solidus_auth_devise 1.0.0

data/lib/views/backend/spree/admin/user_passwords/new.html.erb

@@ -0,0 +1,17 @@
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @spree_user } %>
+
+<div id="forgot-password">
+  <h6><%= Spree.t(:forgot_password) %></h6>
+
+  <p><%= Spree.t(:instructions_to_reset_password) %></p>
+
+  <%= form_for Spree::User.new, :as => :spree_user, :url => spree.reset_password_path do |f| %>
+    <p>
+      <%= f.label :email, Spree.t(:email) %><br />
+      <%= f.email_field :email %>
+    </p>
+    <p>
+      <%= f.submit Spree.t(:reset_password), :class => 'button primary' %>
+    </p>
+  <% end %>
+</div>

data/lib/views/backend/spree/admin/user_sessions/authorization_failure.html.erb

@@ -0,0 +1,4 @@
+<div style="height:50px; padding-top:20px;">
+  <strong><%= Spree.t(:authorization_failure) %></strong>
+</div>
+<!-- Add your own custom access denied message here if you like -->

data/lib/views/backend/spree/admin/user_sessions/new.html.erb

@@ -0,0 +1,31 @@
+<% if flash[:alert] %>
+  <div class="flash errors"><%= flash[:alert] %></div>
+<% end %>
+
+<% @body_id = 'login' %>
+<div id="existing-customer">
+  <h6><%= Spree.t(:admin_login) %></h6>
+  <div data-hook="login">
+    <%= form_for Spree::User.new, :as => :spree_user, :url => spree.admin_create_new_session_path do |f| %>
+      <div id="password-credentials">
+        <p>
+          <%= f.label :email, Spree.t(:email) %><br />
+          <%= f.email_field :email, :class => 'title', :tabindex => 1 %>
+        </p>
+        <p>
+          <%= f.label :password, Spree.t(:password) %><br />
+          <%= f.password_field :password, :class => 'title', :tabindex => 2 %>
+        </p>
+      </div>
+      <p>
+        <%= f.check_box :remember_me, :tabindex => 3 %>
+        <%= f.label :remember_me, Spree.t(:remember_me) %>
+      </p>
+
+      <p><%= f.submit Spree.t(:login), :class => 'button primary', :tabindex => 4 %></p>
+    <% end %>
+    <%= Spree.t(:or) %>
+    <%= link_to Spree.t(:forgot_password), spree.recover_password_path %>
+  </div>
+</div>
+<div data-hook="login_extras"></div>

data/lib/views/backend/spree/layouts/admin/_login_nav.html.erb

@@ -0,0 +1,13 @@
+<% if spree_current_user %>
+  <ul id="login-nav" class="inline-menu">
+    <li data-hook="user-logged-in-as"><%= Spree.t(:logged_in_as) %>: <%= spree_current_user.email %></li>
+    <li data-hook="user-account-link" class='fa fa-user'><%= link_to Spree.t(:account), spree.edit_user_path(spree_current_user) %></li>
+    <li data-hook="user-logout-link" class='fa fa-sign-out'><%= link_to Spree.t(:logout), spree.admin_logout_path %></li>
+
+    <% if spree.respond_to? :root_path %>
+      <li data-hook="store-frontend-link" class='fa fa-external-link'>
+         <%= link_to Spree.t(:back_to_store), spree.root_path, :target => '_blank' %>
+      </li>
+    <% end %>
+  </ul>
+<% end %>

data/lib/views/frontend/spree/checkout/registration.html.erb

@@ -0,0 +1,22 @@
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @user } %>
+<h1><%= Spree.t(:registration) %></h1>
+<div id="registration" data-hook>
+  <div id="account" class="columns alpha eight">
+    <%= render template: 'spree/user_sessions/new' %>
+  </div>
+  <% if Spree::Config[:allow_guest_checkout] %>
+    <div id="guest_checkout" data-hook class="columns omega eight">
+      <h6><%= Spree.t(:guest_user_account) %></h6>
+      <% if flash[:registration_error] %>
+        <div class='flash error'><%= flash[:registration_error] %></div>
+      <% end %>
+      <%= form_for @order, :url => update_checkout_registration_path, :method => :put, :html => { :id => 'checkout_form_registration' } do |f| %>
+        <p>
+          <%= f.label :email, Spree.t(:email) %><br />
+          <%= f.email_field :email, :class => 'title' %>
+        </p>
+        <p><%= f.submit Spree.t(:continue), :class => 'button primary' %></p>
+      <% end %>
+    </div>
+  <% end %>
+</div>

data/lib/views/frontend/spree/shared/_flashes.html.erb

@@ -0,0 +1,9 @@
+<% if flash.any? %>
+  <div id="flash">
+    <% flash.each do |key, value| %>
+      <p>
+        <%= value %>
+      </p>
+    <% end %>
+  </div>
+<% end%>

data/lib/views/frontend/spree/shared/_login.html.erb

@@ -0,0 +1,18 @@
+<%= form_for Spree::User.new, :as => :spree_user, :url => spree.create_new_session_path do |f| %>
+  <div id="password-credentials">
+    <p>
+      <%= f.label :email, Spree.t(:email) %><br />
+      <%= f.email_field :email, :class => 'title', :tabindex => 1, autofocus: true %>
+    </p>
+    <p>
+      <%= f.label :password, Spree.t(:password) %><br />
+      <%= f.password_field :password, :class => 'title', :tabindex => 2 %>
+    </p>
+  </div>
+  <p>
+    <%= f.check_box :remember_me, :tabindex => 3 %>
+    <%= f.label :remember_me, Spree.t(:remember_me) %>
+  </p>
+
+  <p><%= f.submit Spree.t(:login), :class => 'button primary', :tabindex => 4 %></p>
+<% end %>

data/lib/views/frontend/spree/shared/_login_bar.html.erb

@@ -0,0 +1,6 @@
+<% if spree_current_user %>
+  <li><%= link_to Spree.t(:my_account), spree.account_path %></li>
+  <li><%= link_to Spree.t(:logout), spree.logout_path %></li>
+<% else %>
+  <li id="link-to-login"><%= link_to Spree.t(:login), spree.login_path %></li>
+<% end %>

data/lib/views/frontend/spree/shared/_user_form.html.erb

@@ -0,0 +1,17 @@
+<p>
+  <%= f.label :email, Spree.t(:email) %><br />
+  <%= f.email_field :email, :class => 'title' %>
+</p>
+<div id="password-credentials">
+  <p>
+    <%= f.label :password, Spree.t(:password) %><br />
+    <%= f.password_field :password, :class => 'title' %>
+  </p>
+
+  <p>
+    <%= f.label :password_confirmation, Spree.t(:confirm_password) %><br />
+    <%= f.password_field :password_confirmation, :class => 'title' %>
+  </p>
+</div>
+
+<div data-hook="signup_below_password_fields"></div>

data/lib/views/frontend/spree/user_mailer/confirmation_instructions.text.erb

@@ -0,0 +1,5 @@
+Welcome <%= @email %>!
+
+You can confirm your account email through the link below:
+
+<%= link_to 'Confirm my account', @confirmation_url %>

data/lib/views/frontend/spree/user_mailer/reset_password_instructions.text.erb

@@ -0,0 +1,10 @@
+A request to reset your password has been made.
+If you did not make this request, simply ignore this email.
+
+If you did make this request just click the link below:
+
+<%= @edit_password_reset_url %>
+
+If the above URL does not work try copying and pasting it into your browser.
+If you continue to have problems please feel free to contact us.
+

data/lib/views/frontend/spree/user_passwords/edit.html.erb

@@ -0,0 +1,17 @@
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @spree_user } %>
+<div id="change-password">
+  <h6><%= Spree.t(:change_my_password) %></h6>
+  
+  <%= form_for @spree_user, :as => :spree_user, :url => spree.update_password_path, :method => :put do |f| %>
+    <p>
+      <%= f.label :password, Spree.t(:password) %><br />
+      <%= f.password_field :password %><br />
+    </p>
+    <p>
+      <%= f.label :password_confirmation, Spree.t(:confirm_password) %><br />
+      <%= f.password_field :password_confirmation %><br />
+    </p>
+    <%= f.hidden_field :reset_password_token %>
+    <%= f.submit Spree.t(:update), :class => 'button primary' %>
+  <% end %>
+</div>

