cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11494 commits 4 branches 1 tag 499 MiB
Commit graph

918 commits

Author SHA1 Message Date
Andy Allan
bb7f5ac2c8 Switch to using FrozenRecord for loading communities 
This allows us to query the records to get the local chapters, which
is more flexible and allows us to use other resources too.
 2022-07-27 16:19:08 +01:00
Tom Hughes
5966acc207 Merge remote-tracking branch 'upstream/pull/3300' 2021-10-07 17:45:07 +01:00
Tom Hughes
cb10c10ea3 Merge remote-tracking branch 'upstream/pull/3332' 2021-09-29 19:10:22 +01:00
Tom Hughes
22377cbdd4 Fix new rubocop warning 2021-09-29 18:54:56 +01:00
Andy Allan
9ab15f38ea Move the tracepoint coordinate format test to the controller test 
This allows us to remove the model method
 2021-09-29 15:25:28 +01:00
Andy Allan
dfcecb0118 Remove the ObjectMetadata concern, since it's only used in tests now 2021-09-15 17:05:50 +01:00
Andy Allan
baea8dc10e Remove unused to_xml and to_xml_node methods from models 2021-09-15 17:05:50 +01:00
Tom Hughes
6c6e8883f7 Introduce privileged scopes that only an administrator can enable 2021-08-26 17:22:24 +01:00
Tom Hughes
f1935b1c57 Merge remote-tracking branch 'upstream/pull/3257' 2021-07-21 19:24:31 +01:00
Tom Hughes
cd9a72e669 Merge remote-tracking branch 'upstream/pull/3263' 2021-07-21 12:16:08 +01:00
Tom Hughes
377f394a7c Treat association between users and OAuth 2 applications as polymorphic 2021-07-21 11:52:10 +01:00
Andy Allan
37b03e47c6 Fix various code comments 
These were found as part of #3233
 2021-07-21 11:24:23 +01:00
Tom Hughes
4d47cff5e1 Merge remote-tracking branch 'upstream/pull/3237' 2021-07-21 11:24:17 +01:00
Andy Allan
9b8f2bbcbe Remove code complexity around resetting language preferences 
This was originally introduced since we saved the user and showed
the result on the same action. Now that the preferences controller
saves and redirects, the user model and associated language preferences
are reloaded between requests, and this code is no longer required.
 2021-07-14 17:40:20 +01:00
Tom Hughes
da546af22e Allow acls to match on parent domains 2021-07-06 10:13:33 +01:00
Tom Hughes
b4a1e41968 Switch web site to use OAuth 2 2021-06-27 19:00:36 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
9603d718c2 Fix calculation of friendship rate limit 2021-05-11 15:49:48 +01:00
Tom Hughes
84c601460f Add rate limiting to user friendships 2021-05-11 12:10:36 +01:00
Tom Hughes
25510b6616 Add additional limits on sending messages 
Additional limits apply to new accounts and accounts with
unresolved issues reported against them.

Fixes #3135
 2021-03-31 22:40:34 +01:00
Tom Hughes
2d50a84004 Fix new rubocop warnings 2021-02-16 21:14:54 +00:00
Tom Hughes
3c4f32a760 Validate avatar images 
Closes #3097
 2021-02-16 17:37:18 +00:00
Tom Hughes
0654be27f9 Fix new rubocop warnings 2021-01-11 19:17:31 +00:00
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Tom Hughes
384ac46102 Convert id column for oauth_nonces to bigint 2020-12-14 14:48:59 +00:00
Tom Hughes
88ba316abe Merge remote-tracking branch 'upstream/pull/2999' 2020-12-09 14:51:04 +00:00
Tom Hughes
bfffe7ed96 Prefer string interpolation to concatenation 2020-11-13 11:32:28 +00:00
Tom Hughes
582402ba8f Prefer keyword arguments when method has optional boolean arguments 2020-11-13 10:22:55 +00:00
Andy Allan
a65cb84288 Remove unused code 2020-11-11 16:43:58 +00:00
Tom Hughes
7db541d697 Invalidate existing sessions when changing email or password 
As we don't have any way to actually find the active sessions for
an account we instead store a fingerprint in the session, and refuse
to use any session with a different fingerprint.
 2020-09-29 14:34:08 +01:00
Tom Hughes
c694c78c9a Delete any outstanding tokens when a user changes their email 
This ensures that any tokens previously sent to the old email address
can no longer be used if somebody were able to access that address.
 2020-09-29 13:47:40 +01:00
Tom Hughes
18b9b9f14c Fix new rubocop warnings 2020-09-07 07:11:22 +01:00
Tom Hughes
c2af89c00e Fix rubocop Style/SoleNestedConditional warnings 2020-09-02 18:54:55 +01:00
Tom Hughes
b7432e9432 Handle new rubocop warnings 2020-09-02 07:18:21 +01:00
Tom Hughes
ea59d95f4a Fix some new rubocop warnings 2020-08-06 22:27:30 +01:00
Tom Hughes
0e2a66e8de Fix new rubocop warnings 2020-08-06 18:42:16 +01:00
Tom Hughes
2d3972249c Fix some rubocop todos 2020-08-02 19:38:58 +01:00
Tom Hughes
6c159b9673 Fix the Command Injection warnings from Brakeman 2020-07-31 15:54:06 +01:00
Tom Hughes
9f993fe8c8 Fix new rubocop warnings 2020-07-07 10:44:52 +01:00
Tom Hughes
3abeeb7f41 Require open3 before using it 2020-06-26 19:40:37 +01:00
Tom Hughes
39b60219fe Fix new rubocop warnings 2020-06-11 19:21:41 +01:00
Andy Allan
0a33c66146 Convert lib files to model concerns 2020-06-03 16:44:26 +02:00
Tom Hughes
7e925c3c00 Look at all note comments to find the close event 
Fixes #2612
 2020-05-06 14:06:04 +01:00
Andy Allan
32e46ad4e3 Remove tempfile patch for trace data 
Effectively reverts c0d2ad40c3

This patch is no longer required, since we only use send_data in
combination with Tempfile.read and that all works fine.
 2020-04-22 15:16:46 +02:00
Tom Hughes
64b3e289ac Merge remote-tracking branch 'upstream/pull/2597' 2020-04-22 13:34:19 +01:00
Andy Allan
35db86714b Use Open3.capture2 instead of backticks, to avoid command line injection risks 
In this situation, trace_name can be trivially checked as legitimate, but this
removes any lingering risks from interpolating into a command line instead of
passing parameters explicitly.

Refs #2229
 2020-04-22 13:57:32 +02:00
Andy Allan
a219df24ca Ensure that urls are only valid if the entire string is a url 
This replaces our homegrown regexps (that didn't quite work) with
ruby built-in regexps, and uses the termination anchor to ensure
that the entire string, not just the first part, is validated.
 2020-04-01 17:53:37 +02:00
Andy Allan
73c95847a6
Merge pull request #2485 from mmd-osm/patch/json2 
JSON output nodes, ways, relations, map
 2020-02-26 15:55:48 +01:00
Tom Hughes
7b0d3aaf9f Fix translation names 2020-01-09 11:00:46 +00:00
Tom Hughes
b1e1572af3 Don't validate the revoker for a block if it hasn't changed 
The revoker only has to be a moderator at the time they make the
revocation - as things stood trying to view a block that had been
revoked by somebody that was no longer a moderator failed.
 2020-01-09 10:59:34 +00:00