Merge remote-tracking branch 'upstream/pull/5346'

[rails.git] / test / integration / user_creation_test.rb
diff --git a/test/integration/user_creation_test.rb b/test/integration/user_creation_test.rb

index e2d89f55554017ed66f9ae5ecefb3982db281a21..f75fde75e197be59b835632b71781f3cc7ab93ff 100644 (file)
--- a/test/integration/user_creation_test.rb
+++ b/test/integration/user_creation_test.rb
@@ -32,10 +32,33 @@ class UserCreationTest < ActionDispatch::IntegrationTest
          perform_enqueued_jobs do
            post "/user/new",
                 :params => { :user => { :email => dup_email,
-                                       :email_confirmation => dup_email,
                                         :display_name => display_name,
                                         :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest" } }
+                                       :pass_crypt_confirmation => "testtest",
+                                       :consider_pd => "1" } }
+        end
+      end
+    end
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form"
+    assert_select "form > div > input.is-invalid#user_email"
+  end
+
+  def test_user_create_association_submit_duplicate_email
+    dup_email = create(:user).email
+    display_name = "new_tester"
+    assert_difference("User.count", 0) do
+      assert_no_difference("ActionMailer::Base.deliveries.size") do
+        perform_enqueued_jobs do
+          post "/user/new",
+               :params => { :user => { :email => dup_email,
+                                       :display_name => display_name,
+                                       :pass_crypt => "testtest",
+                                       :pass_crypt_confirmation => "testtest",
+                                       :auth_provider => "google",
+                                       :auth_uid => "123454321",
+                                       :consider_pd => "1" } }
          end
        end
      end
@@ -53,7 +76,6 @@ class UserCreationTest < ActionDispatch::IntegrationTest
          perform_enqueued_jobs do
            post "/user/new",
                 :params => { :user => { :email => email,
-                                       :email_confirmation => email,
                                         :display_name => dup_display_name,
                                         :pass_crypt => "testtest",
                                         :pass_crypt_confirmation => "testtest" } }
@@ -65,30 +87,60 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      assert_select "form > div > input.is-invalid#user_display_name"
    end
  
-  def test_user_create_success
-    new_email = "newtester@osm.org"
+  def test_user_create_submit_mismatched_passwords
+    email = "newtester@osm.org"
      display_name = "new_tester"
-
      assert_difference("User.count", 0) do
        assert_difference("ActionMailer::Base.deliveries.size", 0) do
          perform_enqueued_jobs do
            post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
+               :params => { :user => { :email => email,
                                         :display_name => display_name,
                                         :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest" } }
+                                       :pass_crypt_confirmation => "blahblah",
+                                       :consider_pd => "1" } }
+        end
+      end
+    end
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > div > div > input.is-invalid#user_pass_crypt_confirmation"
+  end
+
+  def test_user_create_association_submit_duplicate_username
+    dup_display_name = create(:user).display_name
+    email = "new_tester"
+    assert_difference("User.count", 0) do
+      assert_no_difference("ActionMailer::Base.deliveries.size") do
+        perform_enqueued_jobs do
+          post "/user/new",
+               :params => { :user => { :email => email,
+                                       :display_name => dup_display_name,
+                                       :auth_provider => "google",
+                                       :auth_uid => "123454321",
+                                       :consider_pd => "1" } }
          end
        end
      end
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_display_name"
+  end
  
-    assert_redirected_to "/user/terms"
+  def test_user_create_success
+    new_email = "newtester@osm.org"
+    display_name = "new_tester"
  
-    assert_difference("User.count") do
+    assert_difference("User.count", 1) do
        assert_difference("ActionMailer::Base.deliveries.size", 1) do
          perform_enqueued_jobs do
-          post "/user/save",
-               :params => { :read_ct => 1, :read_tou => 1 }
+          post "/user/new",
+               :params => { :user => { :email => new_email,
+                                       :display_name => display_name,
+                                       :pass_crypt => "testtest",
+                                       :pass_crypt_confirmation => "testtest",
+                                       :consider_pd => "1" } }
+          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
            follow_redirect!
          end
        end
@@ -110,7 +162,6 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      post confirmation_url
  
