Merge branch 'external-person' into 'federation'

External person Allow external users to login in a network that is federated with the user's network. See merge request !951

Merge branch 'external-person' into 'federation'
External person Allow external users to login in a network that is federated with the user's network. See merge request !951
Larissa Reis
2 parents 219aa665 f9165094
Showing 53 changed files with 1289 additions and 275 deletions Show diff stats
app/api/app.rb
app/api/federation/webfinger.rb
app/api/helpers.rb
app/api/v1/articles.rb
app/api/v1/people.rb
app/concerns/authenticated_system.rb
app/controllers/application_controller.rb
app/controllers/my_profile/email_templates_controller.rb
app/controllers/public/profile_controller.rb
app/controllers/public/search_controller.rb
app/helpers/application_helper.rb
app/helpers/theme_loader_helper.rb
app/models/abuse_complaint.rb
app/models/abuse_report.rb
app/models/comment.rb
app/models/concerns/external_user.rb
app/models/concerns/human.rb
app/models/concerns/profile_entity.rb
app/models/environment.rb
app/models/external_environment.rb
 require_dependency 'api/helpers'
 module Api
+  class NoosferoFederation < Grape::API
+    use Rack::JSONP
+    helpers Helpers
+    before { detect_stuff_by_domain }
+    format :json
+    content_type :json, "application/jrd+json"
+    prefix [ENV['RAILS_RELATIVE_URL_ROOT'], ".well-known"].compact.join('/')
+    mount Federation::Webfinger
+  end
+
   class App < Grape::API
     use Rack::JSONP
@@ -23,6 +33,8 @@ module Api
       end
     end
+    mount NoosferoFederation
+
     before { set_locale  }
     before { setup_multitenancy }
     before { detect_stuff_by_domain }
@@ -0,0 +1,108 @@
+require 'rails/commands/server'
+
+module Api
+  module Federation
+    class Webfinger < Grape::API
+      get 'webfinger' do
+        result = generate_jrd
+        present result, with: Grape::Presenters::Presenter
+      end
+    end
+  end
+end
+
+def generate_jrd
+  unless valid_domain?
+    not_found!
+    Rails.logger.error 'Domain Not Found'
+  end
+  if request_acct?
+    acct_hash
+  elsif valid_uri?(params[:resource])
+    uri_hash
+  end
+end
+
+def domain
+  if request_acct?
+    params[:resource].split('@')[1]
+  else
+    params[:resource].split('/')[2]
+  end
+end
+
+def valid_domain?
+  environment.domains.map(&:name).include? domain
+end
+
+def request_acct?
+  params[:resource].include? 'acct:'
+end
+
+def acct_hash
+  rails = Rails::Server.new
+  acct = Hash.new{|hash, key| hash[key] = Hash.new{|hash, key| hash[key] = Array.new}}
+  url = rails.options[:Host] + ':' + rails.options[:Port].to_s + '/'
+  person = Person.find_by_identifier(extract_person_identifier)
+
+  if person.nil?
+    Rails.logger.error 'Person not found'
+    not_found!
+  else
+    acct[:subject] = params[:resource]
+    acct[:alias] = url + person.identifier
+    acct[:properties][:identifier] = person.identifier
+    acct[:properties][:created_at] = person.created_at
+    for blog in person.blogs do
+      acct[:links][:rel] <<  url + 'rel/' + blog.path
+      acct[:links][:href] << url + person.identifier + '/' + blog.path
+    end
+
+    for galleries in person.articles.galleries do
+      acct[:links][:rel] <<  url + 'rel/' + galleries.path
+      acct[:links][:href] << url + person.identifier + '/' + galleries.path
+    end
+
+    acct[:titles][:name] =  person.name
+  end
+  acct
+end
+
+def extract_person_identifier
+  params[:resource].split('@')[0].split(':')[1]
+end
+
+def valid_uri?(url)
+  uri = URI.parse(url)
+  if uri.is_a?(URI::HTTP)
+    true
+  else
+    Rails.logger.error 'Bad URI Error'
+    not_found!
+  end
+end
+
+def uri_hash
+  uri = {}
+  uri[:subject] = params[:resource]
+  entity = find_entity(params[:resource])
+  id = params[:resource].split('/').last.to_i
+  begin
+    uri[:properties] = entity.classify.constantize.find(id)
+  rescue ActiveRecord::RecordNotFound
+    Rails.logger.error "Entity: #{entity} with id: #{id} not found"
+    not_found!
+  end
+  uri
+end
+
+def find_entity(uri)
+  possible_entity = uri.split('/')
+  possible_entity.map! { |entity| "#{entity}s" }
+  entity = (ActiveRecord::Base.connection.tables & possible_entity).first
+  unless entity
+    Rails.logger.error 'Entity not found on records'
+    not_found!
+  end
+  entity
+end
@@ -10,6 +10,9 @@ module Api
     include Noosfero::Plugin::HotSpot
     include ForgotPasswordHelper
     include SearchTermHelper
+    include ProfileImageHelper
+    include Noosfero::Gravatar
+    include ThemeLoaderHelper
     def set_locale
       I18n.locale = (params[:lang] || request.env['HTTP_ACCEPT_LANGUAGE'] || 'en')
@@ -412,7 +415,7 @@ module Api
         content_type == 'TextArticle' ? Article.text_article_types : content_type
       end
       content_types.flatten.uniq
-    end
+   end
     def period(from_date, until_date)
       begin_period = from_date.nil? ? Time.at(0).to_datetime : from_date
@@ -62,7 +62,7 @@ module Api
             { :success => true }
           rescue Exception => exception
             render_api_error!(_('The article couldn\'t be removed due to some problem. Please contact the administrator.'), 400)
-          end          
+          end
         end
         desc 'Report a abuse and/or violent content in a article by id' do
@@ -108,6 +108,23 @@ module Api
           end
           present output
         end
+
+        desc "Return the person profile picture (you can optionally pass a 'size' parameter)"
+        get ":id/icon" do
+          person = environment.people.find(params[:id])
+
+          size = params[:size] || :portrait
+          image = profile_icon(person, size.to_sym)
+          output = {}
+
+          unless image.match(/^\/\/www\.gravatar\.com/).nil?
+            output[:icon] = 'https:' + image
+          else
+            output[:icon] = request.url.gsub(/\/api\/.*/, '') + image
+          end
+
+          present output
+        end
       end
       resource :profiles do
@@ -25,7 +25,19 @@ module AuthenticatedSystem
     # Accesses the current user from the session.
     def current_user user_id = session[:user]
       @current_user ||= begin
-        user = User.find_by id: user_id if user_id
+        user = nil
+        if session[:external]
+          user = User.new
+          external_person = ExternalPerson.find_by(id: session[:external])
+          if external_person
+            user.external_person_id = external_person.id
+            user.email = external_person.email
+          else
+            session[:external] = nil
+          end
+        else
+          user = User.find_by(id: user_id) if user_id
+        end
         user.session = session if user
         User.current = user
         user
@@ -37,9 +49,13 @@ module AuthenticatedSystem
       if new_user.nil?
         session.delete(:user)
       else
-        session[:user] = new_user.id
+        if new_user.id
+          session[:user] = new_user.id
+        else
+          session[:external] = new_user.external_person_id
+        end
         new_user.session = session
-        new_user.register_login
+        new_user.register_login if new_user.id
       end
       @current_user = User.current = new_user
     end
@@ -8,6 +8,7 @@ class ApplicationController &lt; ActionController::Base
   before_filter :allow_cross_domain_access
   include AuthenticatedSystem
+
   before_filter :require_login_for_environment, :if => :private_environment?
   before_filter :verify_members_whitelist, :if => [:private_environment?, :user]
@@ -120,7 +121,9 @@ class ApplicationController &lt; ActionController::Base
   end
   def user
-    current_user.person if logged_in?
+    if logged_in?
+      current_user.person || current_user.external_person
+    end
   end
   alias :current_person :user
@@ -64,7 +64,7 @@ class EmailTemplatesController &lt; ApplicationController
   private
   def template_params
-    {:profile_name => current_user.name, :environment_name => environment.name }
+    {:profile_name => current_person.name, :environment_name => environment.name }
   end
   def template_params_allowed params
@@ -176,7 +176,7 @@ class ProfileController &lt; PublicController
   end
   def unblock
-    if current_user.person.is_admin?(profile.environment)
+    if current_person.is_admin?(profile.environment)
       profile.unblock
       session[:notice] = _("You have unblocked %s successfully. ") % profile.name
       redirect_to :controller => 'profile', :action => 'index'
@@ -187,7 +187,7 @@ class ProfileController &lt; PublicController
   end
   def leave_scrap
-    sender = params[:sender_id].nil? ? current_user.person : Person.find(params[:sender_id])
+    sender = params[:sender_id].nil? ? current_person : Person.find(params[:sender_id])
     receiver = params[:receiver_id].nil? ? @profile : Person.find(params[:receiver_id])
     @scrap = Scrap.new(params[:scrap])
     @scrap.sender= sender
@@ -270,7 +270,7 @@ class ProfileController &lt; PublicController
   def remove_scrap
     begin
-      scrap = current_user.person.scraps(params[:scrap_id])
+      scrap = current_person.scraps(params[:scrap_id])
       scrap.destroy
       finish_successful_removal 'Scrap successfully removed.'
     rescue
@@ -395,6 +395,17 @@ class ProfileController &lt; PublicController
     end
   end
+  def icon
+    size = params[:size] || :portrait
+    image, mime = profile_icon(profile, size.to_sym, true)
+
+    unless image.match(/^\/\/www\.gravatar\.com/).nil?
+      redirect_to 'https:' + image
+    else
+      @file = File.join(Rails.root, 'public', image)
+      send_file @file, type: mime, disposition: 'inline'
+    end
+  end
   protected
@@ -247,7 +247,7 @@ class SearchController &lt; PublicController
   def visible_profiles(klass, *extra_relations)
     relations = [:image, :domains, :environment, :preferred_domain]
     relations += extra_relations
-    if current_user && current_user.person.is_admin?
+    if current_user && current_person.is_admin?
       @environment.send(klass.name.underscore.pluralize).includes(relations)
     else
       @environment.send(klass.name.underscore.pluralize).visible.includes(relations)
@@ -146,12 +146,12 @@ module ApplicationHelper
   end
   def link_to_cms(text, profile = nil, options = {})
-    profile ||= current_user.login
+    profile ||= current_person.identifier
     link_to text, myprofile_path(:controller => 'cms', :profile => profile), options
   end
   def link_to_profile(text, profile = nil, options = {})
-    profile ||= current_user.login
+    profile ||= current_person.identifier
     link_to text, profile_path(:profile => profile) , options
   end
@@ -160,7 +160,7 @@ module ApplicationHelper
   end
   def link_if_permitted(link, permission = nil, target = nil)
-    if permission.nil? || current_user.person.has_permission?(permission, target)
+    if permission.nil? || current_person.has_permission?(permission, target)
       link
     else
       nil
@@ -814,7 +814,7 @@ module ApplicationHelper
       {s_('contents|Most commented') => {href: url_for({host: host, controller: 'search', action: 'contents', filter: 'more_comments'})}}
     ]
     if logged_in?
-      links.push(_('New content') => modal_options({:href => url_for({:controller => 'cms', :action => 'new', :profile => current_user.login, :cms => true})}))
+      links.push(_('New content') => modal_options({:href => url_for({:controller => 'cms', :action => 'new', :profile => current_person.identifier, :cms => true})}))
     end
     link_to(content_tag(:span, _('Contents'), :class => 'icon-menu-articles'), {:controller => "search", :action => 'contents', :category_path => nil}, :id => 'submenu-contents') +
@@ -830,8 +830,8 @@ module ApplicationHelper
        {s_('people|More popular') => {href: url_for({host: host, controller: 'search', action: 'people', filter: 'more_popular'})}}
      ]
      if logged_in?
