solidus_auth_devise 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fdc058e59afb482f83388e1873d1a431adb0c82e
+  data.tar.gz: c1b6defab1f7469a5eabf71e906b4afdb097fb87
+SHA512:
+  metadata.gz: 342e347a661b1bb4237db893e2affc82b576f4ae0c93d5cdc2a03d4c80b3ee92be071a9ffea555f52b5b8dd7f54a6f4627e8b3e6600e0594795ed7cacc704364
+  data.tar.gz: d35c102bbf92ffe67ba025c7f063c3aecd61e78ea41dc6d24190b5705c75b93508ca05e7f465dc1320a82083c8915cb3c82bed6124f14be8ed075204c86e5b80

data/.gitignore

@@ -0,0 +1,9 @@
+spec/dummy
+.sass-cache
+coverage
+Gemfile.lock
+*.swp
+.rvmrc
+.ruby-gemsets
+.ruby-version
+.bundle

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,11 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.1.3
+env:
+  - DB=mysql
+  - DB=postgres
+before_script:
+  - bundle exec rake test_app
+  - export DISPLAY=:99.0
+  - sh -e /etc/init.d/xvfb start

data/Gemfile

@@ -0,0 +1,9 @@
+source "https://rubygems.org"
+
+gem "solidus", github: "solidusio/solidus", branch: "master"
+
+group :development, :test do
+  gem "pry-rails"
+end
+
+gemspec

data/LICENSE.md

@@ -0,0 +1,26 @@
+Copyright (c) 2014, Spree Commerce, Inc. and other contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Spree nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,88 @@
+Solidus Auth (Devise)
+=====================
+
+Provides authentication services for Solidus, using the Devise gem.
+
+Installation
+------------
+
+Just add this line to your `Gemfile`:
+```ruby
+gem "solidus_auth_devise"
+```
+
+Then run `bundle install`.
+
+### Confirmable
+
+To enable Devise's Confirmable module, which will send the user an email with a link to confirm their account, you must do the following:
+
+* Add this line to an initializer in your Rails project (typically `config/initializers/spree.rb`):
+```ruby
+Spree::Auth::Config[:confirmable] = true
+```
+
+* Add a Devise initializer to your Rails project (typically `config/initializers/devise.rb`):
+```ruby
+Devise.setup do |config|
+  # Required so users don't lose their carts when they need to confirm.
+  config.allow_unconfirmed_access_for = 1.days
+
+  # Fixes the bug where Confirmation errors result in a broken page.
+  config.router_name = :spree
+
+  # Add any other devise configurations here, as they will override the defaults provided by solidus_auth_devise.
+end
+```
+
+Using in an existing Rails application
+--------------------------------------
+
+If you are installing Solidus inside of a host application in which you want your own permission setup, you can do this using solidus_auth_devise's `register_ability` method.
+
+First create your own CanCan Ability class following the CanCan documentation.
+
+For example: app/models/super_abilities.rb
+
+```ruby
+class SuperAbilities
+  include CanCan::Ability
+
+  def initialize user
+    if user.is? "Superman"
+      can :stop, Bullet
+    end
+  end
+end
+```
+
+Then register your class in your spree initializer: config/initializers/spree.rb
+```ruby
+Spree::Ability.register_ability(SuperAbilities)
+```
+
+Inside of your host application you can then use CanCan like you normally would.
+```erb
+<% if can? :show SomeRailsObject %>
+  ...
+<% end %>
+```
+
+### Adding Permissions to Gems
+
+This methodology can also be used by gems that extend spree and want/need to add permissions.
+
+Testing
+-------
+
+Until Solidus is publicly available, the easiest way to satisfy the Solidus dependancy is with a local Bundler override:
+
+```shell
+bundle config local.spree /path/to/local/solidus/repository
+```
+
+Then just run the following to automatically build a dummy app if necessary and run the tests:
+
+```shell
+bundle exec rake
+```

data/Rakefile

@@ -0,0 +1,21 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core/rake_task'
+require 'spree/testing_support/common_rake'
+
+RSpec::Core::RakeTask.new
+
+task :default do
+  if Dir["spec/dummy"].empty?
+    Rake::Task[:test_app].invoke
+    Dir.chdir("../../")
+  end
+  Rake::Task[:spec].invoke
+end
+
+desc 'Generates a dummy app for testing'
+task :test_app do
+  ENV['LIB_NAME'] = 'solidus/auth'
+  Rake::Task['common:test_app'].invoke("Spree::User")
+end

data/app/controllers/metal_decorator.rb

@@ -0,0 +1,6 @@
+# For the API
+ActionController::Metal.class_eval do
+  def spree_current_user
+    @spree_current_user ||= env['warden'].user
+  end
+end

