Merge remote-tracking branch 'upstream/pull/3147'

2021-03-24 15:32:16 +00:00 · 2021-03-24 15:32:16 +00:00 · 0bdc865d9f
commit 0bdc865d9f
parent a512392e6c 9fd96cfb87
17 changed files with 365 additions and 323 deletions
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -155,6 +155,7 @@ Rails/NotNullColumn:
 # Offense count: 8
 Rails/OutputSafety:
  Exclude:
    - 'app/controllers/sessions_controller.rb'
    - 'app/controllers/users_controller.rb'
    - 'app/helpers/application_helper.rb'
    - 'lib/rich_text.rb'
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@ -19,8 +19,9 @@ class Ability
      can [:index, :rss, :show, :comments], DiaryEntry
      can [:index], Note
      can [:index, :show], Redaction
      can [:new, :create, :destroy], :session
      can [:index, :show, :data, :georss, :picture, :icon], Trace
-      can [:terms, :login, :logout, :new, :create, :save, :confirm, :confirm_resend, :confirm_email, :lost_password, :reset_password, :show, :auth_success, :auth_failure], User
+      can [:terms, :new, :create, :save, :confirm, :confirm_resend, :confirm_email, :lost_password, :reset_password, :show, :auth_success, :auth_failure], User
      can [:index, :show, :blocks_on, :blocks_by], UserBlock
      can [:index, :show], Node
      can [:index, :show, :full, :ways_for_node], Way
--- a/app/controllers/concerns/session_methods.rb
+++ b/app/controllers/concerns/session_methods.rb
@ -0,0 +1,98 @@
 module SessionMethods
  extend ActiveSupport::Concern
  private
  ##
  # return the URL to use for authentication
  def auth_url(provider, uid, referer = nil)
    params = { :provider => provider }
    params[:openid_url] = openid_expand_url(uid) if provider == "openid"
    if referer.nil?
      params[:origin] = request.path
    else
      params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}"
      params[:referer] = referer
    end
    auth_path(params)
  end
  ##
  # special case some common OpenID providers by applying heuristics to
  # try and come up with the correct URL based on what the user entered
  def openid_expand_url(openid_url)
    if openid_url.nil?
      nil
    elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$})
      # Special case gmail.com as it is potentially a popular OpenID
      # provider and, unlike yahoo.com, where it works automatically, Google
      # have hidden their OpenID endpoint somewhere obscure this making it
      # somewhat less user friendly.
      "https://www.google.com/accounts/o8/id"
    else
      openid_url
    end
  end
  ##
  # process a successful login
  def successful_login(user, referer = nil)
    session[:user] = user.id
    session[:fingerprint] = user.fingerprint
    session_expires_after 28.days if session[:remember_me]
    target = referer || session[:referer] || url_for(:controller => :site, :action => :index)
    # The user is logged in, so decide where to send them:
    #
    # - If they haven't seen the contributor terms, send them there.
    # - If they have a block on them, show them that.
    # - If they were referred to the login, send them back there.
    # - Otherwise, send them to the home page.
    if !user.terms_seen
      redirect_to :controller => :users, :action => :terms, :referer => target
    elsif user.blocked_on_view
      redirect_to user.blocked_on_view, :referer => target
    else
      redirect_to target
    end
    session.delete(:remember_me)
    session.delete(:referer)
  end
  ##
  # process a failed login
  def failed_login(message, username = nil)
    flash[:error] = message
    redirect_to :action => "new", :referer => session[:referer],
                :username => username, :remember_me => session[:remember_me]
    session.delete(:remember_me)
    session.delete(:referer)
  end
  ##
  #
  def unconfirmed_login(user)
    session[:token] = user.tokens.create.token
    redirect_to :controller => "users", :action => "confirm", :display_name => user.display_name
    session.delete(:remember_me)
    session.delete(:referer)
  end
  ##
  #
  def disable_terms_redirect
    # this is necessary otherwise going to the user terms page, when
    # having not agreed already would cause an infinite redirect loop.
    # it's .now so that this doesn't propagate to other pages.
    flash.now[:skip_terms] = true
  end
 end
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -0,0 +1,59 @@
 class SessionsController < ApplicationController
  include SessionMethods
  layout "site"
  before_action :disable_terms_redirect, :only => [:destroy]
  before_action :require_cookies, :only => [:new]
  authorize_resource :class => false
  def new
    append_content_security_policy_directives(
      :form_action => %w[*]
    )
    session[:referer] = safe_referer(params[:referer]) if params[:referer]
  end
  def create
    session[:remember_me] ||= params[:remember_me]
    session[:referer] = safe_referer(params[:referer]) if params[:referer]
    password_authentication(params[:username], params[:password])
  end
  def destroy
    @title = t "sessions.destroy.title"
    if request.post?
      if session[:token]
        token = UserToken.find_by(:token => session[:token])
        token&.destroy
        session.delete(:token)
      end
      session.delete(:user)
      session_expires_automatically
      if params[:referer]
        redirect_to safe_referer(params[:referer])
      else
        redirect_to :controller => "site", :action => "index"
      end
    end
  end
  private
  ##
  # handle password authentication
  def password_authentication(username, password)
    if (user = User.authenticate(:username => username, :password => password))
      successful_login(user)
    elsif (user = User.authenticate(:username => username, :password => password, :pending => true))
      unconfirmed_login(user)
    elsif User.authenticate(:username => username, :password => password, :suspended => true)
      failed_login t("sessions.new.account is suspended", :webmaster => "mailto:#{Settings.support_email}").html_safe, username
    else
      failed_login t("sessions.new.auth failure"), username
    end
  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1,8 +1,10 @@
 class UsersController < ApplicationController
  include SessionMethods
  layout "site"
  skip_before_action :verify_authenticity_token, :only => [:auth_success]
-  before_action :disable_terms_redirect, :only => [:terms, :save, :logout]
+  before_action :disable_terms_redirect, :only => [:terms, :save]
  before_action :authorize_web
  before_action :set_locale
  before_action :check_database_readable
@ -11,7 +13,7 @@ class UsersController < ApplicationController
  before_action :require_self, :only => [:account]
  before_action :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public]
-  before_action :require_cookies, :only => [:new, :login, :confirm]
+  before_action :require_cookies, :only => [:new, :confirm]
  before_action :lookup_user_by_name, :only => [:set_status, :destroy]
  before_action :allow_thirdparty_images, :only => [:show, :account]
@ -269,38 +271,6 @@ class UsersController < ApplicationController
    end
  end
  def login
    append_content_security_policy_directives(
      :form_action => %w[*]
    )
    session[:referer] = safe_referer(params[:referer]) if params[:referer]
    if request.post?
      session[:remember_me] ||= params[:remember_me]
      password_authentication(params[:username], params[:password])
    end
  end
  def logout
    @title = t "users.logout.title"
    if request.post?
      if session[:token]
        token = UserToken.find_by(:token => session[:token])
        token&.destroy
        session.delete(:token)
      end
      session.delete(:user)
      session_expires_automatically
      if params[:referer]
        redirect_to safe_referer(params[:referer])
      else
        redirect_to :controller => "site", :action => "index"
      end
    end
  end
  def confirm
    if request.post?
      token = UserToken.find_by(:token => params[:confirm_string])
@ -514,93 +484,6 @@ class UsersController < ApplicationController
  private
  ##
  # handle password authentication
  def password_authentication(username, password)
    if user = User.authenticate(:username => username, :password => password)
      successful_login(user)
    elsif user = User.authenticate(:username => username, :password => password, :pending => true)
      unconfirmed_login(user)
    elsif User.authenticate(:username => username, :password => password, :suspended => true)
      failed_login t("users.login.account is suspended", :webmaster => "mailto:#{Settings.support_email}").html_safe, username
    else
      failed_login t("users.login.auth failure"), username
    end
  end
  ##
  # return the URL to use for authentication
  def auth_url(provider, uid, referer = nil)
    params = { :provider => provider }
    params[:openid_url] = openid_expand_url(uid) if provider == "openid"
    if referer.nil?
