From: Andy Allan Date: Wed, 15 May 2024 15:33:33 +0000 (+0100) Subject: Merge pull request #4496 from tomhughes/disabled-auth-error X-Git-Tag: live~924 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/ad4ab4603b27f2e89e4bb4a709bc04a6685ba67b?hp=-c Merge pull request #4496 from tomhughes/disabled-auth-error Return an error when a disabled authentication mechanism is used --- ad4ab4603b27f2e89e4bb4a709bc04a6685ba67b diff --combined app/controllers/api_controller.rb index e4e156ee8,0b45ca168..edafac7cc --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@@ -106,17 -106,29 +106,27 @@@ class ApiController < ApplicationContro if doorkeeper_token&.accessible? self.current_user = User.find(doorkeeper_token.resource_owner_id) elsif Authenticator.new(self, [:token]).allow? - # self.current_user setup by OAuth - elsif Settings.basic_auth_support + if Settings.oauth_10a_support + # self.current_user setup by OAuth + else + report_error t("application.oauth_10a_disabled", :link => t("application.auth_disabled_link")), :forbidden + end + else username, passwd = auth_data # parse from headers # authenticate per-scheme self.current_user = if username.nil? nil # no authentication provided - perhaps first connect (client should retry after 401) - elsif username == "token" - User.authenticate(:token => passwd) # preferred - random token for user from db, passed in basic auth else User.authenticate(:username => username, :password => passwd) # basic auth end - # log if we have authenticated using basic auth - logger.info "Authenticated as user #{current_user.id} using basic authentication" if current_user + if username && current_user + if Settings.basic_auth_support + # log if we have authenticated using basic auth + logger.info "Authenticated as user #{current_user.id} using basic authentication" + else + report_error t("application.basic_auth_disabled", :link => t("application.auth_disabled_link")), :forbidden + end + end end # have we identified the user? @@@ -164,6 -176,14 +174,6 @@@ report_error "#{e.class}: #{e.message}", :internal_server_error end - ## - # asserts that the request method is the +method+ given as a parameter - # or raises a suitable error. +method+ should be a symbol, e.g: :put or :get. - def assert_method(method) - ok = request.send(:"#{method.to_s.downcase}?") - raise OSM::APIBadMethodError, method unless ok - end - ## # wrap an api call in a timeout def api_call_timeout(&block) diff --combined app/controllers/application_controller.rb index 488e6a818,ddc6d8ab2..5d69a5fc8 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@@ -44,6 -44,8 +44,6 @@@ class ApplicationController < ActionCon redirect_to :controller => "users", :action => "terms", :referer => request.fullpath end end - elsif session[:token] - session[:user] = current_user.id if self.current_user = User.authenticate(:token => session[:token]) end session[:fingerprint] = current_user.fingerprint if current_user && session[:fingerprint].nil? @@@ -67,6 -69,10 +67,10 @@@ @oauth_token = current_user.oauth_token(Settings.oauth_application) if current_user && Settings.key?(:oauth_application) end + def require_oauth_10a_support + report_error t("application.oauth_10a_disabled", :link => t("application.auth_disabled_link")), :forbidden unless Settings.oauth_10a_support + end + ## # require the user to have cookies enabled in their browser def require_cookies diff --combined config/locales/en.yml index 774be22d4,1d9b1ccdf..fdd3077ac --- a/config/locales/en.yml +++ b/config/locales/en.yml @@@ -142,6 -142,7 +142,6 @@@ en auth_provider: Authentication Provider auth_uid: Authentication UID email: "Email" - email_confirmation: "Email Confirmation" new_email: "New Email Address" active: "Active" display_name: "Display Name" @@@ -307,10 -308,15 +307,10 @@@ destroy: success: "Account Deleted." browse: - created: "Created" - closed: "Closed" - created_ago_html: "Created %{time_ago}" - closed_ago_html: "Closed %{time_ago}" - created_ago_by_html: "Created %{time_ago} by %{user}" - closed_ago_by_html: "Closed %{time_ago} by %{user}" deleted_ago_by_html: "Deleted %{time_ago} by %{user}" edited_ago_by_html: "Edited %{time_ago} by %{user}" version: "Version" + redacted_version: "Redacted Version" in_changeset: "Changeset" anonymous: "anonymous" no_comment: "(no comment)" @@@ -323,13 -329,26 +323,13 @@@ other: "%{count} ways" download_xml: "Download XML" view_history: "View History" + view_unredacted_history: "View Unredacted History" view_details: "View Details" + view_redacted_data: "View Redacted Data" + view_redaction_message: "View Redaction Message" location: "Location:" common_details: coordinates_html: "%{latitude}, %{longitude}" - changeset: - title: "Changeset: %{id}" - belongs_to: "Author" - node: "Nodes (%{count})" - node_paginated: "Nodes (%{x}-%{y} of %{count})" - way: "Ways (%{count})" - way_paginated: "Ways (%{x}-%{y} of %{count})" - relation: "Relations (%{count})" - relation_paginated: "Relations (%{x}-%{y} of %{count})" - hidden_comment_by_html: "Hidden comment from %{user} %{time_ago}" - comment_by_html: "Comment from %{user} %{time_ago}" - changesetxml: "Changeset XML" - osmchangexml: "osmChange XML" - join_discussion: "Log in to join the discussion" - discussion: Discussion - still_open: "Changeset still open - discussion will open once the changeset is closed." node: title_html: "Node: %{name}" history_title_html: "Node History: %{name}" @@@ -445,44 -464,6 +445,44 @@@ feed: title: "Changeset %{id}" title_comment: "Changeset %{id} - %{comment}" + created: "Created" + closed: "Closed" + belongs_to: "Author" + subscribe: + heading: Subscribe to the following changeset discussion? + button: Subscribe to discussion + unsubscribe: + heading: Unsubscribe from the following changeset discussion? + button: Unsubscribe from discussion + heading: + title: "Changeset %{id}" + created_by_html: "Created by %{link_user} on %{created}." + no_such_entry: + title: "No such changeset" + heading: "No entry with the id: %{id}" + body: "Sorry, there is no changeset with the id %{id}. Please check your spelling, or maybe the link you clicked is wrong." + show: + title: "Changeset: %{id}" + created: "Created: %{when}" + closed: "Closed: %{when}" + created_ago_html: "Created %{time_ago}" + closed_ago_html: "Closed %{time_ago}" + created_ago_by_html: "Created %{time_ago} by %{user}" + closed_ago_by_html: "Closed %{time_ago} by %{user}" + discussion: Discussion + join_discussion: "Log in to join the discussion" + still_open: "Changeset still open - discussion will open once the changeset is closed." + comment_by_html: "Comment from %{user} %{time_ago}" + hidden_comment_by_html: "Hidden comment from %{user} %{time_ago}" + changesetxml: "Changeset XML" + osmchangexml: "osmChange XML" + paging_nav: + nodes: "Nodes (%{count})" + nodes_paginated: "Nodes (%{x}-%{y} of %{count})" + ways: "Ways (%{count})" + ways_paginated: "Ways (%{x}-%{y} of %{count})" + relations: "Relations (%{count})" + relations_paginated: "Relations (%{x}-%{y} of %{count})" timeout: sorry: "Sorry, the list of changesets you requested took too long to retrieve." changeset_comments: @@@ -545,7 -526,7 +545,7 @@@ discussion: "Discussion" leave_a_comment: "Leave a comment" login_to_leave_a_comment_html: "%{login_link} to leave a comment" - login: "Login" + login: "Log in" no_such_entry: title: "No such diary entry" heading: "No entry with the id: %{id}" @@@ -1567,9 -1548,10 +1567,9 @@@ intro_header: Welcome to OpenStreetMap! intro_text: OpenStreetMap is a map of the world, created by people like you and free to use under an open license. intro_2_create_account: "Create a user account" - hosting_partners_html: "Hosting is supported by %{ucl}, %{fastly}, %{bytemark}, and other %{partners}." - partners_ucl: "UCL" + hosting_partners_2024_html: "Hosting is supported by %{fastly}, %{corpmembers}, and other %{partners}." partners_fastly: "Fastly" - partners_bytemark: "Bytemark Hosting" + partners_corpmembers: "OSMF corporate members" partners_partners: "partners" tou: "Terms of Use" osm_offline: "The OpenStreetMap database is currently offline while essential database maintenance work is carried out." @@@ -1589,7 -1571,6 +1589,7 @@@ more: More user_mailer: diary_comment_notification: + description: "OpenStreetMap Diary Entry #%{id}" subject: "[OpenStreetMap] %{user} commented on a diary entry" hi: "Hi %{to_user}," header: "%{from_user} has commented on the OpenStreetMap diary entry with the subject %{subject}:" @@@ -1646,7 -1627,6 +1646,7 @@@ hopefully_you: "Someone (possibly you) has asked for the password to be reset on this email address's openstreetmap.org account." click_the_link: "If this is you, please click the link below to reset your password." note_comment_notification: + description: "OpenStreetMap Note #%{id}" anonymous: An anonymous user greeting: "Hi," commented: @@@ -1673,7 -1653,6 +1673,7 @@@ details: "More details about the note can be found at %{url}." details_html: "More details about the note can be found at %{url}." changeset_comment_notification: + description: "OpenStreetMap Changeset #%{id}" hi: "Hi %{to_user}," greeting: "Hi," commented: @@@ -1688,8 -1667,8 +1688,8 @@@ partial_changeset_without_comment: "without comment" details: "More details about the changeset can be found at %{url}." details_html: "More details about the changeset can be found at %{url}." - unsubscribe: 'To unsubscribe from updates to this changeset, visit %{url} and click "Unsubscribe".' - unsubscribe_html: 'To unsubscribe from updates to this changeset, visit %{url} and click "Unsubscribe".' + unsubscribe: "You can unsubscribe from updates to this changeset at %{url}." + unsubscribe_html: "You can unsubscribe from updates to this changeset at %{url}." confirmations: confirm: heading: Check your email! @@@ -1765,17 -1744,17 +1765,17 @@@ one: "%{count} muted message" other: "You have %{count} muted messages" reply: - wrong_user: "You are logged in as `%{user}' but the message you have asked to reply to was not sent to that user. Please login as the correct user in order to reply." + wrong_user: "You are logged in as `%{user}' but the message you have asked to reply to was not sent to that user. Please log in as the correct user in order to reply." show: title: "Read message" reply_button: "Reply" unread_button: "Mark as unread" destroy_button: "Delete" back: "Back" - wrong_user: "You are logged in as `%{user}' but the message you have asked to read was not sent by or to that user. Please login as the correct user in order to read it." + wrong_user: "You are logged in as `%{user}' but the message you have asked to read was not sent by or to that user. Please log in as the correct user in order to read it." sent_message_summary: destroy_button: "Delete" - heading: + heading: my_inbox: "My Inbox" my_outbox: "My Outbox" muted_messages: "Muted messages" @@@ -1795,7 -1774,8 +1795,7 @@@ new password button: "Reset password" help_text: "Enter the email address you used to sign up, we will send a link to it that you can use to reset your password." create: - notice email on way: "Sorry you lost it :-( but an email is on its way so you can reset it soon." - notice email cannot find: "Could not find that email address, sorry." + send_paranoid_instructions: "If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes." edit: title: "Reset password" heading: "Reset Password for %{user}" @@@ -1846,18 -1826,44 +1846,18 @@@ failure: Couldn't update profile. sessions: new: - title: "Login" - heading: "Login" + title: "Log in" + tab_title: "Log in" + login_to_authorize_html: "Log in to OpenStreetMap to access %{client_app_name}." email or username: "Email Address or Username" password: "Password" - openid_html: "%{logo} OpenID" remember: "Remember me" lost password link: "Lost your password?" - login_button: "Login" + login_button: "Log in" register now: Register now - with external: "Alternatively, use a third party to login:" - no account: Don't have an account? + with external: "or log in with a third party" + or: "or" auth failure: "Sorry, could not log in with those details." - openid_logo_alt: "Log in with an OpenID" - auth_providers: - openid: - title: Login with OpenID - alt: Login with an OpenID URL - google: - title: Login with Google - alt: Login with a Google OpenID - facebook: - title: Login with Facebook - alt: Login with a Facebook Account - microsoft: - title: Login with Microsoft - alt: Login with a Microsoft Account - github: - title: Login with GitHub - alt: Login with a GitHub Account - wikipedia: - title: Login with Wikipedia - alt: Login with a Wikipedia Account - wordpress: - title: Login with Wordpress - alt: Login with a Wordpress OpenID - aol: - title: Login with AOL - alt: Login with an AOL OpenID destroy: title: "Logout" heading: "Logout from OpenStreetMap" @@@ -2071,14 -2077,6 +2071,14 @@@ %{france}: Contains data sourced from Direction Générale des Impôts. contributors_fr_france: France + contributors_hr_credit_html: | + %{croatia}: Contains data from the %{dgu_link} and %{open_data_portal} + (public information of Croatia). + contributors_hr_croatia: Croatia + contributors_hr_dgu: State Geodetic Administration of Croatia + contributors_hr_dgu_url: https://dgu.gov.hr/ + contributors_hr_open_data_portal: National Open Data Portal + contributors_hr_open_data_portal_url: https://data.gov.hr/ contributors_nl_credit_html: | %{netherlands}: Contains © AND data, 2007 (%{and_link}) contributors_nl_netherlands: Netherlands @@@ -2522,8 -2520,8 +2522,8 @@@ identifiable: "IDENTIFIABLE" private: "PRIVATE" trackable: "TRACKABLE" - by: "by" - in: "in" + details_with_tags_html: "%{time_ago} by %{user} in %{tags}" + details_without_tags_html: "%{time_ago} by %{user}" index: public_traces: "Public GPS Traces" my_gps_traces: "My GPS Traces" @@@ -2557,6 -2555,9 +2557,9 @@@ other: "GPX file with %{count} points from %{user}" description_without_count: "GPX file from %{user}" application: + basic_auth_disabled: "HTTP Basic Authentication is disabled: %{link}" + oauth_10a_disabled: "OAuth 1.0 and 1.0a are disabled: %{link}" + auth_disabled_link: "https://wiki.openstreetmap.org/wiki/2024_authentication_update" permission_denied: You do not have permission to access that action require_cookies: cookies_needed: "You appear to have cookies disabled - please enable cookies in your browser before continuing." @@@ -2572,34 -2573,6 +2575,34 @@@ oauth2_applications: OAuth 2 applications oauth2_authorizations: OAuth 2 authorizations muted_users: Muted Users + auth_providers: + openid_logo_alt: "Log in with an OpenID" + openid_html: "%{logo} OpenID" + openid_login_button: "Continue" + openid: + title: Log in with OpenID + alt: Log in with an OpenID URL + google: + title: Log in with Google + alt: Log in with a Google OpenID + facebook: + title: Log in with Facebook + alt: Log in with a Facebook Account + microsoft: + title: Log in with Microsoft + alt: Log in with a Microsoft Account + github: + title: Log in with GitHub + alt: Log in with a GitHub Account + wikipedia: + title: Log in with Wikipedia + alt: Log in with a Wikipedia Account + wordpress: + title: Log in with Wordpress + alt: Log in with a Wordpress OpenID + aol: + title: Log in with AOL + alt: Log in with an AOL OpenID oauth: authorize: title: "Authorize access to your account" @@@ -2637,8 -2610,6 +2640,8 @@@ write_redactions: Redact map data read_email: Read user email address skip_authorization: Auto approve application + for_roles: + moderator: This permission is for actions available only to moderators oauth_clients: new: title: "Register a new application" @@@ -2730,34 -2701,23 +2733,34 @@@ users: new: title: "Sign Up" + tab_title: "Sign up" + signup_to_authorize_html: "Sign up with OpenStreetMap to access %{client_app_name}." no_auto_account_create: "Unfortunately we are not currently able to create an account for you automatically." please_contact_support_html: 'Please contact %{support_link} to arrange for an account to be created - we will try and deal with the request as quickly as possible.' support: support about: - header: Free and editable + header: Free and editable. paragraph_1: Unlike other maps, OpenStreetMap is completely created by people like you, and it's free for anyone to fix, update, download and use. - paragraph_2: Sign up to get started contributing. We'll send an email to confirm your account. + paragraph_2: Sign up to get started contributing. + welcome: "Welcome to OpenStreetMap" + duplicate_social_email: "If you already have an OpenStreetMap account and wish to use a 3rd party identity provider, please log in using your password and modify the settings of your account." display name description: "Your publicly displayed username. You can change this later in the preferences." + by_signing_up_html: "By signing up, you agree to our %{tou_link}, %{privacy_policy_link} and %{contributor_terms_link}." + tou: "terms of use" + contributor_terms_url: "https://wiki.osmfoundation.org/wiki/Licence/Contributor_Terms" + contributor_terms: "contributor