localisation updates from https://translatewiki.net. 2022-01-17 13:11:06 +01:00
Tom Hughes
988d7cd90d Remove form_action restrictions for sessions#login 
Login may redirect to ouath2_authorizations#create which may then
redirect to arbitrary schemes if the application is already authorized
so we need to allow login to redirect to any scheme.

Fixes #3424
 2022-01-17 11:01:07 +00:00
Tom Hughes
ff995e7ea3 Restore form_action restrictions for ouath2_authorizations#create 2022-01-17 11:00:41 +00:00
Tom Hughes
707ebddbb5 Remove form_action restrictions for ouath2_authorizations#create 
Fixes #3424
 2022-01-17 09:33:28 +00:00
translatewiki.net
2a82bd1cf1 Localisation updates from https://translatewiki.net. 2022-01-13 13:10:10 +01:00
Nick Doiron
a4f601b114
rm spaces 2022-01-12 19:16:09 -05:00
Nick Doiron
e9522b0205
add dir="auto" to search fields 
Improves right-to-left text input support
 2022-01-12 19:06:18 -05:00
Tom Hughes
16434ef1ba Merge remote-tracking branch 'upstream/pull/3418' 2022-01-12 18:23:53 +00:00
Andy Allan
1a11c4dc19 Use a state machine for user status 
The user status is a bit complex, since there are various states and
not all transitions between them make sense.

Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
 2022-01-12 18:16:14 +00:00
Tom Hughes
13c70d3195 Merge remote-tracking branch 'upstream/pull/3416' 2022-01-12 18:15:46 +00:00
Andy Allan
4436099e31 Remove params from user deletion test 
They have no effect, and are likely a copy-paste error from when
the test was first written in 39a54f8c14
 2022-01-12 16:45:58 +00:00
dependabot[bot]
98d6d7c10d
Bump qs from 6.10.2 to 6.10.3 
Bumps [qs](https://github.com/ljharb/qs) from 6.10.2 to 6.10.3.
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.10.2...v6.10.3)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-11 23:00:52 +00:00
Tom Hughes
786f28993a Switch github URLs to use https 
Fixes #3415
 2022-01-11 21:16:11 +00:00
Tom Hughes
d6da1499fc Avoid putting ActionController::Parameters objects in the session 2022-01-11 19:43:43 +00:00
Tom Hughes
6be336db00 Update bundle 2022-01-11 19:43:36 +00:00
Tom Hughes
6403515897 Replace to_s on TimeWithZone objects with to_formatted_s 2022-01-10 18:59:22 +00:00
translatewiki.net
b676aa76c5 Localisation updates from https://translatewiki.net. 2022-01-10 13:09:11 +01:00
Tom Hughes
8dc5dfe00c Update bundle 2022-01-10 08:05:09 +00:00
Tom Hughes
24d605f567 Merge remote-tracking branch 'upstream/pull/3411' 2022-01-06 15:34:30 +00:00
Andy Allan
2f6a87e443 Use assert_link instead of assert page.has_link? 
This leads to better error messages if the test fails
 2022-01-06 15:04:03 +00:00
Tom Hughes
2927c6b6be Merge remote-tracking branch 'upstream/pull/3410' 2022-01-06 13:25:42 +00:00
Andy Allan
d257c21740 Use assert_content instead of assert page.has_content? 
The assert_content comes from capybara, and gives a much more helpful
error message if the test fails.
 2022-01-06 13:16:47 +00:00
translatewiki.net
89d9690982 Localisation updates from https://translatewiki.net. 2022-01-06 13:08:27 +01:00
Andy Allan
0100cfe304 Use factory_bot to build new model objects 2022-01-06 10:46:38 +00:00
Andy Allan
88cf03ff00 Use factorybot to build user objects 
This allows us to only specify attributes of interest in the test.
 2022-01-05 20:29:12 +00:00
Tom Hughes
dcaf21602c Merge remote-tracking branch 'upstream/pull/3409' 2022-01-05 18:40:13 +00:00
Tom Hughes
8e8f6ef990 Attempt to avoid polynomial time matches on user supplied data 2022-01-05 18:38:15 +00:00
Andy Allan
4bed9c12a0 Fix display of suspension message when a user is suspended mid-session 
Without the ability defined, the user is still logged out, but then
the deny_access check redirects to the login page. The re-login attempt
would then fail anyway, with an error message, but let's fix the abilities
and use the intended page.
 2022-01-05 18:21:42 +00:00
Tom Hughes
8dc91ce6a6 Re-enable the Performance/StringIdentifierArgument cop 2022-01-04 19:10:16 +00:00
Tom Hughes
351479ac90 Update bundle 2022-01-04 19:05:13 +00:00
Tom Hughes
b300c03b99 Merge remote-tracking branch 'upstream/pull/3408' 2022-01-04 12:02:16 +00:00
Tom Hughes
d2337810a3 Remove redundant OpenID URL expansion code 
It was only used for Google who have long since dropped OpenID support.
 2022-01-04 12:02:02 +00:00
dependabot[bot]
b39e75c303
Bump eslint from 8.5.0 to 8.6.0 
Bumps [eslint](https://github.com/eslint/eslint) from 8.5.0 to 8.6.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.5.0...v8.6.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-03 23:00:41 +00:00
translatewiki.net
059e3beb50 Localisation updates from https://translatewiki.net. 2022-01-03 13:08:20 +01:00
Tom Hughes
7de3143525 Switch to 6.1 defaults as everything has been enabled for some time 2021-12-30 19:55:13 +00:00
translatewiki.net
7ee496030b Localisation updates from https://translatewiki.net. 2021-12-30 13:09:01 +01:00
Tom Hughes
4549de5f32 Test redirect from settings page to OmniAuth 2021-12-29 18:29:38 +00:00
Tom Hughes
fea1b5b88d Fix new rubocop warnings 2021-12-28 19:47:51 +00:00
Tom Hughes
c6587706e6 Update bundle 2021-12-28 18:25:02 +00:00
translatewiki.net
905ac93427 Localisation updates from https://translatewiki.net. 2021-12-27 13:09:57 +01:00
Tom Hughes
b0288b83bb Allow PATCH for OmniAuth requests 
This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.

As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.
 2021-12-27 10:34:24 +00:00
translatewiki.net
f1e0212af3 Localisation updates from https://translatewiki.net. 2021-12-23 13:09:28 +01:00