Make it possible to associate an openID during account creation

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index e661aa1e253777901f21c53927f9470b636be1f7..01863692e50e4f4db6a58970ad79cd98fdc7ac40 100644 (file)
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -22,6 +22,15 @@ class UserController < ApplicationController
     if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"})
       render :action => 'new'
     else
     if Acl.find_by_address(request.remote_ip, :conditions => {:k => "no_account_creation"})
       render :action => 'new'
     else

+         #The redirect from the OpenID provider reenters here again
+         #and we need to pass the parameters through to the 
+         #open_id_authentication function
+         if params[:open_id_complete]
+               openid_verify('', true)
+               redirect_to :action => 'login'
+               return
+         end
+

       @user = User.new(params[:user])
 
       @user.visible = true
       @user = User.new(params[:user])
 
       @user.visible = true


@@ -33,7 +42,19 @@ class UserController < ApplicationController
       if @user.save
         flash[:notice] = t 'user.new.flash create success message'
         Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => params[:referer]))
       if @user.save
         flash[:notice] = t 'user.new.flash create success message'
         Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => params[:referer]))

-        redirect_to :action => 'login'
+               if (params[:user][:openid_url].length > 0)
+                 begin
+                       session[:new_usr_name] = @user.display_name
+                       @norm_openid_url = OpenIdAuthentication.normalize_identifier(params[:user][:openid_url])
+                       #TODO: error messages in the openid_verify aren't correctly returned yet
+                       openid_verify(@norm_openid_url, true)
+                       #Will have sent the redirect_to in the if open_id_complete section of this method
+                 rescue
+                       flash.now[:error] = t 'user.login.openid invalid'
+                 end
+               else
+                 redirect_to :action => 'login'
+               end

       else
         render :action => 'new'
       end
       else
         render :action => 'new'
       end


@@ -48,7 +69,7 @@ class UserController < ApplicationController
     #and we need to pass the parameters through to the 
     #open_id_authentication function
     if params[:open_id_complete]
     #and we need to pass the parameters through to the 
     #open_id_authentication function
     if params[:open_id_complete]

-      openid_verify('')
+      openid_verify('', false)

       return
     end
 
       return
     end
 


@@ -91,7 +112,7 @@ class UserController < ApplicationController
            #If the OpenID has changed, we want to check that it is a valid OpenID and one
            #the user has control over before saving the openID as a password equivalent for
            #the user.
            #If the OpenID has changed, we want to check that it is a valid OpenID and one
            #the user has control over before saving the openID as a password equivalent for
            #the user.

-           openid_verify(@norm_openid_url)
+           openid_verify(@norm_openid_url, false)

          end
        rescue
          flash.now[:error] = t 'user.login.openid invalid'
          end
        rescue
          flash.now[:error] = t 'user.login.openid invalid'


@@ -111,7 +132,7 @@ class UserController < ApplicationController
     return nil
   end  
 
     return nil
   end  
 

-  def openid_verify(openid_url)
+  def openid_verify(openid_url,account_create)

     authenticate_with_open_id(openid_url) do |result, identity_url|
       if result.successful?
         #We need to use the openid url passed back from the OpenID provider
     authenticate_with_open_id(openid_url) do |result, identity_url|
       if result.successful?
         #We need to use the openid url passed back from the OpenID provider


@@ -119,14 +140,15 @@ class UserController < ApplicationController
         #e.g. one can simply enter yahoo.com in the login box, i.e. no user specific url
         #only once it comes back from the OpenID provider do we know the unique address for
         #the user.
         #e.g. one can simply enter yahoo.com in the login box, i.e. no user specific url
         #only once it comes back from the OpenID provider do we know the unique address for
         #the user.

+               @user = User.find_by_display_name(session[:new_usr_name]) unless @user

         @user.openid_url = identity_url
         if @user.save
         @user.openid_url = identity_url
         if @user.save

-          flash.now[:notice] = t 'user.account.flash update success'
+          flash.now[:notice] = t 'user.account.flash update success' unless account_create

         end
       else if result.missing?
              mapped_id = openid_specialcase_mapping(openid_url)
              if mapped_id
         end
       else if result.missing?
              mapped_id = openid_specialcase_mapping(openid_url)
              if mapped_id

-               openid_verify(mapped_id)
+               openid_verify(mapped_id, account_create)

              else
                flash.now[:error] = t 'user.login.openid missing provider'
              end
              else
                flash.now[:error] = t 'user.login.openid missing provider'
              end


@@ -212,6 +234,7 @@ class UserController < ApplicationController
 
     @nickname = params['nickname']
     @email = params['email']
 
     @nickname = params['nickname']
     @email = params['email']

+       @openID = params['openid']

   end
 
   def login
   end
 
   def login


@@ -286,7 +309,7 @@ class UserController < ApplicationController
           #We don't have a user registered to this OpenID. Redirect to the create account page
           #with username and email filled in if they have been given by the OpenID provider through
           #the simple registration protocol
           #We don't have a user registered to this OpenID. Redirect to the create account page
           #with username and email filled in if they have been given by the OpenID provider through
           #the simple registration protocol

-          redirect_to :controller => 'user', :action => 'new', :nickname => registration['nickname'], :email => registration['email']
+          redirect_to :controller => 'user', :action => 'new', :nickname => registration['nickname'], :email => registration['email'], :openid => identity_url

         end
       else if result.missing?
              #Try and apply some heuristics to make common cases more userfriendly
         end
       else if result.missing?
              #Try and apply some heuristics to make common cases more userfriendly

diff --git a/app/views/user/new.html.erb b/app/views/user/new.html.erb
index b029e101ef57ea4187c7b09aafaeed4ec67594ba..3059a0bc0765afc5281c8c6a373969c1afb02708 100644 (file)
--- a/app/views/user/new.html.erb
+++ b/app/views/user/new.html.erb
@@ -32,7 +32,10 @@
   <tr><td class="fieldName"><%= t 'user.new.confirm password' %></td><td><%= password_field('user', 'pass_crypt_confirmation',{:size => 30, :maxlength => 255, :tabindex => 5}) %></td></tr>
   
   <tr><td colspan="2">&nbsp;<!--vertical spacer--></td></tr>
   <tr><td class="fieldName"><%= t 'user.new.confirm password' %></td><td><%= password_field('user', 'pass_crypt_confirmation',{:size => 30, :maxlength => 255, :tabindex => 5}) %></td></tr>
   
   <tr><td colspan="2">&nbsp;<!--vertical spacer--></td></tr>

-  <tr><td></td><td align="right"><input type="submit" value="<%= t'user.new.signup' %>" tabindex="6"></td></tr>
+       <tr><td class="fieldName"><%= t 'user.new.openID' %></td><td><%= text_field('user', 'openid_url',{:size => 50, :maxlength => 255, :tabindex => 6, :value => @openID}) %></td></tr>
+  <tr><td></td><td><span class="minorNote"><%= t 'user.new.openID description' %></span></td></tr>
+  <tr><td colspan="2">&nbsp;<!--vertical spacer--></td></tr>
+  <tr><td></td><td align="right"><input type="submit" value="<%= t'user.new.signup' %>" tabindex="7"></td></tr>

 </table>
 <% end %>
 
 </table>
 <% end %>
 

diff --git a/config/locales/en.yml b/config/locales/en.yml
index 66fbfbe95bfd03311ad94e75c08a9cae35efe814..4ba9c5de25e8a46c96ca32b6da53b70253d6008a 100644 (file)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1386,6 +1386,8 @@ en:
       display name description: "Your publicly displayed username. You can change this later in the preferences."
       password: "Password:"
       confirm password: "Confirm Password:"
       display name description: "Your publicly displayed username. You can change this later in the preferences."
       password: "Password:"
       confirm password: "Confirm Password:"

+      openID: "OpenID:"
+      openID description: '(Optional) If you have an <a href="http://wiki.openstreetmap.org/wiki/openID/">OpenID</a> you can associate it with this account to login'

       signup: Signup
       flash create success message: "User was successfully created. Check your email for a confirmation note, and you will be mapping in no time :-)<br /><br />Please note that you will not be able to login until you've received and confirmed your email address.<br /><br />If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests."
     no_such_user:
       signup: Signup
       flash create success message: "User was successfully created. Check your email for a confirmation note, and you will be mapping in no time :-)<br /><br />Please note that you will not be able to login until you've received and confirmed your email address.<br /><br />If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests."
     no_such_user: