Patch by Go MAEDA. git-svn-id: http://svn.redmine.org/redmine/trunk@21312 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 years ago · 9955844da1
--- a/Gemfile
+++ b/Gemfile
  gem 'net-ldap', '~> 0.17.0'
 end
 # Optional gem for OpenID authentication
 group :openid do
  gem "ruby-openid", "~> 2.9.2", :require => "openid"
  gem "rack-openid"
 end
 # Optional gem for exporting the gantt to a PNG file
 group :minimagick do
  gem 'mini_magick', '~> 4.11.0'
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
  skip_before_action :check_if_login_required, :check_password_change
  skip_before_action :check_twofa_activation, :only => :logout
  # Overrides ApplicationController#verify_authenticity_token to disable
  # token verification on openid callbacks
  def verify_authenticity_token
    unless using_open_id?
      super
    end
  end
  # Login request and validation
  def login
    if request.post?
          redirect_to my_account_path
        end
      else
        unless user_params[:identity_url].present? && user_params[:password].blank? && user_params[:password_confirmation].blank?
        unless user_params[:password].blank? && user_params[:password_confirmation].blank?
          @user.password, @user.password_confirmation = user_params[:password], user_params[:password_confirmation]
        end
  end
  def authenticate_user
    if Setting.openid? && using_open_id?
      open_id_authenticate(params[:openid_url])
    else
      password_authentication
    end
    password_authentication
  end
  def password_authentication
    update_sudo_timestamp! # activate Sudo Mode
  end
  def open_id_authenticate(openid_url)
    back_url = signin_url(:autologin => params[:autologin])
    authenticate_with_open_id(
      openid_url, :required => [:nickname, :fullname, :email],
      :return_to => back_url, :method => :post
    ) do |result, identity_url, registration|
      if result.successful?
        user = User.find_or_initialize_by_identity_url(identity_url)
        if user.new_record?
          # Self-registration off
          (redirect_to(home_url); return) unless Setting.self_registration?
          # Create on the fly
          user.login = registration['nickname'] unless registration['nickname'].nil?
          user.mail = registration['email'] unless registration['email'].nil?
          user.firstname, user.lastname = registration['fullname'].split(' ') unless registration['fullname'].nil?
          user.random_password
          user.register
          case Setting.self_registration
          when '1'
            register_by_email_activation(user) do
              onthefly_creation_failed(user)
            end
          when '3'
            register_automatically(user) do
              onthefly_creation_failed(user)
            end
          else
            register_manually_by_administrator(user) do
              onthefly_creation_failed(user)
            end
          end
        else
          # Existing record
          if user.active?
            successful_authentication(user)
          else
            handle_inactive_user(user)
          end
        end
      end
    end
  end
  def successful_authentication(user)
    logger.info "Successful authentication for '#{user.login}' from #{request.remote_ip} at #{Time.now.utc}"
    # Valid user
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
    a
  end
  def self.openid?
    Object.const_defined?(:OpenID) && self[:openid].to_i > 0
  end
  # Checks if settings have changed since the values were read
  # and clears the cache hash if it's the case
  # Called once per request
--- a/app/models/user.rb
+++ b/app/models/user.rb
  validates_format_of :login, :with => /\A[a-z0-9_\-@\.]*\z/i
  validates_length_of :login, :maximum => LOGIN_LENGTH_LIMIT
  validates_length_of :firstname, :lastname, :maximum => 30
  validates_length_of :identity_url, maximum: 255
  validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true
  Setting::PASSWORD_CHAR_CLASSES.each do |k, v|
    validates_format_of :password, :with => v, :message => :"must_contain_#{k}", :allow_blank => true, :if => Proc.new {Setting.password_required_char_classes.include?(k)}
    email_addresses.pluck(:address)
  end
  def self.find_or_initialize_by_identity_url(url)
    user = where(:identity_url => url).first
    unless user
      user = User.new
      user.identity_url = url
    end
    user
  end
  def identity_url=(url)
    if url.blank?
      write_attribute(:identity_url, '')
    else
      begin
        write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
      rescue OpenIdAuthentication::InvalidOpenId
        # Invalid url, don't save
      end
    end
    self.read_attribute(:identity_url)
  end
  # Returns the user that matches provided login and password, or nil
  # AuthSource errors are caught, logged and nil is returned.
  def self.try_to_login(login, password, active_only=true)
    'notified_project_ids',
    'language',
    'custom_field_values',
    'custom_fields',
    'identity_url')
    'custom_fields')
  safe_attributes(
    'login',
    :if => lambda {|user, current_user| user.new_record?})
--- a/app/views/account/login.html.erb
+++ b/app/views/account/login.html.erb
  </label>
  <%= password_field_tag 'password', nil, :tabindex => '2' %>
  <% if Setting.openid? %>
    <label for="openid_url"><%=l(:field_identity_url)%></label>
    <%= text_field_tag "openid_url", nil, :tabindex => '3' %>
  <% end %>
  <% if Setting.autologin? %>
    <label for="autologin"><%= check_box_tag 'autologin', 1, false, :tabindex => 4 %> <%= l(:label_stay_logged_in) %></label>
  <% end %>
--- a/app/views/account/register.html.erb
+++ b/app/views/account/register.html.erb
 <h2><%=l(:label_register)%> <%=link_to l(:label_login_with_open_id_option), signin_url if Setting.openid? %></h2>
 <h2><%=l(:label_register)%></h2>
 <%= labelled_form_for @user, :url => register_path do |f| %>
 <%= error_messages_for 'user' %>
 <p><%= f.select :language, lang_options_for_select %></p>
 <% end %>
 <% if Setting.openid? %>
  <p><%= f.text_field :identity_url  %></p>
 <% end %>
 <% @user.custom_field_values.select {|v| (Setting.show_custom_fields_on_registration? && v.editable?) || v.required?}.each do |value| %>
  <p><%= custom_field_tag_with_label :user, value %></p>
 <% end %>
--- a/app/views/my/account.html.erb
+++ b/app/views/my/account.html.erb
  <% unless @user.force_default_language? %>
  <p><%= f.select :language, lang_options_for_select %></p>
  <% end %>
  <% if Setting.openid? %>
  <p><%= f.text_field :identity_url  %></p>
  <% end %>
  <% if Setting.twofa? -%>
  <p>
    <label><%=l :setting_twofa -%></label>
--- a/app/views/settings/_authentication.html.erb
+++ b/app/views/settings/_authentication.html.erb
 </p>
 <p><%= setting_check_box :openid, :disabled => !Object.const_defined?(:OpenID) %></p>
 </div>
 <fieldset class="box">
  <legend><%= l(:label_session_expiration) %></legend>
--- a/app/views/users/_form.html.erb
+++ b/app/views/users/_form.html.erb
  <% unless @user.force_default_language? %>
  <p><%= f.select :language, lang_options_for_select %></p>
  <% end %>
  <% if Setting.openid? %>
  <p><%= f.text_field :identity_url  %></p>
  <% end %>
  <% @user.custom_field_values.each do |value| %>
    <p><%= custom_field_tag_with_label :user, value %></p>
--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
  # Maximum number of simultaneous AJAX uploads
  #max_concurrent_ajax_uploads: 2
  # Configure OpenIdAuthentication.store
  #
  # allowed values: :memory, :file, :memcache
  #openid_authentication_store: :memory
  # URL of the avatar server
  #
  # By default, Redmine uses Gravatar as the avatar server for displaying
--- a/config/initializers/30-redmine.rb
+++ b/config/initializers/30-redmine.rb
  RedmineApp::Application.config.secret_token = secret
 end
 if Object.const_defined?(:OpenIdAuthentication)
  openid_authentication_store = Redmine::Configuration['openid_authentication_store']
  OpenIdAuthentication.store = openid_authentication_store.presence || :memory
 end
 Redmine::PluginLoader.load
 plugin_assets_reloader = Redmine::PluginLoader.create_assets_reloader
--- a/config/locales/ar.yml
+++ b/config/locales/ar.yml
  field_parent_title: صفحة الوالدين
  field_editable: يمكن اعادة تحريره
  field_watcher: مراقب
  field_identity_url: افتح الرابط الخاص بالهوية الشخصية
  field_content: المحتويات
  field_group_by: تصنيف النتائج بواسطة 
  field_sharing: مشاركة
  setting_diff_max_lines_displayed: الحد الاقصى لعدد الخطوط
  setting_file_max_size_displayed: الحد الأقصى لحجم النص المعروض على الملفات المرفقة
  setting_repository_log_display_limit: الحد الاقصى لعدد التنقيحات المعروضة على ملف السجل
  setting_openid: السماح بدخول اسم المستخدم المفتوح والتسجيل
  setting_password_min_length: الحد الادني لطول كلمة المرور
  setting_new_project_user_role_id: الدور المسند الى المستخدم غير المسؤول الذي يقوم بإنشاء المشروع
  setting_default_projects_modules: تمكين الوحدات النمطية للمشاريع الجديدة بشكل افتراضي
  label_information: معلومة
  label_information_plural: معلومات
  label_register: تسجيل
  label_login_with_open_id_option: او الدخول بهوية مفتوحة
  label_password_lost: فقدت كلمة السر
  label_home: "الصفحة الرئيسية"
  label_my_page: الصفحة الخاصة بي
--- a/config/locales/az.yml
+++ b/config/locales/az.yml
  field_host: Kompyuter
  field_hours: saat
  field_identifier: Unikal identifikator
  field_identity_url: OpenID URL
  field_is_closed: Tapşırıq bağlanıb
  field_is_default: Susmaya görə tapşırıq
  field_is_filter: Filtr kimi istifadə edilir
  label_loading: Yükləmə...
  label_logged_as: Daxil olmusunuz
  label_login: Daxil olmaq
  label_login_with_open_id_option: və ya OpenID vasitəsilə daxil olmaq
  label_logout: Çıxış
  label_max_size: Maksimal ölçü
  label_member_new: Yeni iştirakçı
  setting_mail_from: Çıxan e-poçt ünvanı
  setting_mail_handler_api_enabled: Daxil olan məlumatlar üçün veb-servisi qoşmaq
  setting_mail_handler_api_key: API açar
  setting_openid: Giriş və qeydiyyat üçün OpenID izacə vermək
  setting_per_page_options: Səhifə üçün qeydlərin sayı
  setting_plain_text_mail: Yalnız sadə mətn (HTML olmadan)
  setting_protocol: Protokol
--- a/config/locales/bg.yml
+++ b/config/locales/bg.yml
  field_parent_title: Родителска страница
  field_editable: Editable
  field_watcher: Наблюдател
  field_identity_url: OpenID URL
  field_content: Съдържание
  field_group_by: Групиране на резултатите по
  field_sharing: Sharing
  setting_diff_max_lines_displayed: Максимален брой показвани diff редове
  setting_file_max_size_displayed: Максимален размер на текстовите файлове, показвани inline
  setting_repository_log_display_limit: Максимален брой на показванете ревизии в лог файла
  setting_openid: Рарешаване на OpenID вход и регистрация
  setting_password_max_age: Изискване за смяна на паролата след
  setting_password_min_length: Минимална дължина на парола
  setting_password_required_char_classes: Задължителни символни класове за пароли
  label_information: Информация
  label_information_plural: Информация
  label_register: Регистрация
  label_login_with_open_id_option: или вход чрез OpenID
  label_password_lost: Забравена парола
  label_password_required: Потвърдете вашата парола, за да продължите
  label_home: Начало
--- a/config/locales/bs.yml
+++ b/config/locales/bs.yml
  field_parent_title: 'Stranica "roditelj"'
  field_editable: Može se mijenjati
  field_watcher: Posmatrač
  field_identity_url: OpenID URL
  field_content: Sadržaj
  setting_app_title: Naslov aplikacije
  setting_diff_max_lines_displayed: Maksimalan broj linija za prikaz razlika između dva fajla
  setting_file_max_size_displayed: Maksimalna veličina fajla kod prikaza razlika unutar fajla (inline)
  setting_repository_log_display_limit: Maksimalna veličina revizija prikazanih na log fajlu
  setting_openid: Omogući OpenID prijavu i registraciju
  permission_edit_project: Ispravke projekta
  permission_select_project_modules: Odaberi module projekta
  label_information: Informacija
  label_information_plural: Informacije
  label_register: Registracija
  label_login_with_open_id_option: ili prijava sa OpenID-om
  label_password_lost: Izgubljena lozinka
  label_home: Početna stranica
  label_my_page: Moja stranica
--- a/config/locales/ca.yml
+++ b/config/locales/ca.yml
  field_parent_title: "Pàgina pare"
  field_editable: "Es pot editar"
  field_watcher: "Vigilància"
  field_identity_url: "URL OpenID"
  field_content: "Contingut"
  field_group_by: "Agrupa els resultats per"
  field_sharing: "Compartir"
  setting_diff_max_lines_displayed: "Número màxim de línies amb diferències mostrades"
  setting_file_max_size_displayed: "Mida màxima dels fitxers de text mostrats en línia"
  setting_repository_log_display_limit: "Número màxim de revisions que es mostren al registre de fitxers"
  setting_openid: "Permet entrar i registrar-se amb l'OpenID"
  setting_password_min_length: "Longitud mínima de la contrasenya"
  setting_new_project_user_role_id: "Aquest rol es dóna a un usuari no administrador per a crear projectes"
  setting_default_projects_modules: "Mòduls activats per defecte en els projectes nous"
  label_information: "Informació"
  label_information_plural: "Informació"
  label_register: "Registrar"
  label_login_with_open_id_option: "o entrar amb OpenID"
  label_password_lost: "Has oblidat la contrasenya?"
