solidus_auth_devise 2.5.9 → 2.6.0

data/spec/features/admin/password_reset_spec.rb

@@ -1,80 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Admin - Reset Password', type: :feature do
-  let!(:store) { create(:store) }
-
-  background do
-    ActionMailer::Base.default_url_options[:host] = 'http://example.com'
-  end
-
-  context 'when an account with this email address exists' do
-    let!(:user) { create(:user, email: 'foobar@example.com', password: 'secret', password_confirmation: 'secret') }
-
-    scenario 'allows a user to supply an email for the password reset' do
-      visit spree.admin_login_path
-      click_link 'Forgot Password?'
-      fill_in_email
-      click_button 'Reset my password'
-      expect(page).to have_text 'you will receive an email with instructions'
-    end
-  end
-
-  # Revealing that an admin email address is not found allows an attacker to
-  # find admin account email addresses by trying email addresses until this
-  # error is not shown.
-  scenario 'does not reveal email addresses if they are not found' do
-    visit spree.admin_login_path
-    click_link 'Forgot Password?'
-    fill_in_email
-    click_button 'Reset my password'
-    expect(page).to_not have_text "Email not found"
-    expect(page).to have_text 'you will receive an email with instructions'
-  end
-
-  def fill_in_email
-    fill_in 'Email', with: 'foobar@example.com'
-  end
-
-  context 'password management' do
-    let!(:admin) do
-      create(:admin_user,
-        email: 'admin@example.com',
-        password: 'secret',
-        password_confirmation: 'secret'
-      )
-    end
-
-    let!(:user) do
-      create(:user,
-        email: 'user@example.com',
-        password: 'test123',
-        password_confirmation: 'test123'
-      )
-    end
-
-    before do
-      visit spree.admin_login_path
-      fill_in 'Email', with: admin.email
-      fill_in 'Password', with: admin.password
-      click_button 'Login'
-      visit spree.admin_users_path
-    end
-
-    context 'if currently logged-in admin' do
-      context "clicks on an user's page" do
-        it 'can reset its password' do
-          within("#spree_user_#{user.id}") do
-            click_link user.email
-          end
-
-          click_button 'Reset password'
-          expect(page).to have_content(
-            'If an account with that email address exists, '\
-            'you will receive an email with instructions about '\
-            'how to reset your password in a few minutes.'
-          )
-        end
-      end
-    end
-  end
-end

data/spec/features/admin/products_spec.rb

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Admin products', type: :feature do
-  context 'as anonymous user' do
-    # Regression test for #1250
-    scenario 'redirects to login page when attempting to access product listing' do
-      expect { visit spree.admin_products_path }.not_to raise_error
-    end
-  end
-end

data/spec/features/admin/sign_in_spec.rb

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Admin - Sign In', type: :feature do
-  background do
-    @user = create(:admin_user, email: 'email@person.com')
-    visit spree.admin_login_path
-  end
-
-  scenario 'asks user to sign in' do
-    visit spree.admin_path
-    expect(page).not_to have_text 'Authorization Failure'
-  end
-
-  scenario 'lets a user sign in successfully' do
-    fill_in 'Email', with: @user.email
-    fill_in 'Password', with: 'secret'
-    click_button 'Login'
-
-    expect(page).to have_text 'Logged in successfully'
-    expect(page).not_to have_text 'Login'
-    expect(page).to have_text 'Logout'
-    expect(current_path).to eq '/admin/orders'
-  end
-
-  scenario 'shows validation erros' do
-    fill_in 'Email', with: @user.email
-    fill_in 'Password', with: 'wrong_password'
-    click_button 'Login'
-
-    expect(page).to have_text 'Invalid email or password'
-    expect(page).to have_text 'Login'
-  end
-
-  scenario 'allows a user to access a restricted page after logging in' do
-    user = create(:admin_user, email: 'admin@person.com')
-    visit spree.admin_path
-
-    fill_in 'Email', with: user.email
-    fill_in 'Password', with: 'secret'
-    click_button 'Login'
-
-    expect(page).to have_text 'admin@person.com'
-    expect(current_path).to eq '/admin/orders'
-  end
-end

