]> git.openstreetmap.org Git - rails.git/commitdiff
Add social signin buttons to signup screen, avoid repeating round trip to auth provider.
authorMilan Cvetkovic <mcvetkovic@microsoft.com>
Mon, 18 Mar 2024 15:32:00 +0000 (15:32 +0000)
committerTom Hughes <tom@compton.nu>
Sat, 27 Apr 2024 11:44:10 +0000 (12:44 +0100)
app/controllers/users_controller.rb
app/views/users/new.html.erb
config/locales/en.yml
test/integration/user_creation_test.rb

index 4974d99f14a432da888bde7b511950af2f0bbbf3..74ec5c0ec323f911af2017181b19cc16767cf408 100644 (file)
@@ -69,12 +69,17 @@ class UsersController < ApplicationController
       # page, instead send them to the home page
       redirect_to @referer || { :controller => "site", :action => "index" }
     elsif params.key?(:auth_provider) && params.key?(:auth_uid)
+      @verified_email = params[:verified_email]
+
       self.current_user = User.new(:email => params[:email],
                                    :display_name => params[:nickname],
                                    :auth_provider => params[:auth_provider],
                                    :auth_uid => params[:auth_uid])
 
       flash.now[:notice] = render_to_string :partial => "auth_association"
+
+      # validate before displaying to show email field if it conflicts
+      flash.now[:notice] = t ".duplicate_social_email" unless current_user.valid? && current_user.errors[:email].empty?
     else
       check_signup_allowed
 
@@ -90,7 +95,7 @@ class UsersController < ApplicationController
 
       Rails.logger.info "create: #{session[:referer]}"
 
-      if current_user.auth_provider.present? && current_user.pass_crypt.empty?
+      if current_user.auth_uid.present?
         # We are creating an account with external authentication and
         # no password was specified so create a random one
         current_user.pass_crypt = SecureRandom.base64(16)
@@ -100,14 +105,9 @@ class UsersController < ApplicationController
       if current_user.invalid?
         # Something is wrong with a new user, so rerender the form
         render :action => "new"
-      elsif current_user.auth_provider.present?
-        # Verify external authenticator before moving on
-        session[:new_user] = current_user.slice("email", "display_name", "pass_crypt", "pass_crypt_confirmation", "consider_pd")
-        redirect_to auth_url(current_user.auth_provider, current_user.auth_uid), :status => :temporary_redirect
       else
         # Save the user record
-        session[:new_user] = current_user.slice("email", "display_name", "pass_crypt", "pass_crypt_confirmation", "consider_pd")
-        save_new_user
+        save_new_user params[:verified_email]
       end
     end
   end
@@ -131,7 +131,7 @@ class UsersController < ApplicationController
       if current_user&.terms_agreed?
         # Already agreed to terms, so just show settings
         redirect_to edit_account_path
-      elsif current_user.nil? && session[:new_user].nil?
+      elsif current_user.nil?
         redirect_to login_path(:referer => request.fullpath)
       end
     end
@@ -220,12 +220,6 @@ class UsersController < ApplicationController
       session[:user_errors] = current_user.errors.as_json
 
       redirect_to edit_account_path
-    elsif session[:new_user]
-      session[:new_user]["auth_provider"] = provider
-      session[:new_user]["auth_uid"] = uid
-      session[:new_user]["verified_email"] = email if email_verified
-
-      save_new_user
     else
       user = User.find_by(:auth_provider => provider, :auth_uid => uid)
 
@@ -247,7 +241,8 @@ class UsersController < ApplicationController
           failed_login t("sessions.new.auth failure")
         end
       else
-        redirect_to :action => "new", :nickname => name, :email => email,
+        verified_email = UsersController.message_hmac(email) if email_verified && email
+        redirect_to :action => "new", :nickname => name, :email => email, :verified_email => verified_email,
                     :auth_provider => provider, :auth_uid => uid
       end
     end
@@ -263,14 +258,16 @@ class UsersController < ApplicationController
     redirect_to origin || login_url
   end
 
-  private
-
-  def save_new_user
-    new_user = session.delete(:new_user)
-    verified_email = new_user.delete("verified_email")
+  def self.message_hmac(text)
+    sha256 = Digest::SHA256.new
+    sha256 << Rails.application.key_generator.generate_key("openstreetmap/verified_email")
+    sha256 << text
+    Base64.urlsafe_encode64(sha256.digest)
+  end
 
-    self.current_user = User.new(new_user)
+  private
 
+  def save_new_user(email_hmac)
     if check_signup_allowed(current_user.email)
       current_user.data_public = true
       current_user.description = "" if current_user.description.nil?
@@ -283,7 +280,7 @@ class UsersController < ApplicationController
       if current_user.auth_uid.blank?
         current_user.auth_provider = nil
         current_user.auth_uid = nil
-      elsif current_user.email == verified_email
+      elsif email_hmac && ActiveSupport::SecurityUtils.secure_compare(email_hmac, UsersController.message_hmac(current_user.email))
         current_user.activate
       end
 
index 0d3160a8c2127c915d371095ecd888ea2cd5ddcb..918b315e8aca21de45a1bfe95a2ca62d69cd7881 100644 (file)
@@ -1,5 +1,6 @@
 <% content_for :head do %>
   <%= javascript_include_tag "user" %>
+  <%= javascript_include_tag "auth_providers" %>
 <% end %>
 
 <% content_for :heading_class, "p-0 mw-100" %>
 <% end %>
 
 <div class="auth-container mx-auto my-0">
-  <div class="text-muted fs-6">
-    <p><strong><%= t ".about.header" %></strong> <%= t ".about.paragraph_1" %></p>
-    <p><%= t ".about.paragraph_2" %></p>
-  </div>
+  <% if current_user.auth_uid.nil? %>
+    <div class="text-muted fs-6">
+      <p><strong><%= t ".about.header" %></strong> <%= t ".about.paragraph_1" %></p>
+      <p><%= t ".about.paragraph_2" %></p>
+    </div>
+  <% else %>
+    <h4><%= t ".about.welcome" %></h4>
+  <% end %>
 
   <%= bootstrap_form_for current_user, :url => { :action => "create" } do |f| %>
     <%= hidden_field_tag("referer", h(@referer)) unless @referer.nil? %>
+    <%= hidden_field_tag("verified_email", h(@verified_email)) unless @verified_email.nil? %>
+    <%= f.hidden_field :auth_provider unless current_user.auth_provider.nil? %>
+    <%= f.hidden_field :auth_uid unless current_user.auth_uid.nil? %>
 
-    <%= f.email_field :email, :help => t(".email_help_html",
-                                         :privacy_policy_link => link_to(t(".privacy_policy"),
-                                                                         t(".privacy_policy_url"),
-                                                                         :title => t(".privacy_policy_title"))),
-                              :tabindex => 1 %>
+    <% if current_user.auth_uid.nil? or not current_user.errors[:email].empty? %>
+      <%= f.email_field :email, :help => t(".email_help_html",
+                                           :privacy_policy_link => link_to(t(".privacy_policy"),
+                                                                           t(".privacy_policy_url"),
+                                                                           :title => t(".privacy_policy_title"),
+                                                                           :target => :new)),
+                                :tabindex => 1 %>
+    <% else %>
+      <%= f.hidden_field :email %>
+    <% end %>
 
     <%= f.text_field :display_name, :help => t(".display name description"), :tabindex => 2 %>
 
-    <fieldset class="mb-3" id="auth_field">
-      <label for="user_auth_provider" class="form-label"><%= t(".external auth") %></label>
+    <% if current_user.auth_uid.nil? %>
       <div class="row">
-        <%= f.select(:auth_provider, Auth.providers, :default => "", :hide_label => true, :wrapper => { :class => "col-auto mb-0" }, :tabindex => 3) %>
-        <%= f.text_field(:auth_uid, :hide_label => true, :wrapper => { :class => "col mb-0" }, :tabindex => 4) %>
+        <div class="col-sm">
+          <%= f.password_field :pass_crypt, :tabindex => 3 %>
+        </div>
+        <div class="col-sm">
+          <%= f.password_field :pass_crypt_confirmation, :tabindex => 4 %>
+        </div>
       </div>
-      <small class="form-text text-muted"><%= t ".auth no password" %></small>
-    </fieldset>
-
-    <%= f.password_field :pass_crypt, :tabindex => 5 %>
-    <%= f.password_field :pass_crypt_confirmation, :tabindex => 6 %>
+    <% end %>
 
     <p class="mb-3 text-muted"><%= t(".by_signing_up_html",
                                      :tou_link => link_to(t("layouts.tou"),
                                                           "https://wiki.osmfoundation.org/wiki/Terms_of_Use",
                                                           :target => :new),
+                                     :privacy_policy_link => link_to(t(".privacy_policy"),
+                                                                     t(".privacy_policy_url"),
+                                                                     :title => t(".privacy_policy_title"),
+                                                                     :target => :new),
                                      :contributor_terms_link => link_to(t(".contributor_terms"),
                                                                         t(".contributor_terms_url"),
                                                                         :target => :new)) %></p>
 
