-//= require ohauth/ohauth
-
$(document).ready(function () {
var application_data = $("head").data();
- function makeAbsolute(url) {
- var a = document.createElement("a");
- a.href = url;
- return a.href;
- }
-
- if (application_data.token) {
- var headerGenerator = window.ohauth.headerGenerator({
- consumer_key: application_data.consumerKey,
- consumer_secret: application_data.consumerSecret,
- token: application_data.token,
- token_secret: application_data.tokenSecret
- });
-
- $.ajaxPrefilter(function (options, jqxhr) {
+ if (application_data.oauthToken) {
+ $.ajaxPrefilter(function (options) {
if (options.oauth) {
options.headers = options.headers || {};
- options.headers.Authorization = headerGenerator(options.type, makeAbsolute(options.url), jqxhr.data);
+ options.headers.Authorization = "Bearer " + application_data.oauthToken;
}
});
}
-# Update and read user preferences, which are arbitrayr key/val pairs
+# Update and read user preferences, which are arbitrary key/val pairs
module Api
class UserPreferencesController < ApiController
before_action :authorize
end
def require_oauth
- @oauth_token = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key)
+ @oauth_token = current_user.oauth_token(Settings.oauth_application) if current_user && Settings.key?(:oauth_application)
end
##
@new_comment = IssueComment.new(:issue => @issue)
end
- # Status Transistions
+ # Status Transitions
def resolve
if @issue.resolve
@issue.updated_by = current_user.id
end
data[:location] = session[:location] if session[:location]
-
- if oauth_token
- data[:token] = oauth_token.token
- data[:token_secret] = oauth_token.secret
- data[:consumer_key] = oauth_token.client_application.key
- data[:consumer_secret] = oauth_token.client_application.secret
- end
+ data[:oauth_token] = oauth_token.token if oauth_token
data
end
index = cval.to_i
cookies[ckey] = index - 1 if index.positive?
- # pick banner with mininum queue position
+ # pick banner with minimum queue position
next if index > min_index
# or if equal queue position, pick banner with soonest end date (i.e. next expiring)
# Generic checks that are run for the updates and deletes of
# node, ways and relations. This code is here to avoid duplication,
- # and allow the extention of the checks without having to modify the
+ # and allow the extension of the checks without having to modify the
# code in 6 places for all the updates and deletes. Some of these tests are
# needed for creates, but are currently not run :-(
# This will throw an exception if there is an inconsistency
has_many :client_applications
has_many :oauth_tokens, -> { order(:authorized_at => :desc).preload(:client_application) }, :class_name => "OauthToken"
- has_many :oauth2_applications, :class_name => Doorkeeper.config.application_model.name, :foreign_key => :owner_id
+ has_many :oauth2_applications, :class_name => Doorkeeper.config.application_model.name, :as => :owner
has_many :access_grants, :class_name => Doorkeeper.config.access_grant_model.name, :foreign_key => :resource_owner_id
has_many :access_tokens, :class_name => Doorkeeper.config.access_token_model.name, :foreign_key => :resource_owner_id
end
##
- # return an oauth access token for a specified application
+ # return an oauth 1 access token for a specified application
def access_token(application_key)
ClientApplication.find_by(:key => application_key).access_token_for_user(self)
end
+ ##
+ # return an oauth 2 access token for a specified application
+ def oauth_token(application_id)
+ application = Doorkeeper.config.application_model.find_by(:uid => application_id)
+
+ Doorkeeper.config.access_token_model.find_or_create_for(
+ :application => application,
+ :resource_owner => self,
+ :scopes => application.scopes
+ )
+ end
+
def fingerprint
digest = Digest::SHA256.new
digest.update(email)
nominatim_url: "https://nominatim.openstreetmap.org/"
# Default editor
default_editor: "id"
-# OAuth consumer key for the web site
-#oauth_key: ""
+# OAuth application for the web site
+#oauth_application: ""
# OAuth consumer key for iD
#id_key: ""
# Imagery to return in capabilities as blacklisted
"js-cookie": "^2.2.1",
"leaflet": "^1.6.0",
"leaflet.locatecontrol": "^0.74.0",
- "ohauth": "^1.0.0",
"qs": "^6.9.4"
},
"devDependencies": {
@goodbbox = %w[-0.1,-0.1,0.1,0.1 51.1,-0.1,51.2,0
-0.1,%20-0.1,%200.1,%200.1 -0.1edcd,-0.1d,0.1,0.1 -0.1E,-0.1E,0.1S,0.1N S0.1,W0.1,N0.1,E0.1]
# That last item in the goodbbox really shouldn't be there, as the API should
- # reall reject it, however this is to test to see if the api changes.
+ # really reject it, however this is to test to see if the api changes.
end
##
##
# updates the relation (XML) +rel+ and
# yields the new version of that relation into the block.
- # the parsed XML doc is retured.
+ # the parsed XML doc is returned.
def with_update(rel, headers)
rel_id = rel.find("//osm/relation").first["id"].to_i
put api_relation_path(:id => rel_id), :params => rel.to_s, :headers => headers
##
# updates the relation (XML) +rel+ via the diff-upload API and
# yields the new version of that relation into the block.
- # the parsed XML doc is retured.
