From: Tom Hughes Date: Sun, 5 Dec 2010 15:15:55 +0000 (+0000) Subject: Merge branch 'master' into openid X-Git-Tag: live~6812 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/0ea9f92be50a8763331a81d3c32a5f5a157265c6?ds=sidebyside;hp=-c Merge branch 'master' into openid Conflicts: app/controllers/user_controller.rb --- 0ea9f92be50a8763331a81d3c32a5f5a157265c6 diff --combined app/controllers/user_controller.rb index d456c1353,6935af3bc..1193ec910 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@@ -26,53 -26,22 +26,53 @@@ class UserController < ApplicationContr render :update do |page| page.replace_html "contributorTerms", :partial => "terms", :locals => { :has_decline => params[:has_decline] } end + elsif using_open_id? + # The redirect from the OpenID provider reenters here + # again and we need to pass the parameters through to + # the open_id_authentication function + @user = session.delete(:new_user) + + openid_verify(nil, @user) do |user| + end + + if @user.openid_url.nil? or @user.invalid? + render :action => 'new' + else + render :action => 'terms' + end else + session[:referer] = params[:referer] + @title = t 'user.terms.title' @user = User.new(params[:user]) if params[:user] + if params[:user] and params[:user][:openid_url] and @user.pass_crypt.empty? + # We are creating an account with OpenID and no password + # was specified so create a random one + @user.pass_crypt = ActiveSupport::SecureRandom.base64(16) + @user.pass_crypt_confirmation = @user.pass_crypt + end + if @user if @user.invalid? if @user.new_record? + # Something is wrong with a new user, so rerender the form render :action => :new else + # Error in existing user, so go to account settings flash[:errors] = @user.errors redirect_to :action => :account, :display_name => @user.display_name end elsif @user.terms_agreed? + # Already agreed to terms, so just show settings redirect_to :action => :account, :display_name => @user.display_name + elsif params[:user] and params[:user][:openid_url] + # Verify OpenID before moving on + session[:new_user] = @user + openid_verify(params[:user][:openid_url], @user) end else + # Not logged in, so redirect to the login page redirect_to :action => :login, :referer => request.request_uri end end @@@ -107,7 -76,8 +107,8 @@@ if @user.save flash[:notice] = t 'user.new.flash create success message', :email => @user.email - Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => params[:referer])) + Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => session.delete(:referer))) + session[:token] = @user.tokens.create.token redirect_to :action => 'login' else render :action => 'new' @@@ -139,25 -109,28 +140,31 @@@ @user.home_lat = params[:user][:home_lat] @user.home_lon = params[:user][:home_lon] + if params[:user][:preferred_editor] == "default" + @user.preferred_editor = nil + else + @user.preferred_editor = params[:user][:preferred_editor] + end + - if @user.save - set_locale + @user.openid_url = nil if params[:user][:openid_url].empty? - if @user.new_email.nil? or @user.new_email.empty? - flash[:notice] = t 'user.account.flash update success' - else - flash[:notice] = t 'user.account.flash update success confirm needed' - - begin - Notifier.deliver_email_confirm(@user, @user.tokens.create) - rescue - # Ignore errors sending email - end - end - - redirect_to :action => "account", :display_name => @user.display_name + if params[:user][:openid_url].length > 0 and + params[:user][:openid_url] != @user.openid_url + # If the OpenID has changed, we want to check that it is a + # valid OpenID and one the user has control over before saving + # it as a password equivalent for the user. + session[:new_user] = @user + openid_verify(params[:user][:openid_url], @user) + else + update_user(@user) + end + elsif using_open_id? + # The redirect from the OpenID provider reenters here + # again and we need to pass the parameters through to + # the open_id_authentication function + @user = session.delete(:new_user) + openid_verify(nil, @user) do |user| + update_user(user) end else if flash[:errors] @@@ -223,26 -196,41 +230,26 @@@ def new @title = t 'user.new.title' - - # The user is logged in already, so don't show them the signup - # page, instead send them to the home page - redirect_to :controller => 'site', :action => 'index' if session[:user] + @referer = params[:referer] || session[:referer] + + if session[:user] + # The user is logged in already, so don't show them the signup + # page, instead send them to the home page + redirect_to :controller => 'site', :action => 'index' + elsif not params['openid'].nil? + flash.now[:notice] = t 'user.new.openid association' + end end def login - @title = t 'user.login.title' + if params[:username] or using_open_id? + session[:remember_me] ||= params[:remember_me] + session[:referer] ||= params[:referer] - if params[:user] - email_or_display_name = params[:user][:email] - pass = params[:user][:password] - user = User.authenticate(:username => email_or_display_name, :password => pass) - - if user - session[:user] = user.id - session_expires_after 1.month if params[:remember_me] - - # The user is logged in, if the referer param exists, redirect - # them to that unless they've also got a block on them, in - # which case redirect them to the block so they can clear it. - if user.blocked_on_view - redirect_to user.blocked_on_view, :referer => params[:referer] - elsif params[:referer] - redirect_to params[:referer] - else - redirect_to :controller => 'site', :action => 'index' - end - elsif user = User.authenticate(:username => email_or_display_name, :password => pass, :pending => true) - flash.now[:error] = t 'user.login.account not active', :reconfirm => url_for(:action => 'confirm_resend', :display_name => user.display_name) - elsif User.authenticate(:username => email_or_display_name, :password => pass, :suspended => true) - webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org" - flash.now[:error] = t 'user.login.account suspended', :webmaster => webmaster + if using_open_id? + openid_authentication(params[:openid_url]) else - flash.now[:error] = t 'user.login.auth failure' + password_authentication(params[:username], params[:password]) end elsif flash[:notice].nil? flash.now[:notice] = t 'user.login.notice' @@@ -283,14 -271,29 +290,29 @@@ user.save! referer = token.referer token.destroy - session[:user] = user.id - unless referer.nil? + if session[:token] + token = UserToken.find_by_token(session[:token]) + session.delete(:token) + else + token = nil + end + + if token.nil? or token.user != user flash[:notice] = t('user.confirm.success') - redirect_to referer + redirect_to :action => :login, :referer => referer else - flash[:notice] = t('user.confirm.success') + "

" + t('user.confirm.before you start') - redirect_to :action => 'account', :display_name => user.display_name + token.destroy + + session[:user] = user.id + + if referer.nil? + flash[:notice] = t('user.confirm.success') + "

" + t('user.confirm.before you start') + redirect_to :action => :account, :display_name => user.display_name + else + flash[:notice] = t('user.confirm.success') + redirect_to referer + end end end else @@@ -447,164 -450,6 +469,164 @@@ private + ## + # handle password authentication + def password_authentication(username, password) + if user = User.authenticate(:username => username, :password => password) + successful_login(user) + elsif user = User.authenticate(:username => username, :password => password, :pending => true) + failed_login t('user.login.account not active', :reconfirm => url_for(:action => 'confirm_resend', :display_name => user.display_name)) + elsif User.authenticate(:username => username, :password => password, :suspended => true) + webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org" + failed_login t('user.login.account suspended', :webmaster => webmaster) + else + failed_login t('user.login.auth failure') + end + end + + ## + # handle OpenID authentication + def openid_authentication(openid_url) + # If we don't appear to have a user for this URL then ask the + # provider for some extra information to help with signup + if openid_url and User.find_by_openid_url(openid_url) + required = nil + else + required = [:nickname, :email, "http://axschema.org/namePerson/friendly", "http://axschema.org/contact/email"] + end + + # Start the authentication + authenticate_with_open_id(openid_expand_url(openid_url), :required => required) do |result, identity_url, sreg, ax| + if result.successful? + # We need to use the openid url passed back from the