-       links.push(_('My friends') => {:href => url_for({:profile => current_user.login, :controller => 'friends'})})
-       links.push(_('Invite friends') => {:href => url_for({:profile => current_user.login, :controller => 'invite', :action => 'friends'})})
+       links.push(_('My friends') => {:href => url_for({:profile => current_person.identifier, :controller => 'friends'})})
+       links.push(_('Invite friends') => {:href => url_for({:profile => current_person.identifier, :controller => 'invite', :action => 'friends'})})
      end
     link_to(content_tag(:span, _('People'), :class => 'icon-menu-people'), {:controller => "search", :action => 'people', :category_path => ''}, :id => 'submenu-people') +
@@ -847,8 +847,8 @@ module ApplicationHelper
        {s_('communities|More popular') => {href: url_for({host: host, controller: 'search', action: 'communities', filter: 'more_popular'})}}
      ]
      if logged_in?
-       links.push(_('My communities') => {:href => url_for({:profile => current_user.login, :controller => 'memberships'})})
-       links.push(_('New community') => {:href => url_for({:profile => current_user.login, :controller => 'memberships', :action => 'new_community'})})
+       links.push(_('My communities') => {:href => url_for({:profile => current_person.identifier, :controller => 'memberships'})})
+       links.push(_('New community') => {:href => url_for({:profile => current_person.identifier, :controller => 'memberships', :action => 'new_community'})})
      end
     link_to(content_tag(:span, _('Communities'), :class => 'icon-menu-community'), {:controller => "search", :action => 'communities'}, :id => 'submenu-communities') +
@@ -2,7 +2,7 @@ module ThemeLoaderHelper
   def current_theme
     @current_theme ||=
       begin
-        if session[:user_theme]
+        if defined?(session).present? && session[:user_theme]
           session[:user_theme]
         else
           # utility for developers: set the theme to 'random' in development mode and
@@ -14,7 +14,7 @@ module ThemeLoaderHelper
           elsif Rails.env.development? && respond_to?(:params) && params[:user_theme] && File.exists?(Rails.root.join('public/designs/themes', params[:user_theme]))
             params[:user_theme]
           else
-            if profile && !profile.theme.nil?
+            if defined?(profile) && profile && !profile.theme.nil?
               profile.theme
             elsif environment
               environment.theme
@@ -34,9 +34,9 @@ module ThemeLoaderHelper
   end
   def theme_path
-    if session[:user_theme]
+    if defined?(session).present? && session[:user_theme]
       '/user_themes/' + current_theme
-    elsif session[:theme]
+    elsif defined?(session).present? && session[:theme]
       '/designs/themes/' + session[:theme]
     else
       '/designs/themes/' + current_theme
 class AbuseComplaint < Task
   has_many :abuse_reports, :dependent => :destroy
-  belongs_to :reported, :class_name => "Profile", :foreign_key => "requestor_id"
+  belongs_to :reported, :polymorphic => true, :foreign_key => "requestor_id"
   validates_presence_of :reported
   alias :requestor :reported
@@ -2,7 +2,7 @@ class AbuseReport &lt; ApplicationRecord
   attr_accessible :content, :reason
-  belongs_to :reporter, :class_name => 'Person'
+  belongs_to :reporter, :polymorphic => true
   belongs_to :abuse_complaint
   has_many :reported_images, :dependent => :destroy
@@ -15,7 +15,7 @@ class Comment &lt; ApplicationRecord
   alias :article= :source=
   attr_accessor :follow_article
-  belongs_to :author, :class_name => 'Person', :foreign_key => 'author_id'
+  belongs_to :author, :polymorphic => true, :foreign_key => 'author_id'
   has_many :children, :class_name => 'Comment', :foreign_key => 'reply_of_id', :dependent => :destroy
   belongs_to :reply_of, :class_name => 'Comment', :foreign_key => 'reply_of_id'
@@ -0,0 +1,100 @@
+require 'ostruct'
+
+module ExternalUser
+  extend ActiveSupport::Concern
+
+  included do
+    attr_accessor :external_person_id
+  end
+
+  def external_person
+    ExternalPerson.where(id: self.external_person_id).first
+  end
+
+  def person_with_external
+    self.external_person || self.person_without_external
+  end
+
+  module ClassMethods
+    def webfinger_lookup(login, domain, environment)
+      if login && domain && environment.has_federated_network?(domain)
+        external_environment = environment.external_environments.find_by_url(domain)
+        scheme = "http#{external_environment.uses_ssl? ? 's' : ''}"
+        url = URI.parse(scheme+"://"+ domain +'/.well-known/webfinger?resource=acct:'+
+                         login+'@'+domain)
+        http = build_request(url)
+        req = Net::HTTP::Get.new(url.to_s)
+        res = http.request(req)
+        JSON.parse(res.body)
+      else
+        nil
+      end
+    end
+
+    def build_request(uri)
+      request = Net::HTTP.new(uri.host, uri.port)
+      if uri.scheme == "https"  # enable SSL/TLS
+        request.use_ssl = true
+        #TODO There may be self-signed certificates that we would not be able
+        #to verify, so we'll not verify the ssl certificate for now. Since
+        #this requests will go only towards trusted federated networks the admin
+        #configured we consider this not to be a big deal. Nonetheless we may be
+        #able in the future to require/provide the CA Files on the federation
+        #process which would allow us to verify the certificate.
+        request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+      request
+    end
+
+    def external_login(login, password, domain)
+      # Call Noosfero /api/login
+      result = nil
+      response = nil
+      redirections_allowed = 3
+      external_environment = ExternalEnvironment.find_by_url(domain)
+      scheme = "http#{external_environment.uses_ssl? ? 's' : ''}"
+      location = scheme + '://' + domain + '/api/v1/login'
+      request_params = CGI.unescape({ login: login, password: password }.to_query)
+      begin
+        while redirections_allowed > 0 && (response.blank? || response.code == '301')
+          uri = URI.parse(location)
+          request = build_request(uri)
+          response = request.post(uri.to_s, request_params)
+          location = response.header['location']
+          redirections_allowed -= 1
+        end
+        result = response.code.to_i / 100 === 2 ? JSON.parse(response.body) : nil
+      rescue
+        # Could not make request
+      end
+      result
+    end
+
+    # Authenticates a user from an external social network
+    def external_authenticate(username, password, environment)
+      if username && username.include?('@')
+        login, domain = username.split('@')
+        webfinger = User.webfinger_lookup(login, domain, environment)
+        if webfinger
+          user = User.external_login(login, password, domain)
+          if user
+            u = User.new
+            u.email = user['user']['email']
+            u.login = login
+             webfinger = OpenStruct.new(
+                          identifier: webfinger['properties']['identifier'],
+                          name: webfinger['titles']['name'],
+                          created_at: webfinger['properties']['created_at'],
+                          domain: domain,
+                          email: user['user']['email']
+                        )
+            u.external_person_id = ExternalPerson.get_or_create(webfinger).id
+            return u
+          end
+        end
+      end
+      nil
+    end
+
+  end
+end
@@ -0,0 +1,42 @@
+module Human
+  extend ActiveSupport::Concern
+
+  included do
+    has_many :comments, :as => :author, :foreign_key => :author_id
+    has_many :abuse_reports, :as => :reporter, :foreign_key => 'reporter_id', :dependent => :destroy
+
+    scope :abusers, -> {
+      joins(:abuse_complaints).where('tasks.status = 3').distinct.select("#{self.table_name}.*")
+    }
+    scope :non_abusers, -> {
+      distinct.select("#{self.table_name}.*").
+      joins("LEFT JOIN tasks ON #{self.table_name}.id = tasks.requestor_id AND tasks.type='AbuseComplaint'").
+      where("tasks.status != 3 OR tasks.id is NULL")
+    }
+  end
+
+  def already_reported?(profile)
+    abuse_reports.any? { |report| report.abuse_complaint.reported == profile && report.abuse_complaint.opened? }
+  end
+
+  def register_report(abuse_report, profile)
+    AbuseComplaint.create!(:reported => profile, :target => profile.environment) if !profile.opened_abuse_complaint
+    abuse_report.abuse_complaint = profile.opened_abuse_complaint
+    abuse_report.reporter = self
+    abuse_report.save!
+  end
+
+  def abuser?
+    AbuseComplaint.finished.where(:requestor_id => self).count > 0
+  end
+
+  # Sets the identifier for this person. Raises an exception when called on a
+  # existing person (since peoples' identifiers cannot be changed)
+  def identifier=(value)
+    unless self.new_record?
+      raise ArgumentError.new(_('An existing person cannot be renamed.'))
+    end
+    self[:identifier] = value
+  end
+
+end
@@ -0,0 +1,155 @@
+module ProfileEntity
+  extend ActiveSupport::Concern
+
+  included do
+    attr_accessible :name, :identifier, :environment
+
+    validates_presence_of :identifier, :name
+
+    belongs_to :environment
+    has_many :search_terms, :as => :context
+    has_many :abuse_complaints, :as => :reported, :foreign_key => 'requestor_id', :dependent => :destroy
+
+    before_create :set_default_environment
+
+    scope :recent, -> limit=nil { order('id DESC').limit(limit) }
+
+  end
+
+  def disable
+    self.visible = false
+    self.save
+  end
+
+  def enable
+    self.visible = true
+    self.save
+  end
+
+  def opened_abuse_complaint
+    abuse_complaints.opened.first
+  end
+
+  def set_default_environment
+    if self.environment.nil?
+      self.environment = Environment.default
+    end
+    true
+  end
+
+  # returns +false+
+  def person?
+    self.kind_of?(Person)
+  end
+
+  def enterprise?
+    self.kind_of?(Enterprise)
+  end
+
+  def organization?
+    self.kind_of?(Organization)
+  end
+
+  def community?
+    self.kind_of?(Community)
+  end
+
+  include ActionView::Helpers::TextHelper
+  def short_name(chars = 40)
+    if self[:nickname].blank?
+      if chars
+        truncate self.name, length: chars, omission: '...'
+      else
+        self.name
+      end
+    else
+      self[:nickname]
+    end
+  end
+
+  def to_liquid
+    HashWithIndifferentAccess.new :name => name, :identifier => identifier
+  end
+
+  # Tells whether a specified profile has members or nor.
+  #
+  # On this class, returns <tt>false</tt> by default.
+  def has_members?
+    false
+  end
+
+  def apply_type_specific_template(template)
+  end
+
+  # Override this method in subclasses of Profile to create a default article
+  # set upon creation. Note that this method will be called *only* if there is
+  # no template for the type of profile (i.e. if the template was removed or in
+  # the creation of the template itself).
+  #
+  # This method must return an array of pre-populated articles, which will be
+  # associated to the profile before being saved. Example:
+  #
+  #   def default_set_of_articles
+  #     [Blog.new(:name => 'Blog'), Gallery.new(:name => 'Gallery')]
+  #   end
+  #
+  # By default, this method returns an empty array.
+  def default_set_of_articles
+    []
+  end
+
+  def blocks_to_expire_cache
+    []
+  end
+
+  def cache_keys(params = {})
+    []
+  end
+
+  def members_cache_key(params = {})
+    page = params[:npage] || '1'
+    sort = (params[:sort] ==  'desc') ? params[:sort] : 'asc'
+    cache_key + '-members-page-' + page + '-' + sort
+  end
+
+  def more_recent_label
+    _("Since: ")
+  end
+
+  def control_panel_settings_button
+    {:title => _('Edit Profile'), :icon => 'edit-profile'}
+  end
+
+  def control_panel_settings_button
+    {:title => _('Profile Info and settings'), :icon => 'edit-profile'}
+  end
+
+  def exclude_verbs_on_activities
+    %w[]
+  end
+
+  def allow_invitation_from(person)
+    false
+  end
+
+  def allow_post_content?(person = nil)
+    person.kind_of?(Profile) && person.has_permission?('post_content', self)
+  end
+
+  def allow_edit?(person = nil)
+    person.kind_of?(Profile) && person.has_permission?('edit_profile', self)
+  end
+
+  def allow_destroy?(person = nil)
+    person.kind_of?(Profile) && person.has_permission?('destroy_profile', self)
+  end
+
+  module ClassMethods
+
+    def identification
+      name
+    end
+
+  end
+
+end
@@ -1009,6 +1009,10 @@ class Environment &lt; ApplicationRecord
     HashWithIndifferentAccess.new :name => name
   end
+  def has_federated_network?(domain)
+    self.external_environments.map(&:url).any? { |url| /http[s]?:\/\/#{domain}\/?/ =~ url }
+  end
+
   private
   def default_language_available
@@ -6,4 +6,9 @@ class ExternalEnvironment &lt; ActiveRecord::Base
   has_many :environment_external_environments, dependent: :destroy
   has_many :environments, through: :environment_external_environments
+
+  def uses_ssl?
