]>
git.openstreetmap.org Git - rails.git/log
Milan Cvetkovic [Mon, 27 May 2024 14:40:53 +0000 (14:40 +0000)]
Social sign-in: avoid re-authorization in `users_controller#create`
It does not add any additional guards against malicious users:
Malicious user may attempt to invoke `POST /users/new` with bogus
values for `auth_provider` and `auth_uid` resulting
with a new account to which user would have a way to login, other than
sending a password reset request.
In some cases, re-authorization would introduce additional
"Please login to your social account", or "Are you sure you want to be logged in"
popup triggered by identity provider.
This PR removes the re-authorization request from `POST /users/new` in authorization flow.
Tom Hughes [Mon, 27 May 2024 14:11:16 +0000 (15:11 +0100)]
Merge remote-tracking branch 'upstream/pull/4842'
Tom Hughes [Mon, 27 May 2024 14:05:43 +0000 (15:05 +0100)]
Merge remote-tracking branch 'upstream/pull/4828'
Tom Hughes [Mon, 27 May 2024 14:00:51 +0000 (15:00 +0100)]
Merge remote-tracking branch 'upstream/pull/4846'
Milan Cvetkovic [Mon, 27 May 2024 12:38:06 +0000 (12:38 +0000)]
Add proper referrer for authorization scenario
Fixes the following:
- `users_controller#new` loses referer in authorization scenario, when it was invoked after social signup succeded
- the second invocation of `auth_success`, triggered by re-authorization initiated from `users_controller#create`
does not have referrer field set
- as a result, the final welcome screen does not offer final authorization, and drops into ID instead
Introduced by #4758.
translatewiki.net [Mon, 27 May 2024 12:17:16 +0000 (14:17 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Mon, 27 May 2024 09:52:32 +0000 (10:52 +0100)]
Merge remote-tracking branch 'upstream/pull/4844'
Tom Hughes [Mon, 27 May 2024 09:48:30 +0000 (10:48 +0100)]
Merge remote-tracking branch 'upstream/pull/4838'
Tom Hughes [Mon, 27 May 2024 09:46:38 +0000 (10:46 +0100)]
Merge remote-tracking branch 'upstream/pull/4837'
Tom Hughes [Mon, 27 May 2024 09:44:26 +0000 (10:44 +0100)]
Merge remote-tracking branch 'upstream/pull/4836'
Tom Hughes [Mon, 27 May 2024 09:42:50 +0000 (10:42 +0100)]
Merge remote-tracking branch 'upstream/pull/4835'
Tom Hughes [Mon, 27 May 2024 09:33:34 +0000 (10:33 +0100)]
Merge remote-tracking branch 'upstream/pull/4841'
Tom Hughes [Mon, 27 May 2024 09:31:33 +0000 (10:31 +0100)]
Merge remote-tracking branch 'upstream/pull/4840'
Anton Khorev [Mon, 27 May 2024 01:20:39 +0000 (04:20 +0300)]
Replace png directions icon with inline svg
Anton Khorev [Sun, 26 May 2024 22:59:32 +0000 (01:59 +0300)]
Truncate username in user menu
Anton Khorev [Fri, 24 May 2024 17:04:53 +0000 (20:04 +0300)]
Adjust vertical alignment of user button contents
Anton Khorev [Fri, 24 May 2024 16:48:46 +0000 (19:48 +0300)]
Increase secondary nav item padding to compensate removed whitespace
Anton Khorev [Fri, 24 May 2024 16:41:55 +0000 (19:41 +0300)]
Use Bootstrap .nav in secondary header navigation
Martin Raifer [Sun, 26 May 2024 13:24:57 +0000 (15:24 +0200)]
update script-src CSP rules for iD
Martin Raifer [Sun, 26 May 2024 12:26:31 +0000 (14:26 +0200)]
allow data URIs for images in iD
Anton Khorev [Sun, 26 May 2024 03:28:19 +0000 (06:28 +0300)]
Remove unused #container css
Anton Khorev [Sun, 26 May 2024 02:38:27 +0000 (05:38 +0300)]
Replace .btn-wrapper with Bootstrap gutters/gaps
Anton Khorev [Sun, 26 May 2024 02:08:11 +0000 (05:08 +0300)]