OpenID provider + # rather than the one supplied by the user, as these can be different. + # + # For example, you can simply enter yahoo.com in the login box rather + # than a user specific url. Only once it comes back from the provider + # provider do we know the unique address for the user. + if user = User.find_by_openid_url(identity_url) + case user.status + when "pending" then + failed_login t('user.login.account not active') + when "active", "confirmed" then + successful_login(user) + when "suspended" then + webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org" + failed_login t('user.login.account suspended', :webmaster => webmaster) + else + failed_login t('user.login.auth failure') + end + else + # We don't have a user registered to this OpenID, so redirect + # to the create account page with username and email filled + # in if they have been given by the OpenID provider through + # the simple registration protocol. + nickname = sreg["nickname"] || ax["http://axschema.org/namePerson/friendly"] + email = sreg["email"] || ax["http://axschema.org/contact/email"] + redirect_to :controller => 'user', :action => 'new', :nickname => nickname, :email => email, :openid => identity_url + end + elsif result.missing? + failed_login t('user.login.openid missing provider') + elsif result.invalid? + failed_login t('user.login.openid invalid') + else + failed_login t('user.login.auth failure') + end + end + end + + ## + # verify an OpenID URL + def openid_verify(openid_url, user) + user.openid_url = openid_url + + authenticate_with_open_id(openid_expand_url(openid_url)) do |result, identity_url| + if result.successful? + # We need to use the openid url passed back from the OpenID provider + # rather than the one supplied by the user, as these can be different. + # + # For example, you can simply enter yahoo.com in the login box rather + # than a user specific url. Only once it comes back from the provider + # provider do we know the unique address for the user. + user.openid_url = identity_url + yield user + elsif result.missing? + flash.now[:error] = t 'user.login.openid missing provider' + elsif result.invalid? + flash.now[:error] = t 'user.login.openid invalid' + else + flash.now[:error] = t 'user.login.auth failure' + end + end + end + + ## + # special case some common OpenID providers by applying heuristics to + # try and come up with the correct URL based on what the user entered + def openid_expand_url(openid_url) + if openid_url.nil? + return nil + elsif openid_url.match(/(.*)gmail.com(\/?)$/) or openid_url.match(/(.*)googlemail.com(\/?)$/) + # Special case gmail.com as it is potentially a popular OpenID + # provider and, unlike yahoo.com, where it works automatically, Google + # have hidden their OpenID endpoint somewhere obscure this making it + # somewhat less user friendly. + return 'https://www.google.com/accounts/o8/id' + else + return openid_url + end + end + + ## + # process a successful login + def successful_login(user) + session[:user] = user.id + + session_expires_after 1.month if session[:remember_me] + + if user.blocked_on_view + redirect_to user.blocked_on_view, :referer => params[:referer] + elsif session[:referer] + redirect_to session[:referer] + else + redirect_to :controller => 'site', :action => 'index' + end + + session.delete(:remember_me) + session.delete(:referer) + end + + ## + # process a failed login + def failed_login(message) + flash[:error] = message + + redirect_to :action => 'login', :referer => session[:referer] + + session.delete(:remember_me) + session.delete(:referer) + end + + ## + # update a user's details + def update_user(user) + if user.save + set_locale + + if user.new_email.nil? or user.new_email.empty? + flash.now[:notice] = t 'user.account.flash update success' + else + flash.now[:notice] = t 'user.account.flash update success confirm needed' + + begin + Notifier.deliver_email_confirm(user, user.tokens.create) + rescue + # Ignore errors sending email + end + end + end + end + ## # require that the user is a administrator, or fill out a helpful error message # and return them to the user page. diff --combined app/models/user.rb index d5b75d073,1db8adab7..43f1bd851 --- a/app/models/user.rb +++ b/app/models/user.rb @@@ -23,7 -23,6 +23,7 @@@ class