diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index fa530087e..5c4ecaf40 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -84,8 +84,9 @@ class AccountController < ApplicationController session[:auth_source_registration] = nil @user = User.new(:language => Setting.default_language) else + user_params = params[:user] || {} @user = User.new - @user.safe_attributes = params[:user] + @user.safe_attributes = user_params @user.admin = false @user.register if session[:auth_source_registration] @@ -100,7 +101,9 @@ class AccountController < ApplicationController end else @user.login = params[:user][:login] - @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] + unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank? + @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation] + end case Setting.self_registration when '1' diff --git a/test/functional/account_controller_openid_test.rb b/test/functional/account_controller_openid_test.rb index ccee3d256..12e15c52e 100644 --- a/test/functional/account_controller_openid_test.rb +++ b/test/functional/account_controller_openid_test.rb @@ -116,6 +116,42 @@ class AccountControllerTest < ActionController::TestCase assert_equal 'http://openid.example.com/good_user', assigns(:user)[:identity_url] end + def test_login_with_openid_with_new_user_with_missing_information_should_register + Setting.self_registration = '3' + + post :login, :openid_url => 'http://openid.example.com/good_blank_user' + assert_response :success + assert_template 'register' + assert assigns(:user) + assert_equal 'http://openid.example.com/good_blank_user', assigns(:user)[:identity_url] + + assert_select 'input[name=?]', 'user[login]' + assert_select 'input[name=?]', 'user[password]' + assert_select 'input[name=?]', 'user[password_confirmation]' + assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_blank_user' + end + + def test_register_after_login_failure_should_not_require_user_to_enter_a_password + Setting.self_registration = '3' + + assert_difference 'User.count' do + post :register, :user => { + :login => 'good_blank_user', + :password => '', + :password_confirmation => '', + :firstname => 'Cool', + :lastname => 'User', + :mail => 'user@somedomain.com', + :identity_url => 'http://openid.example.com/good_blank_user' + } + assert_response 302 + end + + user = User.first(:order => 'id DESC') + assert_equal 'http://openid.example.com/good_blank_user', user.identity_url + assert user.hashed_password.blank?, "Hashed password was #{user.hashed_password}" + end + def test_setting_openid_should_return_true_when_set_to_true assert_equal true, Setting.openid? end diff --git a/test/mocks/open_id_authentication_mock.rb b/test/mocks/open_id_authentication_mock.rb index 10d195e07..a7376e4ba 100644 --- a/test/mocks/open_id_authentication_mock.rb +++ b/test/mocks/open_id_authentication_mock.rb @@ -16,9 +16,10 @@ module OpenIdAuthentication def authenticate_with_open_id(identity_url = params[:openid_url], options = {}) #:doc: if User.find_by_identity_url(identity_url) || identity_url.include?('good') + extension_response_fields = {} + # Don't process registration fields unless it is requested. unless identity_url.include?('blank') || (options[:required].nil? && options[:optional].nil?) - extension_response_fields = {} options[:required].each do |field| extension_response_fields[field.to_s] = EXTENSION_FIELDS[field.to_s]