+ # the parsed XML doc is returned.
def with_update_diff(rel, headers)
rel_id = rel.find("//osm/relation").first["id"].to_i
cs_id = rel.find("//osm/relation").first["changeset"].to_i
@goodbbox = %w[-0.1,-0.1,0.1,0.1 51.1,-0.1,51.2,0
-0.1,%20-0.1,%200.1,%200.1 -0.1edcd,-0.1d,0.1,0.1 -0.1E,-0.1E,0.1S,0.1N S0.1,W0.1,N0.1,E0.1]
# That last item in the goodbbox really shouldn't be there, as the API should
- # reall reject it, however this is to test to see if the api changes.
+ # really reject it, however this is to test to see if the api changes.
end
##
assert_response :success
end
- # Check an anoymous trace can't be specifically fetched by another user
+ # Check an anonymous trace can't be specifically fetched by another user
def test_show_anon
anon_trace_file = create(:trace, :visibility => "private")
# Check that the index of traces is displayed
def test_index
user = create(:user)
- # The fourth test below is surpisingly sensitive to timestamp ordering when the timestamps are equal.
+ # The fourth test below is surprisingly sensitive to timestamp ordering when the timestamps are equal.
trace_a = create(:trace, :visibility => "public", :timestamp => 4.seconds.ago) do |trace|
create(:tracetag, :trace => trace, :tag => "London")
end
# Check the RSS feed
def test_rss
user = create(:user)
- # The fourth test below is surpisingly sensitive to timestamp ordering when the timestamps are equal.
+ # The fourth test below is surprisingly sensitive to timestamp ordering when the timestamps are equal.
trace_a = create(:trace, :visibility => "public", :timestamp => 4.seconds.ago) do |trace|
create(:tracetag, :trace => trace, :tag => "London")
end
assert_not UTF8.valid?("\xC2\xC2") # 2-byte multibyte identifier, followed by another one
assert_not UTF8.valid?("\x4a\x82") # plain ASCII, followed by multibyte continuation
assert_not UTF8.valid?("\x82\x82") # multibyte continuations without multibyte identifier
- assert_not UTF8.valid?("\xe1\x82\x4a") # three-byte identifier, contination and (incorrectly) plain ASCII
+ assert_not UTF8.valid?("\xe1\x82\x4a") # three-byte identifier, continuation and (incorrectly) plain ASCII
end
end
"\xC2\xC2", # 2-byte multibyte identifier, followed by another one
"\x4a\x82", # plain ASCII, followed by multibyte continuation
"\x82\x82", # multibyte continuations without multibyte identifier
- "\xe1\x82\x4a"] # three-byte identifier, contination and (incorrectly) plain ASCII
+ "\xe1\x82\x4a"] # three-byte identifier, continuation and (incorrectly) plain ASCII
invalid_sequences.each do |char|
# create a message and save to the database
msg = make_message(char, 1)
def test_display_name_valid
# Due to sanitisation in the view some of these that you might not
- # expact are allowed
+ # expect are allowed
# However, would they affect the xml planet dumps?
ok = ["Name", "'me", "he\"", "<hr>", "*ho", "\"help\"@",
"vergrößern", "ルシステムにも対応します", "輕觸搖晃的遊戲", "space space"]
##
# Used to check that the error header and the forbidden responses are given
- # when the owner of the changset has their data not marked as public
+ # when the owner of the changeset has their data not marked as public
def assert_require_public_data(msg = "Shouldn't be able to use API when the user's data is not public")
assert_response :forbidden, msg
assert_equal("You must make your edits public to upload new data", @response.headers["Error"], "Wrong error message")
argparse "^1.0.7"
esprima "^4.0.0"
-jshashes@~1.0.8:
- version "1.0.8"
- resolved "https://registry.yarnpkg.com/jshashes/-/jshashes-1.0.8.tgz#f60d837428383abf73ab022e1542e6614bd75514"
- integrity sha512-btmQZ/w1rj8Lb6nEwvhjM7nBYoj54yaEFo2PWh3RkxZ8qNwuvOxvQYN/JxVuwoMmdIluL+XwYVJ+pEEZoSYybQ==
-
json-schema-traverse@^0.4.1:
version "0.4.1"
resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660"
resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.9.0.tgz#c90521d74e1127b67266ded3394ad6116986533a"
integrity sha512-i3Bp9iTqwhaLZBxGkRfo5ZbE07BQRT7MGu8+nNgwW9ItGp1TzCTw2DLEoWwjClxBjOFI/hWljTAmYGCEwmtnOw==
-ohauth@^1.0.0:
- version "1.0.1"
- resolved "https://registry.yarnpkg.com/ohauth/-/ohauth-1.0.1.tgz#a5d4ab8e5390bb1cad68a58cc9c58630173c02f2"
- integrity sha512-R9ZUN3+FVCwzeOOHCJpzA9jw/byRxp5O9X06mTL6Sp/LIQn/rLrMv6cwYctX+hoIKzRUsalGJXZ1kG5wBmSskQ==
- dependencies:
- jshashes "~1.0.8"
-
once@^1.3.0:
version "1.4.0"
resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"
projects / rails.git / commitdiff