RubyGems - solidus_auth_devise - Versions diffs - 2.5.5 → 2.5.7 - Mend

solidus_auth_devise 2.5.5 → 2.5.7

Files changed (18) hide show

checksums.yaml +4 -4
data/.circleci/config.yml +4 -5
data/CHANGELOG.md +15 -4
data/Gemfile +5 -5
data/bin/rails +1 -1
data/bin/sandbox +1 -0
data/db/default/users.rb +27 -67
data/lib/controllers/backend/spree/admin/user_sessions_controller.rb +6 -1
data/lib/controllers/frontend/spree/user_sessions_controller.rb +6 -1
data/lib/controllers/frontend/spree/users_controller.rb +1 -1
data/lib/decorators/frontend/controllers/spree/checkout_controller_decorator.rb +1 -0
data/lib/generators/solidus/auth/install/install_generator.rb +20 -13
data/lib/generators/solidus_auth_devise/install/install_generator.rb +11 -1
data/lib/solidus_auth_devise/engine.rb +0 -4
data/lib/solidus_auth_devise/version.rb +1 -1
data/lib/spree/auth/engine.rb +5 -0
data/lib/spree/authentication_helpers.rb +0 -25
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: eabe96f35091dbe9f4cac913044f4eb301bd049adb5cb1f8b7b98616847cdf0f
-  data.tar.gz: '009afc8b8585d494940949bebaae6dc3ffdf2f80fb26f16189ecd1299c65c669'
+  metadata.gz: 2af5db5a4a28f17bc5159f1ccae8e0a6ad3f54aee0c03150a750a76129d89be7
+  data.tar.gz: 69aef17ae84f348294dff74150a24845a3924d8ec6258c3f230d61967e496c82
 SHA512:
-  metadata.gz: 7991cf3c2104f5e1cb21fe59d251a0d38c060ffb1b98788abc21598419034d19307879e0ebc075c1b9683a8c77bf1c2cb94438f21f197e6acb3a8105da0c76a8
-  data.tar.gz: 0abb460d4822728befdbfa648d3b190412968b3e75049e64f05b3b3304368ec4212cfb5feaedb7c3f3b1a92b8f256e7815c8daa37f82611eadb36be3ca0ab51c
+  metadata.gz: 171dd785ee3843aed488389a69049dbdf435c4df7ab7ba72e1d5be820b26a7cb422a531716afcbeaead38381e4a1efdab4197b232632ef9dd8066439c24a5918
+  data.tar.gz: 8b5f64a426df8e2ee9f7efbad70c7faecffc57968e9c4242b3bbd0a44ef77498781422bc6c3f63c90924fa626edc9018416585342557485b742b0f66a54b0afd

data/.circleci/config.yml CHANGED Viewed

@@ -16,8 +16,8 @@ jobs:
       name: solidusio_extensions/postgres
       ruby_version: '3.1'
     steps:
-      - browser-tools/install-browser-tools
       - checkout
+      - browser-tools/install-chrome
       - solidusio_extensions/run-tests-solidus-master
       - solidusio_extensions/store-test-results
@@ -26,8 +26,8 @@ jobs:
       name: solidusio_extensions/mysql
       ruby_version: '3.0'
     steps:
-      - browser-tools/install-browser-tools
       - checkout
+      - browser-tools/install-chrome
       - solidusio_extensions/run-tests-solidus-current
       - solidusio_extensions/store-test-results
@@ -36,15 +36,14 @@ jobs:
       name: solidusio_extensions/sqlite
       ruby_version: '2.7'
     steps:
-      - browser-tools/install-browser-tools
       - checkout
+      - browser-tools/install-chrome
       - solidusio_extensions/run-tests-solidus-older
       - solidusio_extensions/store-test-results
   lint-code:
-    executor: solidusio_extensions/sqlite-memory
+    executor: solidusio_extensions/sqlite
     steps:
-      - browser-tools/install-browser-tools
       - solidusio_extensions/lint-code
 workflows:

data/CHANGELOG.md CHANGED Viewed

@@ -1,11 +1,20 @@
 # Changelog
-## [v2.5.5](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.5) (2022-09-19)
+## [v2.5.7](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.7) (2022-10-31)
-[Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.4...v2.5.5)
+[Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.6...v2.5.7)
+**Merged pull requests:**
+- Fix the standard generator alias and remove interactivity from seeds [\#233](https://github.com/solidusio/solidus_auth_devise/pull/233) ([elia](https://github.com/elia))
+## [v2.5.6](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.6) (2022-09-30)
+[Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.5...v2.5.6)
 **Merged pull requests:**
+- Revert "Utilize Devise location helpers for redirecting" [\#232](https://github.com/solidusio/solidus_auth_devise/pull/232) ([elia](https://github.com/elia))
 - Run the CI on all supported ruby versions [\#229](https://github.com/solidusio/solidus_auth_devise/pull/229) ([elia](https://github.com/elia))
 - Utilize Devise location helpers for redirecting [\#228](https://github.com/solidusio/solidus_auth_devise/pull/228) ([cpfergus1](https://github.com/cpfergus1))
 - Update to use forked solidus\_frontend when needed [\#227](https://github.com/solidusio/solidus_auth_devise/pull/227) ([waiting-for-dev](https://github.com/waiting-for-dev))
@@ -16,12 +25,14 @@
 - Update to the latest solidus\_dev\_support defaults [\#220](https://github.com/solidusio/solidus_auth_devise/pull/220) ([elia](https://github.com/elia))
 - Fix build [\#219](https://github.com/solidusio/solidus_auth_devise/pull/219) ([gsmendoza](https://github.com/gsmendoza))
+## [v2.5.5](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.5) (2022-09-19)
+[Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.4...v2.5.5)
 ## [v2.5.4](https://github.com/solidusio/solidus_auth_devise/tree/v2.5.4) (2021-11-17)
 [Full Changelog](https://github.com/solidusio/solidus_auth_devise/compare/v2.5.3...v2.5.4)
-- Fix authentication bypass by CSRF weakness [GHSA-xm34-v85h-9pg2](https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2)
 **Closed issues:**
 - This line doesn't do anything [\#214](https://github.com/solidusio/solidus_auth_devise/issues/214)

data/Gemfile CHANGED Viewed

@@ -25,13 +25,13 @@ if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('3')
   # the 'async' gem that relies on the latest ruby, since RubyGems doesn't
   # resolve gems based on the required ruby version.
   gem 'async', '< 3', require: false
-  # 'net/smtp' is required by 'mail', see:
-  # - https://github.com/ruby/net-protocol/issues/10
-  # - https://stackoverflow.com/a/72474475
-  gem 'net-smtp', require: false
 end
+# 'net/smtp' is required by 'mail', see:
+# - https://github.com/ruby/net-protocol/issues/10
+# - https://stackoverflow.com/a/72474475
+gem 'net-smtp', require: false
 gemspec
 # Use a local Gemfile to include development dependencies that might not be

data/bin/rails CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
-if %w[g generate].include? ARGV.first
+if %w[g generate].include?(ARGV.first) && ARGV[1] !~ /^(solidus:auth:|solidus_auth_devise:)/
   exec "#{__dir__}/rails-engine", *ARGV
 else
   exec "#{__dir__}/rails-sandbox", *ARGV

data/bin/sandbox CHANGED Viewed

@@ -71,6 +71,7 @@ cat <<RUBY >> Gemfile
 gem 'solidus', github: 'solidusio/solidus', branch: '$BRANCH'
 gem 'rails-i18n'
 gem 'solidus_i18n'
+gem 'net-smtp', require: false
 gem '$extension_name', path: '..'

data/db/default/users.rb CHANGED Viewed

@@ -1,78 +1,38 @@
 # frozen_string_literal: true
-# see last line where we create an admin if there is none, asking for email and password
-def prompt_for_admin_password
-  if ENV['ADMIN_PASSWORD']
-    password = ENV['ADMIN_PASSWORD'].dup
-    puts "Admin Password #{password}"
-  else
-    print "Password [test123]: "
-    password = STDIN.gets.strip
-    password = 'test123' if password.blank?
-  end
+admin_role = Spree::Role.find_or_create_by(name: 'admin')
-  password
+if Spree::User.admin.any?
+  puts 'No admin user created.'
+  return
 end
-def prompt_for_admin_email
-  if ENV['ADMIN_EMAIL']
-    email = ENV['ADMIN_EMAIL'].dup
-    puts "Admin User #{email}"
-  else
-    print "Email [admin@example.com]: "
-    email = STDIN.gets.strip
-    email = 'admin@example.com' if email.blank?
-  end
+email = ENV['ADMIN_EMAIL'] || 'admin@example.com'
+password = ENV['ADMIN_PASSWORD'] || 'test123'
-  email
-end
-def create_admin_user
-  if ENV['AUTO_ACCEPT']
-    password = 'test123'
-    email = 'admin@example.com'
-  else
-    puts 'Create the admin user (press enter for defaults).'
-    # name = prompt_for_admin_name unless name
-    email = prompt_for_admin_email
-    password = prompt_for_admin_password
-  end
-  attributes = {
-    password: password,
-    password_confirmation: password,
-    email: email,
-    login: email
-  }
-  load 'spree/user.rb'
+puts "Creating admin user with:"
+puts "  - email: #{email}"
+puts "  - password: #{password}"
+puts "(please use the ADMIN_EMAIL and ADMIN_PASSWORD environment variables to control how the default admin user is created)"
-  if Spree::User.find_by(email: email)
-    puts "\nWARNING: There is already a user with the email: #{email}, so no account changes were made.  If you wish to create an additional admin user, please run rake spree_auth:admin:create again with a different email.\n\n"
-  else
-    admin = Spree::User.new(attributes)
-    if admin.save
-      role = Spree::Role.find_or_create_by(name: 'admin')
-      admin.spree_roles << role
-      admin.save
-      admin.generate_spree_api_key!
-      puts "Done!"
-    else
-      puts "There were some problems with persisting a new admin user:"
-      admin.errors.full_messages.each do |error|
-        puts error
-      end
-    end
-  end
+if Spree::User.find_by(email: email)
+  warn "WARNING: There is already a user with the email: #{email}, so no account changes were made."
+  return
 end
-if Spree::User.admin.empty?
-  create_admin_user
+admin = Spree::User.new(
+  password: password,
+  password_confirmation: password,
+  email: email,
+  login: email,
+)
+if admin.save
+  admin.spree_roles << admin_role
+  admin.save
+  admin.generate_spree_api_key!
 else
-  puts 'Admin user has already been created.'
-  puts 'Would you like to create a new admin user? (yes/no)'
-  if ["yes", "y"].include? STDIN.gets.strip.downcase
-    create_admin_user
-  else
-    puts 'No admin user created.'
-  end
+  warn "There were some problems while creating the admin user:"
+  warn(admin.errors.full_messages.map { |m| "- #{m}" })
+  warn "(attributes: #{admin.attributes.inspect})"
 end

data/lib/controllers/backend/spree/admin/user_sessions_controller.rb CHANGED Viewed

@@ -17,7 +17,7 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
       respond_to do |format|
         format.html {
           flash[:success] = I18n.t('spree.logged_in_succesfully')
-          redirect_to stored_spree_user_location_or(after_sign_in_path_for(spree_current_user))
+          redirect_back_or_default(after_sign_in_path_for(spree_current_user))
         }
         format.js {
           user = resource.record
@@ -47,4 +47,9 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
   def accurate_title
     I18n.t('spree.login')
   end
+  def redirect_back_or_default(default)
+    redirect_to(session["spree_user_return_to"] || default)
+    session["spree_user_return_to"] = nil
+  end
 end

data/lib/controllers/frontend/spree/user_sessions_controller.rb CHANGED Viewed

@@ -19,7 +19,7 @@ class Spree::UserSessionsController < Devise::SessionsController
       respond_to do |format|
         format.html do
           flash[:success] = I18n.t('spree.logged_in_succesfully')
-          redirect_to stored_spree_user_location_or(after_sign_in_path_for(spree_current_user))
+          redirect_back_or_default(after_sign_in_path_for(spree_current_user))
         end
         format.js { render success_json }
       end
@@ -49,6 +49,11 @@ class Spree::UserSessionsController < Devise::SessionsController
     I18n.t('spree.login')
   end
+  def redirect_back_or_default(default)
+    redirect_to(session["spree_user_return_to"] || default)
+    session["spree_user_return_to"] = nil
+  end
   def success_json
     {
       json: {

data/lib/controllers/frontend/spree/users_controller.rb CHANGED Viewed

@@ -17,7 +17,7 @@ class Spree::UsersController < Spree::StoreController
         session[:guest_token] = nil
       end
-      redirect_to stored_spree_user_location_or(root_url)
+      redirect_back_or_default(root_url)
     else
       render :new
     end

data/lib/decorators/frontend/controllers/spree/checkout_controller_decorator.rb CHANGED Viewed

@@ -45,6 +45,7 @@ module Spree
     def check_registration
       return unless registration_required?
+      store_location
       redirect_to spree.checkout_registration_path
     end

data/lib/generators/solidus/auth/install/install_generator.rb CHANGED Viewed

@@ -4,31 +4,38 @@ module Solidus
   module Auth
     module Generators
       class InstallGenerator < Rails::Generators::Base
-        class_option :auto_run_migrations, type: :boolean, default: false
-        class_option :skip_migrations, type: :boolean, default: false
+        class_option :auto_run_migrations, type: :boolean, desc: "Run migrations automatically"
+        class_option :skip_migrations, type: :boolean, desc: "Skip migrations"
-        def self.source_paths
-          paths = superclass.source_paths
-          paths << File.expand_path('templates', __dir__)
-          paths.flatten
-        end
+        class_option :interactive, type: :boolean, default: false, desc: "Enable interactive mode"
+        class_option :admin_email, type: :string
+        class_option :admin_password, type: :string
+        source_root "#{__dir__}/templates"
         def generate_devise_key
           template 'config/initializers/devise.rb', 'config/initializers/devise.rb', skip: true
         end
         def add_migrations
-          run 'bundle exec rake railties:install:migrations FROM=solidus_auth'
+          admin_email = options[:admin_email] || (options[:interactive] && ask("Email:", default: 'admin@example.com'))
+          admin_password = options[:admin_password] || (options[:interactive] && ask("Password:", default: 'test123'))
+          options = []
+          options << "ADMIN_EMAIL=#{admin_email}" if admin_email
+          options << "ADMIN_PASSWORD=#{admin_password}" if admin_password
+          rake "railties:install:migrations FROM=solidus_auth #{options.shelljoin}"
         end
         def run_migrations
-          return if options[:skip_migrations]
+          if options[:skip_migrations] ||
+            options[:auto_run_migrations] == false || # exclude nil
+            options[:interactive] && no?('Would you like to run the migrations now?')
-          run_migrations = options[:auto_run_migrations] || ['', 'y', 'Y'].include?(ask('Would you like to run the migrations now? [Y/n]'))
-          if run_migrations
-            run 'bundle exec rake db:migrate'
+            say_status :skip, 'Skipping rake db:migrate, don\'t forget to run it!', :yellow
           else
-            puts 'Skipping rake db:migrate, don\'t forget to run it!' # rubocop:disable Rails/Output
+            rake 'db:migrate'
           end
         end
       end

data/lib/generators/solidus_auth_devise/install/install_generator.rb CHANGED Viewed

@@ -1,8 +1,18 @@
 # frozen_string_literal: true
 require_relative '../../solidus/auth/install/install_generator'
 module SolidusAuthDevise
   module Generators
-    InstallGenerator = ::Solidus::Auth::Generators::InstallGenerator
+    class InstallGenerator < Rails::Generators::Base
+      # Copy over any class option from the legacy install generator
+      Solidus::Auth::Generators::InstallGenerator.class_options.each do |name, option|
+        class_options[name] ||= option.dup
+      end
+      def forward_to_spree_auth_install
+        generate 'solidus:auth:install', *ARGV
+      end
+    end
   end
 end

data/lib/solidus_auth_devise/engine.rb CHANGED Viewed

@@ -1,7 +1,3 @@
 # frozen_string_literal: true
 require 'spree/auth/engine'
-module SolidusAuthDevise
-  Engine = ::Spree::Auth::Engine
-end

data/lib/solidus_auth_devise/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module SolidusAuthDevise
-  VERSION = '2.5.5'
+  VERSION = '2.5.7'
 end

data/lib/spree/auth/engine.rb CHANGED Viewed

@@ -59,6 +59,7 @@ module Spree
               redirect_to spree.admin_unauthorized_path
             end
           else
+            store_location
             if Spree::Auth::Engine.redirect_back_on_unauthorized?
               redirect_back(fallback_location: spree.admin_login_path)
@@ -69,6 +70,7 @@ module Spree
         end
       end
       def self.prepare_frontend
         Spree::BaseController.unauthorized_redirect = -> do
           if spree_current_user
@@ -80,6 +82,7 @@ module Spree
               redirect_to spree.unauthorized_path
             end
           else
+            store_location
             if Spree::Auth::Engine.redirect_back_on_unauthorized?
               redirect_back(fallback_location: spree.login_path)
@@ -92,3 +95,5 @@ module Spree
     end
   end
 end
+SolidusAuthDevise::Engine = Spree::Auth::Engine

data/lib/spree/authentication_helpers.rb CHANGED Viewed

@@ -23,30 +23,5 @@ module Spree
                to: :spree,
                prefix: :spree
     end
-    private
-    def authenticate_spree_user!
-      store_spree_user_location! if storable_spree_user_location?
-      super
-    end
-    # It's important that the location is NOT stored if:
-    # - The request method is not GET (non idempotent)
-    # - The request is handled by a Devise controller such as Devise::SessionsController as that could cause an
-    #    infinite redirect loop.
-    # - The request is an Ajax request as this can lead to very unexpected behaviour.
-    def storable_spree_user_location?
-      request.get? && is_navigational_format? && !devise_controller? && !request.xhr?
-    end
-    def store_spree_user_location!
-      store_location_for(:spree_current_user, request.fullpath)
-    end
-    def stored_spree_user_location_or(fallback_location)
-      stored_location_for(:spree_current_user) || fallback_location
-    end
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_auth_devise
 version: !ruby/object:Gem::Version
-  version: 2.5.5
+  version: 2.5.7
 platform: ruby
 authors:
 - Solidus Team
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-09-19 00:00:00.000000000 Z
+date: 2022-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deface