It doesn't actually do what it says, as it sets the content type
to text/html not text/plain so is just confusing and as a result
has been deprecated in newer rails versions.
Rails redirect_to uses the current controller by default, so there
is no need to re-iterate this in the code when the redirect targets
the current controller.
The short-form is already used elsewhere, this just tidies up those
which were still using the long-form.
Only treat auth_success as a possible login attempt if we're not
in the middle of validating a new user, or a change to a user.
Also validate the uniqueness of external auth credentials at the
rails level rather than just at the database level, and make sure
any errors are properly reported.
Fixes#1265
Per https://developers.facebook.com/docs/graph-api/reference/user the
offical description of the email field is:
> The person's primary email address listed on their profile. This
> field will not be returned if no valid email address is available
Therefore we can treat the fact that the email is returned as proof
that it has been verified.
Make user#confirm_resend require a valid token in the session
that matches the requested user, and ensure trying to login as
an unconfirmed user sets such a token.
Fixes#1010
This replaces OpenID authentication, which is going away soon, but
provides an upgrade path where we can migrate users that already have
a Google OpenID setup to the new system transparently.
1. It didn't work, the code only checked the remember_me button, not
the remember_me_openid button.
2. It did not have a unique id, making the label next to it not work
for selecting the checkbox.
The slim layout is not really needed since the redesign as the
pages it was used for in the OAuth flow now have less chrome and
work fine on small screens with the normal layout.
Fixes#689
