Merge branch 'master' into openid

diff --combined app/controllers/user_controller.rb
index cc4ae4cd82e455479c5697bffa30862e39bbddbe,21561736c53b6c78d57a5257d58a5b8c602be0ba..17f52fd40e9362de99318c9343cdaf994c432ff4
--- 1/app/controllers/user_controller.rb
--- 2/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@@ -26,47 -26,17 +26,47 @@@ class UserController < ApplicationContr
        render :update do |page|
          page.replace_html "contributorTerms", :partial => "terms", :locals => { :has_decline => params[:has_decline] }
        end
 +    elsif using_open_id?
 +      # The redirect from the OpenID provider reenters here
 +      # again and we need to pass the parameters through to
 +      # the open_id_authentication function
 +      @user = session.delete(:new_user)
 +
 +      openid_verify(nil, @user) do |user|
 +      end
 +
 +      if @user.openid_url.nil? or @user.invalid?
 +        render :action => 'new'
 +      else
 +        render :action => 'terms'
 +      end
      else
 +      session[:referer] = params[:referer]
 +
        @title = t 'user.terms.title'
        @user = User.new(params[:user]) if params[:user]
  
 +      if params[:user][:openid_url] and @user.pass_crypt.empty?
 +        # We are creating an account with OpenID and no password
 +        # was specified so create a random one
 +        @user.pass_crypt = ActiveSupport::SecureRandom.base64(16) 
 +        @user.pass_crypt_confirmation = @user.pass_crypt 
 +      end
 +
        if @user
          if @user.invalid?
 +          # Something is wrong, so rerender the form
            render :action => :new
          elsif @user.terms_agreed?
 +          # Already agreed to terms, so just show settings
            redirect_to :action => :account, :display_name => @user.display_name
 +        elsif params[:user][:openid_url]
 +          # Verify OpenID before moving on
 +          session[:new_user] = @user
 +          openid_verify(params[:user][:openid_url], @user)
          end
        else
 +        # Not logged in, so redirect to the login page
          redirect_to :action => :login, :referer => request.request_uri
        end
      end
@@@ -101,7 -71,7 +101,7 @@@
  
        if @user.save
          flash[:notice] = t 'user.new.flash create success message'
 -        Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => params[:referer]))
 +        Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => session.delete(:referer)))
          redirect_to :action => 'login'
        else
          render :action => 'new'
@@@ -133,25 -103,29 +133,25 @@@
        @user.home_lat = params[:user][:home_lat]
        @user.home_lon = params[:user][:home_lon]
  
 -      if @user.save
 -        set_locale
 +      @user.openid_url = nil if params[:user][:openid_url].empty?
  
 -        if @user.new_email.nil? or @user.new_email.empty?
 -          flash[:notice] = t 'user.account.flash update success'
 -        else
 -          flash[:notice] = t 'user.account.flash update success confirm needed'
 -
 -          begin
 -            Notifier.deliver_email_confirm(@user, @user.tokens.create)
 -          rescue
 -            # Ignore errors sending email
 -          end
 -        end
 -
 -        redirect_to :action => "account", :display_name => @user.display_name
 +      if params[:user][:openid_url].length > 0 and
 +         params[:user][:openid_url] != @user.openid_url
 +        # If the OpenID has changed, we want to check that it is a
 +        # valid OpenID and one the user has control over before saving
 +        # it as a password equivalent for the user.
 +        session[:new_user] = @user
 +        openid_verify(params[:user][:openid_url], @user)
 +      else
 +        update_user(@user)
        end
 -    else
 -      if flash[:errors]
 -        flash[:errors].each do |attr,msg|
 -          attr = "new_email" if attr == "email"
 -          @user.errors.add(attr,msg)
 -        end
 +    elsif using_open_id?
 +      # The redirect from the OpenID provider reenters here
 +      # again and we need to pass the parameters through to
 +      # the open_id_authentication function
 +      @user = session.delete(:new_user)
 +      openid_verify(nil, @user) do |user|
 +        update_user(user)
        end
      end
    end
@@@ -210,28 -184,43 +210,28 @@@
  