data/app/mailers/spree/user_mailer.rb

@@ -0,0 +1,15 @@
+module Spree
+  class UserMailer < BaseMailer
+    def reset_password_instructions(user, token, *args)
+      @edit_password_reset_url = spree.edit_spree_user_password_url(:reset_password_token => token, :host => Spree::Store.current.url)
+
+      mail to: user.email, from: from_address, subject: Spree::Store.current.name + ' ' + I18n.t(:subject, :scope => [:devise, :mailer, :reset_password_instructions])
+    end
+
+    def confirmation_instructions(user, token, opts={})
+      @confirmation_url = spree.spree_user_confirmation_url(:confirmation_token => token, :host => Spree::Store.current.url)
+
+      mail to: user.email, from: from_address, subject: Spree::Store.current.name + ' ' + I18n.t(:subject, :scope => [:devise, :mailer, :confirmation_instructions])
+    end
+  end
+end

data/app/models/spree/auth_configuration.rb

@@ -0,0 +1,7 @@
+module Spree
+  class AuthConfiguration < Preferences::Configuration
+    preference :registration_step, :boolean, :default => true
+    preference :signout_after_password_change, :boolean, :default => true
+    preference :confirmable, :boolean, :default => false
+  end
+end

data/app/models/spree/user.rb

@@ -0,0 +1,50 @@
+module Spree
+  class User < ActiveRecord::Base
+    include UserAddress
+    include UserPaymentSource
+
+    devise :database_authenticatable, :registerable, :recoverable,
+           :rememberable, :trackable, :validatable, :encryptable, :encryptor => 'authlogic_sha512'
+    devise :confirmable if Spree::Auth::Config[:confirmable]
+
+    acts_as_paranoid
+    after_destroy :scramble_email_and_password
+
+    has_many :orders
+
+    before_validation :set_login
+
+    users_table_name = User.table_name
+    roles_table_name = Role.table_name
+
+    scope :admin, -> { includes(:spree_roles).where("#{roles_table_name}.name" => "admin") }
+
+    def self.admin_created?
+      User.admin.count > 0
+    end
+
+    def admin?
+      has_spree_role?('admin')
+    end
+
+    protected
+      def password_required?
+        !persisted? || password.present? || password_confirmation.present?
+      end
+
+    private
+
+      def set_login
+        # for now force login to be same as email, eventually we will make this configurable, etc.
+        self.login ||= self.email if self.email
+      end
+
+      def scramble_email_and_password
+        self.email = SecureRandom.uuid + "@example.net"
+        self.login = self.email
+        self.password = SecureRandom.hex(8)
+        self.password_confirmation = self.password
+        self.save
+      end
+  end
+end

data/app/overrides/auth_shared_login_bar.rb

@@ -0,0 +1,7 @@
+Deface::Override.new(:virtual_path => "spree/shared/_nav_bar",
+                     :name => "auth_shared_login_bar",
+                     :insert_before => "li#search-bar",
+                     :partial => "spree/shared/login_bar",
+                     :disabled => false, 
+                     :original => 'eb3fa668cd98b6a1c75c36420ef1b238a1fc55ac')
+

data/app/overrides/spree/admin/shared/_header/auth_admin_login_navigation_bar.html.erb.deface

@@ -0,0 +1,4 @@
+<!-- insert_top "[data-hook='admin_login_navigation_bar'], #admin_login_navigation_bar[data-hook]"
+     original '841227d0aedf7909d62237d8778df99100087715' -->
+
+<%= render partial: "spree/layouts/admin/login_nav" %>

data/bin/rails

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+
+ENGINE_ROOT = File.expand_path('../..', __FILE__)
+ENGINE_PATH = File.expand_path('../../lib/spree/auth/engine', __FILE__)
+
+require 'rails/all'
+require 'rails/engine/commands'

