Tom Hughes [Mon, 20 Jul 2015 20:32:34 +0000 (21:32 +0100)]
Require a valid session token to resend a confirmation
Make user#confirm_resend require a valid token in the session
that matches the requested user, and ensure trying to login as
an unconfirmed user sets such a token.
Tom Hughes [Sun, 28 Jun 2015 09:35:44 +0000 (10:35 +0100)]
Use a fixed name for the asset manifest
Because we deploy by updating an existing environment the default
sprockets strategy gives us multiple randomly named manifest files
and it will then pick one arbitrarily when starting up.
Matt Amos [Sat, 13 Jun 2015 09:59:11 +0000 (10:59 +0100)]
Fix bug allowing created elements to reference deleted ones
The bug allows a newly-created element to refer to a deleted one
if the transactions for both overlap. Precisely, the issue is that
the check that an element exists does not prevent a concurrent
transaction from altering that row.
Because "deleting" an element in the OSM database does not remove
the row, we cannot rely on FK constraints to ensure the correct
behaviour. Instead, this fix relies on manually locking referenced
elements.
Note that this "fix" is suboptimal, as it does not allow any
updates to the referenced elements. Updates which do not delete
the row could safely be done, but will be prevented.
Also, it's not clear what the negative performance impact of this
change will be.
Tom Hughes [Thu, 11 Jun 2015 20:16:29 +0000 (21:16 +0100)]
Improve favicons
Following http://stackoverflow.com/questions/2268204/favicon-dimensions
advice on the best range of icons to offer, and using the site linked
there to generate everything.
Tom Hughes [Sun, 31 May 2015 13:53:02 +0000 (14:53 +0100)]
Upgrade vagrant config to use Ubuntu 14.04
This uses the sputnik13/trusty64 image rather then the official
ubuntu/trusty64 image in order to get libvirt provider support as
wall as virtualbox provider support.
Tom Hughes [Fri, 15 May 2015 14:34:12 +0000 (15:34 +0100)]
More improvements to mediawiki fragment escaping
It turns out that the PHP urlencode encodes more characters than
the ruby URI.encode does by default, so specify our own characters
to encode based on http://php.net/manual/en/function.urlencode.php
with the extra exclusion of colon, which the mediawiki code reverses
after the encoding is done.
Simon Poole [Sun, 3 May 2015 14:04:24 +0000 (16:04 +0200)]
Add links to the Beginners' guide, mailing lists and forums to the help page
From a pure design and content view (where the content is factual) a link
to learnosm.org would really be better. Potentially learnosm could be forked
and a version hosted on OSMF infrastructure with the marketing verbiage
for HOTs view of the world removed.
Tom Hughes [Sat, 28 Feb 2015 15:56:41 +0000 (15:56 +0000)]
Add support for Google OAuth2 authentication
This replaces OpenID authentication, which is going away soon, but
provides an upgrade path where we can migrate users that already have
a Google OpenID setup to the new system transparently.
Tom Hughes [Mon, 30 Mar 2015 20:15:19 +0000 (21:15 +0100)]
Drop memory limit support
The soft limit won't work with passenger 5 and causes spurious
errors to be reported back to browsers, and in any case it doesn't
actually seem to be necessary anymore.
Tom Hughes [Tue, 17 Mar 2015 18:49:39 +0000 (18:49 +0000)]
URI encode the X-Page-Title header
Browsers's are inconsistent in how they interpret the encoding
of a response header in an XHR request, so URI encode it so that
it simple ASCII we can then decode it again in the browser.