-    <div class="mb-3">
-      <%= submit_tag(t(".continue"), :name => "continue", :id => "continue", :class => "btn btn-primary", :tabindex => 7) %>
-    </div>
+    <%= f.form_group do %>
+      <%= f.check_box :consider_pd,
+                      :tabindex => 5,
+                      :label => t(".consider_pd_html",
+                                  :consider_pd_link => link_to(t(".consider_pd"),
+                                                               t(".consider_pd_url"),
+                                                               :target => :new)) %>
+    <% end %>
 
     <div class="mb-3">
-      <div class="form-check">
-        <%= check_box("user", "consider_pd", :class => "form-check-input") %>
-          <label for="user_consider_pd" class="form-check-label">
-            <%= t ".consider_pd" %>
-          </label>
-        <span class="minorNote">(<%= link_to(t(".consider_pd_why"), t(".consider_pd_why_url"), :target => :new) %>)</span>
-      </div>
-    </div>
-
-    <div id="auth_prompt">
-      <p><%= link_to t(".use external auth"), "#", :id => "auth_enable" %></p>
+      <%= submit_tag(t(".continue"), :name => "continue", :id => "continue", :class => "btn btn-primary", :tabindex => 6) %>
     </div>
+  <% end %>
 
+  <% if current_user.auth_uid.nil? %>
+    <hr>
+    <%= render :partial => "auth_providers" %>
   <% end %>
 </div>
index f6d79369beaabaf7bafa80c7c8ce8a399621b493..4046b8068024812675b63a7241b770e303981d60 100644 (file)
@@ -2735,6 +2735,8 @@ en:
         header: Free and editable.
         paragraph_1: Unlike other maps, OpenStreetMap is completely created by people like you, and it's free for anyone to fix, update, download and use.
         paragraph_2: Sign up to get started contributing. We'll send an email to confirm your account.
+        welcome: "Welcome to OpenStreetMap"
+      duplicate_social_email: "If you already have an OpenStreetMap account and wish to use a 3rd party identity provider, please log in using your password and modify the settings of your account."
       display name description: "Your publicly displayed username. You can change this later in the preferences."
       by_signing_up_html: "By signing up, you agree to our %{contributor_terms_link} and %{tou_link}."
       contributor_terms_url: "https://wiki.osmfoundation.org/wiki/Licence/Contributor_Terms"
@@ -2748,9 +2750,9 @@ en:
       privacy_policy: privacy policy
       privacy_policy_url: https://wiki.osmfoundation.org/wiki/Privacy_Policy
       privacy_policy_title: OSMF privacy policy including section on email addresses
-      consider_pd: "In addition to the above, I consider my contributions to be in the Public Domain"
-      consider_pd_why: "what's this?"
-      consider_pd_why_url: https://wiki.osmfoundation.org/wiki/Licence_and_Legal_FAQ/Why_would_I_want_my_contributions_to_be_public_domain
+      consider_pd_html: "I consider my contributions to be in the %{consider_pd_link}."
+      consider_pd: "public domain"
+      consider_pd_url: https://wiki.osmfoundation.org/wiki/Licence_and_Legal_FAQ/Why_would_I_want_my_contributions_to_be_public_domain
     terms:
       title: "Terms"
       heading: "Terms"
index 370886e5da086b1759aaaae24c5320323cc51089..beb05a98a372341b514c4bfdb21e3e7e55d2eb06 100644 (file)
@@ -45,6 +45,29 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_select "form > div > input.is-invalid#user_email"
   end
 