    def new
      @title = t 'user.new.title'
 -
 -    # The user is logged in already, so don't show them the signup
 -    # page, instead send them to the home page
 -    redirect_to :controller => 'site', :action => 'index' if session[:user]
 +    @referer = params[:referer] || session[:referer]
 +
 +    if session[:user]
 +      # The user is logged in already, so don't show them the signup
 +      # page, instead send them to the home page
 +      redirect_to :controller => 'site', :action => 'index'
 +    elsif not params['openid'].nil?
 +      flash.now[:notice] = t 'user.new.openid association'
 +    end
    end
  
    def login
 -    @title = t 'user.login.title'
 -
 -    if params[:user]
 -      email_or_display_name = params[:user][:email]
 -      pass = params[:user][:password]
 -      user = User.authenticate(:username => email_or_display_name, :password => pass)
 +    if params[:username] or using_open_id?
 +      session[:remember_me] ||= params[:remember_me]
 +      session[:referer] ||= params[:referer]
  
 -      if user
 -        session[:user] = user.id
 -        session_expires_after 1.month if params[:remember_me]
 -
 -        # The user is logged in, if the referer param exists, redirect
 -        # them to that unless they've also got a block on them, in
 -        # which case redirect them to the block so they can clear it.
 -        if user.blocked_on_view
 -          redirect_to user.blocked_on_view, :referer => params[:referer]
 -        elsif params[:referer]
 -          redirect_to params[:referer]
 -        else
 -          redirect_to :controller => 'site', :action => 'index'
 -        end
 -      elsif User.authenticate(:username => email_or_display_name, :password => pass, :pending => true)
 -        flash.now[:error] = t 'user.login.account not active'
 -      elsif User.authenticate(:username => email_or_display_name, :password => pass, :suspended => true)
 -        webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org"
 -        flash.now[:error] = t 'user.login.account suspended', :webmaster => webmaster
 +      if using_open_id?
 +        openid_authentication(params[:openid_url])
        else
 -        flash.now[:error] = t 'user.login.auth failure'
 +        password_authentication(params[:username], params[:password])
        end
-     else
+     elsif flash[:notice].nil?
        flash.now[:notice] =  t 'user.login.notice'
      end
    end
@@@ -406,162 -395,6 +406,162 @@@
  
