solidus_auth_devise 2.2.0 → 2.3.0

data/app/models/spree/user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Spree
   class User < Spree::Base
     include UserMethods
@@ -16,10 +18,7 @@ module Spree
 
     before_validation :set_login
 
-    users_table_name = User.table_name
-    roles_table_name = Role.table_name
-
-    scope :admin, -> { includes(:spree_roles).where("#{roles_table_name}.name" => "admin") }
+    scope :admin, -> { includes(:spree_roles).where("#{Role.table_name}.name" => "admin") }
 
     def self.admin_created?
       User.admin.count > 0
@@ -34,23 +33,24 @@ module Spree
     end
 
     protected
-      def password_required?
-        !persisted? || password.present? || password_confirmation.present?
-      end
+
+    def password_required?
+      !persisted? || password.present? || password_confirmation.present?
+    end
 
     private
 
-      def set_login
-        # for now force login to be same as email, eventually we will make this configurable, etc.
-        self.login ||= self.email if self.email
-      end
-
-      def scramble_email_and_password
-        self.email = SecureRandom.uuid + "@example.net"
-        self.login = self.email
-        self.password = SecureRandom.hex(8)
-        self.password_confirmation = self.password
-        self.save
-      end
+    def set_login
+      # for now force login to be same as email, eventually we will make this configurable, etc.
+      self.login ||= email if email
+    end
+
+    def scramble_email_and_password
+      self.email = SecureRandom.uuid + "@example.net"
+      self.login = email
+      self.password = SecureRandom.hex(8)
+      self.password_confirmation = password
+      save
+    end
   end
 end

data/config/initializers/devise.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|
@@ -29,7 +31,7 @@ Devise.setup do |config|
   config.http_authenticatable = true
 
   # Set this to true to use Basic Auth for AJAX requests.  True by default.
-  #config.http_authenticatable_on_xhr = false
+  # config.http_authenticatable_on_xhr = false
 
   # The realm used in Http Basic Authentication
   config.http_authentication_realm = 'Spree Application'
@@ -41,7 +43,11 @@ Devise.setup do |config|
   config.encryptor = 'authlogic_sha512'
 
   # Setup a pepper to generate the encrypted password.
-  config.pepper = Rails.configuration.secret_token
+  config.pepper = if Rails.configuration.respond_to?(:secret_token) && Rails.configuration.secret_token.present?
+    Rails.configuration.secret_token
+  else
+    Rails.configuration.secret_key_base
+  end
 
   # ==> Configuration for :confirmable
   # The time you want to give your user to confirm his account. During this time
@@ -114,6 +120,9 @@ Devise.setup do |config|
   # should add them to the navigational formats lists. Default is [:html]
   config.navigational_formats = [:html, :json, :xml]
 
+  # The default HTTP method used to sign out a resource. Default is :delete.
+  config.sign_out_via = :delete
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not (yet) supported by Devise,
   # you can configure them inside the config.warden block. The example below
@@ -132,7 +141,6 @@ Devise.setup do |config|
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
   config.reset_password_within = 6.hours
-  config.sign_out_via = :get
 
   config.case_insensitive_keys = [:email]
 end

data/config/initializers/warden.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Merges users orders to their account after sign in and sign up.
-Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
+Warden::Manager.after_set_user except: :fetch do |user, auth, _opts|
   if auth.cookies.signed[:guest_token].present?
     if user.is_a?(Spree::User)
       Spree::Order.incomplete.where(guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
@@ -9,6 +11,6 @@ Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
   end
 end
 
-Warden::Manager.before_logout do |user, auth, opts|
+Warden::Manager.before_logout do |_user, auth, _opts|
   auth.cookies.delete :guest_token
 end

data/config/locales/en.yml

@@ -33,8 +33,10 @@ en:
       spree_user:
         cannot_be_blank: Your password cannot be blank.
         no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
-        send_instructions: You will receive an email with instructions about how to reset your password in a few minutes.
+        send_instructions: If an account with that email address exists, you will receive an email with instructions about how to reset your password in a few minutes.
         updated: Your password was changed successfully. You are now signed in.
+    passwords:
+      send_instructions: If an account with that email address exists, you will receive an email with instructions about how to reset your password in a few minutes.
     user_registrations:
       destroyed: Bye! Your account was successfully cancelled. We hope to see you again soon.
       inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'

data/config/routes.rb

@@ -1,9 +1,7 @@
-Spree::Core::Engine.routes.draw do
-  if (
-    SolidusSupport.frontend_available? &&
-    Spree::Auth::Config.draw_frontend_routes
-  )
+# frozen_string_literal: true
 
