solidus_auth_devise 2.5.9 → 2.6.0

data/spec/controllers/spree/checkout_controller_spec.rb

@@ -1,192 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe Spree::CheckoutController, type: :controller do
-  let(:order) { create(:order_with_line_items, email: nil, user: nil, guest_token: token) }
-  let(:user)  { build(:user, spree_api_key: 'fake') }
-  let(:token) { 'some_token' }
-  let(:cookie_token) { token }
-
-  before do
-    request.cookie_jar.signed[:guest_token] = cookie_token
-    allow(controller).to receive(:current_order) { order }
-    allow(order).to receive(:confirmation_required?) { true }
-  end
-
-  context '#edit' do
-    context 'when registration step enabled' do
-      context 'when authenticated as registered user' do
-        before { allow(controller).to receive(:spree_current_user) { user } }
-
-        it 'proceeds to the first checkout step' do
-          get :edit, params: { state: 'address' }
-          expect(response).to render_template :edit
-        end
-      end
-
-      context 'when not authenticated as guest' do
-        it 'redirects to registration step' do
-          get :edit, params: { state: 'address' }
-          expect(response).to redirect_to spree.checkout_registration_path
-        end
-      end
-
-      context 'when authenticated as guest' do
-        before { order.email = 'guest@solidus.io' }
-
-        it 'proceeds to the first checkout step' do
-          get :edit, params: { state: 'address' }
-          expect(response).to render_template :edit
-        end
-
-        context 'when guest checkout not allowed' do
-          before do
-            stub_spree_preferences(allow_guest_checkout: false)
-          end
-
-          it 'redirects to registration step' do
-            get :edit, params: { state: 'address' }
-            expect(response).to redirect_to spree.checkout_registration_path
-          end
-        end
-      end
-    end
-
-    context 'when registration step disabled' do
-      before do
-        stub_spree_preferences(Spree::Auth::Config, registration_step: false)
-      end
-
-      context 'when authenticated as registered' do
-        before { allow(controller).to receive(:spree_current_user) { user } }
-
-        it 'proceeds to the first checkout step' do
-          get :edit, params: { state: 'address' }
-          expect(response).to render_template :edit
-        end
-      end
-
-      context 'when authenticated as guest' do
-        it 'proceeds to the first checkout step' do
-          get :edit, params: { state: 'address' }
-          expect(response).to render_template :edit
-        end
-      end
-    end
-  end
-
-  context '#update' do
-    context 'when in the confirm state' do
-      before do
-        order.update(email: 'spree@example.com', state: 'confirm')
-
-        # So that the order can transition to complete successfully
-        allow(order).to receive(:payment_required?) { false }
-      end
-
-      context 'with a token' do
-        before { allow(order).to receive(:guest_token) { 'ABC' } }
-
-        it 'redirects to the tokenized order view' do
-          request.cookie_jar.signed[:guest_token] = 'ABC'
-          post :update, params: { state: 'confirm' }
-          expect(response).to redirect_to spree.token_order_path(order, 'ABC')
-          expect(flash.notice).to eq I18n.t('spree.order_processed_successfully')
-        end
-      end
-
-      context 'with a registered user' do
-        before do
-          allow(controller).to receive(:spree_current_user) { user }
-          allow(order).to receive(:user) { user }
-          allow(order).to receive(:guest_token) { nil }
-        end
-
-        it 'redirects to the standard order view' do
-          post :update, params: { state: 'confirm' }
-          expect(response).to redirect_to spree.order_path(order)
-        end
-      end
-    end
-  end
-
-  context '#registration' do
-    it 'does not check registration' do
-      expect(controller).not_to receive(:check_registration)
-      get :registration
-    end
-
-    it 'checks if the user is authorized for :edit' do
-      expect(controller).to receive(:authorize!).with(:edit, order, token)
-      request.cookie_jar.signed[:guest_token] = token
-      get :registration, params: {}
-    end
-  end
-
-  context '#update_registration' do
-    subject { put :update_registration, params: { order: { email: email } } }
-    let(:email) { 'foo@example.com' }
-
-    it 'does not check registration' do
-      expect(controller).not_to receive(:check_registration)
-      subject
-    end
-
-    it 'redirects to the checkout_path after saving' do
-      subject
-      expect(response).to redirect_to spree.checkout_path
-    end
-
-    # Regression test for https://github.com/solidusio/solidus/issues/1588
-    context 'order in address state' do
-      let(:order) do
-        create(
-          :order_with_line_items,
-          email: nil,
-          user: nil,
-          guest_token: token,
-          bill_address: nil,
-          ship_address: nil,
-          state: 'address'
-        )
-      end
-
-      # This may seem out of left field, but previously there was an issue
-      # where address would be built in a before filter and then would be saved
-      # when trying to update the email.
-      it "doesn't create addresses" do
-        expect {
-          subject
-        }.not_to change { Spree::Address.count }
-        expect(response).to redirect_to spree.checkout_path
-      end
-    end
-
-    context 'invalid email' do
-      let(:email) { 'invalid' }
-
-      it 'renders the registration view' do
-        subject
-        expect(flash[:registration_error]).to eq I18n.t(:email_is_invalid, scope: [:errors, :messages])
-        expect(response).to render_template :registration
-      end
-    end
-
-    context 'with wrong order token' do
-      let(:cookie_token) { 'lol_no_access' }
-
-      it 'redirects to login' do
-        put :update_registration, params: { order: { email: 'foo@example.com' } }
-        expect(response).to redirect_to(login_path)
-      end
-    end
-
-    context 'without order token' do
-      let(:cookie_token) { nil }
-
-      it 'redirects to login' do
-        put :update_registration, params: { order: { email: 'foo@example.com' } }
-        expect(response).to redirect_to(login_path)
-      end
-    end
-  end
-end

