solidus_auth_devise 2.2.0 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of solidus_auth_devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.rubocop.yml +326 -0
- data/CHANGELOG.md +250 -163
- data/Gemfile +4 -5
- data/README.md +22 -5
- data/Rakefile +2 -0
- data/app/mailers/spree/user_mailer.rb +4 -2
- data/app/models/spree/auth_configuration.rb +2 -0
- data/app/models/spree/user.rb +19 -19
- data/config/initializers/devise.rb +11 -3
- data/config/initializers/warden.rb +4 -2
- data/config/locales/en.yml +3 -1
- data/config/routes.rb +5 -11
- data/db/default/users.rb +10 -8
- data/db/migrate/20101026184949_create_users.rb +9 -7
- data/db/migrate/20101026184950_rename_columns_for_devise.rb +3 -0
- data/db/migrate/20101214150824_convert_user_remember_field.rb +2 -0
- data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb +2 -0
- data/db/migrate/20120605211305_make_users_email_index_unique.rb +4 -2
- data/db/migrate/20140904000425_add_deleted_at_to_users.rb +2 -0
- data/db/migrate/20141002154641_add_confirmable_to_users.rb +2 -0
- data/db/migrate/20190125170630_add_reset_password_token_index_to_spree_users.rb +4 -2
- data/db/seeds.rb +2 -0
- data/lib/controllers/backend/spree/admin/base_controller_decorator.rb +20 -0
- data/lib/controllers/backend/spree/admin/orders/customer_details_controller_decorator.rb +11 -8
- data/lib/controllers/backend/spree/admin/user_passwords_controller.rb +4 -2
- data/lib/controllers/backend/spree/admin/user_sessions_controller.rb +11 -8
- data/lib/controllers/frontend/spree/checkout_controller_decorator.rb +29 -19
- data/lib/controllers/frontend/spree/user_confirmations_controller.rb +2 -0
- data/lib/controllers/frontend/spree/user_passwords_controller.rb +4 -1
- data/lib/controllers/frontend/spree/user_registrations_controller.rb +4 -0
- data/lib/controllers/frontend/spree/user_sessions_controller.rb +2 -0
- data/lib/controllers/frontend/spree/users_controller.rb +17 -14
- data/lib/generators/solidus/auth/install/install_generator.rb +4 -2
- data/lib/generators/solidus/auth/install/templates/config/initializers/devise.rb +2 -0
- data/lib/solidus/auth.rb +2 -0
- data/lib/solidus_auth_devise.rb +2 -0
- data/lib/spree/auth/devise.rb +3 -1
- data/lib/spree/auth/engine.rb +3 -1
- data/lib/spree/auth/version.rb +1 -1
- data/lib/spree/authentication_helpers.rb +5 -11
- data/lib/tasks/auth.rake +3 -1
- data/lib/views/backend/spree/admin/shared/_navigation_footer.html.erb +1 -1
- data/lib/views/backend/spree/admin/user_passwords/new.html.erb +1 -3
- data/lib/views/backend/spree/admin/user_sessions/new.html.erb +1 -1
- data/lib/views/frontend/spree/shared/_login_bar_items.html.erb +1 -1
- data/lib/views/frontend/spree/user_passwords/new.html.erb +1 -3
- data/solidus_auth_devise.gemspec +16 -6
- data/spec/controllers/spree/admin/user_passwords_controller_spec.rb +2 -0
- data/spec/controllers/spree/checkout_controller_spec.rb +5 -9
- data/spec/controllers/spree/products_controller_spec.rb +2 -1
- data/spec/controllers/spree/user_passwords_controller_spec.rb +4 -3
- data/spec/controllers/spree/user_registrations_controller_spec.rb +3 -2
- data/spec/controllers/spree/user_sessions_controller_spec.rb +14 -0
- data/spec/controllers/spree/users_controller_spec.rb +2 -2
- data/spec/factories/confirmed_user.rb +5 -3
- data/spec/features/account_spec.rb +4 -3
- data/spec/features/admin/orders_spec.rb +2 -1
- data/spec/features/admin/password_reset_spec.rb +23 -10
