cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
7685 commits 4 branches 1 tag 499 MiB
Commit graph

1490 commits

Author SHA1 Message Date
Tom Hughes
428e7d6baa Merge remote-tracking branch 'openstreetmap/pull/1467' 2017-02-26 22:22:48 +00:00
Simon Poole
12013f60a0 Externalize message about missing OAuth capabilities/permissions and make it less technical 2017-02-26 21:43:43 +01:00
Tom Hughes
40a8e5caf5 Add support for Content-Security-Policy 
Currently this is report only, and disabled unless a report URL has
been set in the application configuration.
 2017-02-26 19:48:13 +00:00
Tom Hughes
af72cb51e9 Fix rubocop warnings 2017-02-18 16:18:04 +00:00
Simon Poole
58c61c7962 Actually use user_block 2017-02-18 16:17:46 +01:00
Simon Poole
823f6b4d36 Add functionality to return a specific message for zero hour blocks 2017-02-18 13:53:21 +01:00
Tom Hughes
9fb382eaa9 Initialise locale before looking up user blocked error 2017-02-17 19:59:06 +00:00
Tom Hughes
e23541c20f Allow a POST with no arguments to trace#edit to fetch the form 2017-02-13 10:09:43 +00:00
Tom Hughes
c439f957ae Only add traces for POST requests 2017-02-09 21:07:44 +00:00
Tom Hughes
92fe7a8506 Only create diary entries for POST requests 2017-02-09 21:07:18 +00:00
Tom Hughes
afa82bd2b1 Render message properly on error 2017-02-09 20:20:55 +00:00
Tom Hughes
4709d90594 Only send messages for POST requests 2017-02-09 19:37:48 +00:00
Tom Hughes
94ab5c3635 Make TraceController#list sort by id instead of timestamp 
The effect is much the same but id is guaranteed to give a stable
sort if two traces have the same timestamp.
 2017-02-05 16:18:56 +00:00
Tom Hughes
c8671c137a Update rubocop 2017-02-05 11:12:37 +00:00
Tom Hughes
96c91757fc Don't try and look up traces until the user is logged in 
Fixes #1411
 2017-01-11 21:11:37 +00:00
Tom Hughes
777b19c775 Make export action send TOTP cookie 2017-01-02 22:51:18 +00:00
Tom Hughes
9a82ae069a Remove dot prefix from cookie domain 2017-01-02 21:33:58 +00:00
Tom Hughes
d83cc0f15b Reduce TOTP cookie expiry to one hour 2017-01-02 21:17:37 +00:00
Tom Hughes
17135cad03 Add support for generating TOTP cookies 
This allows other sites in the openstreetmap.org domain to validate
that requests are coming from a www.openstreetmap.org user.
 2017-01-02 19:01:01 +00:00
Tom Hughes
c8f26592a7 Fix rubocop warnings 2016-12-02 22:01:40 +00:00
Tom Hughes
ec6e096274 Remove redundant creation of an exception object 2016-12-02 09:38:18 +00:00
Matt Amos
8b03371e10 Make API and web roll back any open transactions on timeout 
By default the exception thrown by Timeout::timeout is caught
using Kernel::catch so that it cannot be stopped by intermediate
exception handlers. The problem with that is that it stops any
database transactions that were in progress being rolled back
because they never see the exception.

Fortunately passing a class to Timeout::timeout changes it's
behaviour so that the exception is thrown and caught in the normal
way, allowing the database transactions to rollback.
 2016-12-02 09:31:45 +00:00
Andy Allan
f464e2a6e9 Suppress XML parsing errors. 
This technique was already used in app/models/changeset.rb

This suppresses the error messages when parsing invalid XML, but
the exceptions are still raised, as tested in test_from_xml_double_lat
in test/models/node_test.rb
 2016-10-26 10:35:03 +01:00
Tom Hughes
e17b89e89f Fix rubocop warnings 2016-10-20 22:35:51 +01:00
Mikel Maron
be40536440 merge upstream/master and resolve conflicts from https://github.com/openstreetmap/openstreetmap-website/pull/1318 2016-10-12 10:52:05 -04:00
Andy Allan
41e05f0929 Remove unnecessary controller references from the redirect hashes. 
Rails redirect_to uses the current controller by default, so there
is no need to re-iterate this in the code when the redirect targets
the current controller.