+  def test_user_create_association_submit_duplicate_email
+    dup_email = create(:user).email
+    display_name = "new_tester"
+    assert_difference("User.count", 0) do
+      assert_no_difference("ActionMailer::Base.deliveries.size") do
+        perform_enqueued_jobs do
+          post "/user/new",
+               :params => { :user => { :email => dup_email,
+                                       :display_name => display_name,
+                                       :pass_crypt => "testtest",
+                                       :pass_crypt_confirmation => "testtest",
+                                       :auth_provider => "auth_provider",
+                                       :auth_uid => "123454321",
+                                       :consider_pd => "1" } }
+        end
+      end
+    end
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form"
+    assert_select "form > div > input.is-invalid#user_email"
+  end
+
   def test_user_create_submit_duplicate_username
     dup_display_name = create(:user).display_name
     email = "new_tester"
@@ -74,13 +97,34 @@ class UserCreationTest < ActionDispatch::IntegrationTest
                :params => { :user => { :email => email,
                                        :display_name => display_name,
                                        :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "blahblah" } }
+                                       :pass_crypt_confirmation => "blahblah",
+                                       :consider_pd => "1" } }
         end
       end
     end
     assert_response :success
     assert_template "users/new"
-    assert_select "form > div > input.is-invalid#user_pass_crypt_confirmation"
+    assert_select "form > div > div > div > input.is-invalid#user_pass_crypt_confirmation"
+  end
+
+  def test_user_create_association_submit_duplicate_username
+    dup_display_name = create(:user).display_name
+    email = "new_tester"
+    assert_difference("User.count", 0) do
+      assert_no_difference("ActionMailer::Base.deliveries.size") do
+        perform_enqueued_jobs do
+          post "/user/new",
+               :params => { :user => { :email => email,
+                                       :display_name => dup_display_name,
+                                       :auth_provider => "provider",
+                                       :auth_uid => "123454321",
+                                       :consider_pd => "1" } }
+        end
+      end
+    end
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_display_name"
   end
 
   def test_user_create_success
@@ -96,7 +140,6 @@ class UserCreationTest < ActionDispatch::IntegrationTest
                                        :pass_crypt => "testtest",
                                        :pass_crypt_confirmation => "testtest",
                                        :consider_pd => "1" } }
-          assert_response :redirect
           assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
           follow_redirect!
         end
@@ -189,35 +232,58 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   end
 
   def test_user_create_openid_success
-    OmniAuth.config.add_mock(:openid, :uid => "http://localhost:1123/new.tester")
-
     new_email = "newtester-openid@osm.org"
     display_name = "new_tester-openid"
-    password = "testtest"
+    auth_uid = "http://localhost:1123/new.tester"
+
+    OmniAuth.config.add_mock(:openid,
+                             :uid => auth_uid,
+                             :info => { :email => new_email, :name => display_name })
+
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         perform_enqueued_jobs do
+          post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => new_email,
+                               :auth_provider => "openid", :auth_uid => auth_uid
+          follow_redirect!
           post "/user/new",
                :params => { :user => { :email => new_email,
                                        :display_name => display_name,
                                        :auth_provider => "openid",
                                        :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => password,
-                                       :pass_crypt_confirmation => password,
                                        :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
-          follow_redirect!
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
-          follow_redirect!
         end
       end
     end
 
     # Check the page
+    assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+
+    ActionMailer::Base.deliveries.clear
+  end
+
+  def test_user_create_openid_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-openid"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:openid,
+                             :uid => auth_uid,
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "openid", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "openid", :origin => "/user/new")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email,
+                         :auth_provider => "openid", :auth_uid => auth_uid
+    follow_redirect!
+
     assert_response :success
-    assert_template "confirmations/confirm"
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
 
     ActionMailer::Base.deliveries.clear
   end
@@ -225,29 +291,14 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   def test_user_create_openid_failure
     OmniAuth.config.mock_auth[:openid] = :connection_failed
 
-    new_email = "newtester-openid2@osm.org"
-    display_name = "new_tester-openid2"
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "openid",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest",
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
+          post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
           follow_redirect!
           assert_redirected_to auth_failure_path(:strategy => "openid", :message => "connection_failed", :origin => "/user/new")
           follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
         end
       end
     end
@@ -256,29 +307,29 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   end
 
   def test_user_create_openid_redirect
-    OmniAuth.config.add_mock(:openid, :uid => "http://localhost:1123/new.tester")
-
+    auth_uid = "12345654321"
     new_email = "redirect_tester_openid@osm.org"
     display_name = "redirect_tester_openid"
-    # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
+
+    OmniAuth.config.add_mock(:openid,
+                             :uid => auth_uid,
+                             :info => { :email => new_email, :name => display_name })
+
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         perform_enqueued_jobs do
+          post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => new_email,
+                               :auth_provider => "openid", :auth_uid => auth_uid
+          follow_redirect!
           post "/user/new",
                :params => { :user => { :email => new_email,
                                        :display_name => display_name,
                                        :auth_provider => "openid",
-                                       :auth_uid => "http://localhost:1123/new.tester",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest",
-                                       :consider_pd => "1" },
-                            :referer => referer }
-          assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
-          follow_redirect!
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
           follow_redirect!
         end
       end
@@ -315,25 +366,33 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
   def test_user_create_google_success
     new_email = "newtester-google@osm.org"
+    verified_email = UsersController.message_hmac(new_email)
     display_name = "new_tester-google"
-    password = "testtest"
+    auth_uid = "123454321"
 
