Milan Cvetkovic 15623aa35a Social sign-in: avoid re-authorization in users_controller#create ... It does not add any additional guards against malicious users: Malicious user may attempt to invoke `POST /users/new` with bogus values for `auth_provider` and `auth_uid` resulting with a new account to which user would have a way to login, other than sending a password reset request. In some cases, re-authorization would introduce additional "Please login to your social account", or "Are you sure you want to be logged in" popup triggered by identity provider. This PR removes the re-authorization request from `POST /users/new` in authorization flow.		2024-05-30 05:43:45 +00:00
..
abilities	Prevent unauthenticated users commenting on notes via the API	2023-11-23 16:56:07 +00:00
controllers	Test unicode values in user preference keys and values	2024-05-16 17:51:33 +01:00
factories	Fix rubocop warning	2024-04-21 19:07:16 +01:00
gpx/fixtures	Remove unused directories	2020-03-18 15:04:18 +01:00
helpers	OpenID connect icons to SVG	2024-05-16 21:16:28 +02:00
http	Remove Geonames and geocoder.ca	2023-01-09 21:23:48 +00:00
integration	Social sign-in: avoid re-authorization in users_controller#create	2024-05-30 05:43:45 +00:00
javascripts	Replace querystring parser with qs yarn module	2020-08-06 20:51:55 +01:00
jobs	Send trace import result notification immediately	2019-07-15 21:45:07 +01:00
lib	Fix new rubocop warnings	2024-01-23 18:14:28 +00:00
mailers	Move changeset subscribe/unsubscribe to resourceful routes	2024-03-16 06:11:07 +03:00
models	Rename update element consistency check	2024-03-30 10:57:39 +03:00
system	Add preferred provider social signup	2024-04-29 11:32:54 +00:00
validators	Use assert_not_predicate in tests that have assert_predicate	2024-01-03 16:01:17 +03:00
application_system_test_case.rb	Replace "Login" labels with "Log in" when used as a verb	2024-03-14 15:34:12 +00:00
test_helper.rb	Move changeset show action to changesets controller	2024-03-01 10:48:30 +03:00