0
@@ -1,16 +1,15 @@
0
 # This controller handles the login/logout function of the site.  
0
 class SessionsController < ApplicationController
0
+  include OpenidSystem
0
   
0
   # render new.rhtml
0
   def new
0
   end
0
 
0
-  def create
0
-    if using_open_id?
0
-      open_id_authentication
0
-    elsif params[:email]
0
-      password_authentication(params[:email], params[:password])
0
-    end
0
+  # OpenID system will delegate to this when we are using standard login.
0
+  # Otherwise it will login the user using OpenID
0
+  def normal_create
0
+    password_authentication(params[:email], params[:password])
0
   end
0
 
0
   def destroy
0
@@ -21,8 +20,7 @@ class SessionsController < ApplicationController
0
     redirect_back_or_default root_path
0
   end
0
   
0
-  protected
0
-  
0
+  private  
0
     def password_authentication(login, password)
0
       self.current_user = User.authenticate(params[:email], params[:password])
0
       if logged_in?
0
@@ -35,30 +33,4 @@ class SessionsController < ApplicationController
0
         failed_login "Invalid login or password"
0
       end
0
     end
0
-
0
-    def open_id_authentication
0
-      authenticate_with_open_id do |result, identity_url|
0
-        if result.successful?
0
-          if self.current_user = User.find_or_create_by_identity_url(identity_url)
0
-            successful_login
0
-          else
0
-            failed_login "Sorry, no user by that identity URL exists (#{identity_url})"
0
-          end
0
-        else
0
-          failed_login result.message
0
-        end
0
-      end
0
-    end
0
-  
0
-  private
0
- 
0
-    def successful_login
0
-      flash[:notice] = "Logged in successfully"
0
-      redirect_back_or_default root_path
0
-    end
0
-
0
-    def failed_login(message)
0
-      flash[:warning] = message
0
-      redirect_to login_path
0
-    end
0
 end

0
@@ -1,26 +1,26 @@
0
 class UsersController < ApplicationController
0
+  include OpenidSystem
0
+  
0
   before_filter :login_required, :only => [:edit, :update]
0
   before_filter :find_user, :only => [:edit, :update]
0
   
0
   # render new.rhtml
0
   def new
0
-    @user = flash[:user] || User.new
0
+    @user = User.new(params[:user])
0
+    @user.valid? if params[:user]
0
   end
0
 
0
-  def create
0
+  # OpenID system will delegate to this when we are using standard signup.
0
+  # Otherwise it will create the user using OpenID
0
+  def normal_create
0
     cookies.delete :auth_token
0
-    # protects against session fixation attacks, wreaks havoc with 
0
-    # request forgery protection.
0
-    # uncomment at your own risk
0
-    # reset_session
0
     @user = User.new(params[:user])
0
     if @user.save
0
       self.current_user = @user
0
       redirect_back_or_default('/')
0
       flash[:notice] = "Thanks for signing up!"
0
     else
0
-      flash[:user] = @user 
0
-      redirect_to :action => 'new'
0
+      render :action => 'new'
0
     end
0
   end
0
 
0
@@ -37,7 +37,7 @@ class UsersController < ApplicationController
0
   end
0
   
0
   def edit
0
-    @user = flash[:user] || current_user
0
+    @user = current_user
0
   end
0
   
0
   def update
0
@@ -47,8 +47,7 @@ class UsersController < ApplicationController
0
       flash[:notice] = "Your account has been updated."
0
       redirect_to root_path
0
     else
0
-      flash[:user] = @user 
0
-      redirect_to edit_user_path(@user)
0
+      render :action => 'edit'
0
     end
0
   end
0
   
0
@@ -57,7 +56,6 @@ class UsersController < ApplicationController
0
       # we don't want people trying to edit others records
0
       unless current_user.id == params[:id].to_i
0
         flash[:warning] = "We couldn't find what you were looking for."
0
-        puts 'redirecting'
0
         redirect_to root_path
0
       end
0
     end

0
@@ -11,4 +11,13 @@ module ApplicationHelper
0
     # Return the HTML to render
0
     flash_type ? content_tag(:div, flash[flash_type], :id => "flash", :class => "flash #{flash_type.to_s}") : ""
0
   end
0
+  
0
+  def error_message_on(object, method, prepend_text = "", append_text = "", css_class = "formError")
0
+    if (obj = (object.respond_to?(:errors) ? object : instance_variable_get("@#{object}"))) &&
0
+      (errors = obj.errors.on(method))
0
+      content_tag("span", "#{prepend_text}#{errors.is_a?(Array) ? errors.first : errors}#{append_text}", :class => css_class)
0
+    else 
0
+      ''
0
+    end
0
+  end
0
 end

0
@@ -1,4 +1,20 @@
0
 class User < ActiveRecord::Base
0
   acts_as_authentable
0
-    
0
+  
0
+  has_many     :user_openids
0
+  after_create :make_openid
0
+  
0
+  def self.find_by_identity_url(openid_url)
0
+    user_openid = UserOpenid.find_by_openid_url(openid_url, :include => :user)
0
+    user_openid.nil? ? nil : user_openid.user
0
+  end
0
+  
0
+  protected
0
+    def not_openid?
0
+      identity_url.blank? && user_openids.count == 0
0
+    end
0
+  
0
+    def make_openid
0
+      self.user_openids.create(:openid_url => identity_url) unless identity_url.blank?
0
+    end
0
 end

