solidus_auth_devise 2.0.0 → 2.5.0

data/Gemfile

@@ -1,21 +1,29 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
 
-branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
-gem "solidus", github: "solidusio/solidus", branch: branch
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
-group :test do
-  if branch == 'master' || branch >= "v2.0"
-    gem "rails-controller-testing"
-  else
-    gem "rails_test_params_backport"
-  end
-end
+branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
+gem 'solidus', github: 'solidusio/solidus', branch: branch
 
-gem 'pg'
-gem 'mysql2'
+# Needed to help Bundler figure out how to resolve dependencies,
+# otherwise it takes forever to resolve them.
+# See https://github.com/bundler/bundler/issues/6677
+gem 'rails', '>0.a'
 
-group :development, :test do
-  gem "pry-rails"
+case ENV['DB']
+when 'mysql'
+  gem 'mysql2'
+when 'postgresql'
+  gem 'pg'
+else
+  gem 'sqlite3'
 end
 
+gem 'rails-controller-testing', group: :test
+
 gemspec
+
+# Use a local Gemfile to include development dependencies that might not be
+# relevant for the project or for other contributors, e.g.: `gem 'pry-debug'`.
+eval_gemfile 'Gemfile-local' if File.exist? 'Gemfile-local'

data/{LICENSE.md → LICENSE}

@@ -1,4 +1,4 @@
-Copyright (c) 2014, Spree Commerce, Inc. and other contributors
+Copyright (c) 2020 Solidus Team
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -9,7 +9,7 @@ are permitted provided that the following conditions are met:
     * Redistributions in binary form must reproduce the above copyright notice,
       this list of conditions and the following disclaimer in the documentation
       and/or other materials provided with the distribution.
-    * Neither the name Spree nor the names of its contributors may be used to
+    * Neither the name Solidus nor the names of its contributors may be used to
       endorse or promote products derived from this software without specific
       prior written permission.
 

data/README.md

@@ -1,6 +1,8 @@
 Solidus Auth (Devise)
 =====================
 
+[![CircleCI](https://circleci.com/gh/solidusio/solidus_auth_devise.svg?style=svg)](https://circleci.com/gh/solidusio/solidus_auth_devise)
+
 Provides authentication services for Solidus, using the Devise gem.
 
 Installation
@@ -10,6 +12,9 @@ Just add this line to your `Gemfile`:
 
 ```ruby
 gem "solidus_auth_devise"
+
+# For Solidus versions < 2.5
+# gem 'deface'
 ```
 
 Then, run `bundle install`.
@@ -43,9 +48,6 @@ Devise.setup do |config|
   # Required so users don't lose their carts when they need to confirm.
   config.allow_unconfirmed_access_for = 1.days
 