  private
  
 +  ##
 +  # handle password authentication
 +  def password_authentication(username, password)
 +    if user = User.authenticate(:username => username, :password => password)
 +      successful_login(user)
 +    elsif User.authenticate(:username => username, :password => password, :pending => true)
 +      failed_login t('user.login.account not active')
 +    elsif User.authenticate(:username => username, :password => password, :suspended => true)
 +      webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org"
 +      failed_login t('user.login.account suspended', :webmaster => webmaster)
 +    else
 +      failed_login t('user.login.auth failure')
 +    end
 +  end
 +
 +  ##
 +  # handle OpenID authentication
 +  def openid_authentication(openid_url)
 +    # If we don't appear to have a user for this URL then ask the
 +    # provider for some extra information to help with signup
 +    if openid_url and User.find_by_openid_url(openid_url)
 +      optional = nil
 +    else
 +      optional = [:nickname, :email]
 +    end
 +
 +    # Start the authentication
 +    authenticate_with_open_id(openid_expand_url(openid_url), :optional => optional) do |result, identity_url, registration|
 +      if result.successful?
 +        # We need to use the openid url passed back from the OpenID provider
 +        # rather than the one supplied by the user, as these can be different.
 +        #
 +        # For example, you can simply enter yahoo.com in the login box rather
 +        # than a user specific url. Only once it comes back from the provider
 +        # provider do we know the unique address for the user.
 +        if user = User.find_by_openid_url(identity_url)
 +          case user.status
 +            when "pending" then
 +              failed_login t('user.login.account not active')
 +            when "active", "confirmed" then
 +              successful_login(user)
 +            when "suspended" then
 +              webmaster = link_to t('user.login.webmaster'), "mailto:webmaster@openstreetmap.org"
 +              failed_login t('user.login.account suspended', :webmaster => webmaster)
 +            else
 +              failed_login t('user.login.auth failure')
 +          end
 +        else
 +          # We don't have a user registered to this OpenID, so redirect
 +          # to the create account page with username and email filled
 +          # in if they have been given by the OpenID provider through
 +          # the simple registration protocol.
 +          redirect_to :controller => 'user', :action => 'new', :nickname => registration['nickname'], :email => registration['email'], :openid => identity_url
 +        end
 +      elsif result.missing?
 +        failed_login t('user.login.openid missing provider')
 +      elsif result.invalid?
 +        failed_login t('user.login.openid invalid')
 +      else
 +        failed_login t('user.login.auth failure')
 +      end
 +    end
 +  end
 +
 +  ##
 +  # verify an OpenID URL
 +  def openid_verify(openid_url, user)
 +    user.openid_url = openid_url
 +
 +    authenticate_with_open_id(openid_expand_url(openid_url)) do |result, identity_url|
 +      if result.successful?
 +        # We need to use the openid url passed back from the OpenID provider
 +        # rather than the one supplied by the user, as these can be different.
 +        #
 +        # For example, you can simply enter yahoo.com in the login box rather
 +        # than a user specific url. Only once it comes back from the provider
 +        # provider do we know the unique address for the user.
 +        user.openid_url = identity_url
 +        yield user
 +      elsif result.missing?
 +        flash.now[:error] = t 'user.login.openid missing provider'
 +      elsif result.invalid?
 +        flash.now[:error] = t 'user.login.openid invalid'
 +      else
 +        flash.now[:error] = t 'user.login.auth failure'
 +      end
 +    end
 +  end
 +
 +  ##
 +  # special case some common OpenID providers by applying heuristics to
 +  # try and come up with the correct URL based on what the user entered
 +  def openid_expand_url(openid_url)
 +    if openid_url.nil?
 +      return nil
 +    elsif openid_url.match(/(.*)gmail.com(\/?)$/) or openid_url.match(/(.*)googlemail.com(\/?)$/)
 +      # Special case gmail.com as it is potentially a popular OpenID
 +      # provider and, unlike yahoo.com, where it works automatically, Google
 +      # have hidden their OpenID endpoint somewhere obscure this making it
 +      # somewhat less user friendly.
 +      return 'https://www.google.com/accounts/o8/id'
 +    else
 +      return openid_url
 +    end
 +  end  
 +
 +  ##
 +  # process a successful login
 +  def successful_login(user)
 +    session[:user] = user.id
 +
 +    session_expires_after 1.month if session[:remember_me]
 +
 +    if user.blocked_on_view
 +      redirect_to user.blocked_on_view, :referer => params[:referer]
 +    elsif session[:referer]
 +      redirect_to session[:referer]
 +    else
 +      redirect_to :controller => 'site', :action => 'index'
 +    end
 +
 +    session.delete(:remember_me)
 +    session.delete(:referer)
 +  end
 +
 +  ##
 +  # process a failed login
 +  def failed_login(message)
 +    flash[:error] = message
 +
 +    redirect_to :action => 'login', :referer =>  session[:referer]
 +
 +    session.delete(:remember_me)
 +    session.delete(:referer)
 +  end
 +
 +  ##
 +  # update a user's details
 +  def update_user(user)
 +    if user.save
 +      set_locale
 +
 +      if user.new_email.nil? or user.new_email.empty?
 +        flash.now[:notice] = t 'user.account.flash update success'
 +      else
 +        flash.now[:notice] = t 'user.account.flash update success confirm needed'
 +
 +        begin
 +          Notifier.deliver_email_confirm(user, user.tokens.create)
 +        rescue
 +          # Ignore errors sending email
 +        end
 +      end
 +    end
 +  end
 +
    ##
    # require that the user is a administrator, or fill out a helpful error message
    # and return them to the user page.

