solidus_auth_devise 2.2.0 → 2.5.2

data/lib/views/frontend/spree/user_passwords/new.html.erb

@@ -1,17 +1,15 @@
-<%= render partial: 'spree/shared/error_messages', locals: { target: @spree_user } %>
-
 <div id="forgot-password">
-  <h6><%= I18n.t('spree.forgot_password') %></h6>
+  <h6><%= t('spree.forgot_password') %></h6>
 
-  <p><%= I18n.t('spree.instructions_to_reset_password') %></p>
+  <p><%= t('spree.instructions_to_reset_password') %></p>
 
   <%= form_for Spree::User.new, as: :spree_user, url: spree.reset_password_path do |f| %>
     <p>
-      <%= f.label :email, I18n.t('spree.email') %><br />
-      <%= f.email_field :email %>
+      <%= f.label :email, t('spree.email') %><br />
+      <%= f.email_field :email, required: true %>
     </p>
     <p>
-      <%= f.submit I18n.t('spree.reset_password'), class: 'button primary' %>
+      <%= f.submit t('spree.reset_password'), class: 'button primary' %>
     </p>
   <% end %>
 </div>

data/lib/views/frontend/spree/user_registrations/new.html.erb

@@ -3,16 +3,16 @@
 <%= render 'spree/shared/error_messages', target: resource %>
 
 <div id="new-customer">
-  <h6><%= I18n.t('spree.new_customer') %></h6>
+  <h6><%= t('spree.new_customer') %></h6>
 
   <div data-hook="signup">
     <%= form_for resource, as: :spree_user, url: spree.registration_path(resource) do |f| %>
       <div data-hook="signup_inside_form">
         <%= render partial: 'spree/shared/user_form', locals: { f: f } %>
-        <p><%= f.submit I18n.t('spree.create'), class: 'button primary' %></p>
+        <p><%= f.submit t('spree.create'), class: 'button primary' %></p>
       </div>
     <% end %>
-    <%= I18n.t('spree.or') %>&nbsp;<%= link_to I18n.t('spree.login_as_existing'), spree.login_path %>
+    <%= t('spree.or') %>&nbsp;<%= link_to t('spree.login_as_existing'), spree.login_path %>
 
   </div>
 

data/lib/views/frontend/spree/user_sessions/authorization_failure.html.erb

@@ -1,4 +1,4 @@
 <div style="height:50px; padding-top:20px;">
-  <strong><%= I18n.t('spree.authorization_failure') %></strong>
+  <strong><%= t('spree.authorization_failure') %></strong>
 </div>
 <!-- Add your own custom access denied message here if you like -->

data/lib/views/frontend/spree/user_sessions/new.html.erb

@@ -4,10 +4,10 @@
 
 <% @body_id = 'login' %>
 <div id="existing-customer">
-  <h6><%= I18n.t('spree.login_as_existing') %></h6>
+  <h6><%= t('spree.login_as_existing') %></h6>
   <div data-hook="login">
     <%= render partial: 'spree/shared/login' %>
-    <%= I18n.t('spree.or') %>&nbsp;<%= link_to I18n.t('spree.create_a_new_account'), spree.signup_path %> | <%= link_to I18n.t('spree.forgot_password'), spree.recover_password_path %>
+    <%= t('spree.or') %>&nbsp;<%= link_to t('spree.create_a_new_account'), spree.signup_path %> | <%= link_to t('spree.forgot_password'), spree.recover_password_path %>
   </div>
 </div>
 <div data-hook="login_extras"></div>

data/lib/views/frontend/spree/users/edit.html.erb

@@ -1,13 +1,13 @@
 <%= render partial: 'spree/shared/error_messages', locals: { target: @user } %>
 
 <div id="edit-account">
-  <h1><%= I18n.t('spree.editing_user') %></h1>
+  <h1><%= t('spree.editing_user') %></h1>
 
   <div data-hook="account_edit">
     <%= form_for Spree::User.new, as: @user, url: spree.user_path(@user), method: :put do |f| %>
       <%= render partial: 'spree/shared/user_form', locals: { f: f } %>
       <p>
-        <%= f.submit I18n.t('spree.update'), class: 'button primary' %>
+        <%= f.submit t('spree.update'), class: 'button primary' %>
       </p>
     <% end %>
   </div>

data/lib/views/frontend/spree/users/show.html.erb

@@ -2,24 +2,24 @@
 
 <div data-hook="account_summary" class="account-summary">
   <dl id="user-info">
-    <dt><%= I18n.t('spree.email') %></dt>
-    <dd><%= @user.email %> (<%= link_to I18n.t('spree.edit'), spree.edit_account_path %>)</dd>
+    <dt><%= t('spree.email') %></dt>
+    <dd><%= @user.email %> (<%= link_to t('spree.edit'), spree.edit_account_path %>)</dd>
   </dl>
 </div>
 
