solidus_auth_devise 2.4.0 → 2.5.0

data/Gemfile

@@ -1,32 +1,29 @@
 # frozen_string_literal: true
 
-source "https://rubygems.org"
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
-gem "solidus", github: "solidusio/solidus", branch: branch
+gem 'solidus', github: 'solidusio/solidus', branch: branch
 
 # Needed to help Bundler figure out how to resolve dependencies,
-# otherwise it takes forever to resolve them
-if branch == 'master' || Gem::Version.new(branch[1..-1]) >= Gem::Version.new('2.10.0')
-  gem 'rails', '~> 6.0'
-else
-  gem 'rails', '~> 5.0'
-end
-
-group :test do
-  gem 'rails-controller-testing', '~> 1.0'
-  gem 'factory_bot', '> 4.10.0'
-end
+# otherwise it takes forever to resolve them.
+# See https://github.com/bundler/bundler/issues/6677
+gem 'rails', '>0.a'
 
 case ENV['DB']
 when 'mysql'
-  gem 'mysql2', '~> 0.4.10'
-when 'postgres'
-  gem 'pg', '~> 0.21'
+  gem 'mysql2'
+when 'postgresql'
+  gem 'pg'
+else
+  gem 'sqlite3'
 end
 
-group :development, :test do
-  gem 'pry-rails', '~> 0.3.9'
-end
+gem 'rails-controller-testing', group: :test
 
 gemspec
+
+# Use a local Gemfile to include development dependencies that might not be
+# relevant for the project or for other contributors, e.g.: `gem 'pry-debug'`.
+eval_gemfile 'Gemfile-local' if File.exist? 'Gemfile-local'

data/{LICENSE.md → LICENSE}

@@ -1,4 +1,4 @@
-Copyright (c) 2014, Spree Commerce, Inc. and other contributors
+Copyright (c) 2020 Solidus Team
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -9,7 +9,7 @@ are permitted provided that the following conditions are met:
     * Redistributions in binary form must reproduce the above copyright notice,
       this list of conditions and the following disclaimer in the documentation
       and/or other materials provided with the distribution.
-    * Neither the name Spree nor the names of its contributors may be used to
+    * Neither the name Solidus nor the names of its contributors may be used to
       endorse or promote products derived from this software without specific
       prior written permission.
 

data/app/models/spree/user.rb

@@ -46,6 +46,8 @@ module Spree
     end
 
     def scramble_email_and_password
+      return true if destroyed?
+
       self.email = SecureRandom.uuid + "@example.net"
       self.login = email
       self.password = SecureRandom.hex(8)

data/bin/console

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "solidus_auth_devise"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+$LOAD_PATH.unshift(*Dir["#{__dir__}/../app/*"])
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/rails

@@ -1,7 +1,15 @@
 #!/usr/bin/env ruby
 
-ENGINE_ROOT = File.expand_path('../..', __FILE__)
-ENGINE_PATH = File.expand_path('../../lib/spree/auth/engine', __FILE__)
+# frozen_string_literal: true
 
-require 'rails/all'
-require 'rails/engine/commands'
+app_root = 'spec/dummy'
+
+unless File.exist? "#{app_root}/bin/rails"
+  system "bin/rake", app_root or begin # rubocop:disable Style/AndOr
+    warn "Automatic creation of the dummy app failed"
+    exit 1
+  end
+end
+
+Dir.chdir app_root
+exec 'bin/rails', *ARGV

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+gem install bundler --conservative
+bundle update
+bundle exec rake clobber

data/db/migrate/20200417153503_add_unconfirmed_email_to_spree_users.rb

@@ -0,0 +1,7 @@
+class AddUnconfirmedEmailToSpreeUsers < ActiveRecord::Migration[5.2]
+  def change
+    unless column_exists?(:spree_users, :unconfirmed_email)
+      add_column :spree_users, :unconfirmed_email, :string
+    end
+  end
+end

data/lib/generators/solidus/auth/install/install_generator.rb

@@ -4,6 +4,9 @@ module Solidus
   module Auth
     module Generators
       class InstallGenerator < Rails::Generators::Base
+        class_option :auto_run_migrations, type: :boolean, default: false
+        class_option :skip_migrations, type: :boolean, default: false
+
         def self.source_paths
           paths = superclass.source_paths
           paths << File.expand_path('templates', __dir__)
@@ -19,7 +22,14 @@ module Solidus
         end
 
         def run_migrations
-          run 'bundle exec rake db:migrate'
+          return if options[:skip_migrations]
+
+          run_migrations = options[:auto_run_migrations] || ['', 'y', 'Y'].include?(ask('Would you like to run the migrations now? [Y/n]'))
+          if run_migrations
+            run 'bundle exec rake db:migrate'
+          else
+            puts 'Skipping rake db:migrate, don\'t forget to run it!' # rubocop:disable Rails/Output
+          end
         end
       end
     end

data/lib/solidus_auth_devise.rb

@@ -1,7 +1,13 @@
 # frozen_string_literal: true
 
-require "spree_core"
-require "solidus_support"
-require "spree/auth/devise"
-require "spree/authentication_helpers"
-require "deface"
+require 'solidus_core'
+require 'solidus_support'
+require 'deface'
+require 'devise'
+require 'devise-encryptable'
+require 'cancan'
+
+require 'spree/auth/devise'
+require 'spree/auth/version'
+require 'spree/auth/engine'
+require 'spree/authentication_helpers'

data/lib/spree/auth/devise.rb

@@ -1,10 +1,5 @@
 # frozen_string_literal: true
 
-require 'spree/core'
-require 'devise'
-require 'devise-encryptable'
-require 'cancan'
-
 module Spree
   module Auth
     def self.config
@@ -12,5 +7,3 @@ module Spree
     end
   end
 end
-
-require 'spree/auth/engine'

data/lib/spree/auth/engine.rb

@@ -6,6 +6,8 @@ require 'devise-encryptable'
 module Spree
   module Auth
     class Engine < Rails::Engine
+      include SolidusSupport::EngineExtensions
+
       isolate_namespace Spree
       engine_name 'solidus_auth'
 
@@ -18,65 +20,74 @@ module Spree
       end
 
       config.to_prepare do
-        auth = Spree::Auth::Engine
-
-        auth.prepare_backend  if SolidusSupport.backend_available?
-        auth.prepare_frontend if SolidusSupport.frontend_available?
+        Spree::Auth::Engine.prepare_backend if SolidusSupport.backend_available?
+        Spree::Auth::Engine.prepare_frontend if SolidusSupport.frontend_available?
 
-        ApplicationController.send :include, Spree::AuthenticationHelpers
+        ApplicationController.include Spree::AuthenticationHelpers
       end
 
-      def self.prepare_backend
-        Rails.application.config.assets.precompile += %w[
-          lib/assets/javascripts/spree/backend/solidus_auth.js
-          lib/assets/javascripts/spree/backend/solidus_auth.css
-        ]
+      def self.redirect_back_on_unauthorized?
+        return false unless Spree::Config.respond_to?(:redirect_back_on_unauthorized)
 
-        Dir.glob(File.join(File.dirname(__FILE__), "../../controllers/backend/*/*/*_decorator*.rb")) do |c|
-          Rails.configuration.cache_classes ? require(c) : load(c)
+        if Spree::Config.redirect_back_on_unauthorized
+          true
+        else
+          Spree::Deprecation.warn <<-WARN.strip_heredoc, caller
+            Having Spree::Config.redirect_back_on_unauthorized set
+            to `false` is deprecated and will not be supported in Solidus 3.0.
+            Please change this configuration to `true` and be sure that your
+            application does not break trying to redirect back when there is
+            an unauthorized access.
+          WARN
+
+          false
         end
+      end
 
+      def self.prepare_backend
         Spree::Admin::BaseController.unauthorized_redirect = -> do
           if try_spree_current_user
             flash[:error] = I18n.t('spree.authorization_failure')
-            redirect_to spree.admin_unauthorized_path
+
+            if Spree::Auth::Engine.redirect_back_on_unauthorized?
+              redirect_back(fallback_location: spree.admin_unauthorized_path)
+            else
+              redirect_to spree.admin_unauthorized_path
+            end
           else
             store_location
-            redirect_to spree.admin_login_path
+
+            if Spree::Auth::Engine.redirect_back_on_unauthorized?
+              redirect_back(fallback_location: spree.admin_login_path)
+            else
+              redirect_to spree.admin_login_path
+            end
           end
         end
       end
 
-      def self.prepare_frontend
-        Rails.application.config.assets.precompile += %w[
-          lib/assets/javascripts/spree/frontend/solidus_auth.js
-          lib/assets/javascripts/spree/frontend/solidus_auth.css
-        ]
-
-        Dir.glob(File.join(File.dirname(__FILE__), "../../controllers/frontend/*/*_decorator*.rb")) do |c|
-          Rails.configuration.cache_classes ? require(c) : load(c)
-        end
 
+      def self.prepare_frontend
         Spree::BaseController.unauthorized_redirect = -> do
           if try_spree_current_user
             flash[:error] = I18n.t('spree.authorization_failure')
-            redirect_to spree.unauthorized_path
+
+            if Spree::Auth::Engine.redirect_back_on_unauthorized?
+              redirect_back(fallback_location: spree.unauthorized_path)
+            else
+              redirect_to spree.unauthorized_path
+            end
           else
             store_location
-            redirect_to spree.login_path
+
+            if Spree::Auth::Engine.redirect_back_on_unauthorized?
+              redirect_back(fallback_location: spree.login_path)
+            else
+              redirect_to spree.login_path
+            end
           end
         end
       end
-
-      if SolidusSupport.backend_available?
-        paths["app/controllers"] << "lib/controllers/backend"
-        paths["app/views"] << "lib/views/backend"
-      end
-
-      if SolidusSupport.frontend_available?
-        paths["app/controllers"] << "lib/controllers/frontend"
-        paths["app/views"] << "lib/views/frontend"
-      end
     end
   end
 end

data/lib/spree/auth/version.rb

@@ -2,6 +2,6 @@
 
 module Spree
   module Auth
-    VERSION = '2.4.0'
+    VERSION = '2.5.0'
   end
 end

data/lib/views/backend/spree/admin/user_sessions/new.html.erb

@@ -10,11 +10,11 @@
       <div id="password-credentials">
         <p>
           <%= f.label :email, I18n.t('spree.email') %><br />
-          <%= f.email_field :email, class: 'title', tabindex: 1 %>
+          <%= f.email_field :email, class: 'title', tabindex: 1, autocomplete: 'username' %>
         </p>
         <p>
           <%= f.label :password, I18n.t('spree.password') %><br />
-          <%= f.password_field :password, class: 'title', tabindex: 2 %>
+          <%= f.password_field :password, class: 'title', tabindex: 2, autocomplete: 'current-password' %>
         </p>
       </div>
       <p>

data/solidus_auth_devise.gemspec

@@ -1,25 +1,33 @@
 # frozen_string_literal: true
 
-$:.unshift File.expand_path('lib', __dir__)
+$:.push File.expand_path('lib', __dir__)
 require 'spree/auth/version'
 
 Gem::Specification.new do |s|
-  s.platform    = Gem::Platform::RUBY
-  s.name        = "solidus_auth_devise"
-  s.version     = Spree::Auth::VERSION
-  s.summary     = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
-  s.description = s.summary
-
-  s.author       = 'Solidus Team'
-  s.email        = 'contact@solidus.io'
-
-  s.required_ruby_version = ">= 2.3"
-  s.license = 'BSD-3'
-
-  s.files        = `git ls-files`.split("\n")
-  s.test_files   = `git ls-files -- spec/*`.split("\n")
-  s.require_path = "lib"
-  s.requirements << "none"
+  s.platform = Gem::Platform::RUBY
+  s.name = "solidus_auth_devise"
+  s.version = Spree::Auth::VERSION
+  s.summary = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
+  s.license = 'BSD-3-Clause'
+
+  s.author = 'Solidus Team'
+  s.email = 'contact@solidus.io'
+  s.homepage = 'https://github.com/solidusio/solidus_auth_devise'
+
+  if s.respond_to?(:metadata)
+    s.metadata["homepage_uri"] = s.homepage if s.homepage
+    s.metadata["source_code_uri"] = s.homepage if s.homepage
+  end
+
+  s.required_ruby_version = '~> 2.4'
+
+  s.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  s.test_files = Dir['spec/**/*']
+  s.bindir = "exe"
+  s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  s.require_paths = ["lib"]
 
   solidus_version = [">= 2.6", "< 3"]
 
@@ -29,28 +37,14 @@ Gem::Specification.new do |s|
     secret_token is undefined or not available, secret_key_base will be used instead.
   ".strip.gsub(/ +/, ' ')
 
+  s.add_dependency "deface", "~> 1.0"
   s.add_dependency "devise", '~> 4.1'
   s.add_dependency "devise-encryptable", "0.2.0"
+  s.add_dependency "paranoia", "~> 2.4"
   s.add_dependency "solidus_core", solidus_version
-  s.add_dependency "solidus_support", ">= 0.1.3"
-  s.add_dependency "deface", "~> 1.0"
+  s.add_dependency "solidus_support", "~> 0.5"
 
-  s.add_development_dependency "capybara", "~> 2.14"
-  s.add_development_dependency "capybara-screenshot"
-  s.add_development_dependency "coffee-rails"
-  s.add_development_dependency "database_cleaner", "~> 1.6"
-  s.add_development_dependency "ffaker"
-  s.add_development_dependency "gem-release", "~> 2.0"
-  s.add_development_dependency "github_changelog_generator", "~> 1.14"
-  s.add_development_dependency "rspec-rails", "~> 4.0.0.beta2"
-  s.add_development_dependency "rubocop", "~> 0.71"
-  s.add_development_dependency "rubocop-performance", "~> 1.4"
-  s.add_development_dependency "rubocop-rails", "~> 2.2"
-  s.add_development_dependency "sass-rails"
-  s.add_development_dependency "selenium-webdriver", "~> 3.142"
-  s.add_development_dependency "shoulda-matchers", "~> 3.1"
-  s.add_development_dependency "simplecov", "~> 0.14"
   s.add_development_dependency "solidus_backend", solidus_version
+  s.add_development_dependency "solidus_dev_support", ">= 0.3.0"
   s.add_development_dependency "solidus_frontend", solidus_version
-  s.add_development_dependency "sqlite3"
 end

data/spec/controllers/spree/admin/base_controller_spec.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Spree::Admin::BaseController, type: :controller do
+  describe '#unauthorized_redirect' do
+    controller(described_class) do
+      def index; authorize!(:read, :something); end
+    end
+
+    before do
+      stub_spree_preferences(Spree::Config, redirect_back_on_unauthorized: true)
+    end
+
+    context "when user is logged in" do
+      before { sign_in(create(:user)) }
+
+      context "when http_referrer is not present" do
+        it "redirects to unauthorized path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_unauthorized_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+
+    context "when user is not logged in" do
+      context "when http_referrer is not present" do
+        it "redirects to login path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_login_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
+      end
+    end
+  end
+end