-    assert_response :redirect
      assert_redirected_to welcome_path
  
      user.reload
@@ -119,41 +170,14 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      assert_equal user, User.authenticate(:username => new_email, :password => "testtest")
    end
  
-  def test_user_create_no_tou_failure
-    new_email = "#newtester@osm.org"
-    display_name = "new_tester"
-
-    assert_difference("User.count", 0) do
-      assert_difference("ActionMailer::Base.deliveries.size", 0) do
-        perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest" } }
-        end
-      end
-    end
-
-    assert_redirected_to "/user/terms"
-
-    perform_enqueued_jobs do
-      post "/user/save"
-      assert_redirected_to "/user/terms"
-    end
-
-    ActionMailer::Base.deliveries.clear
-  end
-
    # Check that the user can successfully recover their password
-  def test_lost_password_recovery_success
-    # Open the lost password form
-    # Submit the lost password form
-    # Check the e-mail
-    # Submit the reset password token
-    # Check that the password has changed, and the user can login
-  end
+  # def test_lost_password_recovery_success
+  #   Open the lost password form
+  #   Submit the lost password form
+  #   Check the e-mail
+  #   Submit the reset password token
+  #   Check that the password has changed, and the user can login
+  # end
  
    def test_user_create_redirect
      new_email = "redirect_tester@osm.org"
@@ -166,19 +190,13 @@ class UserCreationTest < ActionDispatch::IntegrationTest
          perform_enqueued_jobs do
            post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
                                         :display_name => display_name,
                                         :pass_crypt => password,
-                                       :pass_crypt_confirmation => password },
+                                       :pass_crypt_confirmation => password,
+                                       :consider_pd => "1" },
                              :referer => referer }
-          assert_redirected_to "/user/terms"
-          post "/user/save",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :pass_crypt => password,
-                                       :pass_crypt_confirmation => password },
-                            :read_ct => 1, :read_tou => 1 }
+          assert_response(:redirect)
+          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
            follow_redirect!
          end
        end
@@ -189,11 +207,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+    confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-    confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+    confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@ -202,11 +220,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@ -214,48 +232,59 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    end
  
    def test_user_create_openid_success
-    OmniAuth.config.add_mock(:openid, :uid => "http://localhost:1123/new.tester")
-
      new_email = "newtester-openid@osm.org"
      display_name = "new_tester-openid"
-    password = "testtest"
+    openid_url = "http://localhost:1000/new.tester"
+    auth_uid = "http://localhost:1123/new.tester"
+
+    OmniAuth.config.add_mock(:openid,
+                             :uid => auth_uid,
+                             :info => { :email => new_email, :name => display_name })
+
      assert_difference("User.count") do
        assert_difference("ActionMailer::Base.deliveries.size", 1) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "openid",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
-          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
+          post auth_path(:provider => "openid", :openid_url => openid_url, :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => openid_url, :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => new_email,
+                               :auth_provider => "openid", :auth_uid => auth_uid
+          follow_redirect!
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
                                         :display_name => display_name,
                                         :auth_provider => "openid",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => password,
-                                       :pass_crypt_confirmation => password },
-                            :read_ct => 1, :read_tou => 1 }
-          assert_response :redirect
-          follow_redirect!
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
          end
        end
      end
  
      # Check the page
+    assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+
+    ActionMailer::Base.deliveries.clear
+  end
+
+  def test_user_create_openid_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-openid"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:openid,
+                             :uid => auth_uid,
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "openid", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "openid", :origin => "/user/new")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email,
+                         :auth_provider => "openid", :auth_uid => auth_uid
+    follow_redirect!
+
      assert_response :success
-    assert_template "confirmations/confirm"
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
  