data/lib/views/frontend/spree/user_passwords/new.html.erb

@@ -0,0 +1,17 @@
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @spree_user } %>
+
+<div id="forgot-password">
+  <h6><%= Spree.t(:forgot_password) %></h6>
+
+  <p><%= Spree.t(:instructions_to_reset_password) %></p>
+
+  <%= form_for Spree::User.new, :as => :spree_user, :url => spree.reset_password_path do |f| %>
+    <p>
+      <%= f.label :email, Spree.t(:email) %><br />
+      <%= f.email_field :email %>
+    </p>
+    <p>
+      <%= f.submit Spree.t(:reset_password), :class => 'button primary' %>
+    </p>
+  <% end %>
+</div>

data/lib/views/frontend/spree/user_registrations/new.html.erb

@@ -0,0 +1,21 @@
+<% @body_id = 'signup' %>
+
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @user } %>
+
+<div id="new-customer">
+  <h6><%= Spree.t(:new_customer) %></h6>
+
+  <div data-hook="signup">
+    <%= form_for resource, :as => :spree_user, :url => spree.registration_path(@user) do |f| %>
+      <div data-hook="signup_inside_form">
+        <%= render :partial => 'spree/shared/user_form', :locals => { :f => f } %>
+        <p><%= f.submit Spree.t(:create), :class => 'button primary' %></p>
+      </div>
+    <% end %>
+    <%= Spree.t(:or) %>&nbsp;<%= link_to Spree.t(:login_as_existing), spree.login_path %>
+
+  </div>
+
+</div>
+
+<div data-hook="login_extras"></div>

data/lib/views/frontend/spree/user_sessions/authorization_failure.html.erb

@@ -0,0 +1,4 @@
+<div style="height:50px; padding-top:20px;">
+  <strong><%= Spree.t(:authorization_failure) %></strong>
+</div>
+<!-- Add your own custom access denied message here if you like -->

data/lib/views/frontend/spree/user_sessions/new.html.erb

@@ -0,0 +1,13 @@
+<% if flash[:alert] %>
+  <div class="flash errors"><%= flash[:alert] %></div>
+<% end %>
+
+<% @body_id = 'login' %>
+<div id="existing-customer">
+  <h6><%= Spree.t(:login_as_existing) %></h6>
+  <div data-hook="login">
+    <%= render :partial => 'spree/shared/login' %>
+    <%= Spree.t(:or) %>&nbsp;<%= link_to Spree.t(:create_a_new_account), spree.signup_path %> | <%= link_to Spree.t(:forgot_password), spree.recover_password_path %>
+  </div>
+</div>
+<div data-hook="login_extras"></div>

data/lib/views/frontend/spree/users/edit.html.erb

@@ -0,0 +1,14 @@
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @user } %>
+
+<div id="edit-account">
+  <h1><%= Spree.t(:editing_user) %></h1>
+  
+  <div data-hook="account_edit">
+    <%= form_for Spree::User.new, :as => @user, :url => spree.user_path(@user), :method => :put do |f| %>
+      <%= render :partial => 'spree/shared/user_form', :locals => { :f => f } %>
+      <p>
+        <%= f.submit Spree.t(:update), :class => 'button primary' %>
+      </p>
+    <% end %>
+  </div>
+</div>

data/lib/views/frontend/spree/users/show.html.erb

@@ -0,0 +1,43 @@
+<h1><%= accurate_title %></h1>
+
+<div data-hook="account_summary" class="account-summary">
+  <dl id="user-info">
+    <dt><%= Spree.t(:email) %></dt>
+    <dd><%= @user.email %> (<%= link_to Spree.t(:edit), spree.edit_account_path %>)</dd>
+  </dl>
+</div>
+
+<div data-hook="account_my_orders" class="account-my-orders">
+
+  <h3><%= Spree.t(:my_orders) %></h3>
+  <% if @orders.present? %>
+    <table class="order-summary">
+      <thead>
+      <tr>
+        <th class="order-number"><%= I18n.t(:number, :scope => 'activerecord.attributes.spree/order') %></th>
+        <th class="order-date"><%= Spree.t(:date) %></th>
+        <th class="order-status"><%= Spree.t(:status) %></th>
+        <th class="order-payment-state"><%= Spree.t(:payment_state) %></th>
+        <th class="order-shipment-state"><%= Spree.t(:shipment_state) %></th>
+        <th class="order-total"><%= Spree.t(:total) %></th>
+      </tr>
+      </thead>
+      <tbody>
+      <% @orders.each do |order| %>
+        <tr class="<%= cycle('even', 'odd') %>">
+          <td class="order-number"><%= link_to order.number, order_url(order) %></td>
+          <td class="order-date"><%= l order.completed_at.to_date %></td>
+          <td class="order-status"><%= Spree.t("order_state.#{order.state}").titleize %></td>
+          <td class="order-payment-state"><%= Spree.t("payment_states.#{order.payment_state}").titleize if order.payment_state %></td>
+          <td class="order-shipment-state"><%= Spree.t("shipment_states.#{order.shipment_state}").titleize if order.shipment_state %></td>
+          <td class="order-total"><%= order.display_total %></td>
+        </tr>
+      <% end %>
+      </tbody>
+    </table>
+  <% else %>
+    <p><%= Spree.t(:you_have_no_orders_yet) %></p>
+  <% end %>
+  <br />
+
+</div>

data/solidus_auth_devise.gemspec

@@ -0,0 +1,42 @@
+# encoding: UTF-8
+
+Gem::Specification.new do |s|
+  s.platform    = Gem::Platform::RUBY
+  s.name        = "solidus_auth_devise"
+  s.version     = "1.0.0"
+  s.summary     = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
+  s.description = s.summary
+
+  s.author       = 'Solidus Team'
+  s.email        = 'contact@solidus.io'
+
+  s.required_ruby_version = ">= 2.1"
+  s.license     = %q{BSD-3}
+
+  s.files        = `git ls-files`.split("\n")
+  s.test_files   = `git ls-files -- spec/*`.split("\n")
+  s.require_path = "lib"
+  s.requirements << "none"
+
+  solidus_version = [">= 1.0.0.pre", "< 2"]
+
+  s.add_dependency "solidus_core", solidus_version
+  s.add_dependency "devise", "~> 3.2.3"
+  s.add_dependency "devise-encryptable", "0.1.2"
+
+  s.add_dependency "json"
+  s.add_dependency "multi_json"
+
+  s.add_development_dependency "solidus_backend", solidus_version
+  s.add_development_dependency "solidus_frontend", solidus_version
+  s.add_development_dependency "rspec-rails", "~> 3.0.0"
+  s.add_development_dependency "simplecov", "~> 0.9.0"
+  s.add_development_dependency "sqlite3"
+  s.add_development_dependency "sass-rails", "~> 4.0.0"
+  s.add_development_dependency "coffee-rails", "~> 4.0.0"
+  s.add_development_dependency "shoulda-matchers", "~> 2.6.2"
+  s.add_development_dependency "factory_girl", "~> 4.4"
+  s.add_development_dependency "capybara", "~> 2.4.1"
+  s.add_development_dependency "poltergeist", "~> 1.5"
+  s.add_development_dependency "database_cleaner", "~> 1.2.0"
+end

data/spec/controllers/spree/admin/orders_controller_spec.rb

@@ -0,0 +1,14 @@
+module Spree
+  module Admin
+    RSpec.describe OrdersController, type: :controller do
+      stub_authorization!
+
+      context '#authorize_admin' do
+        it 'grants access to users with an admin role' do
+          spree_get :new
+          expect(response).to redirect_to spree.edit_admin_order_path(Order.last)
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/checkout_controller_spec.rb

