cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14058 commits 4 branches 1 tag 499 MiB
Commit graph

242 commits

Author SHA1 Message Date
Milan Cvetkovic
4965c19b7a Re-introduce additional round trip for verifying auth_provider 2024-04-29 11:32:54 +00:00
Milan Cvetkovic
c486dd5532 Rename verified_email to email_hmac parameter in /users/new 2024-04-29 11:32:54 +00:00
Milan Cvetkovic
0c7c950149 Add social signin buttons to signup screen, avoid repeating round trip to auth provider. 2024-04-27 12:44:10 +01:00
Milan Cvetkovic
f8a606869e Remove email confirmation field in signup form 2024-04-27 12:44:09 +01:00
Milan Cvetkovic
1276fb944a Merge login and terms screens, assume TOU and contributor terms are accepted on /user/new form 
This eliminates the need for "terms" screen after /user/new form..
Terms screen is still required for legacy users who never accepted the terms.
 2024-04-27 12:44:09 +01:00
Anton Khorev
bde2faac58 Remove assert_response when followed by assert_redirected_to 2024-03-03 10:56:50 +03:00
Andy Allan
52f755cb27
Merge pull request #4535 from tomhughes/rails-tokens 
Use rails generated tokens for emails
 2024-02-25 11:32:15 +01:00
Tom Hughes
1b5200b797 Treat github and wikipedia provided emails as confirmed 
Fixes #4270
 2024-02-25 10:04:18 +00:00
Tom Hughes
4dff06a629 Use rails tokens for signup confirmations 2024-02-24 13:53:05 +00:00
Anton Khorev
5411be6750 Test changeset commenting 2024-02-12 01:23:23 +03:00
Anton Khorev
61c32388a9 Test notices of disabled changeset commenting 2024-02-12 01:23:23 +03:00
Tom Hughes
db0a80e563 Test that mismatched passwords are rejected 2024-01-12 17:55:16 +00:00
Tom Hughes
1fd10c0935 Test that signups can be confirmed and can authenticate afterwards 2024-01-12 17:55:16 +00:00
Andy Allan
f22ecd6309 Avoid running integration tests in every locale 
We have over 200 locales, and so this takes a long time. This reduces
time taken from around 200 seconds to 6 to run these tests.
 2023-12-20 11:45:08 +00:00
Tom Hughes
12b4d11d44 Use SecureRandom to generate user tokens 2023-12-04 17:25:57 +00:00
Tom Hughes
3e3873a7c2 Fix test as rails no longer seems to return a body for redirects 2023-10-18 18:26:14 +01:00
Milan Cvetkovic
408f2918d0 Load openid signing key from endpoint during openid connect test 2023-10-03 18:55:10 +01:00
Milan Cvetkovic
2d5acd199b Add test for openid discovery 2023-10-03 18:55:10 +01:00
Milan Cvetkovic
1f62a2b342 Add a test for openid connect support 2023-10-03 18:55:10 +01:00
Tom Hughes
6759130cb3 Test that suspended and deleted users can't use OAuth tokens 2023-08-25 12:10:32 +01:00
Tom Hughes
477f700cfa Logout while testing OAuth 1 token usage 
This ensures we're not accidentally inheriting any session permissions.
 2023-08-25 09:44:25 +01:00
Tom Hughes
b9f9c0f3cc Separate authenticating user from application owner in OAuth 1 tests 2023-08-25 08:51:41 +01:00
Milan Cvetkovic
ad164d384e Change provider name to "microsoft" 2023-08-20 10:19:30 +01:00
Milan Cvetkovic
b3e13eb752 Update tests for microsoft_graph endpoints 2023-08-20 10:17:42 +01:00
Milan Cvetkovic
7428da74c2 Use omniauth-microsoft_graph instead of omniauth-windowslive 
Omniauth-microsoft_graph correctly populates 'email' and 'name' fields used by OpenStreetMap.
It also  uses updated endpoints for Microsoft identity provider.

Use email address returned by microsoft_graph provider as a verified address.

Upgrading exisiting users from windowslive to microsoft_graph:
 - upon next login existing `windowslive` users will have to authorizei
   OpenStreetMap application to "Read Your Profile," required for proper reading
   of display name field.

