From: Tom Hughes Date: Mon, 4 Oct 2010 23:23:04 +0000 (+0100) Subject: Merge branch 'master' into openid X-Git-Tag: live~6815 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/c016bf6c153eb1c416b2104874bf2e44c2f55913?hp=--cc Merge branch 'master' into openid Conflicts: app/controllers/user_controller.rb --- c016bf6c153eb1c416b2104874bf2e44c2f55913 diff --cc app/controllers/user_controller.rb index a42f932a9,e5a2f04bd..1ac3b1ca5 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@@ -100,8 -70,8 +100,8 @@@ class UserController < ApplicationContr @user.terms_agreed = Time.now.getutc if @user.save - flash[:notice] = t 'user.new.flash create success message' + flash[:notice] = t 'user.new.flash create success message', :email => @user.email - Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => params[:referer])) + Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => session.delete(:referer))) redirect_to :action => 'login' else render :action => 'new' @@@ -406,164 -423,6 +434,164 @@@ private + ## + # handle password authentication + def password_authentication(username, password) + if user = User.authenticate(:username => username, :password => password) + successful_login(user) - elsif User.authenticate(:username => username, :password => password, :pending => true) - failed_login t('user.login.account not active') ++ elsif user = User.authenticate(:username => username, :password => password, :pending => true) ++ failed_login t('user.login.account not active', :reconfirm => url_for(:action => 'confirm_resend', :display_name => user.display_name)) + elsif User.authenticate(:username => username, :password => password, :suspended => true) + webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org" + failed_login t('user.login.account suspended', :webmaster => webmaster) + else + failed_login t('user.login.auth failure') + end + end + + ## + # handle OpenID authentication + def openid_authentication(openid_url) + # If we don't appear to have a user for this URL then ask the + # provider for some extra information to help with signup + if openid_url and User.find_by_openid_url(openid_url) + required = nil + else + required = [:nickname, :email, "http://axschema.org/namePerson/friendly", "http://axschema.org/contact/email"] + end + + # Start the authentication + authenticate_with_open_id(openid_expand_url(openid_url), :required => required) do |result, identity_url, sreg, ax| + if result.successful? + # We need to use the openid url passed back from the OpenID provider + # rather than the one supplied by the user, as these can be different. + # + # For example, you can simply enter yahoo.com in the login box rather + # than a user specific url. Only once it comes back from the provider + # provider do we know the unique address for the user. + if user = User.find_by_openid_url(identity_url) + case user.status + when "pending" then + failed_login t('user.login.account not active') + when "active", "confirmed" then + successful_login(user) + when "suspended" then + webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org" + failed_login t('user.login.account suspended', :webmaster => webmaster) + else + failed_login t('user.login.auth failure') + end + else + # We don't have a user registered to this OpenID, so redirect + # to the create account page with username and email filled + # in if they have been given by the OpenID provider through + # the simple registration protocol. + nickname = sreg["nickname"] || ax["http://axschema.org/namePerson/friendly"] + email = sreg["email"] || ax["http://axschema.org/contact/email"] + redirect_to :controller => 'user', :action => 'new', :nickname => nickname, :email => email, :openid => identity_url + end + elsif result.missing? + failed_login t('user.login.openid missing provider') + elsif result.invalid? + failed_login t('user.login.openid invalid') + else + failed_login t('user.login.auth failure') + end + end + end + + ## + # verify an OpenID URL + def openid_verify(openid_url, user) + user.openid_url = openid_url + + authenticate_with_open_id(openid_expand_url(openid_url)) do |result, identity_url| + if result.successful? + # We need to use the openid url passed back from the OpenID provider + # rather than the one supplied by the user, as these can be different. + # + # For example, you can simply enter yahoo.com in the login box rather + # than a user specific url. Only once it comes back from the provider + # provider do we know the unique address for the user. + user.openid_url = identity_url + yield user + elsif result.missing? + flash.now[:error] = t 'user.login.openid missing provider' + elsif result.invalid? + flash.now[:error] = t 'user.login.openid invalid' + else + flash.now[:error] = t 'user.login.auth failure' + end + end + end + + ## + # special case some common OpenID providers by applying heuristics to + # try and come up with the correct URL based on what the user entered + def openid_expand_url(openid_url) + if openid_url.nil? + return nil + elsif openid_url.match(/(.*)gmail.com(\/?)$/) or openid_url.match(/(.*)googlemail.com(\/?)$/) + # Special case gmail.com as it is potentially a popular OpenID + # provider and, unlike yahoo.com, where it works automatically, Google + # have hidden their OpenID endpoint somewhere obscure this making it + # somewhat less user friendly. + return 'https://www.google.com/accounts/o8/id' + else + return openid_url + end + end + + ## + # process a successful login + def successful_login(user) + session[:user] = user.id + + session_expires_after 1.month if session[:remember_me] + + if user.blocked_on_view + redirect_to user.blocked_on_view, :referer => params[:referer] + elsif session[:referer] + redirect_to session[:referer] + else + redirect_to :controller => 'site', :action => 'index' + end + + session.delete(:remember_me) + session.delete(:referer) + end + + ## + # process a failed login + def failed_login(message) + flash[:error] = message + + redirect_to :action => 'login', :referer => session[:referer] + + session.delete(:remember_me) + session.delete(:referer) + end + + ## + # update a user's details + def update_user(user) + if user.save + set_locale + + if user.new_email.nil? or user.new_email.empty? + flash.now[:notice] = t 'user.account.flash update success' + else + flash.now[:notice] = t 'user.account.flash update success confirm needed' + + begin + Notifier.deliver_email_confirm(user, user.tokens.create) + rescue + # Ignore errors sending email + end + end + end + end + ## # require that the user is a administrator, or fill out a helpful error message # and return them to the user page. diff --cc config/locales/en.yml index 8a3a1a2ec,4e633b27b..7625a695f --- a/config/locales/en.yml +++ b/config/locales/en.yml @@@ -1562,23 -1537,10 +1562,23 @@@ en not displayed publicly: 'Not displayed publicly (see privacy policy)' display name: "Display Name:" display name description: "Your publicly displayed username. You can change this later in the preferences." + openid: "{{logo}} OpenID:" password: "Password:" confirm password: "Confirm Password:" + use openid: "Alternatively, use {{logo}} OpenID to login" + openid no password: "With OpenID a password is not required, but some extra tools or server may still need one." + openid association: | +

Your OpenID is not associated with a OpenStreetMap account yet.

+ continue: Continue - flash create success message: "User was successfully created. Check your email for a confirmation note, and you will be mapping in no time :-)

Please note that you will not be able to login until you've received and confirmed your email address.

If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests." + flash create success message: "Thanks for signing up. We've sent a confirmation note to {{email}} and as soon as you confirm your account you'll be able to get mapping.

If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests." terms accepted: "Thanks for accepting the new contributor terms!" terms: title: "Contributor terms"