@@ -0,0 +1,141 @@
+RSpec.describe Spree::CheckoutController, type: :controller do
+
+  let(:order) { create(:order_with_line_items, email: nil, user: nil) }
+  let(:user)  { build(:user, spree_api_key: 'fake') }
+  let(:token) { 'some_token' }
+
+  before do
+    allow(controller).to receive(:current_order) { order }
+    allow(order).to receive(:confirmation_required?) { true }
+  end
+
+  context '#edit' do
+    context 'when registration step enabled' do
+      before do
+        allow(controller).to receive(:check_authorization)
+        Spree::Auth::Config.set(registration_step: true)
+      end
+
+      context 'when authenticated as registered user' do
+        before { allow(controller).to receive(:spree_current_user) { user } }
+
+        it 'proceeds to the first checkout step' do
+          spree_get :edit, { state: 'address' }
+          expect(response).to render_template :edit
+        end
+      end
+
+      context 'when authenticated as guest' do
+        it 'redirects to registration step' do
+          spree_get :edit, { state: 'address' }
+          expect(response).to redirect_to spree.checkout_registration_path
+        end
+      end
+    end
+
+    context 'when registration step disabled' do
+      before do
+        Spree::Auth::Config.set(registration_step: false)
+        allow(controller).to receive(:check_authorization)
+      end
+
+      context 'when authenticated as registered' do
+        before { allow(controller).to receive(:spree_current_user) { user } }
+
+        it 'proceeds to the first checkout step' do
+          spree_get :edit, { state: 'address' }
+          expect(response).to render_template :edit
+        end
+      end
+
+      context 'when authenticated as guest' do
+        it 'proceeds to the first checkout step' do
+          spree_get :edit, { state: 'address' }
+          expect(response).to render_template :edit
+        end
+      end
+    end
+  end
+
+  context '#update' do
+    context 'when in the confirm state' do
+      before do
+        order.update_column(:email, 'spree@example.com')
+        order.update_column(:state, 'confirm')
+
+        # So that the order can transition to complete successfully
+        allow(order).to receive(:payment_required?) { false }
+      end
+
+      context 'with a token' do
+        before { allow(order).to receive(:guest_token) { 'ABC' } }
+
+        it 'redirects to the tokenized order view' do
+          request.cookie_jar.signed[:guest_token] = 'ABC'
+          spree_post :update, { state: 'confirm' }
+          expect(response).to redirect_to spree.token_order_path(order, 'ABC')
+          expect(flash.notice).to eq Spree.t(:order_processed_successfully)
+        end
+      end
+
+      context 'with a registered user' do
+        before do
+          allow(controller).to receive(:spree_current_user) { user }
+          allow(order).to receive(:user) { user }
+          allow(order).to receive(:guest_token) { nil }
+        end
+
+        it 'redirects to the standard order view' do
+          spree_post :update, { state: 'confirm' }
+          expect(response).to redirect_to spree.order_path(order)
+        end
+      end
+    end
+  end
+
+  context '#registration' do
+    it 'does not check registration' do
+      allow(controller).to receive(:check_authorization)
+      expect(controller).not_to receive(:check_registration)
+      spree_get :registration
+    end
+
+    it 'checks if the user is authorized for :edit' do
+      expect(controller).to receive(:authorize!).with(:edit, order, token)
+      request.cookie_jar.signed[:guest_token] = token
+      spree_get :registration, {}
+    end
+  end
+
+  context '#update_registration' do
+    let(:user) { build(:user) }
+
+    it 'does not check registration' do
+      controller.stub :check_authorization
+      order.stub update_attributes: true
+      controller.should_not_receive :check_registration
+      spree_put :update_registration, { order: { } }
+    end
+
+    it 'renders the registration view if unable to save' do
+      allow(controller).to receive(:check_authorization)
+      spree_put :update_registration, { order: { email: 'invalid' } }
+      expect(flash[:registration_error]).to eq I18n.t(:email_is_invalid, scope: [:errors, :messages])
+      expect(response).to render_template :registration
+    end
+
+    it 'redirects to the checkout_path after saving' do
+      allow(order).to receive(:update_attributes) { true }
+      allow(controller).to receive(:check_authorization)
+      spree_put :update_registration, { order: { email: 'jobs@spreecommerce.com' } }
+      expect(response).to redirect_to spree.checkout_path
+    end
+
+    it 'checks if the user is authorized for :edit' do
+      request.cookie_jar.signed[:guest_token] = token
+      allow(order).to receive(:update_attributes) { true }
+      expect(controller).to receive(:authorize!).with(:edit, order, token)
+      spree_put :update_registration, { order: { email: 'jobs@spreecommerce.com' } }
+    end
+  end
+end