Commit 49c8f547 authored by jplang's avatar jplang

Fixed: Openid registration form should not require user to enter password (#11331).

git-svn-id: https://svn.redmine.org/redmine/trunk@9929 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 752b7dfd
......@@ -84,8 +84,9 @@ class AccountController < ApplicationController
session[:auth_source_registration] = nil
@user = User.new(:language => Setting.default_language)
else
user_params = params[:user] || {}
@user = User.new
@user.safe_attributes = params[:user]
@user.safe_attributes = user_params
@user.admin = false
@user.register
if session[:auth_source_registration]
......@@ -100,7 +101,9 @@ class AccountController < ApplicationController
end
else
@user.login = params[:user][:login]
@user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
@user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
end
case Setting.self_registration
when '1'
......
......@@ -116,6 +116,42 @@ class AccountControllerTest < ActionController::TestCase
assert_equal 'http://openid.example.com/good_user', assigns(:user)[:identity_url]
end
def test_login_with_openid_with_new_user_with_missing_information_should_register
Setting.self_registration = '3'
post :login, :openid_url => 'http://openid.example.com/good_blank_user'
assert_response :success
assert_template 'register'
assert assigns(:user)
assert_equal 'http://openid.example.com/good_blank_user', assigns(:user)[:identity_url]
assert_select 'input[name=?]', 'user[login]'
assert_select 'input[name=?]', 'user[password]'
assert_select 'input[name=?]', 'user[password_confirmation]'
assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_blank_user'
end
def test_register_after_login_failure_should_not_require_user_to_enter_a_password
Setting.self_registration = '3'
assert_difference 'User.count' do
post :register, :user => {
:login => 'good_blank_user',
:password => '',
:password_confirmation => '',
:firstname => 'Cool',
:lastname => 'User',
:mail => 'user@somedomain.com',
:identity_url => 'http://openid.example.com/good_blank_user'
}
assert_response 302
end
user = User.first(:order => 'id DESC')
assert_equal 'http://openid.example.com/good_blank_user', user.identity_url
assert user.hashed_password.blank?, "Hashed password was #{user.hashed_password}"
end
def test_setting_openid_should_return_true_when_set_to_true
assert_equal true, Setting.openid?
end
......
......@@ -16,9 +16,10 @@ module OpenIdAuthentication
def authenticate_with_open_id(identity_url = params[:openid_url], options = {}) #:doc:
if User.find_by_identity_url(identity_url) || identity_url.include?('good')
extension_response_fields = {}
# Don't process registration fields unless it is requested.
unless identity_url.include?('blank') || (options[:required].nil? && options[:optional].nil?)
extension_response_fields = {}
options[:required].each do |field|
extension_response_fields[field.to_s] = EXTENSION_FIELDS[field.to_s]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment