X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c819bec8b7b81fb2766a67247440375e4a837d10..a83030dab7512c4b2848e777f7a7dbff456774b3:/app/controllers/application_controller.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 049f6e02e..a24df48e0 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,6 +5,7 @@ class ApplicationController < ActionController::Base before_action :fetch_body + attr_accessor :current_user helper_method :current_user def authorize_web @@ -28,9 +29,7 @@ class ApplicationController < ActionController::Base end end elsif session[:token] - if self.current_user = User.authenticate(:token => session[:token]) - session[:user] = current_user.id - end + session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token]) end rescue StandardError => ex logger.info("Exception authorizing user: #{ex}") @@ -49,7 +48,7 @@ class ApplicationController < ActionController::Base end def require_oauth - @oauth = @user.access_token(OAUTH_KEY) if current_user && defined? OAUTH_KEY + @oauth = current_user.access_token(OAUTH_KEY) if current_user && defined? OAUTH_KEY end ## @@ -345,7 +344,7 @@ class ApplicationController < ActionController::Base # or raises a suitable error. +method+ should be a symbol, e.g: :put or :get. def assert_method(method) ok = request.send((method.to_s.downcase + "?").to_sym) - raise OSM::APIBadMethodError.new(method) unless ok + raise OSM::APIBadMethodError, method unless ok end ## @@ -365,7 +364,7 @@ class ApplicationController < ActionController::Base yield end rescue ActionView::Template::Error => ex - ex = ex.original_exception + ex = ex.cause if ex.is_a?(Timeout::Error) || (ex.is_a?(ActiveRecord::StatementInvalid) && ex.message =~ /execution expired/) @@ -380,9 +379,7 @@ class ApplicationController < ActionController::Base ## # ensure that there is a "this_user" instance variable def lookup_this_user - unless @this_user = User.active.find_by(:display_name => params[:display_name]) - render_unknown_user params[:display_name] - end + render_unknown_user params[:display_name] unless @this_user = User.active.find_by(:display_name => params[:display_name]) end ## @@ -412,7 +409,9 @@ class ApplicationController < ActionController::Base def map_layout append_content_security_policy_directives( - :connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org valhalla.mapzen.com], + :child_src => %w[127.0.0.1:8111], + :connect_src => %w[nominatim.openstreetmap.org overpass-api.de router.project-osrm.org], + :form_action => %w[render.openstreetmap.org], :script_src => %w[graphhopper.com open.mapquestapi.com], :img_src => %w[developer.mapquest.com] ) @@ -426,6 +425,10 @@ class ApplicationController < ActionController::Base request.xhr? ? "xhr" : "map" end + def allow_thirdparty_images + append_content_security_policy_directives(:img_src => %w[*]) + end + def preferred_editor editor = if params[:editor] params[:editor] @@ -462,22 +465,10 @@ class ApplicationController < ActionController::Base authdata = request.env["HTTP_AUTHORIZATION"].to_s.split end # only basic authentication supported - if authdata && authdata[0] == "Basic" - user, pass = Base64.decode64(authdata[1]).split(":", 2) - end + user, pass = Base64.decode64(authdata[1]).split(":", 2) if authdata && authdata[0] == "Basic" [user, pass] end - # used to get the current logged in user - def current_user - @user - end - - # used to set the current logged in user - def current_user=(user) - @user = user - end - # override to stop oauth plugin sending errors def invalid_oauth_response; end end