+    url.starts_with? 'https'
+  end
+
 end
@@ -0,0 +1,290 @@
+# A pseudo profile is a person from a remote network
+class ExternalPerson < ActiveRecord::Base
+
+  include Human
+  include ProfileEntity
+
+  validates_uniqueness_of :identifier, scope: :source
+
+  validates_presence_of :source, :email, :created_at
+
+  attr_accessible :source, :email, :created_at
+
+  def self.get_or_create(webfinger)
+    user = ExternalPerson.find_by(identifier: webfinger.identifier, source: webfinger.domain)
+    if user.nil?
+      user = ExternalPerson.create!(identifier: webfinger.identifier,
+                                    name: webfinger.name,
+                                    source: webfinger.domain,
+                                    email: webfinger.email,
+                                    created_at: webfinger.created_at
+                                   )
+    end
+    user
+  end
+
+  def privacy_setting
+    _('Public profile')
+  end
+
+  def avatar
+    "http://#{self.source}/profile/#{self.identifier}/icon/"
+  end
+
+  def url
+    "http://#{self.source}/profile/#{self.identifier}"
+  end
+
+  alias :public_profile_url :url
+
+  def admin_url
+    "http://#{self.source}/myprofile/#{self.identifier}"
+  end
+
+  def wall_url
+    self.url
+  end
+  def tasks_url
+    self.url
+  end
+  def leave_url(reload = false)
+    self.url
+  end
+  def join_url
+    self.url
+  end
+  def join_not_logged_url
+    self.url
+  end
+  def check_membership_url
+    self.url
+  end
+  def add_url
+    self.url
+  end
+  def check_friendship_url
+    self.url
+  end
+  def people_suggestions_url
+    self.url
+  end
+  def communities_suggestions_url
+    self.url
+  end
+  def top_url(scheme = 'http')
+    "#{scheme}://#{self.source}"
+  end
+
+  def profile_custom_icon(gravatar_default=nil)
+    self.avatar
+  end
+
+  def preferred_login_redirection
+    environment.redirection_after_login
+  end
+
+  def location
+    self.source
+  end
+
+  def default_hostname
+    environment.default_hostname
+  end
+
+  def possible_domains
+    environment.domains
+  end
+
+  def person?
+    true
+  end
+
+  def contact_email(*args)
+    self.email
+  end
+
+  def notification_emails
+    [self.contact_email]
+  end
+
+  def email_domain
+    self.source
+  end
+
+  def email_addresses
+    ['%s@%s' % [self.identifier, self.source] ]
+  end
+
+  def jid(options = {})
+    "#{self.identifier}@#{self.source}"
+  end
+  def full_jid(options = {})
+    "#{jid(options)}/#{self.name}"
+  end
+
+  class ExternalPerson::Image
+    def initialize(path)
+      @path = path
+    end
+
+    def public_filename(size = nil)
+      URI.join(@path, size.to_s)
+    end
+
+    def content_type
+      # This is not really going to be used anywhere that matters
+      # so we are hardcodding it here.
+      'image/png'
+    end
+  end
+
+  def image
+    ExternalPerson::Image.new(avatar)
+  end
+
+  def data_hash(gravatar_default = nil)
+    friends_list = {}
+    {
+      'login' => self.identifier,
+      'name' => self.name,
+      'email' => self.email,
+      'avatar' => self.profile_custom_icon(gravatar_default),
+      'is_admin' => self.is_admin?,
+      'since_month' => self.created_at.month,
+      'since_year' => self.created_at.year,
+      'email_domain' => self.source,
+      'friends_list' => friends_list,
+      'enterprises' => [],
+      'amount_of_friends' => friends_list.count,
+      'chat_enabled' => false
+    }
+  end
+
+  # External Person should respond to all methods in Person and Profile
+  def person_instance_methods
+    methods_and_responses = {
+     enterprises: Enterprise.none, communities: Community.none, friends:
+     Person.none, memberships: Profile.none, friendships: Person.none,
+     following_articles: Article.none, article_followers: ArticleFollower.none,
+     requested_tasks: Task.none, mailings: Mailing.none, scraps_sent:
+     Scrap.none, favorite_enterprise_people: FavoriteEnterprisePerson.none,
+     favorite_enterprises: Enterprise.none, acepted_forums: Forum.none,
+     articles_with_access: Article.none, suggested_profiles:
+     ProfileSuggestion.none, suggested_people: ProfileSuggestion.none,
+     suggested_communities: ProfileSuggestion.none, user: nil,
+     refused_communities: Community.none, has_permission?: false,
+     has_permission_with_admin?: false, has_permission_without_admin?: false,
+     has_permission_with_plugins?: false, has_permission_without_plugins?:
+     false, memberships_by_role: Person.none, can_change_homepage?: false,
+     can_control_scrap?: false, receives_scrap_notification?: false,
+     can_control_activity?: false, can_post_content?: false,
+     suggested_friend_groups: [], friend_groups: [], add_friend: nil,
+     already_request_friendship?: false, remove_friend: nil,
+     presence_of_required_fields: nil, active_fields: [], required_fields: [],
+     signup_fields: [], default_set_of_blocks: [], default_set_of_boxes: [],
+     default_set_of_articles: [], cell_phone: nil, comercial_phone: nil,
+     nationality: nil, schooling: nil, contact_information: nil, sex: nil,
+     birth_date: nil, jabber_id: nil, personal_website: nil, address_reference:
+     nil, district: nil, schooling_status: nil, formation: nil,
+     custom_formation: nil, area_of_study: nil, custom_area_of_study: nil,
+     professional_activity: nil, organization_website: nil, organization: nil,
+     photo: nil, city: nil, state: nil, country: nil, zip_code: nil,
+     address_line2: nil, copy_communities_from: nil,
+     has_organization_pending_tasks?: false, organizations_with_pending_tasks:
+     Organization.none, pending_tasks_for_organization: Task.none,
+     build_contact: nil, is_a_friend?: false, ask_to_join?: false, refuse_join:
+     nil, blocks_to_expire_cache: [], cache_keys: [], communities_cache_key: '',
+     friends_cache_key: '', manage_friends_cache_key: '',
+     relationships_cache_key: '', is_member_of?: false, follows?: false,
+     each_friend: nil, is_last_admin?: false, is_last_admin_leaving?: false,
+     leave: nil, last_notification: nil, notification_time: 0, notifier: nil,
+     remove_suggestion: nil, allow_invitation_from?: false
+    }
+
+    derivated_methods = generate_derivated_methods(methods_and_responses)
+    derivated_methods.merge(methods_and_responses)
+  end
+
+  def profile_instance_methods
+    methods_and_responses = {
+     role_assignments: RoleAssignment.none, favorite_enterprises:
+     Enterprise.none, memberships: Profile.none, friendships: Profile.none,
+     tasks: Task.none, suggested_profiles: ProfileSuggestion.none,
+     suggested_people: ProfileSuggestion.none, suggested_communities:
+     ProfileSuggestion.none, public_profile: true, nickname: nil, custom_footer:
+     '', custom_header: '', address: '', zip_code: '', contact_phone: '',
+     image_builder: nil, description: '', closed: false, template_id: nil, lat:
+     nil, lng: nil, is_template: false, fields_privacy: {}, preferred_domain_id:
+     nil, category_ids: [], country: '', city: '', state: '',
+     national_region_code: '', redirect_l10n: false, notification_time: 0,
+     custom_url_redirection: nil, email_suggestions: false,
+     allow_members_to_invite: false, invite_friends_only: false, secret: false,
+     profile_admin_mail_notification: false, redirection_after_login: nil,
+     profile_activities: ProfileActivity.none, action_tracker_notifications:
+     ActionTrackerNotification.none, tracked_notifications:
+     ActionTracker::Record.none, scraps_received: Scrap.none, template:
+     Profile.none, comments_received: Comment.none, email_templates:
+     EmailTemplate.none, members: Profile.none, members_like: Profile.none,
+     members_by: Profile.none, members_by_role: Profile.none, scraps:
+     Scrap.none, welcome_page_content: nil, settings: {}, find_in_all_tasks:
+     nil, top_level_categorization: {}, interests: Category.none, geolocation:
+     '', country_name: '', pending_categorizations: [], add_category: false,
+     create_pending_categorizations: false, top_level_articles: Article.none,
+     valid_identifier: true, valid_template: false, create_default_set_of_boxes:
+     true, copy_blocks_from: nil, default_template: nil,
+     template_without_default: nil, template_with_default: nil, apply_template:
+     false, iframe_whitelist: [], recent_documents: Article.none, last_articles:
+     Article.none, is_validation_entity?: false, hostname: nil, own_hostname:
+     nil, article_tags: {}, tagged_with: Article.none,
+     insert_default_article_set: false, copy_articles_from: true,
+     copy_article_tree: nil, copy_article?: false, add_member: false,
+     remove_member: false, add_admin: false, remove_admin: false, add_moderator:
+     false, display_info_to?: true, update_category_from_region: nil,
+     accept_category?: false, custom_header_expanded: '',
+     custom_footer_expanded: '', public?: true, themes: [], find_theme: nil,
+     blogs: Blog.none, blog: nil, has_blog?: false, forums: Forum.none, forum:
+     nil, has_forum?: false, admins: [], settings_field: {}, setting_changed:
+     false, public_content: true, enable_contact?: false, folder_types: [],
+     folders: Article.none, image_galleries: Article.none, image_valid: true,
+     update_header_and_footer: nil, update_theme: nil, update_layout_template:
+     nil, recent_actions: ActionTracker::Record.none, recent_notifications:
+     ActionTracker::Record.none, more_active_label: _('no activity'),
+     more_popular_label: _('no members'), profile_custom_image: nil,
+     is_on_homepage?: false, activities: ProfileActivity.none,
+     may_display_field_to?: true, may_display_location_to?: true, public_fields:
+     {}, followed_by?: false, display_private_info_to?: true, can_view_field?:
+     true, remove_from_suggestion_list: nil, layout_template: 'default',
+     is_admin?: false, add_friend: false, follows?: false, is_a_friend?: false,
+     already_request_friendship?: false
+    }
+
+    derivated_methods = generate_derivated_methods(methods_and_responses)
+    derivated_methods.merge(methods_and_responses)
+  end
+
+  def method_missing(method, *args, &block)
+    if person_instance_methods.keys.include?(method)
+      return person_instance_methods[method]
+    end
+    if profile_instance_methods.keys.include? method
+      return profile_instance_methods[method]
+    end
+  end
+
+  def respond_to_missing?(method_name, include_private = false)
+    person_instance_methods.keys.include?(method_name) ||
+    profile_instance_methods.keys.include?(method_name) ||
+    super
+  end
+
+  private
+
+  def generate_derivated_methods(methods)
+    derivated_methods = {}
+    methods.keys.each do |method|
+      derivated_methods[method.to_s.insert(-1, '?').to_sym] = false
+      derivated_methods[method.to_s.insert(-1, '=').to_sym] = nil
+    end
+    derivated_methods
+  end
+end
 # A person is the profile of an user holding all relationships with the rest of the system
 class Person < Profile
+  include Human
+
   attr_accessible :organization, :contact_information, :sex, :birth_date, :cell_phone, :comercial_phone, :jabber_id, :personal_website, :nationality, :address_reference, :district, :schooling, :schooling_status, :formation, :custom_formation, :area_of_study, :custom_area_of_study, :professional_activity, :organization_website, :following_articles
   SEARCH_FILTERS = {
@@ -88,7 +90,6 @@ class Person &lt; Profile
     memberships.where('role_assignments.role_id = ?', role.id)
   end
-  has_many :comments, :foreign_key => :author_id
   has_many :article_followers, :dependent => :destroy
   has_many :following_articles, :class_name => 'Article', :through => :article_followers, :source => :article
   has_many :friendships, :dependent => :destroy
@@ -100,8 +101,6 @@ class Person &lt; Profile
   has_many :requested_tasks, :class_name => 'Task', :foreign_key => :requestor_id, :dependent => :destroy
-  has_many :abuse_reports, :foreign_key => 'reporter_id', :dependent => :destroy
-
   has_many :mailings
   has_many :scraps_sent, :class_name => 'Scrap', :foreign_key => :sender_id, :dependent => :destroy
@@ -123,15 +122,6 @@ class Person &lt; Profile
   scope :more_popular, -> { order 'friends_count DESC' }
-  scope :abusers, -> {
-    joins(:abuse_complaints).where('tasks.status = 3').distinct.select('profiles.*')
-  }
-  scope :non_abusers, -> {
-    distinct.select("profiles.*").