diff --combined config/locales/en.yml
index d027b8a9a6dd481708933e5a21b738c3bc927d8d,e090c02121fd3ea3effee32234fe0dca01468652..8a3a1a2ecce1099b0752d85241cf4fb5408e7c65
--- 1/config/locales/en.yml
--- 2/config/locales/en.yml
+++ b/config/locales/en.yml
@@@ -924,9 -924,13 +924,13 @@@ en
      osm_read_only: "The OpenStreetMap database is currently in read-only mode while essential database maintenance work is carried out."
      donate: "Support OpenStreetMap by {{link}} to the Hardware Upgrade Fund."
      donate_link_text: donating
-     help_wiki: "Help & Wiki"
-     help_wiki_tooltip: "Help & Wiki site for the project"
-     help_wiki_url: "http://wiki.openstreetmap.org"
+     help_and_wiki: "{{help}} & {{wiki}}"
+     help: Help
+     help_url: http://help.openstreetmap.org/
+     help_title: Help site for the project
+     wiki: Wiki
+     wiki_url: http://wiki.openstreetmap.org/
+     wiki_title: Wiki site for the project
      copyright: "Copyright & License"
      news_blog: "News blog"
      news_blog_tooltip: "News blog about OpenStreetMap, free geographical data, etc."
@@@ -1100,6 -1104,7 +1104,7 @@@
        the_wiki_url: "http://wiki.openstreetmap.org/wiki/Beginners%27_Guide"
        blog_and_twitter: "Catch up with the latest news via the OpenStreetMap blog or Twitter:"
        opengeodata: "OpenGeoData.org is OpenStreetMap founder Steve Coast's blog, and it has podcasts too:"
+       ask_questions: "You can ask any questions you may have about OpenStreetMap at our question and answer site:"
        wiki_signup: "You may also want to sign up to the OpenStreetMap wiki at:"
        wiki_signup_url: "http://wiki.openstreetmap.org/index.php?title=Special:Userlogin&type=signup&returnto=Main_Page"
        # next four translations are in pairs : please word wrap appropriately
@@@ -1116,6 -1121,7 +1121,7 @@@
        more_videos: "There are {{more_videos_link}}."
        more_videos_here: "more videos here"
        get_reading: Get reading about OpenStreetMap <a href="http://wiki.openstreetmap.org/wiki/Beginners%27_Guide">on the wiki</a>, catch up with the latest news via the <a href="http://blog.openstreetmap.org/">OpenStreetMap blog</a> or <a href="http://twitter.com/openstreetmap">Twitter</a>, or browse through OpenStreetMap founder Steve Coast's <a href="http://www.opengeodata.org/">OpenGeoData blog</a> for the potted history of the project, which has <a href="http://www.opengeodata.org/?cat=13">podcasts to listen to</a> also!
+       ask_questions: You can ask any questions you may have about OpenStreetMap at our <a href="http://help.openstreetmap.org/">question and answer site</a>.
        wiki_signup: 'You may also want to <a href="http://wiki.openstreetmap.org/index.php?title=Special:Userlogin&type=signup&returnto=Main_Page">sign up to the OpenStreetMap wiki</a>.'
        user_wiki_page: 'It is recommended that you create a user wiki page, which includes category tags noting where you are, such as <a href="http://wiki.openstreetmap.org/wiki/Category:Users_in_London">[[Category:Users_in_London]]</a>.'
        current_user: 'A list of current users in categories, based on where in the world they are, is available from <a href="http://wiki.openstreetmap.org/wiki/Category:Users_by_geographical_region">Category:Users_by_geographical_region</a>.'
@@@ -1491,9 -1497,6 +1497,9 @@@
        create_account: "create an account"
        email or username: "Email Address or Username:"
        password: "Password:"
 +      openid: "{{logo}} OpenID:"
 +      username_heading: "Login with username and password:"
 +      openid_heading: "Login with OpenID:"
        remember: "Remember me:"
