Fix steam registering

- Allow updating SteamID of previous profile easily via steam login
- Fix bug with empty profile
- Redirect on login error on steam id update
- Fix styles and spacing in register form

app/controllers/users_controller.rb

@@ -43,10 +43,15 @@ class UsersController < ApplicationController
   end
 
   def new
-    @user = User.new
+    unless session[:cached_user]&.blank?
+      @user = User.new(JSON.parse(session[:cached_user])) rescue nil
+      session.delete :cached_user
+    end
+    @user ||= User.new
     @user.profile = Profile.new
     @user.lastip = request.env['REMOTE_ADDR']
     @user.can_create? cuser
+    @user.preformat
   end
 
   def edit
@@ -63,6 +68,7 @@ class UsersController < ApplicationController
       redirect_to action: :show, id: @user.id
       save_session @user
     else
+      @user.preformat
       render :new
     end
   end
@@ -86,12 +92,28 @@ class UsersController < ApplicationController
   end
 
   def callback
-    @user = User.focfah(auth_hash, request.ip)
+    @user = User.find_or_build(auth_hash, request.ip)
-    login_user(@user)
+    unless @user and @user.is_a?(ActiveRecord::Base)
-    if @user.created_at > (Time.zone.now - 1.week)
+      flash[:error] = t(:users_callback_fail)
-      flash[:notice] << t(:users_signup_steam)
+      redirect_to_home
-      render :edit
+      return
+    end
+
+    # After steam validates SteamID, we know its right.
+    session[:verified_steamid] = @user.steamid
+
+    # Store user in session store
+    session[:cached_user] = @user.to_json
+
+    if @user.new_record?
+      # If user mistypes username and password, return to user creation page.
+      session[:return_to] = new_user_url(@user)
+
+      # if @user.created_at > (Time.zone.now - 1.week)
+      # flash[:notice] = t(:users_signup_steam)
+      render :new
     else
+      login_user(@user)
       return_back
     end
   end
@@ -134,9 +156,16 @@ class UsersController < ApplicationController
     if user.banned? Ban::TYPE_SITE
       flash[:error] = t(:accounts_locked)
     else
-      flash[:notice] = "%s (%s)" % [t(:login_successful), user.password_hash_s]
+      flash[:notice] = "%s" % [t(:login_successful)]
       # FIXME: this doesn't work because model is saved before
       flash[:notice] << " \n%s" % I18n.t(:password_md5_scrypt) if user.password_hash_changed?
+      if !session[:verified_steamid].blank? and \
+        user.steamid != session[:verified_steamid] and \
+        user.update_attribute(:steamid, session[:verified_steamid])
+          session[:return_to] = edit_user_path(user)
+          flash[:notice] << t(:users_steamid_update) % [user.steamid]
+          session.delete :verified_steamid
+      end
       save_session user
     end
   end

app/models/user.rb

@@ -258,6 +258,10 @@ class User < ActiveRecord::Base
     team ? teamers.active.of_team(team).first : nil
   end
 
+  def preformat
+    self.email = "" if self.email.include?("@ensl.org")
+  end
+
   def banned? type = Ban::TYPE_SITE
     bans.effective.where(ban_type: type).count > 0
   end
@@ -353,7 +357,7 @@ class User < ActiveRecord::Base
       generate_password
     end
     unless profile&.present?
-      self.profile = Profile.new
+      self.build_profile
     end
   end
 
@@ -516,7 +520,7 @@ class User < ActiveRecord::Base
     params.require(:user).permit(*allowed)
   end
 
-  def self.focfah(auth_hash, lastip)
+  def self.find_or_build(auth_hash, lastip)
     return nil unless auth_hash&.include?(:provider)
     case auth_hash[:provider]
     when 'steam'
@@ -526,11 +530,11 @@ class User < ActiveRecord::Base
       unless user
         user = User.new(username: auth_hash[:info][:nickname], lastip: lastip, fullname: auth_hash[:info][:name], steamid: steamid)
         user.fix_attributes
+        user.build_profile
         # TODO: user make valid by force
         # user.profile.country
         # get profile picture, :image
         # This really shouldn't fail.
-        user.save!
       end
       return user
     end

