From: Tom Hughes Date: Wed, 21 Jul 2021 14:41:31 +0000 (+0100) Subject: Merge remote-tracking branch 'upstream/pull/3264' X-Git-Tag: live~2542 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/191d7f371031cec6a1b83157d3e9f17dee787075?hp=2a885c2cce4d42f3150b6969518fa321f3c5b25e Merge remote-tracking branch 'upstream/pull/3264' --- diff --git a/app/assets/javascripts/oauth.js b/app/assets/javascripts/oauth.js index d688590b0..0c3538c51 100644 --- a/app/assets/javascripts/oauth.js +++ b/app/assets/javascripts/oauth.js @@ -1,26 +1,11 @@ -//= require ohauth/ohauth - $(document).ready(function () { var application_data = $("head").data(); - function makeAbsolute(url) { - var a = document.createElement("a"); - a.href = url; - return a.href; - } - - if (application_data.token) { - var headerGenerator = window.ohauth.headerGenerator({ - consumer_key: application_data.consumerKey, - consumer_secret: application_data.consumerSecret, - token: application_data.token, - token_secret: application_data.tokenSecret - }); - - $.ajaxPrefilter(function (options, jqxhr) { + if (application_data.oauthToken) { + $.ajaxPrefilter(function (options) { if (options.oauth) { options.headers = options.headers || {}; - options.headers.Authorization = headerGenerator(options.type, makeAbsolute(options.url), jqxhr.data); + options.headers.Authorization = "Bearer " + application_data.oauthToken; } }); } diff --git a/app/controllers/api/user_preferences_controller.rb b/app/controllers/api/user_preferences_controller.rb index 40ccfccbb..02a23095a 100644 --- a/app/controllers/api/user_preferences_controller.rb +++ b/app/controllers/api/user_preferences_controller.rb @@ -1,4 +1,4 @@ -# Update and read user preferences, which are arbitrayr key/val pairs +# Update and read user preferences, which are arbitrary key/val pairs module Api class UserPreferencesController < ApiController before_action :authorize diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fc8b75b60..8df126a04 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -67,7 +67,7 @@ class ApplicationController < ActionController::Base end def require_oauth - @oauth_token = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key) + @oauth_token = current_user.oauth_token(Settings.oauth_application) if current_user && Settings.key?(:oauth_application) end ## diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index f30ece3ec..594038939 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -47,7 +47,7 @@ class IssuesController < ApplicationController @new_comment = IssueComment.new(:issue => @issue) end - # Status Transistions + # Status Transitions def resolve if @issue.resolve @issue.updated_by = current_user.id diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index faf538fa9..c9f165d52 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -58,13 +58,7 @@ module ApplicationHelper end data[:location] = session[:location] if session[:location] - - if oauth_token - data[:token] = oauth_token.token - data[:token_secret] = oauth_token.secret - data[:consumer_key] = oauth_token.client_application.key - data[:consumer_secret] = oauth_token.client_application.secret - end + data[:oauth_token] = oauth_token.token if oauth_token data end diff --git a/app/helpers/banner_helper.rb b/app/helpers/banner_helper.rb index fef6eaa5e..17c6eace3 100644 --- a/app/helpers/banner_helper.rb +++ b/app/helpers/banner_helper.rb @@ -28,7 +28,7 @@ module BannerHelper index = cval.to_i cookies[ckey] = index - 1 if index.positive? - # pick banner with mininum queue position + # pick banner with minimum queue position next if index > min_index # or if equal queue position, pick banner with soonest end date (i.e. next expiring) diff --git a/app/models/concerns/consistency_validations.rb b/app/models/concerns/consistency_validations.rb index 00c6ce993..8c89f61de 100644 --- a/app/models/concerns/consistency_validations.rb +++ b/app/models/concerns/consistency_validations.rb @@ -3,7 +3,7 @@ module ConsistencyValidations # Generic checks that are run for the updates and deletes of # node, ways and relations. This code is here to avoid duplication, - # and allow the extention of the checks without having to modify the + # and allow the extension of the checks without having to modify the # code in 6 places for all the updates and deletes. Some of these tests are # needed for creates, but are currently not run :-( # This will throw an exception if there is an inconsistency diff --git a/app/models/user.rb b/app/models/user.rb index 964359e9c..cca894a6b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -68,7 +68,7 @@ class User < ApplicationRecord has_many :client_applications has_many :oauth_tokens, -> { order(:authorized_at => :desc).preload(:client_application) }, :class_name => "OauthToken" - has_many :oauth2_applications, :class_name => Doorkeeper.config.application_model.name, :foreign_key => :owner_id + has_many :oauth2_applications, :class_name => Doorkeeper.config.application_model.name, :as => :owner has_many :access_grants, :class_name => Doorkeeper.config.access_grant_model.name, :foreign_key => :resource_owner_id has_many :access_tokens, :class_name => Doorkeeper.config.access_token_model.name, :foreign_key => :resource_owner_id @@ -288,11 +288,23 @@ class User < ApplicationRecord end ## - # return an oauth access token for a specified application + # return an oauth 1 access token for a specified application def access_token(application_key) ClientApplication.find_by(:key => application_key).access_token_for_user(self) end + ## + # return an oauth 2 access token for a specified application + def oauth_token(application_id) + application = Doorkeeper.config.application_model.find_by(:uid => application_id) + + Doorkeeper.config.access_token_model.find_or_create_for( + :application => application, + :resource_owner => self, + :scopes => application.scopes + ) + end + def fingerprint digest = Digest::SHA256.new digest.update(email) diff --git a/config/settings.yml b/config/settings.yml index 81ab37015..6f77efcfd 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -84,8 +84,8 @@ oauth_10_support: true nominatim_url: "https://nominatim.openstreetmap.org/" # Default editor default_editor: "id" -# OAuth consumer key for the web site -#oauth_key: "" +# OAuth application for the web site +#oauth_application: "" # OAuth consumer key for iD #id_key: "" # Imagery to return in capabilities as blacklisted diff --git a/package.json b/package.json index 60da79b05..4e5538cfd 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,6 @@ "js-cookie": "^2.2.1", "leaflet": "^1.6.0", "leaflet.locatecontrol": "^0.74.0", - "ohauth": "^1.0.0", "qs": "^6.9.4" }, "devDependencies": { diff --git a/test/controllers/api/map_controller_test.rb b/test/controllers/api/map_controller_test.rb index e9459b6a2..433e7a2af 100644 --- a/test/controllers/api/map_controller_test.rb +++ b/test/controllers/api/map_controller_test.rb @@ -13,7 +13,7 @@ module Api @goodbbox = %w[-0.1,-0.1,0.1,0.1 51.1,-0.1,51.2,0 -0.1,%20-0.1,%200.1,%200.1 -0.1edcd,-0.1d,0.1,0.1 -0.1E,-0.1E,0.1S,0.1N S0.1,W0.1,N0.1,E0.1] # That last item in the goodbbox really shouldn't be there, as the API should - # reall reject it, however this is to test to see if the api changes. + # really reject it, however this is to test to see if the api changes. end ## diff --git a/test/controllers/api/relations_controller_test.rb b/test/controllers/api/relations_controller_test.rb index 44c6cd4ee..ec86e07a5 100644 --- a/test/controllers/api/relations_controller_test.rb +++ b/test/controllers/api/relations_controller_test.rb @@ -1009,7 +1009,7 @@ module Api ## # updates the relation (XML) +rel+ and # yields the new version of that relation into the block. - # the parsed XML doc is retured. + # the parsed XML doc is returned. def with_update(rel, headers) rel_id = rel.find("//osm/relation").first["id"].to_i put api_relation_path(:id => rel_id), :params => rel.to_s, :headers => headers @@ -1029,7 +1029,7 @@ module Api ## # updates the relation (XML) +rel+ via the diff-upload API and # yields the new version of that relation into the block. - # the parsed XML doc is retured. + # the parsed XML doc is returned. def with_update_diff(rel, headers) rel_id = rel.find("//osm/relation").first["id"].to_i cs_id = rel.find("//osm/relation").first["changeset"].to_i diff --git a/test/controllers/api/tracepoints_controller_test.rb b/test/controllers/api/tracepoints_controller_test.rb index d3fb195fe..a904e8127 100644 --- a/test/controllers/api/tracepoints_controller_test.rb +++ b/test/controllers/api/tracepoints_controller_test.rb @@ -13,7 +13,7 @@ module Api @goodbbox = %w[-0.1,-0.1,0.1,0.1 51.1,-0.1,51.2,0 -0.1,%20-0.1,%200.1,%200.1 -0.1edcd,-0.1d,0.1,0.1 -0.1E,-0.1E,0.1S,0.1N S0.1,W0.1,N0.1,E0.1] # That last item in the goodbbox really shouldn't be there, as the API should - # reall reject it, however this is to test to see if the api changes. + # really reject it, however this is to test to see if the api changes. end ## diff --git a/test/controllers/api/traces_controller_test.rb b/test/controllers/api/traces_controller_test.rb index c2ddb6031..52df899ba 100644 --- a/test/controllers/api/traces_controller_test.rb +++ b/test/controllers/api/traces_controller_test.rb @@ -70,7 +70,7 @@ module Api assert_response :success end - # Check an anoymous trace can't be specifically fetched by another user + # Check an anonymous trace can't be specifically fetched by another user def test_show_anon anon_trace_file = create(:trace, :visibility => "private") diff --git a/test/controllers/traces_controller_test.rb b/test/controllers/traces_controller_test.rb index 