solidus_auth_devise 2.1.0 → 2.5.1

data/lib/views/frontend/spree/shared/_login.html.erb

@@ -1,18 +1,18 @@
 <%= form_for Spree::User.new, as: :spree_user, url: spree.create_new_session_path do |f| %>
   <div id="password-credentials">
     <p>
-      <%= f.label :email, Spree.t(:email) %><br />
+      <%= f.label :email, I18n.t('spree.email') %><br />
       <%= f.email_field :email, class: 'title', tabindex: 1, autofocus: true %>
     </p>
     <p>
-      <%= f.label :password, Spree.t(:password) %><br />
+      <%= f.label :password, I18n.t('spree.password') %><br />
       <%= f.password_field :password, class: 'title', tabindex: 2 %>
     </p>
   </div>
   <p>
     <%= f.check_box :remember_me, tabindex: 3 %>
-    <%= f.label :remember_me, Spree.t(:remember_me) %>
+    <%= f.label :remember_me, I18n.t('spree.remember_me') %>
   </p>
 
-  <p><%= f.submit Spree.t(:login), class: 'button primary', tabindex: 4 %></p>
+  <p><%= f.submit I18n.t('spree.login'), class: 'button primary', tabindex: 4 %></p>
 <% end %>

data/lib/views/frontend/spree/shared/_login_bar_items.html.erb

@@ -1,6 +1,6 @@
 <% if spree_current_user %>
-  <li><%= link_to Spree.t(:my_account), spree.account_path %></li>
-  <li><%= link_to Spree.t(:logout), spree.logout_path %></li>
+  <li><%= link_to I18n.t('spree.my_account'), spree.account_path %></li>
+  <li><%= link_to I18n.t('spree.logout'), spree.logout_path, method: Devise.sign_out_via %></li>
 <% else %>
-  <li id="link-to-login"><%= link_to Spree.t(:login), spree.login_path %></li>
+  <li id="link-to-login"><%= link_to I18n.t('spree.login'), spree.login_path %></li>
 <% end %>

data/lib/views/frontend/spree/shared/_user_form.html.erb

@@ -1,15 +1,15 @@
 <p>
-  <%= f.label :email, Spree.t(:email) %><br />
+  <%= f.label :email, I18n.t('spree.email') %><br />
   <%= f.email_field :email, class: 'title' %>
 </p>
 <div id="password-credentials">
   <p>
-    <%= f.label :password, Spree.t(:password) %><br />
+    <%= f.label :password, I18n.t('spree.password') %><br />
     <%= f.password_field :password, class: 'title' %>
   </p>
 
   <p>
-    <%= f.label :password_confirmation, Spree.t(:confirm_password) %><br />
+    <%= f.label :password_confirmation, I18n.t('spree.confirm_password') %><br />
     <%= f.password_field :password_confirmation, class: 'title' %>
   </p>
 </div>

data/lib/views/frontend/spree/user_passwords/edit.html.erb

@@ -1,17 +1,17 @@
 <%= render partial: 'spree/shared/error_messages', locals: { target: @spree_user } %>
 <div id="change-password">
-  <h6><%= Spree.t(:change_my_password) %></h6>
+  <h6><%= I18n.t('spree.change_my_password') %></h6>
 
   <%= form_for @spree_user, as: :spree_user, url: spree.update_password_path, method: :put do |f| %>
     <p>
-      <%= f.label :password, Spree.t(:password) %><br />
+      <%= f.label :password, I18n.t('spree.password') %><br />
       <%= f.password_field :password %><br />
     </p>
     <p>
-      <%= f.label :password_confirmation, Spree.t(:confirm_password) %><br />
+      <%= f.label :password_confirmation, I18n.t('spree.confirm_password') %><br />
       <%= f.password_field :password_confirmation %><br />
     </p>
     <%= f.hidden_field :reset_password_token %>
-    <%= f.submit Spree.t(:update), class: 'button primary' %>
+    <%= f.submit I18n.t('spree.update'), class: 'button primary' %>
   <% end %>
 </div>

data/lib/views/frontend/spree/user_passwords/new.html.erb

@@ -1,17 +1,15 @@
-<%= render partial: 'spree/shared/error_messages', locals: { target: @spree_user } %>
-
 <div id="forgot-password">
-  <h6><%= Spree.t(:forgot_password) %></h6>
+  <h6><%= I18n.t('spree.forgot_password') %></h6>
 
-  <p><%= Spree.t(:instructions_to_reset_password) %></p>
+  <p><%= I18n.t('spree.instructions_to_reset_password') %></p>
 
   <%= form_for Spree::User.new, as: :spree_user, url: spree.reset_password_path do |f| %>
     <p>
-      <%= f.label :email, Spree.t(:email) %><br />
-      <%= f.email_field :email %>
+      <%= f.label :email, I18n.t('spree.email') %><br />
+      <%= f.email_field :email, required: true %>
     </p>
     <p>
-      <%= f.submit Spree.t(:reset_password), class: 'button primary' %>
+      <%= f.submit I18n.t('spree.reset_password'), class: 'button primary' %>
     </p>
   <% end %>
 </div>

data/lib/views/frontend/spree/user_registrations/new.html.erb

@@ -3,16 +3,16 @@
 <%= render 'spree/shared/error_messages', target: resource %>
 
 <div id="new-customer">
-  <h6><%= Spree.t(:new_customer) %></h6>
+  <h6><%= I18n.t('spree.new_customer') %></h6>
 
   <div data-hook="signup">
     <%= form_for resource, as: :spree_user, url: spree.registration_path(resource) do |f| %>
       <div data-hook="signup_inside_form">
         <%= render partial: 'spree/shared/user_form', locals: { f: f } %>
-        <p><%= f.submit Spree.t(:create), class: 'button primary' %></p>
+        <p><%= f.submit I18n.t('spree.create'), class: 'button primary' %></p>
       </div>
     <% end %>
-    <%= Spree.t(:or) %>&nbsp;<%= link_to Spree.t(:login_as_existing), spree.login_path %>
+    <%= I18n.t('spree.or') %>&nbsp;<%= link_to I18n.t('spree.login_as_existing'), spree.login_path %>
 
   </div>
 

data/lib/views/frontend/spree/user_sessions/authorization_failure.html.erb

@@ -1,4 +1,4 @@
 <div style="height:50px; padding-top:20px;">
-  <strong><%= Spree.t(:authorization_failure) %></strong>
+  <strong><%= I18n.t('spree.authorization_failure') %></strong>
 </div>
 <!-- Add your own custom access denied message here if you like -->

data/lib/views/frontend/spree/user_sessions/new.html.erb

@@ -4,10 +4,10 @@
 
 <% @body_id = 'login' %>
 <div id="existing-customer">
-  <h6><%= Spree.t(:login_as_existing) %></h6>
+  <h6><%= I18n.t('spree.login_as_existing') %></h6>
   <div data-hook="login">
     <%= render partial: 'spree/shared/login' %>
-    <%= Spree.t(:or) %>&nbsp;<%= link_to Spree.t(:create_a_new_account), spree.signup_path %> | <%= link_to Spree.t(:forgot_password), spree.recover_password_path %>
+    <%= I18n.t('spree.or') %>&nbsp;<%= link_to I18n.t('spree.create_a_new_account'), spree.signup_path %> | <%= link_to I18n.t('spree.forgot_password'), spree.recover_password_path %>
   </div>
 </div>
 <div data-hook="login_extras"></div>

data/lib/views/frontend/spree/users/edit.html.erb

@@ -1,13 +1,13 @@
 <%= render partial: 'spree/shared/error_messages', locals: { target: @user } %>
 
 <div id="edit-account">
-  <h1><%= Spree.t(:editing_user) %></h1>
+  <h1><%= I18n.t('spree.editing_user') %></h1>
 
   <div data-hook="account_edit">
     <%= form_for Spree::User.new, as: @user, url: spree.user_path(@user), method: :put do |f| %>
       <%= render partial: 'spree/shared/user_form', locals: { f: f } %>
       <p>
-        <%= f.submit Spree.t(:update), class: 'button primary' %>
+        <%= f.submit I18n.t('spree.update'), class: 'button primary' %>
       </p>
     <% end %>
   </div>

data/lib/views/frontend/spree/users/show.html.erb

@@ -2,24 +2,24 @@
 
 <div data-hook="account_summary" class="account-summary">
   <dl id="user-info">
-    <dt><%= Spree.t(:email) %></dt>
-    <dd><%= @user.email %> (<%= link_to Spree.t(:edit), spree.edit_account_path %>)</dd>
+    <dt><%= I18n.t('spree.email') %></dt>
+    <dd><%= @user.email %> (<%= link_to I18n.t('spree.edit'), spree.edit_account_path %>)</dd>
   </dl>
 </div>
 