-    OmniAuth.config.add_mock(:google, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:google,
+                             :uid => auth_uid,
+                             :extra => { :id_info => { :openid_id => "http://localhost:1123/new.tester" } },
+                             :info => { :email => new_email, :name => display_name })
 
     assert_difference("User.count") do
       assert_no_difference("ActionMailer::Base.deliveries.size") do
         perform_enqueued_jobs do
+          post auth_path(:provider => "google", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "google")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :verified_email => verified_email,
+                               :auth_provider => "google", :auth_uid => auth_uid
+          follow_redirect!
+
           post "/user/new",
                :params => { :user => { :email => new_email,
                                        :display_name => display_name,
                                        :auth_provider => "google",
-                                       :pass_crypt => password,
-                                       :pass_crypt_confirmation => password,
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "google")
-          follow_redirect!
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" },
+                            :verified_email => verified_email }
           assert_redirected_to welcome_path
           follow_redirect!
         end
@@ -347,31 +406,43 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
   end
 
+  def test_user_create_google_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-google"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:google,
+                             :uid => auth_uid,
+                             :extra => { :id_info => { :openid_id => "http://localhost:1123/new.tester" } },
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "google", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "google")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email,
+                         :verified_email => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "google", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
+
+    ActionMailer::Base.deliveries.clear
+  end
+
   def test_user_create_google_failure
     OmniAuth.config.mock_auth[:google] = :connection_failed
 
-    new_email = "newtester-google2@osm.org"
-    display_name = "new_tester-google2"
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "google",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "",
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "google")
+          post auth_path(:provider => "google", :origin => "/user/new")
+          assert_response :redirect
           follow_redirect!
           assert_redirected_to auth_failure_path(:strategy => "google", :message => "connection_failed", :origin => "/user/new")
           follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
         end
       end
     end
@@ -380,30 +451,35 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   end
 
   def test_user_create_google_redirect
-    OmniAuth.config.add_mock(:google, :uid => "123454321", :extra => {
-                               :id_info => { "openid_id" => "http://localhost:1123/new.tester" }
-                             })
-
-    new_email = "redirect_tester_google@osm.org"
+    orig_email = "redirect_tester_google_orig@google.com"
+    verified_email = UsersController.message_hmac(orig_email)
+    new_email =  "redirect_tester_google@osm.org"
     display_name = "redirect_tester_google"
-    # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:google,
+                             :uid => auth_uid,
+                             :extra => { :id_info => { :openid_id => "http://localhost:1123/new.tester" } },
+                             :info => { :email => orig_email, :name => display_name })
+
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         perform_enqueued_jobs do
+          post auth_path(:provider => "google", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "google")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :verified_email => verified_email,
+                               :auth_provider => "google", :auth_uid => auth_uid
+          follow_redirect!
           post "/user/new",
                :params => { :user => { :email => new_email,
+                                       :verified_email => verified_email,
                                        :display_name => display_name,
                                        :auth_provider => "google",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest",
-                                       :consider_pd => "1" },
-                            :referer => referer }
-          assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "google")
-          follow_redirect!
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
           follow_redirect!
         end
       end
@@ -440,25 +516,32 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
   def test_user_create_facebook_success
     new_email = "newtester-facebook@osm.org"
+    verified_email = UsersController.message_hmac(new_email)
     display_name = "new_tester-facebook"
-    password = "testtest"
+    auth_uid = "123454321"
 
-    OmniAuth.config.add_mock(:facebook, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:facebook,
+                             :uid => auth_uid,
+                             :info => { "email" => new_email, :name => display_name })
 
     assert_difference("User.count") do
       assert_no_difference("ActionMailer::Base.deliveries.size") do
         perform_enqueued_jobs do
+          post auth_path(:provider => "facebook", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "facebook")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :verified_email => verified_email,
+                               :auth_provider => "facebook", :auth_uid => auth_uid
+          follow_redirect!
+
           post "/user/new",
                :params => { :user => { :email => new_email,
                                        :display_name => display_name,
                                        :auth_provider => "facebook",
-                                       :pass_crypt => password,
-                                       :pass_crypt_confirmation => password,
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "facebook")
-          follow_redirect!
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" },
+                            :verified_email => verified_email }
           assert_redirected_to welcome_path
           follow_redirect!
         end
@@ -472,31 +555,42 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
   end
 
