apispree_auth 0.0.0

data/app/helpers/users_helper.rb

@@ -0,0 +1,13 @@
+module UsersHelper
+  def password_style(user)
+    ActiveSupport::Deprecation.warn "[SPREE] Password style has be depreciated due to the removal of OpenID from the Auth Gem. "
+      "Please install the spree_social gem to regain this functionality and more."
+    ""
+  end
+  def openid_style(user)
+    ActiveSupport::Deprecation.warn "[SPREE] Password style has be depreciated due to the removal of OpenID from the Auth Gem. "
+      "Please install the spree_social gem to regain this functionality and more."
+    "display:none"
+  end
+
+end

data/app/models/ability.rb

@@ -0,0 +1,64 @@
+# Implementation class for Cancan gem.  Instead of overriding this class, consider adding new permissions
+# using the special +register_ability+ method which allows extensions to add their own abilities.
+#
+# See http://github.com/ryanb/cancan for more details on cancan.
+class Ability
+  include CanCan::Ability
+
+  class_attribute :abilities
+  self.abilities = Set.new
+
+  # Allows us to go beyond the standard cancan initialize method which makes it difficult for engines to
+  # modify the default +Ability+ of an application.  The +ability+ argument must be a class that includes
+  # the +CanCan::Ability+ module.  The registered ability should behave properly as a stand-alone class
+  # and therefore should be easy to test in isolation.
+  def self.register_ability(ability)
+    self.abilities.add(ability)
+  end
+
+  def initialize(user)
+    self.clear_aliased_actions
+
+    # override cancan default aliasing (we don't want to differentiate between read and index)
+    alias_action :edit, :to => :update
+    alias_action :new, :to => :create
+    alias_action :new_action, :to => :create
+    alias_action :show, :to => :read
+
+    user ||= User.new
+    if user.has_role? 'admin'
+      can :manage, :all
+    else
+      #############################
+      can :read, User do |resource|
+        resource == user
+      end
+      can :update, User do |resource|
+        resource == user
+      end
+      can :create, User
+      #############################
+      can :read, Order do |order, token|
+        order.user == user || order.token && token == order.token
+      end
+      can :update, Order do |order, token|
+        order.user == user || order.token && token == order.token
+      end
+      can :create, Order
+      #############################
+      can :read, Product
+      can :index, Product
+      #############################
+      can :read, Taxon
+      can :index, Taxon
+      #############################
+    end
+
+    #include any abilities registered by extensions, etc.
+    Ability.abilities.each do |clazz|
+      ability = clazz.send(:new, user)
+      @rules = rules + ability.send(:rules)
+    end
+
+  end
+end

data/app/models/order_decorator.rb

@@ -0,0 +1,12 @@
+Order.class_eval do
+  token_resource
+
+  # Associates the specified user with the order and destroys any previous association with guest user if
+  # necessary.
+  def associate_user!(user)
+    self.user = user
+    self.email = user.email
+    # disable validations since this can cause issues when associating an incomplete address during the address step
+    save(:validate => false)
+  end
+end

data/app/models/spree_auth_configuration.rb

@@ -0,0 +1,4 @@
+class SpreeAuthConfiguration < Configuration
+  preference :registration_step, :boolean, :default => true
+  preference :signout_after_password_change, :boolean, :default => true
+end

data/app/models/spree_current_order_decorator.rb

@@ -0,0 +1,14 @@
+Spree::CurrentOrder.module_eval do
+
+  # Associate the new order with the currently authenticated user before saving
+  def before_save_new_order
+    @current_order.user ||= current_user
+  end
+
+  def after_save_new_order
+    # make sure the user has permission to access the order (if they are a guest)
+    return if current_user
+    session[:access_token] = @current_order.token
+  end
+
+end

data/app/models/tokenized_permission.rb

@@ -0,0 +1,3 @@
+class TokenizedPermission < ActiveRecord::Base
+  belongs_to :permissable, :polymorphic => true
+end

data/app/models/user.rb

@@ -0,0 +1,85 @@
+class User < ActiveRecord::Base
+
+  devise :database_authenticatable, :token_authenticatable, :registerable, :recoverable,
+         :rememberable, :trackable, :validatable, :encryptable, :encryptor => "authlogic_sha512"
+
+  has_many :orders
+  has_and_belongs_to_many :roles
+  belongs_to :ship_address, :foreign_key => "ship_address_id", :class_name => "Address"
+  belongs_to :bill_address, :foreign_key => "bill_address_id", :class_name => "Address"
+
+  before_save :check_admin
+  before_validation :set_login
+
+  # Setup accessible (or protected) attributes for your model
+  attr_accessible :email, :password, :password_confirmation, :remember_me, :persistence_token
+
+  scope :admin, lambda { includes(:roles).where("roles.name" => "admin") }
+  scope :registered, where("users.email NOT LIKE ?", "%@example.net")
+
+  # has_role? simply needs to return true or false whether a user has a role or not.
+  def has_role?(role_in_question)
+    roles.any? { |role| role.name == role_in_question.to_s }
+  end
+
+  # Creates an anonymous user.  An anonymous user is basically an auto-generated +User+ account that is created for the customer
+  # behind the scenes and its completely transparently to the customer.  All +Orders+ must have a +User+ so this is necessary
+  # when adding to the "cart" (which is really an order) and before the customer has a chance to provide an email or to register.
+  def self.anonymous!
+    token = User.generate_token(:persistence_token)
+    User.create(:email => "#{token}@example.net", :password => token, :password_confirmation => token, :persistence_token => token)
+  end
+
+  def self.admin_created?
+    User.admin.count > 0
+  end
+
+  def anonymous?
+    email =~ /@example.net$/
+  end
+
+  def deliver_password_reset_instructions!
+    reset_perishable_token!
+    UserMailer.password_reset_instructions(self).deliver
+  end
+
+  protected
+  def password_required?
+    !persisted? || password.present? || password_confirmation.present?
+  end
+
+  private
+
+  def check_admin
+    return if self.class.admin_created?
+    admin_role = Role.find_or_create_by_name "admin"
+    self.roles << admin_role
+  end
+
+  def set_login
+    # for now force login to be same as email, eventually we will make this configurable, etc.
+    self.login ||= self.email if self.email
+  end
+
+  # Generate a friendly string randomically to be used as token.
+  def self.friendly_token
+    ActiveSupport::SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
+  end
+
+  # Generate a token by looping and ensuring does not already exist.
+  def self.generate_token(column)
+    loop do
+      token = friendly_token
+      break token unless find(:first, :conditions => { column => token })
+    end
+  end
+
+  def self.current
+    Thread.current[:user]
+  end
+
+  def self.current=(user)
+    Thread.current[:user] = user
+  end
+
+end

data/app/models/user_mailer.rb

@@ -0,0 +1,13 @@
+class UserMailer < ActionMailer::Base
+
+  def reset_password_instructions(user)
+    default_url_options[:host] = Spree::Config[:site_url]
+
+    @edit_password_reset_url = edit_user_password_url(:reset_password_token => user.reset_password_token)
+
+    mail(:to => user.email,
+         :subject => Spree::Config[:site_name] + ' ' + I18n.t("password_reset_instructions"))
+  end
+
+end
+

data/app/views/checkout/registration.html.erb

@@ -0,0 +1,20 @@
+<%= render "shared/error_messages", :target => @user %>
+<h2><%= t("registration")%></h2>
+<div id="registration">
+  <div id="account">
+    <%= render :file => 'user_sessions/new' %>
+  </div>
+  <% if Spree::Config[:allow_guest_checkout] %>
+    <div id="guest_checkout">
+      <%= render "shared/error_messages", :target => @order %>
+      <h2><%= t(:guest_user_account) %></h2>
+      <%= form_for @order, :url => update_checkout_registration_path, :html => { :method => :put, :id => "checkout_form_registration"} do |f| %>
+        <p>
+          <%= f.label :email, t("email") %><br />
+          <%= f.text_field :email, :class => 'title'  %>
+        </p>
+        <p><%= submit_tag t("continue"), :class => 'button primary' %></p>
+      <% end %>
+    </div>
+  <% end %>
+</div>

data/app/views/layouts/admin/_login_nav.html.erb

@@ -0,0 +1,8 @@
+<% if  current_user %>
+  <ul id="login-nav">
+    <li><%= t('logged_in_as') %>: <%= current_user.email %></li>
+    <li><%= link_to t('account'), edit_user_path(current_user) %></li>
+    <li><%= link_to t('logout'), destroy_user_session_path %></li>
+    <li><%= link_to t('store'), products_path %></li>
+  </ul>
+<% end %>

data/app/views/shared/_flashes.html.erb

@@ -0,0 +1,9 @@
+<% if flash.any? %>
+  <div id="flash">
+    <% flash.each do |key, value| %>
+      <p>
+        <%= value %>
+      </p>
+    <% end %>
+  </div>
+<% end%>

data/app/views/shared/_login.html.erb

@@ -0,0 +1,20 @@
+<%= form_for(:user, :url => user_session_path) do |f| %>
+  <div id='password-credentials'>
+    <p>
+      <%= f.label(:email, t("email")) %><br />
+      <%= f.text_field('email', :class => 'title') %>
+    </p>
+    <p>
+      <%= f.label :password, t("password") %><br />
+      <%= f.password_field 'password', :class => 'title' %>
+    </p>
+  </div>
+  <p>
+    <label>
+      <%= f.check_box :remember_me %>
+      <%= f.label :remember_me, t('remember_me') %>
+    </label>
+  </p>
+
+  <p><%= submit_tag t("log_in"), :class => 'button primary'%></p>
+<% end %>

data/app/views/shared/_login_bar.html.erb

@@ -0,0 +1,6 @@
+<% if current_user %>
+  <li><%= link_to t('my_account'), account_path %></li>
+  <li><%= link_to t('logout'), destroy_user_session_path %></li>
+<% else %>
+  <li><%= link_to t('log_in'), login_path %></li>
+<% end %>

data/app/views/shared/_user_form.html.erb

@@ -0,0 +1,17 @@
+<p>
+  <%= f.label :email, t("email") %><br />
+  <%= f.text_field :email, :class => 'title'  %>
+</p>
+<div id="password-credentials">
+  <p>
+    <%= f.label :password, t("password") %><br />
+    <%= f.password_field :password, :class => 'title'  %>
+  </p>
+
+  <p>
+    <%= f.label :password_confirmation, t(:confirm_password) %><br />
+    <%= f.password_field :password_confirmation, :class => 'title' %>
+  </p>
+</div>
+
+<%= hook :signup_below_password_fields %>

data/app/views/user_mailer/reset_password_instructions.text.erb

@@ -0,0 +1,10 @@
+A request to reset your password has been made. 
+If you did not make this request, simply ignore this email. 
+
+If you did make this request just click the link below:
+ 
+<%= @edit_password_reset_url %>
+ 
+If the above URL does not work try copying and pasting it into your browser. 
+If you continue to have problem please feel free to contact us.
+

data/app/views/user_passwords/edit.html.erb

@@ -0,0 +1,15 @@
+<%= render "shared/error_messages", :target => @user %>
+<h1><%= t(:change_my_password) %></h1>
+
+<%= form_for @user, :url => user_password_path, :html => {:method => :put} do |f| %>
+  <p>
+    <%= f.label :password %><br />
+    <%= f.password_field :password %><br />
+  </p>
+  <p>
+    <%= f.label :password_confirmation %><br />
+    <%= f.password_field :password_confirmation %><br />
+  </p>
+  <%= f.hidden_field :reset_password_token %>
+  <%= f.submit t("update_password") %>
+<% end %>

data/app/views/user_passwords/new.html.erb

@@ -0,0 +1,13 @@
+<h1><%= t(:forgot_password) %></h1>
+
+<p><%= t(:instructions_to_reset_password) %></p>
+
+<%= form_for User.new, :as => :user, :url => user_password_path do |f| %>
+  <p>
+    <label><%= t(:email) %>:</label><br />
+    <%= f.email_field :email %>
+  </p>
+  <p>
+    <%= f.submit t("reset_password") %>
+  </p>
+<% end %>