-  # Fixes the bug where Confirmation errors result in a broken page.
-  config.router_name = :spree
-
   # Add any other devise configurations here, as they will override the defaults provided by solidus_auth_devise.
 end
 ```
@@ -93,3 +95,48 @@ Run the following to automatically build a dummy app if necessary and run the te
 ```shell
 bundle exec rake
 ```
+
+## Releasing a new version
+
+#### 1. Bump gem version and push to RubyGems
+
+We use [gem-release](https://github.com/svenfuchs/gem-release) to release this
+extension with ease.
+
+Supposing you are on the master branch and you are working on a fork of this
+extension, `upstream` is the main remote and you have write access to it, you
+can simply run:
+
+```bash
+gem bump --version minor --tag --release
+```
+
+This command will:
+
+- bump the gem version to the next minor (changing the `version.rb` file)
+- commit the change and push it to upstream master
+- create a git tag
+- push the tag to the upstream remote
+- release the new version on RubyGems
+
+Or you can run these commands individually:
+
+```bash
+gem bump --version minor
+gem tag
+gem release
+```
+
+#### 2. Publish the updated CHANGELOG
+
+After the release is done we can generate the updated CHANGELOG
+using
+[github-changelog-generator](https://github.com/github-changelog-generator/github-changelog-generator)
+by running the following command:
+
+
+```bash
+bundle exec github_changelog_generator solidusio/solidus_auth_devise --token YOUR_GITHUB_TOKEN
+git commit -am 'Update CHANGELOG'
+git push upstream master
+```

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bundler'
 Bundler::GemHelper.install_tasks
 

data/app/mailers/spree/user_mailer.rb

@@ -1,12 +1,14 @@
+# frozen_string_literal: true
+
 module Spree
   class UserMailer < BaseMailer
-    def reset_password_instructions(user, token, *args)
+    def reset_password_instructions(user, token, *_args)
       @store = Spree::Store.default
       @edit_password_reset_url = spree.edit_spree_user_password_url(reset_password_token: token, host: @store.url)
       mail to: user.email, from: from_address(@store), subject: "#{@store.name} #{I18n.t(:subject, scope: [:devise, :mailer, :reset_password_instructions])}"
     end
 
-    def confirmation_instructions(user, token, opts={})
+    def confirmation_instructions(user, token, _opts = {})
       @store = Spree::Store.default
       @confirmation_url = spree.spree_user_confirmation_url(confirmation_token: token, host: @store.url)
       mail to: user.email, from: from_address(@store), subject: "#{@store.name} #{I18n.t(:subject, scope: [:devise, :mailer, :confirmation_instructions])}"

data/app/models/spree/auth_configuration.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Spree
   class AuthConfiguration < Preferences::Configuration
     preference :registration_step, :boolean, default: true

data/app/models/spree/user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Spree
   class User < Spree::Base
     include UserMethods
@@ -8,14 +10,15 @@ module Spree
 
     acts_as_paranoid
     after_destroy :scramble_email_and_password
-    before_update { generate_spree_api_key if encrypted_password_changed? && spree_api_key.present? }
 
-    before_validation :set_login
+    def password=(new_password)
+      generate_spree_api_key if new_password.present? && spree_api_key.present?
+      super
+    end
 
-    users_table_name = User.table_name
-    roles_table_name = Role.table_name
+    before_validation :set_login
 
-    scope :admin, -> { includes(:spree_roles).where("#{roles_table_name}.name" => "admin") }
+    scope :admin, -> { includes(:spree_roles).where("#{Role.table_name}.name" => "admin") }
 
     def self.admin_created?
       User.admin.count > 0
@@ -25,24 +28,31 @@ module Spree
       has_spree_role?('admin')
     end
 
+    def confirmed?
+      !!confirmed_at
+    end
+
     protected
-      def password_required?
-        !persisted? || password.present? || password_confirmation.present?
-      end
+
+    def password_required?
+      !persisted? || password.present? || password_confirmation.present?
+    end
 
     private
 
-      def set_login
-        # for now force login to be same as email, eventually we will make this configurable, etc.
-        self.login ||= self.email if self.email
-      end
-
-      def scramble_email_and_password
-        self.email = SecureRandom.uuid + "@example.net"
-        self.login = self.email
-        self.password = SecureRandom.hex(8)
-        self.password_confirmation = self.password
-        self.save
-      end
+    def set_login
+      # for now force login to be same as email, eventually we will make this configurable, etc.
+      self.login ||= email if email
+    end
+
+    def scramble_email_and_password
+      return true if destroyed?
+
+      self.email = SecureRandom.uuid + "@example.net"
+      self.login = email
+      self.password = SecureRandom.hex(8)
+      self.password_confirmation = password
+      save
+    end
   end
 end

data/app/overrides/spree/admin/users/edit/_add_reset_password_form.html.erb.deface

@@ -0,0 +1,20 @@
+<!--
+  insert_before "fieldset#admin_user_edit_api_key"
+  original "904c52ff702412d1dc8d55ff44d87d7f581f6675"
+-->
+
+<% if @user != try_spree_current_user %>
+  <fieldset class="no-border-bottom" data-hook="admin_user_reset_password">
+    <legend><%= t(:'spree.forgot_password') %></legend>
+
+    <%= form_for [:admin, @user], as: :spree_user, url: admin_reset_password_path, method: :post do |f| %>
+      <%= f.hidden_field :email, value: @user.email %>
+
+      <% if can?(:update, @user) %>
+        <div class="align-center">
+          <%= f.submit Spree.user_class.human_attribute_name(:reset_password), class: "button primary" %>
+        </div>
+      <% end %>
+    <% end %>
+  </fieldset>
+<% end %>

data/bin/console

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "solidus_auth_devise"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+$LOAD_PATH.unshift(*Dir["#{__dir__}/../app/*"])
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/rails

@@ -1,7 +1,15 @@
 #!/usr/bin/env ruby
 
-ENGINE_ROOT = File.expand_path('../..', __FILE__)
-ENGINE_PATH = File.expand_path('../../lib/spree/auth/engine', __FILE__)
+# frozen_string_literal: true
 
-require 'rails/all'
-require 'rails/engine/commands'
+app_root = 'spec/dummy'
+
+unless File.exist? "#{app_root}/bin/rails"
+  system "bin/rake", app_root or begin # rubocop:disable Style/AndOr
+    warn "Automatic creation of the dummy app failed"
+    exit 1
+  end
+end
+
+Dir.chdir app_root
+exec 'bin/rails', *ARGV

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+gem install bundler --conservative
+bundle update
+bundle exec rake clobber

data/config/initializers/devise.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|
@@ -29,7 +31,7 @@ Devise.setup do |config|
   config.http_authenticatable = true
 
   # Set this to true to use Basic Auth for AJAX requests.  True by default.
-  #config.http_authenticatable_on_xhr = false
+  # config.http_authenticatable_on_xhr = false
 
   # The realm used in Http Basic Authentication
   config.http_authentication_realm = 'Spree Application'
@@ -41,7 +43,11 @@ Devise.setup do |config|
   config.encryptor = 'authlogic_sha512'
 
   # Setup a pepper to generate the encrypted password.
-  config.pepper = Rails.configuration.secret_token
+  config.pepper = if Rails.configuration.respond_to?(:secret_token) && Rails.configuration.secret_token.present?
+    Rails.configuration.secret_token
+  else
+    Rails.configuration.secret_key_base
+  end
 
   # ==> Configuration for :confirmable
   # The time you want to give your user to confirm his account. During this time
@@ -114,6 +120,9 @@ Devise.setup do |config|
   # should add them to the navigational formats lists. Default is [:html]
   config.navigational_formats = [:html, :json, :xml]
 
+  # The default HTTP method used to sign out a resource. Default is :delete.
+  config.sign_out_via = :delete
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not (yet) supported by Devise,
   # you can configure them inside the config.warden block. The example below
@@ -132,7 +141,6 @@ Devise.setup do |config|
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
   config.reset_password_within = 6.hours
-  config.sign_out_via = :get
 
   config.case_insensitive_keys = [:email]
 end

data/config/initializers/warden.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Merges users orders to their account after sign in and sign up.
-Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
+Warden::Manager.after_set_user except: :fetch do |user, auth, _opts|
   if auth.cookies.signed[:guest_token].present?
     if user.is_a?(Spree::User)
       Spree::Order.incomplete.where(guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
@@ -9,6 +11,6 @@ Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
   end
 end
 
-Warden::Manager.before_logout do |user, auth, opts|
+Warden::Manager.before_logout do |_user, auth, _opts|
   auth.cookies.delete :guest_token
 end

data/config/locales/en.yml

@@ -2,6 +2,7 @@
 en:
   spree:
