solidus_auth_devise 2.2.0 → 2.5.2

data/Gemfile

@@ -1,31 +1,29 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
-gem "solidus", github: "solidusio/solidus", branch: branch
+gem 'solidus', github: 'solidusio/solidus', branch: branch
 
-group :test do
-  if branch == 'master' || branch >= "v2.0"
-    gem 'rails-controller-testing', '~> 1.0'
-  else
-    gem "rails_test_params_backport"
-  end
-  if branch < "v2.5"
-    gem 'factory_bot', '4.10.0'
-  else
-    gem 'factory_bot', '> 4.10.0'
-  end
-end
+# Needed to help Bundler figure out how to resolve dependencies,
+# otherwise it takes forever to resolve them.
+# See https://github.com/bundler/bundler/issues/6677
+gem 'rails', '>0.a'
 
-if ENV['DB'] == 'mysql'
-  gem 'mysql2', '~> 0.4.10'
+case ENV['DB']
+when 'mysql'
+  gem 'mysql2'
+when 'postgresql'
+  gem 'pg'
 else
-  gem 'pg', '~> 0.21'
+  gem 'sqlite3'
 end
 
-group :development, :test do
-  gem 'pry-rails', '~> 0.3.9'
-end
-
-gem 'deface', '~> 1.3', require: false
+gem 'rails-controller-testing', group: :test
 
 gemspec
+
+# Use a local Gemfile to include development dependencies that might not be
+# relevant for the project or for other contributors, e.g.: `gem 'pry-debug'`.
+eval_gemfile 'Gemfile-local' if File.exist? 'Gemfile-local'

data/{LICENSE.md → LICENSE}

@@ -1,4 +1,4 @@
-Copyright (c) 2014, Spree Commerce, Inc. and other contributors
+Copyright (c) 2020 Solidus Team
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -9,7 +9,7 @@ are permitted provided that the following conditions are met:
     * Redistributions in binary form must reproduce the above copyright notice,
       this list of conditions and the following disclaimer in the documentation
       and/or other materials provided with the distribution.
-    * Neither the name Spree nor the names of its contributors may be used to
+    * Neither the name Solidus nor the names of its contributors may be used to
       endorse or promote products derived from this software without specific
       prior written permission.
 

data/README.md

@@ -1,6 +1,8 @@
 Solidus Auth (Devise)
 =====================
 
+[![CircleCI](https://circleci.com/gh/solidusio/solidus_auth_devise.svg?style=svg)](https://circleci.com/gh/solidusio/solidus_auth_devise)
+
 Provides authentication services for Solidus, using the Devise gem.
 
