]> git.openstreetmap.org Git - rails.git/log
rails.git
6 months agoSocial sign-in: avoid re-authorization in `users_controller#create`
Milan Cvetkovic [Mon, 27 May 2024 14:40:53 +0000 (14:40 +0000)]
Social sign-in: avoid re-authorization in `users_controller#create`

It does not add any additional guards against malicious users:

Malicious user may attempt to invoke `POST /users/new` with bogus
values for `auth_provider` and `auth_uid` resulting
with a new account to which user would have a way to login, other than
sending a password reset request.

In some cases, re-authorization would introduce additional
"Please login to your social account", or "Are you sure you want to be logged in"
popup triggered by identity provider.

This PR removes the re-authorization request from `POST /users/new` in authorization flow.

6 months agoMerge remote-tracking branch 'upstream/pull/4842'
Tom Hughes [Mon, 27 May 2024 14:11:16 +0000 (15:11 +0100)]
Merge remote-tracking branch 'upstream/pull/4842'

6 months agoMerge remote-tracking branch 'upstream/pull/4828'
Tom Hughes [Mon, 27 May 2024 14:05:43 +0000 (15:05 +0100)]
Merge remote-tracking branch 'upstream/pull/4828'

6 months agoMerge remote-tracking branch 'upstream/pull/4846'
Tom Hughes [Mon, 27 May 2024 14:00:51 +0000 (15:00 +0100)]
Merge remote-tracking branch 'upstream/pull/4846'

6 months agoAdd proper referrer for authorization scenario
Milan Cvetkovic [Mon, 27 May 2024 12:38:06 +0000 (12:38 +0000)]
Add proper referrer for authorization scenario

Fixes the following:
- `users_controller#new` loses referer in authorization scenario, when it was invoked after social signup succeded
- the second invocation of `auth_success`, triggered by re-authorization initiated from `users_controller#create`
  does not have referrer field set
- as a result, the final welcome screen does not offer final authorization, and drops into ID instead

Introduced by #4758.

6 months agoLocalisation updates from https://translatewiki.net.
translatewiki.net [Mon, 27 May 2024 12:17:16 +0000 (14:17 +0200)]
Localisation updates from https://translatewiki.net.

6 months agoMerge remote-tracking branch 'upstream/pull/4844'
Tom Hughes [Mon, 27 May 2024 09:52:32 +0000 (10:52 +0100)]
Merge remote-tracking branch 'upstream/pull/4844'

6 months agoMerge remote-tracking branch 'upstream/pull/4838'
Tom Hughes [Mon, 27 May 2024 09:48:30 +0000 (10:48 +0100)]
Merge remote-tracking branch 'upstream/pull/4838'

6 months agoMerge remote-tracking branch 'upstream/pull/4837'
Tom Hughes [Mon, 27 May 2024 09:46:38 +0000 (10:46 +0100)]
Merge remote-tracking branch 'upstream/pull/4837'

6 months agoMerge remote-tracking branch 'upstream/pull/4836'
Tom Hughes [Mon, 27 May 2024 09:44:26 +0000 (10:44 +0100)]
Merge remote-tracking branch 'upstream/pull/4836'

6 months agoMerge remote-tracking branch 'upstream/pull/4835'
Tom Hughes [Mon, 27 May 2024 09:42:50 +0000 (10:42 +0100)]
Merge remote-tracking branch 'upstream/pull/4835'

6 months agoMerge remote-tracking branch 'upstream/pull/4841'
Tom Hughes [Mon, 27 May 2024 09:33:34 +0000 (10:33 +0100)]
Merge remote-tracking branch 'upstream/pull/4841'

6 months agoMerge remote-tracking branch 'upstream/pull/4840'
Tom Hughes [Mon, 27 May 2024 09:31:33 +0000 (10:31 +0100)]
Merge remote-tracking branch 'upstream/pull/4840'

6 months agoReplace png directions icon with inline svg
Anton Khorev [Mon, 27 May 2024 01:20:39 +0000 (04:20 +0300)]
Replace png directions icon with inline svg

