From b34b89845122aff079af055f5adfc909c1e6ac9e Mon Sep 17 00:00:00 2001
From: Matt Amos <zerebubuth@gmail.com>
Date: Tue, 25 Aug 2009 15:00:32 +0000
Subject: [PATCH] Added referer URL in user_token so that redirections (e.g:
 from oauth token requests) are followed after the user has confirmed the
 sign-up. Added test for the same.

---
 app/controllers/user_controller.rb          |  9 +++--
 app/views/user/login.html.erb               |  2 +-
 app/views/user/new.html.erb                 |  1 +
 db/migrate/043_add_referer_to_user_token.rb |  9 +++++
 test/integration/user_creation_test.rb      | 40 +++++++++++++++++++++
 5 files changed, 58 insertions(+), 3 deletions(-)
 create mode 100644 db/migrate/043_add_referer_to_user_token.rb
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 86b715154..bea700331 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -29,7 +29,7 @@ class UserController < ApplicationController
 
       if @user.save
         flash[:notice] = t 'user.new.flash create success message'
-        Notifier.deliver_signup_confirm(@user, @user.tokens.create)
+        Notifier.deliver_signup_confirm(@user, @user.tokens.create(:referer => params[:referer]))
         redirect_to :action => 'login'
       else
         render :action => 'new'
@@ -198,10 +198,15 @@ class UserController < ApplicationController
         @user.active = true
         @user.email_valid = true
         @user.save!
+        referer = token.referer
         token.destroy
         flash[:notice] = t 'user.confirm.success'
         session[:user] = @user.id
-        redirect_to :action => 'account', :display_name => @user.display_name
+        unless referer.nil?
+          redirect_to referer
+        else
+          redirect_to :action => 'account', :display_name => @user.display_name
+        end
       else
         @notice = t 'user.confirm.failure'
       end
diff --git a/app/views/user/login.html.erb b/app/views/user/login.html.erb
index dc1001117..d77110d13 100644
--- a/app/views/user/login.html.erb
+++ b/app/views/user/login.html.erb
@@ -1,6 +1,6 @@
 <h1><%= t 'user.login.heading' %></h1>
 
-<p><%= t 'user.login.please login', :create_user_link => link_to(t('user.login.create_account'), :controller => 'user', :action => 'new') %></p>
+<p><%= t 'user.login.please login', :create_user_link => link_to(t('user.login.create_account'), :controller => 'user', :action => 'new', :referer => params[:referer]) %></p>
 
 <% form_tag :action => 'login' do %>
 <%= hidden_field_tag('referer', h(params[:referer])) %>
diff --git a/app/views/user/new.html.erb b/app/views/user/new.html.erb
index 6ac85560d..8b1dab5be 100644
--- a/app/views/user/new.html.erb
+++ b/app/views/user/new.html.erb
@@ -19,6 +19,7 @@
 <%= error_messages_for 'user' %>
 
 <% form_tag :action => 'save' do %>
+<%= hidden_field_tag('referer', h(params[:referer])) unless params[:referer].nil? %>
 <table id="loginForm">
   <tr><td class="fieldName"><%= t 'user.new.email address' %></td><td><%= text_field('user', 'email',{:size => 50, :maxlength => 255, :tabindex => 1}) %></td></tr>
   <tr><td class="fieldName"><%= t 'user.new.confirm email address' %></td><td><%= text_field('user', 'email_confirmation',{:size => 50, :maxlength => 255, :tabindex => 2}) %></td></tr>
diff --git a/db/migrate/043_add_referer_to_user_token.rb b/db/migrate/043_add_referer_to_user_token.rb
new file mode 100644
index 000000000..554cc937e
--- /dev/null
+++ b/db/migrate/043_add_referer_to_user_token.rb
@@ -0,0 +1,9 @@
+class AddRefererToUserToken < ActiveRecord::Migration
+  def self.up
+    add_column :user_tokens, :referer, :text
+  end
+
+  def self.down
+    remove_column :user_tokens, :referer
+  end
+end
diff --git a/test/integration/user_creation_test.rb b/test/integration/user_creation_test.rb
index e6ac49e8d..e4ed23294 100644
--- a/test/integration/user_creation_test.rb
+++ b/test/integration/user_creation_test.rb
@@ -85,4 +85,44 @@ class UserCreationTest < ActionController::IntegrationTest
     # Submit the reset password token
     # Check that the password has changed, and the user can login
   end
+
+  def test_user_create_redirect
+    new_email = "redirect_tester@osm.org"
+    display_name = "redirect_tester"
+    password = "testtest"
+    # nothing special about this page, just need a protected page to redirect back to.
+    referer = "/traces/mine"
+    assert_difference('User.count') do
+      assert_difference('ActionMailer::Base.deliveries.size', 1) do
+        post_via_redirect "/user/save", 
+        {:user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :pass_crypt => password, :pass_crypt_confirmation => password}, :referer => referer }
+      end
+    end
+      
+    # Check the e-mail
+    register_email = ActionMailer::Base.deliveries.first
+    
+    assert_equal register_email.to[0], new_email
+    # Check that the confirm account url is correct
+    confirm_regex = Regexp.new("/user/confirm\\?confirm_string=([a-zA-Z0-9]*)")
+    assert_match(confirm_regex, register_email.body)
+    confirm_string = confirm_regex.match(register_email.body)[1]
+    
+    # Check the page
+    assert_response :success
+    assert_template 'login'
+    
+    ActionMailer::Base.deliveries.clear
+
+    # Go to the confirmation page
+    get 'user/confirm', { :confirm_string => confirm_string }
+    assert_response :success
+    assert_template 'user/confirm'
+
+    post 'user/confirm', { :confirm_string => confirm_string, :confirm_action => 'submit' }
+    assert_response :redirect
+    follow_redirect!
+    assert_response :success
+    assert_template "trace/mine"
+  end
 end
-- 
2.43.2


<%= t 'user.new.email address' %>	<%= text_field('user', 'email',{:size => 50, :maxlength => 255, :tabindex => 1}) %>
<%= t 'user.new.confirm email address' %>	<%= text_field('user', 'email_confirmation',{:size => 50, :maxlength => 255, :tabindex => 2}) %>