[openstreetmap/openstreetmap-website] Re-arrange login and signup screens as discussed in #4128 (PR #4455)

[Milan Cvetkovic]

@milan-cvetkovic commented on this pull request.



>          # Something is wrong with a new user, so rerender the form
-        render :action => "new"
-      elsif current_user.auth_provider.present?
+        render :action => "new_association"
+      else
         # Verify external authenticator before moving on
         session[:new_user] = current_user.attributes.slice("email", "display_name", "pass_crypt", "consider_pd")
         redirect_to auth_url(current_user.auth_provider, current_user.auth_uid), :status => :temporary_redirect

I have re-arranged the code to avoid round-trip to the provider, and redirect to new-association instead. I also removed the use of `session[:new_user]`, since all the info from 3rd party provider is already present when rendering the page. In order to prevent users from tempering the email address received from provider, I pass around sha256 hmac instead of storing it in `session[:new_user]["verified_email"]`.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/4455#discussion_r1448657852
You are receiving this because you are subscribed to this thread.

Message ID: <openstreetmap/openstreetmap-website/pull/4455/review/1815241602 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20240111/2645b1ae/attachment.htm>