      ActionMailer::Base.deliveries.clear
    end
@@ -263,32 +292,14 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    def test_user_create_openid_failure
      OmniAuth.config.mock_auth[:openid] = :connection_failed
  
-    new_email = "newtester-openid2@osm.org"
-    display_name = "new_tester-openid2"
      assert_difference("User.count", 0) do
        assert_difference("ActionMailer::Base.deliveries.size", 0) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "openid",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
-          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
+          post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
            assert_redirected_to auth_failure_path(:strategy => "openid", :message => "connection_failed", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
          end
        end
      end
@@ -297,41 +308,30 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    end
  
    def test_user_create_openid_redirect
-    OmniAuth.config.add_mock(:openid, :uid => "http://localhost:1123/new.tester")
-
+    openid_url = "http://localhost:1000/new.tester"
+    auth_uid = "http://localhost:1123/new.tester"
      new_email = "redirect_tester_openid@osm.org"
      display_name = "redirect_tester_openid"
-    # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
+
+    OmniAuth.config.add_mock(:openid,
+                             :uid => auth_uid,
+                             :info => { :email => new_email, :name => display_name })
+
      assert_difference("User.count") do
        assert_difference("ActionMailer::Base.deliveries.size", 1) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "openid",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" },
-                            :referer => referer }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
-          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
+          post auth_path(:provider => "openid", :openid_url => openid_url, :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => openid_url, :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => new_email,
+                               :auth_provider => "openid", :auth_uid => auth_uid
+          follow_redirect!
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
                                         :display_name => display_name,
                                         :auth_provider => "openid",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest" },
-                            :read_ct => 1, :read_tou => 1 }
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
            follow_redirect!
          end
        end
@@ -342,11 +342,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+    confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-    confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+    confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@ -355,11 +355,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@ -368,39 +368,33 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
    def test_user_create_google_success
      new_email = "newtester-google@osm.org"
+    email_hmac = UsersController.message_hmac(new_email)
      display_name = "new_tester-google"
-    password = "testtest"
+    auth_uid = "123454321"
  
-    OmniAuth.config.add_mock(:google, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:google,
+                             :uid => auth_uid,
+                             :extra => { :id_info => { :openid_id => "http://localhost:1123/new.tester" } },
+                             :info => { :email => new_email, :name => display_name })
  
      assert_difference("User.count") do
        assert_no_difference("ActionMailer::Base.deliveries.size") do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "google",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "google", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "google")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :email_hmac => email_hmac,
+                               :auth_provider => "google", :auth_uid => auth_uid
+          follow_redirect!
+
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
                                         :display_name => display_name,
                                         :auth_provider => "google",
-                                       :auth_uid => "123454321",
-                                       :pass_crypt => password,
-                                       :pass_crypt_confirmation => password },
-                            :read_ct => 1, :read_tou => 1 }
-          assert_response :redirect
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" },
+                            :email_hmac => email_hmac }
            assert_redirected_to welcome_path
            follow_redirect!
          end
@@ -414,34 +408,43 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
    end
  
+  def test_user_create_google_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-google"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:google,
+                             :uid => auth_uid,
+                             :extra => { :id_info => { :openid_id => "http://localhost:1123/new.tester" } },
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "google", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "google")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email,
+                         :email_hmac => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "google", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
+
+    ActionMailer::Base.deliveries.clear
+  end
+
    def test_user_create_google_failure
      OmniAuth.config.mock_auth[:google] = :connection_failed
  
-    new_email = "newtester-google2@osm.org"
-    display_name = "new_tester-google2"
      assert_difference("User.count", 0) do
        assert_difference("ActionMailer::Base.deliveries.size", 0) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "google",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
+          post auth_path(:provider => "google", :origin => "/user/new")
            assert_response :redirect
-          assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
-          assert_redirected_to auth_success_path(:provider => "google")
            follow_redirect!
-          assert_response :redirect
            assert_redirected_to auth_failure_path(:strategy => "google", :message => "connection_failed", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
          end
        end
      end
@@ -450,42 +453,35 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    end
  
    def test_user_create_google_redirect
-    OmniAuth.config.add_mock(:google, :uid => "123454321", :extra => {
-                               :id_info => { "openid_id" => "http://localhost:1123/new.tester" }
-                             })
-
-    new_email = "redirect_tester_google@osm.org"
+    orig_email = "redirect_tester_google_orig@google.com"
+    email_hmac = UsersController.message_hmac(orig_email)
+    new_email =  "redirect_tester_google@osm.org"
      display_name = "redirect_tester_google"
-    # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:google,
+                             :uid => auth_uid,
+                             :extra => { :id_info => { :openid_id => "http://localhost:1123/new.tester" } },
+                             :info => { :email => orig_email, :name => display_name })
+
      assert_difference("User.count") do
        assert_difference("ActionMailer::Base.deliveries.size", 1) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "google",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" },
-                            :referer => referer }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "google", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "google")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :email_hmac => email_hmac,
+                               :auth_provider => "google", :auth_uid => auth_uid
+          follow_redirect!
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
+                                       :email_hmac => email_hmac,
                                         :display_name => display_name,
                                         :auth_provider => "google",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest" },
-                            :read_ct => 1, :read_tou => 1 }
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
            follow_redirect!
          end
        end
@@ -496,11 +492,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+    confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-    confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+    confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@ -509,11 +505,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@ -522,39 +518,32 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
    def test_user_create_facebook_success
      new_email = "newtester-facebook@osm.org"
+    email_hmac = UsersController.message_hmac(new_email)
      display_name = "new_tester-facebook"
-    password = "testtest"
+    auth_uid = "123454321"
  
-    OmniAuth.config.add_mock(:facebook, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:facebook,
+                             :uid => auth_uid,
+                             :info => { "email" => new_email, :name => display_name })
  
      assert_difference("User.count") do
        assert_no_difference("ActionMailer::Base.deliveries.size") do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "facebook",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "facebook", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "facebook")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :email_hmac => email_hmac,
+                               :auth_provider => "facebook", :auth_uid => auth_uid
+          follow_redirect!
+
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
                                         :display_name => display_name,
                                         :auth_provider => "facebook",
-                                       :auth_uid => "123454321",
-                                       :pass_crypt => password,
-                                       :pass_crypt_confirmation => password },
-                            :read_ct => 1, :read_tou => 1 }
-          assert_response :redirect
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" },
+                            :email_hmac => email_hmac }
            assert_redirected_to welcome_path
            follow_redirect!
          end
@@ -568,34 +557,42 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
    end
  
+  def test_user_create_facebook_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-facebook"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:facebook,
+                             :uid => auth_uid,
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "facebook", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "facebook")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email,
+                         :email_hmac => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "facebook", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
+
+    ActionMailer::Base.deliveries.clear
+  end
+
    def test_user_create_facebook_failure
      OmniAuth.config.mock_auth[:facebook] = :connection_failed
  
-    new_email = "newtester-facebook2@osm.org"
-    display_name = "new_tester-facebook2"
      assert_difference("User.count", 0) do
        assert_difference("ActionMailer::Base.deliveries.size", 0) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "facebook",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
-          post response.location
+          post auth_path(:provider => "facebook", :origin => "/user/new")
            assert_response :redirect
-          assert_redirected_to auth_success_path(:provider => "facebook")
            follow_redirect!
-          assert_response :redirect
            assert_redirected_to auth_failure_path(:strategy => "facebook", :message => "connection_failed", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
          end
        end
      end
@@ -604,40 +601,36 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    end
  
