[openstreetmap/openstreetmap-website] Re-arrange login and signup screens as discussed in #4128 (PR #4455)

[Milan Cvetkovic]

@milan-cvetkovic commented on this pull request.



> @@ -101,14 +107,9 @@ def create
       if current_user.invalid?
         # Something is wrong with a new user, so rerender the form
         render :action => "new"
-      elsif current_user.auth_provider.present?
-        # Verify external authenticator before moving on
-        session[:new_user] = current_user.slice("email", "display_name", "pass_crypt", "pass_crypt_confirmation")

> > They would still have to click on "Sign up"
> 
> Yes, but right after that the user is written to the db with arbitrary auth_provider. That happens before any further confirmation.

Correct. This is pretty much same as if user is created by regular "signup" screen, before they confirm the email address. The only difference is that there is arbitrary, not usable, value of `auth_provider`, and the user does not know the password assigned to them.

I removed the extra round trip after @tomhuges suggestion here: https://github.com/openstreetmap/openstreetmap-website/pull/4455#discussion_r1443987257.

Having a user with bogus value of `auth_provider` does not hurt OSM web site. While the user cannot use the bogus value that they manually entered, they can use the account by username/password after resetting the password. Since there is a manual action required to actually create the user record, there is no danger of bulk creation of user accounts this way, more than it is possible today.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4455#discussion_r1575094998
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4455/review/2015359554 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240422/b0f6ef69/attachment.htm>