6 months agoTruncate username in user menu
Anton Khorev [Sun, 26 May 2024 22:59:32 +0000 (01:59 +0300)]
Truncate username in user menu

6 months agoAdjust vertical alignment of user button contents
Anton Khorev [Fri, 24 May 2024 17:04:53 +0000 (20:04 +0300)]
Adjust vertical alignment of user button contents

6 months agoIncrease secondary nav item padding to compensate removed whitespace
Anton Khorev [Fri, 24 May 2024 16:48:46 +0000 (19:48 +0300)]
Increase secondary nav item padding to compensate removed whitespace

6 months agoUse Bootstrap .nav in secondary header navigation
Anton Khorev [Fri, 24 May 2024 16:41:55 +0000 (19:41 +0300)]
Use Bootstrap .nav in secondary header navigation

6 months agoupdate script-src CSP rules for iD
Martin Raifer [Sun, 26 May 2024 13:24:57 +0000 (15:24 +0200)]
update script-src CSP rules for iD

6 months agoallow data URIs for images in iD
Martin Raifer [Sun, 26 May 2024 12:26:31 +0000 (14:26 +0200)]
allow data URIs for images in iD

6 months agoRemove unused #container css
Anton Khorev [Sun, 26 May 2024 03:28:19 +0000 (06:28 +0300)]
Remove unused #container css

6 months agoReplace .btn-wrapper with Bootstrap gutters/gaps
Anton Khorev [Sun, 26 May 2024 02:38:27 +0000 (05:38 +0300)]
Replace .btn-wrapper with Bootstrap gutters/gaps

6 months agoRemove unused .browse_status css class
Anton Khorev [Sun, 26 May 2024 02:08:11 +0000 (05:08 +0300)]
Remove unused .browse_status css class

6 months agoRemove custom css from "Load Data" button
Anton Khorev [Sun, 26 May 2024 01:51:42 +0000 (04:51 +0300)]
Remove custom css from "Load Data" button

6 months agoMerge remote-tracking branch 'upstream/pull/4832'
Tom Hughes [Sat, 25 May 2024 13:43:04 +0000 (14:43 +0100)]
Merge remote-tracking branch 'upstream/pull/4832'

6 months agoMerge remote-tracking branch 'upstream/pull/4833'
Tom Hughes [Sat, 25 May 2024 13:31:44 +0000 (14:31 +0100)]
Merge remote-tracking branch 'upstream/pull/4833'

6 months agoMerge remote-tracking branch 'upstream/pull/4829'
Tom Hughes [Sat, 25 May 2024 13:30:06 +0000 (14:30 +0100)]
Merge remote-tracking branch 'upstream/pull/4829'

6 months agoMerge remote-tracking branch 'upstream/pull/4831'
Tom Hughes [Sat, 25 May 2024 13:27:27 +0000 (14:27 +0100)]
Merge remote-tracking branch 'upstream/pull/4831'

6 months agoMerge remote-tracking branch 'upstream/pull/4830'
Tom Hughes [Sat, 25 May 2024 13:27:21 +0000 (14:27 +0100)]
Merge remote-tracking branch 'upstream/pull/4830'

6 months agoRemove custom css from note descriptions
Anton Khorev [Sat, 25 May 2024 02:07:24 +0000 (05:07 +0300)]
Remove custom css from note descriptions

6 months agoRemove custom css from "Enable overlays" text
Anton Khorev [Sat, 25 May 2024 01:47:32 +0000 (04:47 +0300)]
Remove custom css from "Enable overlays" text

6 months agoBump osm-community-index from 5.6.3 to 5.7.0
dependabot[bot] [Fri, 24 May 2024 23:50:16 +0000 (23:50 +0000)]
Bump osm-community-index from 5.6.3 to 5.7.0