app/views/users/new.html.erb

@@ -1,50 +1,71 @@
 <div id="registration">
   <h1>Registration</h1>
 
+  <% if session[:verified_steamid] %>
+    <div class="horizontal fields">
+      Your SteamID (<strong><%= session[:verified_steamid] %></strong>) does not have an existing account. You can easily finish creating Steam-linked account here.
+      Before doing so, please check you do not already have an account. If you do, click here and type username and password below. You can look
+      look for your account <%= link_to "here", users_path, target: "_blank" %>.
+    </div>
+
+    <%= form_tag(users_login_path(), { class: 'square' }) do %>
+      <div class="horizontal fields ">
+        <%= text_field "login", "username", placeholder: "Username" %>
+        <%= password_field "login", "password", placeholder: "Password" %>
+      </div>
+      <div class="buttons">
+        <%= submit_tag t('helpers.submit.user.login'), class: "button" %>
+      </div>
+    <% end %>
+  <% end %>
+
   <%= form_for @user, html: { class: "square" } do |f| %>
     <%= render 'shared/errors', messages: @user.errors.full_messages %>
-
+    <% unless session[:verified_steamid] %>
-    <div class="fields">
+      <div class="horizontal fields">
-      <div class="horizontal text-field">
       <%= link_to "Create your account via Steam", "/auth/steam", method: :POST %>
       </div>
-      <div class="horizontal text-field">
+    <% end %>
-        <%= f.label :username %>
+    <div class="horizontal fields">
-        <%= f.text_field :username %>
+      <%= f.label :username %>
-      </div>
+      <%= f.text_field :username %>
-      <div class="horizontal text-field">
+    </div>
-        Pick unique nickname for yourself.
+    <div class="horizontal fields">
-      </div>
+      Pick unique nickname for yourself.
-      <div class="horizontal text-field">
+    </div>
+    <% unless session[:verified_steamid] %>
+      <div class="horizontal fields">
         <%= f.label :raw_password, "Password" %>
         <%= f.password_field :raw_password %>
       </div>
-      <div class="horizontal text-field">
+      <div class="horizontal fields">
         Please don't use same password as any important place.
       </div>
-      <div class="horizontal text-field">
+    <% end %>
-        <%= f.label :email %>
+    <div class="horizontal fields">
-        <%= f.text_field :email %>
+      <%= f.label :email %>
-      </div>
+      <%= f.text_field :email %>
-      <div class="horizontal text-field">
+    </div>
-        The email is needed to reset password, verify identity and send account related emails. We don't send spam or sell your email. By default the email is private and only seen by admins.
+    <div class="horizontal fields">
-      </div>
+      The email is needed to reset password, verify identity and send account related emails. We don't send spam or give your email to third parties. By default the email is private and only seen by admins.
-      <div class="horizontal text-field">
+    </div>
-        <%= f.label :steamid %>
+    <div class="horizontal fields">
-        <%= f.text_field :steamid, placeholder: "0:1:23456789" %>
+      <%= f.label :steamid %>
-      </div>
+      <%= f.text_field :steamid, placeholder: "0:1:23456789" %>
-      <div class="horizontal text-field">
+    </div>
+    <% unless session[:verified_steamid] %>
+      <div class="horizontal fields">
         You can use <%= link_to "this tool", steamid_tool %> or
         <%= link_to "this web page", 'https://steamidfinder.com/' %>
         to find your SteamID. We need the steam id to identify unique players. If you use fake one, some things on website might be broken.
       </div>
-      <div class="horizontal">
+    <% end %>
-        <%= f.label :birthdate %>
+    <div class="horizontal fields">
-        <%= date_select :user, :birthdate, order: [:year, :month, :day], start_year: 1950, include_blank: true, default: nil %>
+      <%= f.label :birthdate %>
-      </div>
+      <%= date_select :user, :birthdate, order: [:year, :month, :day], start_year: 1950, include_blank: true, default: nil %>
-      <div class="horizontal text-field">
+    </div>
-        Only needed for fun stats (age etc.). You don't need to give valid one.
+    <div class="horizontal fields">
-      </div>
+      Only needed for fun stats (age etc.). Leave blank if you don't want to give one.
     </div>
     <div class="controls submit-field">
       <%= f.submit "Register" %>  

app/views/widgets/_login.html.erb

@@ -1,8 +1,10 @@
 <%= form_tag({ controller: "users", action: "login" }, { class: 'dark' }) do %>
   <div class="fields">
-    <%= link_to "/auth/steam", method: :POST do %>
+    <div class="steam">
-      <%= image_tag '/images/icons/steam_login.png' %>
+      <%= link_to "/auth/steam", method: :POST do %>
-    <% end %>
+        <%= image_tag '/images/icons/steam_login.png' %>
+      <% end %>
+    </div>
     <%= text_field "login", "username", placeholder: "Username" %>
     <%= password_field "login", "password", placeholder: "Password" %>
   </div>

config/locales/en.yml

@@ -91,6 +91,7 @@ en:
   weeks_update: "Week was successfully updated."
   votes_success: "Voted successfully."
   users_signup_steam: "You have created an account via steam, please update your user details."
+  users_steamid_update: "Your SteamID has been updated to %s. You can log in via Steam now."
   error: "error"
   prohibited: "prohibited"
   news: