cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
6971 commits 4 branches 1 tag 499 MiB
Commit graph

271 commits

Author SHA1 Message Date
Tom Hughes
c9d35839be Fix new rubocopy warnings 2015-08-18 20:57:14 +01:00
Tom Hughes
629ae62b73 Require a valid session token to resend a confirmation 
Make user#confirm_resend require a valid token in the session
that matches the requested user, and ensure trying to login as
an unconfirmed user sets such a token.

Fixes #1010
 2015-07-20 21:32:34 +01:00
Tom Hughes
9fdea1c739 Temporary fix to avoid showing emails 2015-07-20 15:07:18 +01:00
Tom Hughes
dd4e766788 Redirect to the login page if auth failure has no origin 2015-04-16 11:16:18 +01:00
Tom Hughes
2111ace158 Prefer username/password to openid_url if both are set 2015-04-16 11:14:57 +01:00
Tom Hughes
eeb9866d50 Add support for Google OAuth2 authentication 
This replaces OpenID authentication, which is going away soon, but
provides an upgrade path where we can migrate users that already have
a Google OpenID setup to the new system transparently.
 2015-04-14 10:08:07 +01:00
Tom Hughes
2af0840ff3 Fix style issues found by new rubocop version 2015-04-14 09:38:24 +01:00
Tom Hughes
f8de0c1811 Ever more tests... 2015-03-08 16:47:35 +00:00
Tom Hughes
15b550182c Yet more tests... 2015-03-02 21:20:01 +00:00
Tom Hughes
dbe165bbb3 Fix some rubocop rails style issues 2015-02-26 00:12:54 +00:00
Tom Hughes
e434cb154c Convert OpenID authentication to generic third party authentication 2015-02-25 01:07:23 +00:00
Tom Hughes
b0150caee6 Convert OpenID authentication to use OmniAuth 2015-02-25 01:07:23 +00:00
Tom Hughes
8e404f3a46 Fix some more rubocop style issues 2015-02-20 20:39:52 +00:00
Tom Hughes
dc2a2c8ebd Standardise on double quoted strings 2015-02-20 19:47:26 +00:00
Tom Hughes
5cbd4038ed Fix rubocop style issues 2015-02-20 08:56:16 +00:00
Tom Hughes
ef7f3d800c Fix most auto-correctable rubocop issues 2015-02-20 08:56:16 +00:00
Thijs Alkemade
17f926fefb Fix two issues with the remember_me_openid button 
1. It didn't work, the code only checked the remember_me button, not
   the remember_me_openid button.

2. It did not have a unique id, making the label next to it not work
   for selecting the checkbox.
 2015-02-01 10:33:45 +00:00
Tom Hughes
046fbdc177 Replace deprecated reset method with restore method 2015-01-11 12:53:06 +00:00
Tom Hughes
360d68ea5c Replace deprecated deliver method with deliver_now 2015-01-11 12:53:06 +00:00
Tom Hughes
f9ae6d252f Drop the slim layout 
The slim layout is not really needed since the redesign as the
pages it was used for in the OAuth flow now have less chrome and
work fine on small screens with the normal layout.