Bumps [osm-community-index](https://github.com/osmlab/osm-community-index) from 5.6.3 to 5.7.0.
- [Release notes](https://github.com/osmlab/osm-community-index/releases)
- [Changelog](https://github.com/osmlab/osm-community-index/blob/main/CHANGELOG.md)
- [Commits](https://github.com/osmlab/osm-community-index/compare/v5.6.3...v5.7.0)

---
updated-dependencies:
- dependency-name: osm-community-index
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months agoBump leaflet.locatecontrol from 0.81.0 to 0.81.1
dependabot[bot] [Fri, 24 May 2024 23:50:07 +0000 (23:50 +0000)]
Bump leaflet.locatecontrol from 0.81.0 to 0.81.1

Bumps [leaflet.locatecontrol](https://github.com/domoritz/leaflet-locatecontrol) from 0.81.0 to 0.81.1.
- [Changelog](https://github.com/domoritz/leaflet-locatecontrol/blob/gh-pages/CHANGELOG.md)
- [Commits](https://github.com/domoritz/leaflet-locatecontrol/compare/v0.81.0...v0.81.1)

---
updated-dependencies:
- dependency-name: leaflet.locatecontrol
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months agoKeep header h1 height equal to default header height
Anton Khorev [Fri, 24 May 2024 18:18:27 +0000 (21:18 +0300)]
Keep header h1 height equal to default header height

6 months agoAdjust vertical alignment of user button contents
Anton Khorev [Fri, 24 May 2024 17:04:53 +0000 (20:04 +0300)]
Adjust vertical alignment of user button contents

6 months agoIncrease secondary nav item padding to compensate removed whitespace
Anton Khorev [Fri, 24 May 2024 16:48:46 +0000 (19:48 +0300)]
Increase secondary nav item padding to compensate removed whitespace

6 months agoUse Bootstrap .nav in secondary header navigation
Anton Khorev [Fri, 24 May 2024 16:41:55 +0000 (19:41 +0300)]
Use Bootstrap .nav in secondary header navigation

6 months agoMerge remote-tracking branch 'upstream/pull/4826'
Tom Hughes [Fri, 24 May 2024 10:59:52 +0000 (11:59 +0100)]
Merge remote-tracking branch 'upstream/pull/4826'

6 months agoFixed "Tab alignment" issue described in #4773
Nenad Vujicic [Thu, 23 May 2024 14:26:19 +0000 (16:26 +0200)]
Fixed "Tab alignment" issue described in #4773

Fixed "Tab alignment" for "Sign up" button issue described in #4773 and #4826

6 months agoMerge remote-tracking branch 'upstream/pull/4826'
Tom Hughes [Fri, 24 May 2024 10:10:03 +0000 (11:10 +0100)]
Merge remote-tracking branch 'upstream/pull/4826'

6 months agoFixed "Tab alignment" for "Sign up" button issue described in #4773 and #4826
Nenad Vujicic [Fri, 24 May 2024 09:44:33 +0000 (11:44 +0200)]
Fixed "Tab alignment" for "Sign up" button issue described in #4773 and #4826

6 months agoFixed "Tab alignment" issue described in #4773
Nenad Vujicic [Thu, 23 May 2024 14:26:19 +0000 (16:26 +0200)]
Fixed "Tab alignment" issue described in #4773

6 months agoMerge remote-tracking branch 'upstream/pull/4827'
Tom Hughes [Thu, 23 May 2024 17:25:29 +0000 (18:25 +0100)]
Merge remote-tracking branch 'upstream/pull/4827'

6 months agoFixed "Top menu buttons" issue mentioned in the #4773
Nenad Vujicic [Thu, 23 May 2024 15:02:44 +0000 (17:02 +0200)]
Fixed "Top menu buttons" issue mentioned in the #4773

6 months agoLocalisation updates from https://translatewiki.net.
translatewiki.net [Thu, 23 May 2024 12:19:37 +0000 (14:19 +0200)]
Localisation updates from https://translatewiki.net.