 <div data-hook="account_my_orders" class="account-my-orders">
 
-  <h3><%= I18n.t('spree.my_orders') %></h3>
+  <h3><%= t('spree.my_orders') %></h3>
   <% if @orders.present? %>
     <table class="order-summary">
       <thead>
       <tr>
-        <th class="order-number"><%= I18n.t(:number, scope: 'activerecord.attributes.spree/order') %></th>
-        <th class="order-date"><%= I18n.t('spree.date') %></th>
-        <th class="order-status"><%= I18n.t('spree.status') %></th>
-        <th class="order-payment-state"><%= I18n.t('spree.payment_state') %></th>
-        <th class="order-shipment-state"><%= I18n.t('spree.shipment_state') %></th>
-        <th class="order-total"><%= I18n.t('spree.total') %></th>
+        <th class="order-number"><%= t(:number, scope: 'activerecord.attributes.spree/order') %></th>
+        <th class="order-date"><%= t('spree.date') %></th>
+        <th class="order-status"><%= t('spree.status') %></th>
+        <th class="order-payment-state"><%= t('spree.payment_state') %></th>
+        <th class="order-shipment-state"><%= t('spree.shipment_state') %></th>
+        <th class="order-total"><%= t('spree.total') %></th>
       </tr>
       </thead>
       <tbody>
@@ -27,16 +27,16 @@
         <tr class="<%= cycle('even', 'odd') %>">
           <td class="order-number"><%= link_to order.number, order_url(order) %></td>
           <td class="order-date"><%= l order.completed_at.to_date %></td>
-          <td class="order-status"><%= I18n.t("spree.order_state.#{order.state}").titleize %></td>
-          <td class="order-payment-state"><%= I18n.t("spree.payment_states.#{order.payment_state}").titleize if order.payment_state %></td>
-          <td class="order-shipment-state"><%= I18n.t("spree.shipment_states.#{order.shipment_state}").titleize if order.shipment_state %></td>
+          <td class="order-status"><%= t("spree.order_state.#{order.state}").titleize %></td>
+          <td class="order-payment-state"><%= t("spree.payment_states.#{order.payment_state}").titleize if order.payment_state %></td>
+          <td class="order-shipment-state"><%= t("spree.shipment_states.#{order.shipment_state}").titleize if order.shipment_state %></td>
           <td class="order-total"><%= order.display_total %></td>
         </tr>
       <% end %>
       </tbody>
     </table>
   <% else %>
-    <p><%= I18n.t('spree.you_have_no_orders_yet') %></p>
+    <p><%= t('spree.you_have_no_orders_yet') %></p>
   <% end %>
   <br />
 

data/solidus_auth_devise.gemspec

@@ -1,45 +1,50 @@
-# encoding: UTF-8
+# frozen_string_literal: true
 
-$:.unshift File.expand_path('lib', __dir__)
+$:.push File.expand_path('lib', __dir__)
 require 'spree/auth/version'
 
 Gem::Specification.new do |s|
-  s.platform    = Gem::Platform::RUBY
-  s.name        = "solidus_auth_devise"
-  s.version     = Spree::Auth::VERSION
-  s.summary     = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
-  s.description = s.summary
-
-  s.author       = 'Solidus Team'
-  s.email        = 'contact@solidus.io'
-
-  s.required_ruby_version = ">= 2.1"
-  s.license     = %q{BSD-3}
-
-  s.files        = `git ls-files`.split("\n")
-  s.test_files   = `git ls-files -- spec/*`.split("\n")
-  s.require_path = "lib"
-  s.requirements << "none"
-
-  solidus_version = [">= 1.2.0", "< 3"]
-
-  s.add_dependency "solidus_core", solidus_version
-  s.add_dependency "solidus_support", ">= 0.1.3"
+  s.platform = Gem::Platform::RUBY
+  s.name = "solidus_auth_devise"
+  s.version = Spree::Auth::VERSION
+  s.summary = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
+  s.license = 'BSD-3-Clause'
+
+  s.author = 'Solidus Team'
+  s.email = 'contact@solidus.io'
+  s.homepage = 'https://github.com/solidusio/solidus_auth_devise'
+
+  if s.respond_to?(:metadata)
+    s.metadata["homepage_uri"] = s.homepage if s.homepage
+    s.metadata["source_code_uri"] = s.homepage if s.homepage
+  end
+
+  s.required_ruby_version = '~> 2.4'
+
+  s.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  s.test_files = Dir['spec/**/*']
+  s.bindir = "exe"
+  s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  solidus_version = [">= 2.6", "< 3"]
+
+  s.post_install_message = "
+    NOTE: Rails 6 has removed secret_token in favor of secret_key_base, which was deprecated in
+    Rails 5.2. solidus_auth_devise will keep using secret_token, when present, as the pepper. If
+    secret_token is undefined or not available, secret_key_base will be used instead.
+  ".strip.gsub(/ +/, ' ')
+
+  s.add_dependency "deface", "~> 1.0"
   s.add_dependency "devise", '~> 4.1'
   s.add_dependency "devise-encryptable", "0.2.0"
+  s.add_dependency "paranoia", "~> 2.4"
+  s.add_dependency "solidus_core", solidus_version
+  s.add_dependency "solidus_support", "~> 0.5"
 
-  s.add_development_dependency "capybara", "~> 2.14"
-  s.add_development_dependency "capybara-screenshot"
-  s.add_development_dependency "coffee-rails"
-  s.add_development_dependency "database_cleaner", "~> 1.6"
-  s.add_development_dependency "ffaker"
-  s.add_development_dependency "gem-release", "~> 2.0"
-  s.add_development_dependency "poltergeist", "~> 1.5"
-  s.add_development_dependency "rspec-rails", "~> 3.3"
-  s.add_development_dependency "sass-rails"
-  s.add_development_dependency "shoulda-matchers", "~> 3.1"
-  s.add_development_dependency "simplecov", "~> 0.14"
   s.add_development_dependency "solidus_backend", solidus_version
+  s.add_development_dependency "solidus_dev_support", ">= 0.3.0"
   s.add_development_dependency "solidus_frontend", solidus_version
-  s.add_development_dependency "sqlite3", "~> 1.3.6"
 end

data/spec/controllers/spree/admin/base_controller_spec.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Spree::Admin::BaseController, type: :controller do
+  describe '#unauthorized_redirect' do
+    controller(described_class) do
+      def index; authorize!(:read, :something); end
+    end
+
+    before do
+      stub_spree_preferences(Spree::Config, redirect_back_on_unauthorized: true)
+    end
+
+    context "when user is logged in" do
+      before { sign_in(create(:user)) }
+
+      context "when http_referrer is not present" do
+        it "redirects to unauthorized path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_unauthorized_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+
+    context "when user is not logged in" do
+      context "when http_referrer is not present" do
+        it "redirects to login path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_login_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/admin/user_passwords_controller_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 RSpec.describe Spree::Admin::UserPasswordsController, type: :controller do
   before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
 

data/spec/controllers/spree/base_controller_spec.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Spree::BaseController, type: :controller do
+  describe '#unauthorized_redirect' do
+    controller(described_class) do
+      def index; authorize!(:read, :something); end
+    end
+
+    before do
+      stub_spree_preferences(Spree::Config, redirect_back_on_unauthorized: true)
+    end
+
+    context "when user is logged in" do
+      before { sign_in(create(:user)) }
+
+      context "when http_referrer is not present" do
+        it "redirects to unauthorized path" do
+          get :index
+          expect(response).to redirect_to(spree.unauthorized_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+
+    context "when user is not logged in" do
+      context "when http_referrer is not present" do
+        it "redirects to login path" do
+          get :index
+          expect(response).to redirect_to(spree.login_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/checkout_controller_spec.rb

@@ -1,5 +1,6 @@
-RSpec.describe Spree::CheckoutController, type: :controller do
+# frozen_string_literal: true
 
+RSpec.describe Spree::CheckoutController, type: :controller do
   let(:order) { create(:order_with_line_items, email: nil, user: nil, guest_token: token) }
   let(:user)  { build(:user, spree_api_key: 'fake') }
   let(:token) { 'some_token' }
@@ -39,11 +40,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
 
         context 'when guest checkout not allowed' do
           before do
-            Spree::Config.set(allow_guest_checkout: false)
-          end
-
-          after do
-            Spree::Config.set(allow_guest_checkout: true)
+            stub_spree_preferences(allow_guest_checkout: false)
           end
 
           it 'redirects to registration step' do
@@ -56,7 +53,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
 
     context 'when registration step disabled' do
       before do
-        Spree::Auth::Config.set(registration_step: false)
+        stub_spree_preferences(Spree::Auth::Config, registration_step: false)
       end
 
       context 'when authenticated as registered' do
@@ -80,8 +77,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
   context '#update' do
     context 'when in the confirm state' do
       before do
-        order.update_column(:email, 'spree@example.com')
-        order.update_column(:state, 'confirm')
+        order.update(email: 'spree@example.com', state: 'confirm')
 
         # So that the order can transition to complete successfully
         allow(order).to receive(:payment_required?) { false }

data/spec/controllers/spree/products_controller_spec.rb

@@ -1,5 +1,6 @@
-RSpec.describe Spree::ProductsController, type: :controller do
+# frozen_string_literal: true
 
+RSpec.describe Spree::ProductsController, type: :controller do
   let!(:product) { create(:product, available_on: 1.year.from_now) }
   let!(:user)    { build(:user, spree_api_key: 'fake') }
 
@@ -15,13 +16,9 @@ RSpec.describe Spree::ProductsController, type: :controller do
     allow(controller).to receive(:before_save_new_order)
     allow(controller).to receive(:spree_current_user) { user }
     allow(user).to receive(:has_spree_role?) { false }
-    if SolidusSupport.solidus_gem_version < Gem::Version.new('2.5.x')
+
+    expect {
       get :show, params: { id: product.to_param }
-      expect(response.status).to eq(404)
-    else
-      expect {
-        get :show, params: { id: product.to_param }
-      }.to raise_error(ActiveRecord::RecordNotFound)
-    end
+    }.to raise_error(ActiveRecord::RecordNotFound)
   end
 end

data/spec/controllers/spree/user_passwords_controller_spec.rb

@@ -1,5 +1,6 @@
-RSpec.describe Spree::UserPasswordsController, type: :controller do
+# frozen_string_literal: true
 
+RSpec.describe Spree::UserPasswordsController, type: :controller do
   let(:token) { 'some_token' }
 
   before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
@@ -16,7 +17,7 @@ RSpec.describe Spree::UserPasswordsController, type: :controller do
       it 'flashes an error' do
         get :edit
         expect(flash[:alert]).to include(
-          "You can't access this page without coming from a password reset " +
+          "You can't access this page without coming from a password reset " \
           'email'
         )
       end
@@ -34,7 +35,7 @@ RSpec.describe Spree::UserPasswordsController, type: :controller do
     context 'when updating password with blank password' do
       it 'shows error flash message, sets spree_user with token and re-displays password edit form' do
         put :update, params: { spree_user: { password: '', password_confirmation: '', reset_password_token: token } }
-        expect(assigns(:spree_user).kind_of?(Spree::User)).to eq true
+        expect(assigns(:spree_user).is_a?(Spree::User)).to eq true
         expect(assigns(:spree_user).reset_password_token).to eq token
         expect(flash[:error]).to eq I18n.t(:cannot_be_blank, scope: [:devise, :user_passwords, :spree_user])
         expect(response).to render_template :edit

data/spec/controllers/spree/user_registrations_controller_spec.rb

@@ -1,5 +1,6 @@
-RSpec.describe Spree::UserRegistrationsController, type: :controller do
+# frozen_string_literal: true
 
+RSpec.describe Spree::UserRegistrationsController, type: :controller do
   before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
 
   context '#create' do
@@ -56,7 +57,7 @@ RSpec.describe Spree::UserRegistrationsController, type: :controller do
         it 'assigns orders with the correct token and no user present' do
           order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
           subject
-          user = Spree::User.find_by_email('foobar@example.com')
+          user = Spree::User.find_by(email: 'foobar@example.com')
 
           order.reload
           expect(order.user_id).to eq user.id

data/spec/controllers/spree/user_sessions_controller_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 RSpec.describe Spree::UserSessionsController, type: :controller do
   let(:user) { create(:user) }
 
@@ -110,4 +112,16 @@ RSpec.describe Spree::UserSessionsController, type: :controller do
       end
     end
   end
+
+  context "#destroy" do
+    subject do
+      delete(:destroy)
+    end
+
+    it "redirects to default after signing out" do
+      subject
+      expect(controller.spree_current_user).to be_nil
+      expect(response).to redirect_to spree.root_path
+    end
+  end
 end