From 03ebf669775287ebeb348c7b5f9163d821547253 Mon Sep 17 00:00:00 2001
From: Sidharth Bansal <bansal.sidharth2996@gmail.com>
Date: Wed, 13 Jun 2018 22:55:56 +0530
Subject: [PATCH] Google login (#2826)

* Routes modified

* Set the views

* Modified error messages and user_tag

* Add User_Tag as identity and find user_tag

* Reformat range stats page to table (#2792)

* Index page listing for UserTags per issue #2741. (#2753)

* Index page listing for UserTags per issue #2741.

* Changes per pull request checks.

* Removed debugging line.

* Added routes to reflect 'groups' naming convention for user_tags per pull request spec.

* Tests rewritten after rebase.

* Index page listing for UserTags per issue #2741.

* Changes per pull request checks.

* Removed debugging line.

* Added routes to reflect 'groups' naming convention for user_tags per pull request spec.

* Fix for test of sort by value.

* Update routes.rb for wiki update (#2804)

* Update routes.rb

* fixes

* User_sessions_controller modified

* User_tag modified

* user session controller modified

* Checkpoint 1

*  checkpoint1 codeclimate errors fixed

* integration tests for assets (#2806)

* integration tests for assets

* full assets included

* Update assets.rb

* Checkpoint 2

* Added routes to notes/edit (#2808)

* Added routes to notes/edit

* Removed redundant notes#edit and added get instead of post in edit actions

* Update routes.rb (#2810)

* Create OPENID.md

* fixing error in home_controller related to `group by` (#2794)

* Added group by note.nid

* correction

* Openid fix with post route and better alert texts (#2815)

* Added group by note.nid

* correction

* reworded openid requests and added post method for 2nd step

* adjust message

* Update openid_test.rb

* Update openid_test.rb

* Update openid_test.rb

* Update openid_test.rb

* Update Dangerfile (#2816)

* Update routes.rb to fix embeddable features (#2818)

* Update routes.rb

* Removed the apostrophe mismatch

* Added tests for embed in feature

* Delete route for notes (#2820)

* checkpoint 2

* User is created from sign up process successfully

* create a usertag_with_omniauth

* Search a usertag for oauth

* search user_tag existing in db

* create a user with omniauth test

* LOGIN WORKS

* current_user=(user) method removed

* sign up correction

* routing tests for google oauth

* Google auth details saved

* Google should return omniauth hash test

* sign up and login via provider

* sign up and login via provider alternative flow

* flash message test added

* login user with an email and then connect google provider

* .
---
 .gitignore                                    |   1 +
 Dangerfile                                    |   2 -
 app/controllers/admin_controller.rb           |   3 +
 app/controllers/application_controller.rb     |   5 +
 app/controllers/home_controller.rb            |   2 +-
 app/controllers/openid_controller.rb          |   2 +-
 app/controllers/user_sessions_controller.rb   | 179 ++++++++++++------
 app/controllers/user_tags_controller.rb       |  39 +++-
 app/controllers/users_controller.rb           |   2 +-
 app/models/node.rb                            |   8 +-
 app/models/user.rb                            |  18 ++
 app/models/user_tag.rb                        |  11 +-
 app/views/admin/assets.html.erb               |  48 +++++
 app/views/layouts/_footer.html.erb            |   1 +
 app/views/layouts/_header.html.erb            |   7 +-
 app/views/openid/decide.html.erb              |   4 +-
 app/views/stats/range.html.erb                |  47 +++--
 app/views/user_sessions/new.html.erb          |  10 +-
 app/views/user_tags/index.html.erb            |  38 ++++
 app/views/users/edit.html.erb                 |   5 +
 app/views/users/new.html.erb                  |   6 +
 config/environments/test.rb                   |  20 ++
 config/initializers/assets.rb                 |  52 ++++-
 config/initializers/omniauth.rb               |   2 +-
 config/routes.rb                              |  17 +-
 doc/OPENID.md                                 |  48 +++++
 test/fixtures/user_tags.yml                   |  40 ++++
 test/functional/features_controller_test.rb   |   7 +
 test/functional/notes_controller_test.rb      |   8 +-
 .../user_sessions_controller_test.rb          |  54 ++++++
 test/functional/user_tags_controller_test.rb  |  23 +++
 test/integration/login_flow_test.rb           |  17 ++
 test/integration/openid_test.rb               |  90 +++++++++
 test/integration/public_pages_test.rb         |   5 +
 test/integration/wiki_creation_test.rb        |  14 ++
 test/unit/user_tag_test.rb                    | 109 +++++++++++
 test/unit/user_test.rb                        |  21 ++
 37 files changed, 858 insertions(+), 107 deletions(-)
 create mode 100644 app/views/admin/assets.html.erb
 create mode 100644 app/views/user_tags/index.html.erb
 create mode 100644 doc/OPENID.md
 create mode 100644 test/integration/openid_test.rb

diff --git a/.gitignore b/.gitignore
index f9efa92dac1..862f1d099d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,6 +26,7 @@ config/initializers/recaptcha.rb
 config/config.yml
 config/initializers/site_keys.rb
 config/initializers/secret_token.rb
+config/application.yml
 public/system
 public/lib
 db/openid-store/
diff --git a/Dangerfile b/Dangerfile
index 0b19b2c96f6..44deab270e8 100644
--- a/Dangerfile
+++ b/Dangerfile
@@ -51,8 +51,6 @@ begin
         if !source_path.nil? && !line.nil?
           f = f.gsub(source_path + ':' + line, "<a href='https://github.com/#{github.pr_author}/plots2/tree/#{github.branch_for_head}/#{source_path}#L#{line}'>#{source_path}:#{line}</a>")
             .gsub('`', "'") # remove ` as these cause Markdown formatting
-            #.gsub('\’', "`") # also remove ’ -- this causes the script to hang! omitting this line.
-            #.gsub('’', "`") # alternative (untested): replace ’ with ` for proper Markdown `code` formatting
         end
         fail("There was a test error at: #{f}")
       end
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 7be9fd1a433..ec6946a649a 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -1,6 +1,9 @@
 class AdminController < ApplicationController
   before_action :require_user, only: %i(spam spam_revisions mark_comment_spam publish_comment)
 
+  # intended to provide integration tests for assets
+  def assets
+  end
 
   def promote_admin
     @user = User.find params[:id]
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7a8e2a612dd..547d905abf3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -186,4 +186,9 @@ def redirect_old_urls
       redirect_to @node.path, status: :moved_permanently
     end
   end
+
+  def signed_in?
+    !!current_user
+  end
+
 end
diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index b1b7c4542dd..f6678fa9b91 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -121,7 +121,7 @@ def activity
       .where('node_revisions.status = 1')
       .where('timestamp - node.created > ?', 300) # don't report edits within 5 mins of page creation
       .limit(10)
-      .group('node.title')
+      .group(['node.title', 'node.nid'])
     # group by day: http://stackoverflow.com/questions/5970938/group-by-day-from-timestamp
     revisions = revisions.group('DATE(FROM_UNIXTIME(timestamp))') if Rails.env == 'production'
     revisions = revisions.to_a # ensure it can be serialized for caching
diff --git a/app/controllers/openid_controller.rb b/app/controllers/openid_controller.rb
index 74bf14e02e4..c09819cb227 100644
--- a/app/controllers/openid_controller.rb
+++ b/app/controllers/openid_controller.rb
@@ -114,7 +114,7 @@ def resume
     end
   end
 
-  def show_decision_page(oidreq, message = 'Do you trust this site with your identity?')
+  def show_decision_page(oidreq, message = 'The site shown below is asking to use your PublicLab.org account to log you in. Do you trust this site?')
     session[:last_oidreq] = oidreq
     @oidreq = oidreq
 
diff --git a/app/controllers/user_sessions_controller.rb b/app/controllers/user_sessions_controller.rb
index fc1ca35d64a..a47c957a432 100644
--- a/app/controllers/user_sessions_controller.rb
+++ b/app/controllers/user_sessions_controller.rb
@@ -6,75 +6,132 @@ def new
   end
 
   def create
-    params[:user_session][:username] = params[:openid] if params[:openid] # second runthrough must preserve username
-    username = params[:user_session][:username] if params[:user_session]
-    @user = User.find_by(username: username)
+    auth = request.env['omniauth.auth']
+    if auth
+      # Find an identity here
+      @identity = UserTag.find_with_omniauth(auth)
 