6 months agoMerge remote-tracking branch 'upstream/pull/4823'
Tom Hughes [Wed, 22 May 2024 17:37:01 +0000 (18:37 +0100)]
Merge remote-tracking branch 'upstream/pull/4823'

6 months agoMerge pull request #4627 from tomhughes/security-policy
Andy Allan [Wed, 22 May 2024 15:54:18 +0000 (16:54 +0100)]
Merge pull request #4627 from tomhughes/security-policy

Switch to using rails builtin content security policy support

6 months agoSwitch to using rails builtin content security policy support
Tom Hughes [Thu, 21 Mar 2024 20:32:12 +0000 (20:32 +0000)]
Switch to using rails builtin content security policy support

6 months agoMerge pull request #4756 from tomhughes/text-muted
Andy Allan [Wed, 22 May 2024 11:32:38 +0000 (12:32 +0100)]
Merge pull request #4756 from tomhughes/text-muted

Replace deprecated text-muted class with text-body-secondary

6 months agoMerge pull request #4758 from tomhughes/login-referer
Andy Allan [Wed, 22 May 2024 11:09:31 +0000 (12:09 +0100)]
Merge pull request #4758 from tomhughes/login-referer

Stop using the session to persist the referer during login

6 months agoMerge pull request #4816 from tomhughes/login-focus
Andy Allan [Wed, 22 May 2024 11:06:38 +0000 (12:06 +0100)]
Merge pull request #4816 from tomhughes/login-focus

Make the login and signup screens focus on the first input

6 months agoReplace deprecated text-muted class with text-body-secondary
Tom Hughes [Mon, 6 May 2024 08:49:51 +0000 (09:49 +0100)]
Replace deprecated text-muted class with text-body-secondary

6 months agoMerge pull request #4824 from AntonKhorev/no-user-button
Andy Allan [Wed, 22 May 2024 09:54:32 +0000 (10:54 +0100)]
Merge pull request #4824 from AntonKhorev/no-user-button

Remove unnecessary user menu wrapper

6 months agoRemove unnecessary user menu wrapper
Anton Khorev [Tue, 21 May 2024 22:38:21 +0000 (01:38 +0300)]
Remove unnecessary user menu wrapper

6 months agoUse .icon-link to align logo
Anton Khorev [Tue, 21 May 2024 17:43:55 +0000 (20:43 +0300)]
Use .icon-link to align logo

6 months agoMerge remote-tracking branch 'upstream/pull/4822'
Tom Hughes [Tue, 21 May 2024 17:34:52 +0000 (18:34 +0100)]
Merge remote-tracking branch 'upstream/pull/4822'

6 months agoDrop bogus html.dir from ne locale
Tom Hughes [Tue, 21 May 2024 17:29:06 +0000 (18:29 +0100)]
Drop bogus html.dir from ne locale

6 months agoFix new rubocop warnings
Tom Hughes [Tue, 21 May 2024 17:21:56 +0000 (18:21 +0100)]
Fix new rubocop warnings

6 months agoUpdate bundle
Tom Hughes [Tue, 21 May 2024 17:06:06 +0000 (18:06 +0100)]
Update bundle

6 months agoRemove inbox template and anchor id
Anton Khorev [Tue, 21 May 2024 16:57:16 +0000 (19:57 +0300)]
Remove inbox template and anchor id

6 months agoLocalisation updates from https://translatewiki.net.
translatewiki.net [Mon, 20 May 2024 12:14:53 +0000 (14:14 +0200)]
Localisation updates from https://translatewiki.net.

6 months agoMake the login and signup screens focus on the first input
Tom Hughes [Sun, 19 May 2024 18:37:30 +0000 (19:37 +0100)]
Make the login and signup screens focus on the first input

Fixes #4814

6 months agoMerge remote-tracking branch 'upstream/pull/4795'
Tom Hughes [Sun, 19 May 2024 18:21:45 +0000 (19:21 +0100)]
Merge remote-tracking branch 'upstream/pull/4795'

6 months agoMerge remote-tracking branch 'upstream/pull/4812'
Tom Hughes [Sun, 19 May 2024 17:58:46 +0000 (18:58 +0100)]
Merge remote-tracking branch 'upstream/pull/4812'

