diff --git a/gratipay/models/__init__.py b/gratipay/models/__init__.py index eef0010e1d..94242806e8 100644 --- a/gratipay/models/__init__.py +++ b/gratipay/models/__init__.py @@ -171,15 +171,16 @@ def _check_no_team_balances(cursor): def _check_orphans(cursor): """ - Finds participants that - * do not have a verified email address (i.e. did not signup via email) - * do not have corresponding elsewhere account - * have not been absorbed by other participant - - These are broken because participants without an email attached arise from - elsewhere (signup via third-party providers), and elsewhere is detached - only by take over which makes a note in absorptions if it removes the last - elsewhere account. + Finds participants that: + + * do not have a verified email address (i.e. did not signup via email), + * do not have a corresponding elsewhere account, and + * have not been absorbed by another participant. + + These are broken because new participants are only ever created with either + an email address or an account on another platform, and email/elsewhere is + detached only by take_over which makes a note in absorptions if it removes + the last email/elsewhere account. Especially bad case is when also claimed_time is set because there must have been elsewhere account attached and used to sign in. diff --git a/gratipay/models/participant/__init__.py b/gratipay/models/participant/__init__.py index 57de0fc07f..f02a9fef7b 100644 --- a/gratipay/models/participant/__init__.py +++ b/gratipay/models/participant/__init__.py @@ -520,9 +520,9 @@ def delete_elsewhere(self, platform, user_id): with self.db.get_cursor() as c: accounts = self.get_elsewhere_logins(c) - # A user who signed up via a third-party provider might not have - # and email attached. They must maintain at least one elsewhere - # account until they provide an email. + # A user who signed up via a third-party provider might not have an + # email attached. They must maintain at least one elsewhere account + # until they provide an email. assert self.email_address or (len(accounts) > 0) is_last = len(accounts) == 1 and accounts[0] == (platform, user_id) diff --git a/gratipay/security/authentication/__init__.py b/gratipay/security/authentication/__init__.py index d02742db1b..3cbbe5fc5b 100644 --- a/gratipay/security/authentication/__init__.py +++ b/gratipay/security/authentication/__init__.py @@ -1,4 +1,3 @@ """Gratipay authentication module. """ - from __future__ import absolute_import, division, print_function, unicode_literals diff --git a/gratipay/security/authentication/website_helpers.py b/gratipay/security/authentication/website_helpers.py index 80801f8b7b..fe3ff21ada 100644 --- a/gratipay/security/authentication/website_helpers.py +++ b/gratipay/security/authentication/website_helpers.py @@ -9,8 +9,10 @@ from gratipay.security.crypto import constant_time_compare from gratipay.security.user import User, SESSION + ANON = User() + def _get_user_via_api_key(api_key): """Given an api_key, return a User. This auth method is deprecated. """ @@ -26,6 +28,7 @@ def _get_user_via_api_key(api_key): """, (today, p.id)) return user + def _get_user_via_basic_auth(auth_header): """Given a basic auth header, return a User object. """ @@ -48,6 +51,7 @@ def _get_user_via_basic_auth(auth_header): raise Response(401) return user + def _turn_off_csrf(request): """Given a request, short-circuit CSRF. """ @@ -55,6 +59,13 @@ def _turn_off_csrf(request): request.headers.cookie['csrf_token'] = csrf_token request.headers['X-CSRF-TOKEN'] = csrf_token + +def start_user_as_anon(): + """Make sure we always have a user object, regardless of exceptions during authentication. + """ + return {'user': ANON} + + def authenticate_user_if_possible(request, user): """This signs the user in. """ @@ -71,6 +82,7 @@ def authenticate_user_if_possible(request, user): user = User.from_session_token(token) return {'user': user} + def add_auth_to_response(response, request=None, user=ANON): if request is None: return # early parsing must've failed @@ -80,8 +92,3 @@ def add_auth_to_response(response, request=None, user=ANON): if SESSION in request.headers.cookie: if not user.ANON: user.keep_signed_in(response.headers.cookie) - -def start_user_as_anon(): - """Make sure we always have a user object, regardless of exceptions during authentication. - """ - return {'user': ANON} diff --git a/templates/sign-in-modal.html b/templates/sign-in-modal.html index 7f60e4da7a..3403b7c83e 100644 --- a/templates/sign-in-modal.html +++ b/templates/sign-in-modal.html @@ -27,9 +27,9 @@

- {{ _('Enter your email to sign-in or create an account on Gratipay') }} + data-sign-in-to-continue="{{ _('Enter your email to sign in to Gratipay') }}" + data-sign-in-or-sign-up="{{ _('Enter your email to sign in or create an account on Gratipay') }}"> + {{ _('Enter your email to sign in or create an account on Gratipay') }}

diff --git a/www/auth/signup.json.spt b/www/auth/signup.json.spt index 6d87949863..e9d14b5715 100644 --- a/www/auth/signup.json.spt +++ b/www/auth/signup.json.spt @@ -44,4 +44,4 @@ else: raise Response(400, _('This link is invalid.')) [---] application/json -{'message': _('Account created! Signing you in...')} +{'message': _('Account created! Signing you in ...')}