- data/spec/features/admin/products_spec.rb +2 -1
- data/spec/features/admin/sign_in_spec.rb +2 -1
- data/spec/features/admin/sign_out_spec.rb +2 -1
- data/spec/features/admin_permissions_spec.rb +2 -1
- data/spec/features/change_email_spec.rb +3 -2
- data/spec/features/checkout_spec.rb +15 -13
- data/spec/features/confirmation_spec.rb +2 -0
- data/spec/features/order_spec.rb +2 -1
- data/spec/features/password_reset_spec.rb +23 -10
- data/spec/features/sign_in_spec.rb +2 -1
- data/spec/features/sign_out_spec.rb +4 -3
- data/spec/features/sign_up_spec.rb +2 -1
- data/spec/mailers/user_mailer_spec.rb +2 -1
- data/spec/models/order_spec.rb +2 -1
- data/spec/models/user_spec.rb +2 -1
- data/spec/spec_helper.rb +3 -1
- data/spec/support/ability.rb +3 -1
- data/spec/support/authentication_helpers.rb +2 -0
- data/spec/support/confirm_helpers.rb +4 -2
- data/spec/support/email.rb +2 -0
- data/spec/support/preferences.rb +10 -2
- data/spec/support/spree.rb +2 -0
- metadata +94 -35
- data/.travis.yml +0 -18
- data/lib/controllers/backend/spree/admin/admin_controller_decorator.rb +0 -11
data/app/models/spree/user.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Spree
|
2
4
|
class User < Spree::Base
|
3
5
|
include UserMethods
|
@@ -16,10 +18,7 @@ module Spree
|
|
16
18
|
|
17
19
|
before_validation :set_login
|
18
20
|
|
19
|
-
|
20
|
-
roles_table_name = Role.table_name
|
21
|
-
|
22
|
-
scope :admin, -> { includes(:spree_roles).where("#{roles_table_name}.name" => "admin") }
|
21
|
+
scope :admin, -> { includes(:spree_roles).where("#{Role.table_name}.name" => "admin") }
|
23
22
|
|
24
23
|
def self.admin_created?
|
25
24
|
User.admin.count > 0
|
@@ -34,23 +33,24 @@ module Spree
|
|
34
33
|
end
|
35
34
|
|
36
35
|
protected
|
37
|
-
|
38
|
-
|
39
|
-
|
36
|
+
|
37
|
+
def password_required?
|
38
|
+
!persisted? || password.present? || password_confirmation.present?
|
39
|
+
end
|
40
40
|
|
41
41
|
private
|
42
42
|
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
43
|
+
def set_login
|
44
|
+
# for now force login to be same as email, eventually we will make this configurable, etc.
|
45
|
+
self.login ||= email if email
|
46
|
+
end
|
47
|
+
|
48
|
+
def scramble_email_and_password
|
49
|
+
self.email = SecureRandom.uuid + "@example.net"
|
50
|
+
self.login = email
|
51
|
+
self.password = SecureRandom.hex(8)
|
52
|
+
self.password_confirmation = password
|
53
|
+
save
|
54
|
+
end
|
55
55
|
end
|
56
56
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# Use this hook to configure devise mailer, warden hooks and so forth. The first
|
2
4
|
# four configuration values can also be set straight in your models.
|
3
5
|
Devise.setup do |config|
|
@@ -29,7 +31,7 @@ Devise.setup do |config|
|
|
29
31
|
config.http_authenticatable = true
|
30
32
|
|
31
33
|
# Set this to true to use Basic Auth for AJAX requests. True by default.
|
32
|
-
#config.http_authenticatable_on_xhr = false
|
34
|
+
# config.http_authenticatable_on_xhr = false
|
33
35
|
|
34
36
|
# The realm used in Http Basic Authentication
|
35
37
|
config.http_authentication_realm = 'Spree Application'
|
@@ -41,7 +43,11 @@ Devise.setup do |config|
|
|
41
43
|
config.encryptor = 'authlogic_sha512'
|
42
44
|
|
43
45
|
# Setup a pepper to generate the encrypted password.
|
44
|
-
config.pepper = Rails.configuration.secret_token
|
46
|
+
config.pepper = if Rails.configuration.respond_to?(:secret_token) && Rails.configuration.secret_token.present?