6 months agoMerge remote-tracking branch 'upstream/pull/4811'
Tom Hughes [Sun, 19 May 2024 17:50:15 +0000 (18:50 +0100)]
Merge remote-tracking branch 'upstream/pull/4811'

6 months agoMerge remote-tracking branch 'upstream/pull/4810'
Tom Hughes [Sun, 19 May 2024 17:47:56 +0000 (18:47 +0100)]
Merge remote-tracking branch 'upstream/pull/4810'

6 months agoMerge remote-tracking branch 'upstream/pull/4808'
Tom Hughes [Sun, 19 May 2024 17:46:58 +0000 (18:46 +0100)]
Merge remote-tracking branch 'upstream/pull/4808'

6 months agoMerge remote-tracking branch 'upstream/pull/4809'
Tom Hughes [Sun, 19 May 2024 17:40:46 +0000 (18:40 +0100)]
Merge remote-tracking branch 'upstream/pull/4809'

6 months agoMerge remote-tracking branch 'upstream/pull/4804'
Tom Hughes [Sun, 19 May 2024 17:40:40 +0000 (18:40 +0100)]
Merge remote-tracking branch 'upstream/pull/4804'

6 months agochore: typo
Sabih S [Sat, 18 May 2024 09:56:29 +0000 (09:56 +0000)]
chore: typo

6 months agochore: clarify email reply text
Sabih S [Sat, 18 May 2024 08:47:52 +0000 (08:47 +0000)]
chore: clarify email reply text

6 months agoDon't skip heading levels on "fixthemap" page
Anton Khorev [Sat, 18 May 2024 00:41:26 +0000 (03:41 +0300)]
Don't skip heading levels on "fixthemap" page

6 months agoRemove unused .button class
Anton Khorev [Sat, 18 May 2024 00:26:14 +0000 (03:26 +0300)]
Remove unused .button class

6 months agoFix css section comments
Anton Khorev [Sat, 18 May 2024 00:13:56 +0000 (03:13 +0300)]
Fix css section comments

6 months agoSet check/x display property using .d-block
Anton Khorev [Sat, 18 May 2024 00:11:04 +0000 (03:11 +0300)]
Set check/x display property using .d-block

6 months agoRemove font size class from "Start mapping" container
Anton Khorev [Fri, 17 May 2024 23:49:21 +0000 (02:49 +0300)]
Remove font size class from "Start mapping" container

It doesn't affect the button font, only the spacing around.

6 months agoRemove .clearfix
Anton Khorev [Fri, 17 May 2024 23:42:55 +0000 (02:42 +0300)]
Remove .clearfix

Floats are no longer used on the welcome page.

6 months agoReplace .term sprite class with .d-flex container
Anton Khorev [Wed, 15 May 2024 13:42:21 +0000 (16:42 +0300)]
Replace .term sprite class with .d-flex container

6 months agoConvert basic terms to a list
Anton Khorev [Wed, 15 May 2024 13:21:33 +0000 (16:21 +0300)]
Convert basic terms to a list

6 months agoRemove .small sprite class
Anton Khorev [Wed, 15 May 2024 13:16:10 +0000 (16:16 +0300)]
Remove .small sprite class

.small is used to set the font size elsewhere.

6 months agoBump eslint from 9.2.0 to 9.3.0
dependabot[bot] [Fri, 17 May 2024 23:24:47 +0000 (23:24 +0000)]
Bump eslint from 9.2.0 to 9.3.0

Bumps [eslint](https://github.com/eslint/eslint) from 9.2.0 to 9.3.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.2.0...v9.3.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months agoFix white circular elements of welcome sprite
Anton Khorev [Fri, 17 May 2024 15:45:24 +0000 (18:45 +0300)]
Fix white circular elements of welcome sprite

6 months agoBump rexml from 3.2.6 to 3.2.8
dependabot[bot] [Thu, 16 May 2024 21:21:03 +0000 (21:21 +0000)]
Bump rexml from 3.2.6 to 3.2.8

Bumps [rexml](https://github.com/ruby/rexml) from 3.2.6 to 3.2.8.
- [Release notes](https://github.com/ruby/rexml/releases)
- [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/rexml/compare/v3.2.6...v3.2.8)

---
updated-dependencies:
- dependency-name: rexml
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months agoUpdate to rails 7.1.3.3
Tom Hughes [Thu, 16 May 2024 21:18:14 +0000 (22:18 +0100)]
Update to rails 7.1.3.3

6 months agoOpenID connect icons to SVG
Hidde Wieringa [Tue, 14 May 2024 17:54:52 +0000 (19:54 +0200)]
OpenID connect icons to SVG

re-add whitespace

trigger CI

revert size attribute

6 months agoMerge pull request #4803 from tomhughes/preference-encoding
Andy Allan [Thu, 16 May 2024 18:41:45 +0000 (19:41 +0100)]
Merge pull request #4803 from tomhughes/preference-encoding

Fix exception uploading a unicode preference value

6 months agoMerge remote-tracking branch 'upstream/pull/4802'
Tom Hughes [Thu, 16 May 2024 17:02:03 +0000 (18:02 +0100)]
Merge remote-tracking branch 'upstream/pull/4802'

6 months agoTreat the body as UTF-8 for user_preferences#update
Tom Hughes [Thu, 16 May 2024 16:48:48 +0000 (17:48 +0100)]
Treat the body as UTF-8 for user_preferences#update

6 months agoTest unicode values in user preference keys and values
Tom Hughes [Thu, 16 May 2024 16:48:17 +0000 (17:48 +0100)]
Test unicode values in user preference keys and values

6 months agoLocalisation updates from https://translatewiki.net.
translatewiki.net [Thu, 16 May 2024 12:17:52 +0000 (14:17 +0200)]
Localisation updates from https://translatewiki.net.

6 months agoMerge pull request #4800 from AntonKhorev/welcome-stack
Andy Allan [Wed, 15 May 2024 16:43:25 +0000 (17:43 +0100)]
Merge pull request #4800 from AntonKhorev/welcome-stack

Stack welcome page columns on small screens

6 months agoMerge pull request #4680 from tomhughes/validate-page-numbers
Andy Allan [Wed, 15 May 2024 16:43:04 +0000 (17:43 +0100)]
Merge pull request #4680 from tomhughes/validate-page-numbers

Add parameter validation to pagination

6 months agoStack welcome page columns on small screens
Anton Khorev [Wed, 15 May 2024 13:45:32 +0000 (16:45 +0300)]
Stack welcome page columns on small screens

Make it similar to the fixthemap page.

6 months agoRemove groups
Anton Khorev [Wed, 15 May 2024 16:12:52 +0000 (19:12 +0300)]
Remove groups

6 months agoRemove transforms from groups
Anton Khorev [Wed, 15 May 2024 16:10:34 +0000 (19:10 +0300)]
Remove transforms from groups

6 months agoMerge pull request #4633 from tomhughes/trace-images
Andy Allan [Wed, 15 May 2024 15:38:00 +0000 (16:38 +0100)]
Merge pull request #4633 from tomhughes/trace-images

Trace image cleanups

6 months agoRemove transforms from circles
Anton Khorev [Wed, 15 May 2024 15:21:52 +0000 (18:21 +0300)]
Remove transforms from circles

6 months agoRemove fill rule style
Anton Khorev [Wed, 15 May 2024 15:11:05 +0000 (18:11 +0300)]
Remove fill rule style

6 months agoMerge pull request #4496 from tomhughes/disabled-auth-error
Andy Allan [Wed, 15 May 2024 15:33:33 +0000 (16:33 +0100)]
Merge pull request #4496 from tomhughes/disabled-auth-error

Return an error when a disabled authentication mechanism is used

6 months agoRemove line join styles for circles
Anton Khorev [Wed, 15 May 2024 15:09:22 +0000 (18:09 +0300)]
Remove line join styles for circles