data/spec/features/admin/sign_out_spec.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Admin - Sign Out', type: :feature, js: true do
-  given!(:user) do
-   create :user, email: 'email@person.com'
-  end
-
-  background do
-    visit spree.admin_login_path
-    fill_in 'Email', with: user.email
-    fill_in 'Password', with: 'secret'
-    # Regression test for #1257
-    check 'Remember me'
-    click_button 'Login'
-  end
-
-  scenario 'allows a signed in user to logout' do
-    click_logout_link
-    visit spree.admin_login_path
-    expect(page).to have_text 'Login'
-    expect(page).not_to have_text 'Logout'
-  end
-
-  def click_logout_link
-    new_version? ? logout_new_version : logout_old_version
-  end
-
-  def new_version?
-    Gem::Requirement.new('>= 4.2').satisfied_by?(Spree.solidus_gem_version)
-  end
-
-  def logout_new_version
-    find('details div', text: user.email, wait: 10).click
-    within('details') do
-      click_link 'Logout'
-    end
-  end
-
-  def logout_old_version
-    click_link 'Logout'
-  end
-end

data/spec/features/admin_permissions_spec.rb

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Admin Permissions', type: :feature do
-  context 'orders' do
-    background do
-      user = create(:admin_user, email: 'admin@person.com', password: 'password', password_confirmation: 'password')
-      Spree::Ability.register_ability(AbilityDecorator)
-      visit spree.login_path
-
-      fill_in 'Email', with: user.email
-      fill_in 'Password', with: user.password
-      click_button 'Login'
-    end
-
-    context 'admin is restricted from accessing orders' do
-      scenario 'can not list orders' do
-        visit spree.admin_orders_path
-        expect(page).to have_text 'Authorization Failure'
-      end
-
-      scenario 'can not edit orders' do
-        create(:order, number: 'R123')
-        visit spree.edit_admin_order_path('R123')
-        expect(page).to have_text 'Authorization Failure'
-      end
-
-      scenario 'can not new orders' do
-        visit spree.new_admin_order_path
-        expect(page).to have_text 'Authorization Failure'
-      end
-    end
-
-    context "admin is restricted from accessing an order's customer details" do
-      given(:order) { create(:order_with_totals) }
-
-      scenario 'can not list customer details for an order' do
-        visit spree.admin_order_customer_path(order)
-        expect(page).to have_text 'Authorization Failure'
-      end
-
-      scenario "can not edit an order's customer details" do
-        visit spree.edit_admin_order_customer_path(order)
-        expect(page).to have_text 'Authorization Failure'
-      end
-    end
-  end
-end

data/spec/features/change_email_spec.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Change email', type: :feature do
-  background do
-    stub_spree_preferences(Spree::Auth::Config, signout_after_password_change: false)
-
-    user = create(:user)
-    visit spree.root_path
-    click_link 'Login'
-
-    fill_in 'spree_user[email]', with: user.email
-    fill_in 'spree_user[password]', with: 'secret'
-    click_button 'Login'
-
-    visit spree.edit_account_path
-  end
-
-  scenario 'work with correct password' do
-    fill_in 'user_email', with: 'tests@example.com'
-    fill_in 'user_password', with: 'password'
-    fill_in 'user_password_confirmation', with: 'password'
-    click_button 'Update'
-
-    expect(page).to have_text 'Account updated'
-    expect(page).to have_text 'tests@example.com'
-  end
-end