-    joins("LEFT JOIN tasks ON profiles.id = tasks.requestor_id AND tasks.type='AbuseComplaint'").
-    where("tasks.status != 3 OR tasks.id is NULL")
-  }
-
   scope :admins, -> { joins(:role_assignments => :role).where('roles.key = ?', 'environment_administrator') }
   scope :activated, -> { joins(:user).where('users.activation_code IS NULL AND users.activated_at IS NOT NULL') }
   scope :deactivated, -> { joins(:user).where('NOT (users.activation_code IS NULL AND users.activated_at IS NOT NULL)') }
@@ -174,15 +164,6 @@ class Person &lt; Profile
       (self.has_permission?('post_content', profile) || self.has_permission?('publish_content', profile))
   end
-  # Sets the identifier for this person. Raises an exception when called on a
-  # existing person (since peoples' identifiers cannot be changed)
-  def identifier=(value)
-    unless self.new_record?
-      raise ArgumentError.new(_('An existing person cannot be renamed.'))
-    end
-    self[:identifier] = value
-  end
-
   def suggested_friend_groups
     (friend_groups.compact + [ _('friends'), _('work'), _('school'), _('family') ]).map {|i| i if !i.empty?}.compact.uniq
   end
@@ -192,7 +173,7 @@ class Person &lt; Profile
   end
   def add_friend(friend, group = nil)
-    unless self.is_a_friend?(friend)
+    unless self.is_a_friend?(friend) || friend.is_a?(ExternalPerson)
       friendship = self.friendships.build
       friendship.friend = friend
       friendship.group = group
@@ -517,21 +498,6 @@ class Person &lt; Profile
     leave_hash.to_json
   end
-  def already_reported?(profile)
-    abuse_reports.any? { |report| report.abuse_complaint.reported == profile && report.abuse_complaint.opened? }
-  end
-
-  def register_report(abuse_report, profile)
-    AbuseComplaint.create!(:reported => profile, :target => profile.environment) if !profile.opened_abuse_complaint
-    abuse_report.abuse_complaint = profile.opened_abuse_complaint
-    abuse_report.reporter = self
-    abuse_report.save!
-  end
-
-  def abuser?
-    AbuseComplaint.finished.where(:requestor_id => self).count > 0
-  end
-
   def control_panel_settings_button
     {:title => _('Edit Profile'), :icon => 'edit-profile'}
   end
@@ -580,6 +546,34 @@ class Person &lt; Profile
     person.has_permission?(:manage_friends, self)
   end
+  def data_hash(gravatar_default = nil)
+    friends_list = {}
+    enterprises = self.enterprises.map { |e| { 'name' => e.short_name, 'identifier' => e.identifier } }
+    self.friends.online.map do |person|
+      friends_list[person.identifier] = {
+        'avatar' => person.profile_custom_icon(gravatar_default),
+        'name' => person.short_name,
+        'jid' => person.full_jid,
+        'status' => person.user.chat_status,
+      }
+    end
+
+    {
+      'login' => self.identifier,
+      'name' => self.name,
+      'email' => self.email,
+      'avatar' => self.profile_custom_icon(gravatar_default),
+      'is_admin' => self.is_admin?,
+      'since_month' => self.created_at.month,
+      'since_year' => self.created_at.year,
+      'email_domain' => self.user.enable_email ? self.user.email_domain : nil,
+      'friends_list' => friends_list,
+      'enterprises' => enterprises,
+      'amount_of_friends' => friends_list.count,
+      'chat_enabled' => self.environment.enabled?('xmpp_chat')
+    }
+  end
+
   protected
   def followed_by?(profile)
@@ -3,9 +3,10 @@
 # which by default is the one returned by Environment:default.
 class Profile < ApplicationRecord
-  attr_accessible :name, :identifier, :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :environment, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time,
-    :redirection_after_login, :custom_url_redirection,
-    :email_suggestions, :allow_members_to_invite, :invite_friends_only, :secret, :profile_admin_mail_notification
+  include ProfileEntity
+
+  attr_accessible :public_profile, :nickname, :custom_footer, :custom_header, :address, :zip_code, :contact_phone, :image_builder, :description, :closed, :template_id, :lat, :lng, :is_template, :fields_privacy, :preferred_domain_id, :category_ids, :country, :city, :state, :national_region_code, :email, :contact_email, :redirect_l10n, :notification_time,
+    :custom_url_redirection, :email_suggestions, :allow_members_to_invite, :invite_friends_only, :secret, :profile_admin_mail_notification, :redirection_after_login
   # use for internationalizable human type names in search facets
   # reimplement on subclasses
@@ -115,8 +116,6 @@ class Profile &lt; ApplicationRecord
   }
   scope :no_templates, -> { where is_template: false }
-  scope :recent, -> limit=nil { order('id DESC').limit(limit) }
-
   # Returns a scoped object to select profiles in a given location or in a radius
   # distance from the given location center.
@@ -224,8 +223,6 @@ class Profile &lt; ApplicationRecord
     welcome_page && welcome_page.published ? welcome_page.body : nil
   end
-  has_many :search_terms, :as => :context
-
   def scraps(scrap=nil)
     scrap = scrap.is_a?(Scrap) ? scrap.id : scrap
     scrap.nil? ? Scrap.all_scraps(self) : Scrap.all_scraps(self).find(scrap)
@@ -278,7 +275,6 @@ class Profile &lt; ApplicationRecord
   has_many :domains, :as => :owner
   belongs_to :preferred_domain, :class_name => 'Domain', :foreign_key => 'preferred_domain_id'
-  belongs_to :environment
   has_many :articles, :dependent => :destroy
   belongs_to :home_page, :class_name => Article.name, :foreign_key => 'home_page_id'
@@ -305,8 +301,6 @@ class Profile &lt; ApplicationRecord
   has_many :profile_categorizations_including_virtual, :class_name => 'ProfileCategorization'
   has_many :categories_including_virtual, :through => :profile_categorizations_including_virtual, :source => :category
-  has_many :abuse_complaints, :foreign_key => 'requestor_id', :dependent => :destroy
-
   has_many :profile_suggestions, :foreign_key => :suggestion_id, :dependent => :destroy
   def top_level_categorization
@@ -401,7 +395,6 @@ class Profile &lt; ApplicationRecord
     self.all
   end
-  validates_presence_of :identifier, :name
   validates_length_of :nickname, :maximum => 16, :allow_nil => true
   validate :valid_template
   validate :valid_identifier
@@ -416,14 +409,6 @@ class Profile &lt; ApplicationRecord
     end
   end
-  before_create :set_default_environment
-  def set_default_environment
-    if self.environment.nil?
-      self.environment = Environment.default
-    end
-    true
-  end
-
   # registar callback for creating boxes after the object is created.
   after_create :create_default_set_of_boxes
@@ -496,9 +481,6 @@ class Profile &lt; ApplicationRecord
     self.save(:validate => false)
   end
-  def apply_type_specific_template(template)
-  end
-
   xss_terminate :only => [ :name, :nickname, :address, :contact_phone, :description ], :on => 'validation'
   xss_terminate :only => [ :custom_footer, :custom_header ], :with => 'white_list'
@@ -539,10 +521,6 @@ class Profile &lt; ApplicationRecord
     ).order('articles.published_at desc, articles.id desc')
   end
-  def to_liquid
-    HashWithIndifferentAccess.new :name => name, :identifier => identifier
-  end
-
   class << self
     # finds a profile by its identifier. This method is a shortcut to
@@ -562,23 +540,6 @@ class Profile &lt; ApplicationRecord
     environment
   end
-  # returns +false+
-  def person?
-    self.kind_of?(Person)
-  end
-
-  def enterprise?
-    self.kind_of?(Enterprise)
-  end
-
-  def organization?
-    self.kind_of?(Organization)
-  end
-
-  def community?
-    self.kind_of?(Community)
-  end
-
   # returns false.
   def is_validation_entity?
     false
@@ -683,13 +644,6 @@ private :generate_url, :url_options
     self.articles.tagged_with(tag)
   end
-  # Tells whether a specified profile has members or nor.
-  #
-  # On this class, returns <tt>false</tt> by default.
-  def has_members?
-    false
-  end
-
   after_create :insert_default_article_set
   def insert_default_article_set
     if template
@@ -704,23 +658,6 @@ private :generate_url, :url_options
     end
   end
-  # Override this method in subclasses of Profile to create a default article
-  # set upon creation. Note that this method will be called *only* if there is
-  # no template for the type of profile (i.e. if the template was removed or in
-  # the creation of the template itself).
-  #
-  # This method must return an array of pre-populated articles, which will be
-  # associated to the profile before being saved. Example:
-  #
-  #   def default_set_of_articles
-  #     [Blog.new(:name => 'Blog'), Gallery.new(:name => 'Gallery')]
-  #   end
-  #
-  # By default, this method returns an empty array.
-  def default_set_of_articles
-    []
-  end
-
   def copy_articles_from other
     return false if other.top_level_articles.empty?
     other.top_level_articles.each do |a|
@@ -816,19 +753,6 @@ private :generate_url, :url_options
     !forbidden.include?(cat.class)
   end
-  include ActionView::Helpers::TextHelper
-  def short_name(chars = 40)
-    if self[:nickname].blank?
-      if chars
-        truncate self.name, length: chars, omission: '...'