User < ActiveRecord::Bas validates_confirmation_of :pass_crypt#, :message => ' must match the confirmation password' validates_uniqueness_of :display_name, :allow_nil => true validates_uniqueness_of :email + validates_uniqueness_of :openid_url, :allow_nil => true validates_length_of :pass_crypt, :within => 8..255 validates_length_of :display_name, :within => 3..255, :allow_nil => true validates_email_format_of :email @@@ -34,6 -33,7 +34,7 @@@ validates_numericality_of :home_lat, :allow_nil => true validates_numericality_of :home_lon, :allow_nil => true validates_numericality_of :home_zoom, :only_integer => true, :allow_nil => true + validates_inclusion_of :preferred_editor, :in => Editors::ALL_EDITORS, :allow_nil => true before_save :encrypt_password @@@ -203,4 -203,10 +204,10 @@@ return score.to_i end + + ## + # return an oauth access token for a specified application + def access_token(application_key) + return ClientApplication.find_by_key(application_key).access_token_for_user(self) + end end diff --combined app/views/user/account.html.erb index 3bfd7577e,7047b5b82..161f8f4f9 --- a/app/views/user/account.html.erb +++ b/app/views/user/account.html.erb @@@ -27,11 -27,6 +27,11 @@@ <%= f.password_field :pass_crypt_confirmation, {:value => '', :size => 30, :maxlength => 255, :autocomplete => :off} %> + + <%= t 'user.account.openid.openid' %> + <%= f.text_field :openid_url, {:class => "openid_url"} %> (<%= t 'user.account.openid.link text' %>) + + <%= t 'user.account.public editing.heading' %> @@@ -71,6 -66,11 +71,11 @@@ <%= f.text_field :languages %> + + <%= t 'user.account.preferred editor' %> + <%= f.select :preferred_editor, [[t("editor.default", :name => t("editor.#{DEFAULT_EDITOR}.name")), 'default']] + Editors::ALL_EDITORS.collect { |e| [t("editor.#{e}.description"), e] } %> + + <%= t 'user.account.image' %> diff --combined config/locales/en.yml index ebd53720b,74ac8e75d..72d111f8a --- a/config/locales/en.yml +++ b/config/locales/en.yml @@@ -79,6 -79,17 +79,17 @@@ en with_id: "{{id}}" with_version: "{{id}}, v{{version}}" with_name: "{{name}} ({{id}})" + editor: + default: "Default (currently {{name}})" + potlatch: + name: "Potlatch 1" + description: "Potlatch 1 (in-browser editor)" + potlatch2: + name: "Potlatch 2" + description: "Potlatch 2 (in-browser editor)" + remote: + name: "Remote Control" + description: "Remote Control (JOSM or Merkaartor)" browse: changeset: title: "Changeset" @@@ -912,6 -923,7 +923,7 @@@ gps_traces_tooltip: Manage GPS traces user_diaries: User Diaries user_diaries_tooltip: View user diaries + edit_with: Edit with {{editor}} tag_line: The Free Wiki World Map intro_1: "OpenStreetMap is a free editable map of the whole world. It is made by people like you." intro_2: "OpenStreetMap allows you to view, edit and use geographical data in a collaborative way from anywhere on Earth." @@@ -1226,6 -1238,7 +1238,7 @@@ license_url: "http://creativecommons.org/licenses/by-sa/2.0/" project_name: "OpenStreetMap project" project_url: "http://openstreetmap.org" + remote_failed: "Editing failed - make sure JOSM or Merkaartor is loaded and the remote control option is enabled" edit: not_public: "You have not set your edits to be public." not_public_description: "You can no longer edit the map unless you do so. You can set your edits as public from your {{user_page}}." @@@ -1235,6 -1248,8 +1248,8 @@@ anon_edits_link_text: "Find out why this is the case." flash_player_required: 'You need a Flash player to use Potlatch, the OpenStreetMap Flash editor. You can download Flash Player from Adobe.com. Several other options are also available for editing OpenStreetMap.' potlatch_unsaved_changes: "You have unsaved changes. (To save in Potlatch, you should deselect the current way or point, if editing in live mode, or click save if you have a save button.)" + potlatch2_unsaved_changes: "You have unsaved changes. (To save in Potlatch 2, you should click save.)" + no_iframe_support: "Your browser doesn't support HTML iframes, which are necessary for this feature." sidebar: search_results: Search Results close: Close @@@ -1496,9 -1511,6 +1511,9 @@@ create_account: "create an account" email or username: "Email Address or Username:" password: "Password:" + openid: "{{logo}} OpenID:" + username_heading: "Login with username and password:" + openid_heading: "Login with OpenID:" remember: "Remember me:" lost password link: "Lost your password?" login_button: "Login" @@@ -1507,28 -1519,6 +1522,28 @@@ webmaster: webmaster auth failure: "Sorry, could not log in with those details." notice: "Find out more about OpenStreetMap's upcoming license change (translations) (discussion)" + openid missing provider: "Sorry, could not contact your OpenID provider" + openid invalid: "Sorry, your OpenID seems to be malformed" + openid_logo_alt: "Log in with an OpenID" + openid_providers: + openid: + title: Login with an OpenID URL + alt: Login with an OpenID URL + yahoo: + title: Login with a Yahoo! OpenID + alt: Login with a Yahoo! OpenID + google: + title: Login with a Google OpenID + alt: Login with a Google OpenID + myopenid: + title: Login with a myOpenID OpenID + alt: Login with a myOpenID OpenID + wordpress: + title: Login with a Wordpress.com OpenID + alt: Login with a Wordpress.com OpenID + myspace: + title: Login with a MySpace OpenID + alt: Login with a MySpace OpenID logout: title: "Logout" heading: "Logout from OpenStreetMap" @@@ -1561,21 -1551,8 +1576,21 @@@ not displayed publicly: 'Not displayed publicly (see privacy policy)' display name: "Display Name:" display name description: "Your publicly displayed username. You can change this later in the preferences." + openid: "{{logo}} OpenID:" password: "Password:" confirm password: "Confirm Password:" + use openid: "Alternatively, use {{logo}} OpenID to login" + openid no password: "With OpenID a password is not required, but some extra tools or server may still need one." + openid association: | +

Your OpenID is not associated with a OpenStreetMap account yet.

+ continue: Continue flash create success message: "Thanks for signing up. We've sent a confirmation note to {{email}} and as soon as you confirm your account you'll be able to get mapping.

If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests." terms accepted: "Thanks for accepting the new contributor terms!" @@@ -1658,10 -1635,6 +1673,10 @@@ current email address: "Current Email Address:" new email address: "New Email Address:" email never displayed publicly: "(never displayed publicly)" + openid: + openid: "OpenID:" + link: "http://wiki.openstreetmap.org/wiki/OpenID" + link text: "what is this?" public editing: heading: "Public editing:" enabled: "Enabled. Not anonymous and can edit data." @@@ -1682,6 -1655,7 +1697,7 @@@ link text: "what is this?" profile description: "Profile Description:" preferred languages: "Preferred Languages:" + preferred editor: "Preferred Editor:" image: "Image:" new image: "Add an image" keep image: "Keep the current image" diff --combined public/stylesheets/common.css index 36966f3ba,9535caacd..fde9fde86 --- a/public/stylesheets/common.css +++ b/public/stylesheets/common.css @@@ -344,6 -344,27 +344,27 @@@ hr text-align: right; } + /* Rules for edit menu */ + + #editmenu { + display: none; + z-index: 10000; + position: absolute; + background-color: #ffffff; + border: 1px solid black; + } + + #editmenu ul { + margin-top: 10px; + margin-bottom: 10px; + padding-left: 10px; + padding-right: 10px; + } + + #editmenu li { + list-style-type: none; + } + /* Rules for attribution text under the main map shown on printouts */ #attribution { @@@ -583,37 -604,6 +604,37 @@@ margin-top: 10px; } +/* Rules for the login form */ + +.loginBox { + float: left; + border-style: solid; + border-width: 1px; + padding-left: 10px; + padding-right: 10px; + padding-bottom: 10px; +} + +.loginBox table { + width: 100%; +} + +.loginBox img { + border: 0; +} + +.loginBox #openid_buttons img { + vertical-align: middle; +} + +.loginBox input[type="submit"] { + float: right; +} + +#openid_buttons { + margin-bottom: 20px; +} + /* Rules for the account confirmation page */ div#contributorTerms { @@@ -790,11 -780,6 +811,11 @@@ input[type="submit"] border: 1px solid black; } +input.openid_url { + background: url('../images/openid_input.png') repeat-y left; + padding-left: 16px; +} + /* Rules for user images */ img.user_image { @@@ -837,10 -822,3 +858,10 @@@ abbr.geo .table1 { background: #fff; } + +/* Rules for OpenID logo */ + +.openid_logo { + vertical-align: text-bottom; + border: 0; +}