RubyGems - solidus_auth_devise - Versions diffs - 2.5.5 → 2.5.7 - Mend

solidus_auth_devise 2.5.5 → 2.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +4 -4
data/.circleci/config.yml +4 -5
data/CHANGELOG.md +15 -4
data/Gemfile +5 -5
data/bin/rails +1 -1
data/bin/sandbox +1 -0
data/db/default/users.rb +27 -67
data/lib/controllers/backend/spree/admin/user_sessions_controller.rb +6 -1
data/lib/controllers/frontend/spree/user_sessions_controller.rb +6 -1
data/lib/controllers/frontend/spree/users_controller.rb +1 -1
data/lib/decorators/frontend/controllers/spree/checkout_controller_decorator.rb +1 -0
data/lib/generators/solidus/auth/install/install_generator.rb +20 -13
data/lib/generators/solidus_auth_devise/install/install_generator.rb +11 -1
data/lib/solidus_auth_devise/engine.rb +0 -4
data/lib/solidus_auth_devise/version.rb +1 -1
data/lib/spree/auth/engine.rb +5 -0
data/lib/spree/authentication_helpers.rb +0 -25
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eabe96f35091dbe9f4cac913044f4eb301bd049adb5cb1f8b7b98616847cdf0f
-  data.tar.gz: '009afc8b8585d494940949bebaae6dc3ffdf2f80fb26f16189ecd1299c65c669'
+  metadata.gz: 2af5db5a4a28f17bc5159f1ccae8e0a6ad3f54aee0c03150a750a76129d89be7
+  data.tar.gz: 69aef17ae84f348294dff74150a24845a3924d8ec6258c3f230d61967e496c82
 SHA512:
-  metadata.gz: 7991cf3c2104f5e1cb21fe59d251a0d38c060ffb1b98788abc21598419034d19307879e0ebc075c1b9683a8c77bf1c2cb94438f21f197e6acb3a8105da0c76a8
-  data.tar.gz: 0abb460d4822728befdbfa648d3b190412968b3e75049e64f05b3b3304368ec4212cfb5feaedb7c3f3b1a92b8f256e7815c8daa37f82611eadb36be3ca0ab51c
+  metadata.gz: 171dd785ee3843aed488389a69049dbdf435c4df7ab7ba72e1d5be820b26a7cb422a531716afcbeaead38381e4a1efdab4197b232632ef9dd8066439c24a5918
+  data.tar.gz: 8b5f64a426df8e2ee9f7efbad70c7faecffc57968e9c4242b3bbd0a44ef77498781422bc6c3f63c90924fa626edc9018416585342557485b742b0f66a54b0afd

data/.circleci/config.yml CHANGED Viewed

@@ -16,8 +16,8 @@ jobs:
       name: solidusio_extensions/postgres
       ruby_version: '3.1'
     steps:
-      - browser-tools/install-browser-tools
       - checkout
+      - browser-tools/install-chrome
       - solidusio_extensions/run-tests-solidus-master
       - solidusio_extensions/store-test-results
@@ -26,8 +26,8 @@ jobs:
       name: solidusio_extensions/mysql
       ruby_version: '3.0'
     steps:
-      - browser-tools/install-browser-tools
       - checkout
+      - browser-tools/install-chrome
       - solidusio_extensions/run-tests-solidus-current
       - solidusio_extensions/store-test-results
@@ -36,15 +36,14 @@ jobs:
       name: solidusio_extensions/sqlite
       ruby_version: '2.7'
     steps:
-      - browser-tools/install-browser-tools
       - checkout
+      - browser-tools/install-chrome
       - solidusio_extensions/run-tests-solidus-older
       - solidusio_extensions/store-test-results
   lint-code:
-    executor: solidusio_extensions/sqlite-memory
+    executor: solidusio_extensions/sqlite
     steps:
-      - browser-tools/install-browser-tools
       - solidusio_extensions/lint-code
 workflows:

data/CHANGELOG.md CHANGED Viewed

@@ -1,11 +1,20 @@
 # Changelog
-## [v2.5.5](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.5) (2022-09-19)
+## [v2.5.7](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.7) (2022-10-31)
-[Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.4...v2.5.5)
+[Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.6...v2.5.7)
+**Merged pull requests:**
+- Fix the standard generator alias and remove interactivity from seeds [\#233](https://github.com/solidusio/solidus_auth_devise/pull/233) ([elia](https://github.com/elia))
+## [v2.5.6](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.6) (2022-09-30)
+[Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.5...v2.5.6)
 **Merged pull requests:**
+- Revert "Utilize Devise location helpers for redirecting" [\#232](https://github.com/solidusio/solidus_auth_devise/pull/232) ([elia](https://github.com/elia))
 - Run the CI on all supported ruby versions [\#229](https://github.com/solidusio/solidus_auth_devise/pull/229) ([elia](https://github.com/elia))
 - Utilize Devise location helpers for redirecting [\#228](https://github.com/solidusio/solidus_auth_devise/pull/228) ([cpfergus1](https://github.com/cpfergus1))
 - Update to use forked solidus\_frontend when needed [\#227](https://github.com/solidusio/solidus_auth_devise/pull/227) ([waiting-for-dev](https://github.com/waiting-for-dev))
@@ -16,12 +25,14 @@
 - Update to the latest solidus\_dev\_support defaults [\#220](https://github.com/solidusio/solidus_auth_devise/pull/220) ([elia](https://github.com/elia))
 - Fix build [\#219](https://github.com/solidusio/solidus_auth_devise/pull/219) ([gsmendoza](https://github.com/gsmendoza))
+## [v2.5.5](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.5) (2022-09-19)
+[Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.4...v2.5.5)
 ## [v2.5.4](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.4) (2021-11-17)
 [Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.3...v2.5.4)
-- Fix authentication bypass by CSRF weakness [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2)
 **Closed issues:**
 - This line doesn't do anything [\#214](https://github.com/solidusio/solidus_auth_devise/issues/214)

data/Gemfile CHANGED Viewed

@@ -25,13 +25,13 @@ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('3')
   # the 'async' gem that relies on the latest ruby, since RubyGems doesn't
   # resolve gems based on the required ruby version.
   gem 'async', '< 3', require: false
-  # 'net/smtp' is required by 'mail', see:
-  # - https://github.com/ruby/net-protocol/issues/10
-  # - https://stackoverflow.com/a/72474475
-  gem 'net-smtp', require: false
 end
+# 'net/smtp' is required by 'mail', see:
+# - https://github.com/ruby/net-protocol/issues/10
+# - https://stackoverflow.com/a/72474475
+gem 'net-smtp', require: false
 gemspec
 # Use a local Gemfile to include development dependencies that might not be

data/bin/rails CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
-if %w[g generate].include? ARGV.first
+if %w[g generate].include?(ARGV.first) && ARGV[1] !~ /^(solidus:auth:|solidus_auth_devise:)/
   exec "#{__dir__}/rails-engine", *ARGV
 else
   exec "#{__dir__}/rails-sandbox", *ARGV

data/bin/sandbox CHANGED Viewed

@@ -71,6 +71,7 @@ cat <<RUBY >> Gemfile
 gem 'solidus', github: 'solidusio/solidus', branch: '$BRANCH'
 gem 'rails-i18n'
 gem 'solidus_i18n'
+gem 'net-smtp', require: false
 gem '$extension_name', path: '..'

data/db/default/users.rb CHANGED Viewed

@@ -1,78 +1,38 @@
 # frozen_string_literal: true
-# see last line where we create an admin if there is none, asking for email and password
-def prompt_for_admin_password
-  if ENV['ADMIN_PASSWORD']
-    password = ENV['ADMIN_PASSWORD'].dup
-    puts "Admin Password #{password}"
-  else
-    print "Password [test123]: "
-    password = STDIN.gets.strip
-    password = 'test123' if password.blank?
-  end
+admin_role = Spree::Role.find_or_create_by(name: 'admin')
-  password
+if Spree::User.admin.any?
+  puts 'No admin user created.'
+  return
 end
-def prompt_for_admin_email
-  if ENV['ADMIN_EMAIL']
-    email = ENV['ADMIN_EMAIL'].dup
-    puts "Admin User #{email}"
-  else
-    print "Email [admin@example.com]: "
-    email = STDIN.gets.strip
-    email = 'admin@example.com' if email.blank?
-  end
+email = ENV['ADMIN_EMAIL'] || 'admin@example.com'
+password = ENV['ADMIN_PASSWORD'] || 'test123'
-  email
-end
-def create_admin_user
-  if ENV['AUTO_ACCEPT']
-    password = 'test123'
-    email = 'admin@example.com'
-  else
-    puts 'Create the admin user (press enter for defaults).'
-    # name = prompt_for_admin_name unless name
-    email = prompt_for_admin_email
-    password = prompt_for_admin_password
-  end
-  attributes = {
-    password: password,
-    password_confirmation: password,
-    email: email,
-    login: email
-  }
-  load 'spree/user.rb'
+puts "Creating admin user with:"
+puts "  - email: #{email}"
+puts "  - password: #{password}"
+puts "(please use the ADMIN_EMAIL and ADMIN_PASSWORD environment variables to control how the default admin user is created)"
-  if Spree::User.find_by(email: email)
-    puts "\nWARNING: There is already a user with the email: #{email}, so no account changes were made.  If you wish to create an additional admin user, please run rake spree_auth:admin:create again with a different email.\n\n"
-  else
-    admin = Spree::User.new(attributes)
-    if admin.save
-      role = Spree::Role.find_or_create_by(name: 'admin')
-      admin.spree_roles << role
-      admin.save
-      admin.generate_spree_api_key!
-      puts "Done!"
-    else
-      puts "There were some problems with persisting a new admin user:"
-      admin.errors.full_messages.each do |error|
-        puts error
-      end
-    end
-  end
+if Spree::User.find_by(email: email)
+  warn "WARNING: There is already a user with the email: #{email}, so no account changes were made."
+  return
 end
-if Spree::User.admin.empty?
-  create_admin_user
+admin = Spree::User.new(
+  password: password,
+  password_confirmation: password,
+  email: email,
+  login: email,
+)
+if admin.save
+  admin.spree_roles << admin_role
+  admin.save
+  admin.generate_spree_api_key!
 else
-  puts 'Admin user has already been created.'
-  puts 'Would you like to create a new admin user? (yes/no)'
-  if ["yes", "y"].include? STDIN.gets.strip.downcase
-    create_admin_user
-  else
-    puts 'No admin user created.'
-  end
+  warn "There were some problems while creating the admin user:"
+  warn(admin.errors.full_messages.map { |m| "- #{m}" })
+  warn "(attributes: #{admin.attributes.inspect})"
 end

data/lib/controllers/backend/spree/admin/user_sessions_controller.rb CHANGED Viewed

@@ -17,7 +17,7 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
       respond_to do |format|
         format.html {
           flash[:success] = I18n.t('spree.logged_in_succesfully')
-          redirect_to stored_spree_user_location_or(after_sign_in_path_for(spree_current_user))
+          redirect_back_or_default(after_sign_in_path_for(spree_current_user))
         }
         format.js {
           user = resource.record
@@ -47,4 +47,9 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
   def accurate_title
     I18n.t('spree.login')
   end
+  def redirect_back_or_default(default)
+    redirect_to(session["spree_user_return_to"] || default)
+    session["spree_user_return_to"] = nil
+  end
 end

data/lib/controllers/frontend/spree/user_sessions_controller.rb CHANGED Viewed

@@ -19,7 +19,7 @@ class Spree::UserSessionsController < Devise::SessionsController
       respond_to do |format|
         format.html do
           flash[:success] = I18n.t('spree.logged_in_succesfully')
-          redirect_to stored_spree_user_location_or(after_sign_in_path_for(spree_current_user))
+          redirect_back_or_default(after_sign_in_path_for(spree_current_user))
         end
         format.js { render success_json }
       end
@@ -49,6 +49,11 @@ class Spree::UserSessionsController < Devise::SessionsController
     I18n.t('spree.login')
   end
+  def redirect_back_or_default(default)
+    redirect_to(session["spree_user_return_to"] || default)
+    session["spree_user_return_to"] = nil
+  end
   def success_json
     {
       json: {

data/lib/controllers/frontend/spree/users_controller.rb CHANGED Viewed

@@ -17,7 +17,7 @@ class Spree::UsersController < Spree::StoreController
         session[:guest_token] = nil
       end
-      redirect_to stored_spree_user_location_or(root_url)
+      redirect_back_or_default(root_url)
     else
       render :new
     end

data/lib/decorators/frontend/controllers/spree/checkout_controller_decorator.rb CHANGED Viewed

@@ -45,6 +45,7 @@ module Spree
     def check_registration
       return unless registration_required?
+      store_location
       redirect_to spree.checkout_registration_path
     end

data/lib/generators/solidus/auth/install/install_generator.rb CHANGED Viewed

@@ -4,31 +4,38 @@ module Solidus
   module Auth
     module Generators
       class InstallGenerator < Rails::Generators::Base
-        class_option :auto_run_migrations, type: :boolean, default: false
-        class_option :skip_migrations, type: :boolean, default: false
+        class_option :auto_run_migrations, type: :boolean, desc: "Run migrations automatically"
+        class_option :skip_migrations, type: :boolean, desc: "Skip migrations"
-        def self.source_paths
-          paths = superclass.source_paths
-          paths << File.expand_path('templates', __dir__)
-          paths.flatten
-        end
+        class_option :interactive, type: :boolean, default: false, desc: "Enable interactive mode"
+        class_option :admin_email, type: :string
+        class_option :admin_password, type: :string
+        source_root "#{__dir__}/templates"
         def generate_devise_key
           template 'config/initializers/devise.rb', 'config/initializers/devise.rb', skip: true
         end
         def add_migrations
-          run 'bundle exec rake railties:install:migrations FROM=solidus_auth'
+          admin_email = options[:admin_email] || (options[:interactive] && ask("Email:", default: 'admin@example.com'))
+          admin_password = options[:admin_password] || (options[:interactive] && ask("Password:", default: 'test123'))
+          options = []
+          options << "ADMIN_EMAIL=#{admin_email}" if admin_email
+          options << "ADMIN_PASSWORD=#{admin_password}" if admin_password
+          rake "railties:install:migrations FROM=solidus_auth #{options.shelljoin}"
         end
         def run_migrations
-          return if options[:skip_migrations]
+          if options[:skip_migrations] ||
+            options[:auto_run_migrations] == false || # exclude nil
+            options[:interactive] && no?('Would you like to run the migrations now?')
-          run_migrations = options[:auto_run_migrations] || ['', 'y', 'Y'].include?(ask('Would you like to run the migrations now? [Y/n]'))
-          if run_migrations
-            run 'bundle exec rake db:migrate'
+            say_status :skip, 'Skipping rake db:migrate, don\'t forget to run it!', :yellow
           else
-            puts 'Skipping rake db:migrate, don\'t forget to run it!' # rubocop:disable Rails/Output
+            rake 'db:migrate'
           end
         end
       end

data/lib/generators/solidus_auth_devise/install/install_generator.rb CHANGED Viewed

@@ -1,8 +1,18 @@
 # frozen_string_literal: true
 require_relative '../../solidus/auth/install/install_generator'
 module SolidusAuthDevise
   module Generators
-    InstallGenerator = ::Solidus::Auth::Generators::InstallGenerator
+    class InstallGenerator < Rails::Generators::Base
+      # Copy over any class option from the legacy install generator
+      Solidus::Auth::Generators::InstallGenerator.class_options.each do |name, option|
+        class_options[name] ||= option.dup
+      end
+      def forward_to_spree_auth_install
+        generate 'solidus:auth:install', *ARGV
+      end
+    end
   end
 end

data/lib/solidus_auth_devise/engine.rb CHANGED Viewed

@@ -1,7 +1,3 @@
 # frozen_string_literal: true
 require 'spree/auth/engine'
-module SolidusAuthDevise
-  Engine = ::Spree::Auth::Engine
-end

data/lib/solidus_auth_devise/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module SolidusAuthDevise
-  VERSION = '2.5.5'
+  VERSION = '2.5.7'
 end

data/lib/spree/auth/engine.rb CHANGED Viewed

@@ -59,6 +59,7 @@ module Spree
               redirect_to spree.admin_unauthorized_path
             end
           else
+            store_location
             if Spree::Auth::Engine.redirect_back_on_unauthorized?
               redirect_back(fallback_location: spree.admin_login_path)
@@ -69,6 +70,7 @@ module Spree
         end
       end
       def self.prepare_frontend
         Spree::BaseController.unauthorized_redirect = -> do
           if spree_current_user
@@ -80,6 +82,7 @@ module Spree
               redirect_to spree.unauthorized_path
             end
           else
+            store_location
             if Spree::Auth::Engine.redirect_back_on_unauthorized?
               redirect_back(fallback_location: spree.login_path)
@@ -92,3 +95,5 @@ module Spree
     end
   end
 end
+SolidusAuthDevise::Engine = Spree::Auth::Engine

data/lib/spree/authentication_helpers.rb CHANGED Viewed

@@ -23,30 +23,5 @@ module Spree
                to: :spree,
                prefix: :spree
     end
-    private
-    def authenticate_spree_user!
-      store_spree_user_location! if storable_spree_user_location?
-      super
-    end
-    # It's important that the location is NOT stored if:
-    # - The request method is not GET (non idempotent)
-    # - The request is handled by a Devise controller such as Devise::SessionsController as that could cause an
-    #    infinite redirect loop.
-    # - The request is an Ajax request as this can lead to very unexpected behaviour.
-    def storable_spree_user_location?
-      request.get? && is_navigational_format? && !devise_controller? && !request.xhr?
-    end
-    def store_spree_user_location!
-      store_location_for(:spree_current_user, request.fullpath)
-    end
-    def stored_spree_user_location_or(fallback_location)
-      stored_location_for(:spree_current_user) || fallback_location
-    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_auth_devise
 version: !ruby/object:Gem::Version
-  version: 2.5.5
+  version: 2.5.7
 platform: ruby
 authors:
 - Solidus Team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-09-19 00:00:00.000000000 Z
+date: 2022-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deface