-      else
-        self.name
-      end
-    else
-      self[:nickname]
-    end
-  end
-
   def custom_header
     self[:custom_header] || environment && environment.custom_header
   end
@@ -934,14 +858,6 @@ private :generate_url, :url_options
     articles.galleries
   end
-  def blocks_to_expire_cache
-    []
-  end
-
-  def cache_keys(params = {})
-    []
-  end
-
   validate :image_valid
   def image_valid
@@ -978,16 +894,6 @@ private :generate_url, :url_options
     self.update_attribute(:layout_template, template)
   end
-  def members_cache_key(params = {})
-    page = params[:npage] || '1'
-    sort = (params[:sort] ==  'desc') ? params[:sort] : 'asc'
-    cache_key + '-members-page-' + page + '-' + sort
-  end
-
-  def more_recent_label
-    _("Since: ")
-  end
-
   def recent_actions
     tracked_actions.recent
   end
@@ -1042,32 +948,6 @@ private :generate_url, :url_options
     end
   end
-  def opened_abuse_complaint
-    abuse_complaints.opened.first
-  end
-
-  def disable
-    self.visible = false
-    self.save
-  end
-
-  def enable
-    self.visible = true
-    self.save
-  end
-
-  def control_panel_settings_button
-    {:title => _('Edit Profile'), :icon => 'edit-profile'}
-  end
-
-  def self.identification
-    name
-  end
-
-  def exclude_verbs_on_activities
-    %w[]
-  end
-
   # Customize in subclasses
   def activities
     self.profile_activities.includes(:activity).order('updated_at DESC')
@@ -1102,10 +982,6 @@ private :generate_url, :url_options
     self.active_fields
   end
-  def control_panel_settings_button
-    {:title => _('Profile Info and settings'), :icon => 'edit-profile'}
-  end
-
   def followed_by?(person)
     person.is_member_of?(self)
   end
@@ -1133,19 +1009,4 @@ private :generate_url, :url_options
     suggestion.disable if suggestion
   end
-  def allow_invitation_from(person)
-    false
-  end
-
-  def allow_post_content?(person = nil)
-    person.kind_of?(Profile) && person.has_permission?('post_content', self)
-  end
-
-  def allow_edit?(person = nil)
-    person.kind_of?(Profile) && person.has_permission?('edit_profile', self)
-  end
-
-  def allow_destroy?(person = nil)
-    person.kind_of?(Profile) && person.has_permission?('destroy_profile', self)
-  end
 end
@@ -7,6 +7,8 @@ class User &lt; ApplicationRecord
   attr_accessible :login, :email, :password, :password_confirmation, :activated_at
+  include ExternalUser
+
   N_('Password')
   N_('Password confirmation')
   N_('Terms accepted')
@@ -105,6 +107,8 @@ class User &lt; ApplicationRecord
   has_one :person, dependent: :destroy, autosave: false
   belongs_to :environment
+  alias_method_chain :person, :external
+
   has_many :sessions, dependent: :destroy
   # holds the current session, see lib/authenticated_system.rb
   attr_accessor :session
@@ -146,7 +150,8 @@ class User &lt; ApplicationRecord
       u.generate_private_token_if_not_exist
       return u
     end
-    return nil
+
+    return User.external_authenticate(login, password, environment)
   end
   def register_login
@@ -380,31 +385,7 @@ class User &lt; ApplicationRecord
   end
   def data_hash(gravatar_default = nil)
-    friends_list = {}
-    enterprises = person.enterprises.map { |e| { 'name' => e.short_name, 'identifier' => e.identifier } }
-    self.person.friends.online.map do |person|
-      friends_list[person.identifier] = {
-        'avatar' => person.profile_custom_icon(gravatar_default),
-        'name' => person.short_name,
-        'jid' => person.full_jid,
-        'status' => person.user.chat_status,
-      }
-    end
-
-    {
-      'login' => self.login,
-      'name' => self.person.name,
-      'email' => self.email,
-      'avatar' => self.person.profile_custom_icon(gravatar_default),
-      'is_admin' => self.person.is_admin?,
-      'since_month' => self.person.created_at.month,
-      'since_year' => self.person.created_at.year,
-      'email_domain' => self.enable_email ? self.email_domain : nil,
-      'friends_list' => friends_list,
-      'enterprises' => enterprises,
-      'amount_of_friends' => friends_list.count,
-      'chat_enabled' => person.environment.enabled?('xmpp_chat')
-    }
+    self.person.data_hash(gravatar_default)
   end
   def self.expires_chat_status_every
@@ -4,7 +4,7 @@
   <%= _('%s was successfuly activated. Now you may go to your control panel or to the control panel of your enterprise') % @enterprise.name %>
   <%= button_bar do %>
-    <%= button 'forward', _('Go to my control panel'), :action => 'index', :controller => 'profile_editor', :profile => current_user.person.identifier %>
+    <%= button 'forward', _('Go to my control panel'), :action => 'index', :controller => 'profile_editor', :profile => current_person.identifier %>
     <%= button 'forward', _('Go to my enterprise control panel') % @enterprise.name, :action => 'index', :controller => 'profile_editor', :profile => @enterprise.identifier %>
   <% end %>
 <% end %>
@@ -9,7 +9,7 @@
   </div>
   <%= button_bar do %>
-    <%= button :back, _('Go back'), { :profile => current_user.person.identifier, :action=>"enterprises", :controller=>"profile" }%>
+    <%= button :back, _('Go back'), { :profile => current_person.identifier, :action=>"enterprises", :controller=>"profile" }%>
   <% end %>
 <% else %>
   <div class='atention'>
@@ -37,7 +37,7 @@
     <%= template_options(:enterprises, 'create_enterprise')%>
     <%= button_bar do %>
-      <%= submit_button('next', _('Next'), :cancel => {:profile => current_user.person.identifier, :action=>"enterprises", :controller=>"profile"}) %>
+      <%= submit_button('next', _('Next'), :cancel => {:profile => current_person.identifier, :action=>"enterprises", :controller=>"profile"}) %>
     <% end %>
   <% end %>
 <% end %>
@@ -2,7 +2,7 @@
 <%= form_tag( {:action => 'give_role'}, {:method => :post}) do %>
   <%= select_tag 'role', options_for_select(@roles.map{|r|[r.name,r.id]})  %>
-  <%= hidden_field_tag 'person', current_user.person.id %>
+  <%= hidden_field_tag 'person', current_person.id %>
   <%= button_bar do %>
     <%= submit_button('affiliate', _('Affiliate', :cancel => {:action => 'index'}) %>
   <% end %>
 <div id="user">
   <% user = (session[:user] && User.find_by(id: session[:user])) || nil %>
+  <% user ||= (session[:external] && User.new(:external_person_id => session[:external])) || nil %>
   <% if user.present? %>
     <% user = user.person %>
     <span class='logged-in'>
@@ -2,7 +2,7 @@
 <%= form_tag( {:action => 'give_role'}, {:method => :post}) do %>
   <%= select_tag 'role', options_for_select(@roles.map{|r|[r.name,r.id]})  %>
-  <%= hidden_field_tag 'person', current_user.person.id %>
+  <%= hidden_field_tag 'person', current_person.id %>
   <%= button_bar do %>
     <%= submit_button('affiliate', _('Affiliate'), :cancel => {:action => 'index'}) %>
   <% end %>
@@ -87,6 +87,9 @@ Noosfero::Application.routes.draw do
   # comments
   match 'profile/:profile/comment/:action/:id', controller: 'comment', profile: /#{Noosfero.identifier_format_in_url}/i, via: :all
+  # icon
+  match 'profile/:profile/icon(/:size)', controller: 'profile', action: 'icon', size: /(big|minor|thumb|portrait|icon)/, profile: /#{Noosfero.identifier_format_in_url}/i, via: :get
+
   # public profile information
   match 'profile/:profile(/:action(/:id))', controller: 'profile', action: 'index', id: /[^\/]*/, profile: /#{Noosfero.identifier_format_in_url}/i, as: :profile, via: :all
@@ -0,0 +1,17 @@
+class AddTypeToPolymorphicProfileAssociations < ActiveRecord::Migration
+  def up
+    add_column :tasks, :reported_type, :string
+    add_column :abuse_reports, :reporter_type, :string
+    add_column :comments, :author_type, :string
+
+    update("UPDATE tasks SET reported_type='Profile'")
+    update("UPDATE abuse_reports SET reporter_type='Person'")
+    update("UPDATE comments SET author_type='Person'")
+  end
+
+  def down
+    remove_column :abuse_complaints, :reported_type
+    remove_column :abuse_reports, :reporter_type
+    remove_column :comments, :author_type
+  end
+end
@@ -0,0 +1,14 @@
+class CreateExternalPerson < ActiveRecord::Migration
+  def change
+    create_table :external_people do |t|
+      t.string :name
+      t.string :identifier
+      t.string :source
+      t.string :email
+      t.integer :environment_id
+      t.boolean :visible, default: true
+      t.datetime :created_at
+      t.datetime :updated_at
+    end
+  end
+end
@@ -23,6 +23,7 @@ ActiveRecord::Schema.define(version: 20160422163123) do
     t.text     "reason"
     t.datetime "created_at"
     t.datetime "updated_at"
+    t.string   "reporter_type"
   end
   create_table "action_tracker", force: :cascade do |t|
@@ -289,6 +290,7 @@ ActiveRecord::Schema.define(version: 20160422163123) do
     t.string   "user_agent"
     t.string   "referrer"
     t.text     "settings"
+    t.string   "author_type"
   end
   add_index "comments", ["source_id", "spam"], name: "index_comments_on_source_id_and_spam", using: :btree
@@ -404,6 +406,14 @@ ActiveRecord::Schema.define(version: 20160422163123) do
     t.boolean  "disable_feed_ssl",             default: false
   end
+  create_table "external_environments", force: :cascade do |t|
+    t.string "name"
+    t.string "url"
+    t.string "identifier"
+    t.string "screenshot"
+    t.string "thumbnail"
+  end
+
   create_table "external_feeds", force: :cascade do |t|
     t.string   "feed_title"
     t.datetime "fetched_at"
@@ -421,6 +431,17 @@ ActiveRecord::Schema.define(version: 20160422163123) do
   add_index "external_feeds", ["enabled"], name: "index_external_feeds_on_enabled", using: :btree
   add_index "external_feeds", ["fetched_at"], name: "index_external_feeds_on_fetched_at", using: :btree
+  create_table "external_people", force: :cascade do |t|
+    t.string   "name"
+    t.string   "identifier"
+    t.string   "source"
+    t.string   "email"
+    t.integer  "environment_id"
+    t.boolean  "visible",        default: true
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
   create_table "favorite_enterprise_people", force: :cascade do |t|
     t.integer  "person_id"
     t.integer  "enterprise_id"
@@ -432,14 +453,6 @@ ActiveRecord::Schema.define(version: 20160422163123) do
   add_index "favorite_enterprise_people", ["person_id", "enterprise_id"], name: "index_favorite_enterprise_people_on_person_id_and_enterprise_id", using: :btree
   add_index "favorite_enterprise_people", ["person_id"], name: "index_favorite_enterprise_people_on_person_id", using: :btree
-  create_table "external_environments", force: :cascade do |t|
-    t.string "name"
-    t.string "url"
-    t.string "identifier"
-    t.string "screenshot"
-    t.string "thumbnail"
-  end
-
   create_table "friendships", force: :cascade do |t|
     t.integer  "person_id"
     t.integer  "friend_id"
@@ -797,6 +810,7 @@ ActiveRecord::Schema.define(version: 20160422163123) do
     t.boolean  "spam",                      default: false
     t.integer  "responsible_id"
     t.integer  "closed_by_id"
+    t.string   "reported_type"
   end
   add_index "tasks", ["requestor_id"], name: "index_tasks_on_requestor_id", using: :btree
@@ -0,0 +1,55 @@
+Feature: external login
+  As a user
+  I want to login using an account from a federated network
+  In order to view pages logged in
+
+  @selenium
+  Scenario: login from portal homepage
+    Given feature "allow_change_of_redirection_after_login" is disabled on environment
+    And the following external environments
+      | identifier | name | url                           |
+      | test       | Test | http://federated.noosfero.org |
+    And the following external users
+      | login                            |
+      | joaosilva@federated.noosfero.org |
+    And I am not logged in
+    And I go to the homepage
+    And I follow "Login"
+    And I fill in the following:
+      | Username / Email | joaosilva@federated.noosfero.org |
+      | Password         | 123456                           |
+    When I press "Log in"
+    Then I should be on the homepage
+    And I should be externally logged in as "joaosilva@federated.noosfero.org"
+
+  @selenium
+  Scenario: not login from portal homepage
+    Given feature "allow_change_of_redirection_after_login" is disabled on environment
+    And the following external environments
+      | identifier | name | url                           |
+      | test       | Test | http://federated.noosfero.org |
+    And I am not logged in
+    And I go to the homepage
+    And I follow "Login"
+    And I fill in the following:
+      | Username / Email | joaosilva@federated.noosfero.org |
+      | Password         | 123456                           |
+    When I press "Log in"
+    Then I should be on /account/login
+    And I should not be externally logged in as "joaosilva@federated.noosfero.org"
+
+  @selenium
+  Scenario: not login if network is not whitelisted
+    Given feature "allow_change_of_redirection_after_login" is disabled on environment
+    And the following external users
+      | login                            |
+      | joaosilva@federated.noosfero.org |
+    And I am not logged in
+    And I go to the homepage
+    And I follow "Login"
+    And I fill in the following:
+      | Username / Email | joaosilva@federated.noosfero.org |
+      | Password         | 123456                           |
+    When I press "Log in"
+    Then I should be on /account/login
+    And I should not be externally logged in as "joaosilva@federated.noosfero.org"
@@ -679,3 +679,36 @@ Given /^the field (.*) is public for all users$/ do |field|
     person.save!
   end
 end
+
+Given /^the following external users?$/ do |table|
+  table.hashes.each do |item|
+    person_data = item.dup
+    username, domain = person_data['login'].split('@')
+    response = OpenStruct.new(
+      code: '200',
+      body: {
+        user: {
+          email: username + '@ema.il',
+          person: {
+            identifier: username,
+            name: username,
+            created_at: Time.now,
+          }
+        }
+      }.to_json
+    )
+    Net::HTTP.stub(:post_form).and_return(response)
+  end
+end
+
+Then /^I should be externally logged in as "([^@]+)@(.+)"$/ do |username, domain|
+  visit '/'
+  url = 'http://' + domain + '/' + username
+  page.should have_xpath("//a[@href=\"#{url}\"]")
+end
+
+Then /^I should not be externally logged in as "([^@]+)@(.+)"$/ do |username, domain|
+  visit '/'
+  url = 'http://' + domain + '/' + username
+  page.should_not have_xpath("//a[@href=\"#{url}\"]")
+end
@@ -8,6 +8,7 @@ ENV[&quot;RAILS_ENV&quot;] ||= &quot;cucumber&quot;
 require File.expand_path(File.dirname(__FILE__) + '/../../config/environment')
 require 'cucumber/rails'
+require 'cucumber/rspec/doubles'
 Capybara.ignore_hidden_elements = true
@@ -38,7 +38,7 @@ class OrganizationRatingsPluginProfileController &lt; ProfileController
   def create_new_rate
     @rating = OrganizationRating.new(params[:organization_rating])
-    @rating.person = current_user.person
+    @rating.person = current_person
     @rating.organization = profile
     @rating.value = params[:organization_rating_value] if params[:organization_rating_value]
@@ -173,6 +173,7 @@ class OrganizationRatingsPluginProfileControllerTest &lt; ActionController::TestCas
     logout
     @controller.stubs(:logged_in?).returns(false)
+    @controller.stubs(:current_user).returns(nil)
     get :new_rating, profile: @community.identifier
     assert_no_tag :tag => 'p', :content => /Report waiting for approval/, :attributes => {:class =>/comment-rejected-msg/}
@@ -5,11 +5,11 @@
   <div class="star-profile-information">
     <div class="star-profile-image">
-      <%= link_to profile_image(current_user.person, :portrait), current_user.person.url %>
+      <%= link_to profile_image(current_person, :portrait), current_person.url %>
     </div>
     <div class="star-profile-name">
-      <%= link_to current_user.person.name,  current_user.person.url %>
+      <%= link_to current_person.name,  current_person.url %>
     </div>
   </div>
@@ -55,14 +55,14 @@
     </div>
   <% elsif env_organization_ratings_config.vote_once %>
     <div class="star-rate-form rating-vote-once">
-      <%= _("Hi, %s! The administrators set that you can vote") % current_user.name %>
+      <%= _("Hi, %s! The administrators set that you can vote") % current_person.name %>
       <strong><%= _("only once") %></strong>
       <%= _("for this %s.") % profile.class.name.downcase %>
       <%= render :partial => 'shared/rating_button', :locals => { :disabled => true } %>
     </div>
   <% else %>
     <div class="star-rate-form rating-cooldown">
-      <%= _("Hi, %s! The administrators set the minimum time of") % current_user.name %>
+      <%= _("Hi, %s! The administrators set the minimum time of") % current_person.name %>
       <strong><%= _("%d hour(s)") % env_organization_ratings_config.cooldown %></strong>
       <%= _("between each evaluation.") %>
-<% logged_in_image = link_to profile_image(current_user.person, :portrait), current_user.person.url if current_user %>
-<% logged_in_name = link_to current_user.person.name,  current_user.person.url if current_user %>
-<% logged_out_image = image_tag('plugins/organization_ratings/images/user-not-logged.png') %>
+<% logged_in_image = link_to profile_image(current_person, :portrait), current_person.url if current_user %>
+<% logged_in_name = link_to current_person.name,  current_person.url if current_user %>
+<% logged_out_image = image_tag('plugins/organization_ratings/public/images/user-not-logged.png') %>
 <div class="make-report-block">
   <div class="star-profile-information">
@@ -26,4 +26,4 @@
       </div>
     <% end %>
   </div>
-</div>
 \ No newline at end of file
+</div>
@@ -140,7 +140,7 @@ module ApplicationHelper
         [s_('contents|Most commented'), {host: host, controller: :search, action: :contents, filter: 'more_comments'}],
       ]
       if logged_in?
-        links.push [_('New content'), '', modal_options({href: url_for({controller: 'cms', action: 'new', profile: current_user.login, cms: true})})]
+        links.push [_('New content'), '', modal_options({href: url_for({controller: 'cms', action: 'new', profile: current_person.identifier, cms: true})})]
       end
       content_tag :li, class: 'dropdown' do
@@ -170,8 +170,8 @@ module ApplicationHelper
         [s_('people|More popular'), {host: host, controller: :search, action: :people, filter: 'more_popular'}],
       ]
       if logged_in?
-        links.push [_('My friends'),     {profile: current_user.login, controller: 'friends'}]
-        links.push [_('Invite friends'), {profile: current_user.login, controller: 'invite', action: 'friends'}]
+        links.push [_('My friends'),     {profile: current_person.identifier, controller: 'friends'}]
+        links.push [_('Invite friends'), {profile: current_person.identifier, controller: 'invite', action: 'friends'}]
       end
       content_tag :li, class: 'dropdown' do
@@ -201,8 +201,8 @@ module ApplicationHelper
         [s_('communities|More popular'), {host: host, controller: :search, action: :communities, filter: 'more_popular'}],
       ]
       if logged_in?
-        links.push [_('My communities'), {profile: current_user.login, controller: 'memberships'}]
-        links.push [_('New community'),  {profile: current_user.login, controller: 'memberships', action: 'new_community'}]
+        links.push [_('My communities'), {profile: current_person.identifier, controller: 'memberships'}]
+        links.push [_('New community'),  {profile: current_person.identifier, controller: 'memberships', action: 'new_community'}]
       end
       content_tag :li, class: 'dropdown' do
@@ -8,7 +8,7 @@
   </ul>
   <div>
-    <% if logged_in? and (current_user.person.is_admin?(environment) or profile.admins.include?(current_user.person)) %>
+    <% if logged_in? and (current_person.is_admin?(environment) or profile.admins.include?(current_person)) %>
       <%= _('Edit %{inputs} and %{block.interests}') % {
         :inputs => link_to(_("products' inputs"), :controller => :manage_products, :action => :index),
         :interests => link_to(_('declared interests'), :controller => :sniffer_plugin_myprofile, :action => :edit),
@@ -12,9 +12,9 @@ module SolrPlugin::SearchHelper
     :products => ActiveSupport::OrderedHash[ :none, {:label => _('Relevance')},
       :more_recent, {:label => c_('More recent'), :solr_opts => {:sort => 'updated_at desc, score desc'}},
       :name, {:label => _('Name'), :solr_opts => {:sort => 'solr_plugin_name_sortable asc'}},
-      :closest, {:label => _('Closest to me'), :if => proc{ logged_in? && (profile=current_user.person).lat && profile.lng },
+      :closest, {:label => _('Closest to me'), :if => proc{ logged_in? && (profile=current_person).lat && profile.lng },
         :solr_opts => {:sort => "geodist() asc",
-          :latitude => proc{ current_user.person.lat }, :longitude => proc{ current_user.person.lng }}},
+          :latitude => proc{ current_person.lat }, :longitude => proc{ current_person.lng }}},
     ],
     :events => ActiveSupport::OrderedHash[ :none, {:label => _('Relevance')},
       :name, {:label => _('Name'), :solr_opts => {:sort => 'solr_plugin_name_sortable asc'}},
@@ -0,0 +1,53 @@
+require_relative '../test_helper'
+
+class WebfingerTest < ActiveSupport::TestCase
+  def setup
+    Domain.create(name: 'example.com')
+    Environment.default.domains << Domain.last
+    User.create(login: 'ze', email: 'ze@localdomain.localdomain',
+                password: 'zeze', password_confirmation: 'zeze')
+  end
+
+  should 'return correct user via webfinger url' do
+    get '.well-known/webfinger?resource=acct%3Aze%40example.com'
+    webfinger =  JSON.parse(last_response.body)
+    assert_equal 200, last_response.status
+    assert_equal webfinger['subject'], 'acct:ze@example.com'
+  end
+
+  should 'not return json when user not found' do
+    invalid_user = 'invalid_user_in_url'
+    get ".well-known/webfinger?resource=acct%3A#{invalid_user}%40example.com"
+    assert_equal 404, last_response.status
+  end
+
+  should 'return correct article via webfinger url' do
+    a = fast_create(Article, name: 'my article', profile_id: 1)
+    get ".well-known/webfinger?resource=http://example.com/article/id/#{a.id}"
+    webfinger =  JSON.parse(last_response.body)
+    assert_equal 200, last_response.status
+    assert_equal webfinger['subject'], "http://example.com/article/id/#{a.id}"
+  end
+
+  should 'not return json when domain is invalid' do
+    invalid_domain = 'doest_not_exist.com'
+    get ".well-known/webfinger?resource=http://#{invalid_domain}/article/id/1"
+    assert_equal 404, last_response.status
+  end
+
+  should 'not return json when entity is not found' do
+    get '.well-known/webfinger?resource=http://example.com/article/id/999999'
+    assert_equal 404, last_response.status
+  end
+
+  should 'not return json when entity does not exist' do
+    get '.well-known/webfinger?resource=http://example.com/doest_not_exist/id/1'
+    assert_equal 404, last_response.status
+  end
+
+  should 'not return json when request is not http' do
+    not_http_url = 'kkttc://example.com/article/id/1'
+    get ".well-known/webfinger?resource=#{not_http_url}"
+    assert_equal 404, last_response.status
+  end
+end
@@ -369,6 +369,44 @@ class PeopleTest &lt; ActiveSupport::TestCase
     assert_equal "www.blog.org", json['person']['additional_data']['Custom Blog']
   end
+  should 'return portrait icon if size is not provided and there is a profile image' do
+    img = Image.create!(uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'))
+    profile = fast_create(Person, image_id: img.id)
+
+    get "/api/v1/people/#{profile.id}/icon?#{params.to_query}"
+    assert_equal 200, last_response.status
+    json = JSON.parse(last_response.body)
+    assert_match(/^https?:\/\/.*portrait\.png$/, json['icon'])
+  end
+
+  should 'return icon in provided size if there is a profile image' do
+    img = Image.create!(uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'))
+    profile = fast_create(Person, image_id: img.id)
+
+    get "/api/v1/people/#{profile.id}/icon?#{params.to_query}&size=big"
+    assert_equal 200, last_response.status
+    json = JSON.parse(last_response.body)
+    assert_match(/^https?:\/\/.*big\.png$/, json['icon'])
+  end
+
+  should 'return icon from gravatar without size if there is no profile image' do
+    profile = create_user('test-user').person
+
+    get "/api/v1/people/#{profile.id}/icon?#{params.to_query}"
+    assert_equal 200, last_response.status
+    json = JSON.parse(last_response.body)
+    assert_match(/^https:\/\/www\.gravatar\.com.*size=64/, json['icon'])
+  end
+
+  should 'return icon from gravatar with size if there is no profile image' do
+    profile = create_user('test-user').person
+
+    get "/api/v1/people/#{profile.id}/icon?#{params.to_query}&size=big"
+    assert_equal 200, last_response.status
+    json = JSON.parse(last_response.body)
+    assert_match(/^https:\/\/www\.gravatar\.com.*size=150/, json['icon'])
+  end
+
   PERSON_ATTRIBUTES = %w(vote_count comments_count articles_count following_articles_count)
   PERSON_ATTRIBUTES.map do |attribute|
@@ -487,7 +487,7 @@ class CommentControllerTest &lt; ActionController::TestCase
   should 'edit comment from a page' do
     login_as profile.identifier
     page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
-    comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article', :author_id => profile.id)
+    comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article', :author_id => profile.id, :author_type => 'Person')
     get :edit, :id => comment.id, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
     assert_tag :tag => 'textarea', :attributes => {:id => 'comment_body'}, :content => /Original comment/
@@ -522,7 +522,7 @@ class CommentControllerTest &lt; ActionController::TestCase
   should 'be able to update a comment' do
     login_as profile.identifier
     page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text', :accept_comments => false)
-    comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article', :author_id => profile)
+    comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article', :author_id => profile, :author_type => 'Person')
     xhr :post, :update, :id => comment.id, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
     assert ActiveSupport::JSON.decode(@response.body)["ok"], "attribute ok expected to be true"
@@ -1932,4 +1932,37 @@ class ProfileControllerTest &lt; ActionController::TestCase
     assert_redirected_to :controller => 'account', :action => 'login'
   end
+  should 'return portrait icon if size is not provided and there is a profile image' do
+    img = Image.create!(uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'))
+    profile = fast_create(Person, image_id: img.id)
+
+    get :icon, profile: profile.identifier, size: nil
+    assert_response :success
+    assert_equal 'image/png', @response.header['Content-Type']
+    assert File.exists?(assigns(:file))
+  end
+
+  should 'return icon in provided size if there is a profile image' do
+    img = Image.create!(uploaded_data: fixture_file_upload('/files/rails.png', 'image/png'))
+    profile = fast_create(Person, image_id: img.id)
+
+    get :icon, profile: profile.identifier, size: :big
+    assert_response :success
+    assert_equal 'image/png', @response.header['Content-Type']
+    assert File.exists?(assigns(:file))
+  end
+
+  should 'return icon from gravatar without size if there is no profile image' do
+    profile = fast_create(Person)
+
+    get :icon, profile: profile.identifier
+    assert_redirected_to /^https:\/\/www\.gravatar\.com\/.*/
+  end
+
+  should 'return icon from gravatar with size if there is no profile image' do
+    profile = fast_create(Person)
+
+    get :icon, profile: profile.identifier, size: :thumb
+    assert_redirected_to /^https:\/\/www\.gravatar\.com\/.*/
+  end
 end
@@ -276,4 +276,11 @@ class RoutingTest &lt; ActionDispatch::IntegrationTest
     assert_routing('/profile/~', :controller => 'profile', :profile => '~', :action => 'index')
   end
+  should 'have route to profile icon without size' do
+    assert_routing('/profile/ze/icon', controller: 'profile', profile: 'ze', action: 'icon')
+  end
+
+  should 'have route to profile icon with supported size' do
+    assert_routing('/profile/ze/icon/big', controller: 'profile', profile: 'ze', action: 'icon', size: 'big')
+  end
 end
@@ -23,17 +23,14 @@ class CommentTest &lt; ActiveSupport::TestCase
     end
   end
-  should 'record authenticated author' do
+  should 'record authenticated author polymorphically' do
     c = Comment.new
-    assert_raise ActiveRecord::AssociationTypeMismatch do
-      c.author = 1
-    end
-    assert_raise ActiveRecord::AssociationTypeMismatch do
-      c.author = Profile
-    end
     assert_nothing_raised do
       c.author = Person.new
     end
+    assert_nothing_raised do
+      c.author = ExternalPerson.new
+    end
   end
   should 'record unauthenticated author' do
@@ -0,0 +1,137 @@
+# encoding: UTF-8
+require_relative "../test_helper"
+
+class ExternalPersonTest < ActiveSupport::TestCase
+  fixtures :environments
+
+  def setup
+    @external_person = ExternalPerson.create!(identifier: 'johnlock',
+                                     name: 'John Lock',
+                                     source: 'anerenvironment.org',
+                                     email: 'john@lock.org',
+                                     created_at: Date.yesterday
+                                    )
+  end
+
+  should 'have no permissions' do
+    assert_equivalent [], @external_person.role_assignments
+    refute @external_person.has_permission?(:manage_friends)
+  end
+
+  should 'have no suggested profiles' do
+    assert_equivalent [], @external_person.suggested_communities
+    assert_equivalent [], @external_person.suggested_people
+    assert_equivalent [], @external_person.suggested_profiles
+  end
+
+  should 'have no friendships' do
+    refute @external_person.add_friend(fast_create(Person))
+    assert_equivalent [], @external_person.friendships
+  end
+
+  should 'not be a member of any communities' do
+    community = fast_create(Community)
+    refute community.add_member(@external_person)
+    assert_equivalent [], @external_person.memberships
+  end
+
+  should 'not have any favorite enterprises' do
+    assert_equivalent [], @external_person.favorite_enterprises
+  end
+
+  should 'be a person' do
+    assert @external_person.person?
+  end
+
+  should 'not be a community, organization or enterprise' do
+    refute @external_person.community?
+    refute @external_person.enterprise?
+    refute @external_person.organization?
+  end
+
+  should 'never be an admin for environments' do
+    refute @external_person.is_admin?
+    env = Environment.default
+    env.add_admin @external_person
+    refute @external_person.is_admin?(env)
+    assert_equivalent [], env.admins
+  end
+
+  should 'redirect after login based on environment settings' do
+    assert_respond_to ExternalPerson.new, :preferred_login_redirection
+    environment = fast_create(Environment, :redirection_after_login => 'site_homepage')
+    profile = fast_create(ExternalPerson, :environment_id => environment.id)
+    assert_equal 'site_homepage', profile.preferred_login_redirection
+  end
+
+  should 'have an avatar from its original environment' do
+    assert_match(/http:\/\/#{@external_person.source}\/.*/, @external_person.avatar)
+  end
+
+  should 'generate a custom profile icon based on its avatar' do
+    assert_match(/http:\/\/#{@external_person.source}\/.*/, @external_person.profile_custom_icon)
+  end
+
+  should 'have an url to its profile on its original environment' do
+    assert_match(/http:\/\/#{@external_person.source}\/profile\/.*/, @external_person.url)
+  end
+
+  should 'have a public profile url' do
+    assert_match(/http:\/\/#{@external_person.source}\/profile\/.*/, @external_person.public_profile_url)
+  end
+
+  should 'have an admin url to its profile on its original environment' do
+    assert_match(/http:\/\/#{@external_person.source}\/myprofile\/.*/, @external_person.admin_url)
+  end
+
+  should 'never be a friend of another person' do
+    friend = fast_create(Person)
+    friend.add_friend @external_person
+    refute @external_person.is_a_friend?(friend)
+    refute friend.is_a_friend?(@external_person)
+  end
+
+  should 'never send a friend request to another person' do
+    friend = fast_create(Person)
+    friend.add_friend @external_person
+    refute friend.already_request_friendship?(@external_person)
+    @external_person.add_friend(friend)
+    refute @external_person.already_request_friendship?(friend)
+  end
+
+  should 'not follow another profile' do
+    friend = fast_create(Person)
+    friend.add_friend @external_person
+    refute @external_person.follows?(friend)
+    refute friend.follows?(@external_person)
+  end
+
+  should 'have an image' do
+    assert_not_nil @external_person.image
+  end
+
+  should 'profile image has public filename and mimetype' do
+    assert_not_nil @external_person.image.public_filename
+    assert_not_nil @external_person.image.content_type
+  end
+
+  should 'respond to all instance methods in Profile' do
+    methods = Profile.public_instance_methods(false)
+    methods.each do |method|
+      # We test if ExternalPerson responds to same methods as Profile, but we
+      # skip methods generated by plugins, libs and validations, which are
+      # usually only used internally
+      assert_respond_to ExternalPerson.new, method.to_sym unless method =~ /type_name|^autosave_.*|^after_.*|^before_.*|validate_.*|^attribute_.*|.*_?tags?_?.*|^custom_value.*|^custom_context.*|^xss.*|bar/
+    end
+  end
+
+  should 'respond to all instance methods in Person' do
+    methods = Person.public_instance_methods(false)
+    methods.each do |method|
+      # We test if ExternalPerson responds to same methods as Person, but we
+      # skip methods generated by plugins, libs and validations, which are
+      # usually only used internally
+      assert_respond_to ExternalPerson.new, method.to_sym unless method =~ /^autosave_.*|validate_.*|^before_.*|^after_.*|^assignment_.*|^(city|state)_.*/
+    end
+  end
+end
@@ -1831,9 +1831,9 @@ class PersonTest &lt; ActiveSupport::TestCase
     p1 = fast_create(Person)
     p2 = fast_create(Person)
     article = fast_create(Article)
-    c1 = fast_create(Comment, :source_id => article.id, :author_id => p1.id)
-    c2 = fast_create(Comment, :source_id => article.id, :author_id => p2.id)
-    c3 = fast_create(Comment, :source_id => article.id, :author_id => p1.id)
+    c1 = fast_create(Comment, :source_id => article.id, :author_id => p1.id, :author_type => 'Profile')
+    c2 = fast_create(Comment, :source_id => article.id, :author_id => p2.id, :author_type => 'Profile')
+    c3 = fast_create(Comment, :source_id => article.id, :author_id => p1.id, :author_type => 'Profile')
     assert_equivalent [c1,c3], p1.comments
   end
@@ -759,6 +759,14 @@ class UserTest &lt; ActiveSupport::TestCase
     end
   end
+  should 'get person or external person' do
+    user = create_user('new_user')
+    assert_kind_of Person, user.person
+    user.external_person_id = ExternalPerson.create!(identifier: 'new_user', name: 'New User', email: 'newuser@usermail.com', source: 'federated.noosfero.com', created_at: Date.today).id
+    assert_kind_of ExternalPerson, user.person
+    assert_kind_of Person, user.person_without_external
+  end
+
   protected
     def new_user(options = {})
       user = User.new({ :login => 'quire', :email => 'quire@example.com', :password => 'quire', :password_confirmation => 'quire' }.merge(options))
@@ -27,7 +27,7 @@ module NoosferoHttpCaching
   end
   def noosfero_session_check
-    headers["X-Noosfero-Auth"] = (session[:user] != nil).to_s
+    headers["X-Noosfero-Auth"] = (session[:user] != nil || session[:external] != nil).to_s
   end
   class Middleware
1	require_dependency 'api/helpers'	1	require_dependency 'api/helpers'
2		2
3	module Api	3	module Api
		4	+ class NoosferoFederation < Grape::API
		5	+ use Rack::JSONP
		6	+ helpers Helpers
		7	+ before { detect_stuff_by_domain }
		8	+ format :json
		9	+ content_type :json, "application/jrd+json"
		10	+ prefix [ENV['RAILS_RELATIVE_URL_ROOT'], ".well-known"].compact.join('/')
		11	+ mount Federation::Webfinger
		12	+ end
		13	+
4	class App < Grape::API	14	class App < Grape::API
5	use Rack::JSONP	15	use Rack::JSONP
6		16
	@@ -23,6 +33,8 @@ module Api		@@ -23,6 +33,8 @@ module Api
23	end	33	end
24	end	34	end
25		35
		36	+ mount NoosferoFederation
		37	+
26	before { set_locale }	38	before { set_locale }
27	before { setup_multitenancy }	39	before { setup_multitenancy }
28	before { detect_stuff_by_domain }	40	before { detect_stuff_by_domain }
@@ -0,0 +1,108 @@		@@ -0,0 +1,108 @@
	1	+require 'rails/commands/server'
	2	+
	3	+module Api
	4	+ module Federation
	5	+ class Webfinger < Grape::API
	6	+ get 'webfinger' do
	7	+ result = generate_jrd
	8	+ present result, with: Grape::Presenters::Presenter
	9	+ end
	10	+ end
	11	+ end
	12	+end
	13	+
	14	+def generate_jrd
	15	+ unless valid_domain?
