Fixed: Openid registration form should not require user to enter password (#11331).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9929 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/controllers/account_controller.rb

@@ -84,8 +84,9 @@ class AccountController < ApplicationController
       session[:auth_source_registration] = nil
       @user = User.new(:language => Setting.default_language)
     else
+      user_params = params[:user] || {}
       @user = User.new
-      @user.safe_attributes = params[:user]
+      @user.safe_attributes = user_params
       @user.admin = false
       @user.register
       if session[:auth_source_registration]
@@ -100,7 +101,9 @@ class AccountController < ApplicationController
         end
       else
         @user.login = params[:user][:login]
-        @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
+        unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
+          @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
+        end
 
         case Setting.self_registration
         when '1'

test/functional/account_controller_openid_test.rb

@@ -116,6 +116,42 @@ class AccountControllerTest < ActionController::TestCase
       assert_equal 'http://openid.example.com/good_user', assigns(:user)[:identity_url]
     end
   
+    def test_login_with_openid_with_new_user_with_missing_information_should_register
+      Setting.self_registration = '3'
+  
+      post :login, :openid_url => 'http://openid.example.com/good_blank_user'
+      assert_response :success
+      assert_template 'register'
+      assert assigns(:user)
+      assert_equal 'http://openid.example.com/good_blank_user', assigns(:user)[:identity_url]
+
+      assert_select 'input[name=?]', 'user[login]'
+      assert_select 'input[name=?]', 'user[password]'
+      assert_select 'input[name=?]', 'user[password_confirmation]'
+      assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_blank_user'
+    end
+
+    def test_register_after_login_failure_should_not_require_user_to_enter_a_password
+      Setting.self_registration = '3'
+
+      assert_difference 'User.count' do
+        post :register, :user => {
+          :login => 'good_blank_user',
+          :password => '',
+          :password_confirmation => '',
+          :firstname => 'Cool',
+          :lastname => 'User',
+          :mail => 'user@somedomain.com',
+          :identity_url => 'http://openid.example.com/good_blank_user'
+        }
+        assert_response 302
+      end
+
+      user = User.first(:order => 'id DESC')
+      assert_equal 'http://openid.example.com/good_blank_user', user.identity_url
+      assert user.hashed_password.blank?, "Hashed password was #{user.hashed_password}"
+    end
+
     def test_setting_openid_should_return_true_when_set_to_true
       assert_equal true, Setting.openid?
     end

test/mocks/open_id_authentication_mock.rb

@@ -16,9 +16,10 @@ module OpenIdAuthentication
 
     def authenticate_with_open_id(identity_url = params[:openid_url], options = {}) #:doc:
       if User.find_by_identity_url(identity_url) || identity_url.include?('good')
+        extension_response_fields = {}
+
         # Don't process registration fields unless it is requested.
         unless identity_url.include?('blank') || (options[:required].nil? && options[:optional].nil?)
-          extension_response_fields = {}
 
           options[:required].each do |field|
             extension_response_fields[field.to_s] = EXTENSION_FIELDS[field.to_s]