Fixes #689
 2014-02-16 16:03:00 +00:00
Tom Hughes
41e45bad51 Remove the _osm_username cookie and session validation logic 
This was a temporary hack to workaround issues with sessions getting
mixed up at the time of the rails 3.1 upgrade, but logs indicate that
whatever the original problem was it is no longer occurring.
 2013-11-17 21:52:39 +00:00
Tom Hughes
078a9d8ee3 Fix server error when user#reset_password called with no token 2013-10-15 21:27:39 +01:00
Tom Hughes
2dcc6b620e Log details of any signup requests blocked by an ACL 2013-10-02 17:56:23 +01:00
Tom Hughes
a8d65b8dbf Don't redirect from user#terms to login if the user is logged in 2013-09-29 15:43:34 +01:00
Tom Hughes
0e9e6e6f8f Upgrade to http_accept_language 2.x 2013-09-24 20:22:44 +01:00
Tom Hughes
5432409ab6 Avoid singleton serialisation errors 2013-09-21 12:03:53 +01:00
Tom Hughes
f0feca800d Replace attr_accessible with strong parameters 2013-09-21 11:35:46 +01:00
Tom Hughes
ecf8c90e88 Don't bother verifying an email address that hasn't changed 2013-09-09 16:05:16 +01:00
Tom Hughes
26855add38 Rework piwik configuration 2013-08-24 12:54:51 +01:00
John Firebaugh
b825f4826a Fix referer params for welcome page 2013-08-12 13:34:46 -07:00
John Firebaugh
091473602b Handle expired confirmation tokens 2013-08-12 13:34:45 -07:00
John Firebaugh
2fa4225784 Pass editing params through to welcome page 2013-08-12 13:34:44 -07:00
John Firebaugh
2a3bc0a387 Hook up user confirmation page 2013-08-12 13:34:44 -07:00
John Firebaugh
2690342b08 Reduce welcome email to minimal text 
Instead, redirect newly-confirmed users to the welcome
page. If confirmation is not required, redirect immediately
and don't send an email.
 2013-08-12 13:34:40 -07:00
John Firebaugh
849e874dce Refactor user creation actions 
Create a separate #create action that handles POSTs to
/user/new. This simplifies the other actions and ensures
that the URL is /user/new when validation errors occur,
rather than /user/terms.

Fixes #398
 2013-08-01 17:32:40 +01:00
Tom Hughes
3880ac5de8 Replace :nothing => true with :text => "" 
Using `:nothing => true` confusingly actually causes a single space
to be sent as the content by rails.
 2013-07-19 11:14:55 +01:00
Tom Hughes
e5e6db8d0e Show a cookie warning on the signup page if cookies are disabled 2013-07-04 14:28:38 +01:00
Tom Hughes
2dc7c505fd Remove remaining action cache usage and related infrastructure 2013-06-25 17:47:54 +01:00
Tom Hughes
b7b68aee36 Simplify handling of verified emails in OpenID signup 
Also make sure that all paths that lead to OpenID based signup
will notice a verified email properly.
 2012-10-30 21:43:38 +00:00
Kai Krueger
104727f889 Trust Google and Yahoo to return valid email addresses 
Both Google and Yahoo guarantee that the email address they return
during the OpenID authentication are emails that they have already
verified:

  http://stackoverflow.com/q/5639419

Therefore special case these OpenID providers and automatically
activate the new users account without requiring a separate email
verification step.

This therefore reduces the signup procedure by one step and makes
it easier for new users of these OpenID providers, which cover the
majority of users.
 2012-10-30 19:14:45 +00:00
Paweł Paprota
ad43499205 Implemented Gravatar support 2012-10-18 18:59:38 +01:00
Tom Hughes
3ce4de1295 Add a /api/0.6/user/NNNN call to the API 2012-09-24 18:44:11 +01:00
Gnonthgol
fcddf920a3 Remove the "We are changing the license" flash on the login page 2012-09-14 15:24:36 +01:00
Tom Hughes
573991e5a9 Fixup make_friend and remove_friend properly 
Requests using POST are now actioned immediately, while requests
using GET present a confirmation page.
 2012-08-15 20:13:14 +01:00
Tom Hughes
703c1a83e6 Show the correct reconfirm link for OpenID login attempts 2012-07-27 21:30:06 +01:00
Tom Hughes
d38e476fa6 OpenID attributes returned via AX seem to be arrays now 2012-07-27 21:27:45 +01:00
Tom Hughes
16beaef5cf Don't try and store a user record in the session 
A user record that has come from the database can't be stored in
the session as it contains singletons that can't be serialised.
 2012-06-30 19:17:04 +01:00
Tom Hughes
d7d317f694 Mark yet more methods as needing write access to the database 2012-04-02 19:08:47 +01:00
Tom Hughes
e1ce75ec49 Mark some extra methods as needing write access to the database 2012-04-02 18:40:05 +01:00
Tom Hughes
987c52f53e Only require a readable database for login, not a writable one 2012-03-28 10:08:38 +01:00