data/spec/features/checkout_spec.rb

@@ -1,158 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Checkout', :js, type: :feature do
-  given!(:store) { create(:store) }
-  given!(:country) { create(:country, name: 'United States', states_required: true) }
-  given!(:state)   { create(:state, name: 'Maryland', country: country) }
-  given!(:shipping_method) do
-    shipping_method = create(:shipping_method)
-    calculator = Spree::Calculator::Shipping::PerItem.create!(calculable: shipping_method, preferred_amount: 10)
-    shipping_method.calculator = calculator
-    shipping_method.tap(&:save)
-  end
-
-  given!(:zone)    { create(:zone) }
-  given!(:address) { create(:address, state: state, country: country) }
-  given!(:payment_method){ create :check_payment_method }
-
-  background do
-    @product = create(:product, name: 'RoR Mug')
-    @product.master.stock_items.first.set_count_on_hand(1)
-
-    # Bypass gateway error on checkout | ..or stub a gateway
-    stub_spree_preferences(allow_checkout_on_gateway_error: true)
-
-    visit spree.root_path
-  end
-
-  # Regression test for https://github.com/solidusio/solidus/issues/1588
-  scenario 'leaving and returning to address step' do
-    stub_spree_preferences(Spree::Auth::Config, registration_step: true)
-    click_link 'RoR Mug'
-    click_button 'Add To Cart'
-    within('h1') { expect(page).to have_text 'Shopping Cart' }
-    click_button 'Checkout'
-
-    within '#guest_checkout' do
-      fill_in 'Email', with: 'test@example.com'
-    end
-    click_on 'Continue'
-
-    click_on 'Cart'
-
-    click_on 'Checkout'
-
-    expect(page).to have_content "Billing Address"
-  end
-
-  context 'without payment being required' do
-    scenario 'allow a visitor to checkout as guest, without registration' do
-      click_link 'RoR Mug'
-      click_button 'Add To Cart'
-      within('h1') { expect(page).to have_text 'Shopping Cart' }
-      click_button 'Checkout'
-
-      expect(page).to have_content(/Checkout as a Guest/i)
-
-      within('#guest_checkout') { fill_in 'Email', with: 'spree@test.com' }
-      click_button 'Continue'
-
-      expect(page).to have_text(/Billing Address/i)
-      expect(page).to have_text(/Shipping Address/i)
-
-      fill_addresses_fields_with(address)
-      click_button 'Save and Continue'
-
-      click_button 'Save and Continue'
-      click_button 'Save and Continue'
-      click_button 'Place Order'
-
-      expect(page).to have_text 'Your order has been processed successfully'
-    end
-
-    scenario 'associate an uncompleted guest order with user after logging in' do
-      user = create(:user, email: 'email@person.com', password: 'password', password_confirmation: 'password')
-      click_link 'RoR Mug'
-      click_button 'Add To Cart'
-
-      visit spree.login_path
-      fill_in 'Email', with: user.email
-      fill_in 'Password', with: user.password
-      click_button 'Login'
-      click_link 'Cart'
-
-      expect(page).to have_text 'RoR Mug'
-      within('h1') { expect(page).to have_text 'Shopping Cart' }
-
-      click_button 'Checkout'
-
-      fill_addresses_fields_with(address)
-      click_button 'Save and Continue'
-
-      click_button 'Save and Continue'
-      click_button 'Save and Continue'
-      click_button 'Place Order'
-
-      expect(page).to have_text 'Your order has been processed successfully'
-      expect(Spree::Order.first.user).to eq user
-    end
-
-    # Regression test for #890
-    scenario 'associate an incomplete guest order with user after successful password reset' do
-      create(:user, email: 'email@person.com', password: 'password', password_confirmation: 'password')
-      click_link 'RoR Mug'
-      click_button 'Add To Cart'
-
-      visit spree.login_path
-      click_link 'Forgot Password?'
-      fill_in 'spree_user_email', with: 'email@person.com'
-      click_button 'Reset my password'
-
-      # Need to do this now because the token stored in the DB is the encrypted version
-      # The 'plain-text' version is sent in the email and there's one way to get that!
-      reset_password_email = ActionMailer::Base.deliveries.first
-      token_url_regex = /\/user\/spree_user\/password\/edit\?reset_password_token=(.*)$/
-      token = token_url_regex.match(reset_password_email.body.to_s)[1]
-
-      visit spree.edit_spree_user_password_path(reset_password_token: token)
-      fill_in 'Password', with: 'password'
-      fill_in 'Password Confirmation', with: 'password'
-      click_button 'Update'
-
-      click_link 'Cart'
-      click_button 'Checkout'
-
-      fill_addresses_fields_with(address)
-      click_button 'Save and Continue'
-
-      expect(page).not_to have_text 'Email is invalid'
-    end
-
-    scenario 'allow a user to register during checkout' do
-      click_link 'RoR Mug'
-      click_button 'Add To Cart'
-      click_button 'Checkout'
-
-      expect(page).to have_text 'Registration'
-
-      click_link 'Create a new account'
-
-      fill_in 'Email', with: 'email@person.com'
-      fill_in 'Password', with: 'spree123'
-      fill_in 'Password Confirmation', with: 'spree123'
-      click_button 'Create'
-
-      expect(page).to have_text 'You have signed up successfully.'
-
-      fill_addresses_fields_with(address)
-      click_button 'Save and Continue'
-
-      click_button 'Save and Continue'
-      click_button 'Save and Continue'
-      click_button 'Place Order'
-
-      expect(page).to have_text 'Your order has been processed successfully'
-      expect(Spree::Order.first.user).to eq Spree::User.find_by(email: 'email@person.com')
-    end
-  end
-end