     admin_login: Admin Login
+    change_my_password: Change my password
   devise:
     confirmations:
       confirmed: Your account was successfully confirmed. You are now signed in.
@@ -32,8 +33,10 @@ en:
       spree_user:
         cannot_be_blank: Your password cannot be blank.
         no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
-        send_instructions: You will receive an email with instructions about how to reset your password in a few minutes.
+        send_instructions: If an account with that email address exists, you will receive an email with instructions about how to reset your password in a few minutes.
         updated: Your password was changed successfully. You are now signed in.
+    passwords:
+      send_instructions: If an account with that email address exists, you will receive an email with instructions about how to reset your password in a few minutes.
     user_registrations:
       destroyed: Bye! Your account was successfully cancelled. We hope to see you again soon.
       inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'

data/config/locales/fr.yml

@@ -46,5 +46,5 @@ fr:
       not_found: "n'a pas été trouvé"
       not_locked: "n'a pas été bloqué"
       not_saved:
-        one: "1 erreur interdit cette %{ressource} d'être enregistrée :"
+        one: "1 erreur interdit cette %{resource} d'être enregistrée :"
         other: "%{count} erreurs interdisent cette %{resource} d'être enregistrée :"

data/config/locales/it.yml

@@ -1,8 +1,8 @@
+---
 it:
   spree:
-    admin:
-      tab:
-        users: Utenti
+    admin_login: Login Amministrazione
+    change_my_password: Cambia la password
   devise:
     confirmations:
       confirmed: Il tuo account è stato correttamente confermato. Ora sei collegato.
@@ -65,9 +65,9 @@ it:
       signed_out: Uscito correttamente.
   errors:
     messages:
-      email_is_invalid: L'indirizzo email non può essere vuoto
       already_confirmed: è stato già confermato
       confirmation_period_expired: deve essere confermato entro %{period}, richiedi una nuova conferma
+      email_is_invalid: L'indirizzo email non può essere vuoto
       expired: è scaduto, si prega di richiederne uno nuovo
       not_found: non trovato
       not_locked: non era bloccato

data/config/routes.rb

@@ -1,9 +1,7 @@
-Spree::Core::Engine.routes.draw do
-  if (
-    SolidusSupport.frontend_available? &&
-    Spree::Auth::Config.draw_frontend_routes
-  )
+# frozen_string_literal: true
 
+Spree::Core::Engine.routes.draw do
+  if SolidusSupport.frontend_available? && Spree::Auth::Config.draw_frontend_routes
     devise_for(:spree_user, {
       class_name: 'Spree::User',
       controllers: {
@@ -14,7 +12,8 @@ Spree::Core::Engine.routes.draw do
       },
       skip: [:unlocks, :omniauth_callbacks],
       path_names: { sign_out: 'logout' },
-      path_prefix: :user
+      path_prefix: :user,
+      router_name: :spree
     })
 
     resources :users, only: [:edit, :update]
@@ -38,28 +37,30 @@ Spree::Core::Engine.routes.draw do
     resource :account, controller: 'users'
   end
 
-  if (
-    SolidusSupport.backend_available? &&
-    Spree::Auth::Config.draw_backend_routes
-  )
-
+  if SolidusSupport.backend_available? && Spree::Auth::Config.draw_backend_routes
     namespace :admin do
       devise_for(:spree_user, {
         class_name: 'Spree::User',
+        singular: :spree_user,
+        skip: :all,
+        path_names: { sign_out: 'logout' },
         controllers: {
           sessions: 'spree/admin/user_sessions',
           passwords: 'spree/admin/user_passwords'
         },
-        skip: [:unlocks, :omniauth_callbacks, :registrations],
-        path_names: { sign_out: 'logout' },
-        path_prefix: :user
+        router_name: :spree
       })
 
       devise_scope :spree_user do
         get '/authorization_failure', to: 'user_sessions#authorization_failure', as: :unauthorized
         get '/login', to: 'user_sessions#new', as: :login
         post '/login', to: 'user_sessions#create', as: :create_new_session
-        get '/logout', to: 'user_sessions#destroy', as: :logout
+        match '/logout', to: 'user_sessions#destroy', as: :logout, via: Devise.sign_out_via
+
+        get '/password/recover', to: 'user_passwords#new', as: :recover_password
+        post '/password/recover', to: 'user_passwords#create', as: :reset_password
+        get '/password/change', to: 'user_passwords#edit', as: :edit_password
+        put '/password/change', to: 'user_passwords#update', as: :update_password
       end
     end
   end