+Spree::Core::Engine.routes.draw do
+  if SolidusSupport.frontend_available? && Spree::Auth::Config.draw_frontend_routes
     devise_for(:spree_user, {
       class_name: 'Spree::User',
       controllers: {
@@ -39,11 +37,7 @@ Spree::Core::Engine.routes.draw do
     resource :account, controller: 'users'
   end
 
-  if (
-    SolidusSupport.backend_available? &&
-    Spree::Auth::Config.draw_backend_routes
-  )
-
+  if SolidusSupport.backend_available? && Spree::Auth::Config.draw_backend_routes
     namespace :admin do
       devise_for(:spree_user, {
         class_name: 'Spree::User',
@@ -61,7 +55,7 @@ Spree::Core::Engine.routes.draw do
         get '/authorization_failure', to: 'user_sessions#authorization_failure', as: :unauthorized
         get '/login', to: 'user_sessions#new', as: :login
         post '/login', to: 'user_sessions#create', as: :create_new_session
-        get '/logout', to: 'user_sessions#destroy', as: :logout
+        match '/logout', to: 'user_sessions#destroy', as: :logout, via: Devise.sign_out_via
 
         get '/password/recover', to: 'user_passwords#new', as: :recover_password
         post '/password/recover', to: 'user_passwords#create', as: :reset_password

data/db/default/users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # see last line where we create an admin if there is none, asking for email and password
 def prompt_for_admin_password
   if ENV['ADMIN_PASSWORD']
@@ -31,20 +33,20 @@ def create_admin_user
     email = 'admin@example.com'
   else
     puts 'Create the admin user (press enter for defaults).'
-    #name = prompt_for_admin_name unless name
+    # name = prompt_for_admin_name unless name
     email = prompt_for_admin_email
     password = prompt_for_admin_password
   end
   attributes = {
-    :password => password,
-    :password_confirmation => password,
-    :email => email,
-    :login => email
+    password: password,
+    password_confirmation: password,
+    email: email,
+    login: email
   }
 
   load 'spree/user.rb'
 
-  if Spree::User.find_by_email(email)
+  if Spree::User.find_by(email: email)
     puts "\nWARNING: There is already a user with the email: #{email}, so no account changes were made.  If you wish to create an additional admin user, please run rake spree_auth:admin:create again with a different email.\n\n"
   else
     admin = Spree::User.new(attributes)
@@ -55,7 +57,7 @@ def create_admin_user
       admin.generate_spree_api_key!
       puts "Done!"
     else
-      puts "There was some problems with persisting new admin user:"
+      puts "There were some problems with persisting a new admin user:"
       admin.errors.full_messages.each do |error|
         puts error
       end
@@ -66,7 +68,7 @@ end
 if Spree::User.admin.empty?
   create_admin_user
 else
-  puts 'Admin user has already been previously created.'
+  puts 'Admin user has already been created.'
   puts 'Would you like to create a new admin user? (yes/no)'
   if ["yes", "y"].include? STDIN.gets.strip.downcase
     create_admin_user

