RubyGems - solidus_auth_devise - Versions diffs - 2.0.0 → 2.5.0 - Mend

solidus_auth_devise 2.0.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (121) hide show

checksums.yaml +5 -5
data/.circleci/config.yml +35 -0
data/.gem_release.yml +5 -0
data/.github/stale.yml +17 -0
data/.gitignore +12 -8
data/.rubocop.yml +2 -0
data/CHANGELOG.md +284 -145
data/Gemfile +22 -14
data/{LICENSE.md → LICENSE} +2 -2
data/README.md +50 -3
data/Rakefile +2 -0
data/app/mailers/spree/user_mailer.rb +4 -2
data/app/models/spree/auth_configuration.rb +2 -0
data/app/models/spree/user.rb +30 -20
data/app/overrides/spree/admin/users/edit/_add_reset_password_form.html.erb.deface +20 -0
data/bin/console +17 -0
data/bin/rails +12 -4
data/bin/setup +8 -0
data/config/initializers/devise.rb +11 -3
data/config/initializers/warden.rb +4 -2
data/config/locales/en.yml +4 -1
data/config/locales/fr.yml +1 -1
data/config/locales/it.yml +4 -4
data/config/routes.rb +16 -15
data/db/default/users.rb +10 -8
data/db/migrate/20101026184949_create_users.rb +9 -7
data/db/migrate/20101026184950_rename_columns_for_devise.rb +3 -1
data/db/migrate/20101214150824_convert_user_remember_field.rb +2 -0
data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb +2 -0
data/db/migrate/20120605211305_make_users_email_index_unique.rb +4 -2
data/db/migrate/20140904000425_add_deleted_at_to_users.rb +2 -0
data/db/migrate/20141002154641_add_confirmable_to_users.rb +2 -0
data/db/migrate/20190125170630_add_reset_password_token_index_to_spree_users.rb +34 -0
data/db/migrate/20200417153503_add_unconfirmed_email_to_spree_users.rb +7 -0
data/db/seeds.rb +2 -0
data/lib/controllers/backend/spree/admin/user_passwords_controller.rb +7 -4
data/lib/controllers/backend/spree/admin/user_sessions_controller.rb +12 -10
data/lib/controllers/frontend/spree/user_confirmations_controller.rb +2 -0
data/lib/controllers/frontend/spree/user_passwords_controller.rb +4 -1
data/lib/controllers/frontend/spree/user_registrations_controller.rb +4 -0
data/lib/controllers/frontend/spree/user_sessions_controller.rb +4 -2
data/lib/controllers/frontend/spree/users_controller.rb +20 -15
data/lib/decorators/backend/controllers/spree/admin/base_controller_decorator.rb +20 -0
data/lib/decorators/backend/controllers/spree/admin/orders/customer_details_controller_decorator.rb +22 -0
data/lib/{controllers/frontend → decorators/frontend/controllers}/spree/checkout_controller_decorator.rb +29 -19
data/lib/generators/solidus/auth/install/install_generator.rb +15 -3
data/lib/generators/solidus/auth/install/templates/config/initializers/devise.rb +3 -1
data/lib/solidus/auth.rb +2 -0
data/lib/solidus_auth_devise.rb +13 -5
data/lib/spree/auth/devise.rb +2 -7
data/lib/spree/auth/engine.rb +51 -38
data/lib/spree/auth/version.rb +7 -0
data/lib/spree/authentication_helpers.rb +5 -11
data/lib/tasks/auth.rake +3 -1
data/lib/views/backend/spree/admin/shared/_navigation_footer.html.erb +13 -6
data/lib/views/backend/spree/admin/user_passwords/edit.html.erb +4 -4
data/lib/views/backend/spree/admin/user_passwords/new.html.erb +6 -8
data/lib/views/backend/spree/admin/user_sessions/authorization_failure.html.erb +1 -1
data/lib/views/backend/spree/admin/user_sessions/new.html.erb +9 -9
data/lib/views/backend/spree/layouts/admin/_login_nav.html.erb +4 -4
