This avoids having to build them in multiple places and also
ensures we link to what was actually searched rather than some
random string from the locale file.
Fixes#3205. Added caching of nominatim URL query parameters in sources global variable (as parameters parameter) in GeocoderController#search for both direct and reverse geocoding. In app/views/geocoder/search.html.erb added displaying cached URL as forwarding link when clicked on "OpenStreetMap Nominatim" label. Updated GeocoderControllerTest to check only name (latlng, osm_nominatim, osm_nominatim_reverse) parameter of new sources variable.
It does not add any additional guards against malicious users:
Malicious user may attempt to invoke `POST /users/new` with bogus
values for `auth_provider` and `auth_uid` resulting
with a new account to which user would have a way to login, other than
sending a password reset request.
In some cases, re-authorization would introduce additional
"Please login to your social account", or "Are you sure you want to be logged in"
popup triggered by identity provider.
This PR removes the re-authorization request from `POST /users/new` in authorization flow.
Fixes the following:
- `users_controller#new` loses referer in authorization scenario, when it was invoked after social signup succeded
- the second invocation of `auth_success`, triggered by re-authorization initiated from `users_controller#create`
does not have referrer field set
- as a result, the final welcome screen does not offer final authorization, and drops into ID instead
Introduced by #4758.
Replace login.live.com with login.microsoftonline.com in CSP allow list.
The URL changed with the move from using the omniauth-windowslive plugin
to the omniauth-microsoft_graph plugin but wasn't noticed until now.
Only show the duplicate email message if we actually have errors
logged against the email field, and then show it as a warning.
In all other cases we show the generic informational hint about
social logins and pre-existing accounts.
- Add preferred provider for authorization to login and signup pages.
To use, the 3rd party application would have to add `preferred_provider=...`
parameter to OAuth2 authorization request.
- Resize 3rd party provider icons
- Add "login to authorize" heading to login and signup screens