data/spec/features/confirmation_spec.rb

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.feature 'Confirmation' do
-  before do
-    allow(Spree::UserMailer).to receive(:confirmation_instructions)
-      .and_return(double(deliver: true))
-  end
-
-  let!(:store) { create(:store) }
-
-  background do
-    ActionMailer::Base.default_url_options[:host] = 'http://example.com'
-  end
-
-  scenario 'create a new user', js: true, confirmable: false do
-    visit spree.signup_path
-
-    fill_in 'Email', with: 'email@person.com'
-    fill_in 'Password', with: 'password'
-    fill_in 'Password Confirmation', with: 'password'
-    click_button 'Create'
-
-    expect(page).to have_text 'You have signed up successfully.'
-    expect(Spree::User.last.confirmed?).to be(false)
-  end
-end

data/spec/features/order_spec.rb

@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Orders', :js, type: :feature do
-  scenario 'allow a user to view their cart at any time' do
-    visit spree.cart_path
-    expect(page).to have_text 'Your cart is empty'
-  end
-
-  # regression test for spree/spree#1687
-  scenario 'merge incomplete orders from different sessions' do
-    create(:store)
-    create(:product, name: 'RoR Mug')
-    create(:product, name: 'RoR Shirt')
-
-    user = create(:user, email: 'email@person.com', password: 'password', password_confirmation: 'password')
-
-    using_session('first') do
-      visit spree.root_path
-
-      click_link 'RoR Mug'
-      click_button 'Add To Cart'
-
-      visit spree.login_path
-      fill_in 'Email', with: user.email
-      fill_in 'Password', with: user.password
-      click_button 'Login'
-
-      click_link 'Cart'
-      expect(page).to have_text 'RoR Mug'
-    end
-
-    using_session('second') do
-      visit spree.root_path
-
-      click_link 'RoR Shirt'
-      click_button 'Add To Cart'
-
-      visit spree.login_path
-      fill_in 'Email', with: user.email
-      fill_in 'Password', with: user.password
-      click_button 'Login'
-
-      # Order should have been merged with first session
-      click_link 'Cart'
-      expect(page).to have_text 'RoR Mug'
-      expect(page).to have_text 'RoR Shirt'
-    end
-
-    using_session('first') do
-      visit spree.root_path
-
-      click_link 'Cart'
-
-      # Order should have been merged with second session
-      expect(page).to have_text 'RoR Mug'
-      expect(page).to have_text 'RoR Shirt'
-    end
-  end
-end