Remove unused .browse_status css class
Anton Khorev [Sun, 26 May 2024 01:51:42 +0000 (04:51 +0300)]
Remove custom css from "Load Data" button
Tom Hughes [Sat, 25 May 2024 13:43:04 +0000 (14:43 +0100)]
Merge remote-tracking branch 'upstream/pull/4832'
Tom Hughes [Sat, 25 May 2024 13:31:44 +0000 (14:31 +0100)]
Merge remote-tracking branch 'upstream/pull/4833'
Tom Hughes [Sat, 25 May 2024 13:30:06 +0000 (14:30 +0100)]
Merge remote-tracking branch 'upstream/pull/4829'
Tom Hughes [Sat, 25 May 2024 13:27:27 +0000 (14:27 +0100)]
Merge remote-tracking branch 'upstream/pull/4831'
Tom Hughes [Sat, 25 May 2024 13:27:21 +0000 (14:27 +0100)]
Merge remote-tracking branch 'upstream/pull/4830'
Anton Khorev [Sat, 25 May 2024 02:07:24 +0000 (05:07 +0300)]
Remove custom css from note descriptions
Anton Khorev [Sat, 25 May 2024 01:47:32 +0000 (04:47 +0300)]
Remove custom css from "Enable overlays" text
dependabot[bot] [Fri, 24 May 2024 23:50:16 +0000 (23:50 +0000)]
Bump osm-community-index from 5.6.3 to 5.7.0
Bumps [osm-community-index](https://github.com/osmlab/osm-community-index) from 5.6.3 to 5.7.0.
- [Release notes](https://github.com/osmlab/osm-community-index/releases)
- [Changelog](https://github.com/osmlab/osm-community-index/blob/main/CHANGELOG.md)
- [Commits](https://github.com/osmlab/osm-community-index/compare/v5.6.3...v5.7.0)
---
updated-dependencies:
- dependency-name: osm-community-index
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Fri, 24 May 2024 23:50:07 +0000 (23:50 +0000)]
Bump leaflet.locatecontrol from 0.81.0 to 0.81.1
Bumps [leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) from 0.81.0 to 0.81.1.
- [Changelog](https://github.com/domoritz/leaflet-locatecontrol/blob/gh-pages/CHANGELOG.md)
- [Commits](https://github.com/domoritz/leaflet-locatecontrol/compare/v0.81.0...v0.81.1)
---
updated-dependencies:
- dependency-name: leaflet.locatecontrol
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Anton Khorev [Fri, 24 May 2024 18:18:27 +0000 (21:18 +0300)]
Keep header h1 height equal to default header height
Anton Khorev [Fri, 24 May 2024 17:04:53 +0000 (20:04 +0300)]
Adjust vertical alignment of user button contents
Anton Khorev [Fri, 24 May 2024 16:48:46 +0000 (19:48 +0300)]
Increase secondary nav item padding to compensate removed whitespace
Anton Khorev [Fri, 24 May 2024 16:41:55 +0000 (19:41 +0300)]
Use Bootstrap .nav in secondary header navigation
Tom Hughes [Fri, 24 May 2024 10:59:52 +0000 (11:59 +0100)]
Merge remote-tracking branch 'upstream/pull/4826'
Nenad Vujicic [Thu, 23 May 2024 14:26:19 +0000 (16:26 +0200)]
Fixed "Tab alignment" issue described in #4773
Fixed "Tab alignment" for "Sign up" button issue described in #4773 and #4826
Tom Hughes [Fri, 24 May 2024 10:10:03 +0000 (11:10 +0100)]
Merge remote-tracking branch 'upstream/pull/4826'
Nenad Vujicic [Fri, 24 May 2024 09:44:33 +0000 (11:44 +0200)]
Fixed "Tab alignment" for "Sign up" button issue described in #4773 and #4826
Nenad Vujicic [Thu, 23 May 2024 14:26:19 +0000 (16:26 +0200)]
Fixed "Tab alignment" issue described in #4773
Tom Hughes [Thu, 23 May 2024 17:25:29 +0000 (18:25 +0100)]
Merge remote-tracking branch 'upstream/pull/4827'
Nenad Vujicic [Thu, 23 May 2024 15:02:44 +0000 (17:02 +0200)]
Fixed "Top menu buttons" issue mentioned in the #4773
translatewiki.net [Thu, 23 May 2024 12:19:37 +0000 (14:19 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 22 May 2024 17:37:01 +0000 (18:37 +0100)]
Merge remote-tracking branch 'upstream/pull/4823'