      params[:origin] = request.path
    else
      params[:origin] = "#{request.path}?referer=#{CGI.escape(referer)}"
      params[:referer] = referer
    end
    auth_path(params)
  end
  ##
  # special case some common OpenID providers by applying heuristics to
  # try and come up with the correct URL based on what the user entered
  def openid_expand_url(openid_url)
    if openid_url.nil?
      nil
    elsif openid_url.match(%r{(.*)gmail.com(/?)$}) || openid_url.match(%r{(.*)googlemail.com(/?)$})
      # Special case gmail.com as it is potentially a popular OpenID
      # provider and, unlike yahoo.com, where it works automatically, Google
      # have hidden their OpenID endpoint somewhere obscure this making it
      # somewhat less user friendly.
      "https://www.google.com/accounts/o8/id"
    else
      openid_url
    end
  end
  ##
  # process a successful login
  def successful_login(user, referer = nil)
    session[:user] = user.id
    session[:fingerprint] = user.fingerprint
    session_expires_after 28.days if session[:remember_me]
    target = referer || session[:referer] || url_for(:controller => :site, :action => :index)
    # The user is logged in, so decide where to send them:
    #
    # - If they haven't seen the contributor terms, send them there.
    # - If they have a block on them, show them that.
    # - If they were referred to the login, send them back there.
    # - Otherwise, send them to the home page.
    if !user.terms_seen
      redirect_to :action => :terms, :referer => target
    elsif user.blocked_on_view
      redirect_to user.blocked_on_view, :referer => target
    else
      redirect_to target
    end
    session.delete(:remember_me)
    session.delete(:referer)
  end
  ##
  # process a failed login
  def failed_login(message, username = nil)
    flash[:error] = message
    redirect_to :action => "login", :referer => session[:referer],
                :username => username, :remember_me => session[:remember_me]
    session.delete(:remember_me)
    session.delete(:referer)
  end
  ##
  #
  def unconfirmed_login(user)
@ -698,15 +581,6 @@ class UsersController < ApplicationController
    redirect_to :action => "view", :display_name => params[:display_name] unless @user
  end
  ##
  #
  def disable_terms_redirect
    # this is necessary otherwise going to the user terms page, when
    # having not agreed already would cause an infinite redirect loop.
    # it's .now so that this doesn't propagate to other pages.
    flash.now[:skip_terms] = true
  end
  ##
  # return permitted user parameters
  def user_params
--- a/app/helpers/user_helper.rb
+++ b/app/helpers/user_helper.rb
@ -53,16 +53,16 @@ module UserHelper
  # External authentication support
  def openid_logo
-    image_tag "openid_small.png", :alt => t("users.login.openid_logo_alt"), :class => "openid_logo"
+    image_tag "openid_small.png", :alt => t("sessions.new.openid_logo_alt"), :class => "openid_logo"
  end
  def auth_button(name, provider, options = {})
    link_to(
-      image_tag("#{name}.svg", :alt => t("users.login.auth_providers.#{name}.alt"), :class => "rounded-lg"),
+      image_tag("#{name}.svg", :alt => t("sessions.new.auth_providers.#{name}.alt"), :class => "rounded-lg"),
      auth_path(options.merge(:provider => provider)),
      :method => :post,
      :class => "auth_button",
-      :title => t("users.login.auth_providers.#{name}.title")
+      :title => t("sessions.new.auth_providers.#{name}.title")
    )
  end
--- a/app/views/sessions/destroy.html.erb
+++ b/app/views/sessions/destroy.html.erb
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -1586,6 +1586,59 @@ en:
      as_unread: "Message marked as unread"
    destroy:
      destroyed: "Message deleted"
  sessions:
    new:
      title: "Login"
      heading: "Login"
      email or username: "Email Address or Username:"
      password: "Password:"
      openid_html: "%{logo} OpenID:"
      remember: "Remember me"
      lost password link: "Lost your password?"
      login_button: "Login"
      register now: Register now
      with username: "Already have an OpenStreetMap account? Please login with your username and password:"
      with external: "Alternatively, use a third party to login:"
      new to osm: New to OpenStreetMap?
      to make changes: To make changes to the OpenStreetMap data, you must have an account.
      create account minute: Create an account. It only takes a minute.
      no account: Don't have an account?
      account not active: "Sorry, your account is not active yet.<br />Please use the link in the account confirmation email to activate your account, or <a href=\"%{reconfirm}\">request a new confirmation email</a>."
      account is suspended: Sorry, your account has been suspended due to suspicious activity.<br />Please contact the <a href="%{webmaster}">webmaster</a> if you wish to discuss this.
      auth failure: "Sorry, could not log in with those details."
      openid_logo_alt: "Log in with an OpenID"
      auth_providers:
        openid:
          title: Login with OpenID
          alt: Login with an OpenID URL
        google:
          title: Login with Google
          alt: Login with a Google OpenID
        facebook:
          title: Login with Facebook
          alt: Login with a Facebook Account
        windowslive:
          title: Login with Windows Live
          alt: Login with a Windows Live Account
        github:
          title: Login with GitHub
          alt: Login with a GitHub Account
        wikipedia:
          title: Login with Wikipedia
          alt: Login with a Wikipedia Account
        yahoo:
          title: Login with Yahoo
          alt: Login with a Yahoo OpenID
        wordpress:
          title: Login with Wordpress
          alt: Login with a Wordpress OpenID
        aol:
          title: Login with AOL
          alt: Login with an AOL OpenID
    destroy:
      title: "Logout"
      heading: "Logout from OpenStreetMap"
      logout_button: "Logout"
  shared:
    markdown_help:
      title_html: Parsed with <a href="https://kramdown.gettalong.org/quickref.html">kramdown</a>
@ -2221,58 +2274,6 @@ en:
    destroy:
      flash: "Destroyed the client application registration"
  users:
    login:
      title: "Login"
      heading: "Login"
      email or username: "Email Address or Username:"
      password: "Password:"
      openid_html: "%{logo} OpenID:"
      remember: "Remember me"
      lost password link: "Lost your password?"
      login_button: "Login"
      register now: Register now
      with username: "Already have an OpenStreetMap account? Please login with your username and password:"
      with external: "Alternatively, use a third party to login:"
      new to osm: New to OpenStreetMap?
      to make changes: To make changes to the OpenStreetMap data, you must have an account.
      create account minute: Create an account. It only takes a minute.
      no account: Don't have an account?
      account not active: "Sorry, your account is not active yet.<br />Please use the link in the account confirmation email to activate your account, or <a href=\"%{reconfirm}\">request a new confirmation email</a>."
      account is suspended: Sorry, your account has been suspended due to suspicious activity.<br />Please contact the <a href="%{webmaster}">webmaster</a> if you wish to discuss this.
      auth failure: "Sorry, could not log in with those details."
      openid_logo_alt: "Log in with an OpenID"
      auth_providers:
        openid:
          title: Login with OpenID
          alt: Login with an OpenID URL
        google:
          title: Login with Google
          alt: Login with a Google OpenID
        facebook:
          title: Login with Facebook
          alt: Login with a Facebook Account
        windowslive:
          title: Login with Windows Live
          alt: Login with a Windows Live Account
        github:
          title: Login with GitHub
          alt: Login with a GitHub Account
        wikipedia:
          title: Login with Wikipedia
          alt: Login with a Wikipedia Account
        yahoo:
          title: Login with Yahoo
          alt: Login with a Yahoo OpenID
        wordpress:
          title: Login with Wordpress
          alt: Login with a Wordpress OpenID
        aol:
          title: Login with AOL
          alt: Login with an AOL OpenID
    logout:
      title: "Logout"
      heading: "Logout from OpenStreetMap"
      logout_button: "Logout"
    lost_password:
      title: "Lost password"
      heading: "Forgotten Password?"
--- a/config/routes.rb
+++ b/config/routes.rb
@ -145,8 +145,9 @@ OpenStreetMap::Application.routes.draw do
  get "/history/feed" => "changesets#feed", :defaults => { :format => :atom }
  get "/history/comments/feed" => "changeset_comments#index", :as => :changesets_comments_feed, :defaults => { :format => "rss" }
  get "/export" => "site#export"
-  match "/login" => "users#login", :via => [:get, :post]
+  get "/login" => "sessions#new"
-  match "/logout" => "users#logout", :via => [:get, :post]
+  post "/login" => "sessions#create"
  match "/logout" => "sessions#destroy", :via => [:get, :post]
  get "/offline" => "site#offline"
  get "/key" => "site#key"
  get "/id" => "site#id"
--- a/test/controllers/sessions_controller_test.rb
+++ b/test/controllers/sessions_controller_test.rb
@ -0,0 +1,90 @@
 require "test_helper"
 class SessionsControllerTest < ActionDispatch::IntegrationTest
  ##
  # test all routes which lead to this controller
  def test_routes
    assert_routing(
      { :path => "/login", :method => :get },
      { :controller => "sessions", :action => "new" }
    )
    assert_routing(
      { :path => "/login", :method => :post },
      { :controller => "sessions", :action => "create" }
    )
    assert_recognizes(
      { :controller => "sessions", :action => "new", :format => "html" },
      { :path => "/login.html", :method => :get }
    )
    assert_routing(
      { :path => "/logout", :method => :get },
      { :controller => "sessions", :action => "destroy" }
    )
    assert_routing(
      { :path => "/logout", :method => :post },
      { :controller => "sessions", :action => "destroy" }
    )
    assert_recognizes(
      { :controller => "sessions", :action => "destroy", :format => "html" },
      { :path => "/logout.html", :method => :get }
    )
  end
  def test_login
    user = create(:user)
    get login_path
    assert_response :redirect
    assert_redirected_to login_path(:cookie_test => true)
    follow_redirect!
    assert_response :success
    assert_template "sessions/new"
    get login_path, :params => { :username => user.display_name, :password => "test" }
    assert_response :success
    assert_template "sessions/new"
    post login_path, :params => { :username => user.display_name, :password => "test" }
    assert_response :redirect
    assert_redirected_to root_path
  end
  def test_logout_without_referer
    post logout_path
    assert_response :redirect
    assert_redirected_to root_path
  end
  def test_logout_with_referer
    post logout_path, :params => { :referer => "/test" }
    assert_response :redirect
    assert_redirected_to "/test"
  end
  def test_logout_fallback_without_referer
    get logout_path
    assert_response :success
    assert_template "sessions/destroy"
    assert_select "input[name=referer]:not([value])"
  end
  def test_logout_fallback_with_referer
    get logout_path, :params => { :referer => "/test" }
    assert_response :success
    assert_template "sessions/destroy"
    assert_select "input[name=referer][value=?]", "/test"
  end
  def test_logout_removes_session_token
    user = build(:user, :pending)
    post user_new_path, :params => { :user => user.attributes }
    post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
    assert_difference "User.find_by(:email => user.email).tokens.count", -1 do
      post logout_path
    end
    assert_response :redirect
    assert_redirected_to root_path
  end
 end
--- a/test/controllers/users_controller_test.rb
+++ b/test/controllers/users_controller_test.rb
@ -4,32 +4,6 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
  ##
  # test all routes which lead to this controller
  def test_routes
    assert_routing(
      { :path => "/login", :method => :get },
      { :controller => "users", :action => "login" }
    )
    assert_routing(
      { :path => "/login", :method => :post },
      { :controller => "users", :action => "login" }
    )
    assert_recognizes(
      { :controller => "users", :action => "login", :format => "html" },
      { :path => "/login.html", :method => :get }
    )
    assert_routing(
      { :path => "/logout", :method => :get },
      { :controller => "users", :action => "logout" }
    )
    assert_routing(
      { :path => "/logout", :method => :post },
      { :controller => "users", :action => "logout" }
    )
    assert_recognizes(
      { :controller => "users", :action => "logout", :format => "html" },
      { :path => "/logout.html", :method => :get }
    )
    assert_routing(
      { :path => "/user/new", :method => :get },
      { :controller => "users", :action => "new" }
@ -406,63 +380,6 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
    ActionMailer::Base.deliveries.clear
  end
  def test_login
    user = create(:user)
    get login_path
    assert_response :redirect
    assert_redirected_to login_path(:cookie_test => true)
    follow_redirect!
    assert_response :success
    assert_template "login"
    get login_path, :params => { :username => user.display_name, :password => "test" }
    assert_response :success
    assert_template "login"
    post login_path, :params => { :username => user.display_name, :password => "test" }
    assert_response :redirect
    assert_redirected_to root_path
  end
  def test_logout_without_referer
    post logout_path
    assert_response :redirect
    assert_redirected_to root_path
  end
  def test_logout_with_referer
    post logout_path, :params => { :referer => "/test" }
    assert_response :redirect
    assert_redirected_to "/test"
  end
  def test_logout_fallback_without_referer
    get logout_path
    assert_response :success
    assert_template :logout
    assert_select "input[name=referer]:not([value])"
  end
  def test_logout_fallback_with_referer
    get logout_path, :params => { :referer => "/test" }
    assert_response :success
    assert_template :logout
    assert_select "input[name=referer][value=?]", "/test"
  end
  def test_logout_removes_session_token
    user = build(:user, :pending)
    post user_new_path, :params => { :user => user.attributes }
    post user_save_path, :params => { :read_ct => 1, :read_tou => 1 }
    assert_difference "User.find_by(:email => user.email).tokens.count", -1 do
      post logout_path
    end
    assert_response :redirect
    assert_redirected_to root_path
  end
  def test_confirm_get
    user = build(:user, :pending)
    post user_new_path, :params => { :user => user.attributes }
--- a/test/integration/user_changeset_comments_test.rb
+++ b/test/integration/user_changeset_comments_test.rb
@ -30,7 +30,7 @@ class UserChangesetCommentsTest < ActionDispatch::IntegrationTest
    follow_redirect!
    # We should now be at the login page
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    # We can now login
    post "/login", :params => { "username" => user.email, "password" => "test" }
    assert_response :redirect
--- a/test/integration/user_diaries_test.rb
+++ b/test/integration/user_diaries_test.rb
@ -11,7 +11,7 @@ class UserDiariesTest < ActionDispatch::IntegrationTest
    follow_redirect!
    # We should now be at the login page
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    # We can now login
    post "/login", :params => { "username" => user.email, "password" => "test", :referer => "/diary/new" }
    assert_response :redirect
--- a/test/integration/user_login_test.rb
+++ b/test/integration/user_login_test.rb
@ -47,7 +47,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    try_password_login user.email.titlecase, "test"
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "span.username", false
  end
@ -111,7 +111,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    try_password_login user.email, "test"
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "span.username", false
    assert_select "div.flash.error", /your account has been suspended/ do
      assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
@ -123,7 +123,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    try_password_login user.email.upcase, "test"
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "span.username", false
    assert_select "div.flash.error", /your account has been suspended/ do
      assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
@ -135,7 +135,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    try_password_login user.email.titlecase, "test"
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "span.username", false
    assert_select "div.flash.error", /your account has been suspended/ do
      assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
@ -204,7 +204,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    try_password_login user.display_name.downcase, "test"
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "span.username", false
  end
@ -268,7 +268,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    try_password_login user.display_name, "test"
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "span.username", false
    assert_select "div.flash.error", /your account has been suspended/ do
      assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
@ -280,7 +280,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    try_password_login user.display_name.upcase, "test"
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "span.username", false
    assert_select "div.flash.error", /your account has been suspended/ do
      assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
@ -292,7 +292,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    try_password_login user.display_name.downcase, "test"
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "span.username", false
    assert_select "div.flash.error", /your account has been suspended/ do
      assert_select "a[href='mailto:openstreetmap@example.com']", "webmaster"
@ -358,7 +358,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path(:cookie_test => true, :referer => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/john.doe", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/john.doe", :origin => "/login?referer=%2Fhistory", :referer => "/history")
@ -379,7 +379,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path(:cookie_test => true, :referer => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
@ -390,7 +390,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Connection to authentication provider failed"
    assert_select "span.username", false
  end
@ -404,7 +404,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path(:cookie_test => true, :referer => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
@ -415,7 +415,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Invalid authentication credentials"