|
47
|
+
Rails.configuration.secret_token
|
48
|
+
else
|
49
|
+
Rails.configuration.secret_key_base
|
50
|
+
end
|
45
51
|
|
46
52
|
# ==> Configuration for :confirmable
|
47
53
|
# The time you want to give your user to confirm his account. During this time
|
@@ -114,6 +120,9 @@ Devise.setup do |config|
|
|
114
120
|
# should add them to the navigational formats lists. Default is [:html]
|
115
121
|
config.navigational_formats = [:html, :json, :xml]
|
116
122
|
|
123
|
+
# The default HTTP method used to sign out a resource. Default is :delete.
|
124
|
+
config.sign_out_via = :delete
|
125
|
+
|
117
126
|
# ==> Warden configuration
|
118
127
|
# If you want to use other strategies, that are not (yet) supported by Devise,
|
119
128
|
# you can configure them inside the config.warden block. The example below
|
@@ -132,7 +141,6 @@ Devise.setup do |config|
|
|
132
141
|
# Don't put a too small interval or your users won't have the time to
|
133
142
|
# change their passwords.
|
134
143
|
config.reset_password_within = 6.hours
|
135
|
-
config.sign_out_via = :get
|
136
144
|
|
137
145
|
config.case_insensitive_keys = [:email]
|
138
146
|
end
|
@@ -1,5 +1,7 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# Merges users orders to their account after sign in and sign up.
|
2
|
-
Warden::Manager.after_set_user except: :fetch do |user, auth,
|
4
|
+
Warden::Manager.after_set_user except: :fetch do |user, auth, _opts|
|
3
5
|
if auth.cookies.signed[:guest_token].present?
|
4
6
|
if user.is_a?(Spree::User)
|
5
7
|
Spree::Order.incomplete.where(guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
|
@@ -9,6 +11,6 @@ Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
|
|
9
11
|
end
|
10
12
|
end
|
11
13
|
|
12
|
-
Warden::Manager.before_logout do |
|
14
|
+
Warden::Manager.before_logout do |_user, auth, _opts|
|
13
15
|
auth.cookies.delete :guest_token
|
14
16
|
end
|
data/config/locales/en.yml
CHANGED
@@ -33,8 +33,10 @@ en:
|
|
33
33
|
spree_user:
|
34
34
|
cannot_be_blank: Your password cannot be blank.
|
35
35
|
no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
|
36
|
-
send_instructions:
|
36
|
+
send_instructions: If an account with that email address exists, you will receive an email with instructions about how to reset your password in a few minutes.
|
37
37
|
updated: Your password was changed successfully. You are now signed in.
|
38
|
+
passwords:
|
39
|
+
send_instructions: If an account with that email address exists, you will receive an email with instructions about how to reset your password in a few minutes.
|
38
40
|
user_registrations:
|
39
41
|
destroyed: Bye! Your account was successfully cancelled. We hope to see you again soon.
|
40
42
|
inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'
|
data/config/routes.rb
CHANGED
@@ -1,9 +1,7 @@
|
|
1
|
-
|
2
|
-
if (
|
3
|
-
SolidusSupport.frontend_available? &&
|
4
|
-
Spree::Auth::Config.draw_frontend_routes
|
5
|
-
)
|
1
|
+
# frozen_string_literal: true
|
6
2
|
|
3
|
+
Spree::Core::Engine.routes.draw do
|
4
|
+
if SolidusSupport.frontend_available? && Spree::Auth::Config.draw_frontend_routes
|
7
5
|
devise_for(:spree_user, {
|
8
6
|
class_name: 'Spree::User',
|
9
7
|
controllers: {
|
@@ -39,11 +37,7 @@ Spree::Core::Engine.routes.draw do
|
|
39
37
|
resource :account, controller: 'users'
|
40
38
|
end
|
41
39
|
|
42
|
-
if
|
43
|
-
SolidusSupport.backend_available? &&
|
44
|
-
Spree::Auth::Config.draw_backend_routes
|
45
|
-
)
|
46
|
-
|
40
|
+
if SolidusSupport.backend_available? && Spree::Auth::Config.draw_backend_routes
|
47
41
|
namespace :admin do
|
48
42
|
devise_for(:spree_user, {
|
49
43
|
class_name: 'Spree::User',
|
@@ -61,7 +55,7 @@ Spree::Core::Engine.routes.draw do
|
|
61
55
|
get '/authorization_failure', to: 'user_sessions#authorization_failure', as: :unauthorized
|
62
56
|
get '/login', to: 'user_sessions#new', as: :login
|
63
57
|
post '/login', to: 'user_sessions#create', as: :create_new_session
|
64
|
-
|
58
|
+
match '/logout', to: 'user_sessions#destroy', as: :logout, via: Devise.sign_out_via
|
65
59
|
|
66
60
|
get '/password/recover', to: 'user_passwords#new', as: :recover_password
|
67
61
|
post '/password/recover', to: 'user_passwords#create', as: :reset_password
|
data/db/default/users.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# see last line where we create an admin if there is none, asking for email and password
|
2
4
|
def prompt_for_admin_password
|
3
5
|
if ENV['ADMIN_PASSWORD']
|
@@ -31,20 +33,20 @@ def create_admin_user
|
|
31
33
|
email = 'admin@example.com'
|
32
34
|
else
|
33
35
|
puts 'Create the admin user (press enter for defaults).'