Andy Allan [Wed, 22 May 2024 15:54:18 +0000 (16:54 +0100)]
Merge pull request #4627 from tomhughes/security-policy
Switch to using rails builtin content security policy support
Tom Hughes [Thu, 21 Mar 2024 20:32:12 +0000 (20:32 +0000)]
Switch to using rails builtin content security policy support
Andy Allan [Wed, 22 May 2024 11:32:38 +0000 (12:32 +0100)]
Merge pull request #4756 from tomhughes/text-muted
Replace deprecated text-muted class with text-body-secondary
Andy Allan [Wed, 22 May 2024 11:09:31 +0000 (12:09 +0100)]
Merge pull request #4758 from tomhughes/login-referer
Stop using the session to persist the referer during login
Andy Allan [Wed, 22 May 2024 11:06:38 +0000 (12:06 +0100)]
Merge pull request #4816 from tomhughes/login-focus
Make the login and signup screens focus on the first input
Tom Hughes [Mon, 6 May 2024 08:49:51 +0000 (09:49 +0100)]
Replace deprecated text-muted class with text-body-secondary
Andy Allan [Wed, 22 May 2024 09:54:32 +0000 (10:54 +0100)]
Merge pull request #4824 from AntonKhorev/no-user-button
Remove unnecessary user menu wrapper
Anton Khorev [Tue, 21 May 2024 22:38:21 +0000 (01:38 +0300)]
Remove unnecessary user menu wrapper
Anton Khorev [Tue, 21 May 2024 17:43:55 +0000 (20:43 +0300)]
Use .icon-link to align logo
Tom Hughes [Tue, 21 May 2024 17:34:52 +0000 (18:34 +0100)]
Merge remote-tracking branch 'upstream/pull/4822'
Tom Hughes [Tue, 21 May 2024 17:29:06 +0000 (18:29 +0100)]
Drop bogus html.dir from ne locale
Tom Hughes [Tue, 21 May 2024 17:21:56 +0000 (18:21 +0100)]
Fix new rubocop warnings
Tom Hughes [Tue, 21 May 2024 17:06:06 +0000 (18:06 +0100)]
Update bundle
Anton Khorev [Tue, 21 May 2024 16:57:16 +0000 (19:57 +0300)]
Remove inbox template and anchor id
translatewiki.net [Mon, 20 May 2024 12:14:53 +0000 (14:14 +0200)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Sun, 19 May 2024 18:37:30 +0000 (19:37 +0100)]
Make the login and signup screens focus on the first input
Fixes #4814
Tom Hughes [Sun, 19 May 2024 18:21:45 +0000 (19:21 +0100)]
Merge remote-tracking branch 'upstream/pull/4795'
Tom Hughes [Sun, 19 May 2024 17:58:46 +0000 (18:58 +0100)]
Merge remote-tracking branch 'upstream/pull/4812'
Tom Hughes [Sun, 19 May 2024 17:50:15 +0000 (18:50 +0100)]
Merge remote-tracking branch 'upstream/pull/4811'
Tom Hughes [Sun, 19 May 2024 17:47:56 +0000 (18:47 +0100)]
Merge remote-tracking branch 'upstream/pull/4810'
Tom Hughes [Sun, 19 May 2024 17:46:58 +0000 (18:46 +0100)]
Merge remote-tracking branch 'upstream/pull/4808'
Tom Hughes [Sun, 19 May 2024 17:40:46 +0000 (18:40 +0100)]
Merge remote-tracking branch 'upstream/pull/4809'
Tom Hughes [Sun, 19 May 2024 17:40:40 +0000 (18:40 +0100)]
Merge remote-tracking branch 'upstream/pull/4804'
Sabih S [Sat, 18 May 2024 09:56:29 +0000 (09:56 +0000)]
chore: typo
Sabih S [Sat, 18 May 2024 08:47:52 +0000 (08:47 +0000)]
chore: clarify email reply text
Anton Khorev [Sat, 18 May 2024 00:41:26 +0000 (03:41 +0300)]
Don't skip heading levels on "fixthemap" page
Anton Khorev [Sat, 18 May 2024 00:26:14 +0000 (03:26 +0300)]
Remove unused .button class
Anton Khorev [Sat, 18 May 2024 00:13:56 +0000 (03:13 +0300)]
Fix css section comments
Anton Khorev [Sat, 18 May 2024 00:11:04 +0000 (03:11 +0300)]
Set check/x display property using .d-block
Anton Khorev [Fri, 17 May 2024 23:49:21 +0000 (02:49 +0300)]
Remove font size class from "Start mapping" container
It doesn't affect the button font, only the spacing around.
Anton Khorev [Fri, 17 May 2024 23:42:55 +0000 (02:42 +0300)]
Remove .clearfix
Floats are no longer used on the welcome page.
Anton Khorev [Wed, 15 May 2024 13:42:21 +0000 (16:42 +0300)]
Replace .term sprite class with .d-flex container
Anton Khorev [Wed, 15 May 2024 13:21:33 +0000 (16:21 +0300)]
Convert basic terms to a list
Anton Khorev [Wed, 15 May 2024 13:16:10 +0000 (16:16 +0300)]
Remove .small sprite class
.small is used to set the font size elsewhere.
dependabot[bot] [Fri, 17 May 2024 23:24:47 +0000 (23:24 +0000)]
Bump eslint from 9.2.0 to 9.3.0
Bumps [eslint](https://github.com/eslint/eslint) from 9.2.0 to 9.3.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.2.0...v9.3.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Anton Khorev [Fri, 17 May 2024 15:45:24 +0000 (18:45 +0300)]
Fix white circular elements of welcome sprite
dependabot[bot] [Thu, 16 May 2024 21:21:03 +0000 (21:21 +0000)]
Bump rexml from 3.2.6 to 3.2.8
Bumps [rexml](https://github.com/ruby/rexml) from 3.2.6 to 3.2.8.
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/rexml/compare/v3.2.6...v3.2.8)
---
updated-dependencies:
- dependency-name: rexml
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Tom Hughes [Thu, 16 May 2024 21:18:14 +0000 (22:18 +0100)]
Update to rails 7.1.3.3
Hidde Wieringa [Tue, 14 May 2024 17:54:52 +0000 (19:54 +0200)]
OpenID connect icons to SVG
re-add whitespace
trigger CI
revert size attribute
Andy Allan [Thu, 16 May 2024 18:41:45 +0000 (19:41 +0100)]
Merge pull request #4803 from tomhughes/preference-encoding
Fix exception uploading a unicode preference value
Tom Hughes [Thu, 16 May 2024 17:02:03 +0000 (18:02 +0100)]
Merge remote-tracking branch 'upstream/pull/4802'
Tom Hughes [Thu, 16 May 2024 16:48:48 +0000 (17:48 +0100)]
Treat the body as UTF-8 for user_preferences#update
Tom Hughes [Thu, 16 May 2024 16:48:17 +0000 (17:48 +0100)]
Test unicode values in user preference keys and values
translatewiki.net [Thu, 16 May 2024 12:17:52 +0000 (14:17 +0200)]
Localisation updates from https://translatewiki.net.
Andy Allan [Wed, 15 May 2024 16:43:25 +0000 (17:43 +0100)]
Merge pull request #4800 from AntonKhorev/welcome-stack
Stack welcome page columns on small screens
Andy Allan [Wed, 15 May 2024 16:43:04 +0000 (17:43 +0100)]
Merge pull request #4680 from tomhughes/validate-page-numbers
Add parameter validation to pagination
Anton Khorev [Wed, 15 May 2024 13:45:32 +0000 (16:45 +0300)]
Stack welcome page columns on small screens
Make it similar to the fixthemap page.
Anton Khorev [Wed, 15 May 2024 16:12:52 +0000 (19:12 +0300)]
Remove groups
Anton Khorev [Wed, 15 May 2024 16:10:34 +0000 (19:10 +0300)]
Remove transforms from groups
Andy Allan [Wed, 15 May 2024 15:38:00 +0000 (16:38 +0100)]
Merge pull request #4633 from tomhughes/trace-images
Trace image cleanups
Anton Khorev [Wed, 15 May 2024 15:21:52 +0000 (18:21 +0300)]
Remove transforms from circles
Anton Khorev [Wed, 15 May 2024 15:11:05 +0000 (18:11 +0300)]
Remove fill rule style
Andy Allan [Wed, 15 May 2024 15:33:33 +0000 (16:33 +0100)]
Merge pull request #4496 from tomhughes/disabled-auth-error
Return an error when a disabled authentication mechanism is used
Anton Khorev [Wed, 15 May 2024 15:09:22 +0000 (18:09 +0300)]
Remove line join styles for circles