data/db/migrate/20101026184949_create_users.rb

@@ -1,17 +1,19 @@
+# frozen_string_literal: true
+
 class CreateUsers < SolidusSupport::Migration[4.2]
   def up
     unless table_exists?("spree_users")
-      create_table "spree_users", :force => true do |t|
-        t.string   "crypted_password",          :limit => 128
-        t.string   "salt",                      :limit => 128
+      create_table "spree_users", force: true do |t|
+        t.string   "crypted_password",          limit: 128
+        t.string   "salt",                      limit: 128
         t.string   "email"
         t.string   "remember_token"
         t.string   "remember_token_expires_at"
         t.string   "persistence_token"
         t.string   "single_access_token"
         t.string   "perishable_token"
-        t.integer  "login_count",                              :default => 0, :null => false
-        t.integer  "failed_login_count",                       :default => 0, :null => false
+        t.integer  "login_count",                              default: 0, null: false
+        t.integer  "failed_login_count",                       default: 0, null: false
         t.datetime "last_request_at"
         t.datetime "current_login_at"
         t.datetime "last_login_at"
@@ -20,8 +22,8 @@ class CreateUsers < SolidusSupport::Migration[4.2]
         t.string   "login"
         t.integer  "ship_address_id"
         t.integer  "bill_address_id"
-        t.datetime "created_at",                                              :null => false
-        t.datetime "updated_at",                                              :null => false
+        t.datetime "created_at",                                              null: false
+        t.datetime "updated_at",                                              null: false
         t.string   "openid_identifier"
       end
     end

data/db/migrate/20101026184950_rename_columns_for_devise.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 class RenameColumnsForDevise < SolidusSupport::Migration[4.2]
   def up
     return if column_exists?(:spree_users, :password_salt)
+
     rename_column :spree_users, :crypted_password, :encrypted_password
     rename_column :spree_users, :salt, :password_salt
     rename_column :spree_users, :remember_token_expires_at, :remember_created_at

data/db/migrate/20101214150824_convert_user_remember_field.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class ConvertUserRememberField < SolidusSupport::Migration[4.2]
   def up
     remove_column :spree_users, :remember_created_at

data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddResetPasswordSentAtToSpreeUsers < SolidusSupport::Migration[4.2]
   def change
     Spree::User.reset_column_information

data/db/migrate/20120605211305_make_users_email_index_unique.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 class MakeUsersEmailIndexUnique < SolidusSupport::Migration[4.2]
   def up
-    add_index "spree_users", ["email"], :name => "email_idx_unique", :unique => true
+    add_index "spree_users", ["email"], name: "email_idx_unique", unique: true
   end
 
   def down
-    remove_index "spree_users", :name => "email_idx_unique"
+    remove_index "spree_users", name: "email_idx_unique"
   end
 end

data/db/migrate/20140904000425_add_deleted_at_to_users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddDeletedAtToUsers < SolidusSupport::Migration[4.2]
   def change
     add_column :spree_users, :deleted_at, :datetime

data/db/migrate/20141002154641_add_confirmable_to_users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class AddConfirmableToUsers < SolidusSupport::Migration[4.2]
   def change
     add_column :spree_users, :confirmation_token, :string

data/db/migrate/20190125170630_add_reset_password_token_index_to_spree_users.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
 class AddResetPasswordTokenIndexToSpreeUsers < SolidusSupport::Migration[4.2]
   # We're not using the standard Rails index name because somebody could have
-  # already added that index to the table. By using a custom name we ensure
+  #  already added that index to the table. By using a custom name we ensure
   # that the index can effectively be added and removed via migrations/rollbacks
-  # without having any impact on such installations. The index name is Rails
+  #  without having any impact on such installations. The index name is Rails
   # standard name + "_solidus_auth_devise"; the length is 61 chars which is
   # still OK for Sqlite, mySQL and Postgres.
   def custom_index_name

data/db/seeds.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require_relative 'default/users.rb'

data/lib/controllers/backend/spree/admin/base_controller_decorator.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Spree
+  module Admin
+    module BaseControllerDecorator
+      protected
+
+      def model_class
+        const_name = controller_name.classify
+        if Spree.const_defined?(const_name, false)
+          return "Spree::#{const_name}".constantize
+        end
+
+        nil
+      end
+
+      ::Spree::Admin::BaseController.prepend self
+    end
+  end
+end

data/lib/controllers/backend/spree/admin/orders/customer_details_controller_decorator.rb

@@ -1,15 +1,18 @@
+# frozen_string_literal: true
+
 Spree::Admin::Orders::CustomerDetailsController.class_eval do
   before_action :check_authorization
 
   private
-    def check_authorization
-      load_order
-      session[:access_token] ||= params[:token]
 