 Installation
@@ -94,32 +96,6 @@ Run the following to automatically build a dummy app if necessary and run the te
 bundle exec rake
 ```
 
-Releasing
----------
-
-We use [gem-release](https://github.com/svenfuchs/gem-release) to release this
-extension with ease.
-
-Supposing you are on the master branch and you are working on a fork of this
-extension, `upstream` is the main remote and you have write access to it, you
-can simply run:
-
-```
-gem bump --version minor --tag --release
-```
+## Releasing a new version
 
-This command will:
-
-- bump the gem version to the next minor (changing the `version.rb` file)
-- commit the change and push it to upstream master
-- create a git tag
-- push the tag to the upstream remote
-- release the new version on RubyGems
-
-Or you can run these commands individually:
-
-```
-gem bump --version minor 
-gem tag
-gem release
-```
+Please refer to the dedicated [page](https://github.com/solidusio/solidus/wiki/How-to-release-extensions) on Solidus wiki.

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bundler'
 Bundler::GemHelper.install_tasks
 

data/app/mailers/spree/user_mailer.rb

@@ -1,12 +1,14 @@
+# frozen_string_literal: true
+
 module Spree
   class UserMailer < BaseMailer
-    def reset_password_instructions(user, token, *args)
+    def reset_password_instructions(user, token, *_args)
       @store = Spree::Store.default
       @edit_password_reset_url = spree.edit_spree_user_password_url(reset_password_token: token, host: @store.url)
       mail to: user.email, from: from_address(@store), subject: "#{@store.name} #{I18n.t(:subject, scope: [:devise, :mailer, :reset_password_instructions])}"
     end
 
-    def confirmation_instructions(user, token, opts={})
+    def confirmation_instructions(user, token, _opts = {})
       @store = Spree::Store.default
       @confirmation_url = spree.spree_user_confirmation_url(confirmation_token: token, host: @store.url)
       mail to: user.email, from: from_address(@store), subject: "#{@store.name} #{I18n.t(:subject, scope: [:devise, :mailer, :confirmation_instructions])}"

data/app/models/spree/user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Spree
   class User < Spree::Base
     include UserMethods
@@ -16,10 +18,7 @@ module Spree
 
     before_validation :set_login
 
-    users_table_name = User.table_name
-    roles_table_name = Role.table_name
-
-    scope :admin, -> { includes(:spree_roles).where("#{roles_table_name}.name" => "admin") }
+    scope :admin, -> { includes(:spree_roles).where("#{Role.table_name}.name" => "admin") }
 
     def self.admin_created?
       User.admin.count > 0
@@ -34,23 +33,26 @@ module Spree
     end
 
     protected
-      def password_required?
-        !persisted? || password.present? || password_confirmation.present?
-      end
+
+    def password_required?
+      !persisted? || password.present? || password_confirmation.present?
+    end
 
     private
 
-      def set_login
-        # for now force login to be same as email, eventually we will make this configurable, etc.
-        self.login ||= self.email if self.email
-      end
-
-      def scramble_email_and_password
-        self.email = SecureRandom.uuid + "@example.net"
-        self.login = self.email
-        self.password = SecureRandom.hex(8)
-        self.password_confirmation = self.password
-        self.save
-      end
+    def set_login
+      # for now force login to be same as email, eventually we will make this configurable, etc.
+      self.login ||= email if email
+    end
+
+    def scramble_email_and_password
+      return true if destroyed?
+
+      self.email = SecureRandom.uuid + "@example.net"
+      self.login = email
+      self.password = SecureRandom.hex(8)
+      self.password_confirmation = password
+      save
+    end
   end
 end

data/app/overrides/spree/admin/users/edit/_add_reset_password_form.html.erb.deface

@@ -0,0 +1,20 @@
+<!--
+  insert_before "fieldset#admin_user_edit_api_key"
+  original "904c52ff702412d1dc8d55ff44d87d7f581f6675"
+-->
+
+<% if @user != try_spree_current_user %>
+  <fieldset class="no-border-bottom" data-hook="admin_user_reset_password">
+    <legend><%= t(:'spree.forgot_password') %></legend>
+
+    <%= form_for [:admin, @user], as: :spree_user, url: admin_reset_password_path, method: :post do |f| %>
+      <%= f.hidden_field :email, value: @user.email %>
+
+      <% if can?(:update, @user) %>
+        <div class="align-center">
+          <%= f.submit Spree.user_class.human_attribute_name(:reset_password), class: "button primary" %>
+        </div>
+      <% end %>
+    <% end %>
+  </fieldset>
+<% end %>

data/bin/console

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "solidus_auth_devise"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+$LOAD_PATH.unshift(*Dir["#{__dir__}/../app/*"])
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/rails

@@ -1,7 +1,15 @@
 #!/usr/bin/env ruby
 
-ENGINE_ROOT = File.expand_path('../..', __FILE__)
-ENGINE_PATH = File.expand_path('../../lib/spree/auth/engine', __FILE__)
+# frozen_string_literal: true
 
-require 'rails/all'
-require 'rails/engine/commands'
+app_root = 'spec/dummy'
+
+unless File.exist? "#{app_root}/bin/rails"
+  system "bin/rake", app_root or begin # rubocop:disable Style/AndOr
+    warn "Automatic creation of the dummy app failed"
+    exit 1
+  end
+end
+
+Dir.chdir app_root
+exec 'bin/rails', *ARGV

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+gem install bundler --conservative
+bundle update
+bundle exec rake clobber

data/config/initializers/devise.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|
@@ -29,7 +31,7 @@ Devise.setup do |config|
   config.http_authenticatable = true
 
   # Set this to true to use Basic Auth for AJAX requests.  True by default.
-  #config.http_authenticatable_on_xhr = false
+  # config.http_authenticatable_on_xhr = false
 
   # The realm used in Http Basic Authentication
   config.http_authentication_realm = 'Spree Application'
@@ -41,7 +43,11 @@ Devise.setup do |config|
   config.encryptor = 'authlogic_sha512'
 
   # Setup a pepper to generate the encrypted password.
-  config.pepper = Rails.configuration.secret_token
+  config.pepper = if Rails.configuration.respond_to?(:secret_token) && Rails.configuration.secret_token.present?
+    Rails.configuration.secret_token
+  else
+    Rails.configuration.secret_key_base
+  end
 