data/spec/controllers/spree/products_controller_spec.rb

@@ -1,24 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe Spree::ProductsController, type: :controller do
-  let!(:product) { create(:product, available_on: 1.year.from_now) }
-  let!(:user)    { build(:user, spree_api_key: 'fake') }
-
-  it 'allows admins to view non-active products' do
-    allow(controller).to receive(:before_save_new_order)
-    allow(controller).to receive(:spree_current_user) { user }
-    allow(user).to receive(:has_spree_role?) { true }
-    get :show, params: { id: product.to_param }
-    expect(response.status).to eq(200)
-  end
-
-  it 'cannot view non-active products' do
-    allow(controller).to receive(:before_save_new_order)
-    allow(controller).to receive(:spree_current_user) { user }
-    allow(user).to receive(:has_spree_role?) { false }
-
-    expect {
-      get :show, params: { id: product.to_param }
-    }.to raise_error(ActiveRecord::RecordNotFound)
-  end
-end

data/spec/controllers/spree/user_passwords_controller_spec.rb

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe Spree::UserPasswordsController, type: :controller do
-  let(:token) { 'some_token' }
-
-  before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
-
-  describe 'GET edit' do
-    context 'when the user token has not been specified' do
-      it 'redirects to the new session path' do
-        get :edit
-        expect(response).to redirect_to(
-          'http://test.host/user/spree_user/sign_in'
-        )
-      end
-
-      it 'flashes an error' do
-        get :edit
-        expect(flash[:alert]).to include(
-          "You can't access this page without coming from a password reset " \
-          'email'
-        )
-      end
-    end
-
-    context 'when the user token has been specified' do
-      it 'does something' do
-        get :edit, params: { reset_password_token: token }
-        expect(response.code).to eq('200')
-      end
-    end
-  end
-
-  context '#update' do
-    context 'when updating password with blank password' do
-      it 'shows error flash message, sets spree_user with token and re-displays password edit form' do
-        put :update, params: { spree_user: { password: '', password_confirmation: '', reset_password_token: token } }
-        expect(assigns(:spree_user).is_a?(Spree::User)).to eq true
-        expect(assigns(:spree_user).reset_password_token).to eq token
-        expect(flash[:error]).to eq I18n.t(:cannot_be_blank, scope: [:devise, :user_passwords, :spree_user])
-        expect(response).to render_template :edit
-      end
-    end
-  end
-end

