Commit graph

1068 commits

Author SHA1 Message Date
David Larlet
4a3c845eca
Handle iframes and target attribute with dompurify 2023-05-30 14:23:06 -04:00
David Larlet
fa3d653944
Update the test template to add the purify depency 2023-05-30 14:23:05 -04:00
David Larlet
3122286c8e
Use DOMPurify in escapeHTML() for a global impact 2023-05-30 14:22:04 -04:00
David Larlet
fd3f854a9c
Use DOMPurify to escape malicious input from user 2023-05-30 14:22:04 -04:00
David Larlet
4f5674073f
Merge pull request #1098 from umap-project/lebab-let-const
Apply Lebab for let/const conversions
2023-05-30 14:19:27 -04:00
David Larlet
8d6185c476
Manual review of Lebab for let/const conversions 2023-05-30 14:16:10 -04:00
David Larlet
56ce9ae22c
Apply Lebab for let/const conversions
As far as I understand, it default to `let` in these cases because the tool cannot figure out if a `const` is possible. It has to be checked manually:

```
./node_modules/lebab/bin/index.js --replace "umap/static/umap/js/*.js" --transform let
umap/static/umap/js/umap.xhr.js:
228:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.ui.js:
83:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.slideshow.js:
15:  warning  Unable to transform var  (let)
83:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.popup.js:
100:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.permissions.js:
14:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.layer.js:
195:  warning  Unable to transform var  (let)
436:  warning  Unable to transform var  (let)
568:  warning  Unable to transform var  (let)
584:  warning  Unable to transform var  (let)
989:  warning  Unable to transform var  (let)
1088:  warning  Unable to transform var  (let)
1098:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.js:
124:  warning  Unable to transform var  (let)
223:  warning  Unable to transform var  (let)
343:  warning  Unable to transform var  (let)
376:  warning  Unable to transform var  (let)
406:  warning  Unable to transform var  (let)
849:  warning  Unable to transform var  (let)
732:  warning  Unable to transform var  (let)
948:  warning  Unable to transform var  (let)
959:  warning  Unable to transform var  (let)
878:  warning  Unable to transform var  (let)
1085:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.icon.js:
145:  warning  Unable to transform var  (let)
184:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.forms.js:
453:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.features.js:
15:  warning  Unable to transform var  (let)
101:  warning  Unable to transform var  (let)
143:  warning  Unable to transform var  (let)
373:  warning  Unable to transform var  (let)
429:  warning  Unable to transform var  (let)
890:  warning  Unable to transform var  (let)
949:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.core.js:
149:  warning  Unable to transform var  (let)
175:  warning  Unable to transform var  (let)
umap/static/umap/js/umap.controls.js:
665:  warning  Unable to transform var  (let)
876:  warning  Unable to transform var  (let)
1249:  warning  Unable to transform var  (let)
```
2023-05-30 14:16:09 -04:00
Yohan Boniface
99b2bfb811 i18n 2023-05-30 17:52:33 +02:00
Yohan Boniface
7c2b7ac309 Simplify exlude of folder when running make messages 2023-05-30 17:52:32 +02:00
David Larlet
c42a08b3bc
Merge pull request #1110 from umap-project/add-editinosm-icon
Add missing edit-in-osm icon
2023-05-30 11:49:04 -04:00
Yohan Boniface
eaef600a97 Add missing edit-in-osm icon
fix #1096
2023-05-30 15:58:29 +02:00
Yohan Boniface
bd769091a7
Merge pull request #1109 from umap-project/direct-link
Also expose direct map URL in the export panel
2023-05-30 14:50:45 +02:00
Yohan Boniface
c52e093db8 Also expose direct map URL in the export panel
cf #699
2023-05-30 11:04:10 +02:00
Yohan Boniface
2f79078141
Merge pull request #1108 from umap-project/fix-js-tests
Fix JS tests
2023-05-30 08:46:38 +02:00
Yohan Boniface
50091ec0fa Redirect to "user_maps" at login end when window.opener is not accessibile
This is the case for Twitter.
We'll try to refactor the process later, but let's make it "acceptable"
for now.

cf #1097
2023-05-30 08:42:23 +02:00
Yohan Boniface
18232bcad0 Rename class to match switching to Twitter OAuth V2 2023-05-30 08:42:23 +02:00
Yohan Boniface
7b65820b73 HOT fix: add message in login_popup_end.html to work around Twitter issues
In case of logging through Twitter, we don't have access to
window.opener, so we cannot close the window and tell uMap to
finish the login process.
2023-05-30 08:42:23 +02:00
Yohan Boniface
a462a58ae0 Remove SOCIAL_AUTH_PIPELINE from settings/base.py
We are using the default, so not need to define them on our
side.
2023-05-30 08:42:23 +02:00
Yohan Boniface
9ca5ba974b Auth: mark id as protected, otherwise social-core try to create
new account at each login:

```
  File "/srv/umap/venv/lib/python3.10/site-packages/social_core/backends/base.py", line 83, in pipeline
    out = self.run_pipeline(pipeline, pipeline_index, *args, **kwargs)
  File "/srv/umap/venv/lib/python3.10/site-packages/social_core/backends/base.py", line 113, in run_pipeline
    result = func(*args, **out) or {}
  File "/srv/umap/venv/lib/python3.10/site-packages/social_core/pipeline/user.py", line 122, in user_details
    strategy.storage.user.changed(user)
  File "/srv/umap/venv/lib/python3.10/site-packages/social_django/storage.py", line 16, in changed
    user.save()
django.db.utils.IntegrityError: duplicate key value violates unique constraint "auth_user_username_key"
DETAIL:  Key (username)=(xxxxx) already exists.
```
2023-05-30 08:42:23 +02:00
David Larlet
23053a26fc Correct tests fixtures for options permissions 2023-05-26 14:12:08 -04:00
David Larlet
c5b19728f0 Fix sinon’s fakeServer’s URLs with /?date param
Since this commit 97e2df0a8d tests were broken because the URL has an extra date parameter to update the cache for datalayers. With the new regexp, we match these new URLs with the fakeServer from sinon.