  label_home: "Inici"
  label_my_page: "La meva pàgina"
--- a/config/locales/cs.yml
+++ b/config/locales/cs.yml
  field_parent_title: Rodičovská stránka
  field_editable: Editovatelný
  field_watcher: Sleduje
  field_identity_url: OpenID URL
  field_content: Obsah
  field_group_by: Seskupovat výsledky podle
  field_sharing: Sdílení
  setting_diff_max_lines_displayed: Maximální počet zobrazených řádků rozdílu
  setting_file_max_size_displayed: Maximální velikost textových souborů zobrazených přímo na stránce
  setting_repository_log_display_limit: Maximální počet revizí zobrazených v logu souboru
  setting_openid: Umožnit přihlašování a registrace s OpenID
  setting_password_min_length: Minimální délka hesla
  setting_new_project_user_role_id: Role přiřazená uživateli bez práv administrátora, který projekt vytvořil
  setting_default_projects_modules: Výchozí zapnutné moduly pro nový projekt
  label_information: Informace
  label_information_plural: Informace
  label_register: Registrovat
  label_login_with_open_id_option: nebo se přihlašte s OpenID
  label_password_lost: Zapomenuté heslo
  label_home: Úvodní
  label_my_page: Moje stránka
--- a/config/locales/da.yml
+++ b/config/locales/da.yml
  setting_repository_log_display_limit: Højeste antal revisioner vist i fil-log
  setting_file_max_size_displayed: Maksimale størrelse på tekstfiler vist inline
  field_watcher: Overvåger
  setting_openid: Tillad OpenID login og registrering
  field_identity_url: OpenID URL
  label_login_with_open_id_option: eller login med OpenID
  setting_per_page_options: Enheder per side muligheder
  mail_body_reminder: "%{count} sage(er) som er tildelt dig har deadline indenfor de næste %{days} dage:"
  field_content: Indhold
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
  field_host: Host
  field_hours: Stunden
  field_identifier: Kennung
  field_identity_url: OpenID-URL
  field_inherit_members: Benutzer erben
  field_is_closed: Ticket geschlossen
  field_is_default: Standardeinstellung
  label_loading: Lade...
  label_logged_as: Angemeldet als
  label_login: Anmelden
  label_login_with_open_id_option: oder mit OpenID anmelden
  label_logout: Abmelden
  label_only: nur
  label_max_size: Maximale Größe
  setting_mail_handler_excluded_filenames: Anhänge nach Namen ausschließen
  setting_new_project_user_role_id: Rolle, die einem Nicht-Administrator zugeordnet wird, der ein Projekt erstellt
  setting_non_working_week_days: Arbeitsfreie Tage
  setting_openid: Erlaube OpenID-Anmeldung und -Registrierung
  setting_password_min_length: Mindestlänge des Passworts
  setting_password_max_age: Erzwinge Passwortwechsel nach
  setting_lost_password: Zurücksetzen des Passworts per E-Mail erlauben
--- a/config/locales/el.yml
+++ b/config/locales/el.yml
  field_parent_title: Γονική σελίδα
  field_editable: Επεξεργάσιμο
  field_watcher: Παρατηρητής
  field_identity_url: OpenID URL
  field_content: Περιεχόμενο
  field_group_by: Ομαδικά αποτελέσματα από
  setting_diff_max_lines_displayed: Μεγ.αριθμός εμφάνισης γραμμών diff
  setting_file_max_size_displayed: Μεγ.μέγεθος των αρχείων απλού κειμένου που εμφανίζονται σε σειρά
  setting_repository_log_display_limit: Μέγιστος αριθμός αναθεωρήσεων που εμφανίζονται στο ιστορικό αρχείου
  setting_openid: Επιτρέψτε συνδέσεις OpenID και εγγραφή
  setting_password_min_length: Ελάχιστο μήκος κωδικού πρόσβασης
  setting_new_project_user_role_id: Απόδοση ρόλου σε χρήστη μη-διαχειριστή όταν δημιουργεί ένα έργο
  label_information: Πληροφορία
  label_information_plural: Πληροφορίες
  label_register: Εγγραφή
  label_login_with_open_id_option: ή συνδεθείτε με OpenID
  label_password_lost: Ανάκτηση κωδικού πρόσβασης
  label_home: Αρχική σελίδα
  label_my_page: Η σελίδα μου
--- a/config/locales/en-GB.yml
+++ b/config/locales/en-GB.yml
  field_parent_title: Parent page
  field_editable: Editable
  field_watcher: Watcher
  field_identity_url: OpenID URL
  field_content: Content
  field_group_by: Group results by
  field_sharing: Sharing
  setting_diff_max_lines_displayed: Max number of diff lines displayed
  setting_file_max_size_displayed: Max size of text files displayed inline
  setting_repository_log_display_limit: Maximum number of revisions displayed on file log
  setting_openid: Allow OpenID login and registration
  setting_password_min_length: Minimum password length
  setting_new_project_user_role_id: Role given to a non-admin user who creates a project
  setting_default_projects_modules: Default enabled modules for new projects
  label_information: Information
  label_information_plural: Information
  label_register: Register
  label_login_with_open_id_option: or login with OpenID
  label_password_lost: Lost password
  label_home: Home
  label_my_page: My page
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
  field_parent_title: Parent page
  field_editable: Editable
  field_watcher: Watcher
  field_identity_url: OpenID URL
  field_content: Content
  field_group_by: Group results by
  field_sharing: Sharing
  setting_diff_max_lines_displayed: Maximum number of diff lines displayed
  setting_file_max_size_displayed: Maximum size of text files displayed inline
  setting_repository_log_display_limit: Maximum number of revisions displayed on file log
  setting_openid: Allow OpenID login and registration
  setting_password_max_age: Require password change after
  setting_password_min_length: Minimum password length
  setting_password_required_char_classes : Required character classes for passwords
  label_information: Information
  label_information_plural: Information
  label_register: Register
  label_login_with_open_id_option: or login with OpenID
  label_password_lost: Lost password
  label_password_required: Confirm your password to continue
  label_home: Home
--- a/config/locales/es-PA.yml
+++ b/config/locales/es-PA.yml
  setting_repository_log_display_limit: Número máximo de revisiones mostradas en el archivo de trazas
  setting_file_max_size_displayed: Tamaño máximo de los archivos de texto mostrados
  field_watcher: Seguidor
  setting_openid: Permitir identificación y registro por OpenID
  field_identity_url: URL de OpenID
  label_login_with_open_id_option: o identifíquese con OpenID
  field_content: Contenido
  label_descending: Descendente
  label_sort: Ordenar
--- a/config/locales/es.yml
+++ b/config/locales/es.yml
  setting_repository_log_display_limit: Número máximo de revisiones mostradas en el fichero de trazas
  setting_file_max_size_displayed: Tamaño máximo de los ficheros de texto mostrados
  field_watcher: Seguidor
  setting_openid: Permitir identificación y registro por OpenID
  field_identity_url: URL de OpenID
  label_login_with_open_id_option: o identifíquese con OpenID
  field_content: Contenido
  label_descending: Descendente
  label_sort: Ordenar
--- a/config/locales/et.yml
+++ b/config/locales/et.yml
  field_parent_title: "Pärineb lehest"
  field_editable: "Muudetav"
  field_watcher: "Jälgija"
  field_identity_url: "OpenID URL"
  field_content: "Sisu"
  field_group_by: "Rühmita tulemus"
  field_sharing: "Teemade jagamine"
  setting_diff_max_lines_displayed: "Enim korraga näidatavaid erinevusi"
  setting_file_max_size_displayed: "Kuvatava tekstifaili suurim maht"
  setting_repository_log_display_limit: "Enim ajaloos näidatavaid sissekandeid"
  setting_openid: "Luba OpenID-ga registreerimine ja sisselogimine"
  setting_password_min_length: "Lühim lubatud parooli pikkus"
  setting_new_project_user_role_id: "Projekti looja roll oma projektis"
  setting_default_projects_modules: "Vaikimisi moodulid uutes projektides"
  label_information: "Teave"
  label_information_plural: "Teave"
  label_register: "Registreeru"
  label_login_with_open_id_option: "või logi sisse OpenID-ga"
  label_password_lost: "Kui parool on ununud..."
  label_home: "Kodu"
  label_my_page: "Minu leht"
--- a/config/locales/eu.yml
+++ b/config/locales/eu.yml
  field_parent_title: Orri gurasoa
  field_editable: Editagarria
  field_watcher: Behatzailea
  field_identity_url: OpenID URLa
  field_content: Edukia
  field_group_by: Emaitzak honegatik taldekatu
  field_sharing: Partekatzea
  setting_diff_max_lines_displayed: Erakutsiko diren diff lerro kopuru maximoa
  setting_file_max_size_displayed: Barnean erakuzten diren testu fitxategien tamaina maximoa
  setting_repository_log_display_limit: Egunkari fitxategian erakutsiko diren berrikuspen kopuru maximoa.
  setting_openid: Baimendu OpenID saio hasiera eta erregistatzea
  setting_password_min_length: Pasahitzen luzera minimoa
  setting_new_project_user_role_id: Proiektu berriak sortzerakoan kudeatzaile ez diren erabiltzaileei esleitutako rola
  setting_default_projects_modules: Proiektu berrientzako defektuz gaitutako moduluak
  label_information: Informazioa
  label_information_plural: Informazioa
  label_register: Erregistratu
  label_login_with_open_id_option: edo OpenID-rekin saioa hasi
  label_password_lost: Pasahitza galduta
  label_home: Hasiera
  label_my_page: Nire orria
--- a/config/locales/fa.yml
+++ b/config/locales/fa.yml
  field_parent_title: صفحه پدر
  field_editable: ویرایش‌پذیر
  field_watcher: ناظر
  field_identity_url: نشانی OpenID
  field_content: محتوا
  field_group_by: دسته بندی با
  field_sharing: اشتراک گذاری
  setting_diff_max_lines_displayed: بیشترین اندازه ردیف‌های تفاوت نشان داده شده
  setting_file_max_size_displayed: بیشترین اندازه پرونده‌های نمایش داده‌شده به صورت هم‌ردیف
  setting_repository_log_display_limit: بیشترین تعداد بازبینی‌های نمایش داده‌شده در گزارش پرونده
  setting_openid: اجازه ورود و ثبت نام با OpenID
  setting_password_max_age: لزوم تغییر گذرواژه پس از
  setting_password_min_length: کم‌ترین اندازه گذرواژه
  setting_lost_password: اجازه بازنشانی گذرواژه با رایانامه
  label_information: اطلاعات
  label_information_plural: اطلاعات
  label_register: ثبت نام
  label_login_with_open_id_option: یا با OpenID وارد شوید
  label_password_lost: بازیابی گذرواژه
  label_password_required: برای ادامه، گذرواژه خود را تایید کنید
  label_home: خانه
--- a/config/locales/fi.yml
+++ b/config/locales/fi.yml
  setting_repository_log_display_limit: Maximum number of revisions displayed on file log
  setting_file_max_size_displayed: Max size of text files displayed inline
  field_watcher: Watcher
  setting_openid: Allow OpenID login and registration
  field_identity_url: OpenID URL
  label_login_with_open_id_option: or login with OpenID
  field_content: Content
  label_descending: Descending
  label_sort: Sort
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
  field_parent_title: Page parent
  field_editable: Modifiable
  field_watcher: Observateur
  field_identity_url: URL OpenID
  field_content: Contenu
  field_group_by: Grouper par
  field_sharing: Partage
  setting_diff_max_lines_displayed: Nombre maximum de lignes de diff affichées
  setting_file_max_size_displayed: Taille maximum des fichiers texte affichés en ligne
  setting_repository_log_display_limit: "Nombre maximum de révisions affichées sur l'historique d'un fichier"
  setting_openid: "Autoriser l'authentification et l'enregistrement OpenID"
  setting_password_max_age: Expiration des mots de passe après
  setting_password_min_length: Longueur minimum des mots de passe
  setting_new_project_user_role_id: Rôle donné à un utilisateur non-administrateur qui crée un projet
  label_information: Information
  label_information_plural: Informations
  label_register: S'enregistrer
  label_login_with_open_id_option: S'authentifier avec OpenID
  label_password_lost: Mot de passe perdu
  label_password_required: Confirmez votre mot de passe pour continuer
  label_home: Accueil
--- a/config/locales/gl.yml
+++ b/config/locales/gl.yml
  setting_repository_log_display_limit: "Número máximo de revisións que se mostran no ficheiro do historial."