data/lib/views/frontend/spree/checkout/registration.html.erb +4 -4
data/lib/views/frontend/spree/shared/_login.html.erb +4 -4
data/lib/views/frontend/spree/shared/_login_bar.html.erb +2 -6
data/lib/views/frontend/spree/shared/_login_bar_items.html.erb +6 -0
data/lib/views/frontend/spree/shared/_user_form.html.erb +3 -3
data/lib/views/frontend/spree/user_passwords/edit.html.erb +4 -4
data/lib/views/frontend/spree/user_passwords/new.html.erb +5 -7
data/lib/views/frontend/spree/user_registrations/new.html.erb +3 -3
data/lib/views/frontend/spree/user_sessions/authorization_failure.html.erb +1 -1
data/lib/views/frontend/spree/user_sessions/new.html.erb +2 -2
data/lib/views/frontend/spree/users/edit.html.erb +2 -2
data/lib/views/frontend/spree/users/show.html.erb +12 -12
data/solidus_auth_devise.gemspec +38 -31
data/spec/controllers/spree/admin/base_controller_spec.rb +53 -0
data/spec/controllers/spree/admin/user_passwords_controller_spec.rb +14 -0
data/spec/controllers/spree/base_controller_spec.rb +53 -0
data/spec/controllers/spree/checkout_controller_spec.rb +6 -10
data/spec/controllers/spree/products_controller_spec.rb +6 -3
data/spec/controllers/spree/user_passwords_controller_spec.rb +4 -3
data/spec/controllers/spree/user_registrations_controller_spec.rb +3 -2
data/spec/controllers/spree/user_sessions_controller_spec.rb +14 -0
data/spec/controllers/spree/users_controller_spec.rb +26 -8
data/spec/factories/confirmed_user.rb +7 -5
data/spec/features/account_spec.rb +4 -3
data/spec/features/admin/password_reset_spec.rb +66 -10
data/spec/features/admin/products_spec.rb +2 -1
data/spec/features/admin/sign_in_spec.rb +2 -1
data/spec/features/admin/sign_out_spec.rb +2 -1
data/spec/features/admin_permissions_spec.rb +2 -1
data/spec/features/change_email_spec.rb +3 -2
data/spec/features/checkout_spec.rb +14 -37
data/spec/features/confirmation_spec.rb +6 -10
data/spec/features/order_spec.rb +2 -1
data/spec/features/password_reset_spec.rb +23 -10
data/spec/features/sign_in_spec.rb +2 -1
data/spec/features/sign_out_spec.rb +4 -3
data/spec/features/sign_up_spec.rb +2 -1
data/spec/mailers/user_mailer_spec.rb +2 -1
data/spec/models/order_spec.rb +2 -1
data/spec/models/user_spec.rb +57 -38
data/spec/spec_helper.rb +13 -9
data/spec/support/ability.rb +3 -1
data/spec/support/authentication_helpers.rb +2 -0
data/spec/support/confirm_helpers.rb +23 -10
data/spec/support/email.rb +2 -0
data/spec/support/features/fill_addresses_fields.rb +29 -0
data/spec/support/preferences.rb +10 -2
data/spec/support/spree.rb +2 -0
metadata +327 -243
data/.travis.yml +0 -22
data/app/overrides/auth_admin_login_navigation_bar.rb +0 -11
data/app/overrides/auth_shared_login_bar.rb +0 -10
data/circle.yml +0 -6
data/lib/assets/javascripts/spree/backend/solidus_auth.js +0 -1
data/lib/assets/javascripts/spree/frontend/solidus_auth.js +0 -1
data/lib/assets/stylesheets/spree/backend/solidus_auth.css +0 -3
data/lib/assets/stylesheets/spree/frontend/solidus_auth.css +0 -3
data/lib/controllers/backend/spree/admin/admin_controller_decorator.rb +0 -11
data/lib/controllers/backend/spree/admin/admin_orders_controller_decorator.rb +0 -20
data/lib/controllers/backend/spree/admin/orders/customer_details_controller_decorator.rb +0 -15
data/spec/features/admin/orders_spec.rb +0 -30

data/lib/views/backend/spree/layouts/admin/_login_nav.html.erb CHANGED

@@ -1,12 +1,12 @@
 <% if spree_current_user %>
   <ul id="login-nav" class="inline-menu">
-    <li data-hook="user-logged-in-as"><%= Spree.t(:logged_in_as) %>: <%= spree_current_user.email %></li>
-    <li data-hook="user-account-link" class='fa fa-user'><%= link_to Spree.t(:account), spree.edit_admin_user_path(spree_current_user) %></li>
-    <li data-hook="user-logout-link" class='fa fa-sign-out'><%= link_to Spree.t(:logout), spree.admin_logout_path %></li>
+    <li data-hook="user-logged-in-as"><%= I18n.t('spree.logged_in_as') %>: <%= spree_current_user.email %></li>
+    <li data-hook="user-account-link" class='fa fa-user'><%= link_to I18n.t('spree.account'), spree.edit_admin_user_path(spree_current_user) %></li>
+    <li data-hook="user-logout-link" class='fa fa-sign-out'><%= link_to I18n.t('spree.logout'), spree.admin_logout_path %></li>
     <% if spree.respond_to? :root_path %>
       <li data-hook="store-frontend-link" class='fa fa-external-link'>
-         <%= link_to Spree.t(:back_to_store), spree.root_path, target: '_blank' %>
+         <%= link_to I18n.t('spree.back_to_store'), spree.root_path, target: '_blank' %>
       </li>
     <% end %>
   </ul>

data/lib/views/frontend/spree/checkout/registration.html.erb CHANGED

@@ -1,21 +1,21 @@
 <%= render partial: 'spree/shared/error_messages', locals: { target: @user } %>
-<h1><%= Spree.t(:registration) %></h1>
+<h1><%= I18n.t('spree.registration') %></h1>
 <div id="registration" data-hook>
   <div id="account" class="columns alpha eight">
     <%= render template: 'spree/user_sessions/new' %>
   </div>
   <% if Spree::Config[:allow_guest_checkout] %>
     <div id="guest_checkout" data-hook class="columns omega eight">
-      <h6><%= Spree.t(:guest_user_account) %></h6>
+      <h6><%= I18n.t('spree.guest_user_account') %></h6>
       <% if flash[:registration_error] %>
         <div class='flash error'><%= flash[:registration_error] %></div>
       <% end %>
       <%= form_for @order, url: update_checkout_registration_path, method: :put, html: { id: 'checkout_form_registration' } do |f| %>
         <p>
-          <%= f.label :email, Spree.t(:email) %><br />
+          <%= f.label :email, I18n.t('spree.email') %><br />
           <%= f.email_field :email, class: 'title' %>
         </p>
-        <p><%= f.submit Spree.t(:continue), class: 'button primary' %></p>
+        <p><%= f.submit I18n.t('spree.continue'), class: 'button primary' %></p>
       <% end %>
     </div>
   <% end %>

data/lib/views/frontend/spree/shared/_login.html.erb CHANGED

@@ -1,18 +1,18 @@
 <%= form_for Spree::User.new, as: :spree_user, url: spree.create_new_session_path do |f| %>
   <div id="password-credentials">
     <p>
-      <%= f.label :email, Spree.t(:email) %><br />
+      <%= f.label :email, I18n.t('spree.email') %><br />
       <%= f.email_field :email, class: 'title', tabindex: 1, autofocus: true %>
     </p>
     <p>
-      <%= f.label :password, Spree.t(:password) %><br />
+      <%= f.label :password, I18n.t('spree.password') %><br />
       <%= f.password_field :password, class: 'title', tabindex: 2 %>
     </p>
   </div>
   <p>
     <%= f.check_box :remember_me, tabindex: 3 %>
-    <%= f.label :remember_me, Spree.t(:remember_me) %>
+    <%= f.label :remember_me, I18n.t('spree.remember_me') %>
   </p>
-  <p><%= f.submit Spree.t(:login), class: 'button primary', tabindex: 4 %></p>
+  <p><%= f.submit I18n.t('spree.login'), class: 'button primary', tabindex: 4 %></p>
 <% end %>

data/lib/views/frontend/spree/shared/_login_bar.html.erb CHANGED

@@ -1,6 +1,2 @@
-<% if spree_current_user %>
-  <li><%= link_to Spree.t(:my_account), spree.account_path %></li>
-  <li><%= link_to Spree.t(:logout), spree.logout_path %></li>
-<% else %>
-  <li id="link-to-login"><%= link_to Spree.t(:login), spree.login_path %></li>
-<% end %>
+<% Spree::Deprecation.warn "spree/shared/login_bar has moved to spree/shared/login_bar_items" %>
+<%= render 'spree/shared/login_bar_items' %>

data/lib/views/frontend/spree/shared/_login_bar_items.html.erb ADDED

@@ -0,0 +1,6 @@
+<% if spree_current_user %>
+  <li><%= link_to I18n.t('spree.my_account'), spree.account_path %></li>
+  <li><%= link_to I18n.t('spree.logout'), spree.logout_path, method: Devise.sign_out_via %></li>
+<% else %>
+  <li id="link-to-login"><%= link_to I18n.t('spree.login'), spree.login_path %></li>
+<% end %>

data/lib/views/frontend/spree/shared/_user_form.html.erb CHANGED

@@ -1,15 +1,15 @@
 <p>
-  <%= f.label :email, Spree.t(:email) %><br />
+  <%= f.label :email, I18n.t('spree.email') %><br />
   <%= f.email_field :email, class: 'title' %>
 </p>
 <div id="password-credentials">
   <p>
-    <%= f.label :password, Spree.t(:password) %><br />
+    <%= f.label :password, I18n.t('spree.password') %><br />
     <%= f.password_field :password, class: 'title' %>
   </p>
   <p>
-    <%= f.label :password_confirmation, Spree.t(:confirm_password) %><br />
+    <%= f.label :password_confirmation, I18n.t('spree.confirm_password') %><br />
     <%= f.password_field :password_confirmation, class: 'title' %>
   </p>
 </div>

data/lib/views/frontend/spree/user_passwords/edit.html.erb CHANGED

@@ -1,17 +1,17 @@
 <%= render partial: 'spree/shared/error_messages', locals: { target: @spree_user } %>
 <div id="change-password">
-  <h6><%= Spree.t(:change_my_password) %></h6>
+  <h6><%= I18n.t('spree.change_my_password') %></h6>
   <%= form_for @spree_user, as: :spree_user, url: spree.update_password_path, method: :put do |f| %>
     <p>
-      <%= f.label :password, Spree.t(:password) %><br />
+      <%= f.label :password, I18n.t('spree.password') %><br />
       <%= f.password_field :password %><br />
     </p>
     <p>
-      <%= f.label :password_confirmation, Spree.t(:confirm_password) %><br />
+      <%= f.label :password_confirmation, I18n.t('spree.confirm_password') %><br />
       <%= f.password_field :password_confirmation %><br />
     </p>
     <%= f.hidden_field :reset_password_token %>
-    <%= f.submit Spree.t(:update), class: 'button primary' %>
+    <%= f.submit I18n.t('spree.update'), class: 'button primary' %>
   <% end %>
 </div>

data/lib/views/frontend/spree/user_passwords/new.html.erb CHANGED

@@ -1,17 +1,15 @@
-<%= render partial: 'spree/shared/error_messages', locals: { target: @spree_user } %>
 <div id="forgot-password">
-  <h6><%= Spree.t(:forgot_password) %></h6>
+  <h6><%= I18n.t('spree.forgot_password') %></h6>
-  <p><%= Spree.t(:instructions_to_reset_password) %></p>
+  <p><%= I18n.t('spree.instructions_to_reset_password') %></p>
   <%= form_for Spree::User.new, as: :spree_user, url: spree.reset_password_path do |f| %>
     <p>
-      <%= f.label :email, Spree.t(:email) %><br />
-      <%= f.email_field :email %>
+      <%= f.label :email, I18n.t('spree.email') %><br />
+      <%= f.email_field :email, required: true %>
     </p>
     <p>
-      <%= f.submit Spree.t(:reset_password), class: 'button primary' %>
+      <%= f.submit I18n.t('spree.reset_password'), class: 'button primary' %>
     </p>
   <% end %>
 </div>

data/lib/views/frontend/spree/user_registrations/new.html.erb CHANGED

@@ -3,16 +3,16 @@
 <%= render 'spree/shared/error_messages', target: resource %>
 <div id="new-customer">
-  <h6><%= Spree.t(:new_customer) %></h6>
+  <h6><%= I18n.t('spree.new_customer') %></h6>
   <div data-hook="signup">
     <%= form_for resource, as: :spree_user, url: spree.registration_path(resource) do |f| %>
       <div data-hook="signup_inside_form">
         <%= render partial: 'spree/shared/user_form', locals: { f: f } %>
-        <p><%= f.submit Spree.t(:create), class: 'button primary' %></p>
+        <p><%= f.submit I18n.t('spree.create'), class: 'button primary' %></p>
       </div>
     <% end %>
-    <%= Spree.t(:or) %>&nbsp;<%= link_to Spree.t(:login_as_existing), spree.login_path %>
+    <%= I18n.t('spree.or') %>&nbsp;<%= link_to I18n.t('spree.login_as_existing'), spree.login_path %>
   </div>

data/lib/views/frontend/spree/user_sessions/authorization_failure.html.erb CHANGED

@@ -1,4 +1,4 @@
 <div style="height:50px; padding-top:20px;">
-  <strong><%= Spree.t(:authorization_failure) %></strong>
+  <strong><%= I18n.t('spree.authorization_failure') %></strong>
 </div>
 <!-- Add your own custom access denied message here if you like -->

data/lib/views/frontend/spree/user_sessions/new.html.erb CHANGED

@@ -4,10 +4,10 @@
 <% @body_id = 'login' %>
 <div id="existing-customer">
-  <h6><%= Spree.t(:login_as_existing) %></h6>
+  <h6><%= I18n.t('spree.login_as_existing') %></h6>
   <div data-hook="login">
     <%= render partial: 'spree/shared/login' %>
-    <%= Spree.t(:or) %>&nbsp;<%= link_to Spree.t(:create_a_new_account), spree.signup_path %> | <%= link_to Spree.t(:forgot_password), spree.recover_password_path %>
+    <%= I18n.t('spree.or') %>&nbsp;<%= link_to I18n.t('spree.create_a_new_account'), spree.signup_path %> | <%= link_to I18n.t('spree.forgot_password'), spree.recover_password_path %>
   </div>
 </div>
 <div data-hook="login_extras"></div>

data/lib/views/frontend/spree/users/edit.html.erb CHANGED

@@ -1,13 +1,13 @@
 <%= render partial: 'spree/shared/error_messages', locals: { target: @user } %>
 <div id="edit-account">
-  <h1><%= Spree.t(:editing_user) %></h1>
+  <h1><%= I18n.t('spree.editing_user') %></h1>
   <div data-hook="account_edit">
     <%= form_for Spree::User.new, as: @user, url: spree.user_path(@user), method: :put do |f| %>
       <%= render partial: 'spree/shared/user_form', locals: { f: f } %>
       <p>
-        <%= f.submit Spree.t(:update), class: 'button primary' %>
+        <%= f.submit I18n.t('spree.update'), class: 'button primary' %>
       </p>
     <% end %>
   </div>