 <div data-hook="account_my_orders" class="account-my-orders">
 
-  <h3><%= Spree.t(:my_orders) %></h3>
+  <h3><%= I18n.t('spree.my_orders') %></h3>
   <% if @orders.present? %>
     <table class="order-summary">
       <thead>
       <tr>
         <th class="order-number"><%= I18n.t(:number, scope: 'activerecord.attributes.spree/order') %></th>
-        <th class="order-date"><%= Spree.t(:date) %></th>
-        <th class="order-status"><%= Spree.t(:status) %></th>
-        <th class="order-payment-state"><%= Spree.t(:payment_state) %></th>
-        <th class="order-shipment-state"><%= Spree.t(:shipment_state) %></th>
-        <th class="order-total"><%= Spree.t(:total) %></th>
+        <th class="order-date"><%= I18n.t('spree.date') %></th>
+        <th class="order-status"><%= I18n.t('spree.status') %></th>
+        <th class="order-payment-state"><%= I18n.t('spree.payment_state') %></th>
+        <th class="order-shipment-state"><%= I18n.t('spree.shipment_state') %></th>
+        <th class="order-total"><%= I18n.t('spree.total') %></th>
       </tr>
       </thead>
       <tbody>
@@ -27,16 +27,16 @@
         <tr class="<%= cycle('even', 'odd') %>">
           <td class="order-number"><%= link_to order.number, order_url(order) %></td>
           <td class="order-date"><%= l order.completed_at.to_date %></td>
-          <td class="order-status"><%= Spree.t("order_state.#{order.state}").titleize %></td>
-          <td class="order-payment-state"><%= Spree.t("payment_states.#{order.payment_state}").titleize if order.payment_state %></td>
-          <td class="order-shipment-state"><%= Spree.t("shipment_states.#{order.shipment_state}").titleize if order.shipment_state %></td>
+          <td class="order-status"><%= I18n.t("spree.order_state.#{order.state}").titleize %></td>
+          <td class="order-payment-state"><%= I18n.t("spree.payment_states.#{order.payment_state}").titleize if order.payment_state %></td>
+          <td class="order-shipment-state"><%= I18n.t("spree.shipment_states.#{order.shipment_state}").titleize if order.shipment_state %></td>
           <td class="order-total"><%= order.display_total %></td>
         </tr>
       <% end %>
       </tbody>
     </table>
   <% else %>
-    <p><%= Spree.t(:you_have_no_orders_yet) %></p>
+    <p><%= I18n.t('spree.you_have_no_orders_yet') %></p>
   <% end %>
   <br />
 

data/solidus_auth_devise.gemspec

@@ -1,42 +1,50 @@
-# encoding: UTF-8
+# frozen_string_literal: true
+
+$:.push File.expand_path('lib', __dir__)
+require 'spree/auth/version'
 
 Gem::Specification.new do |s|
-  s.platform    = Gem::Platform::RUBY
-  s.name        = "solidus_auth_devise"
-  s.version     = "2.1.0"
-  s.summary     = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
-  s.description = s.summary
+  s.platform = Gem::Platform::RUBY
+  s.name = "solidus_auth_devise"
+  s.version = Spree::Auth::VERSION
+  s.summary = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
+  s.license = 'BSD-3-Clause'
 
-  s.author       = 'Solidus Team'
-  s.email        = 'contact@solidus.io'
+  s.author = 'Solidus Team'
+  s.email = 'contact@solidus.io'
+  s.homepage = 'https://github.com/solidusio/solidus_auth_devise'
 
-  s.required_ruby_version = ">= 2.1"
-  s.license     = %q{BSD-3}
+  if s.respond_to?(:metadata)
+    s.metadata["homepage_uri"] = s.homepage if s.homepage
+    s.metadata["source_code_uri"] = s.homepage if s.homepage
+  end
 
-  s.files        = `git ls-files`.split("\n")
-  s.test_files   = `git ls-files -- spec/*`.split("\n")
-  s.require_path = "lib"
-  s.requirements << "none"
+  s.required_ruby_version = '~> 2.4'
 
-  solidus_version = [">= 1.2.0", "< 3"]
+  s.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  s.test_files = Dir['spec/**/*']
+  s.bindir = "exe"
+  s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  s.require_paths = ["lib"]
 
-  s.add_dependency "solidus_core", solidus_version
-  s.add_dependency "solidus_support", ">= 0.1.3"
+  solidus_version = [">= 2.6", "< 3"]
+
+  s.post_install_message = "
+    NOTE: Rails 6 has removed secret_token in favor of secret_key_base, which was deprecated in
+    Rails 5.2. solidus_auth_devise will keep using secret_token, when present, as the pepper. If
+    secret_token is undefined or not available, secret_key_base will be used instead.
+  ".strip.gsub(/ +/, ' ')
+
+  s.add_dependency "deface", "~> 1.0"
   s.add_dependency "devise", '~> 4.1'
   s.add_dependency "devise-encryptable", "0.2.0"
+  s.add_dependency "paranoia", "~> 2.4"
+  s.add_dependency "solidus_core", solidus_version
+  s.add_dependency "solidus_support", "~> 0.5"
 
-  s.add_development_dependency "capybara", "~> 2.14"
-  s.add_development_dependency "capybara-screenshot"
-  s.add_development_dependency "coffee-rails"
-  s.add_development_dependency "database_cleaner", "~> 1.6"
-  s.add_development_dependency "factory_bot", "~> 4.4"
-  s.add_development_dependency "ffaker"
-  s.add_development_dependency "poltergeist", "~> 1.5"
-  s.add_development_dependency "rspec-rails", "~> 3.3"
-  s.add_development_dependency "sass-rails"
-  s.add_development_dependency "shoulda-matchers", "~> 3.1"
-  s.add_development_dependency "simplecov", "~> 0.14"
   s.add_development_dependency "solidus_backend", solidus_version
+  s.add_development_dependency "solidus_dev_support", ">= 0.3.0"
   s.add_development_dependency "solidus_frontend", solidus_version
-  s.add_development_dependency "sqlite3"
 end

data/spec/controllers/spree/admin/base_controller_spec.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Spree::Admin::BaseController, type: :controller do
+  describe '#unauthorized_redirect' do
+    controller(described_class) do
+      def index; authorize!(:read, :something); end
+    end
+
+    before do
+      stub_spree_preferences(Spree::Config, redirect_back_on_unauthorized: true)
+    end
+
+    context "when user is logged in" do
+      before { sign_in(create(:user)) }
+
+      context "when http_referrer is not present" do
+        it "redirects to unauthorized path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_unauthorized_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+
+    context "when user is not logged in" do
+      context "when http_referrer is not present" do
+        it "redirects to login path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_login_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/admin/user_passwords_controller_spec.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+RSpec.describe Spree::Admin::UserPasswordsController, type: :controller do
+  before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
+
+  describe '#create' do
+    it 'responds with success' do
+      post :create, params: { spree_user: { email: 'admin@example.com' } }
+
+      expect(assigns[:spree_user].email).to eq('admin@example.com')
+      expect(response.code).to eq('200')
+    end
+  end
+end

data/spec/controllers/spree/base_controller_spec.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Spree::BaseController, type: :controller do
+  describe '#unauthorized_redirect' do
+    controller(described_class) do
+      def index; authorize!(:read, :something); end
+    end
+
+    before do
+      stub_spree_preferences(Spree::Config, redirect_back_on_unauthorized: true)
+    end
+
+    context "when user is logged in" do
+      before { sign_in(create(:user)) }
+
+      context "when http_referrer is not present" do
+        it "redirects to unauthorized path" do
+          get :index
+          expect(response).to redirect_to(spree.unauthorized_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+
+    context "when user is not logged in" do
+      context "when http_referrer is not present" do
+        it "redirects to login path" do
+          get :index
+          expect(response).to redirect_to(spree.login_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/checkout_controller_spec.rb

@@ -1,5 +1,6 @@
-RSpec.describe Spree::CheckoutController, type: :controller do
+# frozen_string_literal: true
 
+RSpec.describe Spree::CheckoutController, type: :controller do
   let(:order) { create(:order_with_line_items, email: nil, user: nil, guest_token: token) }
   let(:user)  { build(:user, spree_api_key: 'fake') }
   let(:token) { 'some_token' }
@@ -39,11 +40,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
 
         context 'when guest checkout not allowed' do
           before do
-            Spree::Config.set(allow_guest_checkout: false)
-          end
-
-          after do
-            Spree::Config.set(allow_guest_checkout: true)
+            stub_spree_preferences(allow_guest_checkout: false)
           end
 
           it 'redirects to registration step' do
@@ -56,7 +53,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
 
     context 'when registration step disabled' do
       before do
-        Spree::Auth::Config.set(registration_step: false)
+        stub_spree_preferences(Spree::Auth::Config, registration_step: false)
       end
 
       context 'when authenticated as registered' do
@@ -80,8 +77,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
   context '#update' do
     context 'when in the confirm state' do
       before do
-        order.update_column(:email, 'spree@example.com')
-        order.update_column(:state, 'confirm')
+        order.update(email: 'spree@example.com', state: 'confirm')
 
         # So that the order can transition to complete successfully
         allow(order).to receive(:payment_required?) { false }
@@ -94,7 +90,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
           request.cookie_jar.signed[:guest_token] = 'ABC'
           post :update, params: { state: 'confirm' }
           expect(response).to redirect_to spree.token_order_path(order, 'ABC')
-          expect(flash.notice).to eq Spree.t(:order_processed_successfully)
+          expect(flash.notice).to eq I18n.t('spree.order_processed_successfully')
         end
       end