  setting_file_max_size_displayed: "Tamaño máximo dos ficheiros de texto que se mostran liña por liña."
  field_watcher: "Seguidor"
  setting_openid: "Permitir rexistrarse e acceder mediante OpenID."
  field_identity_url: "URL de OpenID"
  label_login_with_open_id_option: "ou acceda mediante OpenID."
  field_content: "Contido"
  label_descending: "Descendente"
  label_sort: "Ordenar"
--- a/config/locales/he.yml
+++ b/config/locales/he.yml
  field_parent_title: דף אב
  field_editable: ניתן לעריכה
  field_watcher: צופה
  field_identity_url: כתובת OpenID
  field_content: תוכן
  field_group_by: קבץ את התוצאות לפי
  field_sharing: שיתוף
  setting_diff_max_lines_displayed: מספר מירבי של שורות בתצוגת שינויים
  setting_file_max_size_displayed: גודל מירבי של מלל המוצג בתוך השורה
  setting_repository_log_display_limit: מספר מירבי של מהדורות המוצגות ביומן קובץ
  setting_openid: אפשר התחברות ורישום באמצעות OpenID
  setting_password_min_length: אורך סיסמה מינימאלי
  setting_new_project_user_role_id: התפקיד שמוגדר למשתמש פשוט אשר יוצר פרויקט
  setting_default_projects_modules: מודולים מאופשרים בברירת מחדל עבור פרויקטים חדשים
  label_information: מידע
  label_information_plural: מידע
  label_register: הרשמה
  label_login_with_open_id_option: או התחבר באמצעות OpenID
  label_password_lost: אבדה הסיסמה?
  label_home: דף הבית
  label_my_page: הדף שלי
--- a/config/locales/hr.yml
+++ b/config/locales/hr.yml
  field_parent_title: Parent page
  field_editable: Editable
  field_watcher: Watcher
  field_identity_url: OpenID URL
  field_content: Content
  field_group_by: Group results by
  setting_diff_max_lines_displayed: Maksimalni broj diff linija za prikazati
  setting_file_max_size_displayed: Max size of text files displayed inline
  setting_repository_log_display_limit: Maximum number of revisions displayed on file log
  setting_openid: Allow OpenID login and registration
  setting_password_min_length: Minimum password length
  setting_new_project_user_role_id: Role given to a non-admin user who creates a project
  setting_default_projects_modules: Default enabled modules for new projects
  label_information: Informacija
  label_information_plural: Informacije
  label_register: Registracija
  label_login_with_open_id_option: or login with OpenID
  label_password_lost: Izgubljena zaporka
  label_home: Početna stranica
  label_my_page: Moja stranica
--- a/config/locales/hu.yml
+++ b/config/locales/hu.yml
  setting_repository_log_display_limit: Maximum hány revíziót mutasson meg a log megjelenítésekor
  setting_file_max_size_displayed: Maximum mekkora szövegfájlokat jelenítsen meg soronkénti összehasonlításnál
  field_watcher: Megfigyelő
  setting_openid: OpenID regisztráció és bejelentkezés engedélyezése
  field_identity_url: OpenID URL
  label_login_with_open_id_option: bejelentkezés OpenID használatával
  field_content: Tartalom
  label_descending: Csökkenő
  label_sort: Rendezés
--- a/config/locales/id.yml
+++ b/config/locales/id.yml
  field_parent_title: Halaman induk
  field_editable: Dapat disunting
  field_watcher: Pemantau
  field_identity_url: OpenID URL
  field_content: Isi
  field_group_by: Dikelompokkan berdasar
  field_sharing: Berbagi
  setting_diff_max_lines_displayed: Maksimum perbedaan baris tertampil
  setting_file_max_size_displayed: Maksimum berkas tertampil secara inline
  setting_repository_log_display_limit: Nilai maksimum dari revisi ditampilkan di log berkas
  setting_openid: Perbolehkan Login dan pendaftaran melalui OpenID
  setting_password_min_length: Panjang minimum untuk kata sandi
  setting_new_project_user_role_id: Peran diberikan pada pengguna non-admin yang membuat proyek
  setting_default_projects_modules: Modul yang diaktifkan pada proyek baru
  label_information: Informasi
  label_information_plural: Informasi
  label_register: mendaftar
  label_login_with_open_id_option: atau login menggunakan OpenID
  label_password_lost: Lupa password
  label_home: Halaman depan
  label_my_page: Beranda
--- a/config/locales/it.yml
+++ b/config/locales/it.yml
  setting_repository_log_display_limit: Numero massimo di revisioni elencate nella cronologia file
  setting_file_max_size_displayed: Dimensione massima dei contenuti testuali visualizzati
  field_watcher: Osservatore
  setting_openid: Accetta connessione e registrazione con OpenID
  field_identity_url: URL OpenID
  label_login_with_open_id_option: oppure autenticati usando OpenID
  field_content: Contenuto
  label_descending: Discendente
  label_sort: Ordina
--- a/config/locales/ja.yml
+++ b/config/locales/ja.yml
  field_parent_title: 親ページ
  field_editable: 編集可能
  field_watcher: ウォッチャー
  field_identity_url: OpenID URL
  field_content: 内容
  field_group_by: グループ条件
  field_sharing: 共有
  setting_diff_max_lines_displayed: 差分の表示行数の上限
  setting_file_max_size_displayed: 画面表示するテキストファイルサイズの上限
  setting_repository_log_display_limit: ファイルのリビジョン表示数の上限
  setting_openid: OpenIDによるログインと登録
  setting_password_min_length: パスワードの最低必要文字数
  setting_new_project_user_role_id: システム管理者以外のユーザーが作成したプロジェクトに設定するロール
  setting_default_projects_modules: 新規プロジェクトにおいてデフォルトで有効になるモジュール
  label_information: 情報
  label_information_plural: 情報
  label_register: 登録する
  label_login_with_open_id_option: またはOpenIDでログインする
  label_password_lost: パスワードの再設定
  label_home: ホーム
  label_my_page: マイページ
--- a/config/locales/ko.yml
+++ b/config/locales/ko.yml
  field_parent_title: 상위 제목
  field_editable: 편집가능
  field_watcher: 일감관람자
  field_identity_url: OpenID URL
  field_content: 내용
  field_group_by: 결과를 묶어 보여줄 기준
  setting_diff_max_lines_displayed: 차이점(diff) 보기에 표시할 최대 줄수
  setting_repository_log_display_limit: 저장소 보기에 표시할 개정이력의 최대 갯수
  setting_file_max_size_displayed: 바로 보여줄 텍스트파일의 최대 크기
  setting_openid: OpenID 로그인과 등록 허용
  setting_password_min_length: 최소 암호 길이
  setting_new_project_user_role_id: 프로젝트를 만든 사용자에게 주어질 역할
  label_information: 정보
  label_information_plural: 정보
  label_register: 등록
  label_login_with_open_id_option: 또는 OpenID로 로그인
  label_password_lost: 비밀번호 찾기
  label_home: 초기화면
  label_my_page: 내 페이지
--- a/config/locales/lt.yml
+++ b/config/locales/lt.yml
  field_parent_title: Pagrindinis puslapis
  field_editable: Redaguojamas
  field_watcher: Stebėtojas
  field_identity_url: OpenID URL
  field_content: Turinys
  field_group_by: Sugrupuoti pagal
  field_sharing: Dalijimasis
  setting_diff_max_lines_displayed: Maksimalus rodomas pakeitimų eilučių skaičius
  setting_file_max_size_displayed: Maksimalus tekstinių failų dydis rodomas vienoje eilutėje
  setting_repository_log_display_limit: Maksimalus revizijų skaičius rodomas failo žurnale
  setting_openid: Leisti OpenID prisijungimą ir registraciją
  setting_password_max_age: Reikalauti slaptažodžio pakeitimo po
  setting_password_min_length: Minimalus slaptažodžio ilgis
  setting_lost_password: Leisti slaptažodžio atstatymą elektroninu laišku
  label_information: Informacija
  label_information_plural: Informacija
  label_register: Užsiregistruoti
  label_login_with_open_id_option: arba prisijunkite su OpenID
  label_password_lost: Prarastas slaptažodis
  label_password_required: Norėdami tęsti, patvirtinkite savo slaptažodį
  label_home: Pagrindinis
--- a/config/locales/lv.yml
+++ b/config/locales/lv.yml
  field_parent_title: Vecāka lapa
  field_editable: Rediģējams
  field_watcher: Vērotājs
  field_identity_url: OpenID URL
  field_content: Saturs
  field_group_by: Grupēt rezultātus pēc
  field_sharing: Koplietošana
  setting_diff_max_lines_displayed: Maksimālais rādīto diff rindu skaits
  setting_file_max_size_displayed: Maksimālais izmērs iekļautajiem teksta failiem
  setting_repository_log_display_limit: Maksimālais žurnāla datnē rādīto revīziju skaits
  setting_openid: Atļaut OpenID pieslēgšanos un reģistrēšanos
  setting_password_min_length: Minimālais paroles garums
  setting_new_project_user_role_id: Loma, kura tiek piešķirta ne-administratora lietotājam, kurš izveido projektu
  setting_default_projects_modules: Noklusētie lietotie moduļi jaunam projektam
  label_information: Informācija
  label_information_plural: Informācija
  label_register: Reģistrēties
  label_login_with_open_id_option: vai pieslēgties ar OpenID
  label_password_lost: Nozaudēta parole
  label_home: Sākums
  label_my_page: Mana lapa
--- a/config/locales/mk.yml
+++ b/config/locales/mk.yml
  field_parent_title: Parent page
  field_editable: Може да се уредува
  field_watcher: Watcher
  field_identity_url: OpenID URL
  field_content: Содржина
  field_group_by: Групирај ги резултатите според
  field_sharing: Споделување
  setting_diff_max_lines_displayed: Max number of diff lines displayed
  setting_file_max_size_displayed: Max size of text files displayed inline
  setting_repository_log_display_limit: Maximum number of revisions displayed on file log
  setting_openid: Дозволи OpenID најава и регистрација
  setting_password_min_length: Мин. должина на лозинка
  setting_new_project_user_role_id: Улога доделена на неадминистраторски корисник кој креира проект
  setting_default_projects_modules: Default enabled modules for new projects
  label_information: Информација
  label_information_plural: Информации
  label_register: Регистрирај се
  label_login_with_open_id_option: или најави се со OpenID
  label_password_lost: Изгубена лозинка
  label_home: Почетна
  label_my_page: Мојата страна
--- a/config/locales/mn.yml
+++ b/config/locales/mn.yml
  field_parent_title: Эцэг хуудас
  field_editable: Засварлагдана
  field_watcher: Харна
  field_identity_url: OpenID URL
  field_content: Агуулга
  field_group_by: Үр дүнгээр бүлэглэх
  field_sharing: Sharing
  setting_diff_max_lines_displayed: Ялгаатай мөрүүдийн тоо (дээд тал нь)
  setting_file_max_size_displayed: Max size of text files displayed inline
  setting_repository_log_display_limit: Maximum number of revisions displayed on file log
  setting_openid: Allow OpenID login and registration
  setting_password_min_length: Minimum password length
  setting_new_project_user_role_id: Role given to a non-admin user who creates a project
  setting_default_projects_modules: Default enabled modules for new projects
  label_information: Мэдээлэл
  label_information_plural: Мэдээллүүд
  label_register: Бүртгүүлэх
  label_login_with_open_id_option: or login with OpenID
  label_password_lost: Нууц үгээ алдсан
  label_home: Нүүр
  label_my_page: Миний хуудас
--- a/config/locales/nl.yml
+++ b/config/locales/nl.yml
  setting_repository_log_display_limit: Max aantal revisies zichbaar
  setting_file_max_size_displayed: Max grootte van tekstbestanden inline zichtbaar
  field_watcher: Volger
  setting_openid: Sta OpenID login en registratie toe
  field_identity_url: OpenID URL
  label_login_with_open_id_option: of login met uw OpenID
  field_content: Content
  label_descending: Aflopend
  label_sort: Sorteer
--- a/config/locales/no.yml
+++ b/config/locales/no.yml
  setting_repository_log_display_limit: Maks antall revisjoner vist i fil-loggen
  setting_file_max_size_displayed: Max size of text files displayed inline
  field_watcher: Overvåker
  setting_openid: Tillat OpenID innlogging og registrering
  field_identity_url: OpenID URL
  label_login_with_open_id_option: eller logg inn med OpenID
  field_content: Innhold
  label_descending: Synkende
  label_sort: Sorter
--- a/config/locales/pl.yml
+++ b/config/locales/pl.yml
  setting_repository_log_display_limit: Maksymalna liczba rewizji pokazywanych w logu pliku