|
34
|
-
#name = prompt_for_admin_name unless name
|
36
|
+
# name = prompt_for_admin_name unless name
|
35
37
|
email = prompt_for_admin_email
|
36
38
|
password = prompt_for_admin_password
|
37
39
|
end
|
38
40
|
attributes = {
|
39
|
-
:
|
40
|
-
:
|
41
|
-
:
|
42
|
-
:
|
41
|
+
password: password,
|
42
|
+
password_confirmation: password,
|
43
|
+
email: email,
|
44
|
+
login: email
|
43
45
|
}
|
44
46
|
|
45
47
|
load 'spree/user.rb'
|
46
48
|
|
47
|
-
if Spree::User.
|
49
|
+
if Spree::User.find_by(email: email)
|
48
50
|
puts "\nWARNING: There is already a user with the email: #{email}, so no account changes were made. If you wish to create an additional admin user, please run rake spree_auth:admin:create again with a different email.\n\n"
|
49
51
|
else
|
50
52
|
admin = Spree::User.new(attributes)
|
@@ -55,7 +57,7 @@ def create_admin_user
|
|
55
57
|
admin.generate_spree_api_key!
|
56
58
|
puts "Done!"
|
57
59
|
else
|
58
|
-
puts "There
|
60
|
+
puts "There were some problems with persisting a new admin user:"
|
59
61
|
admin.errors.full_messages.each do |error|
|
60
62
|
puts error
|
61
63
|
end
|
@@ -66,7 +68,7 @@ end
|
|
66
68
|
if Spree::User.admin.empty?
|
67
69
|
create_admin_user
|
68
70
|
else
|
69
|
-
puts 'Admin user has already been
|
71
|
+
puts 'Admin user has already been created.'
|
70
72
|
puts 'Would you like to create a new admin user? (yes/no)'
|
71
73
|
if ["yes", "y"].include? STDIN.gets.strip.downcase
|
72
74
|
create_admin_user
|
@@ -1,17 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class CreateUsers < SolidusSupport::Migration[4.2]
|
2
4
|
def up
|
3
5
|
unless table_exists?("spree_users")
|
4
|
-
create_table "spree_users", :
|
5
|
-
t.string "crypted_password", :
|
6
|
-
t.string "salt", :
|
6
|
+
create_table "spree_users", force: true do |t|
|
7
|
+
t.string "crypted_password", limit: 128
|
8
|
+
t.string "salt", limit: 128
|
7
9
|
t.string "email"
|
8
10
|
t.string "remember_token"
|
9
11
|
t.string "remember_token_expires_at"
|
10
12
|
t.string "persistence_token"
|
11
13
|
t.string "single_access_token"
|
12
14
|
t.string "perishable_token"
|
13
|
-
t.integer "login_count", :
|
14
|
-
t.integer "failed_login_count", :
|
15
|
+
t.integer "login_count", default: 0, null: false
|
16
|
+
t.integer "failed_login_count", default: 0, null: false
|
15
17
|
t.datetime "last_request_at"
|
16
18
|
t.datetime "current_login_at"
|
17
19
|
t.datetime "last_login_at"
|
@@ -20,8 +22,8 @@ class CreateUsers < SolidusSupport::Migration[4.2]
|
|
20
22
|
t.string "login"
|
21
23
|
t.integer "ship_address_id"
|
22
24
|
t.integer "bill_address_id"
|
23
|
-
t.datetime "created_at", :
|
24
|
-
t.datetime "updated_at", :
|
25
|
+
t.datetime "created_at", null: false
|
26
|
+
t.datetime "updated_at", null: false
|
25
27
|
t.string "openid_identifier"
|
26
28
|
end
|
27
29
|
end
|
@@ -1,6 +1,9 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class RenameColumnsForDevise < SolidusSupport::Migration[4.2]
|
2
4
|
def up
|
3
5
|
return if column_exists?(:spree_users, :password_salt)
|
6
|
+
|
4
7
|