data/spec/controllers/spree/user_registrations_controller_spec.rb

@@ -1,97 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe Spree::UserRegistrationsController, type: :controller do
-  before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
-
-  context '#create' do
-    before do
-      allow(controller).to receive(:after_sign_up_path_for) do
-        spree.root_path(thing: 7)
-      end
-    end
-
-    let(:password_confirmation) { 'foobar123' }
-
-    subject do
-      post(:create,
-        params: {
-          spree_user: {
-            email: 'foobar@example.com',
-            password: 'foobar123',
-            password_confirmation: password_confirmation
-          }
-        }
-      )
-    end
-
-    context 'when user created successfuly' do
-      it 'saves the user' do
-        expect { subject }.to change { Spree::User.count }.from(0).to(1)
-      end
-
-      it 'sets flash message' do
-        subject
-        expect(flash[:notice]).to eq('Welcome! You have signed up successfully.')
-      end
-
-      it 'signs in user' do
-        expect(controller.warden).to receive(:set_user)
-        subject
-      end
-
-      it 'sets spree_user_signup session' do
-        subject
-        expect(session[:spree_user_signup]).to be true
-      end
-
-      it 'redirects to after_sign_up path' do
-        subject
-        expect(response).to redirect_to spree.root_path(thing: 7)
-      end
-
-      context 'with a guest token present' do
-        before do
-          request.cookie_jar.signed[:guest_token] = 'ABC'
-        end
-
-        it 'assigns orders with the correct token and no user present' do
-          order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
-          subject
-          user = Spree::User.find_by(email: 'foobar@example.com')
-
-          order.reload
-          expect(order.user_id).to eq user.id
-          expect(order.created_by_id).to eq user.id
-        end
-
-        it 'does not assign orders with an existing user' do
-          order = create(:order, guest_token: 'ABC', user_id: 200)
-          subject
-
-          expect(order.reload.user_id).to eq 200
-        end
-
-        it 'does not assign orders with a different token' do
-          order = create(:order, guest_token: 'DEF', user_id: nil, created_by_id: nil)
-          subject
-
-          expect(order.reload.user_id).to be_nil
-        end
-      end
-    end
-
-    context 'when user not valid' do
-      let(:password_confirmation) { 'foobard123' }
-
-      it 'resets password fields' do
-        expect(controller).to receive(:clean_up_passwords)
-        subject
-      end
-
-      it 'renders new view' do
-        subject
-        expect(:response).to render_template(:new)
-      end
-    end
-  end
-end

data/spec/controllers/spree/user_sessions_controller_spec.rb

@@ -1,125 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe Spree::UserSessionsController, type: :controller do
-  let(:user) { create(:user) }
-
-  before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] } # rubocop:disable RSpec/InstanceVariable
-
-  context "#create" do
-    let(:format) { :html }
-    let(:password) { 'secret' }
-
-    subject do
-      post(:create, params: {
-        spree_user: {
-          email: user.email,
-          password: password
-        },
-        format: format
-      })
-    end
-
-    context "when using correct login information" do
-      context 'with a guest token present' do
-        before do
-          request.cookie_jar.signed[:guest_token] = 'ABC'
-        end
-
-        it 'assigns orders with the correct token and no user present' do
-          order = create(:order, email: user.email, guest_token: 'ABC', user_id: nil, created_by_id: nil)
-          subject
-
-          order.reload
-          expect(order.user_id).to eq user.id
-          expect(order.created_by_id).to eq user.id
-        end
-
-        it 'assigns orders with the correct token and no user or email present' do
-          order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
-          subject
-
-          order.reload
-          expect(order.user_id).to eq user.id
-          expect(order.created_by_id).to eq user.id
-        end
-
-        it 'does not assign completed orders' do
-          order = create(:order, email: user.email, guest_token: 'ABC',
-                         user_id: nil, created_by_id: nil,
-                         completed_at: 1.minute.ago)
-          subject
-
-          order.reload
-          expect(order.user_id).to be_nil
-          expect(order.created_by_id).to be_nil
-        end
-
-        it 'does not assign orders with an existing user' do
-          order = create(:order, guest_token: 'ABC', user_id: 200)
-          subject
-
-          expect(order.reload.user_id).to eq 200
-        end
-
-        it 'does not assign orders with a different token' do
-          order = create(:order, guest_token: 'DEF', user_id: nil, created_by_id: nil)
-          subject
-
-          expect(order.reload.user_id).to be_nil
-        end
-      end
-
-      context "when html format is requested" do
-        it "redirects to default after signing in" do
-          subject
-          expect(response).to redirect_to spree.root_path
-        end
-      end
-
-      context "when js format is requested" do
-        let(:format) { :js }
-
-        it "returns a json with ship and bill address" do
-          subject
-          parsed = ActiveSupport::JSON.decode(response.body)
-          expect(parsed).to have_key("user")
-          expect(parsed).to have_key("ship_address")
-          expect(parsed).to have_key("bill_address")
-        end
-      end
-    end
-
-    context "when using incorrect login information" do
-      let(:password) { 'wrong' }
-
-      context "when html format is requested" do
-        it "renders new template again with errors" do
-          subject
-          expect(response).to render_template(:new)
-          expect(flash[:error]).to eq I18n.t(:'devise.failure.invalid')
-        end
-      end
-
-      context "when js format is requested" do
-        let(:format) { :js }
-        it "returns json with the error" do
-          subject
-          parsed = ActiveSupport::JSON.decode(response.body)
-          expect(parsed).to have_key("error")
-        end
-      end
-    end
-  end
-
-  context "#destroy" do
-    subject do
-      delete(:destroy)
-    end
-
-    it "redirects to default after signing out" do
-      subject
-      expect(controller.spree_current_user).to be_nil
-      expect(response).to redirect_to spree.root_path
-    end
-  end
-end