-    # try finding by email, if that exists
-    if @user.nil? && !User.where(email: username).empty?
-      @user = User.find_by(email: username)
-      params[:user_session][:username] = @user.username
-    end
-
-    if @user.nil?
-      flash[:warning] = "There is nobody in our system by that name, are you sure you have the right username?"
-      redirect_to '/login'
-    elsif params[:user_session].nil? || @user&.drupal_user&.status == 1
-      # an existing Rails user
-      if params[:user_session].nil? || @user
-        if @user&.crypted_password.nil? # the user has not created a pwd in the new site
-          params[:user_session][:openid_identifier] = 'https://old.publiclab.org/people/' + username + '/identity' if username
-          params[:user_session].delete(:password)
-          params[:user_session].delete(:username)
-          params[:openid] = username # pack up username for second runthrough
+      if signed_in?
+        if @identity.nil?
+          # If no identity was found, create a brand new one here
+          @identity = UserTag.create_with_omniauth(auth, current_user.id)
+          # The identity is not associated with the current_user so lets
+          # associate the identity
+          @identity.user = current_user
+          @identity.save
+          redirect_to root_url, notice: "Successfully linked to your account!"
+        elsif @identity.user == current_user
+          # User is signed in so they are trying to link an identity with their
+          # account. But we found the identity and the user associated with it
+          # is the current user. So the identity is already associated with
+          # this user. So let's display an error message.
+          redirect_to root_url, notice: "Already linked to your account!"
+        else
+          # User is signed in so they are trying to link an identity with their
+          # account. But we found the identity and a different user associated with it
+          # ,which is not the current user. So the identity is already associated with
+          # that user. So let's display an error message.
+          redirect_to root_url, notice: "Already linked to another account!"
         end
-        @user_session = UserSession.new(username: params[:user_session][:username], 
-                                        password: params[:user_session][:password], 
-                                        remember_me: params[:user_session][:remember_me])
-        saved = @user_session.save do |result|
-          if result
-            # replace this with temporarily saving pwd in session,
-            # and automatically saving it in the user record after login is completed
-            if current_user.crypted_password.nil? # the user has not created a pwd in the new site
-              flash[:warning] = I18n.t('user_sessions_controller.create_password_for_new_site')
-              redirect_to '/profile/edit'
-            else
-              flash[:notice] = I18n.t('user_sessions_controller.logged_in')
-              if session[:openid_return_to] # for openid login, redirects back to openid auth process
-                return_to = session[:openid_return_to]
-                session[:openid_return_to] = nil
-                redirect_to return_to
-              elsif session[:return_to]
-                return_to = session[:return_to]
-                session[:return_to] = nil
-                redirect_to return_to
-              elsif params[:return_to]
-                redirect_to params[:return_to]
+      else # not signed in
+        if @identity&.user.present?
+          # The identity we found had a user associated with it so let's
+          # just log them in here
+          UserSession.create( @identity.user)
+          redirect_to root_url, notice: "Signed in!"
+        else #identity does not exist so we need to either create a user with identity OR link identity to existing user
+          if User.where(email: auth["info"]["email"]).empty?
+            #Create a new user as email provided is not present in PL database
+            user =  User.create_with_omniauth(auth)
+            @identity = UserTag.create_with_omniauth(auth, user.id)
+            key = user.generate_reset_key
+            # send key to user email
+            PasswordResetMailer.reset_notify(user, key).deliver_now unless user.nil? # respond the same to both successes and failures; security
+            redirect_to root_url, notice: "You have successfully signed in. Please change your password via a link sent to you via a mail"
+          else #email exists so link the identity with existing user and log in the user
+            user = User.where(email: auth["info"]["email"])
+            # If no identity was found, create a brand new one here
+            @identity = UserTag.create_with_omniauth(auth, user.ids.first)
+            # The identity is not associated with the current_user so lets
+            # associate the identity
+            @identity.save
+            #log in them
+            UserSession.create( @identity.user)
+            redirect_to root_url, notice: "Successfully linked to your account!"
+          end
+        end
+      end
+    else
+      params[:user_session][:username] = params[:openid] if params[:openid] # second runthrough must preserve username
+      username = params[:user_session][:username] if params[:user_session]
+      @user = User.find_by(username: username)
+
+      # try finding by email, if that exists
+      if @user.nil? && !User.where(email: username).empty?
+        @user = User.find_by(email: username)
+        params[:user_session][:username] = @user.username
+      end
+
+      if @user.nil?
+        flash[:warning] = "There is nobody in our system by that name, are you sure you have the right username?"
+        redirect_to '/login'
+      elsif params[:user_session].nil? || @user&.drupal_user&.status == 1
+        # an existing Rails user
+        if params[:user_session].nil? || @user
+          if @user&.crypted_password.nil? # the user has not created a pwd in the new site
+            params[:user_session][:openid_identifier] = 'https://old.publiclab.org/people/' + username + '/identity' if username
+            params[:user_session].delete(:password)
+            params[:user_session].delete(:username)
+            params[:openid] = username # pack up username for second runthrough
+          end
+          @user_session = UserSession.new(username: params[:user_session][:username],
+                                          password: params[:user_session][:password],
+                                          remember_me: params[:user_session][:remember_me])
+          saved = @user_session.save do |result|
+            if result
+              # replace this with temporarily saving pwd in session,
+              # and automatically saving it in the user record after login is completed
+              if current_user.crypted_password.nil? # the user has not created a pwd in the new site
+                flash[:warning] = I18n.t('user_sessions_controller.create_password_for_new_site')
+                redirect_to '/profile/edit'
               else
-                redirect_to '/dashboard'
+                flash[:notice] = I18n.t('user_sessions_controller.logged_in')
+                if session[:openid_return_to] # for openid login, redirects back to openid auth process
+                  return_to = session[:openid_return_to]
+                  session[:openid_return_to] = nil
+                  redirect_to return_to
+                elsif session[:return_to]
+                  return_to = session[:return_to]
+                  session[:return_to] = nil
+                  redirect_to return_to
+                elsif params[:return_to]
+                  redirect_to params[:return_to]
+                else
+                  redirect_to '/dashboard'
+                end
               end
+            else
+              # Login failed; probably bad password.
+              # Errors will display on login form:
+              render action: 'new'
             end
-          else
-            # Login failed; probably bad password. 
-            # Errors will display on login form:
-            render action: 'new'
+          end
+        else # not a native user
+          if !DrupalUser.find_by(name: username).nil?
+            # this is a user from the old site who hasn't registered on the new site
+            redirect_to controller: :users, action: :create, user: { openid_identifier: username }
+          else # totally new user!
+            flash[:warning] = I18n.t('user_sessions_controller.sign_up_to_join')
+            redirect_to '/signup'
           end
         end
-      else # not a native user
-        if !DrupalUser.find_by(name: username).nil?
-          # this is a user from the old site who hasn't registered on the new site
-          redirect_to controller: :users, action: :create, user: { openid_identifier: username }
-        else # totally new user!
-          flash[:warning] = I18n.t('user_sessions_controller.sign_up_to_join')
-          redirect_to '/signup'
-        end
+      elsif params[:user_session].nil? || @user&.drupal_user&.status == 5
+        flash[:error] = I18n.t('user_sessions_controller.user_has_been_moderated', username: @user.username).html_safe
+        redirect_to '/'
+      else
+        flash[:error] = I18n.t('user_sessions_controller.user_has_been_banned', username: @user.username).html_safe
+        redirect_to '/'
       end
-    elsif params[:user_session].nil? || @user&.drupal_user&.status == 5
-      flash[:error] = I18n.t('user_sessions_controller.user_has_been_moderated', username: @user.username).html_safe
-      redirect_to '/'
-    else
-      flash[:error] = I18n.t('user_sessions_controller.user_has_been_banned', username: @user.username).html_safe
-      redirect_to '/'
     end
   end
 
diff --git a/app/controllers/user_tags_controller.rb b/app/controllers/user_tags_controller.rb
index 006ba96221b..40b9282c550 100644
--- a/app/controllers/user_tags_controller.rb
+++ b/app/controllers/user_tags_controller.rb
@@ -1,6 +1,37 @@
 class UserTagsController < ApplicationController
   respond_to :html, :xml, :json, :js
 
