]>
git.openstreetmap.org Git - rails.git/log
Tom Hughes [Thu, 17 Feb 2022 00:54:11 +0000 (00:54 +0000)]
Default to allowing TLS for SMTP but without peer verification
Tom Hughes [Wed, 16 Feb 2022 22:48:26 +0000 (22:48 +0000)]
Disable peer host name validation when sending email
Tom Hughes [Wed, 16 Feb 2022 18:13:16 +0000 (18:13 +0000)]
Merge remote-tracking branch 'upstream/pull/3398'
Tom Hughes [Wed, 16 Feb 2022 18:12:33 +0000 (18:12 +0000)]
Merge remote-tracking branch 'upstream/pull/3461'
Andy Allan [Wed, 16 Feb 2022 15:16:53 +0000 (15:16 +0000)]
Merge pull request #3414 from tomhughes/rails7
Update to rails 7.x
Andy Allan [Wed, 16 Feb 2022 14:58:30 +0000 (14:58 +0000)]
Merge pull request #3440 from mmd-osm/relationmemberlimit
Introduce relation member limit
Tom Hughes [Thu, 16 Dec 2021 18:51:39 +0000 (18:51 +0000)]
Update to rails 7.0.2.2
Andy Allan [Wed, 16 Feb 2022 11:27:52 +0000 (11:27 +0000)]
Update documentation for how to confirm a new user account
Fixes #3460
Tom Hughes [Tue, 15 Feb 2022 18:36:41 +0000 (18:36 +0000)]
Update bundle
Tom Hughes [Tue, 15 Feb 2022 18:32:33 +0000 (18:32 +0000)]
Merge remote-tracking branch 'upstream/pull/3458'
dependabot[bot] [Mon, 14 Feb 2022 23:00:49 +0000 (23:00 +0000)]
Bump eslint from 8.8.0 to 8.9.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.8.0 to 8.9.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.8.0...v8.9.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
translatewiki.net [Mon, 14 Feb 2022 12:11:05 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Sun, 13 Feb 2022 19:25:42 +0000 (19:25 +0000)]
Allow trace image URL to be configured in the CSP policy
Tom Hughes [Sun, 13 Feb 2022 18:39:21 +0000 (18:39 +0000)]
Merge remote-tracking branch 'upstream/pull/3345'
Tom Hughes [Sun, 13 Feb 2022 17:39:15 +0000 (17:39 +0000)]
Merge remote-tracking branch 'upstream/pull/3455'
Harry Wood [Sat, 12 Feb 2022 17:58:43 +0000 (17:58 +0000)]
Remove section on removed rake doc:app
Remove the section of contributing docs about how `rake doc:app` can be used to generate some sort of documentation. That will not work any more, since this task was removed from Rails v5 because people don't generally use it! https://stackoverflow.com/a/
36804474 /338265
Harry Wood [Sat, 12 Feb 2022 17:53:39 +0000 (17:53 +0000)]
Fix contrib doc to remove reference to travis
Remove the reference to Travis CI. Our CI pipeline now runs withing github actions.
Tom Hughes [Sat, 12 Feb 2022 10:45:27 +0000 (10:45 +0000)]
Merge remote-tracking branch 'upstream/pull/3454'
Tom Hughes [Sat, 12 Feb 2022 10:45:16 +0000 (10:45 +0000)]
Merge remote-tracking branch 'upstream/pull/3453'
Tom Hughes [Sat, 12 Feb 2022 10:45:13 +0000 (10:45 +0000)]
Merge remote-tracking branch 'upstream/pull/3452'
Brian Kelly [Sat, 12 Feb 2022 00:17:13 +0000 (18:17 -0600)]
Adds advancedcomp to the list of macOS Homebrew dependencies
Harry Wood [Sat, 12 Feb 2022 00:13:42 +0000 (00:13 +0000)]
Fix vagrant storage.yml config
Tell vagrant to copy the example storage.yml config file into place as per INSTALL.md instructions. Allows the migrations to run.
Brian Kelly [Sat, 12 Feb 2022 00:05:20 +0000 (18:05 -0600)]
Updates macOS geckodriver installation command
Tom Hughes [Fri, 11 Feb 2022 22:20:11 +0000 (22:20 +0000)]
Update to rails 6.1.4.6
Tom Hughes [Fri, 11 Feb 2022 22:19:43 +0000 (22:19 +0000)]
Update bundle
translatewiki.net [Thu, 10 Feb 2022 12:11:21 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Andy Allan [Thu, 9 Dec 2021 16:12:42 +0000 (16:12 +0000)]
Allow users to delete their own accounts
This PR allows users to delete their own accounts. The logic implemented matches
that currently used by the admins when they manually close accounts, although
there is room to be more complex in future e.g. completely removing accounts
with no content.
The error handling has been slightly adapted for namespaced controllers, by
anchoring the controller name with a leading forward slash.
Tom Hughes [Tue, 8 Feb 2022 18:22:05 +0000 (18:22 +0000)]
Update bundle
translatewiki.net [Mon, 7 Feb 2022 12:10:37 +0000 (13:10 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Thu, 3 Feb 2022 18:37:12 +0000 (18:37 +0000)]
Merge remote-tracking branch 'upstream/pull/3419'
Tom Hughes [Thu, 3 Feb 2022 18:32:49 +0000 (18:32 +0000)]
Merge remote-tracking branch 'upstream/pull/3446'
Tom Hughes [Thu, 3 Feb 2022 18:32:40 +0000 (18:32 +0000)]
Merge remote-tracking branch 'upstream/pull/3445'
Martin Raifer [Thu, 3 Feb 2022 15:19:01 +0000 (16:19 +0100)]
Update to iD v2.20.4
translatewiki.net [Thu, 3 Feb 2022 12:11:37 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Andy Allan [Wed, 2 Feb 2022 17:47:45 +0000 (17:47 +0000)]
Ensure that deactivate isn't available in production
It's only used as a workaround for factories not being able to create
pending users while keeping active as the default
Andy Allan [Wed, 2 Feb 2022 16:37:50 +0000 (16:37 +0000)]
Add extra user transitions needed by the administrators
Morten Bruhn [Wed, 2 Feb 2022 15:13:07 +0000 (16:13 +0100)]
Added some key-value pairs under `railway=`
mmd-osm [Sat, 29 Jan 2022 14:52:21 +0000 (15:52 +0100)]
Introduce relation member limit
Adds a new parameter `max_number_of_relation_members` in settings.yml
Tom Hughes [Tue, 1 Feb 2022 18:59:56 +0000 (18:59 +0000)]
Update bundle
Tom Hughes [Tue, 1 Feb 2022 18:42:07 +0000 (18:42 +0000)]
Index note comments by author and date
Fixes #3443
Tom Hughes [Tue, 1 Feb 2022 18:22:33 +0000 (18:22 +0000)]
Merge remote-tracking branch 'upstream/pull/3442'
Tom Hughes [Tue, 1 Feb 2022 18:13:40 +0000 (18:13 +0000)]
Merge remote-tracking branch 'upstream/pull/3439'
Martin Raifer [Mon, 31 Jan 2022 17:10:00 +0000 (18:10 +0100)]
Update to iD v2.20.3
translatewiki.net [Mon, 31 Jan 2022 12:10:21 +0000 (13:10 +0100)]
Localisation updates from https://translatewiki.net.
dependabot[bot] [Fri, 28 Jan 2022 23:00:33 +0000 (23:00 +0000)]
Bump eslint from 8.7.0 to 8.8.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.7.0 to 8.8.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.7.0...v8.8.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Tom Hughes [Fri, 28 Jan 2022 12:35:57 +0000 (12:35 +0000)]
Fix route for "go public" button on the account edit page
translatewiki.net [Thu, 27 Jan 2022 12:11:14 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Tue, 25 Jan 2022 18:22:46 +0000 (18:22 +0000)]
Update bundle
translatewiki.net [Mon, 24 Jan 2022 12:12:09 +0000 (13:12 +0100)]
Localisation updates from https://translatewiki.net.
translatewiki.net [Thu, 20 Jan 2022 12:11:20 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 19 Jan 2022 18:19:10 +0000 (18:19 +0000)]
Merge remote-tracking branch 'upstream/pull/3426'
Andy Allan [Wed, 19 Jan 2022 16:14:03 +0000 (16:14 +0000)]
Allow blank issue templates
This was originally intended in #3397 and I'm not sure why I set this
to false.