data/app/views/user_registrations/new.html.erb

@@ -0,0 +1,23 @@
+<% @body_id = 'signup' %>
+
+<%= render "shared/error_messages", :target => @user %>
+
+<div id="new-customer">
+  <h2><%= t("new_customer") %></h2>
+
+  <%= hook :signup do %>
+
+    <%= form_for(:user, :url => registration_path(@user)) do |f| %>
+
+      <%= hook :signup_inside_form do %>
+        <%= render 'shared/user_form', :f => f %>
+        <p><%= submit_tag t("create"), :class => 'button primary' %></p>
+      <% end %>
+
+    <% end %>
+    <%= t("or") %> <%= link_to t("login_as_existing"), login_path %>
+  <% end %>
+
+</div>
+
+<%= hook :login_extras %>

data/app/views/user_sessions/authorization_failure.html.erb

@@ -0,0 +1,4 @@
+<div style="height:50px; padding-top: 20px">
+  <strong><%= t("authorization_failure")%></strong>
+</div>   
+<!-- Add your own custom access denied message here if you like -->

data/app/views/user_sessions/new.html.erb

@@ -0,0 +1,13 @@
+<% if flash[:alert] %>
+  <div class="flash errors"><%= flash[:alert] %></div>
+<% end %>
+
+<% @body_id = 'login' %>
+<div id="existing-customer">
+  <h2><%= t("login_as_existing") %></h2>
+  <%= hook :login do %>
+    <%= render :partial => 'shared/login' %>
+    <%= t("or") %> <%= link_to t("create_a_new_account"), signup_path %> | <%= link_to t("forgot_password"), new_user_password_path %>
+  <% end %>
+</div>
+<%= hook :login_extras %>

data/app/views/users/edit.html.erb

@@ -0,0 +1,11 @@
+<%= render "shared/error_messages", :target => @user %>
+
+<h1><%= t("editing_user") %></h1>
+
+<%= form_for(@user, :html => { :method => :put }) do |f| %>
+  <%= render 'shared/user_form', :f => f %>
+  <p>
+    <%=submit_tag t("update") %>
+  </p>
+<% end %>
+

data/app/views/users/show.html.erb

@@ -0,0 +1,50 @@
+<h1><%= t("my_account") %></h1>
+
+<%= hook :account_summary do %>
+
+<table>
+  <tr>
+    <td><%= t("email") %>:</td>
+    <td>
+      <%= @user.email %>
+    </td>
+  </tr>
+</table>
+<p><%= link_to t('edit'), edit_account_path %></p>
+
+<% end %>
+
+<%= hook :account_my_orders do %>
+
+<h2><%= t("my_orders") %></h2>
+<% if @orders.present? %>
+  <table class="order-summary" width="545">
+    <thead>
+      <tr>
+        <th><%= t("order_number") %></th>
+        <th><%= t("order_date") %></th>
+        <th><%= t("status") %></th>
+        <th><%= t("payment_state") %></th>
+        <th><%= t("shipment_state") %></th>
+        <th><%= t("total") %></th>
+      </tr>
+    </thead>
+    <tbody>
+    <% @orders.each do |order| %>
+      <tr class="<%= cycle('even', 'odd') %>">
+        <td><%= link_to order.number, order_url(order) %></td>
+        <td><%=order.created_at.to_date%></td>
+        <td><%= t(order.state).titleize %></td>
+        <td><%= t("payment_states.#{order.payment_state}") if order.payment_state %></td>
+        <td><%= t("shipment_states.#{order.shipment_state}") if order.shipment_state %></td>
+        <td><%= number_to_currency order.total %></td>
+      </tr>
+    <% end %>
+    </tbody>
+  </table>
+<% else %>
+  <p><%= t(:you_have_no_orders_yet) %></p>
+<% end %>
+<br />
+
+<% end %>