data/config/initializers/devise.rb

@@ -0,0 +1,137 @@
+# Use this hook to configure devise mailer, warden hooks and so forth. The first
+# four configuration values can also be set straight in your models.
+Devise.setup do |config|
+  # ==> Mailer Configuration
+  # Configure the e-mail address which will be shown in DeviseMailer.
+  config.mailer_sender = 'please-change-me@config-initializers-devise.com'
+
+  # Configure the class responsible to send e-mails.
+  config.mailer = 'Spree::UserMailer'
+
+  # ==> ORM configuration
+  # Load and configure the ORM. Supports :active_record (default) and
+  # :mongoid (bson_ext recommended) by default. Other ORMs may be
+  # available as additional gems.
+  require 'devise/orm/active_record'
+
+  # ==> Configuration for any authentication mechanism
+  # Configure which keys are used when authenticating an user. By default is
+  # just :email. You can configure it to use [:username, :subdomain], so for
+  # authenticating an user, both parameters are required. Remember that those
+  # parameters are used only when authenticating and not when retrieving from
+  # session. If you need permissions, you should implement that in a before filter.
+  # config.authentication_keys = [ :email ]
+
+  # Tell if authentication through request.params is enabled. True by default.
+  # config.params_authenticatable = true
+
+  # Tell if authentication through HTTP Basic Auth is enabled. False by default.
+  config.http_authenticatable = true
+
+  # Set this to true to use Basic Auth for AJAX requests.  True by default.
+  #config.http_authenticatable_on_xhr = false
+
+  # The realm used in Http Basic Authentication
+  config.http_authentication_realm = 'Spree Application'
+
+  # ==> Configuration for :database_authenticatable
+  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+  # using other encryptors, it sets how many times you want the password re-encrypted.
+  config.stretches = 20
+
+  # Setup a pepper to generate the encrypted password.
+  config.pepper = Rails.configuration.secret_token
+
+  # ==> Configuration for :confirmable
+  # The time you want to give your user to confirm his account. During this time
+  # he will be able to access your application without confirming. Default is nil.
+  # When confirm_within is zero, the user won't be able to sign in without confirming.
+  # You can use this to let your user access some features of your application
+  # without confirming the account, but blocking it after a certain period
+  # (ie 2 days).
+  # config.confirm_within = 2.days
+
+  # ==> Configuration for :rememberable
+  # The time the user will be remembered without asking for credentials again.
+  # config.remember_for = 2.weeks
+
+  # If true, a valid remember token can be re-used between multiple browsers.
+  # config.remember_across_browsers = true
+
+  # If true, extends the user's remember period when remembered via cookie.
+  # config.extend_remember_period = false
+
+  # ==> Configuration for :validatable
+  # Range for password length
+  # config.password_length = 6..20
+
+  # ==> Configuration for :timeoutable
+  # The time you want to timeout the user session without activity. After this
+  # time the user will be asked for credentials again.
+  # config.timeout_in = 10.minutes
+
+  # ==> Configuration for :lockable
+  # Defines which strategy will be used to lock an account.
+  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+  # :none            = No lock strategy. You should handle locking by yourself.
+  # config.lock_strategy = :failed_attempts
+
+  # Defines which strategy will be used to unlock an account.
+  # :email = Sends an unlock link to the user email
+  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
+  # :both  = Enables both strategies
+  # :none  = No unlock strategy. You should handle unlocking by yourself.
+  # config.unlock_strategy = :both
+
+  # Number of authentication tries before locking an account if lock_strategy
+  # is failed attempts.
+  # config.maximum_attempts = 20
+
+  # Time interval to unlock the account if :time is enabled as unlock_strategy.
+  # config.unlock_in = 1.hour
+
+  # ==> Scopes configuration
+  # Turn scoped views on. Before rendering 'sessions/new', it will first check for
+  # 'users/sessions/new'. It's turned off by default because it's slower if you
+  # are using only default views.
+  # config.scoped_views = true
+
+  # Configure the default scope given to Warden. By default it's the first
+  # devise role declared in your routes.
+  # config.default_scope = :user
+
+  # Configure sign_out behavior.
+  # By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
+  # In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
+  # config.sign_out_all_scopes = false
+
+  # ==> Navigation configuration
+  # Lists the formats that should be treated as navigational. Formats like
+  # :html, should redirect to the sign in page when the user does not have
+  # access, but formats like :xml or :json, should return 401.
+  # If you have any extra navigational formats, like :iphone or :mobile, you
+  # should add them to the navigational formats lists. Default is [:html]
+  config.navigational_formats = [:html, :json, :xml]
+
+  # ==> Warden configuration
+  # If you want to use other strategies, that are not (yet) supported by Devise,
+  # you can configure them inside the config.warden block. The example below
+  # allows you to setup OAuth, using http://github.com/roman/warden_oauth
+  #
+  # config.warden do |manager|
+  #   manager.oauth(:twitter) do |twitter|
+  #     twitter.consumer_secret = <YOUR CONSUMER SECRET>
+  #     twitter.consumer_key  = <YOUR CONSUMER KEY>
+  #     twitter.options :site => 'http://twitter.com'
+  #   end
+  #   manager.default_strategies(:scope => :user).unshift :twitter_oauth
+  # end
+  #
+  # Time interval you can reset your password with a reset password key.
+  # Don't put a too small interval or your users won't have the time to
+  # change their passwords.
+  config.reset_password_within = 6.hours
+  config.sign_out_via = :get
+
+  config.case_insensitive_keys = [:email]
+end

data/config/initializers/warden.rb

@@ -0,0 +1,14 @@
+# Merges users orders to their account after sign in and sign up.
+Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
+  if auth.cookies.signed[:guest_token].present?
+    if user.is_a?(Spree::User)
+      Spree::Order.where(guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
+        order.associate_user!(user)
+      end
+    end
+  end
+end
+
+Warden::Manager.before_logout do |user, auth, opts|
+  auth.cookies.delete :guest_token
+end