The short-form is already used elsewhere, this just tidies up those
which were still using the long-form.
 2016-10-12 14:32:49 +01:00
Mikel Maron
a32076abd6 fix rubocop warnings 2016-10-07 06:32:05 -04:00
Mikel Maron
e055eaf690 tests passing 2016-10-06 21:33:47 -04:00
Mikel Maron
3c01d2e80d more idiomatic models for diary entry subscriptions 2016-10-06 20:31:10 -04:00
Andy Allan
3f698e1d15 Fix bugs->notes in comment 2016-10-06 08:59:24 +01:00
Mikel Maron
44b08cc35d not api endpoints, moved to button, fixed notifier message, fixed tests 2016-10-03 22:20:04 -04:00
Mikel Maron
443080d7b0 WIP diary comment subscriptions 2016-10-03 15:04:22 -04:00
Tom Hughes
d73128271f Fix rubocop warnings 2016-09-26 12:38:54 +01:00
Sarah Hoffmann
5efbc8a8b7 look for extra place tags in Nominatim search results 
Administrative boundaries at municipality level are generally
better described by the place node (as town, village etc.).
Nominatim exports the place type in extratags if it was able
to merge place nodes with admin boundaries. Use this preferably
to create the descriptive term.
 2016-09-26 13:00:10 +02:00
Tom Hughes
5f4dcd34ff Fix some rubocop warnings 2016-09-15 22:41:07 +01:00
Tom Hughes
d82f9d12ce Fix new rubocop warnings 2016-09-15 19:21:00 +01:00
Tom Hughes
b72bc8bf30 Improve code readability 2016-08-19 12:31:45 +01:00
Simon Poole
c6fe828286 Fix rubocop warnings 2016-08-19 09:31:47 +02:00
Simon Poole
0837205d02 Merge message when Gravatar status has changed with email confirmation 
Merge message when Gravatar status has changed with email confirmation and make messages more verbose and friendly.
 2016-08-19 08:59:40 +02:00
Simon Poole
90b7101cc3 Add tests for change of gravatar use depending on email 2016-08-16 22:09:11 +02:00
Simon Poole
05cd781b25 Remove default enabling of gravatar, check on initial confirmation of e-mail address and on any changes afterward if 
a gravatar exists and enable then if the user hasn't uploaded a picture.
 2016-08-16 21:42:02 +02:00
Tom Hughes
13c2ac5cdb Reorder auth_success handlers 
Only treat auth_success as a possible login attempt if we're not
in the middle of validating a new user, or a change to a user.

Also validate the uniqueness of external auth credentials at the
rails level rather than just at the database level, and make sure
any errors are properly reported.

Fixes #1265
 2016-08-14 18:30:13 +01:00
Tom Hughes
72e71b9972 Fix rubocop warnings 2016-06-09 22:18:28 +01:00
Tom Hughes
6be39fca2f Make support email address configurable 2016-03-20 18:58:50 +00:00
Tom Hughes
f0fa701563 Treeat user as logged in after a password reset 
Fixes #1160
 2016-02-26 16:30:32 +00:00
Tom Hughes
480c17be58 Preserve username and "remember me" when login fails 
Fixes #1159
 2016-02-26 15:32:40 +00:00
Tom Hughes
5d3ecffa28 Fix new rubocop warnings 2016-02-05 13:35:26 +00:00
Tom Hughes
8fe1899596 Fix rubocop warnings 2016-01-19 09:51:24 +00:00
Tom Hughes
4028f4cdb9 Rework locale selection 
Implement our own matching algorithm rather than trying to
patch the http_accept_language one and make sure everything is
using it in a consistent way.

Fixes #1125
 2016-01-06 18:43:25 +00:00
Tom Hughes
67f3658431 Preserve URL fragments through external authentication 
Fixes #1102
 2015-12-12 16:08:09 +00:00