    assert_select "span.username", false
  end
@ -428,7 +428,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path(:cookie_test => true, :referer => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "openid", :openid_url => "http://localhost:1123/fred.bloggs", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "openid", :openid_url => "http://localhost:1123/fred.bloggs", :origin => "/login?referer=%2Fhistory", :referer => "/history")
@ -451,7 +451,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "google")
@ -471,7 +471,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "google")
@ -482,7 +482,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Connection to authentication provider failed"
    assert_select "span.username", false
  end
@ -495,7 +495,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "google")
@ -506,7 +506,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Invalid authentication credentials"
    assert_select "span.username", false
  end
@ -521,7 +521,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "google")
@ -544,7 +544,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "google", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "google")
@ -569,7 +569,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "facebook")
@ -589,7 +589,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "facebook")
@ -600,7 +600,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Connection to authentication provider failed"
    assert_select "span.username", false
  end
@ -613,7 +613,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "facebook")
@ -624,7 +624,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Invalid authentication credentials"
    assert_select "span.username", false
  end
@ -637,7 +637,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "facebook", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "facebook")
@ -658,7 +658,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "windowslive")
@ -678,7 +678,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "windowslive")
@ -689,7 +689,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Connection to authentication provider failed"
    assert_select "span.username", false
  end
@ -702,7 +702,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "windowslive")
@ -713,7 +713,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Invalid authentication credentials"
    assert_select "span.username", false
  end
@ -726,7 +726,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "windowslive", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "windowslive")
@ -747,7 +747,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "github")
@ -767,7 +767,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "github")
@ -778,7 +778,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Connection to authentication provider failed"
    assert_select "span.username", false
  end
@ -791,7 +791,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "github")
@ -802,7 +802,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Invalid authentication credentials"
    assert_select "span.username", false
  end
@ -815,7 +815,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "github", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "github")
@ -836,7 +836,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
@ -856,7 +856,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
@ -867,7 +867,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Connection to authentication provider failed"
    assert_select "span.username", false
  end
@ -880,7 +880,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
@ -891,7 +891,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "div.flash.error", "Invalid authentication credentials"
    assert_select "span.username", false
  end
@ -904,7 +904,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path("cookie_test" => "true", "referer" => "/history")
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post auth_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
    assert_response :redirect
    assert_redirected_to auth_success_path(:provider => "wikipedia", :origin => "/login?referer=%2Fhistory", :referer => "/history")
@ -924,7 +924,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_redirected_to login_path(:cookie_test => true)
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "input#username", 1 do
      assert_select "[value]", false
    end
@ -939,7 +939,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
    assert_response :redirect
    follow_redirect!
    assert_response :success
-    assert_template "login"
+    assert_template "sessions/new"
    assert_select "input#username", 1 do
      assert_select "[value=?]", username
    end
--- a/test/integration/user_terms_seen_test.rb
+++ b/test/integration/user_terms_seen_test.rb
@ -22,7 +22,7 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
    get "/login"
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
    assert_response :redirect
    # but now we need to look at the terms
@ -47,7 +47,7 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
    get "/login"
    follow_redirect!
    assert_response :success
-    assert_template "users/login"
+    assert_template "sessions/new"
    post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
    assert_response :redirect
    # but now we need to look at the terms
--- a/test/system/issues_test.rb
+++ b/test/system/issues_test.rb
@ -5,7 +5,7 @@ class IssuesTest < ApplicationSystemTestCase
  def test_view_issues_not_logged_in
    visit issues_path
-    assert page.has_content?(I18n.t("users.login.title"))
+    assert page.has_content?(I18n.t("sessions.new.title"))
  end
  def test_view_issues_normal_user