data/spec/features/password_reset_spec.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Reset Password', type: :feature do
-  let!(:store) { create(:store) }
-
-  background do
-    ActionMailer::Base.default_url_options[:host] = 'http://example.com'
-  end
-
-  context 'when an account with this email address exists' do
-    let!(:user) { create(:user, email: 'foobar@example.com', password: 'secret', password_confirmation: 'secret') }
-
-    scenario 'allows a user to supply an email for the password reset' do
-      visit spree.login_path
-      click_link 'Forgot Password?'
-      fill_in_email
-      click_button 'Reset my password'
-      expect(page).to have_text 'you will receive an email with instructions'
-    end
-  end
-
-  # Test that we are extending the functionality from
-  # https://github.com/solidusio/solidus_auth_devise/pull/155
-  # to the non-admin login
-  scenario 'does not reveal email addresses if they are not found' do
-    visit spree.login_path
-    click_link 'Forgot Password?'
-    fill_in_email
-    click_button 'Reset my password'
-    expect(page).to_not have_text "Email not found"
-    expect(page).to have_text 'you will receive an email with instructions'
-  end
-
-  def fill_in_email
-    fill_in 'Email', with: 'foobar@example.com'
-  end
-end

data/spec/features/sign_in_spec.rb

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Sign In', type: :feature do
-  background do
-    @user = create(:user, email: 'email@person.com', password: 'secret', password_confirmation: 'secret')
-    visit spree.login_path
-  end
-
-  scenario 'ask user to sign in' do
-    visit spree.admin_path
-    expect(page).not_to have_text 'Authorization Failure'
-  end
-
-  scenario 'let a user sign in successfully' do
-    fill_in 'Email', with: @user.email
-    fill_in 'Password', with: @user.password
-    click_button 'Login'
-
-    expect(page).to have_text 'Logged in successfully'
-    expect(page).not_to have_text 'Login'
-    expect(page).to have_text 'Logout'
-    expect(current_path).to eq '/'
-  end
-
-  scenario 'show validation erros' do
-    fill_in 'Email', with: @user.email
-    fill_in 'Password', with: 'wrong_password'
-    click_button 'Login'
-
-    expect(page).to have_text 'Invalid email or password'
-    expect(page).to have_text 'Login'
-  end
-
-  scenario 'allow a user to access a restricted page after logging in' do
-    user = create(:admin_user, email: 'admin@person.com', password: 'password', password_confirmation: 'password')
-    visit spree.admin_path
-
-    fill_in 'Email', with: user.email
-    fill_in 'Password', with: user.password
-    click_button 'Login'
-
-    expect(page).to have_text 'admin@person.com'
-    expect(current_path).to eq '/admin/orders'
-  end
-
-  it "should store the user previous location" do
-    visit spree.account_path
-    fill_in "Email", with: @user.email
-    fill_in "Password", with: @user.password
-    click_button "Login"
-    expect(current_path).to eq "/account"
-  end
-end

data/spec/features/sign_out_spec.rb

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Sign Out', type: :feature, js: true do
-  given!(:user) do
-   create(:user,
-          email: 'email@person.com',
-          password: 'secret',
-          password_confirmation: 'secret')
-  end
-
-  background do
-    visit spree.login_path
-    fill_in 'Email', with: user.email
-    fill_in 'Password', with: user.password
-    # Regression test for #1257
-    check 'Remember me'
-    click_button 'Login'
-  end
-
-  scenario 'allow a signed in user to logout' do
-    click_link 'Logout'
-    visit spree.root_path
-    expect(page).to have_text 'LOGIN'
-    expect(page).not_to have_text 'LOGOUT'
-  end
-end

data/spec/features/sign_up_spec.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.feature 'Sign Up', type: :feature do
-  context 'with valid data' do
-    scenario 'create a new user' do
-      visit spree.signup_path
-
-      fill_in 'Email', with: 'email@person.com'
-      fill_in 'Password', with: 'password'
-      fill_in 'Password Confirmation', with: 'password'
-      click_button 'Create'
-
-      expect(page).to have_text 'You have signed up successfully.'
-      expect(Spree::User.count).to eq(1)
-    end
-  end
-
-  context 'with invalid data' do
-    scenario 'does not create a new user' do
-      visit spree.signup_path
-
-      fill_in 'Email', with: 'email@person.com'
-      fill_in 'Password', with: 'password'
-      fill_in 'Password Confirmation', with: ''
-      click_button 'Create'
-
-      expect(page).to have_css '#errorExplanation'
-      expect(Spree::User.count).to eq(0)
-    end
-  end
-end