0
@@ -3,19 +3,7 @@
0
               
0
 <%= page_title 'User Login' %>
0
 
0
-<div id="openid-login">
0
-  <% form_tag session_path do -%>
0
-    <p>
0
-      <label for="openid_url">OpenID</label><br/>
0
-      <%= text_field_tag 'openid_url' %> 
0
-    </p>
0
-
0
-    <p class="buttons clearfix">
0
-      <%= pretty_positive_button 'Log in with OpenID', :icon_path => 'icons/key.gif' %>
0
-      <%= pretty_negative_button_link 'Cancel', root_path %>
0
-    </p>
0
-  <% end -%>
0
-</div>
0
+<%= render :partial => 'openid_login' %>
0
 
0
 <div id="regular-login">
0
   <% form_tag session_path do -%>

0
@@ -16,6 +16,8 @@
0
     <%= f.text_field :email %>
0
   </p>
0
 
0
+  <%= render :partial => 'user_openids' %>
0
+
0
   <p>
0
     <label for="password">Password</label><br/>
0
     <%= f.password_field :password %>

0
@@ -3,28 +3,43 @@
0
               
0
 <%= page_title 'User Signup' %>
0
 
0
-<%= error_messages_for :user %>
0
 <div id="regular-signup">
0
   <% form_for @user do |f| -%>
0
     <p>
0
-      <label for="username">Username</label><br/>
0
+      <label for="username">Username</label> <%= error_message_on @user, :username %><br/>
0
       <%= f.text_field :username %>
0
     </p>
0
 
0
     <p>
0
-      <label for="email">Email</label><br/>
0
+      <label for="email">Email</label> <%= error_message_on @user, :email %><br/>
0
       <%= f.text_field :email %>
0
     </p>
0
 
0
-    <p>
0
-      <label for="password">Password</label><br/>
0
-      <%= f.password_field :password %>
0
-    </p>
0
+    <% if @user.nil? || @user.identity_url.blank? %>
0
+      <p>
0
+        <label for="password">Password</label> <%= error_message_on @user, :password %><br/>
0
+        <%= f.password_field :password %>
0
+      </p>
0
 
0
-    <p>
0
-      <label for="password_confirmation">Confirm Password</label><br/>
0
-      <%= f.password_field :password_confirmation %>
0
-    </p>
0
+      <p>
0
+        <label for="password_confirmation">Confirm Password</label><br/>
0
+        <%= f.password_field :password_confirmation %>
0
+      </p>
0
+    
0
+      <p>
0
+        ...or use:
0
+      </p>
0
+
0
+      <p>
0
+        <label for="openid_url">OpenID:</label>
0
+        <%= text_field_tag "openid_url" %>
0
+      </p>
0
+    <% else %>
0
+      <p>
0
+        <label for="user_identity_url">OpenID</label><br/>
0
+        <%= f.text_field :identity_url, :readonly => true %>
0
+      </p>
0
+    <% end %>
0
 
0
     <p class="buttons clearfix">
0
       <%= pretty_positive_button 'Sign up' %>
0
@@ -34,6 +49,6 @@
0
 </div>
0
 
0
 <p>
0
-  Already have an account or <span id="openid_url">OpenID</span>? <%= link_to 'Login now', login_path %><br />
0
+  Already have an account? <%= link_to 'Login now', login_path %><br />
0
   <%= link_to 'Forgot your password?', forgot_password_path %>
0
 </p>

0
@@ -28,3 +28,5 @@ Rails::Initializer.run do |config|
0
 end
0
 
0
 require 'fixture_replacement/extensions/string'
0
+
0
+ActionView::Base.field_error_proc = Proc.new {|html_tag, instance|  %(<span class="fieldWithErrors">#{html_tag}</span>)}

0
@@ -1,13 +1,15 @@
0
 ActionController::Routing::Routes.draw do |map|
0
-  map.root                                :controller => 'welcome',  :action => 'index'
0
-  map.signup           'signup',          :controller => 'users',    :action => 'new'
0
-  map.activation       'activate',        :controller => 'users',    :action => 'activate'
0
-  map.login            'login',           :controller => 'sessions', :action => 'new'
0
-  map.logout           'logout',          :controller => 'sessions', :action => 'destroy'
0
-  map.forgot_password  'forgot_password', :controller => 'users',    :action => 'forgot_password'
0
-  map.open_id_complete 'session',         :controller => "sessions", :action => "create", :requirements => { :method => :get }
0
+  map.root                                    :controller => 'welcome',  :action => 'index'
0
+  map.signup               'signup',          :controller => 'users',    :action => 'new'
0
+  map.activation           'activate',        :controller => 'users',    :action => 'activate'
0
+  map.login                'login',           :controller => 'sessions', :action => 'new'
0
+  map.logout               'logout',          :controller => 'sessions', :action => 'destroy'
0
+  map.forgot_password      'forgot_password', :controller => 'users',    :action => 'forgot_password'
0
+  map.open_id_complete     'session',         :controller => "sessions", :action => "create", :requirements => { :method => :get }
0
   
0
-  map.resources :users
0
+  map.resources :users do |user|
0
+    user.resources :openids, :collection => {:create => :get}
0
+  end
0
   map.resource  :session
0
 
0
   # Install the default routes as the lowest priority.