rename_column :spree_users, :crypted_password, :encrypted_password
|
5
8
|
rename_column :spree_users, :salt, :password_salt
|
6
9
|
rename_column :spree_users, :remember_token_expires_at, :remember_created_at
|
@@ -1,9 +1,11 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class MakeUsersEmailIndexUnique < SolidusSupport::Migration[4.2]
|
2
4
|
def up
|
3
|
-
add_index "spree_users", ["email"], :
|
5
|
+
add_index "spree_users", ["email"], name: "email_idx_unique", unique: true
|
4
6
|
end
|
5
7
|
|
6
8
|
def down
|
7
|
-
remove_index "spree_users", :
|
9
|
+
remove_index "spree_users", name: "email_idx_unique"
|
8
10
|
end
|
9
11
|
end
|
@@ -1,8 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class AddResetPasswordTokenIndexToSpreeUsers < SolidusSupport::Migration[4.2]
|
2
4
|
# We're not using the standard Rails index name because somebody could have
|
3
|
-
#
|
5
|
+
# already added that index to the table. By using a custom name we ensure
|
4
6
|
# that the index can effectively be added and removed via migrations/rollbacks
|
5
|
-
#
|
7
|
+
# without having any impact on such installations. The index name is Rails
|
6
8
|
# standard name + "_solidus_auth_devise"; the length is 61 chars which is
|
7
9
|
# still OK for Sqlite, mySQL and Postgres.
|
8
10
|
def custom_index_name
|
data/db/seeds.rb
CHANGED
@@ -0,0 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Spree
|
4
|
+
module Admin
|
5
|
+
module BaseControllerDecorator
|
6
|
+
protected
|
7
|
+
|
8
|
+
def model_class
|
9
|
+
const_name = controller_name.classify
|
10
|
+
if Spree.const_defined?(const_name, false)
|
11
|
+
return "Spree::#{const_name}".constantize
|
12
|
+
end
|
13
|
+
|
14
|
+
nil
|
15
|
+
end
|
16
|
+
|
17
|
+
::Spree::Admin::BaseController.prepend self
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -1,15 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
Spree::Admin::Orders::CustomerDetailsController.class_eval do
|
2
4
|
before_action :check_authorization
|
3
5
|
|
4
6
|
private
|
5
|
-
def check_authorization
|
6
|
-
load_order
|
7
|
-
session[:access_token] ||= params[:token]
|
8
7
|
|
9
|
-
|
10
|
-
|
11
|
-
|
8
|
+
def check_authorization
|
9
|
+
load_order
|
10
|
+
session[:access_token] ||= params[:token]
|
11
|
+
|
12
|
+
resource = @order
|
13
|
+
action = params[:action].to_sym
|
14
|
+
action = :edit if action == :show # show route renders :edit for this controller
|
12
15
|
|
13
|
-
|
14
|
-
|
16
|
+
authorize! action, resource, session[:access_token]
|
17
|
+
end
|
15
18
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class Spree::Admin::UserPasswordsController < Devise::PasswordsController
|
2
4
|
helper 'spree/base'
|
3
5
|
|
@@ -20,8 +22,9 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
|
|
20
22
|
def create
|
21
23
|
self.resource = resource_class.send_reset_password_instructions(params[resource_name])
|
22
24
|
|
25
|
+
set_flash_message(:notice, :send_instructions) if is_navigational_format?
|
26
|
+
|
23
27
|
if resource.errors.empty?
|
24
|
-
set_flash_message(:notice, :send_instructions) if is_navigational_format?
|
25
28
|
respond_with resource, location: spree.admin_login_path
|
26
29
|
else
|
27
30
|
respond_with_navigational(resource) { render :new }
|
@@ -39,5 +42,4 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
|
|
39
42
|
super
|
40
43
|
end
|
41
44
|
end
|
42
|
-
|
43
45
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class Spree::Admin::UserSessionsController < Devise::SessionsController
|
2
4
|
helper 'spree/base'
|
3
5
|
|
@@ -19,7 +21,7 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
|
|
19
21
|
}
|
20
22
|
format.js {
|
21
23
|
user = resource.record
|
22
|
-
render json: {ship_address: user.ship_address, bill_address: user.bill_address}.to_json
|
24
|
+
render json: { ship_address: user.ship_address, bill_address: user.bill_address }.to_json
|
23
25
|
}
|
24
26
|
end
|
25
27
|
else
|
@@ -32,12 +34,13 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
|
|
32
34
|
end
|
33
35
|
|
34
36
|
private
|
35
|
-
def accurate_title
|
36
|
-
I18n.t('spree.login')
|
37
|
-
end
|
38
37
|
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
38
|
+
def accurate_title
|
39
|
+
I18n.t('spree.login')
|
40
|
+
end
|
41
|
+
|
42
|
+
def redirect_back_or_default(default)
|
43
|
+
redirect_to(session["spree_user_return_to"] || default)
|
44
|
+
session["spree_user_return_to"] = nil
|
45
|
+
end
|
43
46
|
end
|
@@ -1,27 +1,32 @@
|
|
1
|
-
|
2
|
-
prepend_before_action :check_registration,
|
3
|
-
except: [:registration, :update_registration]
|
4
|
-
prepend_before_action :check_authorization
|
1
|
+
# frozen_string_literal: true
|
5
2
|
|
6
|
-
|
7
|
-
|
8
|
-
|
3
|
+
module Spree
|
4
|
+
module CheckoutControllerDecorator
|
5
|
+
def self.prepended(base)
|
6
|
+
base.before_action :check_registration, except: [:registration, :update_registration]
|
7
|
+
base.before_action :check_authorization
|
9
8
|
|
10
|
-
|
11
|
-
|
12
|
-
|
9
|
+
# This action builds some associations on the order, ex. addresses, which we
|
10
|
+
# don't to build or save here.
|
11
|
+
base.skip_before_action :setup_for_current_state, only: [:registration, :update_registration]
|
12
|
+
end
|
13
13
|
|
14
|
-
|
15
|
-
if params[:order][:email] =~ Devise.email_regexp && current_order.update_attributes(email: params[:order][:email])
|
16
|
-
redirect_to spree.checkout_path
|
17
|
-
else
|
18
|
-
flash[:registration_error] = t(:email_is_invalid, scope: [:errors, :messages])
|
14
|
+
def registration
|
19
15
|
@user = Spree::User.new
|
20
|
-
render 'registration'
|
21
16
|
end
|
22
|
-
end
|
23
17
|
|
24
|
-
|
18
|
+
def update_registration
|
19
|
+
if params[:order][:email] =~ Devise.email_regexp && current_order.update(email: params[:order][:email])
|
20
|
+
redirect_to spree.checkout_path
|
21
|
+
else
|
22
|
+
flash[:registration_error] = t(:email_is_invalid, scope: [:errors, :messages])
|
23
|
+
@user = Spree::User.new
|
24
|
+
render 'registration'
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
25
30
|
def order_params
|
26
31
|
params.
|
27
32
|
fetch(:order, {}).
|
@@ -39,6 +44,7 @@ Spree::CheckoutController.class_eval do
|
|
39
44
|
# Introduces a registration step whenever the +registration_step+ preference is true.
|
40
45
|
def check_registration
|
41
46
|
return unless registration_required?
|
47
|
+
|
42
48
|
store_location
|
43
49
|
redirect_to spree.checkout_registration_path
|
44
50
|
end
|
@@ -53,7 +59,7 @@ Spree::CheckoutController.class_eval do
|
|
53
59
|
end
|
54
60
|
|
55
61
|
def guest_authenticated?
|
56
|
-
current_order
|
62
|
+
current_order&.email.present? &&
|
57
63
|
Spree::Config[:allow_guest_checkout]
|
58
64
|
end
|
59
65
|
|
@@ -61,6 +67,10 @@ Spree::CheckoutController.class_eval do
|
|
61
67
|
# are redirected to the tokenized order url unless authenticated as a registered user.
|
62
68
|
def completion_route
|
63
69
|
return spree.order_path(@order) if spree_current_user
|
70
|
+
|
64
71
|
spree.token_order_path(@order, @order.guest_token)
|
65
72
|
end
|
73
|
+
|
74
|
+
::Spree::CheckoutController.prepend self
|
75
|
+
end
|
66
76
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class Spree::UserPasswordsController < Devise::PasswordsController
|
2
4
|
helper 'spree/base', 'spree/store'
|
3
5
|
|
@@ -16,8 +18,9 @@ class Spree::UserPasswordsController < Devise::PasswordsController
|
|
16
18
|
def create
|
17
19
|
self.resource = resource_class.send_reset_password_instructions(params[resource_name])
|
18
20
|
|
21
|
+
set_flash_message(:notice, :send_instructions) if is_navigational_format?
|
22
|
+
|
19
23
|
if resource.errors.empty?
|
20
|
-
set_flash_message(:notice, :send_instructions) if is_navigational_format?
|
21
24
|
respond_with resource, location: spree.login_path
|
22
25
|
else
|
23
26
|
respond_with_navigational(resource) { render :new }
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class Spree::UserRegistrationsController < Devise::RegistrationsController
|
2
4
|
helper 'spree/base', 'spree/store'
|
3
5
|
|
@@ -25,6 +27,7 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
|
|
25
27
|
end
|
26
28
|
|
27
29
|
protected
|
30
|
+
|
28
31
|
def translation_scope
|
29
32
|
'devise.user_registrations'
|
30
33
|
end
|
@@ -34,6 +37,7 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
|
|
34
37
|
end
|
35
38
|
|
36
39
|
private
|
40
|
+
|
37
41
|
def spree_user_params
|
38
42
|
params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes | [:email])
|
39
43
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
class Spree::UsersController < Spree::StoreController
|
2
4
|
skip_before_action :set_current_order, only: :show, raise: false
|
3
5
|
prepend_before_action :load_object, only: [:show, :edit, :update]
|
@@ -24,7 +26,7 @@ class Spree::UsersController < Spree::StoreController
|
|
24
26
|
end
|
25
27
|
|
26
28
|
def update
|
27
|
-
if @user.
|
29
|
+
if @user.update(user_params)
|
28
30
|
spree_current_user.reload
|
29
31
|
|
30
32
|
if params[:user][:password].present?
|
@@ -40,20 +42,21 @@ class Spree::UsersController < Spree::StoreController
|
|
40
42
|
end
|
41
43
|
|
42
44
|
private
|
43
|
-
def user_params
|
44
|
-
params.require(:user).permit(Spree::PermittedAttributes.user_attributes | [:email])
|
45
|
-
end
|
46
45
|
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
end
|
46
|
+
def user_params
|
47
|
+
params.require(:user).permit(Spree::PermittedAttributes.user_attributes | [:email])
|
48
|
+
end
|
51
49
|
|
52
|
-
|
53
|
-
|
54
|
-
|
50
|
+
def load_object
|
51
|
+
@user ||= Spree::User.find_by(id: spree_current_user&.id)
|
52
|
+
authorize! params[:action].to_sym, @user
|
53
|
+
end
|
55
54
|
|
56
|
-
|
57
|
-
|
58
|
-
|
55
|
+
def authorize_actions
|
56
|
+
authorize! params[:action].to_sym, Spree::User.new
|
57
|
+
end
|
58
|
+
|
59
|
+
def accurate_title
|
60
|
+
I18n.t('spree.my_account')
|
61
|
+
end
|
59
62
|
end
|
@@ -1,10 +1,12 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Solidus
|
2
4
|
module Auth
|
3
5
|
module Generators
|
4
6
|
class InstallGenerator < Rails::Generators::Base
|
5
7
|
def self.source_paths
|
6
|
-
paths =
|
7
|
-
paths << File.expand_path('
|
8
|
+
paths = superclass.source_paths
|
9
|
+
paths << File.expand_path('templates', __dir__)
|
8
10
|
paths.flatten
|
9
11
|
end
|
10
12
|
|
data/lib/solidus/auth.rb
CHANGED