terms" external auth: "Third Party Authentication:" - use external auth: "Alternatively, use a third party to login" - auth no password: "With third party authentication a password is not required, but some extra tools or server may still need one." continue: Sign Up terms accepted: "Thanks for accepting the new contributor terms!" - email_confirmation_help_html: 'Your address is not displayed publicly, see our %{privacy_policy_link} for more information.' + email_help_html: 'Your address is not displayed publicly, see our %{privacy_policy_link} for more information.' privacy_policy: privacy policy privacy_policy_url: https://wiki.osmfoundation.org/wiki/Privacy_Policy privacy_policy_title: OSMF privacy policy including section on email addresses + consider_pd_html: "I consider my contributions to be in the %{consider_pd_link}." + consider_pd: "public domain" + consider_pd_url: https://wiki.osmfoundation.org/wiki/Licence_and_Legal_FAQ/Why_would_I_want_my_contributions_to_be_public_domain + or: "or" + use external auth: "or sign up with a third party" terms: title: "Terms" heading: "Terms" @@@ -2854,11 -2814,9 +2857,11 @@@ index: title: Users heading: Users - showing: - one: Page %{page} (%{first_item} of %{items}) - other: Page %{page} (%{first_item}-%{last_item} of %{items}) + older: "Older Users" + newer: "Newer Users" + found_users: + one: "%{count} user found" + other: "%{count} users found" summary_html: "%{name} created from %{ip_address} on %{date}" summary_no_ip_html: "%{name} created on %{date}" confirm: Confirm Selected Users @@@ -2883,7 -2841,7 +2886,7 @@@ If you are new to OpenStreetMap, please create a new account using the form below. option_2: | - If you already have an account, you can login to your account + If you already have an account, you can log in to your account using your username and password and then associate the account with your ID in your user settings. user_role: @@@ -2992,6 -2950,7 +2995,6 @@@ revoke: "Revoke!" confirm: "Are you sure?" reason: "Reason for block:" - back: "View all blocks" revoker: "Revoker:" needs_view: "The user needs to log in before this block will be cleared." block: @@@ -3005,15 -2964,9 +3008,15 @@@ reason: "Reason for block" status: "Status" revoker_name: "Revoked by" - showing_page: "Page %{page}" - next: "Next »" - previous: "« Previous" + older: "Older Blocks" + newer: "Newer Blocks" + navigation: + all_blocks: "All Blocks" + blocks_on_me: "Blocks on Me" + blocks_on_user: "Blocks on %{user}" + blocks_by_me: "Blocks by Me" + blocks_by_user: "Blocks by %{user}" + block: "Block #%{id}" user_mutes: index: title: "Muted Users" @@@ -3081,9 -3034,6 +3084,9 @@@ new: title: "New Note" intro: "Spotted a mistake or something missing? Let other mappers know so we can fix it. Move the marker to the correct position and type a note to explain the problem." + anonymous_warning_html: "You are not logged in. Please %{log_in} or %{sign_up} if you want to receive updates for your note." + anonymous_warning_log_in: "log in" + anonymous_warning_sign_up: "sign up" advice: "Your note is public and may be used to update the map, so don't enter personal information, or information from copyrighted maps or directory listings." add: Add Note javascripts: diff --combined config/settings.yml index c057be978,19006f611..ec868b651 --- a/config/settings.yml +++ b/config/settings.yml @@@ -45,8 -45,6 +45,8 @@@ default_note_query_limit: 10 max_note_query_limit: 10000 # Maximum value of open issues counter for moderators, anything equal or greater to this value "n" is shown as "n+" max_issues_count: 99 +# Maximum number of points in a GPX trace +max_trace_size: 1000000 # Zoom level to use for postcode results from the geocoder postcode_zoom: 15 # Timeout for API calls in seconds @@@ -97,9 -95,12 +97,12 @@@ attachments_dir: ":rails_root/public/at #memcache_servers: [] # Enable HTTP basic authentication support basic_auth_support: true + # Enable OAuth 1.0/1.0a registration + oauth_10_registration: true # Enable legacy OAuth 1.0 support oauth_10_support: true - oauth_10_registration: true + # Enable OAuth 1.0a support + oauth_10a_support: true # URL of Nominatim instance to use for geocoding nominatim_url: "https://nominatim.openstreetmap.org/" # Default editor