solidus_auth_devise 2.1.0 → 2.5.1

data/db/default/users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # see last line where we create an admin if there is none, asking for email and password
 def prompt_for_admin_password
   if ENV['ADMIN_PASSWORD']
@@ -31,20 +33,20 @@ def create_admin_user
     email = 'admin@example.com'
   else
     puts 'Create the admin user (press enter for defaults).'
-    #name = prompt_for_admin_name unless name
+    # name = prompt_for_admin_name unless name
     email = prompt_for_admin_email
     password = prompt_for_admin_password
   end
   attributes = {
-    :password => password,
-    :password_confirmation => password,
-    :email => email,
-    :login => email
+    password: password,
+    password_confirmation: password,
+    email: email,
+    login: email
   }
 
   load 'spree/user.rb'
 
-  if Spree::User.find_by_email(email)
+  if Spree::User.find_by(email: email)
     puts "\nWARNING: There is already a user with the email: #{email}, so no account changes were made.  If you wish to create an additional admin user, please run rake spree_auth:admin:create again with a different email.\n\n"
   else
     admin = Spree::User.new(attributes)
@@ -55,7 +57,7 @@ def create_admin_user
       admin.generate_spree_api_key!
       puts "Done!"
     else
-      puts "There was some problems with persisting new admin user:"
+      puts "There were some problems with persisting a new admin user:"
       admin.errors.full_messages.each do |error|
         puts error
       end
@@ -66,7 +68,7 @@ end
 if Spree::User.admin.empty?
   create_admin_user
 else
-  puts 'Admin user has already been previously created.'
+  puts 'Admin user has already been created.'
   puts 'Would you like to create a new admin user? (yes/no)'
   if ["yes", "y"].include? STDIN.gets.strip.downcase
     create_admin_user

data/db/migrate/20101026184949_create_users.rb

@@ -1,17 +1,19 @@
+# frozen_string_literal: true
+
 class CreateUsers < SolidusSupport::Migration[4.2]
   def up
     unless table_exists?("spree_users")
-      create_table "spree_users", :force => true do |t|
-        t.string   "crypted_password",          :limit => 128
-        t.string   "salt",                      :limit => 128
+      create_table "spree_users", force: true do |t|
+        t.string   "crypted_password",          limit: 128
+        t.string   "salt",                      limit: 128
         t.string   "email"
         t.string   "remember_token"
         t.string   "remember_token_expires_at"
         t.string   "persistence_token"
         t.string   "single_access_token"
         t.string   "perishable_token"
-        t.integer  "login_count",                              :default => 0, :null => false
-        t.integer  "failed_login_count",                       :default => 0, :null => false
+        t.integer  "login_count",                              default: 0, null: false
+        t.integer  "failed_login_count",                       default: 0, null: false
         t.datetime "last_request_at"
         t.datetime "current_login_at"
         t.datetime "last_login_at"
@@ -20,8 +22,8 @@ class CreateUsers < SolidusSupport::Migration[4.2]
         t.string   "login"
         t.integer  "ship_address_id"
         t.integer  "bill_address_id"
-        t.datetime "created_at",                                              :null => false
-        t.datetime "updated_at",                                              :null => false
+        t.datetime "created_at",                                              null: false
+        t.datetime "updated_at",                                              null: false
         t.string   "openid_identifier"
       end
     end

data/db/migrate/20101026184950_rename_columns_for_devise.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 class RenameColumnsForDevise < SolidusSupport::Migration[4.2]
   def up
     return if column_exists?(:spree_users, :password_salt)
+
     rename_column :spree_users, :crypted_password, :encrypted_password
     rename_column :spree_users, :salt, :password_salt
     rename_column :spree_users, :remember_token_expires_at, :remember_created_at
@@ -31,7 +34,6 @@ class RenameColumnsForDevise < SolidusSupport::Migration[4.2]
     rename_column :spree_users, :remember_created_at, :remember_token_expires_at
     rename_column :spree_users, :password_salt, :salt
     rename_column :spree_users, :encrypted_password, :crypted_password
-    add_column :spree_users, :unlock_token, :string
     add_column :spree_users, :openid_identifier, :string
   end
 end

data/db/migrate/20101214150824_convert_user_remember_field.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class ConvertUserRememberField < SolidusSupport::Migration[4.2]
   def up
     remove_column :spree_users, :remember_created_at

data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddResetPasswordSentAtToSpreeUsers < SolidusSupport::Migration[4.2]
   def change
     Spree::User.reset_column_information

data/db/migrate/20120605211305_make_users_email_index_unique.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 class MakeUsersEmailIndexUnique < SolidusSupport::Migration[4.2]
   def up
-    add_index "spree_users", ["email"], :name => "email_idx_unique", :unique => true
+    add_index "spree_users", ["email"], name: "email_idx_unique", unique: true
   end
 
   def down
-    remove_index "spree_users", :name => "email_idx_unique"
+    remove_index "spree_users", name: "email_idx_unique"
   end
 end

data/db/migrate/20140904000425_add_deleted_at_to_users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddDeletedAtToUsers < SolidusSupport::Migration[4.2]
   def change
     add_column :spree_users, :deleted_at, :datetime

data/db/migrate/20141002154641_add_confirmable_to_users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddConfirmableToUsers < SolidusSupport::Migration[4.2]
   def change
     add_column :spree_users, :confirmation_token, :string

data/db/migrate/20190125170630_add_reset_password_token_index_to_spree_users.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class AddResetPasswordTokenIndexToSpreeUsers < SolidusSupport::Migration[4.2]
+  # We're not using the standard Rails index name because somebody could have
+  #  already added that index to the table. By using a custom name we ensure
+  # that the index can effectively be added and removed via migrations/rollbacks
+  #  without having any impact on such installations. The index name is Rails
+  # standard name + "_solidus_auth_devise"; the length is 61 chars which is
+  # still OK for Sqlite, mySQL and Postgres.
+  def custom_index_name
+    'index_spree_users_on_reset_password_token_solidus_auth_devise'
+  end
+
+  def default_index_exists?
+    index_exists?(:spree_users, :reset_password_token)
+  end
+
+  def custom_index_exists?
+    index_exists?(:spree_users, :reset_password_token, name: custom_index_name)
+  end
+
+  def up
+    Spree::User.reset_column_information
+    if Spree::User.column_names.include?('reset_password_token') && !default_index_exists? && !custom_index_exists?
+      add_index :spree_users, :reset_password_token, unique: true, name: custom_index_name
+    end
+  end
+
+  def down
+    if custom_index_exists?
+      remove_index :spree_users, name: custom_index_name
+    end
+  end
+end

data/db/migrate/20200417153503_add_unconfirmed_email_to_spree_users.rb

@@ -0,0 +1,7 @@
+class AddUnconfirmedEmailToSpreeUsers < ActiveRecord::Migration[5.2]
+  def change
+    unless column_exists?(:spree_users, :unconfirmed_email)
+      add_column :spree_users, :unconfirmed_email, :string
+    end
+  end
+end

data/db/seeds.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require_relative 'default/users.rb'

data/lib/controllers/backend/spree/admin/user_passwords_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::Admin::UserPasswordsController < Devise::PasswordsController
   helper 'spree/base'
 
@@ -8,6 +10,8 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
   helper 'spree/admin/navigation'
   layout 'spree/layouts/admin'
 
+  skip_before_action :require_no_authentication, only: [:create]
+
   # Overridden due to bug in Devise.
   #   respond_with resource, location: new_session_path(resource_name)
   # is generating bad url /session/new.user
@@ -18,9 +22,10 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
   def create
     self.resource = resource_class.send_reset_password_instructions(params[resource_name])
 
+    set_flash_message(:notice, :send_instructions) if is_navigational_format?
+
     if resource.errors.empty?
-      set_flash_message(:notice, :send_instructions) if is_navigational_format?
-      respond_with resource, location: spree.admin_login_path
+      respond_with resource, location: admin_user_path(resource)
     else
       respond_with_navigational(resource) { render :new }
     end
@@ -37,5 +42,4 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
       super
     end
   end
-
 end

data/lib/controllers/backend/spree/admin/user_sessions_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::Admin::UserSessionsController < Devise::SessionsController
   helper 'spree/base'
 
@@ -14,12 +16,12 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
     if spree_user_signed_in?
       respond_to do |format|
         format.html {
-          flash[:success] = Spree.t(:logged_in_succesfully)
+          flash[:success] = I18n.t('spree.logged_in_succesfully')
           redirect_back_or_default(after_sign_in_path_for(spree_current_user))
         }
         format.js {
           user = resource.record
-          render json: {ship_address: user.ship_address, bill_address: user.bill_address}.to_json
+          render json: { ship_address: user.ship_address, bill_address: user.bill_address }.to_json
         }
       end
     else
@@ -32,12 +34,13 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
   end
 
   private
-    def accurate_title
-      Spree.t(:login)
-    end
 
-    def redirect_back_or_default(default)
-      redirect_to(session["spree_user_return_to"] || default)
-      session["spree_user_return_to"] = nil
-    end
+  def accurate_title
+    I18n.t('spree.login')
+  end
+
+  def redirect_back_or_default(default)
+    redirect_to(session["spree_user_return_to"] || default)
+    session["spree_user_return_to"] = nil
+  end
 end

data/lib/controllers/frontend/spree/user_confirmations_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UserConfirmationsController < Devise::ConfirmationsController
   helper 'spree/base', 'spree/store'
 

data/lib/controllers/frontend/spree/user_passwords_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UserPasswordsController < Devise::PasswordsController
   helper 'spree/base', 'spree/store'
 
@@ -16,8 +18,9 @@ class Spree::UserPasswordsController < Devise::PasswordsController
   def create
     self.resource = resource_class.send_reset_password_instructions(params[resource_name])
 
+    set_flash_message(:notice, :send_instructions) if is_navigational_format?
+
     if resource.errors.empty?
-      set_flash_message(:notice, :send_instructions) if is_navigational_format?
       respond_with resource, location: spree.login_path
     else
       respond_with_navigational(resource) { render :new }

data/lib/controllers/frontend/spree/user_registrations_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UserRegistrationsController < Devise::RegistrationsController
   helper 'spree/base', 'spree/store'
 
@@ -25,6 +27,7 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
   end
 
   protected
+
   def translation_scope
     'devise.user_registrations'
   end
@@ -34,6 +37,7 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
   end
 
   private
+
   def spree_user_params
     params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes | [:email])
   end

data/lib/controllers/frontend/spree/user_sessions_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UserSessionsController < Devise::SessionsController
   helper 'spree/base', 'spree/store'
 
@@ -16,7 +18,7 @@ class Spree::UserSessionsController < Devise::SessionsController
     if spree_user_signed_in?
       respond_to do |format|
         format.html do
-          flash[:success] = Spree.t(:logged_in_succesfully)
+          flash[:success] = I18n.t('spree.logged_in_succesfully')
           redirect_back_or_default(after_sign_in_path_for(spree_current_user))
         end
         format.js { render success_json }
@@ -44,7 +46,7 @@ class Spree::UserSessionsController < Devise::SessionsController
   private
 
   def accurate_title
-    Spree.t(:login)
+    I18n.t('spree.login')
   end
 
   def redirect_back_or_default(default)

data/lib/controllers/frontend/spree/users_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UsersController < Spree::StoreController
   skip_before_action :set_current_order, only: :show, raise: false
   prepend_before_action :load_object, only: [:show, :edit, :update]
@@ -24,34 +26,37 @@ class Spree::UsersController < Spree::StoreController
   end
 
   def update
-    if @user.update_attributes(user_params)
+    if @user.update(user_params)
+      spree_current_user.reload
+
       if params[:user][:password].present?
         # this logic needed b/c devise wants to log us out after password changes
         unless Spree::Auth::Config[:signout_after_password_change]
           bypass_sign_in(@user)
         end
       end
-      redirect_to spree.account_url, notice: Spree.t(:account_updated)
+      redirect_to spree.account_url, notice: I18n.t('spree.account_updated')
     else
       render :edit
     end
   end
 
   private
-    def user_params
-      params.require(:user).permit(Spree::PermittedAttributes.user_attributes | [:email])
-    end
 
-    def load_object
-      @user ||= spree_current_user
-      authorize! params[:action].to_sym, @user
-    end
+  def user_params
+    params.require(:user).permit(Spree::PermittedAttributes.user_attributes | [:email])
+  end
 