  setting_file_max_size_displayed: Maksymalny rozmiar plików tekstowych osadzanych w stronie
  field_watcher: Obserwator
  setting_openid: Logowanie i rejestracja przy użyciu OpenID
  field_identity_url: Identyfikator OpenID (URL)
  label_login_with_open_id_option: albo użyj OpenID
  field_content: Treść
  label_descending: Malejąco
  label_sort: Sortuj
--- a/config/locales/pt-BR.yml
+++ b/config/locales/pt-BR.yml
  field_editable: Editável
  setting_repository_log_display_limit: Número máximo de revisões exibidas no arquivo de log
  setting_file_max_size_displayed: Tamanho máximo dos arquivos textos exibidos em linha
  setting_openid: Permitir Login e Registro via OpenID
  field_identity_url: OpenID URL
  label_login_with_open_id_option: ou use o OpenID
  field_content: Conteúdo
  label_descending: Descendente
  label_sort: Ordenar
--- a/config/locales/pt.yml
+++ b/config/locales/pt.yml
  setting_repository_log_display_limit: Número máximo de revisões exibido no relatório de ficheiro
  setting_file_max_size_displayed: Tamanho máximo dos ficheiros de texto exibidos inline
  field_watcher: Observador
  setting_openid: Permitir início de sessão e registo com OpenID
  field_identity_url: URL do OpenID
  label_login_with_open_id_option: ou início de sessão com OpenID
  field_content: Conteúdo
  label_descending: Descendente
  label_sort: Ordenar
--- a/config/locales/ro.yml
+++ b/config/locales/ro.yml
  field_parent_title: Pagina superioara
  field_editable: Modificabil
  field_watcher: Urmărește
  field_identity_url: URL OpenID
  field_content: Conținut
  setting_app_title: Titlu aplicație
  setting_diff_max_lines_displayed: Număr maxim de linii de diferență afișate
  setting_file_max_size_displayed: Număr maxim de fișiere text afișate în pagină (inline)
  setting_repository_log_display_limit: Număr maxim de revizii afișate în istoricul fișierului
  setting_openid: Permite înregistrare și autentificare cu OpenID
  permission_edit_project: Editează proiectul
  permission_select_project_modules: Alege module pentru proiect
  label_information: Informație
  label_information_plural: Informații
  label_register: Înregistrare
  label_login_with_open_id_option: sau autentificare cu OpenID
  label_password_lost: Parolă uitată
  label_home: Acasă
  label_my_page: Pagina mea
--- a/config/locales/ru.yml
+++ b/config/locales/ru.yml
  field_host: Компьютер
  field_hours: час(а,ов)
  field_identifier: Уникальный идентификатор
  field_identity_url: OpenID URL
  field_is_closed: Задача закрыта
  field_is_default: Значение по умолчанию
  field_is_filter: Используется в качестве фильтра
  label_loading: Загрузка...
  label_logged_as: Вошли как
  label_login: Войти
  label_login_with_open_id_option: или войти с помощью OpenID
  label_logout: Выйти
  label_max_size: Максимальный размер
  label_member_new: Новый участник
  setting_mail_from: Исходящий email адрес
  setting_mail_handler_api_enabled: Включить веб-сервис для входящих сообщений
  setting_mail_handler_api_key: API ключ
  setting_openid: Разрешить OpenID для входа и регистрации
  setting_per_page_options: Количество записей на страницу
  setting_plain_text_mail: Только простой текст (без HTML)
  setting_protocol: Протокол
--- a/config/locales/sk.yml
+++ b/config/locales/sk.yml
  setting_repository_log_display_limit: Maximálny počet revízií zobrazených v log súbore
  setting_file_max_size_displayed: Maximálna veľkosť textových súborov zobrazených priamo na stránke
  field_watcher: Pozorovatelia
  setting_openid: Povoliť prihlasovanie a registráciu pomocou OpenID
  field_identity_url: OpenID URL
  label_login_with_open_id_option: alebo sa prihlásiť pomocou OpenID
  field_content: Obsah
  label_descending: Zostupne
  label_sort: Zoradenie
--- a/config/locales/sl.yml
+++ b/config/locales/sl.yml
  setting_repository_log_display_limit: Največje število prikazanih revizij v log datoteki
  setting_file_max_size_displayed: Največja velikost besedilnih datotek v vključenem prikazu
  field_watcher: Opazovalec
  setting_openid: Dovoli OpenID prijavo in registracijo
  field_identity_url: OpenID URL
  label_login_with_open_id_option: ali se prijavi z OpenID
  field_content: Vsebina
  label_descending: Padajoče
  label_sort: Razvrsti
--- a/config/locales/sq.yml
+++ b/config/locales/sq.yml
  field_parent_title: Parent page
  field_editable: Editable
  field_watcher: Watcher
  field_identity_url: OpenID URL
  field_content: Content
  field_group_by: Group results by
  field_sharing: Sharing
  setting_diff_max_lines_displayed: Maximum number of diff lines displayed
  setting_file_max_size_displayed: Maximum size of text files displayed inline
  setting_repository_log_display_limit: Maximum number of revisions displayed on file log
  setting_openid: Allow OpenID login and registration
  setting_password_min_length: Minimum password length
  setting_new_project_user_role_id: Role given to a non-admin user who creates a project
  setting_default_projects_modules: Default enabled modules for new projects
  label_information: Informacion
  label_information_plural: Informacione
  label_register: Regjistrohu
  label_login_with_open_id_option: ose lidhu me OpenID
  label_password_lost: Fjalekalim i humbur
  label_home: Home
  label_my_page: Faqja ime
--- a/config/locales/sr-YU.yml
+++ b/config/locales/sr-YU.yml
  field_parent_title: Matična stranica
  field_editable: Izmenljivo
  field_watcher: Posmatrač
  field_identity_url: OpenID URL
  field_content: Sadržaj
  field_group_by: Grupisanje rezultata po
  field_sharing: Deljenje
  setting_diff_max_lines_displayed: Maks. broj prikazanih različitih linija
  setting_file_max_size_displayed: Maks. veličina tekst. datoteka prikazanih umetnuto
  setting_repository_log_display_limit: Maks. broj revizija prikazanih u datoteci za evidenciju
  setting_openid: Dozvoli OpenID prijavu i registraciju
  setting_password_min_length: Minimalna dužina lozinke
  setting_new_project_user_role_id: Kreatoru projekta (koji nije administrator) dodeljuje je uloga
  setting_default_projects_modules: Podrazumevano omogućeni moduli za nove projekte
  label_information: Informacija
  label_information_plural: Informacije
  label_register: Registracija
  label_login_with_open_id_option: ili prijava sa OpenID
  label_password_lost: Izgubljena lozinka
  label_home: Početak
  label_my_page: Moja stranica
--- a/config/locales/sr.yml
+++ b/config/locales/sr.yml
  field_parent_title: Матична страница
  field_editable: Изменљиво
  field_watcher: Посматрач
  field_identity_url: OpenID URL
  field_content: Садржај
  field_group_by: Груписање резултата по
  field_sharing: Дељење
  setting_diff_max_lines_displayed: Макс. број приказаних различитих линија
  setting_file_max_size_displayed: Макс. величина текст. датотека приказаних уметнуто
  setting_repository_log_display_limit: Макс. број ревизија приказаних у датотеци за евиденцију
  setting_openid: Дозволи OpenID пријаву и регистрацију
  setting_password_min_length: Минимална дужина лозинке
  setting_new_project_user_role_id: Креатору пројекта (који није администратор) додељује је улога
  setting_default_projects_modules: Подразумевано омогућени модули за нове пројекте
  label_information: Информација
  label_information_plural: Информације
  label_register: Регистрација
  label_login_with_open_id_option: или пријава са OpenID
  label_password_lost: Изгубљена лозинка
  label_home: Почетак
  label_my_page: Моја страница
--- a/config/locales/sv.yml
+++ b/config/locales/sv.yml
  field_parent_title: Föräldersida
  field_editable: Redigerbar
  field_watcher: Bevakare
  field_identity_url: OpenID URL
  field_content: Innehåll
  field_group_by: Gruppera resultat efter
  field_sharing: Delning
  setting_diff_max_lines_displayed: Maximalt antal synliga rader i diff
  setting_file_max_size_displayed: Maxstorlek på textfiler som visas inline
  setting_repository_log_display_limit: Maximalt antal revisioner i filloggen
  setting_openid: Tillåt inloggning och registrering med OpenID
  setting_password_min_length: Minsta tillåtna lösenordslängd
  setting_new_project_user_role_id: Tilldelad roll för en icke-administratör som skapar ett projekt
  setting_default_projects_modules: Aktiverade moduler för nya projekt
  label_information: Information
  label_information_plural: Information
  label_register: Registrera
  label_login_with_open_id_option: eller logga in med OpenID
  label_password_lost: Glömt lösenord
  label_home: Hem
  label_my_page: Min sida
--- a/config/locales/th.yml
+++ b/config/locales/th.yml
  setting_repository_log_display_limit: Maximum number of revisions displayed on file log
  setting_file_max_size_displayed: Max size of text files displayed inline
  field_watcher: Watcher
  setting_openid: Allow OpenID login and registration
  field_identity_url: OpenID URL
  label_login_with_open_id_option: or login with OpenID
  field_content: Content
  label_descending: Descending
  label_sort: Sort
--- a/config/locales/tr.yml
+++ b/config/locales/tr.yml
  setting_repository_log_display_limit: Dosya kaydında gösterilecek maksimum değişim sayısı
  setting_file_max_size_displayed: Dahili olarak gösterilecek metin dosyaları için maksimum satır sayısı
  field_watcher: Takipçi
  setting_openid: Kayıt ve giriş için OpenID'ye izin ver
  field_identity_url: OpenID URL
  label_login_with_open_id_option: veya OpenID kullanın
  field_content: İçerik
  label_descending: Azalan
  label_sort: Sırala
--- a/config/locales/uk.yml
+++ b/config/locales/uk.yml
  setting_repository_log_display_limit: Максимальна кількість редакцій, відображених в журналі змін
  setting_file_max_size_displayed: Максимальний розмір текстового файлу для відображення
  field_watcher: Спостерігач
  setting_openid: Дозволити OpenID для входу та реєстрації
  field_identity_url: OpenID URL
  label_login_with_open_id_option: або війти з допомогою OpenID
  field_content: Вміст
  label_descending: За спаданням
  label_sort: Сортувати
--- a/config/locales/vi.yml
+++ b/config/locales/vi.yml
  setting_repository_log_display_limit: Số lượng tối đa các bản điều chỉnh hiển thị trong file log
  setting_file_max_size_displayed: Kích thước tối đa của tệp tin văn bản
  field_watcher: Người quan sát
  setting_openid: Cho phép đăng nhập và đăng ký dùng OpenID
  field_identity_url: OpenID URL
  label_login_with_open_id_option: hoặc đăng nhập với OpenID
  field_content: Nội dung
  label_descending: Giảm dần
  label_sort: Sắp xếp
--- a/config/locales/zh-TW.yml
+++ b/config/locales/zh-TW.yml
  field_parent_title: 父頁面
  field_editable: 可編輯
  field_watcher: 監看員
  field_identity_url: OpenID 網址
  field_content: 內容
  field_group_by: 結果分組方式
  field_sharing: 共用
  setting_diff_max_lines_displayed: 差異顯示行數之最大值
  setting_file_max_size_displayed: 檔案內容顯示大小之最大值
  setting_repository_log_display_limit: 修訂版顯示數目之最大值
  setting_openid: 允許使用 OpenID 登入與註冊
  setting_password_max_age: 必須在多少天後變更密碼
  setting_password_min_length: 密碼最小長度
  setting_lost_password: 允許使用電子郵件重新設定密碼
  label_information: 資訊
  label_information_plural: 資訊
  label_register: 註冊
  label_login_with_open_id_option: 或使用 OpenID 登入
  label_password_lost: 遺失密碼
  label_password_required: 確認您的密碼後繼續
  label_home: 網站首頁
--- a/config/locales/zh.yml
+++ b/config/locales/zh.yml
  field_parent_title: 上级页面
  field_editable: 可编辑
  field_watcher: 关注者
  field_identity_url: OpenID URL
