cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14058 commits 4 branches 1 tag 499 MiB
Commit graph

452 commits

Author SHA1 Message Date
Andy Allan
ffda8d7ac5
Merge pull request #4680 from tomhughes/validate-page-numbers 
Add parameter validation to pagination
 2024-05-15 17:43:04 +01:00
Anton Khorev
eaacfbb911 Restore constraints on note id parameter 2024-05-01 13:17:14 +03:00
Tom Hughes
feff501b25 Add framework for parameter validation using rails_param gem 2024-04-11 10:08:20 +01:00
Tom Hughes
d2688d4d63 Merge remote-tracking branch 'upstream/pull/4639' 2024-04-01 18:37:27 +01:00
Anton Khorev
765165777e Rename api changesets index action 2024-03-30 08:26:58 +03:00
Anton Khorev
32f13f5d68 Redirect from old diary comments pagination 2024-03-29 08:09:26 +03:00
Anton Khorev
180a61bcc3 Move trace pictures/icons into their own controllers 2024-03-27 13:25:28 +03:00
Anton Khorev
3a5f0c4845 Move changeset subscribe/unsubscribe to resourceful routes 2024-03-16 06:11:07 +03:00
Anton Khorev
54dec27949 Move current element actions to their own controllers 2024-03-15 03:24:45 +03:00
Anton Khorev
d87d06fee5 Move element history actions to old element controllers 2024-03-14 18:10:18 +03:00
Anton Khorev
c8af388ac2 Use :module to specify api controllers module 2024-03-13 19:01:26 +03:00
Anton Khorev
ad96da4518 Rename api element version path helper 2024-03-04 11:28:50 +03:00
Anton Khorev
cbf6b39464 Rename api element version action to show 2024-03-04 11:19:50 +03:00
Anton Khorev
c1b5ae0aa0 Move changeset show action to changesets controller 2024-03-01 10:48:30 +03:00
Tom Hughes
f0764d3eca Add unsubscribe link to changeset notification mails 2024-02-25 09:48:11 +00:00
Tom Hughes
f5aa031b58 Rename path for changeset API subscription methods 2024-02-25 09:48:11 +00:00
Anton Khorev
3a873b1668 Add diary entry subscribe/unsubscribe GET pages 2024-02-17 05:43:13 +03:00
Anton Khorev
00123f05ba Add relation version pages 2024-01-23 22:08:39 +03:00
Anton Khorev
2f222c49dd Add way version pages 2024-01-23 22:08:39 +03:00
Anton Khorev
85c284aaa6 Add node version pages 2024-01-23 22:08:39 +03:00
Anton Khorev
8682b58154 Add revoke all blocks link 2024-01-07 15:15:28 +03:00
Gregory Igelmund
efc61f1315 Add basic structures for UserMute and Message muting logic 
Including models, migration, controllers, views & locales.
 2023-12-19 12:57:47 -05:00
Andy Allan
4bca24a7be Resourceful routing for passwords 
This also matches the routes used by devise
 2023-12-06 18:41:00 +00:00
Milan Cvetkovic
64bcf7652b Add openid connect support using doorkeeper-openid_connect gem 
... as discussed in [Issue 507](https://github.com/openstreetmap/operations/issues/507)
and described by @mmd-osm.

To activate, set the value of `doorkeeper_signing_key` to RSA private key.

Allows using openstreetmap as an identity provider.

Adds `openid` scope to OAuth2 authorizations, required to login to OSM.

Currently, the only claims returned are:
 - "openid" scope: "sub" and "preferred_username"
 - "read_email" scope: "email"
 2023-10-03 18:53:47 +01:00
Milan Cvetkovic
8a22bfb222 Add unconfigured doorkeeper-openid_connect 
After executing:
rails generate doorkeeper:openid_connect:install
rails generate doorkeeper:openid_connect:install

Split migration script to 2 to avoid deadlock.
 2023-10-03 18:53:09 +01:00
Anton Khorev
71654e563e Add show user block api endpoint 2023-09-09 15:53:22 +03:00
Tom Hughes
c909b29c35 Replace page numbers with ID based selection for trace indexes 2023-07-23 19:28:37 +01:00
Tom Hughes
8919c8c404 Use POST for geocoder backends 
The geocoder backend calls are a private implementation detail
and using POST enables request forgery checks and makes scraping
of nominatim via the backend calls harder.
 2023-03-07 17:24:48 +00:00
Andy Allan
9748ce301c Move browse#note to notes#show 
This allows a more resourceful routing approach.
 2023-02-01 17:13:41 +00:00
Andy Allan
b5046fdcd0 Move browse#new_note to notes#new 
This allows a more resourceful routing approach.
 2023-02-01 17:13:41 +00:00
Andy Allan
f7367baa6b Rename api_notes resource to avoid conflict with non-API resource 
This allows using e.g. note_path for notes#show in the future.
 2023-01-25 19:01:57 +00:00
Richard Fairhurst
b7887b049f Remove Geonames and geocoder.ca 2023-01-09 21:23:48 +00:00
Tom Hughes
27e9965dd2 Require integer IDs for diary_entries#show 
Fixes #3865
 2022-12-29 17:14:05 +00:00
Tom Hughes
8cef62cd2c Merge remote-tracking branch 'upstream/pull/3301' 2022-11-22 18:47:24 +00:00
Robbendebiene
ed1112bcef Allow setting HTTP ACCEPT header for notes API 
Previously the notes API return type could only be specified by appending the file extension like .json or .rss
 2022-09-23 11:40:19 +02:00
Adam Hoyle
7e5cbe87ed Merge branch 'master' into feature/add-communities-page 
# Conflicts:
#	Gemfile.lock
#	package.json
#	yarn.lock
 2022-09-10 16:13:17 +01:00
Andy Allan
6c1d73a509 Allow users to delete their own accounts 
This PR allows users to delete their own accounts. The logic implemented matches
that currently used by the admins when they manually close accounts, although
there is room to be more complex in future e.g. completely removing accounts
with no content.

The error handling has been slightly adapted for namespaced controllers, by
anchoring the controller name with a leading forward slash.
 2022-02-09 16:15:24 +00:00
Tom Hughes
b0288b83bb Allow PATCH for OmniAuth requests 
This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.

As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.
 2021-12-27 10:34:24 +00:00
Andy Allan
a8e8ba1a64 Refactor the account edit/update pages out into a separate accounts controller 2021-12-08 15:17:50 +00:00
Adam Hoyle
dd1f997033 Remove redundant route 2021-10-17 22:33:54 +01:00
Adam Hoyle
06c2db433d Merge branch 'master' into feature/add-communities-page 2021-09-27 19:30:25 +01:00
Andy Allan
cb7b79a58f Split the non-public information off of the profile page 
This opens up many possibilities for more interesting things to be
shown on the dashboard, as well as making it easier to find if
you have lots of content in your profile.
 2021-08-18 13:32:36 +01:00
Adam Hoyle
26aecfb2bf add route to pass locale 2021-08-10 10:13:24 +01:00
Adam Hoyle
d8d1ab1776 add route for communities 2021-08-07 15:46:39 +01:00
Andy Allan
caf2e2a242 Move profile-related settings to their own form 
Refs #3167
 2021-07-14 17:45:19 +01:00
Andy Allan
2403630da8 Split user preferences into a separate page 
Refs #3167
 2021-07-14 17:40:20 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Andy Allan
094d6c8bb9 Move confirmation methods into ConfirmationsController 2021-04-07 16:05:32 +01:00
Andy Allan
7a66c6d4eb Split password reset functionality into PasswordsController 2021-04-07 16:05:28 +01:00
Andy Allan
f18baae22e Refactor login/logout into sessions controller 
Certain controller methods are shared with oauth-based logins, and these have been
moved to a concern.
 2021-03-24 11:32:46 +00:00