    def test_user_create_facebook_redirect
-    OmniAuth.config.add_mock(:facebook, :uid => "123454321")
-
+    orig_email = "redirect_tester_facebook_orig@osm.org"
+    email_hmac = UsersController.message_hmac(orig_email)
      new_email = "redirect_tester_facebook@osm.org"
      display_name = "redirect_tester_facebook"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:facebook,
+                             :uid => auth_uid,
+                             :info => { :email => orig_email, :name => display_name })
+
      # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
      assert_difference("User.count") do
        assert_difference("ActionMailer::Base.deliveries.size", 1) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "facebook",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" },
-                            :referer => referer }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "facebook", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "facebook")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :email_hmac => email_hmac,
+                               :auth_provider => "facebook", :auth_uid => auth_uid
+          follow_redirect!
+
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
+                                       :email_hmac => email_hmac,
                                         :display_name => display_name,
                                         :auth_provider => "facebook",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest" },
-                            :read_ct => 1, :read_tou => 1 }
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
            follow_redirect!
          end
        end
@@ -648,11 +641,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+    confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-    confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+    confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@ -661,11 +654,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@ -674,39 +667,31 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
    def test_user_create_microsoft_success
      new_email = "newtester-microsoft@osm.org"
+    email_hmac = UsersController.message_hmac(new_email)
      display_name = "new_tester-microsoft"
-    password = "testtest"
+    auth_uid = "123454321"
  
-    OmniAuth.config.add_mock(:microsoft, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:microsoft,
+                             :uid => auth_uid,
+                             :info => { "email" => new_email, :name => display_name })
  
      assert_difference("User.count") do
        assert_difference("ActionMailer::Base.deliveries.size", 0) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "microsoft",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "microsoft", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "microsoft", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "microsoft")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :email_hmac => email_hmac,
+                               :auth_provider => "microsoft", :auth_uid => auth_uid
+          follow_redirect!
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
                                         :display_name => display_name,
                                         :auth_provider => "microsoft",
-                                       :auth_uid => "123454321",
-                                       :pass_crypt => password,
-                                       :pass_crypt_confirmation => password },
-                            :read_ct => 1, :read_tou => 1 }
-          assert_response :redirect
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" },
+                            :email_hmac => email_hmac }
            assert_redirected_to welcome_path
            follow_redirect!
          end
@@ -720,34 +705,42 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
    end
  
+  def test_user_create_microsoft_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-microsoft"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:microsoft,
+                             :uid => auth_uid,
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "microsoft", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "microsoft")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email,
+                         :email_hmac => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "microsoft", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
+
+    ActionMailer::Base.deliveries.clear
+  end
+
    def test_user_create_microsoft_failure
      OmniAuth.config.mock_auth[:microsoft] = :connection_failed
  
-    new_email = "newtester-microsoft2@osm.org"
-    display_name = "new_tester-microsoft2"
      assert_difference("User.count", 0) do
        assert_difference("ActionMailer::Base.deliveries.size", 0) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "microsoft",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
+          post auth_path(:provider => "microsoft", :origin => "/user/new")
            assert_response :redirect
-          assert_redirected_to auth_path(:provider => "microsoft", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
-          assert_redirected_to auth_success_path(:provider => "microsoft")
            follow_redirect!
-          assert_response :redirect
            assert_redirected_to auth_failure_path(:strategy => "microsoft", :message => "connection_failed", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
          end
        end
      end
@@ -756,40 +749,35 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    end
  
    def test_user_create_microsoft_redirect
-    OmniAuth.config.add_mock(:microsoft, :uid => "123454321")
-
+    orig_email = "redirect_tester_microsoft_orig@osm.org"
+    email_hmac = UsersController.message_hmac(orig_email)
      new_email = "redirect_tester_microsoft@osm.org"
      display_name = "redirect_tester_microsoft"
-    # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:microsoft,
+                             :uid => auth_uid,
+                             :info => { :email => orig_email, :name => display_name })
+
      assert_difference("User.count") do
        assert_difference("ActionMailer::Base.deliveries.size", 1) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "microsoft",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" },
-                            :referer => referer }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "microsoft", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "microsoft", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "microsoft")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :email_hmac => email_hmac,
+                               :auth_provider => "microsoft", :auth_uid => auth_uid
+          follow_redirect!
+
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
+                                       :email_hmac => email_hmac,
                                         :display_name => display_name,
                                         :auth_provider => "microsoft",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest" },
-                            :read_ct => 1, :read_tou => 1 }
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
            follow_redirect!
          end
        end
@@ -800,11 +788,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+    confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-    confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+    confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@ -813,11 +801,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@ -826,41 +814,37 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
    def test_user_create_github_success
      new_email = "newtester-github@osm.org"
+    email_hmac = UsersController.message_hmac(new_email)
      display_name = "new_tester-github"
      password = "testtest"
+    auth_uid = "123454321"
  
-    OmniAuth.config.add_mock(:github, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:github,
+                             :uid => auth_uid,
+                             :info => { "email" => new_email, :name => display_name })
  
      assert_difference("User.count") do
-      assert_difference("ActionMailer::Base.deliveries.size", 1) do
+      assert_no_difference("ActionMailer::Base.deliveries.size") do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "github",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "github", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "github")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :email_hmac => email_hmac,
+                               :auth_provider => "github", :auth_uid => auth_uid
+          follow_redirect!
+
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
                                         :display_name => display_name,
                                         :auth_provider => "github",
                                         :auth_uid => "123454321",
                                         :pass_crypt => password,
                                         :pass_crypt_confirmation => password },
                              :read_ct => 1,
-                            :read_tou => 1 }
-          assert_response :redirect
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+                            :read_tou => 1,
+                            :email_hmac => email_hmac }
+          assert_redirected_to welcome_path
            follow_redirect!
          end
        end
@@ -868,7 +852,32 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      # Check the page
      assert_response :success
-    assert_template "confirmations/confirm"
+    assert_template "site/welcome"
+
+    ActionMailer::Base.deliveries.clear
+  end
+
+  def test_user_create_github_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-github"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:github,
+                             :uid => auth_uid,
+                             :extra => { :id_info => { :openid_id => "http://localhost:1123/new.tester" } },
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "github", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "github")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                         :email => dup_user.email, :email_hmac => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "github", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
  
      ActionMailer::Base.deliveries.clear
    end
@@ -876,31 +885,14 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    def test_user_create_github_failure
      OmniAuth.config.mock_auth[:github] = :connection_failed
  
-    new_email = "newtester-github2@osm.org"
-    display_name = "new_tester-github2"
      assert_difference("User.count", 0) do
        assert_difference("ActionMailer::Base.deliveries.size", 0) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "github",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
-          assert_redirected_to auth_success_path(:provider => "github")
+          post auth_path(:provider => "github", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
            assert_redirected_to auth_failure_path(:strategy => "github", :message => "connection_failed", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
          end
        end
      end
@@ -909,41 +901,34 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    end
  
    def test_user_create_github_redirect
-    OmniAuth.config.add_mock(:github, :uid => "123454321")
-
+    orig_email = "redirect_tester_github_orig@osm.org"
+    email_hmac = UsersController.message_hmac(orig_email)
      new_email = "redirect_tester_github@osm.org"
      display_name = "redirect_tester_github"
-    # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:github,
+                             :uid => auth_uid,
+                             :info => { :email => orig_email, :name => display_name })
+
      assert_difference("User.count") do
        assert_difference("ActionMailer::Base.deliveries.size", 1) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "github",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" },
-                            :referer => referer }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "github", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "github")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :email_hmac => email_hmac,
+                               :auth_provider => "github", :auth_uid => auth_uid
+          follow_redirect!
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
+                                       :email_hmac => email_hmac,
                                         :display_name => display_name,
                                         :auth_provider => "github",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest" },
-                            :read_ct => 1,
-                            :read_tou => 1 }
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
            follow_redirect!
          end
        end
@@ -954,11 +939,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+    confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-    confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+    confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@ -967,11 +952,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@ -980,41 +965,36 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
    def test_user_create_wikipedia_success
      new_email = "newtester-wikipedia@osm.org"
+    email_hmac = UsersController.message_hmac(new_email)
      display_name = "new_tester-wikipedia"
      password = "testtest"
+    auth_uid = "123454321"
  
