From a9f4549327c9f19ac1ec14116d754077158ad8c9 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sat, 30 Nov 2013 12:16:44 +0000
Subject: [PATCH] Tidy up the OAuth authorization screens

Make sure all messages are translatable, separate errors from
user initiated denial of authorization.
---
 app/controllers/oauth_controller.rb        | 2 ++
 app/views/oauth/authorize.html.erb         | 5 +++--
 app/views/oauth/authorize_failure.html.erb | 6 ++++--
 app/views/oauth/authorize_success.html.erb | 6 ++++--
 config/locales/en.yml                      | 9 +++++++++
 test/integration/oauth_test.rb             | 2 +-
 6 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb
index 856fdd790..7ae7938c3 100644
--- a/app/controllers/oauth_controller.rb
+++ b/app/controllers/oauth_controller.rb
@@ -67,10 +67,12 @@ protected
           end
         else
           @token.invalidate!
+          @message = t("oauth.oauthorize_failure.denied", :app_name => @token.client_application.name)
           render :action => "authorize_failure"
         end
       end
     else
+      @message = t "oauth.oauthorize_failure.invalid"
       render :action => "authorize_failure"
     end
   end
diff --git a/app/views/oauth/authorize.html.erb b/app/views/oauth/authorize.html.erb
index 31729d4f0..d8feeed26 100644
--- a/app/views/oauth/authorize.html.erb
+++ b/app/views/oauth/authorize.html.erb
@@ -1,8 +1,9 @@
 <% content_for :heading do %>
-  <h1>Authorize access to your account</h1>
-  <p><%= raw t('oauth.oauthorize.request_access', :app_name => link_to(@token.client_application.name, @token.client_application.url), :user => link_to(@user.display_name, :controller => :user, :action => :view, :display_name => @user.display_name)) %></p>
+  <h1><%= t "oauth.oauthorize.title" %></h1>
 <% end %>
 
+<p><%= raw t("oauth.oauthorize.request_access", :app_name => link_to(@token.client_application.name, @token.client_application.url), :user => link_to(@user.display_name, :controller => :user, :action => :view, :display_name => @user.display_name)) %></p>
+
 <%= form_tag authorize_url do %>
   <%= hidden_field_tag "oauth_token", @token.token %>
   <%- if params[:oauth_callback] -%>
diff --git a/app/views/oauth/authorize_failure.html.erb b/app/views/oauth/authorize_failure.html.erb
index d5e53e4c4..4afba70e3 100644
--- a/app/views/oauth/authorize_failure.html.erb
+++ b/app/views/oauth/authorize_failure.html.erb
@@ -1,3 +1,5 @@
 <% content_for :heading do %>
-  <h1>You have disallowed this request</h1>
-<% end %>
\ No newline at end of file
+  <h1><%= t "oauth.oauthorize_failure.title" %></h1>
+<% end %>
+
+<p><%= @message %></p>
diff --git a/app/views/oauth/authorize_success.html.erb b/app/views/oauth/authorize_success.html.erb
index aa2a52f66..c8f56af33 100644
--- a/app/views/oauth/authorize_success.html.erb
+++ b/app/views/oauth/authorize_success.html.erb
@@ -1,7 +1,9 @@
 <% content_for :heading do %>
-  <h1>You have allowed this request</h1>
+  <h1><%= t "oauth.oauthorize_success.title" %></h1>
 <% end %>
 
+<p><%= raw t("oauth.oauthorize_success.allowed", :app_name => link_to(@token.client_application.name, @token.client_application.url)) %></p>
+
 <% if @token.oob? and not @token.oauth10? %>
-<p>The verification code is <%= @token.verifier %></p>
+<p><%= t "oauth.oauthorize_success.verification", :code => @token.verifier %></p>
 <% end %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 9e0bfb009..43c0c4ad1 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1500,6 +1500,7 @@ en:
       need_to_see_terms: "Your access to the API is temporarily suspended. Please log-in to the web interface to view the Contributor Terms. You do not need to agree, but you must view them."
   oauth:
     oauthorize:
+      title: "Authorize access to your account"
       request_access: "The application %{app_name} is requesting access to your account, %{user}. Please check whether you would like the application to have the following capabilities. You may choose as many or as few as you like."
       allow_to: "Allow the client application to:"
       allow_read_prefs:  "read your user preferences."
@@ -1509,6 +1510,14 @@ en:
       allow_read_gpx:    "read your private GPS traces."
       allow_write_gpx:   "upload GPS traces."
       allow_write_notes: "modify notes."
+    oauthorize_success:
+      title: "Authorization request allowed"
+      allowed: "You have granted application %{app_name} access to your account."
+      verification: "The verification code is %{code}."
+    oauthorize_failure:
+      title: "Authorization request failed"
+      denied: "You have denied application %{app_name} access to your account."
+      invalid: "The authorization token is not valid."
     revoke:
       flash: "You've revoked the token for %{application}"
   oauth_clients:
diff --git a/test/integration/oauth_test.rb b/test/integration/oauth_test.rb
index eb4a599bd..fbb947af4 100644
--- a/test/integration/oauth_test.rb
+++ b/test/integration/oauth_test.rb
@@ -285,7 +285,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
       :allow_read_prefs => true, :allow_write_prefs => true
     assert_response :success
     assert_template "authorize_success"
-    m = response.body.match("<p>The verification code is ([A-Za-z0-9]+)</p>")
+    m = response.body.match("<p>The verification code is ([A-Za-z0-9]+).</p>")
     assert_not_nil m
     verifier = m[1]
     token.reload
-- 
2.43.2