Tom Hughes [Tue, 18 Jan 2022 19:03:32 +0000 (19:03 +0000)]
Merge remote-tracking branch 'upstream/pull/3420'
Tom Hughes [Tue, 18 Jan 2022 08:12:14 +0000 (08:12 +0000)]
Update bundle
Tom Hughes [Tue, 18 Jan 2022 08:10:59 +0000 (08:10 +0000)]
Merge remote-tracking branch 'upstream/pull/3425'
dependabot[bot] [Mon, 17 Jan 2022 23:00:46 +0000 (23:00 +0000)]
Bump eslint from 8.6.0 to 8.7.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.6.0 to 8.7.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.6.0...v8.7.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
translatewiki.net [Mon, 17 Jan 2022 12:11:06 +0000 (13:11 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Mon, 17 Jan 2022 11:01:07 +0000 (11:01 +0000)]
Remove form_action restrictions for sessions#login
Login may redirect to ouath2_authorizations#create which may then
redirect to arbitrary schemes if the application is already authorized
so we need to allow login to redirect to any scheme.
Fixes #3424
Tom Hughes [Mon, 17 Jan 2022 11:00:41 +0000 (11:00 +0000)]
Restore form_action restrictions for ouath2_authorizations#create
Tom Hughes [Mon, 17 Jan 2022 09:33:28 +0000 (09:33 +0000)]
Remove form_action restrictions for ouath2_authorizations#create
Fixes #3424
translatewiki.net [Thu, 13 Jan 2022 12:10:10 +0000 (13:10 +0100)]
Localisation updates from https://translatewiki.net.
Nick Doiron [Thu, 13 Jan 2022 00:16:09 +0000 (19:16 -0500)]
rm spaces
Nick Doiron [Thu, 13 Jan 2022 00:06:18 +0000 (19:06 -0500)]
add dir="auto" to search fields
Improves right-to-left text input support
Tom Hughes [Wed, 12 Jan 2022 18:23:53 +0000 (18:23 +0000)]
Merge remote-tracking branch 'upstream/pull/3418'
Andy Allan [Wed, 5 Jan 2022 18:44:46 +0000 (18:44 +0000)]
Use a state machine for user status
The user status is a bit complex, since there are various states and
not all transitions between them make sense.
Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
Tom Hughes [Wed, 12 Jan 2022 18:15:46 +0000 (18:15 +0000)]
Merge remote-tracking branch 'upstream/pull/3416'
Andy Allan [Wed, 12 Jan 2022 16:42:03 +0000 (16:42 +0000)]
Remove params from user deletion test
They have no effect, and are likely a copy-paste error from when
the test was first written in
39a54f8c14d739c95495e0d2c0ca56826eddfe52
dependabot[bot] [Tue, 11 Jan 2022 23:00:52 +0000 (23:00 +0000)]
Bump qs from 6.10.2 to 6.10.3
Bumps [qs](https://github.com/ljharb/qs) from 6.10.2 to 6.10.3.
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.10.2...v6.10.3)
---
updated-dependencies:
- dependency-name: qs
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Tom Hughes [Tue, 11 Jan 2022 21:16:11 +0000 (21:16 +0000)]
Switch github URLs to use https
Fixes #3415
Tom Hughes [Tue, 11 Jan 2022 19:42:31 +0000 (19:42 +0000)]
Avoid putting ActionController::Parameters objects in the session
Tom Hughes [Tue, 11 Jan 2022 19:43:36 +0000 (19:43 +0000)]
Update bundle
Tom Hughes [Mon, 10 Jan 2022 08:38:45 +0000 (08:38 +0000)]
Replace to_s on TimeWithZone objects with to_formatted_s
translatewiki.net [Mon, 10 Jan 2022 12:09:11 +0000 (13:09 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Mon, 10 Jan 2022 08:05:09 +0000 (08:05 +0000)]
Update bundle
Tom Hughes [Thu, 6 Jan 2022 15:34:30 +0000 (15:34 +0000)]
Merge remote-tracking branch 'upstream/pull/3411'
Andy Allan [Thu, 6 Jan 2022 13:27:15 +0000 (13:27 +0000)]
Use `assert_link` instead of `assert page.has_link?`
This leads to better error messages if the test fails
Tom Hughes [Thu, 6 Jan 2022 13:25:42 +0000 (13:25 +0000)]
Merge remote-tracking branch 'upstream/pull/3410'
Andy Allan [Thu, 6 Jan 2022 13:16:47 +0000 (13:16 +0000)]
Use `assert_content` instead of `assert page.has_content?`
The assert_content comes from capybara, and gives a much more helpful
error message if the test fails.
translatewiki.net [Thu, 6 Jan 2022 12:08:27 +0000 (13:08 +0100)]
Localisation updates from https://translatewiki.net.
Andy Allan [Thu, 6 Jan 2022 10:46:38 +0000 (10:46 +0000)]
Use factory_bot to build new model objects
Andy Allan [Wed, 5 Jan 2022 20:29:12 +0000 (20:29 +0000)]
Use factorybot to build user objects
This allows us to only specify attributes of interest in the test.
Tom Hughes [Wed, 5 Jan 2022 18:40:13 +0000 (18:40 +0000)]
Merge remote-tracking branch 'upstream/pull/3409'
Tom Hughes [Wed, 5 Jan 2022 11:11:14 +0000 (11:11 +0000)]
Attempt to avoid polynomial time matches on user supplied data
Andy Allan [Wed, 5 Jan 2022 18:14:30 +0000 (18:14 +0000)]
Fix display of suspension message when a user is suspended mid-session
Without the ability defined, the user is still logged out, but then
the deny_access check redirects to the login page. The re-login attempt
would then fail anyway, with an error message, but let's fix the abilities
and use the intended page.
Tom Hughes [Tue, 4 Jan 2022 19:10:16 +0000 (19:10 +0000)]
Re-enable the Performance/StringIdentifierArgument cop
Tom Hughes [Tue, 4 Jan 2022 19:05:13 +0000 (19:05 +0000)]
Update bundle
Tom Hughes [Tue, 4 Jan 2022 12:02:16 +0000 (12:02 +0000)]
Merge remote-tracking branch 'upstream/pull/3408'
Tom Hughes [Tue, 4 Jan 2022 12:01:16 +0000 (12:01 +0000)]
Remove redundant OpenID URL expansion code
It was only used for Google who have long since dropped OpenID support.
dependabot[bot] [Mon, 3 Jan 2022 23:00:41 +0000 (23:00 +0000)]
Bump eslint from 8.5.0 to 8.6.0
Bumps [eslint](https://github.com/eslint/eslint) from 8.5.0 to 8.6.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.5.0...v8.6.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
translatewiki.net [Mon, 3 Jan 2022 12:08:20 +0000 (13:08 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Thu, 30 Dec 2021 19:55:13 +0000 (19:55 +0000)]
Switch to 6.1 defaults as everything has been enabled for some time
translatewiki.net [Thu, 30 Dec 2021 12:09:01 +0000 (13:09 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 29 Dec 2021 18:29:38 +0000 (18:29 +0000)]
Test redirect from settings page to OmniAuth
Tom Hughes [Tue, 28 Dec 2021 18:46:05 +0000 (18:46 +0000)]
Fix new rubocop warnings
Tom Hughes [Tue, 28 Dec 2021 18:25:02 +0000 (18:25 +0000)]
Update bundle
translatewiki.net [Mon, 27 Dec 2021 12:09:57 +0000 (13:09 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Mon, 27 Dec 2021 10:25:44 +0000 (10:25 +0000)]
Allow PATCH for OmniAuth requests
This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.
As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.
translatewiki.net [Thu, 23 Dec 2021 12:09:28 +0000 (13:09 +0100)]
Localisation updates from https://translatewiki.net.
Tom Hughes [Wed, 22 Dec 2021 15:36:25 +0000 (15:36 +0000)]
Merge remote-tracking branch 'upstream/pull/3404'
Tom Hughes [Wed, 22 Dec 2021 15:26:23 +0000 (15:26 +0000)]
Merge remote-tracking branch 'upstream/pull/3403'