data/lib/views/frontend/spree/users/show.html.erb CHANGED

@@ -2,24 +2,24 @@
 <div data-hook="account_summary" class="account-summary">
   <dl id="user-info">
-    <dt><%= Spree.t(:email) %></dt>
-    <dd><%= @user.email %> (<%= link_to Spree.t(:edit), spree.edit_account_path %>)</dd>
+    <dt><%= I18n.t('spree.email') %></dt>
+    <dd><%= @user.email %> (<%= link_to I18n.t('spree.edit'), spree.edit_account_path %>)</dd>
   </dl>
 </div>
 <div data-hook="account_my_orders" class="account-my-orders">
-  <h3><%= Spree.t(:my_orders) %></h3>
+  <h3><%= I18n.t('spree.my_orders') %></h3>
   <% if @orders.present? %>
     <table class="order-summary">
       <thead>
       <tr>
         <th class="order-number"><%= I18n.t(:number, scope: 'activerecord.attributes.spree/order') %></th>
-        <th class="order-date"><%= Spree.t(:date) %></th>
-        <th class="order-status"><%= Spree.t(:status) %></th>
-        <th class="order-payment-state"><%= Spree.t(:payment_state) %></th>
-        <th class="order-shipment-state"><%= Spree.t(:shipment_state) %></th>
-        <th class="order-total"><%= Spree.t(:total) %></th>
+        <th class="order-date"><%= I18n.t('spree.date') %></th>
+        <th class="order-status"><%= I18n.t('spree.status') %></th>
+        <th class="order-payment-state"><%= I18n.t('spree.payment_state') %></th>
+        <th class="order-shipment-state"><%= I18n.t('spree.shipment_state') %></th>
+        <th class="order-total"><%= I18n.t('spree.total') %></th>
       </tr>
       </thead>
       <tbody>
@@ -27,16 +27,16 @@
         <tr class="<%= cycle('even', 'odd') %>">
           <td class="order-number"><%= link_to order.number, order_url(order) %></td>
           <td class="order-date"><%= l order.completed_at.to_date %></td>
-          <td class="order-status"><%= Spree.t("order_state.#{order.state}").titleize %></td>
-          <td class="order-payment-state"><%= Spree.t("payment_states.#{order.payment_state}").titleize if order.payment_state %></td>
-          <td class="order-shipment-state"><%= Spree.t("shipment_states.#{order.shipment_state}").titleize if order.shipment_state %></td>
+          <td class="order-status"><%= I18n.t("spree.order_state.#{order.state}").titleize %></td>
+          <td class="order-payment-state"><%= I18n.t("spree.payment_states.#{order.payment_state}").titleize if order.payment_state %></td>
+          <td class="order-shipment-state"><%= I18n.t("spree.shipment_states.#{order.shipment_state}").titleize if order.shipment_state %></td>
           <td class="order-total"><%= order.display_total %></td>
         </tr>
       <% end %>
       </tbody>
     </table>
   <% else %>
-    <p><%= Spree.t(:you_have_no_orders_yet) %></p>
+    <p><%= I18n.t('spree.you_have_no_orders_yet') %></p>
   <% end %>
   <br />