   # ==> Configuration for :confirmable
   # The time you want to give your user to confirm his account. During this time
@@ -114,6 +120,9 @@ Devise.setup do |config|
   # should add them to the navigational formats lists. Default is [:html]
   config.navigational_formats = [:html, :json, :xml]
 
+  # The default HTTP method used to sign out a resource. Default is :delete.
+  config.sign_out_via = :delete
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not (yet) supported by Devise,
   # you can configure them inside the config.warden block. The example below
@@ -132,7 +141,6 @@ Devise.setup do |config|
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
   config.reset_password_within = 6.hours
-  config.sign_out_via = :get
 
   config.case_insensitive_keys = [:email]
 end

data/config/initializers/warden.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Merges users orders to their account after sign in and sign up.
-Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
+Warden::Manager.after_set_user except: :fetch do |user, auth, _opts|
   if auth.cookies.signed[:guest_token].present?
     if user.is_a?(Spree::User)
       Spree::Order.incomplete.where(guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
@@ -9,6 +11,6 @@ Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
   end
 end
 
-Warden::Manager.before_logout do |user, auth, opts|
+Warden::Manager.before_logout do |_user, auth, _opts|
   auth.cookies.delete :guest_token
 end

data/config/locales/en.yml

@@ -33,8 +33,10 @@ en:
       spree_user:
         cannot_be_blank: Your password cannot be blank.
         no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
-        send_instructions: You will receive an email with instructions about how to reset your password in a few minutes.
+        send_instructions: If an account with that email address exists, you will receive an email with instructions about how to reset your password in a few minutes.
         updated: Your password was changed successfully. You are now signed in.
+    passwords:
+      send_instructions: If an account with that email address exists, you will receive an email with instructions about how to reset your password in a few minutes.
     user_registrations:
       destroyed: Bye! Your account was successfully cancelled. We hope to see you again soon.
       inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}.'

data/config/locales/it.yml

@@ -1,8 +1,8 @@
+---
 it:
   spree:
-    admin:
-      tab:
-        users: Utenti
+    admin_login: Login Amministrazione
+    change_my_password: Cambia la password
   devise:
     confirmations:
       confirmed: Il tuo account è stato correttamente confermato. Ora sei collegato.
@@ -65,9 +65,9 @@ it:
       signed_out: Uscito correttamente.
   errors:
     messages:
-      email_is_invalid: L'indirizzo email non può essere vuoto
       already_confirmed: è stato già confermato
       confirmation_period_expired: deve essere confermato entro %{period}, richiedi una nuova conferma
+      email_is_invalid: L'indirizzo email non può essere vuoto
       expired: è scaduto, si prega di richiederne uno nuovo
       not_found: non trovato
       not_locked: non era bloccato

data/config/routes.rb

@@ -1,9 +1,7 @@
-Spree::Core::Engine.routes.draw do
-  if (
-    SolidusSupport.frontend_available? &&
-    Spree::Auth::Config.draw_frontend_routes
-  )
+# frozen_string_literal: true
 
+Spree::Core::Engine.routes.draw do
+  if SolidusSupport.frontend_available? && Spree::Auth::Config.draw_frontend_routes
     devise_for(:spree_user, {
       class_name: 'Spree::User',
       controllers: {
@@ -39,11 +37,7 @@ Spree::Core::Engine.routes.draw do
     resource :account, controller: 'users'
   end
 
-  if (
-    SolidusSupport.backend_available? &&
-    Spree::Auth::Config.draw_backend_routes
-  )
-
+  if SolidusSupport.backend_available? && Spree::Auth::Config.draw_backend_routes
     namespace :admin do
       devise_for(:spree_user, {
         class_name: 'Spree::User',
@@ -61,7 +55,7 @@ Spree::Core::Engine.routes.draw do
         get '/authorization_failure', to: 'user_sessions#authorization_failure', as: :unauthorized
         get '/login', to: 'user_sessions#new', as: :login
         post '/login', to: 'user_sessions#create', as: :create_new_session
-        get '/logout', to: 'user_sessions#destroy', as: :logout
+        match '/logout', to: 'user_sessions#destroy', as: :logout, via: Devise.sign_out_via
 
         get '/password/recover', to: 'user_passwords#new', as: :recover_password
         post '/password/recover', to: 'user_passwords#create', as: :reset_password

data/db/default/users.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # see last line where we create an admin if there is none, asking for email and password
 def prompt_for_admin_password
   if ENV['ADMIN_PASSWORD']
@@ -31,20 +33,20 @@ def create_admin_user
     email = 'admin@example.com'
   else
     puts 'Create the admin user (press enter for defaults).'
-    #name = prompt_for_admin_name unless name
+    # name = prompt_for_admin_name unless name
     email = prompt_for_admin_email
     password = prompt_for_admin_password
   end
   attributes = {
-    :password => password,
-    :password_confirmation => password,
-    :email => email,
-    :login => email
+    password: password,
+    password_confirmation: password,
+    email: email,
+    login: email
   }
 
   load 'spree/user.rb'
 
-  if Spree::User.find_by_email(email)
+  if Spree::User.find_by(email: email)
     puts "\nWARNING: There is already a user with the email: #{email}, so no account changes were made.  If you wish to create an additional admin user, please run rake spree_auth:admin:create again with a different email.\n\n"
   else
     admin = Spree::User.new(attributes)
@@ -55,7 +57,7 @@ def create_admin_user
       admin.generate_spree_api_key!
       puts "Done!"
     else
-      puts "There was some problems with persisting new admin user:"
+      puts "There were some problems with persisting a new admin user:"
       admin.errors.full_messages.each do |error|
         puts error
       end
@@ -66,7 +68,7 @@ end
 if Spree::User.admin.empty?
   create_admin_user
 else
-  puts 'Admin user has already been previously created.'
+  puts 'Admin user has already been created.'
   puts 'Would you like to create a new admin user? (yes/no)'
   if ["yes", "y"].include? STDIN.gets.strip.downcase
     create_admin_user