39a72568f..1c3dc2d31 100644 --- a/test/controllers/traces_controller_test.rb +++ b/test/controllers/traces_controller_test.rb @@ -133,7 +133,7 @@ class TracesControllerTest < ActionDispatch::IntegrationTest # Check that the index of traces is displayed def test_index user = create(:user) - # The fourth test below is surpisingly sensitive to timestamp ordering when the timestamps are equal. + # The fourth test below is surprisingly sensitive to timestamp ordering when the timestamps are equal. trace_a = create(:trace, :visibility => "public", :timestamp => 4.seconds.ago) do |trace| create(:tracetag, :trace => trace, :tag => "London") end @@ -255,7 +255,7 @@ class TracesControllerTest < ActionDispatch::IntegrationTest # Check the RSS feed def test_rss user = create(:user) - # The fourth test below is surpisingly sensitive to timestamp ordering when the timestamps are equal. + # The fourth test below is surprisingly sensitive to timestamp ordering when the timestamps are equal. trace_a = create(:trace, :visibility => "public", :timestamp => 4.seconds.ago) do |trace| create(:tracetag, :trace => trace, :tag => "London") end diff --git a/test/lib/utf8_test.rb b/test/lib/utf8_test.rb index d90d5efa9..0eac9253d 100644 --- a/test/lib/utf8_test.rb +++ b/test/lib/utf8_test.rb @@ -12,6 +12,6 @@ class UTF8Test < ActiveSupport::TestCase assert_not UTF8.valid?("\xC2\xC2") # 2-byte multibyte identifier, followed by another one assert_not UTF8.valid?("\x4a\x82") # plain ASCII, followed by multibyte continuation assert_not UTF8.valid?("\x82\x82") # multibyte continuations without multibyte identifier - assert_not UTF8.valid?("\xe1\x82\x4a") # three-byte identifier, contination and (incorrectly) plain ASCII + assert_not UTF8.valid?("\xe1\x82\x4a") # three-byte identifier, continuation and (incorrectly) plain ASCII end end diff --git a/test/models/message_test.rb b/test/models/message_test.rb index 99a471075..d5391c6f8 100644 --- a/test/models/message_test.rb +++ b/test/models/message_test.rb @@ -51,7 +51,7 @@ class MessageTest < ActiveSupport::TestCase "\xC2\xC2", # 2-byte multibyte identifier, followed by another one "\x4a\x82", # plain ASCII, followed by multibyte continuation "\x82\x82", # multibyte continuations without multibyte identifier - "\xe1\x82\x4a"] # three-byte identifier, contination and (incorrectly) plain ASCII + "\xe1\x82\x4a"] # three-byte identifier, continuation and (incorrectly) plain ASCII invalid_sequences.each do |char| # create a message and save to the database msg = make_message(char, 1) diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 4c863272b..c34b4b81f 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -76,7 +76,7 @@ class UserTest < ActiveSupport::TestCase def test_display_name_valid # Due to sanitisation in the view some of these that you might not - # expact are allowed + # expect are allowed # However, would they affect the xml planet dumps? ok = ["Name", "'me", "he\"", "
", "*ho", "\"help\"@", "vergrößern", "ルシステムにも対応します", "輕觸搖晃的遊戲", "space space"] diff --git a/test/test_helper.rb b/test/test_helper.rb index 505fa2568..6c8a798aa 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -195,7 +195,7 @@ module ActiveSupport ## # Used to check that the error header and the forbidden responses are given - # when the owner of the changset has their data not marked as public + # when the owner of the changeset has their data not marked as public def assert_require_public_data(msg = "Shouldn't be able to use API when the user's data is not public") assert_response :forbidden, msg assert_equal("You must make your edits public to upload new data", @response.headers["Error"], "Wrong error message") diff --git a/yarn.lock b/yarn.lock index 9e26ca931..f92004bcb 100644 --- a/yarn.lock +++ b/yarn.lock @@ -565,11 +565,6 @@ js-yaml@^3.13.1: argparse "^1.0.7" esprima "^4.0.0" -jshashes@~1.0.8: - version "1.0.8" - resolved "https://registry.yarnpkg.com/jshashes/-/jshashes-1.0.8.tgz#f60d837428383abf73ab022e1542e6614bd75514" - integrity sha512-btmQZ/w1rj8Lb6nEwvhjM7nBYoj54yaEFo2PWh3RkxZ8qNwuvOxvQYN/JxVuwoMmdIluL+XwYVJ+pEEZoSYybQ== - json-schema-traverse@^0.4.1: version "0.4.1" resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660" @@ -640,13 +635,6 @@ object-inspect@^1.9.0: resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.9.0.tgz#c90521d74e1127b67266ded3394ad6116986533a" integrity sha512-i3Bp9iTqwhaLZBxGkRfo5ZbE07BQRT7MGu8+nNgwW9ItGp1TzCTw2DLEoWwjClxBjOFI/hWljTAmYGCEwmtnOw== -ohauth@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/ohauth/-/ohauth-1.0.1.tgz#a5d4ab8e5390bb1cad68a58cc9c58630173c02f2" - integrity sha512-R9ZUN3+FVCwzeOOHCJpzA9jw/byRxp5O9X06mTL6Sp/LIQn/rLrMv6cwYctX+hoIKzRUsalGJXZ1kG5wBmSskQ== - dependencies: - jshashes "~1.0.8" - once@^1.3.0: version "1.4.0" resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"