+  require 'will_paginate/array'
+
+  def index
+    @toggle = params[:sort] || "uses"
+
+    @title = I18n.t('tag_controller.tags')
+    @paginated = true
+    if params[:search]
+      keyword = params[:search]
+      @user_tags = UserTag
+        .select('value')
+        .where("value LIKE :keyword", keyword: "%#{keyword}%")
+        .group(:value)
+        .order('value ASC')
+        .count('value').to_a
+        .paginate(page: params[:page], per_page: 24)
+    elsif @toggle == "value"
+      @user_tags = UserTag.group(:value)
+        .select('value')
+        .order('value ASC')
+        .count('value').to_a
+        .paginate(page: params[:page], per_page: 24)
+    else # @toggle == "uses"
+      @user_tags = UserTag.group(:value)
+        .select('value')
+        .order('count_value DESC')
+        .count('value').to_a
+        .paginate(page: params[:page], per_page: 24)
+    end
+  end
+
   def create
 
     @output = {
@@ -23,13 +54,13 @@ def create
 
           unless exist
             user_tag = user.user_tags.build(value: name)
-            if  tagname.split(':')[0] == "oauth-facebook"
+            if  tagname.split(':')[1] == "facebook"
               @output[:errors] << "This tag is used for associating a Facebook account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
-            elsif  tagname.split(':')[0] == "oauth-github"
+            elsif  tagname.split(':')[1] == "github"
               @output[:errors] << "This tag is used for associating a Github account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
-            elsif  tagname.split(':')[0] ==  "oauth-google"
+            elsif  tagname.split(':')[1] ==  "google_oauth2"
               @output[:errors] << "This tag is used for associating a Google account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
-            elsif  tagname.split(':')[0] == "oauth-twitter"
+            elsif  tagname.split(':')[1] == "twitter"
              @output[:errors] << "This tag is used for associating a Twitter account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>"
             elsif user_tag.save
               @output[:saved] << [name, user_tag.id]
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index f5299089b7d..4d3001739f7 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -98,7 +98,7 @@ def list
                     .where('rusers.role = ?', params[:id])
                     .where('rusers.status = 1')
                     .page(params[:page])
-    
+
     elsif @tagname_param
       @users = User.where(id: UserTag.where(value: @tagname_param).collect(&:uid))
                     .page(params[:page])
diff --git a/app/models/node.rb b/app/models/node.rb
index 98b2a9af814..3c14fe08ac4 100644
--- a/app/models/node.rb
+++ b/app/models/node.rb
@@ -861,13 +861,13 @@ def can_tag(tagname, user, errors = false)
       errors ? I18n.t('node.only_admins_can_lock') : false
     elsif tagname.split(':')[0] == 'redirect' && Node.where(slug: tagname.split(':')[1]).length <= 0
       errors ? I18n.t('node.page_does_not_exist') : false
-    elsif  tagname.split(':')[0] == "oauth-facebook"
+    elsif  tagname.split(':')[1] == "facebook"
       errors ? "This tag is used for associating a Facebook account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
-    elsif  tagname.split(':')[0] == "oauth-github"
+    elsif  tagname.split(':')[1] == "github"
       errors ? "This tag is used for associating a Github account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
-    elsif  tagname.split(':')[0] ==  "oauth-google"
+    elsif  tagname.split(':')[1] ==  "google_oauth2"
       errors ? "This tag is used for associating a Google account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
-    elsif  tagname.split(':')[0] == "oauth-twitter"
+    elsif  tagname.split(':')[1] == "twitter"
       errors ? "This tag is used for associating a Twitter account. <a href='https://publiclab.org/wiki/oauth'>Click here to read more </a>" : false
     else
       true
diff --git a/app/models/user.rb b/app/models/user.rb
index 01552a668fd..617ee8f5e20 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -414,4 +414,22 @@ def self.contributor_count_for(start_time,end_time)
     contributors
   end
 
+  def self.create_with_omniauth(auth)
+    #email prefix is part of email before @ with periods replaced with underscores
+    #generate a 2 digit alphanumeric number and append it at the end of email-prefix
+    charset = Array('A'..'Z') + Array('a'..'z')  + Array(0..9)
+    email_prefix = auth["info"]["email"].gsub('.','_').split('@')[0]
+    while(!User.where(username: email_prefix).empty?)
+         email_prefix =  auth["info"]["email"].gsub('.','_').split('@')[0] + Array.new(2) { charset.sample }.join
+    end
+    puts(auth)
+    create! do |user|
+      user.username = email_prefix
+      user.email = auth["info"]["email"]
+      user.password = auth["uid"]
+      user.password_confirmation = auth["uid"]
+      user.save!
+    end
+  end
+
 end
diff --git a/app/models/user_tag.rb b/app/models/user_tag.rb
index ef429f010e1..9b95ff872c0 100644
--- a/app/models/user_tag.rb
+++ b/app/models/user_tag.rb
@@ -3,7 +3,7 @@ class UserTag < ApplicationRecord
 
   validates :value, presence: :true
   validates :value, format: { with: /\A[\w\.:-]*\z/, message: 'can only include letters, numbers, and dashes' }
-
+  validates_uniqueness_of :value, :scope => :uid
   before_save :preprocess
 
   def preprocess
@@ -18,4 +18,13 @@ def name
     self.value
   end
 
+  def self.find_with_omniauth(auth)
+    find_by(value: "oauth:" + auth['provider'] + ":" + auth['uid'])
+  end
+
+  def self.create_with_omniauth(auth, uid)
+    create(value: "oauth:" + auth['provider'] + ":" + auth['uid'],
+          uid: uid)
+  end
+
 end
diff --git a/app/views/admin/assets.html.erb b/app/views/admin/assets.html.erb
new file mode 100644
index 00000000000..dde7f755974
--- /dev/null
+++ b/app/views/admin/assets.html.erb
@@ -0,0 +1,48 @@
+<%= javascript_include_tag 'leaflet-blurred-location/dist/Leaflet.BlurredLocation' %>
+
+<%= javascript_include_tag  'application' %>
+<%= javascript_include_tag  'advanced_search' %>
+<%= javascript_include_tag  'comment_expand' %>
+<%= javascript_include_tag  'dashboard' %>
+<%= javascript_include_tag  'dragdrop' %>
+<%= javascript_include_tag  'dynamic_search' %>
+<%= javascript_include_tag  'editor' %>
+<%= javascript_include_tag  'graph' %>
+<%= javascript_include_tag  'grids' %>
+<%= javascript_include_tag  'header_footer' %>
+<%= javascript_include_tag  'ics.deps.min' %>
+<%= javascript_include_tag  'ics.min' %>
+<%= javascript_include_tag  'jsdiff' %>
+<%= javascript_include_tag  'leaflet_helper' %>
+<%= javascript_include_tag  'like' %>
+<%= javascript_include_tag  'locationForm' %>
+<%= javascript_include_tag  'main_image' %>
+<%= javascript_include_tag  'methods' %>
+<%= javascript_include_tag  'notes' %>
+<%= javascript_include_tag  'post' %>
+<%= javascript_include_tag  'question' %>
+<%= javascript_include_tag  'restful_typeahead' %>
+<%= javascript_include_tag  'searchform' %>
+<%= javascript_include_tag  'setup' %>
+<%= javascript_include_tag  'sidebar' %>
+<%= javascript_include_tag  'tagging' %>
+<%= javascript_include_tag  'textbox_expand' %>
+<%= javascript_include_tag  'users' %>
+<%= javascript_include_tag  'wikis' %>
+
+<%= stylesheet_link_tag  'blog' %>
+<%= stylesheet_link_tag  'comments' %>
+<%= stylesheet_link_tag  'dashboard' %>
+<%= stylesheet_link_tag  'editor' %>
+<%= stylesheet_link_tag  'fancy' %>
+<%= stylesheet_link_tag  'feature' %>
+<%= stylesheet_link_tag  'I18n' %>
+<%= stylesheet_link_tag  'location_tags' %>
+<%= stylesheet_link_tag  'map' %>
+<%= stylesheet_link_tag  'print' %>
+<%= stylesheet_link_tag  'question' %>
+<%= stylesheet_link_tag  'search' %>
+<%= stylesheet_link_tag  'style' %>
+<%= stylesheet_link_tag  'tags' %>
+<%= stylesheet_link_tag  'user_tags.' %>
+<%= stylesheet_link_tag  'wiki' %>
diff --git a/app/views/layouts/_footer.html.erb b/app/views/layouts/_footer.html.erb
index 37a21eb9a19..530ca5ad821 100644
--- a/app/views/layouts/_footer.html.erb
+++ b/app/views/layouts/_footer.html.erb
@@ -2,4 +2,5 @@
   <% cache('feature_footer-notice', skip_digest: true) do %>
     <%= feature('footer-notice') %>
   <% end %>
+  <!-- Rails version <%= Rails.version %>-->
 </footer>
diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
index af7133774d5..3cf20422d56 100644
--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@@ -48,13 +48,13 @@
 
           <ul class="dropdown-menu">
             <li><a href="/events">Attend an event</a></li>
-	    <li><a href="/chat">Chat online</a></li>
-	    <li><a href="/questions">Ask a question</a></li>
+	           <li><a href="/chat">Chat online</a></li>
+	           <li><a href="/questions">Ask a question</a></li>
             <li><a href="/tags">Find a topic you care about</a></li>
             <li><a href="/requests">Respond to a request</a></li>
             <li><a href="/dashboard">Browse recent research</a></li>
             <li><a href="/methods">Discover methods</a></li>
-	    <li><a href="/kits">Contribute a kit</a></li>
+	           <li><a href="/kits">Contribute a kit</a></li>
             <% if !current_user %>
               <li><a href="/signup">Create an account</a></li>
             <% end %>
@@ -183,6 +183,7 @@
                   </p>
 
                   <p><a href="/reset/"><%= t('layout._header.login.reset_password') %></a></p>
+                  <p><a href="/auth/google_oauth2">Login with Google</a></p>
 
                 <% end %>
               </li>
diff --git a/app/views/openid/decide.html.erb b/app/views/openid/decide.html.erb
index fc17246bcce..da4c171465f 100644
--- a/app/views/openid/decide.html.erb
+++ b/app/views/openid/decide.html.erb
@@ -2,7 +2,7 @@
 <input type='hidden' name='authenticity_token' value="<%= form_authenticity_token %>"/>
 
 <table class="table">
-  <tr><th>Site</th><td><%= @oidreq.trust_root %></td></tr>
+  <tr><th width="20%">Site requesting</th><td><%= @oidreq.trust_root %></td></tr>
 
   <% if @oidreq.id_select %>
     <tr>
@@ -17,7 +17,7 @@
       <td><input type="text" name="id_to_send" size="25" /></td>
     </tr>
   <% else %>
-    <tr><th>Identity</th><td><%= @oidreq.identity %></td></tr>
+    <tr><th>Account username</th><td><%= @oidreq.identity.split('/').last %></td></tr>
   <% end %>
 </table>
 
diff --git a/app/views/stats/range.html.erb b/app/views/stats/range.html.erb
index d1219f97170..19cc6e1ddf6 100644
--- a/app/views/stats/range.html.erb
+++ b/app/views/stats/range.html.erb
@@ -4,24 +4,41 @@
 
 <hr />
 
-<h4><%= @notes %> notes in this period</h4>
-
-<h4><%= @wikis %> wiki edits in this period</h4>
-
-<h4><%= @people %> new member registrations in this period</h4>
-
-<h4><%= @answers %> answers posted in this period</h4>
-
-<h4><%= @comments %> comments posted in this period</h4>
-
-<h4><%= @questions.count %> questions posted in this period</h4>
-
-<h4><%= @contributors %> contributors in this period</h4>
+<table class="table">
+  <tr>
+    <td><%= @notes %></td>
+    <td>notes in this period</td>
+  </tr>
+  <tr>
+    <%= @wikis %></td>
+    wiki edits in this period</td>
+  </tr>
+  <tr>
+    <td><%= @people %></td>
+    <td>new member registrations in this period</td>
+  </tr>
+  <tr>
+    <td><%= @answers %></td>
+    <td>answers posted in this period</td>
+  </tr>
+  <tr>
+    <td><%= @comments %></td>
+    <td>comments posted in this period</td>
+  </tr>
+  <tr>
+    <td><%= @questions.count %></td>
+    <td>questions posted in this period</td>
+  </tr>
+  <tr>
+    <td><%= @contributors %></td>
+    <td>contributors in this period</td>
+  </tr>
+<table>
 
 <p><i>Member registration may include spam accounts</i></p>
 
 <p>
-  Back by: 
+  Back by:
   <a href="/stats/range/<%= (@start - 1.week).to_formatted_s(:long)   %>/<%= (@end - 1.week).to_formatted_s(:long)   %>">one week</a>,
   <a href="/stats/range/<%= (@start - 1.month).to_formatted_s(:long)  %>/<%= (@end - 1.month).to_formatted_s(:long)  %>">one month</a>,
   <a href="/stats/range/<%= (@start - 3.months).to_formatted_s(:long) %>/<%= (@end - 3.months).to_formatted_s(:long) %>">three months</a>,
@@ -29,7 +46,7 @@
 </p>
 
 <p>
-  Forward by: 
+  Forward by:
   <a href="/stats/range/<%= (@start + 1.week).to_formatted_s(:long)   %>/<%= (@end + 1.week).to_formatted_s(:long)   %>">one week</a>,
   <a href="/stats/range/<%= (@start + 1.month).to_formatted_s(:long)  %>/<%= (@end + 1.month).to_formatted_s(:long)  %>">one month</a>,
   <a href="/stats/range/<%= (@start + 3.months).to_formatted_s(:long) %>/<%= (@end + 3.months).to_formatted_s(:long) %>">three months</a>,
diff --git a/app/views/user_sessions/new.html.erb b/app/views/user_sessions/new.html.erb
index c8bd4055a28..8a7f514dc87 100644
--- a/app/views/user_sessions/new.html.erb
+++ b/app/views/user_sessions/new.html.erb
@@ -20,7 +20,7 @@
     <%= f.password_field :password, { tabindex: 2, class: 'form-control', id: 'password-signup' } %>
 
   </div>
- 
+
   <input type="hidden" name="return_to" value="<%= params[:return_to] %>" />
 
   <div class="checkbox">
@@ -31,10 +31,16 @@
 
   <div class="input-group-inline">
 
-    <button class="btn btn-primary btn-lg" type="submit" tabindex="3"><%= t('user_sessions.new.log_in') %></button> 
+    <button class="btn btn-primary btn-lg" type="submit" tabindex="3"><%= t('user_sessions.new.log_in') %></button>
     <a class="btn btn-default btn-lg" href="/signup" tabindex="4"><%= t('user_sessions.new.sign_up') %></a>
 
   </div>
+  <br>
+    <div class="row" style="display:flex;">
+        <div class="loginbutton" >
+          <%= link_to "Login with Google", "/auth/google_oauth2", class: "btn btn-primary" %>
+        </div>
+    </div>
 
   <br />
   <p style="color: #888;"><%= raw t('user_sessions.new.reset_by_clicking_here', :url1 => "/reset/") %></p>
diff --git a/app/views/user_tags/index.html.erb b/app/views/user_tags/index.html.erb
new file mode 100644
index 00000000000..6b4b3bdc3f3
--- /dev/null
+++ b/app/views/user_tags/index.html.erb
@@ -0,0 +1,38 @@
+<div class="col-md-12">
+  <h1 style="font-family:Junction Light;"><%= t('user_tag.index.popular_user_tags') %></h1>
+
+  <% cache('feature_user_tags-header', skip_digest: true) do %>
+    <%= feature('user-tags-header') %>
+  <% end %>
+
+  <p><%= t('user_tag.index.browse_popular_user_tags') %></p>
+
+  <input class="form-control" type="text" id="myInput"  placeholder="Search for user tags..">
+  <script>
+    $('#myInput').keypress(function (e) {
+      var key = e.which;
+      if (key == 13) { // enter key
+        var pre = document.getElementById("myInput").value;
+        window.location.href = "<%= user_tags_path %>"+"/" + pre
+      }
+    });
+  </script>
+  <br/><br/>
+
+  <table class="table">
+    <tr>
+      <th><a href = "<%= user_tags_path %>?sort=value"><%= t('user_tag.index.user_tag') %></a> <i class="fa fa-arrows-v"></i></th>
+      <th><a href = "<%= user_tags_path %>?sort=uses"><%= t('user_tag.index.number_of_uses') %></a> <i class="fa fa-arrows-v"></i></th>
+    </tr>
+    <% @user_tags.each do |user_tag| %>
+      <tr>
+        <td><i class="fa fa-tag"></i> <a href="/user_tag/<%= user_tag[0] %>"><%= user_tag[0] %></a></td>
+        <td><%= user_tag[1] %></td>
+      </tr>
+    <% end %>
+  </table>
+  <%= will_paginate @user_tags, :renderer => BootstrapPagination::Rails if @paginated %>
+
+  <hr />
+
+</div>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
index 25aed8f9877..cbbb1109334 100644
--- a/app/views/users/edit.html.erb
+++ b/app/views/users/edit.html.erb
@@ -5,5 +5,10 @@
   <hr />
 
   <%= render 'form' %>
+  <div class="row" style="display:flex;">
+      <div class="loginbutton" >
+        <%= link_to "Link with Google", "/auth/google_oauth2", class: "btn btn-primary" %>
+      </div>
+  </div>
 
 </div>
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
index ef4255f4cc6..844258ea7cd 100644
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -23,6 +23,12 @@
   <br />
 
   <%= render 'form' %>
+  <div class="row" style="display:flex;">
+    <div class="loginbutton" >
+      <%= link_to "Sign up with Google", "/auth/google_oauth2", class: "btn btn-primary" %>
+    </div>
+    &nbsp;
+  </div>
 
   <% cache('feature_signup-notice', skip_digest: true) do %>
    <%= feature('signup-notice') %>
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 80668217450..ffe5a2457d1 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -40,4 +40,24 @@
     host: 'www.example.com'
   }
 
+
+  OmniAuth.config.test_mode = true
+  OmniAuth.config.mock_auth[:google_oauth2] = OmniAuth::AuthHash.new({
+      'provider' => 'google_oauth2',
+      'uid' => '1357908642',
+      'info' => {
+        'name' => 'sidharth bansal',
+        'email' => 'bansal.sidharth309@gmail.com'
+      }
+    })
+
+    OmniAuth.config.mock_auth[:google_oauth2_2] = OmniAuth::AuthHash.new({
+        'provider' => 'google_oauth2',
+        'uid' => '1357908642',
+        'info' => {
+          'name' => 'jeff',
+          'email' => 'jeff@pxlshp.com'
+        }
+      })
+
 end
diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb
index 36de885db24..cf56568336b 100644
--- a/config/initializers/assets.rb
+++ b/config/initializers/assets.rb
@@ -1 +1,51 @@
-Rails.application.config.assets.precompile += %w( print.css I18n.css sidebar.js dashboard.css dashboard.js dragdrop.js methods.js post.js comment_expand.js leaflet-blurred-location/dist/Leaflet.BlurredLocation.js dynamic_search.js notes.js textbox_expand.js question.js )
+Rails.application.config.assets.precompile += [  
+  'leaflet-blurred-location/dist/Leaflet.BlurredLocation.js',
+  
+  'advanced_search.js',
+  'application.js',
+  'comment_expand.js',
+  'dashboard.js',
+  'dragdrop.js',
+  'dynamic_search.js',
+  'editor.js',
+  'graph.js',
+  'grids.js',
+  'header_footer.js',
+  'ics.deps.min.js',
+  'ics.min.js',
+  'jsdiff.js',
+  'leaflet_helper.js',
+  'like.js',
+  'locationForm.js',
+  'main_image.js',
+  'methods.js',
+  'notes.js',
+  'post.js',
+  'question.js',
+  'restful_typeahead.js',
+  'searchform.js',
+  'setup.js',
+  'sidebar.js',
+  'tagging.js',
+  'textbox_expand.js',
+  'users.js',
+  'wikis.js',
+  
+  'blog.css',
+  'comments.css',
+  'dashboard.css',
+  'editor.css',
+  'fancy.css',
+  'feature.css',
+  'I18n.css',
+  'location_tags.css.scss',
+  'map.css',
+  'print.css',
+  'question.css',
+  'search.css',
+  'style.css',
+  'tags.css',
+  'user_tags.css.scss',
+  'wiki.css'
+]
+
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 9b7727b5196..79595c21c77 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -1,4 +1,4 @@
 Rails.application.config.middleware.use OmniAuth::Builder do
   provider :google_oauth2, ENV["google_app_key"],ENV["google_app_secret"] , skip_jwt: true
-  provider :facebook, ENV["APP_ID"],ENV["APP_SECRET"] , skip_jwt: true
+  provider :facebook, ENV["APP_ID"],ENV["APP_SECRET"], { scope: "email,public_profile,user_likes" }
 end
diff --git a/config/routes.rb b/config/routes.rb
index 54803bdd3f4..3d0ed86820d 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -31,7 +31,7 @@
   end
 
   get '/change_locale/:locale', to: 'settings#change_locale', as: :change_locale
-  get 'ioby' => "legacy#ioby"
+  get 'assets' => "admin#assets"
 
   get 'login' => "user_sessions#new",      :as => :login
   get 'logout' => "user_sessions#destroy", :as => :logout
@@ -56,6 +56,7 @@
   #resources :users
 
   get 'openid' => 'openid#index'
+  post 'openid' => 'openid#index'
   # Try to get rails to accept params with periods in the keyname?
   # The following isn't right and it may be about param parsing rather than routing?
   # match 'openid' => 'openid#index', :constraints => { 'openid.mode' => /.*/ }
@@ -63,6 +64,7 @@
 
   get 'openid/xrds' => 'openid#idp_xrds'
   get 'openid/decision' => 'openid#decision'
+  post 'openid/decision' => 'openid#decision'
   get 'openid/resume' => 'openid#resume'
   get 'openid/:username' => 'openid#user_page'
   get 'openid/:username/xrds' => 'openid#user_xrds'
@@ -101,7 +103,7 @@
   get 'wiki/revisions/:id' => 'wiki#revisions'
   get 'wiki/revert/:id' => 'wiki#revert'
   get 'wiki/edit/:id' => 'wiki#edit'
-  put 'wiki/update/:id' => 'wiki#update'
+  post 'wiki/update/:id' => 'wiki#update'
   delete 'wiki/delete/:id' => 'wiki#delete'
 
   get 'wiki/revisions/:id/:vid' => 'wiki#revision'
@@ -118,11 +120,12 @@
   get 'notes/popular' => 'notes#popular'
   get 'notes/liked' => 'notes#liked'
   get 'notes/image/:id' => 'notes#image'
+  get 'notes/delete/:id' => 'notes#delete'
   post 'notes/delete/:id' => 'notes#delete'
   post 'notes/update/:id' => 'notes#update'
-  post 'notes/update/:id' => 'notes#edit'
   post 'notes/create' => 'notes#create'
   get 'notes/publish_draft/:id' => 'notes#publish_draft'
+  get 'notes/edit/:id' => 'notes#edit'
 
   get 'places' => 'notes#places'
   get 'tools' => 'notes#tools'
@@ -186,6 +189,7 @@
   get 'locations/form' => 'tag#location'
   get 'locations/modal' => 'tag#location_modal'
   get 'embed/grid/:tagname' => 'tag#gridsEmbed'
+  get 'features/embed/:id' => 'features#embed'
 
   get 'rsvp/:id' => 'notes#rsvp'
   get 'feed/liked' => 'notes#liked_rss'
@@ -206,6 +210,10 @@
   post 'profile/tags/create/:id' => 'user_tags#create'
   get 'profile/tags/create/:id' => 'user_tags#create'
   delete 'profile/tags/delete/:id' => 'user_tags#delete'
+  get 'user_tags' => 'user_tags#index'
+  get 'user_tags/:search' => 'user_tags#index'
+  get 'groups' => 'user_tags#index'
+  get 'groups/:search' => 'user_tags#index'
 
 
   get 'maps' => 'map#index'
@@ -334,6 +342,7 @@
   # This is a legacy wild controller route that's not recommended for RESTful applications.
   # Note: This route will make all actions in every controller accessible via GET requests.
   #handling omniauth callbacks
-  match '/auth/:provider/callback', to: 'sessions#create', via: [:get, :post]
+  match '/auth/:provider/callback', to: 'user_sessions#create', via: [:get, :post]
+  get 'auth/failure', to: redirect('/')
 
 end
diff --git a/doc/OPENID.md b/doc/OPENID.md
new file mode 100644
index 00000000000..4b20ed3fe07
--- /dev/null
+++ b/doc/OPENID.md
@@ -0,0 +1,48 @@
+# OpenID on PublicLab.org
+
+We use PublicLab.org as an OpenID provider for two other sites run by Public Lab - [SpectralWorkbench.org](https://spectralworkbench.org) (SWB) and [MapKnitter.org](https://mapknitter.org) (MK). Source code for those can be found here:
+
+* https://github.com/publiclab/mapknitter/
+* https://github.com/publiclab/spectral-workbench/
+
+This enables:
+
+* a "single sign-on" across several Public Lab systems
+* no need to store private data like encrypted passwords in MK or SWB
+
+However, MK and SWB are customized to **only** use PublicLab.org as an OpenId provider. This dates back to a time when OpenId was more widely used, and we'd probably use OAuth today given the choice.
+
+## Code
+
+Code for the OpenId provider can be found at:
+
+* Controller: https://github.com/publiclab/plots2/blob/master/app/controllers/openid_controller.rb
+* Routes: https://github.com/publiclab/plots2/blob/cac725748bbcb2a1cadf025e16f3aca5baf6a750/config/routes.rb#L58-L76
+
+## Testing
+
+Testing can be difficult, but can be done by cloning a local copy of both SpectralWorkbench AND PublicLab.org/`plots2`.
+
+You first change the OpenId address on the local clone of SWB -- at `app/controllers/sessions_controller.rb:  
+
+```
+@@openid_url_base  = "https://publiclab.org/people/"
+```
+
+(on this line: https://github.com/publiclab/spectral-workbench/blob/7160bea20dfd6a7ce4da9573eed5e456dc3a9490/app/controllers/sessions_controller.rb#L5)
+
+...to be instead: `http://localhost:3000/people/`
+
+Then start SWB on port 3001 with the command `passenger start -p 3001`
+
+At the same time, have PublicLab.org/`plots2` running on port 3000, with the normal `passenger start` command
+
+Then, go to http://localhost:3000/login and try to log in -- using an account on your local copy of PublicLab.org/`plots2`
+
+You should be redirected to your local PublicLab.org/`plots2` instance, and asked to approve the login. 
+
+However, you may be directed back to SpectralWorkbench.org instead of http://localhost:3001 -- please update this documentation if so -- but you should be able to confirm that you were able to log in in any case.
+
+Further work on building tests around these functions is ongoing at:
+
+https://github.com/publiclab/plots2/issues/2813
diff --git a/test/fixtures/user_tags.yml b/test/fixtures/user_tags.yml
index 7756dd7c8f2..3a63f7c0b8c 100644
--- a/test/fixtures/user_tags.yml
+++ b/test/fixtures/user_tags.yml
@@ -24,3 +24,43 @@ longitude:
   id: 5
   uid: 1
   value: lon:-90
+
+google1:
+  id: 6
+  uid: 1
+  value: oauth:google_oauth2:987654321
+
+twitter1:
+  id: 7
+  uid: 1
+  value: oauth:twitter:987654321
+
+facebook1:
+  id: 8
+  uid: 1
+  value: oauth:facebook:987654321
+
+github1:
+  id: 9
+  uid: 1
+  value: oauth:github:987654321
+
+google2:
+  id: 10
+  uid: 2
+  value: oauth:google_oauth2:876543219
+
+twitter2:
+  id: 11
+  uid: 2
+  value: oauth:twitter:876543219
+
+facebook2:
+  id: 12
+  uid: 2
+  value: oauth:facebook:876543219
+
+github2:
+  id: 13
+  uid: 2
+  value: oauth:github:876543219
diff --git a/test/functional/features_controller_test.rb b/test/functional/features_controller_test.rb
index f28e864fec7..9172426ee99 100644
--- a/test/functional/features_controller_test.rb
+++ b/test/functional/features_controller_test.rb
@@ -99,4 +99,11 @@ def teardown
     assert_equal  'Edits saved and cache cleared.', flash[:notice]
     assert_redirected_to '/features?_=' + Time.now.to_i.to_s
   end
+
+  test 'should find the correct node in embed of feature' do
+    fixture_node = nodes(:blog)
+    get :embed, params: { id: fixture_node.title}
+    embed_node = assigns(:node)
+    assert_equal embed_node.nid, fixture_node.nid
+  end
 end
diff --git a/test/functional/notes_controller_test.rb b/test/functional/notes_controller_test.rb
index 34f212b79c1..38ff1ddd6f0 100644
--- a/test/functional/notes_controller_test.rb
+++ b/test/functional/notes_controller_test.rb
@@ -499,7 +499,7 @@ def teardown
   test 'should display /post template when editing a note in legacy mode' do
     user = UserSession.create(users(:jeff))
     note = nodes(:blog)
-    post :edit,
+    get :edit,
          params: {
          id: note.nid,
          legacy: true
@@ -512,7 +512,7 @@ def teardown
     user = UserSession.create(users(:jeff))
     note = nodes(:question)
     note.add_tag('nice', users(:jeff))
-    post :edit,
+    get :edit,
          params: {
          id: note.nid,
          legacy: true
@@ -524,7 +524,7 @@ def teardown
   test 'should display /post template when editing a note' do
     user = UserSession.create(users(:jeff))
     note = nodes(:blog)
-    post :edit,
+    get :edit,
          params: {
          id: note.nid
          }
@@ -537,7 +537,7 @@ def teardown
     user = UserSession.create(users(:jeff))
     note = nodes(:question)
     note.add_tag('nice', users(:jeff))
-    post :edit,
+    get :edit,
          params: {
          id: note.nid
          }
diff --git a/test/functional/user_sessions_controller_test.rb b/test/functional/user_sessions_controller_test.rb
index 0fdfcbfc524..d2934ef5de0 100644
--- a/test/functional/user_sessions_controller_test.rb
+++ b/test/functional/user_sessions_controller_test.rb
@@ -40,4 +40,58 @@ class UserSessionsControllerTest < ActionController::TestCase
       assert_equal I18n.t('user_sessions_controller.logged_in'), flash[:notice]
     end
   end
+
+  test 'sign up and login via provider basic flow' do
+    assert_not_nil OmniAuth.config.mock_auth[:google_oauth2]
+    #Omniauth hash is present
+    request.env['omniauth.auth'] =  OmniAuth.config.mock_auth[:google_oauth2]
+    assert_not_nil request.env['omniauth.auth']
+    #Sign Up for a new user
+    post :create
+    assert_equal "You have successfully signed in. Please change your password via a link sent to you via a mail",  flash[:notice]
+    #Log Out
+    post :destroy
+    assert_equal "Successfully logged out.",  flash[:notice]
+    #auth hash is present so login via a provider
+    post :create
+    assert_equal "Signed in!",  flash[:notice]
+  end
+
+  test 'sign up and login via provider alternative flow' do
+    assert_not_nil OmniAuth.config.mock_auth[:google_oauth2_2]
+    #Omniauth hash is present
+    request.env['omniauth.auth'] =  OmniAuth.config.mock_auth[:google_oauth2_2]
+    assert_not_nil request.env['omniauth.auth']
+    #Sign Up for an existing user as email exists in the db
+    post :create
+    assert_equal "Successfully linked to your account!",  flash[:notice]
+    #Log Out
+    post :destroy
+    assert_equal "Successfully logged out.",  flash[:notice]
+    #auth hash is present so login via a provider
+    post :create
+    assert_equal "Signed in!",  flash[:notice]
+  end
+
+
+  test 'login user with an email and then connect google provider' do
+    post :create, user_session: {
+      username: users(:jeff).email,
+      password: 'secretive'
+    }
+    assert_redirected_to '/dashboard'
+    assert_not_nil OmniAuth.config.mock_auth[:google_oauth2_2]
+    #Omniauth hash is present
+    request.env['omniauth.auth'] =  OmniAuth.config.mock_auth[:google_oauth2_2]
+    assert_not_nil request.env['omniauth.auth']
+    #Link a google account to an existing user
+    post :create
+    assert_equal "Successfully linked to your account!",  flash[:notice]
+    #Link same google account to an existing user again
+    post :create
+    assert_equal "Already linked to your account!",  flash[:notice]
+    #Log Out
+    post :destroy
+    assert_equal "Successfully logged out.",  flash[:notice]
+  end
 end
diff --git a/test/functional/user_tags_controller_test.rb b/test/functional/user_tags_controller_test.rb
index e875032203f..8a34af40ef4 100644
--- a/test/functional/user_tags_controller_test.rb
+++ b/test/functional/user_tags_controller_test.rb
@@ -106,4 +106,27 @@ def setup
       assert_equal I18n.t('user_tags_controller.tag_doesnt_exist'), flash[:error]
     end
   end
+
+  test 'user tags index' do
+   get :index
+
+   assert :success
+   assert assigns['user_tags']
+   assert_equal assigns['user_tags'].collect{ |a| a[0] }, assigns['user_tags'].collect{ |a| a[0]}.uniq
+   assert_not assigns['user_tags'].include?(0)
+   assert_not_nil :user_tags
+
+   get :index, {sort: "value"}
+   assert_equal assigns['user_tags'].collect{ |a| [a[0], a[1]] }, assigns['user_tags'].sort_by{ |a| [a[0]]}
+
+ end
+
+ test 'user tags search' do
+   get :index, search: "skill:rails"
+
+   assert :success
+   assert assigns(:user_tags).length > 0
+   assert_template 'user_tags/index'
+ end
+
 end
diff --git a/test/integration/login_flow_test.rb b/test/integration/login_flow_test.rb
index aeaa6ee14b8..f209d43be43 100644
--- a/test/integration/login_flow_test.rb
+++ b/test/integration/login_flow_test.rb
@@ -39,4 +39,21 @@ class LoginFlowTest < ActionDispatch::IntegrationTest
     follow_redirect!
     assert_equal '/questions', path
   end
+
+  test 'google login routing' do
+    assert_routing '/auth/google_oauth2/callback', {controller: 'user_sessions', action: 'create',provider: 'google_oauth2'}
+  end
+
+  test 'google_oauth2 login post' do
+    assert_routing({path: '/auth/google_oauth2/callback', method: 'post'},{controller: 'user_sessions', action: 'create' ,provider: 'google_oauth2'})
+  end
+
+  test 'should get oauth hash from /auth/google_oauth2' do
+    get '/auth/google_oauth2'
+    assert_redirected_to '/auth/google_oauth2/callback'
+    assert_not_nil OmniAuth.config.mock_auth[:google_oauth2]
+    request.env['omniauth.auth'] =  OmniAuth.config.mock_auth[:google_oauth2]
+    assert_not_nil request.env['omniauth.auth']
+  end
+
 end
diff --git a/test/integration/openid_test.rb b/test/integration/openid_test.rb
new file mode 100644
index 00000000000..1ea0d95ba85
--- /dev/null
+++ b/test/integration/openid_test.rb
@@ -0,0 +1,90 @@
+require 'test_helper'
+
+class LoginFlowTest < ActionDispatch::IntegrationTest
+
+  test 'attempt to openid authenticate (like from MapKnitter) without being logged in' do
+  end
+
+  test 'incorrect openid authentication request shows error' do
+
+    # log in
+    post '/user_sessions', params: { user_session: { username: users(:jeff).username, password: 'secretive' } } 
+    follow_redirect!
+
+    get '/openid', params: { 
+      'openid.claimed_id': 'https://spectralworkbench.org/openid/warren',
+      'openid.identity': 'https://spectralworkbench.org/openid/warren',
+      'openid.mode': 'checkid_setup',
+      'openid.ns': 'http://specs.openid.net/auth/2.0',
+      'openid.ns.sreg': 'http://openid.net/extensions/sreg/1.1',
+      'openid.realm': 'https://spectralworkbench.org/',
+      'openid.return_to': 'https://spectralworkbench.org/session/new?authenticity_token=RcLcGH3lzSTCC24UpPnNm56sllNaMrHg5%2FSrQzNxB%2B4%3D&back_to=&open_id=warren&return_to=',
+      'openid.sreg.required': 'nickname,email'
+    }
+
+    assert_equal "You are requesting access to an account that's not yours. Please <a href='/logout'>log out</a> and use the correct account, or <a href='https://spectralworkbench.org/'>try to login with the correct username</a>", flash[:error]
+
+    assert_response :redirect
+
+  end
+
+  test 'openid authentication request goes to index page' do
+
+    # log in
+    post '/user_sessions', params: { user_session: { username: users(:jeff).username, password: 'secretive' } } 
+    follow_redirect!
+
+    get '/openid', params: { 
+      'openid.claimed_id': "https://spectralworkbench.org/openid/#{users(:jeff).username}",
+      'openid.identity': "https://spectralworkbench.org/openid/#{users(:jeff).username}",
+      'openid.mode': 'checkid_setup',
+      'openid.ns': 'http://specs.openid.net/auth/2.0',
+      'openid.ns.sreg': 'http://openid.net/extensions/sreg/1.1',
+      'openid.realm': 'https://spectralworkbench.org/',
+      'openid.return_to': "https://spectralworkbench.org/session/new?authenticity_token=RcLcGH3lzSTCC24UpPnNm56sllNaMrHg5%2FSrQzNxB%2B4%3D&back_to=&open_id=#{users(:jeff).username}&return_to=",
+      'openid.sreg.required': 'nickname,email'
+    }
+
+    assert_nil flash[:error]
+    assert_equal 'The site shown below is asking to use your PublicLab.org account to log you in. Do you trust this site?', flash[:notice]
+
+    assert_response :success
+    assert_routing({ path: path, method: :get }, { controller: 'openid', action: 'index' })
+
+    ## now same with POST
+
+    # More complete parameters:
+    # {"authenticity_token"=>"RcLcGH3lzSTCC24UpPnNm56sllNaMrHg5/SrQzNxB+4=", "back_to"=>"/", "open_id"=>"warren", "openid.assoc_handle"=>"{HMAC-SHA1}{5b1d5a10}{bGMKfQ==}", "openid.claimed_id"=>"http://localhost:3000/openid/warren", "openid.identity"=>"http://localhost:3000/openid/warren", "openid.mode"=>"check_authentication", "openid.ns"=>"http://specs.openid.net/auth/2.0", "openid.ns.sreg"=>"http://openid.net/extensions/sreg/1.1", "openid.op_endpoint"=>"http://localhost:3000/openid", "openid.response_nonce"=>"2018-06-10T17:04:16ZSTb7YI", "openid.return_to"=>"http://localhost:3001/session/new?authenticity_token=RcLcGH3lzSTCC24UpPnNm56sllNaMrHg5%2FSrQzNxB%2B4%3D&back_to=%2F&open_id=warren&return_to=%2F", "openid.sig"=>"cElPJYRTb7IDCsZe3eLx639cchg=", "openid.signed"=>"assoc_handle,claimed_id,identity,mode,ns,ns.sreg,op_endpoint,response_nonce,return_to,signed,sreg.email,sreg.nickname", "openid.sreg.email"=>"jeff@unterbahn.com", "openid.sreg.nickname"=>"warren", "return_to"=>"/"}
+    post '/openid?openid.claimed_id=' + users(:jeff).username, params: { 
+      'openid.claimed_id': "https://spectralworkbench.org/openid/#{users(:jeff).username}",
+      'openid.identity': "https://spectralworkbench.org/openid/#{users(:jeff).username}",
+      'openid.mode': 'checkid_setup',
+      'openid.ns': 'http://specs.openid.net/auth/2.0',
+      'openid.ns.sreg': 'http://openid.net/extensions/sreg/1.1',
+      'openid.realm': 'https://spectralworkbench.org/',
+      'openid.return_to': "https://spectralworkbench.org/session/new?authenticity_token=RcLcGH3lzSTCC24UpPnNm56sllNaMrHg5%2FSrQzNxB%2B4%3D&back_to=&open_id=#{users(:jeff).username}&return_to=",
+      'openid.sreg.required': 'nickname,email'
+    }
+
+    assert_nil flash[:error]
+    assert_equal 'The site shown below is asking to use your PublicLab.org account to log you in. Do you trust this site?', flash[:notice]
+
+    assert_response :success
+    assert_routing({ path: path, method: :post }, { controller: 'openid', action: 'index' })
+
+    # Then, 'openid authentication approval goes to decision page'  -- based on same session
+
+    # log in
+    post '/user_sessions', params: { user_session: { username: users(:jeff).username, password: 'secretive' } } 
+    follow_redirect!
+