-    def authorize_actions
-      authorize! params[:action].to_sym, Spree::User.new
-    end
+  def load_object
+    @user ||= Spree::User.find_by(id: spree_current_user&.id)
+    authorize! params[:action].to_sym, @user
+  end
 
-    def accurate_title
-      Spree.t(:my_account)
-    end
+  def authorize_actions
+    authorize! params[:action].to_sym, Spree::User.new
+  end
+
+  def accurate_title
+    I18n.t('spree.my_account')
+  end
 end

data/lib/decorators/backend/controllers/spree/admin/base_controller_decorator.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Spree
+  module Admin
+    module BaseControllerDecorator
+      protected
+
+      def model_class
+        const_name = controller_name.classify
+        if Spree.const_defined?(const_name, false)
+          return "Spree::#{const_name}".constantize
+        end
+
+        nil
+      end
+
+      ::Spree::Admin::BaseController.prepend self
+    end
+  end
+end

data/lib/decorators/backend/controllers/spree/admin/orders/customer_details_controller_decorator.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Spree::Admin::Orders::CustomerDetailsControllerDecorator
+  def self.prepended(base)
+    base.before_action :check_authorization
+  end
+
+  private
+
+  def check_authorization
+    load_order
+    session[:access_token] ||= params[:token]
+
+    resource = @order
+    action = params[:action].to_sym
+    action = :edit if action == :show # show route renders :edit for this controller
+
+    authorize! action, resource, session[:access_token]
+  end
+
+  Spree::Admin::Orders::CustomerDetailsController.prepend self
+end

data/lib/{controllers/frontend → decorators/frontend/controllers}/spree/checkout_controller_decorator.rb

@@ -1,27 +1,32 @@
-Spree::CheckoutController.class_eval do
-  prepend_before_action :check_registration,
-    except: [:registration, :update_registration]
-  prepend_before_action :check_authorization
+# frozen_string_literal: true
 
-  # This action builds some associations on the order, ex. addresses, which we
-  # don't to build or save here.
-  skip_before_action :setup_for_current_state, only: [:registration, :update_registration]
+module Spree
+  module CheckoutControllerDecorator
+    def self.prepended(base)
+      base.before_action :check_registration, except: [:registration, :update_registration]
+      base.before_action :check_authorization
 
-  def registration
-    @user = Spree::User.new
-  end
+      # This action builds some associations on the order, ex. addresses, which we
+      # don't to build or save here.
+      base.skip_before_action :setup_for_current_state, only: [:registration, :update_registration]
+    end
 
-  def update_registration
-    if params[:order][:email] =~ Devise.email_regexp && current_order.update_attributes(email: params[:order][:email])
-      redirect_to spree.checkout_path
-    else
-      flash[:registration_error] = t(:email_is_invalid, scope: [:errors, :messages])
+    def registration
       @user = Spree::User.new
-      render 'registration'
     end
-  end
 
-  private
+    def update_registration
+      if params[:order][:email] =~ Devise.email_regexp && current_order.update(email: params[:order][:email])
+        redirect_to spree.checkout_path
+      else
+        flash[:registration_error] = t(:email_is_invalid, scope: [:errors, :messages])
+        @user = Spree::User.new
+        render 'registration'
+      end
+    end
+
+    private
+
     def order_params
       params.
         fetch(:order, {}).
@@ -39,6 +44,7 @@ Spree::CheckoutController.class_eval do
     # Introduces a registration step whenever the +registration_step+ preference is true.
     def check_registration
       return unless registration_required?
+
       store_location
       redirect_to spree.checkout_registration_path
     end
@@ -53,7 +59,7 @@ Spree::CheckoutController.class_eval do
     end
 
     def guest_authenticated?
-      current_order.try!(:email).present? &&
+      current_order&.email.present? &&
         Spree::Config[:allow_guest_checkout]
     end
 
@@ -61,6 +67,10 @@ Spree::CheckoutController.class_eval do
     # are redirected to the tokenized order url unless authenticated as a registered user.
     def completion_route
       return spree.order_path(@order) if spree_current_user
+
       spree.token_order_path(@order, @order.guest_token)
     end
+
+    ::Spree::CheckoutController.prepend self
+  end
 end