  field_content: 内容
  field_group_by: 根据此条件分组
  field_sharing: 共享
  setting_diff_max_lines_displayed: 查看差别页面上显示的最大行数
  setting_file_max_size_displayed: 允许直接显示的最大文本文件
  setting_repository_log_display_limit: 在文件变更记录页面上显示的最大修订版本数量
  setting_openid: 允许使用OpenID登录和注册
  setting_password_min_length: 最短密码长度
  setting_new_project_user_role_id: 非管理员用户新建项目时将被赋予的（在该项目中的）角色
  setting_default_projects_modules: 新建项目默认启用的模块
  label_information: 信息
  label_information_plural: 信息
  label_register: 注册
  label_login_with_open_id_option: 或使用OpenID登录
  label_password_lost: 忘记密码
  label_home: 主页
  label_my_page: 我的工作台
--- a/config/settings.yml
+++ b/config/settings.yml
    To change your notification preferences, please click here: http://hostname/my/account
 gravatar_enabled:
  default: 0
 openid:
  default: 0
  security_notifications: 1
 gravatar_default:
  default: 'identicon'
 start_of_week:
--- a/db/migrate/20211213122100_remove_identity_url_from_users.rb
+++ b/db/migrate/20211213122100_remove_identity_url_from_users.rb
 class RemoveIdentityUrlFromUsers < ActiveRecord::Migration[6.1]
  def change
    remove_column :users, :identity_url, :string
  end
 end
--- a/db/migrate/20211213122101_drop_open_id_authentication_tables.rb
+++ b/db/migrate/20211213122101_drop_open_id_authentication_tables.rb
 class DropOpenIdAuthenticationTables < ActiveRecord::Migration[6.1]
  def change
    drop_table :open_id_authentication_associations do |t|
      t.integer "issued"
      t.integer "lifetime"
      t.string "handle"
      t.string "assoc_type"
      t.binary "server_url"
      t.binary "secret"
    end
    drop_table :open_id_authentication_nonces do |t|
      t.integer "timestamp", null: false
      t.string "server_url"
      t.string "salt", null: false
    end
  end
 end
--- a/db/migrate/20211213122102_remove_open_id_setting.rb
+++ b/db/migrate/20211213122102_remove_open_id_setting.rb
 class RemoveOpenIdSetting < ActiveRecord::Migration[6.1]
  def change
    Setting.where(:name => 'openid').delete_all
  end
 end
--- a/lib/plugins/open_id_authentication/CHANGELOG
+++ b/lib/plugins/open_id_authentication/CHANGELOG
 * Dump heavy lifting off to rack-openid gem. OpenIdAuthentication is just a simple controller concern.
 * Fake HTTP method from OpenID server since they only support a GET. Eliminates the need to set an extra route to match the server's reply. [Josh Peek]
 * OpenID 2.0 recommends that forms should use the field name "openid_identifier" rather than "openid_url" [Josh Peek]
 * Return open_id_response.display_identifier to the application instead of .endpoints.claimed_id. [nbibler]
 * Add Timeout protection [Rick]
 * An invalid identity url passed through authenticate_with_open_id will no longer raise an InvalidOpenId exception. Instead it will return Result[:missing] to the completion block.
 * Allow a return_to option to be used instead of the requested url [Josh Peek]
 * Updated plugin to use Ruby OpenID 2.x.x [Josh Peek]
 * Tied plugin to ruby-openid 1.1.4 gem until we can make it compatible with 2.x [DHH]
 * Use URI instead of regexps to normalize the URL and gain free, better matching #8136 [dkubb]
 * Allow -'s in #normalize_url [Rick]
 * remove instance of mattr_accessor, it was breaking tests since they don't load ActiveSupport.  Fix Timeout test [Rick]
 * Throw a InvalidOpenId exception instead of just a RuntimeError when the URL can't be normalized [DHH]
 * Just use the path for the return URL, so extra query parameters don't interfere [DHH]
 * Added a new default database-backed store after experiencing trouble with the filestore on NFS. The file store is still available as an option [DHH]
 * Added normalize_url and applied it to all operations going through the plugin [DHH]
 * Removed open_id? as the idea of using the same input box for both OpenID and username has died -- use using_open_id? instead (which checks for the presence of params[:openid_url] by default) [DHH]
 * Added OpenIdAuthentication::Result to make it easier to deal with default situations where you don't care to do something particular for each error state [DHH]
 * Stop relying on root_url being defined, we can just grab the current url instead [DHH]
--- a/lib/plugins/open_id_authentication/README
+++ b/lib/plugins/open_id_authentication/README
 OpenIdAuthentication
 ====================
 Provides a thin wrapper around the excellent ruby-openid gem from JanRan. Be sure to install that first:
  gem install ruby-openid
 To understand what OpenID is about and how it works, it helps to read the documentation for lib/openid/consumer.rb
 from that gem.
 The specification used is http://openid.net/specs/openid-authentication-2_0.html.
 Prerequisites
 =============
 OpenID authentication uses the session, so be sure that you haven't turned that off.
 Alternatively, you can use the file-based store, which just relies on on tmp/openids being present in RAILS_ROOT. But be aware that this store only works if you have a single application server. And it's not safe to use across NFS. It's recommended that you use the database store if at all possible. To use the file-based store, you'll also have to add this line to your config/environment.rb:
  OpenIdAuthentication.store = :file
 This particular plugin also relies on the fact that the authentication action allows for both POST and GET operations.
 If you're using RESTful authentication, you'll need to explicitly allow for this in your routes.rb.
 The plugin also expects to find a root_url method that points to the home page of your site. You can accomplish this by using a root route in config/routes.rb:
  map.root :controller => 'articles'
 This plugin relies on Rails Edge revision 6317 or newer.
 Example
 =======
 This example is just to meant to demonstrate how you could use OpenID authentication. You might well want to add
 salted hash logins instead of plain text passwords and other requirements on top of this. Treat it as a starting point,
 not a destination.
 Note that the User model referenced in the simple example below has an 'identity_url' attribute. You will want to add the same or similar field to whatever
 model you are using for authentication.
 Also of note is the following code block used in the example below:
  authenticate_with_open_id do |result, identity_url|
    ...
  end
 In the above code block, 'identity_url' will need to match user.identity_url exactly. 'identity_url' will be a string in the form of 'http://example.com' -
 If you are storing just 'example.com' with your user, the lookup will fail.
 There is a handy method in this plugin called 'normalize_url' that will help with validating OpenID URLs.
  OpenIdAuthentication.normalize_url(user.identity_url)
 The above will return a standardized version of the OpenID URL - the above called with 'example.com' will return 'http://example.com/'
 It will also raise an InvalidOpenId exception if the URL is determined to not be valid.
 Use the above code in your User model and validate OpenID URLs before saving them.
 config/routes.rb
  map.root :controller => 'articles'
  map.resource :session
 app/views/sessions/new.erb
  <% form_tag(session_url) do %>
    <p>
      <label for="name">Username:</label>
      <%= text_field_tag "name" %>
    </p>
    <p>
      <label for="password">Password:</label>
      <%= password_field_tag %>
    </p>
    <p>
      ...or use:
    </p>
    <p>
      <label for="openid_identifier">OpenID:</label>
      <%= text_field_tag "openid_identifier" %>
    </p>
    <p>
      <%= submit_tag 'Sign in', :disable_with => "Signing in&hellip;" %>
    </p>
  <% end %>
 app/controllers/sessions_controller.rb
  class SessionsController < ApplicationController
    def create
      if using_open_id?
        open_id_authentication
      else
        password_authentication(params[:name], params[:password])
      end
    end
    protected
      def password_authentication(name, password)
        if @current_user = @account.users.authenticate(params[:name], params[:password])
          successful_login
        else
          failed_login "Sorry, that username/password doesn't work"
        end
      end
      def open_id_authentication
        authenticate_with_open_id do |result, identity_url|
          if result.successful?
            if @current_user = @account.users.find_by_identity_url(identity_url)
              successful_login
            else
              failed_login "Sorry, no user by that identity URL exists (#{identity_url})"
            end
          else
            failed_login result.message
          end
        end
      end
    private
      def successful_login
        session[:user_id] = @current_user.id
        redirect_to(root_url)
      end
      def failed_login(message)
        flash[:error] = message
        redirect_to(new_session_url)
      end
  end
 If you're fine with the result messages above and don't need individual logic on a per-failure basis,
 you can collapse the case into a mere boolean:
    def open_id_authentication
      authenticate_with_open_id do |result, identity_url|
        if result.successful? && @current_user = @account.users.find_by_identity_url(identity_url)
          successful_login
        else
          failed_login(result.message || "Sorry, no user by that identity URL exists (#{identity_url})")
        end
      end
    end
 Simple Registration OpenID Extension
 ====================================
 Some OpenID Providers support this lightweight profile exchange protocol.  See more: http://www.openidenabled.com/openid/simple-registration-extension
 You can support it in your app by changing #open_id_authentication
      def open_id_authentication(identity_url)
        # Pass optional :required and :optional keys to specify what sreg fields you want.
        # Be sure to yield registration, a third argument in the #authenticate_with_open_id block.
        authenticate_with_open_id(identity_url,
            :required => [ :nickname, :email ],
            :optional => :fullname) do |result, identity_url, registration|
          case result.status
          when :missing
            failed_login "Sorry, the OpenID server couldn't be found"
          when :invalid
            failed_login "Sorry, but this does not appear to be a valid OpenID"
          when :canceled
            failed_login "OpenID verification was canceled"
          when :failed
            failed_login "Sorry, the OpenID verification failed"
          when :successful
            if @current_user = @account.users.find_by_identity_url(identity_url)
              assign_registration_attributes!(registration)
              if current_user.save
                successful_login
              else
                failed_login "Your OpenID profile registration failed: " +
                  @current_user.errors.full_messages.to_sentence
              end
            else
              failed_login "Sorry, no user by that identity URL exists"
            end
          end
        end
      end
      # registration is a hash containing the valid sreg keys given above
      # use this to map them to fields of your user model
      def assign_registration_attributes!(registration)
        model_to_registration_mapping.each do |model_attribute, registration_attribute|
          unless registration[registration_attribute].blank?
            @current_user.send("#{model_attribute}=", registration[registration_attribute])
          end
        end
      end
      def model_to_registration_mapping
        { :login => 'nickname', :email => 'email', :display_name => 'fullname' }
      end
 Attribute Exchange OpenID Extension
 ===================================
 Some OpenID providers also support the OpenID AX (attribute exchange) protocol for exchanging identity information between endpoints.  See more: http://openid.net/specs/openid-attribute-exchange-1_0.html
 Accessing AX data is very similar to the Simple Registration process, described above -- just add the URI identifier for the AX field to your :optional or :required parameters.  For example:
        authenticate_with_open_id(identity_url,
            :required => [ :email, 'http://schema.openid.net/birthDate' ]) do |result, identity_url, registration|
 This would provide the sreg data for :email, and the AX data for 'http://schema.openid.net/birthDate'
 Copyright (c) 2007 David Heinemeier Hansson, released under the MIT license
--- a/lib/plugins/open_id_authentication/Rakefile
+++ b/lib/plugins/open_id_authentication/Rakefile
 require 'rake'
 require 'rake/testtask'
 require 'rake/rdoctask'
 desc 'Default: run unit tests.'
 task :default => :test
 desc 'Test the open_id_authentication plugin.'
 Rake::TestTask.new(:test) do |t|
  t.libs << 'lib'
  t.pattern = 'test/**/*_test.rb'
  t.verbose = true
 end
 desc 'Generate documentation for the open_id_authentication plugin.'
 Rake::RDocTask.new(:rdoc) do |rdoc|
  rdoc.rdoc_dir = 'rdoc'
  rdoc.title    = 'OpenIdAuthentication'
  rdoc.options << '--line-numbers' << '--inline-source'
  rdoc.rdoc_files.include('README')
  rdoc.rdoc_files.include('lib/**/*.rb')
 end
--- a/lib/plugins/open_id_authentication/generators/open_id_authentication_tables/open_id_authentication_tables_generator.rb
+++ b/lib/plugins/open_id_authentication/generators/open_id_authentication_tables/open_id_authentication_tables_generator.rb
 class OpenIdAuthenticationTablesGenerator < Rails::Generator::NamedBase
  def initialize(runtime_args, runtime_options = {})
    super
  end
  def manifest
    record do |m|
      m.migration_template 'migration.rb', 'db/migrate'
    end
  end
 end
--- a/lib/plugins/open_id_authentication/generators/open_id_authentication_tables/templates/migration.rb
+++ b/lib/plugins/open_id_authentication/generators/open_id_authentication_tables/templates/migration.rb
 class <%= class_name %> < ActiveRecord::Migration
  def self.up
    create_table :open_id_authentication_associations, :force => true do |t|
      t.integer :issued, :lifetime
      t.string :handle, :assoc_type
      t.binary :server_url, :secret
    end
    create_table :open_id_authentication_nonces, :force => true do |t|
      t.integer :timestamp, :null => false
      t.string :server_url, :null => true
      t.string :salt, :null => false
    end
  end
  def self.down
    drop_table :open_id_authentication_associations
    drop_table :open_id_authentication_nonces
  end
 end
--- a/lib/plugins/open_id_authentication/generators/upgrade_open_id_authentication_tables/templates/migration.rb
+++ b/lib/plugins/open_id_authentication/generators/upgrade_open_id_authentication_tables/templates/migration.rb
 class <%= class_name %> < ActiveRecord::Migration
  def self.up
    drop_table :open_id_authentication_settings
    drop_table :open_id_authentication_nonces
    create_table :open_id_authentication_nonces, :force => true do |t|
      t.integer :timestamp, :null => false
      t.string :server_url, :null => true
      t.string :salt, :null => false
    end
  end
  def self.down
    drop_table :open_id_authentication_nonces
    create_table :open_id_authentication_nonces, :force => true do |t|
      t.integer :created
      t.string :nonce
    end
    create_table :open_id_authentication_settings, :force => true do |t|
      t.string :setting
      t.binary :value
    end
  end
 end
--- a/lib/plugins/open_id_authentication/generators/upgrade_open_id_authentication_tables/upgrade_open_id_authentication_tables_generator.rb
+++ b/lib/plugins/open_id_authentication/generators/upgrade_open_id_authentication_tables/upgrade_open_id_authentication_tables_generator.rb
 class UpgradeOpenIdAuthenticationTablesGenerator < Rails::Generator::NamedBase
  def initialize(runtime_args, runtime_options = {})
    super
  end
  def manifest
    record do |m|
      m.migration_template 'migration.rb', 'db/migrate'
    end
  end
 end
--- a/lib/plugins/open_id_authentication/init.rb
+++ b/lib/plugins/open_id_authentication/init.rb
 # frozen_string_literal: false
 require File.dirname(__FILE__) + '/lib/open_id_authentication'
 config.middleware.use OpenIdAuthentication
 config.after_initialize do
  OpenID::Util.logger = Rails.logger
  ActionController::Base.send :include, OpenIdAuthentication
 end
--- a/lib/plugins/open_id_authentication/lib/open_id_authentication.rb
+++ b/lib/plugins/open_id_authentication/lib/open_id_authentication.rb
 require 'uri'
 require 'openid'
 require 'rack/openid'
 module OpenIdAuthentication
  def self.new(app)
    store = OpenIdAuthentication.store
    if store.nil?
      Rails.logger.warn "OpenIdAuthentication.store is nil. Using in-memory store."
    end
    ::Rack::OpenID.new(app, OpenIdAuthentication.store)
  end
  def self.store
    @@store
  end
  def self.store=(*store_option)
    store, *parameters = *([ store_option ].flatten)
    @@store = case store
    when :memory
      require 'openid/store/memory'
      OpenID::Store::Memory.new
    when :file
      require 'openid/store/filesystem'
      OpenID::Store::Filesystem.new(Rails.root.join('tmp/openids'))
    when :memcache
      require 'memcache'
      require 'openid/store/memcache'
      OpenID::Store::Memcache.new(MemCache.new(parameters))
    else
      store
    end
  end
  self.store = nil
  class InvalidOpenId < StandardError
  end
  class Result
    ERROR_MESSAGES = {
      :missing      => "Sorry, the OpenID server couldn't be found",
      :invalid      => "Sorry, but this does not appear to be a valid OpenID",
      :canceled     => "OpenID verification was canceled",
      :failed       => "OpenID verification failed",
      :setup_needed => "OpenID verification needs setup"
    }
    def self.[](code)
      new(code)
    end
    def initialize(code)
      @code = code
    end
    def status
      @code
    end
    ERROR_MESSAGES.each_key { |state| define_method("#{state}?") { @code == state } }
    def successful?
      @code == :successful
    end
    def unsuccessful?
      ERROR_MESSAGES.keys.include?(@code)
    end
    def message
      ERROR_MESSAGES[@code]
    end
  end
  # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
  def self.normalize_identifier(identifier)
    # clean up whitespace
    identifier = identifier.to_s.strip
    # if an XRI has a prefix, strip it.
    identifier.gsub!(/xri:\/\//i, '')
    # dodge XRIs -- TODO: validate, don't just skip.
    unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
      # does it begin with http?  if not, add it.
      identifier = +"http://#{identifier}" unless /^http/i.match?(identifier)
      # strip any fragments
      identifier.gsub!(/\#(.*)$/, '')
      begin
        uri = URI.parse(identifier)
        uri.scheme = uri.scheme.downcase if uri.scheme # URI should do this
        identifier = uri.normalize.to_s
      rescue URI::InvalidURIError
        raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
      end
    end
    return identifier
  end
  protected
    # The parameter name of "openid_identifier" is used rather than
    # the Rails convention "open_id_identifier" because that's what
    # the specification dictates in order to get browser auto-complete
    # working across sites
    def using_open_id?(identifier = nil)
      identifier ||= open_id_identifier
      !identifier.blank? || request.env[Rack::OpenID::RESPONSE]
    end
    def authenticate_with_open_id(identifier = nil, options = {}, &block)
      identifier ||= open_id_identifier
      if request.env[Rack::OpenID::RESPONSE]
        complete_open_id_authentication(&block)
      else
        begin_open_id_authentication(identifier, options, &block)
      end
    end
  private
    def open_id_identifier
      params[:openid_identifier] || params[:openid_url]
    end
    def begin_open_id_authentication(identifier, options = {})
      options[:identifier] = identifier
      value = Rack::OpenID.build_header(options)
      response.headers[Rack::OpenID::AUTHENTICATE_HEADER] = value
      head :unauthorized
    end
    def complete_open_id_authentication
      response   = request.env[Rack::OpenID::RESPONSE]
      identifier = response.display_identifier
      case response.status
      when OpenID::Consumer::SUCCESS
        yield Result[:successful], identifier,
          OpenID::SReg::Response.from_success_response(response)
      when :missing
        yield Result[:missing], identifier, nil
      when :invalid
        yield Result[:invalid], identifier, nil
      when OpenID::Consumer::CANCEL
        yield Result[:canceled], identifier, nil
      when OpenID::Consumer::FAILURE
        yield Result[:failed], identifier, nil
      when OpenID::Consumer::SETUP_NEEDED
        yield Result[:setup_needed], response.setup_url, nil
      end
    end
 end
--- a/lib/plugins/open_id_authentication/lib/open_id_authentication/association.rb
+++ b/lib/plugins/open_id_authentication/lib/open_id_authentication/association.rb
 # frozen_string_literal: true
 module OpenIdAuthentication
  class Association < ActiveRecord::Base
    self.table_name = :open_id_authentication_associations
    def from_record
      OpenID::Association.new(handle, secret, issued, lifetime, assoc_type)
    end
  end
 end
--- a/lib/plugins/open_id_authentication/lib/open_id_authentication/db_store.rb
+++ b/lib/plugins/open_id_authentication/lib/open_id_authentication/db_store.rb
 # frozen_string_literal: false
 require 'openid/store/interface'
 module OpenIdAuthentication
  class DbStore < OpenID::Store::Interface
    def self.cleanup_nonces
      now = Time.now.to_i
      Nonce.delete_all(["timestamp > ? OR timestamp < ?", now + OpenID::Nonce.skew, now - OpenID::Nonce.skew])
    end
    def self.cleanup_associations
      now = Time.now.to_i
      Association.delete_all(['issued + lifetime > ?',now])
    end
    def store_association(server_url, assoc)
      remove_association(server_url, assoc.handle)
      Association.create(:server_url => server_url,
                         :handle     => assoc.handle,
                         :secret     => assoc.secret,
                         :issued     => assoc.issued,
                         :lifetime   => assoc.lifetime,
                         :assoc_type => assoc.assoc_type)
    end
    def get_association(server_url, handle = nil)
      assocs = if handle.blank?
          Association.find_all_by_server_url(server_url)
        else
          Association.find_all_by_server_url_and_handle(server_url, handle)
        end
      assocs.reverse_each do |assoc|
        a = assoc.from_record
        if a.expires_in == 0
          assoc.destroy
        else
          return a
        end
      end if assocs.any?
      return nil
    end
    def remove_association(server_url, handle)
      Association.delete_all(['server_url = ? AND handle = ?', server_url, handle]) > 0
    end
    def use_nonce(server_url, timestamp, salt)
      return false if Nonce.find_by_server_url_and_timestamp_and_salt(server_url, timestamp, salt)
      return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
      Nonce.create(:server_url => server_url, :timestamp => timestamp, :salt => salt)
      return true
    end
  end
 end
--- a/lib/plugins/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb
+++ b/lib/plugins/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb
 # frozen_string_literal: false
 require 'digest/sha1'
 require 'openid/store/interface'
 module OpenIdAuthentication
  class MemCacheStore < OpenID::Store::Interface
    def initialize(*addresses)
      @connection = ActiveSupport::Cache::MemCacheStore.new(addresses)
    end
    def store_association(server_url, assoc)
      server_key = association_server_key(server_url)
      assoc_key = association_key(server_url, assoc.handle)
      assocs = @connection.read(server_key) || {}
      assocs[assoc.issued] = assoc_key
      @connection.write(server_key, assocs)
      @connection.write(assoc_key, assoc, :expires_in => assoc.lifetime)
    end
    def get_association(server_url, handle = nil)
      if handle
        @connection.read(association_key(server_url, handle))
      else
        server_key = association_server_key(server_url)
        assocs = @connection.read(server_key)
        return if assocs.nil?
        last_key = assocs[assocs.keys.sort.last]
        @connection.read(last_key)
      end
    end
    def remove_association(server_url, handle)
      server_key = association_server_key(server_url)
      assoc_key = association_key(server_url, handle)
      assocs = @connection.read(server_key)
      return false unless assocs && assocs.has_value?(assoc_key)
      assocs = assocs.delete_if { |key, value| value == assoc_key }
      @connection.write(server_key, assocs)
      @connection.delete(assoc_key)
      return true
    end
    def use_nonce(server_url, timestamp, salt)
      return false if @connection.read(nonce_key(server_url, salt))
      return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
      @connection.write(nonce_key(server_url, salt), timestamp, :expires_in => OpenID::Nonce.skew)
      return true
    end
    private
      def association_key(server_url, handle = nil)
        "openid_association_#{digest(server_url)}_#{digest(handle)}"
      end
      def association_server_key(server_url)
        "openid_association_server_#{digest(server_url)}"
      end
      def nonce_key(server_url, salt)
        "openid_nonce_#{digest(server_url)}_#{digest(salt)}"
      end
      def digest(text)
        Digest::SHA1.hexdigest(text)
      end
  end
 end
--- a/lib/plugins/open_id_authentication/lib/open_id_authentication/nonce.rb
+++ b/lib/plugins/open_id_authentication/lib/open_id_authentication/nonce.rb
 # frozen_string_literal: true
 module OpenIdAuthentication
  class Nonce < ActiveRecord::Base
    self.table_name = :open_id_authentication_nonces
  end
 end
--- a/lib/plugins/open_id_authentication/lib/open_id_authentication/request.rb
+++ b/lib/plugins/open_id_authentication/lib/open_id_authentication/request.rb
 # frozen_string_literal: false
 module OpenIdAuthentication
  module Request
    def self.included(base)
      base.alias_method_chain :request_method, :openid
    end
    def request_method_with_openid
      if !parameters[:_method].blank? && parameters[:open_id_complete] == '1'
        parameters[:_method].to_sym
      else
        request_method_without_openid
      end
    end
  end
 end
 # In Rails 2.3, the request object has been renamed
 # from AbstractRequest to Request
 if defined? ActionController::Request
  ActionController::Request.send :include, OpenIdAuthentication::Request
 else
  ActionController::AbstractRequest.send :include, OpenIdAuthentication::Request
 end
--- a/lib/plugins/open_id_authentication/lib/open_id_authentication/timeout_fixes.rb
+++ b/lib/plugins/open_id_authentication/lib/open_id_authentication/timeout_fixes.rb
 # frozen_string_literal: true
 # http://trac.openidenabled.com/trac/ticket/156
 module OpenID
  @@timeout_threshold = 20
  def self.timeout_threshold
    @@timeout_threshold
  end
  def self.timeout_threshold=(value)
    @@timeout_threshold = value
  end
  class StandardFetcher
    def make_http(uri)
      http = @proxy.new(uri.host, uri.port)
      http.read_timeout = http.open_timeout = OpenID.timeout_threshold
      http
    end
  end
 end
--- a/lib/plugins/open_id_authentication/lib/tasks/open_id_authentication_tasks.rake
+++ b/lib/plugins/open_id_authentication/lib/tasks/open_id_authentication_tasks.rake
 namespace :open_id_authentication do
  namespace :db do
    desc "Creates authentication tables for use with OpenIdAuthentication"
    task :create => :environment do
      generate_migration(["open_id_authentication_tables", "add_open_id_authentication_tables"])
    end
    desc "Upgrade authentication tables from ruby-openid 1.x.x to 2.x.x"
    task :upgrade => :environment do
      generate_migration(["upgrade_open_id_authentication_tables", "upgrade_open_id_authentication_tables"])
    end
    def generate_migration(args)
      require 'rails_generator'
      require 'rails_generator/scripts/generate'
      if ActiveRecord::Base.connection.supports_migrations?
        Rails::Generator::Scripts::Generate.new.run(args)
      else
        raise "Task unavailable to this database (no migration support)"
      end
    end
    desc "Clear the authentication tables"
    task :clear => :environment do
      OpenIdAuthentication::DbStore.cleanup_nonces
      OpenIdAuthentication::DbStore.cleanup_associations
    end
  end
 end
--- a/lib/plugins/open_id_authentication/test/mem_cache_store_test.rb
+++ b/lib/plugins/open_id_authentication/test/mem_cache_store_test.rb
 require File.dirname(__FILE__) + '/test_helper'
 require File.dirname(__FILE__) + '/../lib/open_id_authentication/mem_cache_store'
 # Mock MemCacheStore with MemoryStore for testing
 class OpenIdAuthentication::MemCacheStore < OpenID::Store::Interface
  def initialize(*addresses)
    @connection = ActiveSupport::Cache::MemoryStore.new
  end
 end
 class MemCacheStoreTest < Test::Unit::TestCase
  ALLOWED_HANDLE = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'
  def setup
    @store = OpenIdAuthentication::MemCacheStore.new
  end
  def test_store
    server_url = "http://www.myopenid.com/openid"
    assoc = gen_assoc(0)
    # Make sure that a missing association returns no result
    assert_retrieve(server_url)
    # Check that after storage, getting returns the same result
    @store.store_association(server_url, assoc)
    assert_retrieve(server_url, nil, assoc)
    # more than once
    assert_retrieve(server_url, nil, assoc)
    # Storing more than once has no ill effect
    @store.store_association(server_url, assoc)
    assert_retrieve(server_url, nil, assoc)
    # Removing an association that does not exist returns not present
    assert_remove(server_url, assoc.handle + 'x', false)
    # Removing an association that does not exist returns not present
    assert_remove(server_url + 'x', assoc.handle, false)
    # Removing an association that is present returns present
    assert_remove(server_url, assoc.handle, true)
    # but not present on subsequent calls
    assert_remove(server_url, assoc.handle, false)
    # Put assoc back in the store
    @store.store_association(server_url, assoc)
    # More recent and expires after assoc
    assoc2 = gen_assoc(1)
    @store.store_association(server_url, assoc2)
    # After storing an association with a different handle, but the
    # same server_url, the handle with the later expiration is returned.
    assert_retrieve(server_url, nil, assoc2)
    # We can still retrieve the older association
    assert_retrieve(server_url, assoc.handle, assoc)
    # Plus we can retrieve the association with the later expiration
    # explicitly
    assert_retrieve(server_url, assoc2.handle, assoc2)
    # More recent, and expires earlier than assoc2 or assoc. Make sure
    # that we're picking the one with the latest issued date and not
    # taking into account the expiration.
    assoc3 = gen_assoc(2, 100)
    @store.store_association(server_url, assoc3)
    assert_retrieve(server_url, nil, assoc3)
    assert_retrieve(server_url, assoc.handle, assoc)
    assert_retrieve(server_url, assoc2.handle, assoc2)
    assert_retrieve(server_url, assoc3.handle, assoc3)
    assert_remove(server_url, assoc2.handle, true)
    assert_retrieve(server_url, nil, assoc3)
    assert_retrieve(server_url, assoc.handle, assoc)
    assert_retrieve(server_url, assoc2.handle, nil)
    assert_retrieve(server_url, assoc3.handle, assoc3)
    assert_remove(server_url, assoc2.handle, false)
    assert_remove(server_url, assoc3.handle, true)
    assert_retrieve(server_url, nil, assoc)
    assert_retrieve(server_url, assoc.handle, assoc)
    assert_retrieve(server_url, assoc2.handle, nil)
    assert_retrieve(server_url, assoc3.handle, nil)
    assert_remove(server_url, assoc2.handle, false)
    assert_remove(server_url, assoc.handle, true)
    assert_remove(server_url, assoc3.handle, false)
    assert_retrieve(server_url, nil, nil)
    assert_retrieve(server_url, assoc.handle, nil)
    assert_retrieve(server_url, assoc2.handle, nil)
    assert_retrieve(server_url, assoc3.handle, nil)
    assert_remove(server_url, assoc2.handle, false)
    assert_remove(server_url, assoc.handle, false)
    assert_remove(server_url, assoc3.handle, false)
  end
  def test_nonce
    server_url = "http://www.myopenid.com/openid"
    [server_url, ''].each do |url|
      nonce1 = OpenID::Nonce::mk_nonce
      assert_nonce(nonce1, true, url, "#{url}: nonce allowed by default")
      assert_nonce(nonce1, false, url, "#{url}: nonce not allowed twice")
      assert_nonce(nonce1, false, url, "#{url}: nonce not allowed third time")
      # old nonces shouldn't pass
      old_nonce = OpenID::Nonce::mk_nonce(3600)
      assert_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed")
    end
  end
  private
    def gen_assoc(issued, lifetime = 600)
      secret = OpenID::CryptUtil.random_string(20, nil)
      handle = OpenID::CryptUtil.random_string(128, ALLOWED_HANDLE)
      OpenID::Association.new(handle, secret, Time.now + issued, lifetime, 'HMAC-SHA1')
    end
    def assert_retrieve(url, handle = nil, expected = nil)
      assoc = @store.get_association(url, handle)
      if expected.nil?
        assert_nil(assoc)
      else
        assert_equal(expected, assoc)
        assert_equal(expected.handle, assoc.handle)
        assert_equal(expected.secret, assoc.secret)
      end
    end
    def assert_remove(url, handle, expected)
      present = @store.remove_association(url, handle)
      assert_equal(expected, present)
    end
    def assert_nonce(nonce, expected, server_url, msg = "")
      stamp, salt = OpenID::Nonce::split_nonce(nonce)
      actual = @store.use_nonce(server_url, stamp, salt)
      assert_equal(expected, actual, msg)
    end
 end
--- a/lib/plugins/open_id_authentication/test/normalize_test.rb
+++ b/lib/plugins/open_id_authentication/test/normalize_test.rb
 require File.dirname(__FILE__) + '/test_helper'
 class NormalizeTest < Test::Unit::TestCase
  include OpenIdAuthentication
  NORMALIZATIONS = {
    "openid.aol.com/nextangler"             => "http://openid.aol.com/nextangler",
    "http://openid.aol.com/nextangler"      => "http://openid.aol.com/nextangler",
    "https://openid.aol.com/nextangler"     => "https://openid.aol.com/nextangler",
    "HTTP://OPENID.AOL.COM/NEXTANGLER"      => "http://openid.aol.com/NEXTANGLER",
    "HTTPS://OPENID.AOL.COM/NEXTANGLER"     => "https://openid.aol.com/NEXTANGLER",
    "loudthinking.com"                      => "http://loudthinking.com/",
    "http://loudthinking.com"               => "http://loudthinking.com/",
    "http://loudthinking.com:80"            => "http://loudthinking.com/",
    "https://loudthinking.com:443"          => "https://loudthinking.com/",
    "http://loudthinking.com:8080"          => "http://loudthinking.com:8080/",
    "techno-weenie.net"                     => "http://techno-weenie.net/",
    "http://techno-weenie.net"              => "http://techno-weenie.net/",
    "http://techno-weenie.net  "            => "http://techno-weenie.net/",
    "=name"                                 => "=name"
  }
  def test_normalizations
    NORMALIZATIONS.each do |from, to|
      assert_equal to, normalize_identifier(from)
    end
  end
  def test_broken_open_id
    assert_raises(InvalidOpenId) { normalize_identifier(nil) }
  end
 end
--- a/lib/plugins/open_id_authentication/test/open_id_authentication_test.rb
+++ b/lib/plugins/open_id_authentication/test/open_id_authentication_test.rb
 require File.dirname(__FILE__) + '/test_helper'
 class OpenIdAuthenticationTest < Test::Unit::TestCase
  def setup
    @controller = Class.new do
      include OpenIdAuthentication
      def params() {} end
    end.new
  end
  def test_authentication_should_fail_when_the_identity_server_is_missing
    open_id_consumer = mock()
    open_id_consumer.expects(:begin).raises(OpenID::OpenIDError)
    @controller.expects(:open_id_consumer).returns(open_id_consumer)
    @controller.expects(:logger).returns(mock(:error => true))
    @controller.send(:authenticate_with_open_id, "http://someone.example.com") do |result, identity_url|
      assert result.missing?
      assert_equal "Sorry, the OpenID server couldn't be found", result.message
    end
  end
  def test_authentication_should_be_invalid_when_the_identity_url_is_invalid
    @controller.send(:authenticate_with_open_id, "!") do |result, identity_url|
      assert result.invalid?, "Result expected to be invalid but was not"
      assert_equal "Sorry, but this does not appear to be a valid OpenID", result.message
    end
  end
  def test_authentication_should_fail_when_the_identity_server_times_out
    open_id_consumer = mock()
    open_id_consumer.expects(:begin).raises(Timeout::Error, "Identity Server took too long.")
    @controller.expects(:open_id_consumer).returns(open_id_consumer)
    @controller.expects(:logger).returns(mock(:error => true))
    @controller.send(:authenticate_with_open_id, "http://someone.example.com") do |result, identity_url|
      assert result.missing?
      assert_equal "Sorry, the OpenID server couldn't be found", result.message
    end
  end
  def test_authentication_should_begin_when_the_identity_server_is_present
    @controller.expects(:begin_open_id_authentication)
    @controller.send(:authenticate_with_open_id, "http://someone.example.com")
  end
 end
--- a/lib/plugins/open_id_authentication/test/status_test.rb
+++ b/lib/plugins/open_id_authentication/test/status_test.rb
 require File.dirname(__FILE__) + '/test_helper'
 class StatusTest < Test::Unit::TestCase
  include OpenIdAuthentication
  def test_state_conditional
    assert Result[:missing].missing?
    assert Result[:missing].unsuccessful?
    assert !Result[:missing].successful?
    assert Result[:successful].successful?
    assert !Result[:successful].unsuccessful?
  end
 end
--- a/lib/plugins/open_id_authentication/test/test_helper.rb
+++ b/lib/plugins/open_id_authentication/test/test_helper.rb
 require 'test/unit'
 require 'rubygems'
 gem 'activesupport'
 require 'active_support'
 gem 'actionpack'
 require 'action_controller'
 gem 'mocha'
 require 'mocha/setup'
 gem 'ruby-openid'
 require 'openid'
 RAILS_ROOT = File.dirname(__FILE__) unless defined? RAILS_ROOT
 require File.dirname(__FILE__) + "/../lib/open_id_authentication"
--- a/public/images/openid-bg.gif
+++ b/public/images/openid-bg.gif
--- a/public/stylesheets/application.css
+++ b/public/stylesheets/application.css
 #login-form input[type=text], #login-form input[type=password], #login-form input[type=submit] {display: block; width: 100%;}
 #login-form input[type=text], #login-form input[type=password] {margin-bottom: 15px;}
 #login-form a.lost_password {float:right; font-weight:normal;}
 #login-form input#openid_url {background:#fff url(../images/openid-bg.gif) no-repeat 4px 50%; padding-left:24px !important;}
 #login-form h3 {text-align: center;}
 div.modal { border-radius:5px; background:#fff; z-index:50; padding:4px;}
 .total-hours span.hours-int { font-size: 120%; }
 .autoscroll {overflow-x: auto; padding:1px; margin-bottom: 1.2em; position: relative;}
 #user_login, #user_firstname, #user_lastname, #user_mail, #my_account_form select, #user_form select, #user_identity_url { width: 90%; }
 #user_login, #user_firstname, #user_lastname, #user_mail, #my_account_form select, #user_form select { width: 90%; }
 #workflow_copy_form select { width: 200px; }
 table.transitions td.enabled {background: #bfb;}
--- a/public/stylesheets/rtl.css
+++ b/public/stylesheets/rtl.css
 #login-form table {margin-left:auto; margin-right:auto;}
 div.modal p.buttons {text-align:left;}
 input#openid_url {padding-left:0px; padding-right:18px;}
 /***** Links *****/
 #sidebar a.selected {padding:1px 2px 2px 3px; margin-left:0px; margin-right:-2px;}
--- a/test/functional/account_controller_openid_test.rb
+++ b/test/functional/account_controller_openid_test.rb
 # frozen_string_literal: true
 # Redmine - project management software
 # Copyright (C) 2006-2021  Jean-Philippe Lang
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 require File.expand_path('../../test_helper', __FILE__)
 class AccountControllerOpenidTest < Redmine::ControllerTest
  tests AccountController
  fixtures :users, :roles
  def setup
    User.current = nil
    Setting.openid = '1'
  end
  def teardown
    Setting.openid = '0'
  end
  if Object.const_defined?(:OpenID)
    def test_login_with_openid_for_existing_user
      existing_user = User.new(:firstname => 'Cool',
                               :lastname => 'User',
                               :mail => 'user@somedomain.com',
                               :identity_url => 'http://openid.example.com/good_user')
      existing_user.login = 'cool_user'
      assert existing_user.save!
      with_settings(
        :openid => '1',
        :self_registration => '3'
      ) do
        post(:login, :params => {:openid_url => existing_user.identity_url})
      end
      assert_redirected_to '/my/page'
    end
    def test_login_with_invalid_openid_provider
      Setting.self_registration = '0'
      post(
        :login,
        :params => {
          :openid_url => 'http;//openid.example.com/good_user'
        }
      )
      assert_redirected_to home_url
    end
    def test_login_with_openid_for_existing_non_active_user
      existing_user = User.new(:firstname => 'Cool',
                               :lastname => 'User',
                               :mail => 'user@somedomain.com',
                               :identity_url => 'http://openid.example.com/good_user',
                               :status => User::STATUS_REGISTERED)
      existing_user.login = 'cool_user'
      assert existing_user.save!
      with_settings(
        :openid => '1',
        :self_registration => '2'
      ) do
        post(:login, :params => {:openid_url => existing_user.identity_url})
      end
      assert_redirected_to '/login'
    end
    def test_login_with_openid_with_new_user_created
      Setting.self_registration = '3'
      post(
        :login,
        :params => {
          :openid_url => 'http://openid.example.com/good_user'
        }
      )
      assert_redirected_to '/my/account'
      user = User.find_by_login('cool_user')
      assert user
      assert_equal 'Cool', user.firstname
      assert_equal 'User', user.lastname
    end
    def test_login_with_openid_with_new_user_and_self_registration_off
      Setting.self_registration = '0'
      post(
        :login,
        :params => {
          :openid_url => 'http://openid.example.com/good_user'
        }
      )
      assert_redirected_to home_url
      user = User.find_by_login('cool_user')
      assert_nil user
    end
    def test_login_with_openid_with_new_user_created_with_email_activation_should_have_a_token
      Setting.self_registration = '1'
      post(
        :login,
        :params => {
          :openid_url => 'http://openid.example.com/good_user'
        }
      )
      assert_redirected_to '/login'
      user = User.find_by_login('cool_user')
      assert user
      token = Token.find_by_user_id_and_action(user.id, 'register')
      assert token
    end
    def test_login_with_openid_with_new_user_created_with_manual_activation
      Setting.self_registration = '2'
      post(
        :login,
        :params => {
          :openid_url => 'http://openid.example.com/good_user'
        }
      )
      assert_redirected_to '/login'
      user = User.find_by_login('cool_user')
      assert user
      assert_equal User::STATUS_REGISTERED, user.status
    end
    def test_login_with_openid_with_new_user_with_conflict_should_register
      Setting.self_registration = '3'
      existing_user = User.new(:firstname => 'Cool', :lastname => 'User', :mail => 'user@somedomain.com')
      existing_user.login = 'cool_user'
      assert existing_user.save!
      post(
        :login,
        :params => {
          :openid_url => 'http://openid.example.com/good_user'
        }
      )
      assert_response :success
      assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_user'
    end
    def test_login_with_openid_with_new_user_with_missing_information_should_register
      Setting.self_registration = '3'
      post(
        :login,
        :params => {
          :openid_url => 'http://openid.example.com/good_blank_user'
        }
      )
      assert_response :success
      assert_select 'input[name=?]', 'user[login]'
      assert_select 'input[name=?]', 'user[password]'
      assert_select 'input[name=?]', 'user[password_confirmation]'
      assert_select 'input[name=?][value=?]', 'user[identity_url]', 'http://openid.example.com/good_blank_user'
    end
    def test_post_login_should_not_verify_token_when_using_open_id
      ActionController::Base.allow_forgery_protection = true
      AccountController.any_instance.stubs(:using_open_id?).returns(true)
      AccountController.any_instance.stubs(:authenticate_with_open_id).returns(true)
      post :login
      assert_response 200
    ensure
      ActionController::Base.allow_forgery_protection = false
    end
    def test_register_after_login_failure_should_not_require_user_to_enter_a_password
      Setting.self_registration = '3'
      assert_difference 'User.count' do
        post(
          :register,
          :params => {
            :user => {
              :login => 'good_blank_user',
              :password => '',
              :password_confirmation => '',
              :firstname => 'Cool',
              :lastname => 'User',
              :mail => 'user@somedomain.com',
              :identity_url => 'http://openid.example.com/good_blank_user'
            }
          }
        )
        assert_response 302
      end
      user = User.order('id DESC').first
      assert_equal 'http://openid.example.com/good_blank_user', user.identity_url
      assert user.hashed_password.blank?, "Hashed password was #{user.hashed_password}"
    end
    def test_setting_openid_should_return_true_when_set_to_true
      assert_equal true, Setting.openid?
    end
  else
    puts "Skipping openid tests."
    def test_dummy
    end
  end
 end
--- a/test/mocks/open_id_authentication_mock.rb
+++ b/test/mocks/open_id_authentication_mock.rb
 # frozen_string_literal: true
 # Mocks out OpenID
 #
 # http://www.northpub.com/articles/2007/04/02/testing-openid-support
 module OpenIdAuthentication
  EXTENSION_FIELDS = {'email'    => 'user@somedomain.com',
                      'nickname' => 'cool_user',
                      'country'  => 'US',
                      'postcode' => '12345',
                      'fullname' => 'Cool User',
                      'dob'      => '1970-04-01',
                      'language' => 'en',
                      'timezone' => 'America/New_York'}
  protected
  def authenticate_with_open_id(identity_url = params[:openid_url], options = {})
      if User.find_by_identity_url(identity_url) || identity_url.include?('good')
        extension_response_fields = {}
        # Don't process registration fields unless it is requested.
        unless identity_url.include?('blank') || (options[:required].nil? && options[:optional].nil?)
          unless options[:required].nil?
            options[:required].each do |field|
              extension_response_fields[field.to_s] = EXTENSION_FIELDS[field.to_s]
            end
          end
          unless options[:optional].nil?
            options[:optional].each do |field|
              extension_response_fields[field.to_s] = EXTENSION_FIELDS[field.to_s]
            end
          end
        end
        yield Result[:successful], identity_url, extension_response_fields
      else
        logger.info "OpenID authentication failed: #{identity_url}"
        yield Result[:failed], identity_url, nil
      end
  end
  private
  def add_simple_registration_fields(open_id_response, fields)
      open_id_response.add_extension_arg('sreg', 'required', [fields[:required]].flatten * ',') if fields[:required]
      open_id_response.add_extension_arg('sreg', 'optional', [fields[:optional]].flatten * ',') if fields[:optional]
  end
 end
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
 ENV["RAILS_ENV"] = "test"
 require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
 require 'rails/test_help'
 require Rails.root.join('test', 'mocks', 'open_id_authentication_mock.rb').to_s
 require File.expand_path(File.dirname(__FILE__) + '/object_helpers')
 include ObjectHelpers
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
    cv2a.reload
    assert_equal @dlopper.id.to_s, cv2a.value
  end
  if Object.const_defined?(:OpenID)
    def test_setting_identity_url
      normalized_open_id_url = 'http://example.com/'
      u = User.new(:identity_url => 'http://example.com/')
      assert_equal normalized_open_id_url, u.identity_url
    end
    def test_setting_identity_url_without_trailing_slash
      normalized_open_id_url = 'http://example.com/'
      u = User.new(:identity_url => 'http://example.com')
      assert_equal normalized_open_id_url, u.identity_url
    end
    def test_setting_identity_url_without_protocol
      normalized_open_id_url = 'http://example.com/'
      u = User.new(:identity_url => 'example.com')
      assert_equal normalized_open_id_url, u.identity_url
    end
    def test_setting_blank_identity_url
      u = User.new(:identity_url => 'example.com')
      u.identity_url = ''
      assert u.identity_url.blank?
    end
    def test_setting_invalid_identity_url
      u = User.new(:identity_url => 'this is not an openid url')
      assert u.identity_url.blank?
    end
  else
    puts "Skipping openid tests."
  end
 end