Also update sinon to v15.
2023-05-26 13:39:58 -04:00
David Larlet
06a354730b Apply PrettierJS to tests files
Command: `make pretty filepath="umap/static/umap/test/*"`
2023-05-26 13:25:21 -04:00
David Larlet
7f85684d52
Merge pull request #1100 from umap-project/stats-view
Add a very basic `/stats/` JSON view
2023-05-23 13:05:11 -04:00
David Larlet
6f72df82b7 Improve stats view testing with another user 2023-05-23 12:09:10 -04:00
David Larlet
deb0ab09d3 Add one hour cache to the stats view 2023-05-23 11:51:54 -04:00
David Larlet
9d752ea306 Add a very basic /stats/ JSON view
Will be useful to feed munin for instance.
2023-05-22 17:47:04 -04:00
Yohan Boniface
b41a8cd39a
Merge pull request #1099 from umap-project/1090-followup
Follow up on #1090 for overlay’s opacity
2023-05-22 23:14:15 +02:00
David Larlet
b4b5497b09 Follow up on #1090 for overlay’s opacity
I missed that one and I fixed a bug in the meantime setting a correct label (vs. invisible placeholder for an input of type range).

I set a fallback on the datalist id in case no label is specified (which is probably not a good idea).
2023-05-22 14:41:45 -04:00
Yohan Boniface
32873b7fe3
Merge pull request #1092 from umap-project/713-better-anonymous-editing
Do not display an alert if the map is not created
2023-05-20 08:56:52 +02:00
Yohan Boniface
908dd7cc00
Merge pull request #1091 from umap-project/887-help-box-width
Max width for the help box (on small screens)
2023-05-19 18:27:40 +02:00
David Larlet
f83a666aa1 Do not display an alert if the map is not created
Refs #713, otherwise that first message is displayed and then override by the map creation one.
2023-05-19 11:32:40 -04:00
David Larlet
f604c12be3 Max width for the help box (on small screens)
Fix #887 as suggested by @esteban-em
2023-05-19 10:21:34 -04:00
Yohan Boniface
cd32b0eb3e
Merge pull request #1090 from umap-project/877-sliders-thickness
Display the steps for inputs of type range
2023-05-19 12:09:06 +02:00
Yohan Boniface
6348636324
Merge pull request #1089 from umap-project/lazy-load-tile-layers-thumbnails
Lazy load tile layers thumbnails
2023-05-19 11:24:25 +02:00
David Larlet
6156993536 Display the steps for inputs of type range
Fix #877
2023-05-18 14:20:46 -04:00
David Larlet
18cb5ba7c6 Lazy load tile layers thumbnails
The list can be pretty big (like on OSMfr).
2023-05-18 12:54:36 -04:00
David Larlet
d0f89c3be2
Merge pull request #1086 from umap-project/lebab-arrow
Install and apply Lebab for JS arrows’ conversions
2023-05-17 10:59:19 -04:00
David Larlet
d88eee9ca4 Manual lebab conversions 2023-05-16 16:19:14 -04:00
Yohan Boniface
ccea14bd56 Bump requests 2023-05-16 15:02:47 +02:00
Yohan Boniface
2794a018b7 Bump psycopg 2023-05-16 15:01:50 +02:00
Yohan Boniface
5938b87cfd Bump Pillow 2023-05-16 15:00:06 +02:00
Yohan Boniface
0229e5aebf Bump social-auth deps 2023-05-16 14:57:34 +02:00
Yohan Boniface
a6a9ff528a changelog 2023-05-16 10:34:43 +02:00
Yohan Boniface
317a8ba429
Merge pull request #683 from umap-project/fav
Allow to star maps and retrieve starred maps
2023-05-15 15:40:21 +02:00
Yohan Boniface
a2b1b7bc88 Refactor UserMaps and UserStars views 2023-05-15 14:50:18 +02:00
Yohan Boniface
40f40038f8 Fix url order for retrieving user stars
Since that initial PR, the username regex has been more gready.
2023-05-15 12:22:28 +02:00
Yohan Boniface
30f9612a12 Adapt star icon bg position after rebase 2023-05-15 12:22:28 +02:00
Yohan Boniface
8c113d9a19 Rename MapStar view in ToggleMapStarStatus 2023-05-15 12:22:28 +02:00
Yohan Boniface
1c5ffd8136 Update umap/views.py
Co-authored-by: David Larlet <3556+davidbgk@users.noreply.github.com>
2023-05-15 12:22:28 +02:00
Yohan Boniface
37b4d05da5 (WIP) Allow to star map and retrieve starred maps 2023-05-15 12:22:26 +02:00