-      resource = @order
-      action = params[:action].to_sym
-      action = :edit if action == :show # show route renders :edit for this controller
+  def check_authorization
+    load_order
+    session[:access_token] ||= params[:token]
+
+    resource = @order
+    action = params[:action].to_sym
+    action = :edit if action == :show # show route renders :edit for this controller
 
-      authorize! action, resource, session[:access_token]
-    end
+    authorize! action, resource, session[:access_token]
+  end
 end

data/lib/controllers/backend/spree/admin/user_passwords_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::Admin::UserPasswordsController < Devise::PasswordsController
   helper 'spree/base'
 
@@ -20,8 +22,9 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
   def create
     self.resource = resource_class.send_reset_password_instructions(params[resource_name])
 
+    set_flash_message(:notice, :send_instructions) if is_navigational_format?
+
     if resource.errors.empty?
-      set_flash_message(:notice, :send_instructions) if is_navigational_format?
       respond_with resource, location: spree.admin_login_path
     else
       respond_with_navigational(resource) { render :new }
@@ -39,5 +42,4 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
       super
     end
   end
-
 end

data/lib/controllers/backend/spree/admin/user_sessions_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::Admin::UserSessionsController < Devise::SessionsController
   helper 'spree/base'
 
@@ -19,7 +21,7 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
         }
         format.js {
           user = resource.record
-          render json: {ship_address: user.ship_address, bill_address: user.bill_address}.to_json
+          render json: { ship_address: user.ship_address, bill_address: user.bill_address }.to_json
         }
       end
     else
@@ -32,12 +34,13 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
   end
 
   private
-    def accurate_title
-      I18n.t('spree.login')
-    end
 
-    def redirect_back_or_default(default)
-      redirect_to(session["spree_user_return_to"] || default)
-      session["spree_user_return_to"] = nil
-    end
+  def accurate_title
+    I18n.t('spree.login')
+  end
+
+  def redirect_back_or_default(default)
+    redirect_to(session["spree_user_return_to"] || default)
+    session["spree_user_return_to"] = nil
+  end
 end

data/lib/controllers/frontend/spree/checkout_controller_decorator.rb

@@ -1,27 +1,32 @@
-Spree::CheckoutController.class_eval do
-  prepend_before_action :check_registration,
-    except: [:registration, :update_registration]
-  prepend_before_action :check_authorization
+# frozen_string_literal: true
 
-  # This action builds some associations on the order, ex. addresses, which we
-  # don't to build or save here.
-  skip_before_action :setup_for_current_state, only: [:registration, :update_registration]
+module Spree
+  module CheckoutControllerDecorator
+    def self.prepended(base)
+      base.before_action :check_registration, except: [:registration, :update_registration]
+      base.before_action :check_authorization
 
-  def registration
-    @user = Spree::User.new
-  end
+      # This action builds some associations on the order, ex. addresses, which we
+      # don't to build or save here.
+      base.skip_before_action :setup_for_current_state, only: [:registration, :update_registration]
+    end
 
-  def update_registration
-    if params[:order][:email] =~ Devise.email_regexp && current_order.update_attributes(email: params[:order][:email])
-      redirect_to spree.checkout_path
-    else
-      flash[:registration_error] = t(:email_is_invalid, scope: [:errors, :messages])
+    def registration
       @user = Spree::User.new
-      render 'registration'
     end
-  end
 
-  private
+    def update_registration
+      if params[:order][:email] =~ Devise.email_regexp && current_order.update(email: params[:order][:email])
+        redirect_to spree.checkout_path
+      else
+        flash[:registration_error] = t(:email_is_invalid, scope: [:errors, :messages])
+        @user = Spree::User.new
+        render 'registration'
+      end
+    end
+
+    private
+
     def order_params
       params.
         fetch(:order, {}).
@@ -39,6 +44,7 @@ Spree::CheckoutController.class_eval do
     # Introduces a registration step whenever the +registration_step+ preference is true.
     def check_registration
       return unless registration_required?
+
       store_location
       redirect_to spree.checkout_registration_path
     end
@@ -53,7 +59,7 @@ Spree::CheckoutController.class_eval do
     end
 
     def guest_authenticated?
-      current_order.try!(:email).present? &&
+      current_order&.email.present? &&
         Spree::Config[:allow_guest_checkout]
     end
 
@@ -61,6 +67,10 @@ Spree::CheckoutController.class_eval do
     # are redirected to the tokenized order url unless authenticated as a registered user.
     def completion_route
       return spree.order_path(@order) if spree_current_user
+
       spree.token_order_path(@order, @order.guest_token)
     end
+
+    ::Spree::CheckoutController.prepend self
+  end
 end

data/lib/controllers/frontend/spree/user_confirmations_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UserConfirmationsController < Devise::ConfirmationsController
   helper 'spree/base', 'spree/store'
 

data/lib/controllers/frontend/spree/user_passwords_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UserPasswordsController < Devise::PasswordsController
   helper 'spree/base', 'spree/store'
 
@@ -16,8 +18,9 @@ class Spree::UserPasswordsController < Devise::PasswordsController
   def create
     self.resource = resource_class.send_reset_password_instructions(params[resource_name])
 
+    set_flash_message(:notice, :send_instructions) if is_navigational_format?
+
     if resource.errors.empty?
-      set_flash_message(:notice, :send_instructions) if is_navigational_format?
       respond_with resource, location: spree.login_path
     else
       respond_with_navigational(resource) { render :new }

data/lib/controllers/frontend/spree/user_registrations_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UserRegistrationsController < Devise::RegistrationsController
   helper 'spree/base', 'spree/store'
 
@@ -25,6 +27,7 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
   end
 
   protected
+
   def translation_scope
     'devise.user_registrations'
   end
@@ -34,6 +37,7 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
   end
 
   private
+
   def spree_user_params
     params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes | [:email])
   end

data/lib/controllers/frontend/spree/user_sessions_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UserSessionsController < Devise::SessionsController
   helper 'spree/base', 'spree/store'
 

data/lib/controllers/frontend/spree/users_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 class Spree::UsersController < Spree::StoreController
   skip_before_action :set_current_order, only: :show, raise: false
   prepend_before_action :load_object, only: [:show, :edit, :update]
@@ -24,7 +26,7 @@ class Spree::UsersController < Spree::StoreController
   end
 
   def update
-    if @user.update_attributes(user_params)
+    if @user.update(user_params)
       spree_current_user.reload
 
       if params[:user][:password].present?
@@ -40,20 +42,21 @@ class Spree::UsersController < Spree::StoreController
   end
 
   private
-    def user_params
-      params.require(:user).permit(Spree::PermittedAttributes.user_attributes | [:email])
-    end
 
-    def load_object
-      @user ||= Spree::User.find_by(id: spree_current_user&.id)
-      authorize! params[:action].to_sym, @user
-    end
+  def user_params
+    params.require(:user).permit(Spree::PermittedAttributes.user_attributes | [:email])
+  end
 
-    def authorize_actions
-      authorize! params[:action].to_sym, Spree::User.new
-    end
+  def load_object
+    @user ||= Spree::User.find_by(id: spree_current_user&.id)
+    authorize! params[:action].to_sym, @user
+  end
 
-    def accurate_title
-      I18n.t('spree.my_account')
-    end
+  def authorize_actions
+    authorize! params[:action].to_sym, Spree::User.new
+  end
+
+  def accurate_title
+    I18n.t('spree.my_account')
+  end
 end

data/lib/generators/solidus/auth/install/install_generator.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 module Solidus
   module Auth
     module Generators
       class InstallGenerator < Rails::Generators::Base
         def self.source_paths
-          paths = self.superclass.source_paths
-          paths << File.expand_path('../templates', __FILE__)
+          paths = superclass.source_paths
+          paths << File.expand_path('templates', __dir__)
           paths.flatten
         end
 

data/lib/generators/solidus/auth/install/templates/config/initializers/devise.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 Devise.secret_key = SecureRandom.hex(50).inspect

data/lib/solidus/auth.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 # This file is required by the dummy app's config/environment
 require "solidus_auth_devise"

data/lib/solidus_auth_devise.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "spree_core"
 require "solidus_support"
 require "spree/auth/devise"