data/spec/controllers/spree/users_controller_spec.rb

@@ -1,79 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe Spree::UsersController, type: :controller do
-  let(:admin_user) { create(:user) }
-  let(:user) { create(:user) }
-  let(:role) { create(:role) }
-
-  context '#load_object' do
-    it 'redirects to signup path if user is not found' do
-      put :update, params: { user: { email: 'foobar@example.com' } }
-      expect(response).to redirect_to spree.login_path
-    end
-  end
-
-  context '#create' do
-    it 'creates a new user' do
-      post :create, params: { user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' } }
-      expect(assigns[:user].new_record?).to be false
-    end
-  end
-
-  context '#update' do
-    before { sign_in(user) }
-
-    context 'when updating own account' do
-      context 'when user updated successfuly' do
-        before { put :update, params: { user: { email: 'mynew@email-address.com' } } }
-
-        it 'saves user' do
-          expect(assigns[:user].email).to eq 'mynew@email-address.com'
-        end
-
-        it 'updates spree_current_user' do
-          expect(subject.spree_current_user.email).to eq 'mynew@email-address.com'
-        end
-
-        it 'redirects to account url' do
-          expect(response).to redirect_to spree.account_url(only_path: true)
-        end
-      end
-
-      context 'when user not valid' do
-        before { put :update, params: { user: { email: '' } } }
-
-        it 'does not affect spree_current_user' do
-          expect(subject.spree_current_user.email).to eq user.email
-        end
-      end
-
-      context 'when updating password' do
-        before do
-          stub_spree_preferences(Spree::Auth::Config, signout_after_password_change: signout_after_change)
-          put :update, params: { user: { password: 'foobar123', password_confirmation: 'foobar123' } }
-        end
-
-        context 'when signout after password change is enabled' do
-          let(:signout_after_change) { true }
-
-          it 'redirects to login url' do
-            expect(response).to redirect_to spree.login_url(only_path: true)
-          end
-        end
-
-        context 'when signout after password change is disabled' do
-          let(:signout_after_change) { false }
-
-          it 'redirects to account url' do
-            expect(response).to redirect_to spree.account_url(only_path: true)
-          end
-        end
-      end
-    end
-
-    it 'does not update roles' do
-      put :update, params: { user: { spree_role_ids: [role.id] } }
-      expect(assigns[:user].spree_roles).to_not include role
-    end
-  end
-end

data/spec/factories/confirmed_user.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-FactoryBot.define do
-  factory :confirmed_user, parent: :user do
-    confirmed_at { Time.zone.now }
-    confirmation_sent_at { Time.zone.now }
-    confirmation_token { "12345" }
-  end
-end

data/spec/features/account_spec.rb

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Accounts', type: :feature do
-  context 'editing' do
-    scenario 'can edit an admin user' do
-      user = create(:admin_user, email: 'admin@person.com', password: 'password', password_confirmation: 'password')
-      visit spree.login_path
-
-      fill_in 'Email', with: user.email
-      fill_in 'Password', with: user.password
-      click_button 'Login'
-
-      click_link 'My Account'
-      expect(page).to have_text 'admin@person.com'
-    end
-
-    scenario 'can edit a new user' do
-      stub_spree_preferences(Spree::Auth::Config, signout_after_password_change: false)
-      visit spree.signup_path
-
-      fill_in 'Email', with: 'email@person.com'
-      fill_in 'Password', with: 'password'
-      fill_in 'Password Confirmation', with: 'password'
-      click_button 'Create'
-
-      click_link 'My Account'
-      expect(page).to have_text 'email@person.com'
-      click_link 'Edit'
-
-      fill_in 'Password', with: 'foobar'
-      fill_in 'Password Confirmation', with: 'foobar'
-      click_button 'Update'
-
-      expect(page).to have_text 'email@person.com'
-      expect(page).to have_text 'Account updated'
-    end
-
-    scenario 'can edit an existing user account' do
-      stub_spree_preferences(Spree::Auth::Config ,signout_after_password_change: false)
-      user = create(:user, email: 'email@person.com', password: 'secret', password_confirmation: 'secret')
-      visit spree.login_path
-
-      fill_in 'Email', with: user.email
-      fill_in 'Password', with: user.password
-      click_button 'Login'
-
-      click_link 'My Account'
-      expect(page).to have_text 'email@person.com'
-      click_link 'Edit'
-
-      fill_in 'Password', with: 'foobar'
-      fill_in 'Password Confirmation', with: 'foobar'
-      click_button 'Update'
-
-      expect(page).to have_text 'email@person.com'
-      expect(page).to have_text 'Account updated'
-    end
-  end
-end