data/solidus_auth_devise.gemspec CHANGED

@@ -1,43 +1,50 @@
-# encoding: UTF-8
+# frozen_string_literal: true
+$:.push File.expand_path('lib', __dir__)
+require 'spree/auth/version'
 Gem::Specification.new do |s|
-  s.platform    = Gem::Platform::RUBY
-  s.name        = "solidus_auth_devise"
-  s.version     = "2.0.0"
-  s.summary     = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
-  s.description = s.summary
+  s.platform = Gem::Platform::RUBY
+  s.name = "solidus_auth_devise"
+  s.version = Spree::Auth::VERSION
+  s.summary = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
+  s.license = 'BSD-3-Clause'
-  s.author       = 'Solidus Team'
-  s.email        = 'contact@solidus.io'
+  s.author = 'Solidus Team'
+  s.email = 'contact@solidus.io'
+  s.homepage = 'https://github.com/solidusio/solidus_auth_devise'
-  s.required_ruby_version = ">= 2.1"
-  s.license     = %q{BSD-3}
+  if s.respond_to?(:metadata)
+    s.metadata["homepage_uri"] = s.homepage if s.homepage
+    s.metadata["source_code_uri"] = s.homepage if s.homepage
+  end
-  s.files        = `git ls-files`.split("\n")
-  s.test_files   = `git ls-files -- spec/*`.split("\n")
-  s.require_path = "lib"
-  s.requirements << "none"
+  s.required_ruby_version = '~> 2.4'
-  solidus_version = [">= 1.2.0", "< 3"]
+  s.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  s.test_files = Dir['spec/**/*']
+  s.bindir = "exe"
+  s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  s.require_paths = ["lib"]
-  s.add_dependency "solidus_core", solidus_version
-  s.add_dependency "solidus_support", ">= 0.1.3"
+  solidus_version = [">= 2.6", "< 3"]
+  s.post_install_message = "
+    NOTE: Rails 6 has removed secret_token in favor of secret_key_base, which was deprecated in
+    Rails 5.2. solidus_auth_devise will keep using secret_token, when present, as the pepper. If
+    secret_token is undefined or not available, secret_key_base will be used instead.
+  ".strip.gsub(/ +/, ' ')
+  s.add_dependency "deface", "~> 1.0"
   s.add_dependency "devise", '~> 4.1'
   s.add_dependency "devise-encryptable", "0.2.0"
-  s.add_dependency 'deface', '~> 1.0'
-  s.add_development_dependency "capybara", "~> 2.14"
-  s.add_development_dependency "capybara-screenshot"
-  s.add_development_dependency "coffee-rails"
-  s.add_development_dependency "database_cleaner", "~> 1.6"
-  s.add_development_dependency "factory_girl", "~> 4.4"
-  s.add_development_dependency "ffaker"
-  s.add_development_dependency "poltergeist", "~> 1.5"
-  s.add_development_dependency "rspec-rails", "~> 3.3"
-  s.add_development_dependency "sass-rails"
-  s.add_development_dependency "shoulda-matchers", "~> 3.1"
-  s.add_development_dependency "simplecov", "~> 0.14"
+  s.add_dependency "paranoia", "~> 2.4"
+  s.add_dependency "solidus_core", solidus_version
+  s.add_dependency "solidus_support", "~> 0.5"
   s.add_development_dependency "solidus_backend", solidus_version
+  s.add_development_dependency "solidus_dev_support", ">= 0.3.0"
   s.add_development_dependency "solidus_frontend", solidus_version
-  s.add_development_dependency "sqlite3"
 end

data/spec/controllers/spree/admin/base_controller_spec.rb ADDED

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe Spree::Admin::BaseController, type: :controller do
+  describe '#unauthorized_redirect' do
+    controller(described_class) do
+      def index; authorize!(:read, :something); end
+    end
+    before do
+      stub_spree_preferences(Spree::Config, redirect_back_on_unauthorized: true)
+    end
+    context "when user is logged in" do
+      before { sign_in(create(:user)) }
+      context "when http_referrer is not present" do
+        it "redirects to unauthorized path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_unauthorized_path)
+        end
+      end
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+    context "when user is not logged in" do
+      context "when http_referrer is not present" do
+        it "redirects to login path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_login_path)
+        end
+      end
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/admin/user_passwords_controller_spec.rb ADDED

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+RSpec.describe Spree::Admin::UserPasswordsController, type: :controller do
+  before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
+  describe '#create' do
+    it 'responds with success' do
+      post :create, params: { spree_user: { email: 'admin@example.com' } }
+      expect(assigns[:spree_user].email).to eq('admin@example.com')
+      expect(response.code).to eq('200')
+    end
+  end
+end

data/spec/controllers/spree/base_controller_spec.rb ADDED

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe Spree::BaseController, type: :controller do
+  describe '#unauthorized_redirect' do
+    controller(described_class) do
+      def index; authorize!(:read, :something); end
+    end
+    before do
+      stub_spree_preferences(Spree::Config, redirect_back_on_unauthorized: true)
+    end
+    context "when user is logged in" do
+      before { sign_in(create(:user)) }
+      context "when http_referrer is not present" do
+        it "redirects to unauthorized path" do
+          get :index
+          expect(response).to redirect_to(spree.unauthorized_path)
+        end
+      end
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+    context "when user is not logged in" do
+      context "when http_referrer is not present" do
+        it "redirects to login path" do
+          get :index
+          expect(response).to redirect_to(spree.login_path)
+        end
+      end
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+  end
+end