+  def test_user_create_facebook_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-facebook"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:facebook,
+                             :uid => auth_uid,
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "facebook", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "facebook")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email,
+                         :verified_email => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "facebook", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
+
+    ActionMailer::Base.deliveries.clear
+  end
+
   def test_user_create_facebook_failure
     OmniAuth.config.mock_auth[:facebook] = :connection_failed
 
-    new_email = "newtester-facebook2@osm.org"
-    display_name = "new_tester-facebook2"
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "facebook",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "",
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "facebook")
+          post auth_path(:provider => "facebook", :origin => "/user/new")
+          assert_response :redirect
           follow_redirect!
           assert_redirected_to auth_failure_path(:strategy => "facebook", :message => "connection_failed", :origin => "/user/new")
           follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
         end
       end
     end
@@ -505,28 +599,36 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   end
 
   def test_user_create_facebook_redirect
-    OmniAuth.config.add_mock(:facebook, :uid => "123454321")
-
+    orig_email = "redirect_tester_facebook_orig@osm.org"
+    verified_email = UsersController.message_hmac(orig_email)
     new_email = "redirect_tester_facebook@osm.org"
     display_name = "redirect_tester_facebook"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:facebook,
+                             :uid => auth_uid,
+                             :info => { :email => orig_email, :name => display_name })
+
     # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         perform_enqueued_jobs do
+          post auth_path(:provider => "facebook", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "facebook")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :verified_email => verified_email,
+                               :auth_provider => "facebook", :auth_uid => auth_uid
+          follow_redirect!
+
           post "/user/new",
                :params => { :user => { :email => new_email,
+                                       :verified_email => verified_email,
                                        :display_name => display_name,
                                        :auth_provider => "facebook",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest",
-                                       :consider_pd => "1" },
-                            :referer => referer }
-          assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "facebook")
-          follow_redirect!
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
           follow_redirect!
         end
       end
@@ -563,25 +665,31 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
   def test_user_create_microsoft_success
     new_email = "newtester-microsoft@osm.org"
+    verified_email = UsersController.message_hmac(new_email)
     display_name = "new_tester-microsoft"
-    password = "testtest"
+    auth_uid = "123454321"
 
-    OmniAuth.config.add_mock(:microsoft, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:microsoft,
+                             :uid => auth_uid,
+                             :info => { "email" => new_email, :name => display_name })
 
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         perform_enqueued_jobs do
+          post auth_path(:provider => "microsoft", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "microsoft")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :verified_email => verified_email,
+                               :auth_provider => "microsoft", :auth_uid => auth_uid
+          follow_redirect!
           post "/user/new",
                :params => { :user => { :email => new_email,
                                        :display_name => display_name,
                                        :auth_provider => "microsoft",
-                                       :pass_crypt => password,
-                                       :pass_crypt_confirmation => password,
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "microsoft", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "microsoft")
-          follow_redirect!
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" },
+                            :verified_email => verified_email }
           assert_redirected_to welcome_path
           follow_redirect!
         end
@@ -595,31 +703,42 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
   end
 
+  def test_user_create_microsoft_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-microsoft"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:microsoft,
+                             :uid => auth_uid,
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "microsoft", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "microsoft")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name, :email => dup_user.email,
+                         :verified_email => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "microsoft", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
+
+    ActionMailer::Base.deliveries.clear
+  end
+
   def test_user_create_microsoft_failure
     OmniAuth.config.mock_auth[:microsoft] = :connection_failed
 
-    new_email = "newtester-microsoft2@osm.org"
-    display_name = "new_tester-microsoft2"
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "microsoft",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "",
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "microsoft", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "microsoft")
+          post auth_path(:provider => "microsoft", :origin => "/user/new")
+          assert_response :redirect
           follow_redirect!
           assert_redirected_to auth_failure_path(:strategy => "microsoft", :message => "connection_failed", :origin => "/user/new")
           follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
         end
       end
     end
@@ -628,28 +747,35 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   end
 
   def test_user_create_microsoft_redirect
-    OmniAuth.config.add_mock(:microsoft, :uid => "123454321")
-
+    orig_email = "redirect_tester_microsoft_orig@osm.org"
+    verified_email = UsersController.message_hmac(orig_email)
     new_email = "redirect_tester_microsoft@osm.org"
     display_name = "redirect_tester_microsoft"
-    # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:microsoft,
+                             :uid => auth_uid,
+                             :info => { :email => orig_email, :name => display_name })
+
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         perform_enqueued_jobs do
+          post auth_path(:provider => "microsoft", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "microsoft")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :verified_email => verified_email,
+                               :auth_provider => "microsoft", :auth_uid => auth_uid
+          follow_redirect!
+
           post "/user/new",
                :params => { :user => { :email => new_email,
+                                       :verified_email => verified_email,
                                        :display_name => display_name,
                                        :auth_provider => "microsoft",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest",
-                                       :consider_pd => "1" },
-                            :referer => referer }
-          assert_redirected_to auth_path(:provider => "microsoft", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "microsoft")
-          follow_redirect!
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
           follow_redirect!
         end
       end
@@ -686,25 +812,36 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
   def test_user_create_github_success
     new_email = "newtester-github@osm.org"
+    verified_email = UsersController.message_hmac(new_email)
     display_name = "new_tester-github"
     password = "testtest"
+    auth_uid = "123454321"
 
-    OmniAuth.config.add_mock(:github, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:github,
+                             :uid => auth_uid,
+                             :info => { "email" => new_email, :name => display_name })
 
     assert_difference("User.count") do
       assert_no_difference("ActionMailer::Base.deliveries.size") do
         perform_enqueued_jobs do
+          post auth_path(:provider => "github", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "github")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :verified_email => verified_email,
+                               :auth_provider => "github", :auth_uid => auth_uid
+          follow_redirect!
+
           post "/user/new",
                :params => { :user => { :email => new_email,
                                        :display_name => display_name,
                                        :auth_provider => "github",
+                                       :auth_uid => "123454321",
                                        :pass_crypt => password,
-                                       :pass_crypt_confirmation => password,
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "github")
-          follow_redirect!
+                                       :pass_crypt_confirmation => password },
+                            :read_ct => 1,
+                            :read_tou => 1,
+                            :verified_email => verified_email }
           assert_redirected_to welcome_path
           follow_redirect!
         end
@@ -718,31 +855,42 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
   end
 
+  def test_user_create_github_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-github"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:github,
+                             :uid => auth_uid,
+                             :extra => { :id_info => { :openid_id => "http://localhost:1123/new.tester" } },
+                             :info => { :email => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "github", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "github")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                         :email => dup_user.email, :verified_email => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "github", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
+
+    ActionMailer::Base.deliveries.clear
+  end
+
   def test_user_create_github_failure
     OmniAuth.config.mock_auth[:github] = :connection_failed
 
-    new_email = "newtester-github2@osm.org"
-    display_name = "new_tester-github2"
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "github",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "",
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "github")
+          post auth_path(:provider => "github", :origin => "/user/new")
           follow_redirect!
           assert_redirected_to auth_failure_path(:strategy => "github", :message => "connection_failed", :origin => "/user/new")
           follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
         end
       end
     end
@@ -751,28 +899,34 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   end
 
   def test_user_create_github_redirect
-    OmniAuth.config.add_mock(:github, :uid => "123454321")
-
+    orig_email = "redirect_tester_github_orig@osm.org"
+    verified_email = UsersController.message_hmac(orig_email)
     new_email = "redirect_tester_github@osm.org"
     display_name = "redirect_tester_github"
-    # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:github,
+                             :uid => auth_uid,
+                             :info => { :email => orig_email, :name => display_name })
+
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         perform_enqueued_jobs do
+          post auth_path(:provider => "github", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "github")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :verified_email => verified_email,
+                               :auth_provider => "github", :auth_uid => auth_uid
+          follow_redirect!
           post "/user/new",
                :params => { :user => { :email => new_email,
+                                       :verified_email => verified_email,
                                        :display_name => display_name,
                                        :auth_provider => "github",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest",
-                                       :consider_pd => "1" },
-                            :referer => referer }
-          assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "github")
-          follow_redirect!
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
           follow_redirect!
         end
       end
@@ -809,25 +963,35 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
   def test_user_create_wikipedia_success
     new_email = "newtester-wikipedia@osm.org"
+    verified_email = UsersController.message_hmac(new_email)
     display_name = "new_tester-wikipedia"
     password = "testtest"
+    auth_uid = "123454321"
 