The name of the identity provider in OSM is kept to 'windowslive':
 - the entries in users table with `provider == 'windowslive'`
   can be reused for microsoft_graph provider, since
   the uid field is preserved. Users will not need to repeat the sign up process.
 - OAuth2 callback is still `/auth/windowslive`, no updates to Microsoft Identity Provider portal
   App registration are necessary.
 2023-08-17 13:01:15 +00:00
Andy Allan
e9e4b10473
Merge pull request #3907 from Dimitar5555/patch-1 
Facelift `offline.html` and use Bootstrap classes for "notifications" under the search bar
 2023-06-14 14:08:38 +01:00
Dimitar
318064b2a7 Facelift offline.html and use Bootstrap classes for "notifications" 
Update site_controller_test.rb

Update site_controller_test.rb

Remove whitespace

Reset Settings.status after test is done

Update test for offline page

Update site_controller.rb

Fix indentation

Update offline controller

Update offline.html.erb

Remove flash CSS classes and fix missed tests

Updated tests

Address most PR comments

Update _flash.html.erb

Update _flash.html.erb

Update edit.html.erb

Update offline.html.erb
 2023-03-26 13:57:51 +03:00
Tom Hughes
2b3133d2e8 Fix new rubocop warnings 2023-02-28 15:20:33 +00:00
Andy Allan
415ac577f3 Remove some old debugging comments 2022-12-21 12:05:15 +00:00
Tom Hughes
f4749eccf1 Test that verified emails from OAuth signups are accepted automatically 2022-07-26 17:33:59 +01:00
Andy Allan
934d81aa55 Bootstrap 5: Replace all form-group classes with mb-3 2022-07-20 14:42:57 +01:00
Tom Hughes
03cad948e3 Fix new rubocop warnings 2022-03-15 19:24:09 +00:00
Harry Wood
02338a80e1 Make oauth register app link into button 
Cosmetic tweak. On the OAuth 1 setting tab, make "Register your app" into a button not a link

Also put the applications in a <ul>
 2022-03-08 15:18:53 +00:00
Tom Hughes
b5f06e06c1 Fix rubocop Rails/TimeZone warnings 2022-03-01 22:55:10 +00:00
Andy Allan
a8e8ba1a64 Refactor the account edit/update pages out into a separate accounts controller 2021-12-08 15:17:50 +00:00
Andy Allan
2b84452222 Remove custom margins on sidebar headings 
Margin-top in particular is best avoided. The removal of some top
margins required a few corresponding changes to add bottom margins
to other features, mostly done by converting bare text strings to
live within paragraphs.
 2021-11-03 18:16:38 +00:00
Tom Hughes
94b327ddfc Test third party logins to pending/suspended/blocked accounts 2021-10-24 10:36:30 +01:00
Andy Allan
6ab522b2b3 Convert account setting menu to tabs, and include on other pages 
This makes it easier to navigate around these pages. Since each tab
corresponds to a given controller, this makes the selection of active
tabs straightforward.
 2021-08-18 14:30:35 +01:00
Tom Hughes
e4ce1c5f2f Check that the permission is non-zero 
Fixes #3241
 2021-07-01 16:35:29 +01:00
Tom Hughes
a32b751fed Remove some references to webmaster 2021-06-29 19:22:31 +01:00
Tom Hughes
8d76be71bb Merge remote-tracking branch 'upstream/pull/3177' 2021-06-24 08:43:18 +01:00
Tom Hughes
f6818bb2ed Avoid accidental locale changes in tests 2021-06-22 19:05:55 +01:00
Tom Hughes
63e4a89323 Fix new ruboop warnings 2021-06-22 18:34:15 +01:00
Andy Allan
c8f0a81eb7 Rework sidebar to use padding on the sidebar_content div 
This saves every header, list, paragraph etc having to sort out their own padding. The couple of instances where we want edge-to-edge can be acheived using the negative margin spacing utilities.

The padding is based on $spacer so that it can be adjusted automatically via bootstrap configuration.

This also means that we can remove many (mis-)uses of the browse-section class, which is only supposed to be for cases where there are multiple browse-sections in sequence (e.g. multiple nodes in the node history browse pages).
 2021-06-16 15:45:58 +01:00
Tom Hughes
f064a18a16 Add tests for OAuth2 2021-05-18 12:05:33 +01:00
Andy Allan
094d6c8bb9 Move confirmation methods into ConfirmationsController 2021-04-07 16:05:32 +01:00
Andy Allan
f18baae22e Refactor login/logout into sessions controller 
Certain controller methods are shared with oauth-based logins, and these have been
moved to a concern.
 2021-03-24 11:32:46 +00:00
Tom Hughes
3512d6303c Fix new rubocop warnings 2021-03-23 19:48:13 +00:00
Andy Allan
38ad8fbc36 Use login_path instead of explicit controller and actions 
This makes future refactoring easier.
 2021-03-10 14:31:55 +00:00
Tom Hughes
1f136a84a6 Prevent CSRF bypass with login form 2021-02-10 20:39:23 +00:00