        lost password link: "Lost your password?"
        login_button: "Login"
@@@ -1502,28 -1505,6 +1508,28 @@@
        webmaster: webmaster
        auth failure: "Sorry, could not log in with those details."
        notice: "<a href=\"http://www.osmfoundation.org/wiki/License/We_Are_Changing_The_License\">Find out more about OpenStreetMap's upcoming license change</a> (<a href=\"http://wiki.openstreetmap.org/wiki/ODbL/We_Are_Changing_The_License\">translations</a>) (<a href=\"http://wiki.openstreetmap.org/wiki/Talk:ODbL/Upcoming\">discussion</a>)"
 +      openid missing provider: "Sorry, could not contact your OpenID provider"
 +      openid invalid: "Sorry, your OpenID seems to be malformed"
 +      openid_logo_alt: "Log in with an OpenID"
 +      openid_providers:
 +        openid:
 +          title: Login with an OpenID URL
 +          alt: Login with an OpenID URL
 +        yahoo:
 +          title: Login with a Yahoo! OpenID
 +          alt: Login with a Yahoo! OpenID
 +        google:
 +          title: Login with a Google OpenID
 +          alt: Login with a Google OpenID
 +        myopenid:
 +          title: Login with a myOpenID OpenID
 +          alt: Login with a myOpenID OpenID
 +        wordpress:
 +          title: Login with a Wordpress.com OpenID
 +          alt: Login with a Wordpress.com OpenID
 +        myspace:
 +          title: Login with a MySpace OpenID
 +          alt: Login with a MySpace OpenID
      logout:
        title: "Logout"
        heading: "Logout from OpenStreetMap"
@@@ -1556,21 -1537,8 +1562,21 @@@
        not displayed publicly: 'Not displayed publicly (see <a href="http://wiki.openstreetmap.org/wiki/Privacy_Policy" title="wiki privacy policy including section on email addresses">privacy policy</a>)'
        display name: "Display Name:"
        display name description: "Your publicly displayed username. You can change this later in the preferences."
 +      openid: "{{logo}} OpenID:"
        password: "Password:"
        confirm password: "Confirm Password:"
 +      use openid: "Alternatively, use {{logo}} OpenID to login"
 +      openid no password: "With OpenID a password is not required, but some extra tools or server may still need one."
 +      openid association: |
 +        <p>Your OpenID is not associated with a OpenStreetMap account yet.</p>
 +        <ul>
 +          <li>If you are new to OpenStreetMap, please create a new account using the form below.</li>
 +          <li>
 +            If you already have an account, you can login to your account
 +            using your username and password and then associate the account
 +            with your OpenID in your user settings.
 +          </li>
 +        </ul> 
        continue: Continue
        flash create success message: "User was successfully created. Check your email for a confirmation note, and you will be mapping in no time :-)<br /><br />Please note that you will not be able to login until you've received and confirmed your email address.<br /><br />If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests."
        terms accepted: "Thanks for accepting the new contributor terms!"
@@@ -1653,10 -1621,6 +1659,10 @@@
        current email address: "Current Email Address:"
        new email address: "New Email Address:"
        email never displayed publicly: "(never displayed publicly)"
 +      openid:
 +        openid: "OpenID:"
 +        link: "http://wiki.openstreetmap.org/wiki/OpenID"
 +        link text: "what is this?"
        public editing:
          heading: "Public editing:"
          enabled: "Enabled. Not anonymous and can edit data."