+    post '/openid/decision', params: { 
+      "authenticity_token": "RcLcGH3lzSTCC24UpPnNm56sllNaMrHg5%2FSrQzNxB%2B4%3D",
+      "yes": "Yes"
+    }
+
+    # redirects back to originating site
+    assert_match /https:\/\/spectralworkbench.org\/session\/new/, @response.redirect_url
+  end
+
+end
diff --git a/test/integration/public_pages_test.rb b/test/integration/public_pages_test.rb
index d56ad6b8bf9..eb0fc3bf93a 100644
--- a/test/integration/public_pages_test.rb
+++ b/test/integration/public_pages_test.rb
@@ -96,4 +96,9 @@ def setup
     get nodes(:question).path(:question)
     assert_response :success
   end
+
+  test 'assets tests' do
+    get '/assets'
+    assert_response :success
+  end
 end
diff --git a/test/integration/wiki_creation_test.rb b/test/integration/wiki_creation_test.rb
index 232877fa64d..d847877b9d1 100644
--- a/test/integration/wiki_creation_test.rb
+++ b/test/integration/wiki_creation_test.rb
@@ -44,4 +44,18 @@ class WikiCreationTest < ActionDispatch::IntegrationTest
     assert_equal flash[:notice], 'Wiki page created.'
     assert_select 'h1', title
   end
+
+  test 'updating wiki' do
+    post '/user_sessions', params: { user_session: { username: users(:bob).username, password: 'secretive' } }
+    wiki = nodes(:organizers)
+    title = wiki.title
+    newtitle = 'New Title'
+
+    post "/wiki/update/#{wiki.id}", params: { uid: users(:bob).id, title: newtitle, body: 'Editing about Page' }
+
+    follow_redirect!
+
+    assert_equal "/wiki/#{title.parameterize}", path
+    assert_equal flash[:notice], 'Edits saved.'
+  end
 end
diff --git a/test/unit/user_tag_test.rb b/test/unit/user_tag_test.rb
index 6929b23ca63..ce47870856f 100644
--- a/test/unit/user_tag_test.rb
+++ b/test/unit/user_tag_test.rb
@@ -28,4 +28,113 @@ class UserTagTest < ActiveSupport::TestCase
       assert_equal ['Value can only include letters, numbers, and dashes'], invalid_user_tag.errors.full_messages
     end
   end
+
+  test 'Create a usertag from google auth' do
+    user = users(:jeff)
+    auth = { "provider" => "google_oauth2", "uid" => "123456789"}
+    uid = user.id
+    identity1 = UserTag.create_with_omniauth(auth, uid)
+    assert_not_nil identity1
+    identity2 = UserTag.find_with_omniauth(auth)
+    assert_not_nil identity1
+    assert_equal(identity1, identity2)
+  end
+
+  test 'Create a usertag from twitter auth' do
+    user = users(:jeff)
+    auth = { "provider" => "twitter", "uid" => "123456789"}
+    uid = user.id
+    identity1 = UserTag.create_with_omniauth(auth, uid)
+    assert_not_nil identity1
+    identity2 = UserTag.find_with_omniauth(auth)
+    assert_not_nil identity1
+    assert_equal(identity1, identity2)
+  end
+
+  test 'Create a usertag from facebook auth' do
+    user = users(:jeff)
+    auth = { "provider" => "facebook", "uid" => "123456789"}
+    uid = user.id
+    identity1 = UserTag.create_with_omniauth(auth, uid)
+    assert_not_nil identity1
+    identity2 = UserTag.find_with_omniauth(auth)
+    assert_not_nil identity1
+    assert_equal(identity1, identity2)
+  end
+
+  test 'Create a usertag from github auth' do
+    user = users(:jeff)
+    auth = { "provider" => "github", "uid" => "123456789"}
+    uid = user.id
+    identity1 = UserTag.create_with_omniauth(auth, uid)
+    assert_not_nil identity1
+    identity2 = UserTag.find_with_omniauth(auth)
+    assert_not_nil identity1
+    assert_equal(identity1, identity2)
+  end
+
+  test 'Search a usertag from google auth which does not exist' do
+    user = users(:jeff)
+    auth = { "provider" => "google_oauth2", "uid" => "12345678"}
+    uid = user.id
+    identity = UserTag.find_with_omniauth(auth)
+    assert_nil identity
+  end
+
+  test 'Search a usertag from twitter auth which does not exist' do
+    user = users(:jeff)
+    auth = { "provider" => "twitter", "uid" => "12345678"}
+    uid = user.id
+    identity = UserTag.find_with_omniauth(auth)
+    assert_nil identity
+  end
+
+  test 'Search a usertag from github auth which does not exist' do
+    user = users(:jeff)
+    auth = { "provider" => "github", "uid" => "12345678"}
+    uid = user.id
+    identity = UserTag.find_with_omniauth(auth)
+    assert_nil identity
+  end
+
+  test 'Search a usertag from facebook auth which does not exist' do
+    user = users(:jeff)
+    auth = { "provider" => "facebook", "uid" => "12345678"}
+    uid = user.id
+    identity = UserTag.find_with_omniauth(auth)
+    assert_nil identity
+  end
+
+  test 'Search a usertag from google auth which does exist' do
+    user = users(:jeff)
+    auth = { "provider" => "google_oauth2", "uid" => "987654321"}
+    uid = user.id
+    identity = UserTag.find_with_omniauth(auth)
+    assert_not_nil identity
+  end
+
+  test 'Search a usertag from twitter auth which does exist' do
+    user = users(:jeff)
+    auth = { "provider" => "twitter", "uid" => "987654321"}
+    uid = user.id
+    identity = UserTag.find_with_omniauth(auth)
+    assert_not_nil identity
+  end
+
+  test 'Search a usertag from github auth which does exist' do
+    user = users(:jeff)
+    auth = { "provider" => "github", "uid" => "987654321"}
+    uid = user.id
+    identity = UserTag.find_with_omniauth(auth)
+    assert_not_nil identity
+  end
+
+  test 'Search a usertag from facebook auth which does exist' do
+    user = users(:jeff)
+    auth = { "provider" => "facebook", "uid" => "987654321"}
+    uid = user.id
+    identity = UserTag.find_with_omniauth(auth)
+    assert_not_nil identity
+  end
+
 end
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 1660e710d48..61189907742 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -170,6 +170,7 @@ class UserTest < ActiveSupport::TestCase
       assert_not_empty daily
       assert_equal daily.count, 365
   end
+
   test 'user roles' do
     admin = users(:admin)
     assert admin.admin?
@@ -184,6 +185,7 @@ class UserTest < ActiveSupport::TestCase
     assert_not basic_user.moderator?
     assert_not basic_user.can_moderate?
   end
+
   test 'user email validation' do
     user = User.new(username: 'zen',
                     password: 'nez',
@@ -191,6 +193,7 @@ class UserTest < ActiveSupport::TestCase
                     email: 'abc@.com')
     assert_not user.save({})
   end
+
   test 'email validation' do
     user = User.new(username: 'himanshu',
                     password: 'bhallu',
@@ -198,4 +201,22 @@ class UserTest < ActiveSupport::TestCase
                     email: '@xyz.com')
     assert_not user.save({})
   end
+
+  test 'create a user with omniauth if email prefix does not exist in db' do
+    auth = {"uid" => "98746858591", "info" => { "email" => "bansal.sidharth2990@gmail.com"}}
+    sidharth = User.create_with_omniauth(auth)
+    assert_not_nil sidharth
+    assert_equal sidharth.email, "bansal.sidharth2990@gmail.com"
+    #as username "bansal_sidharth2990" does not exist in the db, user with username = "bansal_sidharth2990" will be created
+    assert_equal sidharth.username, "bansal_sidharth2990"
+  end
+
+  test 'create a user with omniauth if email prefix does exist in db' do
+    auth = {"uid" => "98740858591", "info" => { "email" => "jeff@gmail.com"}}
+    jeffrey = User.create_with_omniauth(auth)
+    assert_not_nil jeffrey
+    assert_equal jeffrey.email, "jeff@gmail.com"
+    #as the username as "jeff" exists, hence username = "jeff" + 2 digit alphanumeric code will be created
+    assert_not_equal jeffrey.username, "jeff"
+  end
 end