0
@@ -9,4 +9,9 @@ module FixtureReplacement
0
     # a.password              = password
0
     # a.password_confirmation = password
0
   end
0
+	
0
+  attributes_for :user_openid do |a|
0
+    a.user = default_user
0
+    a.openid_url = "http://user.myopenid.com"
0
+  end	
0
 end
0
\ No newline at end of file

0
@@ -9,7 +9,7 @@
0
 #
0
 # It's strongly recommended to check this file into your version control system.
0
 
0
-ActiveRecord::Schema.define(:version => 2) do
0
+ActiveRecord::Schema.define(:version => 3) do
0
 
0
   create_table "open_id_authentication_associations", :force => true do |t|
0
     t.integer "issued"
0
@@ -26,6 +26,13 @@ ActiveRecord::Schema.define(:version => 2) do
0
     t.string  "salt",       :default => "", :null => false
0
   end
0
 
0
+  create_table "user_openids", :force => true do |t|
0
+    t.string   "openid_url"
0
+    t.integer  "user_id"
0
+    t.datetime "created_at"
0
+    t.datetime "updated_at"
0
+  end
0
+
0
   create_table "users", :force => true do |t|
0
     t.string   "username"
0
     t.string   "email"

0
@@ -10,12 +10,13 @@ module AuthentableEntity
0
       # Virtual attribute for the unencrypted password.
0
       attr_accessor :password
0
 
0
-      validates_presence_of   :username, :if => :not_openid?
0
-      validates_length_of     :username, :within => 3..40, :if => :not_openid?
0
-      validates_uniqueness_of :username, :case_sensitive => false, :allow_nil => true
0
+      validates_presence_of   :username
0
+      validates_length_of     :username, :within => 3..40
0
+      validates_uniqueness_of :username, :case_sensitive => false, :allow_nil => true, :message => 'is already taken; sorry!'
0
 
0
       validates_presence_of   :email, :if => :not_openid?
0
-      validates_uniqueness_of :email, :case_sensitive => false, :allow_nil => true
0
+      validates_length_of     :email, :within => 3..40, :if => :not_openid?
0
+      validates_uniqueness_of :email, :case_sensitive => false, :allow_nil => true, :message => 'is already being used; do you already have an account?'
0
 
0
       with_options :if => :password_required? do |new_password|
0
         new_password.validates_presence_of     :password
0
@@ -27,7 +28,7 @@ module AuthentableEntity
0
       before_save   :encrypt_password
0
       
0
       # Prevents users from submitting crafted forms that bypasses activation.
0
-      attr_accessible :username, :email, :password, :password_confirmation
0
+      attr_accessible :username, :email, :password, :password_confirmation, :identity_url
0
 
0
       extend ClassMethods
0
     end
0
@@ -94,7 +95,7 @@ module AuthentableEntity
0
     end
0
 
0
     def not_openid?
0
-      identity_url.blank?
0
+      true
0
     end
0
     
0
     def generate_token

0
@@ -1,4 +1,4 @@
0
 #openid_url {
0
-  background: url(/images/login-bg.gif) no-repeat #FFF 5px;
0
+  background: url(/images/openid.gif) no-repeat #FFF 5px;
0
   padding-left: 25px;
0
 }
0
\ No newline at end of file

0
@@ -25,13 +25,7 @@ describe "Creating a user (POST /users)", ActionController::TestCase  do
0
   it "should redirect to signup when user cannot be saved" do
0
     User.any_instance.stubs(:save).returns(false)
0
     post :create, :user => { }
0
-    should.redirect_to signup_path
0
-  end
0
-
0
-  it "should include user in flash when user cannot be saved" do
0
-    User.any_instance.stubs(:save).returns(false)
0
-    post :create, :user => { }
0
-    flash[:user].should.not.be.nil
0
+    template.should.be 'new'
0
   end
0
 
0
   it "should create user" do
0
@@ -110,16 +104,7 @@ describe "Updating an account (PUT /users/:id)", ActionController::TestCase do
0
     login_as user
0
     
0
     put :update, :id => user.id
0
-    should.redirect_to edit_user_path(user)
0
-  end
0
-
0
-  it "should include user in flash when the user cannot be saved" do
0
-    User.any_instance.stubs(:save).returns(false)
0
-    user = create_user
0
-    login_as user
0
-    
0
-    put :update, :id => user.id
0
-    flash[:user].should.not.be.nil
0
+    template.should.be 'edit'
0
   end
0
 
0
   it "should redirect to the root path when the user is updated" do