diff --combined config/locales/is.yml
index 0483fb81871b62011cd2284cbcabe254a76da3e3,d8351f55382d1d32f22631474fa818db55150fe2..fe7c8c05ba5968ed045fcaf718120a5cdf12b2c1
--- 1/config/locales/is.yml
--- 2/config/locales/is.yml
+++ b/config/locales/is.yml
@@@ -579,9 -579,6 +579,6 @@@ is
      export_tooltip: Niðurhala kortagögnum á hinum ýmsu sniðum
      gps_traces: GPS ferlar
      gps_traces_tooltip: Sjá alla GPS ferla
-     help_wiki: Hjálp & Wiki
-     help_wiki_tooltip: Hjálpar og wiki-síða fyrir verkefnið
-     help_wiki_url: http://wiki.openstreetmap.org/wiki/Fors%C3%AD%C3%B0a?uselang=is
      history: Breytingarskrá
      home: heim
      home_tooltip: Færa kortasýnina á þína staðsetningu
@@@ -1020,8 -1017,6 +1017,8 @@@
        current email address: "Núverandi netfang:"
        delete image: Eyða þessari mynd
        email never displayed publicly: (aldrei sýnt opinberlega)
 +      openid:
 +        link text: "hvað er openID?"
        flash update success: Stillingarnar þínar voru uppfærðar.
        flash update success confirm needed: Stillingarnar þínar voru uppfærðar. Póstur var sendur á netfangið þitt sem þú þarft að bregðast við til að netfangið þitt verði staðfest.
        home location: "Staðsetning:"
@@@ -1082,28 -1077,6 +1079,28 @@@
        remember: "Muna innskráninguna:"
        title: Innskrá
        webmaster: vefstjóra
 +      openid_heading: "Innskráning með OpenID:"
 +      username_heading: "Innskráning með OpenStreetMap aðgang:"
 +      openid_logo_alt: "Innskrá með OpenID"
 +      openid_providers:
 +        openid:
 +          title: Innskrá með OpenID slóð
 +          alt: Innskrá með OpenID slóð
 +        yahoo:
 +          title: Innsrká með Yahoo! OpenID
 +          alt: Innsrká með Yahoo! OpenID
 +        google:
 +          title: Innsrká með Google OpenID
 +          alt: Innsrká með Google OpenID
 +        myopenid:
 +          title: Innsrká með myOpenID OpenID
 +          alt: Innsrká með myOpenID OpenID
 +        wordpress:
 +          title: Innsrká með Wordpress.com OpenID
 +          alt: Innsrká með Wordpress.com OpenID
 +        myspace:
 +          title: Innsrká með MySpace OpenID
 +          alt: Innsrká með MySpace OpenID
      logout: 
        heading: Útskrá
        logout_button: Útskrá
@@@ -1135,21 -1108,6 +1132,21 @@@
        no_auto_account_create: Því miður getum við eki búið til reikning fyrir þig sjálfkrafa.
        not displayed publicly: Ekki sýnt opinberlega (sjá <a href="http://wiki.openstreetmap.org/index.php?uselang=is&title=Privacy_Policy" title="Meðferð persónuupplýsinga, þ.á.m. netfanga">meðferð persónuupplýsinga</a>)
        password: "Lykilorð:"
 +      openID associate: "Tengja OpenID við þennan aðgang"
 +      openID: "OpenID:"
 +      openID description: '(Valfrjálst) Ef þú ert með <a href="http://wiki.openstreetmap.org/wiki/openID">OpenID</a> getur þú tengt það við nýja aðganginn þinn.'
 +      openID nopassword: "Með OpenID þarft þú ekki að gefa upp lykilorð við innskráningu. Í stað þess notar þú OpenID."
 +      openID association: |
 +        Þetta OpenID er ekki tengt við neinn OpenStreetMap aðgang.
 +        <ul>
 +          <li>Ef þú ert ekki með OpenStreetMap aðgang getur þú búið til nýjan aðgang hér fyrir neðan.</li>
 +          <li>
 +            Ef þú ert þegar með aðgang skaltu innskrá þig með
 +            honum. Svo getur þú tengt OpenID við aðganginn þinn á
 +            stillingarsíðunni.
 +          </li>
 +        </ul> 
 +      signup: Nýskrá
        title: Nýskrá
      no_such_user: 
        body: Það er ekki til notandi með nafninu {{user}}. Kannski slóstu nafnið rangt inn eða fylgdir ógildum tengli.