if params[:user] and params[:user][:openid_url] and @user.pass_crypt.empty?
# We are creating an account with OpenID and no password
# was specified so create a random one
- @user.pass_crypt = SecureRandom.base64(16)
- @user.pass_crypt_confirmation = @user.pass_crypt
+ @user.pass_crypt = SecureRandom.base64(16)
+ @user.pass_crypt_confirmation = @user.pass_crypt
end
if @user
@user.terms_agreed = Time.now.getutc
@user.terms_seen = true
@user.openid_url = nil if @user.openid_url and @user.openid_url.empty?
-
+
+ if (session[:openid_verified])
+ openid_verified = session.delete(:openid_verified)
+ if (openid_verified[:identity_url]) and (openid_verified[:identity_url] == @user.openid_url) and (openid_verified[:email]) and (openid_verified[:email] == @user.email)
+ # if we have an email from an OpenID provider that we trust to have verified the email for us, then activate the account directly
+ # without doing our own email verification.
+ @user.status = "active"
+ end
+ end
+
if @user.save
flash[:piwik_goal] = PIWIK_SIGNUP_GOAL if defined?(PIWIK_SIGNUP_GOAL)
flash[:notice] = t 'user.new.flash create success message', :email => @user.email
- Notifier.signup_confirm(@user, @user.tokens.create(:referer => session.delete(:referer))).deliver
- session[:token] = @user.tokens.create.token
- redirect_to :action => 'login', :referer => params[:referer]
+ if @user.status == "active"
+ Notifier.signup_confirm(@user, nil).deliver
+ successful_login(@user)
+ else
+ Notifier.signup_confirm(@user, @user.tokens.create(:referer => session.delete(:referer))).deliver
+ session[:token] = @user.tokens.create.token
+ redirect_to :action => 'login', :referer => params[:referer]
+ end
else
render :action => 'new', :referer => params[:referer]
end
referer = token.referer
token.destroy
- if session[:token]
+ if session[:token]
token = UserToken.find_by_token(session[:token])
session.delete(:token)
else
# the simple registration protocol.
nickname = sreg["nickname"] || ax["http://axschema.org/namePerson/friendly"].first
email = sreg["email"] || ax["http://axschema.org/contact/email"].first
+
+ # Check if the openID is from a "trusted" OpenID provider and thus provides a verified email address
+ session[:openid_verified] = openid_email_verified(identity_url, email)
redirect_to :controller => 'user', :action => 'new', :nickname => nickname, :email => email, :openid => identity_url
end
elsif result.missing?
else
return openid_url
end
- end
+ end
+
+ def openid_email_verified(openid_url, email)
+ # OpenID providers Google and Yahoo are guaranteed to return (if at all) an email address that has been verified by
+ # them already. So we can trust the email addresses to be valid and own by the user without having to verify them our
+ # selves.
+ # Store the email in the session to compare agains the user set email address during account creation.
+ openid_verified = Hash.new
+ openid_verified[:identity_url] = openid_url
+ if openid_url.match(/https:\/\/www.google.com\/accounts\/o8\/id?(.*)/) or openid_url.match(/https:\/\/me.yahoo.com\/(.*)/)
+ openid_verified[:email] = email
+ end
+ return openid_verified
+
+ end
##
# process a successful login
user.languages = params[:user][:languages].split(",")
case params[:image_action]
- when "new" then user.image = params[:user][:image]
- when "delete" then user.image = nil
+ when "new" then
+ user.image = params[:user][:image]
+ user.image_use_gravatar = false
+ when "delete" then
+ user.image = nil
+ user.image_use_gravatar = false
+ when "gravatar" then
+ user.image = nil
+ user.image_use_gravatar = true
end
user.home_lat = params[:user][:home_lat]
##
#
def disable_terms_redirect
- # this is necessary otherwise going to the user terms page, when
+ # this is necessary otherwise going to the user terms page, when
# having not agreed already would cause an infinite redirect loop.
# it's .now so that this doesn't propagate to other pages.
flash.now[:skip_terms] = true