-    OmniAuth.config.add_mock(:wikipedia, :uid => "123454321", :info => { "email" => new_email })
+    OmniAuth.config.add_mock(:wikipedia,
+                             :uid => auth_uid,
+                             :info => { :email => new_email, :name => display_name })
 
     assert_difference("User.count") do
       assert_no_difference("ActionMailer::Base.deliveries.size") do
         perform_enqueued_jobs do
+          post auth_path(:provider => "wikipedia", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => new_email, :verified_email => verified_email,
+                               :auth_provider => "wikipedia", :auth_uid => auth_uid
+          follow_redirect!
           post "/user/new",
                :params => { :user => { :email => new_email,
                                        :display_name => display_name,
                                        :auth_provider => "wikipedia",
+                                       :auth_uid => "123454321",
                                        :pass_crypt => password,
-                                       :pass_crypt_confirmation => password,
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
-          follow_redirect!
+                                       :pass_crypt_confirmation => password },
+                            :read_ct => 1,
+                            :read_tou => 1,
+                            :verified_email => verified_email }
           assert_redirected_to welcome_path
           follow_redirect!
         end
@@ -837,6 +1001,28 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     # Check the page
     assert_response :success
     assert_template "site/welcome"
+  end
+
+  def test_user_create_wikipedia_duplicate_email
+    dup_user = create(:user)
+    display_name = "new_tester-wikipedia"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:wikipedia,
+                             :uid => auth_uid,
+                             :info => { "email" => dup_user.email, :name => display_name })
+
+    post auth_path(:provider => "wikipedia", :origin => "/user/new")
+    assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
+    follow_redirect!
+    assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                         :email => dup_user.email, :verified_email => UsersController.message_hmac(dup_user.email),
+                         :auth_provider => "wikipedia", :auth_uid => auth_uid
+    follow_redirect!
+
+    assert_response :success
+    assert_template "users/new"
+    assert_select "form > div > input.is-invalid#user_email"
 
     ActionMailer::Base.deliveries.clear
   end
@@ -844,28 +1030,15 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   def test_user_create_wikipedia_failure
     OmniAuth.config.mock_auth[:wikipedia] = :connection_failed
 
-    new_email = "newtester-wikipedia2@osm.org"
-    display_name = "new_tester-wikipedia2"
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         perform_enqueued_jobs do
-          post "/user/new",
-               :params => { :user => { :email => new_email,
-                                       :display_name => display_name,
-                                       :auth_provider => "wikipedia",
-                                       :pass_crypt => "",
-                                       :pass_crypt_confirmation => "",
-                                       :consider_pd => "1" } }
-          assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
+          post auth_path(:provider => "wikipedia", :origin => "/user/new")
+          assert_response :redirect
           follow_redirect!
           assert_redirected_to auth_failure_path(:strategy => "wikipedia", :message => "connection_failed", :origin => "/user/new")
           follow_redirect!
-          assert_response :redirect
-          follow_redirect!
-          assert_response :success
-          assert_template "users/new"
+          assert_redirected_to "/user/new"
         end
       end
     end
@@ -874,28 +1047,36 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   end
 
   def test_user_create_wikipedia_redirect
-    OmniAuth.config.add_mock(:wikipedia, :uid => "123454321")
-
+    orig_email = "redirect_tester_wikipedia_orig@osm.org"
+    verified_email = UsersController.message_hmac(orig_email)
     new_email = "redirect_tester_wikipedia@osm.org"
     display_name = "redirect_tester_wikipedia"
+    auth_uid = "123454321"
+
+    OmniAuth.config.add_mock(:wikipedia,
+                             :uid => auth_uid,
+                             :info => { :email => orig_email, :name => display_name })
+
     # nothing special about this page, just need a protected page to redirect back to.
-    referer = "/traces/mine"
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         perform_enqueued_jobs do
+          post auth_path(:provider => "wikipedia", :origin => "/user/new")
+          assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
+          follow_redirect!
+          assert_redirected_to :controller => :users, :action => "new", :nickname => display_name,
+                               :email => orig_email, :verified_email => verified_email,
+                               :auth_provider => "wikipedia", :auth_uid => auth_uid
+          follow_redirect!
+
           post "/user/new",
                :params => { :user => { :email => new_email,
+                                       :verified_email => verified_email,
                                        :display_name => display_name,
                                        :auth_provider => "wikipedia",
-                                       :pass_crypt => "testtest",
-                                       :pass_crypt_confirmation => "testtest",
-                                       :consider_pd => "1" },
-                            :referer => referer }
-          assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
-          post response.location
-          assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/user/new")
-          follow_redirect!
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+                                       :auth_uid => auth_uid,
+                                       :consider_pd => "1" } }
+          assert_response :redirect
           follow_redirect!
         end
       end