	16	+ not_found!
	17	+ Rails.logger.error 'Domain Not Found'
	18	+ end
	19	+ if request_acct?
	20	+ acct_hash
	21	+ elsif valid_uri?(params[:resource])
	22	+ uri_hash
	23	+ end
	24	+end
	25	+
	26	+def domain
	27	+ if request_acct?
	28	+ params[:resource].split('@')[1]
	29	+ else
	30	+ params[:resource].split('/')[2]
	31	+ end
	32	+end
	33	+
	34	+def valid_domain?
	35	+ environment.domains.map(&:name).include? domain
	36	+end
	37	+
	38	+def request_acct?
	39	+ params[:resource].include? 'acct:'
	40	+end
	41	+
	42	+def acct_hash
	43	+ rails = Rails::Server.new
	44	+ acct = Hash.new{\|hash, key\| hash[key] = Hash.new{\|hash, key\| hash[key] = Array.new}}
	45	+ url = rails.options[:Host] + ':' + rails.options[:Port].to_s + '/'
	46	+ person = Person.find_by_identifier(extract_person_identifier)
	47	+
	48	+ if person.nil?
	49	+ Rails.logger.error 'Person not found'
	50	+ not_found!
	51	+ else
	52	+ acct[:subject] = params[:resource]
	53	+ acct[:alias] = url + person.identifier
	54	+ acct[:properties][:identifier] = person.identifier
	55	+ acct[:properties][:created_at] = person.created_at
	56	+ for blog in person.blogs do
	57	+ acct[:links][:rel] << url + 'rel/' + blog.path
	58	+ acct[:links][:href] << url + person.identifier + '/' + blog.path
	59	+ end
	60	+
	61	+ for galleries in person.articles.galleries do
	62	+ acct[:links][:rel] << url + 'rel/' + galleries.path
	63	+ acct[:links][:href] << url + person.identifier + '/' + galleries.path
	64	+ end
	65	+
	66	+ acct[:titles][:name] = person.name
	67	+ end
	68	+ acct
	69	+end
	70	+
	71	+def extract_person_identifier
	72	+ params[:resource].split('@')[0].split(':')[1]
	73	+end
	74	+
	75	+def valid_uri?(url)
	76	+ uri = URI.parse(url)
	77	+ if uri.is_a?(URI::HTTP)
	78	+ true
	79	+ else
	80	+ Rails.logger.error 'Bad URI Error'
	81	+ not_found!
	82	+ end
	83	+end
	84	+
	85	+def uri_hash
	86	+ uri = {}
	87	+ uri[:subject] = params[:resource]
	88	+ entity = find_entity(params[:resource])
	89	+ id = params[:resource].split('/').last.to_i
	90	+ begin
	91	+ uri[:properties] = entity.classify.constantize.find(id)
	92	+ rescue ActiveRecord::RecordNotFound
	93	+ Rails.logger.error "Entity: #{entity} with id: #{id} not found"
	94	+ not_found!
	95	+ end
	96	+ uri
	97	+end
	98	+
	99	+def find_entity(uri)
	100	+ possible_entity = uri.split('/')
	101	+ possible_entity.map! { \|entity\| "#{entity}s" }
	102	+ entity = (ActiveRecord::Base.connection.tables & possible_entity).first
	103	+ unless entity
	104	+ Rails.logger.error 'Entity not found on records'
	105	+ not_found!
	106	+ end
	107	+ entity
	108	+end
	@@ -62,7 +62,7 @@ module Api		@@ -62,7 +62,7 @@ module Api
62	{ :success => true }	62	{ :success => true }
63	rescue Exception => exception	63	rescue Exception => exception
64	render_api_error!(_('The article couldn\'t be removed due to some problem. Please contact the administrator.'), 400)	64	render_api_error!(_('The article couldn\'t be removed due to some problem. Please contact the administrator.'), 400)
65	- end	65	+ end
66	end	66	end
67		67
68	desc 'Report a abuse and/or violent content in a article by id' do	68	desc 'Report a abuse and/or violent content in a article by id' do
	@@ -108,6 +108,23 @@ module Api		@@ -108,6 +108,23 @@ module Api
108	end	108	end
109	present output	109	present output
110	end	110	end
		111	+
		112	+ desc "Return the person profile picture (you can optionally pass a 'size' parameter)"
		113	+ get ":id/icon" do
		114	+ person = environment.people.find(params[:id])
		115	+
		116	+ size = params[:size] \|\| :portrait
		117	+ image = profile_icon(person, size.to_sym)
		118	+ output = {}
		119	+
		120	+ unless image.match(/^\/\/www\.gravatar\.com/).nil?
		121	+ output[:icon] = 'https:' + image
		122	+ else
		123	+ output[:icon] = request.url.gsub(/\/api\/.*/, '') + image
		124	+ end
		125	+
		126	+ present output
		127	+ end
111	end	128	end
112		129
113	resource :profiles do	130	resource :profiles do
	@@ -25,7 +25,19 @@ module AuthenticatedSystem		@@ -25,7 +25,19 @@ module AuthenticatedSystem
25	# Accesses the current user from the session.	25	# Accesses the current user from the session.
26	def current_user user_id = session[:user]	26	def current_user user_id = session[:user]
27	@current_user \|\|= begin	27	@current_user \|\|= begin
28	- user = User.find_by id: user_id if user_id	28	+ user = nil
		29	+ if session[:external]
		30	+ user = User.new
		31	+ external_person = ExternalPerson.find_by(id: session[:external])
		32	+ if external_person
		33	+ user.external_person_id = external_person.id
		34	+ user.email = external_person.email
		35	+ else
		36	+ session[:external] = nil
		37	+ end
		38	+ else
		39	+ user = User.find_by(id: user_id) if user_id
		40	+ end
29	user.session = session if user	41	user.session = session if user
30	User.current = user	42	User.current = user
31	user	43	user
	@@ -37,9 +49,13 @@ module AuthenticatedSystem		@@ -37,9 +49,13 @@ module AuthenticatedSystem
37	if new_user.nil?	49	if new_user.nil?
38	session.delete(:user)	50	session.delete(:user)
39	else	51	else
40	- session[:user] = new_user.id	52	+ if new_user.id
		53	+ session[:user] = new_user.id
		54	+ else
		55	+ session[:external] = new_user.external_person_id
		56	+ end
41	new_user.session = session	57	new_user.session = session
42	- new_user.register_login	58	+ new_user.register_login if new_user.id
43	end	59	end
44	@current_user = User.current = new_user	60	@current_user = User.current = new_user
45	end	61	end
	@@ -64,7 +64,7 @@ class EmailTemplatesController < ApplicationController		@@ -64,7 +64,7 @@ class EmailTemplatesController < ApplicationController
64	private	64	private
65		65
66	def template_params	66	def template_params
67	- {:profile_name => current_user.name, :environment_name => environment.name }	67	+ {:profile_name => current_person.name, :environment_name => environment.name }
68	end	68	end
69		69
70	def template_params_allowed params	70	def template_params_allowed params
	@@ -247,7 +247,7 @@ class SearchController < PublicController		@@ -247,7 +247,7 @@ class SearchController < PublicController
247	def visible_profiles(klass, *extra_relations)	247	def visible_profiles(klass, *extra_relations)
248	relations = [:image, :domains, :environment, :preferred_domain]	248	relations = [:image, :domains, :environment, :preferred_domain]
249	relations += extra_relations	249	relations += extra_relations
250	- if current_user && current_user.person.is_admin?	250	+ if current_user && current_person.is_admin?
251	@environment.send(klass.name.underscore.pluralize).includes(relations)	251	@environment.send(klass.name.underscore.pluralize).includes(relations)
252	else	252	else
253	@environment.send(klass.name.underscore.pluralize).visible.includes(relations)	253	@environment.send(klass.name.underscore.pluralize).visible.includes(relations)
	@@ -2,7 +2,7 @@ module ThemeLoaderHelper		@@ -2,7 +2,7 @@ module ThemeLoaderHelper
2	def current_theme	2	def current_theme
3	@current_theme \|\|=	3	@current_theme \|\|=
4	begin	4	begin
5	- if session[:user_theme]	5	+ if defined?(session).present? && session[:user_theme]
6	session[:user_theme]	6	session[:user_theme]
7	else	7	else
8	# utility for developers: set the theme to 'random' in development mode and	8	# utility for developers: set the theme to 'random' in development mode and
	@@ -14,7 +14,7 @@ module ThemeLoaderHelper		@@ -14,7 +14,7 @@ module ThemeLoaderHelper
14	elsif Rails.env.development? && respond_to?(:params) && params[:user_theme] && File.exists?(Rails.root.join('public/designs/themes', params[:user_theme]))	14	elsif Rails.env.development? && respond_to?(:params) && params[:user_theme] && File.exists?(Rails.root.join('public/designs/themes', params[:user_theme]))
15	params[:user_theme]	15	params[:user_theme]
16	else	16	else
17	- if profile && !profile.theme.nil?	17	+ if defined?(profile) && profile && !profile.theme.nil?
18	profile.theme	18	profile.theme
19	elsif environment	19	elsif environment
20	environment.theme	20	environment.theme
	@@ -34,9 +34,9 @@ module ThemeLoaderHelper		@@ -34,9 +34,9 @@ module ThemeLoaderHelper
34	end	34	end
35		35
36	def theme_path	36	def theme_path
37	- if session[:user_theme]	37	+ if defined?(session).present? && session[:user_theme]
38	'/user_themes/' + current_theme	38	'/user_themes/' + current_theme
39	- elsif session[:theme]	39	+ elsif defined?(session).present? && session[:theme]
40	'/designs/themes/' + session[:theme]	40	'/designs/themes/' + session[:theme]
41	else	41	else
42	'/designs/themes/' + current_theme	42	'/designs/themes/' + current_theme
1	class AbuseComplaint < Task	1	class AbuseComplaint < Task
2	has_many :abuse_reports, :dependent => :destroy	2	has_many :abuse_reports, :dependent => :destroy
3	- belongs_to :reported, :class_name => "Profile", :foreign_key => "requestor_id"	3	+ belongs_to :reported, :polymorphic => true, :foreign_key => "requestor_id"
4		4
5	validates_presence_of :reported	5	validates_presence_of :reported
6	alias :requestor :reported	6	alias :requestor :reported
	@@ -2,7 +2,7 @@ class AbuseReport < ApplicationRecord		@@ -2,7 +2,7 @@ class AbuseReport < ApplicationRecord
2		2
3	attr_accessible :content, :reason	3	attr_accessible :content, :reason
4		4
5	- belongs_to :reporter, :class_name => 'Person'	5	+ belongs_to :reporter, :polymorphic => true
6	belongs_to :abuse_complaint	6	belongs_to :abuse_complaint
7	has_many :reported_images, :dependent => :destroy	7	has_many :reported_images, :dependent => :destroy
8		8