-    OmniAuth.config.add_mock(:wikipedia, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:wikipedia,
+                             :uid => auth_uid,
+                             :info => { :email => new_email, :name => display_name })
  
      assert_difference("User.count") do
-      assert_difference("ActionMailer::Base.deliveries.size", 1) do
+      assert_no_difference("ActionMailer::Base.deliveries.size") do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "wikipedia",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "wikipedia", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :email_hmac => email_hmac,
+                               :auth_provider => "wikipedia", :auth_uid => auth_uid
+          follow_redirect!
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
                                         :display_name => display_name,
                                         :auth_provider => "wikipedia",
                                         :auth_uid => "123454321",
                                         :pass_crypt => password,
                                         :pass_crypt_confirmation => password },
                              :read_ct => 1,
-                            :read_tou => 1 }
-          assert_response :redirect
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+                            :read_tou => 1,
+                            :email_hmac => email_hmac }
+          assert_redirected_to welcome_path
            follow_redirect!
          end
        end
@@ -1022,7 +1002,29 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      # Check the page
      assert_response :success
-    assert_template "confirmations/confirm"
+    assert_template "site/welcome"
+  end
+
+  def test_user_create_wikipedia_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-wikipedia"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:wikipedia,
+                             :uid => auth_uid,
+                             :info => { "email" => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "wikipedia", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                         :email => dup_user.email, :email_hmac => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "wikipedia", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
  
      ActionMailer::Base.deliveries.clear
    end
@@ -1030,31 +1032,15 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    def test_user_create_wikipedia_failure
      OmniAuth.config.mock_auth[:wikipedia] = :connection_failed
  
-    new_email = "newtester-wikipedia2@osm.org"
-    display_name = "new_tester-wikipedia2"
      assert_difference("User.count", 0) do
        assert_difference("ActionMailer::Base.deliveries.size", 0) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "wikipedia",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" } }
+          post auth_path(:provider => "wikipedia", :origin => "/user/new")
            assert_response :redirect
-          assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
-          assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
            assert_redirected_to auth_failure_path(:strategy => "wikipedia", :message => "connection_failed", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
          end
        end
      end
@@ -1063,41 +1049,36 @@ class UserCreationTest < ActionDispatch::IntegrationTest
    end
  
    def test_user_create_wikipedia_redirect
-    OmniAuth.config.add_mock(:wikipedia, :uid => "123454321")
-
+    orig_email = "redirect_tester_wikipedia_orig@osm.org"
+    email_hmac = UsersController.message_hmac(orig_email)
      new_email = "redirect_tester_wikipedia@osm.org"
      display_name = "redirect_tester_wikipedia"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:wikipedia,
+                             :uid => auth_uid,
+                             :info => { :email => orig_email, :name => display_name })
+
      # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
      assert_difference("User.count") do
        assert_difference("ActionMailer::Base.deliveries.size", 1) do
          perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "wikipedia",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "" },
-                            :referer => referer }
-          assert_response :redirect
-          assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
-          post response.location
-          assert_response :redirect
+          post auth_path(:provider => "wikipedia", :origin => "/user/new")
            assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
            follow_redirect!
-          assert_response :redirect
-          assert_redirected_to "/user/terms"
-          post "/user/save",
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :email_hmac => email_hmac,
+                               :auth_provider => "wikipedia", :auth_uid => auth_uid
+          follow_redirect!
+
+          post "/user/new",
                 :params => { :user => { :email => new_email,
-                                       :email_confirmation => new_email,
+                                       :email_hmac => email_hmac,
                                         :display_name => display_name,
                                         :auth_provider => "wikipedia",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest" },
-                            :read_ct => 1,
-                            :read_tou => 1 }
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
            follow_redirect!
          end
        end
@@ -1108,11 +1089,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-    confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+    confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-    confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+    confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@ -1121,11 +1102,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+    post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success