Merge pull request #4535 from tomhughes/rails-tokens

Use rails generated tokens for emails

diff --combined app/controllers/users_controller.rb
index b017c33b95b39b44b859335befda16c23a9e72ec,429fa47a4096ec2174b0bc8bfb258677736eff95..fbf49ecbe6835cb1ba99ce52193d96c2f835a8e3
--- 1/app/controllers/users_controller.rb
--- 2/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@@ -203,8 -203,8 +203,8 @@@ class UsersController < ApplicationCont
              session[:referer] = referer
              successful_login(current_user)
            else
-             session[:token] = current_user.tokens.create.token
-             UserMailer.signup_confirm(current_user, current_user.tokens.create(:referer => referer)).deliver_later
+             session[:pending_user] = current_user.id
+             UserMailer.signup_confirm(current_user, current_user.generate_token_for(:new_user), referer).deliver_later
              redirect_to :controller => :confirmations, :action => :confirm, :display_name => current_user.display_name
            end
          else
@@@ -247,7 -247,7 +247,7 @@@
                       when "openid"
                         uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) ||
                         uid.match(%r{https://me.yahoo.com/(.*)})
 -                     when "google", "facebook", "microsoft"
 +                     when "google", "facebook", "microsoft", "github", "wikipedia"
                         true
                       else
                         false

diff --combined test/integration/user_creation_test.rb
index 77b23c039d814becae9489f7ddbe392608e64c3e,35f98d17d4d334a571c0a23fa5a2e1d72a5cf06c..59efeaabbf7e439adc3c2db98d511dffd7dd0d1f
--- 1/test/integration/user_creation_test.rb
--- 2/test/integration/user_creation_test.rb
+++ b/test/integration/user_creation_test.rb
@@@ -209,11 -209,11 +209,11 @@@ class UserCreationTest < ActionDispatch
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-     confirm_regex = Regexp.new("/user/redirect_tester/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+     confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-     confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+     confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@@ -222,11 -222,11 +222,11 @@@
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-     get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-     post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@@ -362,11 -362,11 +362,11 @@@
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-     confirm_regex = Regexp.new("/user/redirect_tester_openid/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+     confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-     confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+     confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@@ -375,11 -375,11 +375,11 @@@
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-     get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-     post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@@ -516,11 -516,11 +516,11 @@@
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-     confirm_regex = Regexp.new("/user/redirect_tester_google/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+     confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-     confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+     confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@@ -529,11 -529,11 +529,11 @@@
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-     get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-     post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@@ -668,11 -668,11 +668,11 @@@
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-     confirm_regex = Regexp.new("/user/redirect_tester_facebook/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+     confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-     confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+     confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@@ -681,11 -681,11 +681,11 @@@
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-     get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-     post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@@ -820,11 -820,11 +820,11 @@@
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-     confirm_regex = Regexp.new("/user/redirect_tester_microsoft/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+     confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-     confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+     confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@@ -833,11 -833,11 +833,11 @@@
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-     get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-     post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@@ -852,7 -852,7 +852,7 @@@
      OmniAuth.config.add_mock(:github, :uid => "123454321", :info => { "email" => new_email })
  
      assert_difference("User.count") do
 -      assert_difference("ActionMailer::Base.deliveries.size", 1) do
 +      assert_no_difference("ActionMailer::Base.deliveries.size") do
          perform_enqueued_jobs do
            post "/user/new",
                 :params => { :user => { :email => new_email,
@@@ -880,7 -880,7 +880,7 @@@
                              :read_ct => 1,
                              :read_tou => 1 }
            assert_response :redirect
 -          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
 +          assert_redirected_to welcome_path
            follow_redirect!
          end
        end
@@@ -888,7 -888,7 +888,7 @@@
  
      # Check the page
      assert_response :success
 -    assert_template "confirmations/confirm"
 +    assert_template "site/welcome"
  
      ActionMailer::Base.deliveries.clear
    end
@@@ -974,11 -974,11 +974,11 @@@
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-     confirm_regex = Regexp.new("/user/redirect_tester_github/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+     confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-     confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+     confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@@ -987,11 -987,11 +987,11 @@@
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-     get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-     post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success
@@@ -1006,7 -1006,7 +1006,7 @@@
      OmniAuth.config.add_mock(:wikipedia, :uid => "123454321", :info => { "email" => new_email })
  
      assert_difference("User.count") do
 -      assert_difference("ActionMailer::Base.deliveries.size", 1) do
 +      assert_no_difference("ActionMailer::Base.deliveries.size") do
          perform_enqueued_jobs do
            post "/user/new",
                 :params => { :user => { :email => new_email,
@@@ -1034,7 -1034,7 +1034,7 @@@
                              :read_ct => 1,
                              :read_tou => 1 }
            assert_response :redirect
 -          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
 +          assert_redirected_to welcome_path
            follow_redirect!
          end
        end
@@@ -1042,7 -1042,7 +1042,7 @@@
  
      # Check the page
      assert_response :success
 -    assert_template "confirmations/confirm"
 +    assert_template "site/welcome"
  
      ActionMailer::Base.deliveries.clear
    end
@@@ -1128,11 -1128,11 +1128,11 @@@
  
      assert_equal register_email.to.first, new_email
      # Check that the confirm account url is correct
-     confirm_regex = Regexp.new("/user/redirect_tester_wikipedia/confirm\\?confirm_string=([a-zA-Z0-9_-]*)")
+     confirm_regex = Regexp.new("confirm_string=([a-zA-Z0-9%_-]*)")
      email_text_parts(register_email).each do |part|
        assert_match confirm_regex, part.body.to_s
      end
-     confirm_string = email_text_parts(register_email).first.body.match(confirm_regex)[1]
+     confirm_string = CGI.unescape(email_text_parts(register_email).first.body.match(confirm_regex)[1])
  
      # Check the page
      assert_response :success
@@@ -1141,11 -1141,11 +1141,11 @@@
      ActionMailer::Base.deliveries.clear
  
      # Go to the confirmation page
-     get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     get "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :success
      assert_template "confirmations/confirm"
  
-     post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
+     post "/user/#{display_name}/confirm", :params => { :referer => "/welcome", :confirm_string => confirm_string }
      assert_response :redirect
      follow_redirect!
      assert_response :success