solidus_auth_devise 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of solidus_auth_devise might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fdc058e59afb482f83388e1873d1a431adb0c82e
4
- data.tar.gz: c1b6defab1f7469a5eabf71e906b4afdb097fb87
3
+ metadata.gz: fb97d2596201f6b868061b6064d27ab4ea0df410
4
+ data.tar.gz: b05459072856d24460abed0bd7adc90a2d258113
5
5
  SHA512:
6
- metadata.gz: 342e347a661b1bb4237db893e2affc82b576f4ae0c93d5cdc2a03d4c80b3ee92be071a9ffea555f52b5b8dd7f54a6f4627e8b3e6600e0594795ed7cacc704364
7
- data.tar.gz: d35c102bbf92ffe67ba025c7f063c3aecd61e78ea41dc6d24190b5705c75b93508ca05e7f465dc1320a82083c8915cb3c82bed6124f14be8ed075204c86e5b80
6
+ metadata.gz: 636e4dd8e7aed3bd4309a8075c5b6831bdcf5063a406290ed8b46079cc31fd5305989b94d5ac5805264bc4147ca09786012cba274a102e45a36c19ad19bd3930
7
+ data.tar.gz: d109430fe560ecae80f6172192a0b8181cbcaa5f51770f56f67a6f81f6f024be0a2cf2e1d8d001d970d090a92f09779d79e486cadab4a9ebda6cc7fa9cbea9f5
data/Gemfile CHANGED
@@ -1,6 +1,6 @@
1
1
  source "https://rubygems.org"
2
2
 
3
- gem "solidus", github: "solidusio/solidus", branch: "master"
3
+ gem "solidus", git: "git@github.com:solidusio/solidus.git", branch: "master"
4
4
 
5
5
  group :development, :test do
6
6
  gem "pry-rails"
data/README.md CHANGED
@@ -35,14 +35,14 @@ Devise.setup do |config|
35
35
  end
36
36
  ```
37
37
 
38
- Using in an existing Rails application
39
- --------------------------------------
38
+ Using in an existing application
39
+ --------------------------------
40
40
 
41
- If you are installing Solidus inside of a host application in which you want your own permission setup, you can do this using solidus_auth_devise's `register_ability` method.
41
+ If you are installing Solidus inside of a host application in which you want your own permission setup, you can do this using the `register_ability` method.
42
42
 
43
43
  First create your own CanCan Ability class following the CanCan documentation.
44
44
 
45
- For example: app/models/super_abilities.rb
45
+ For example: `app/models/super_abilities.rb`
46
46
 
47
47
  ```ruby
48
48
  class SuperAbilities
@@ -63,15 +63,11 @@ Spree::Ability.register_ability(SuperAbilities)
63
63
 
64
64
  Inside of your host application you can then use CanCan like you normally would.
65
65
  ```erb
66
- <% if can? :show SomeRailsObject %>
66
+ <% if can? :stop Bullet %>
67
67
  ...
68
68
  <% end %>
69
69
  ```
70
70
 
71
- ### Adding Permissions to Gems
72
-
73
- This methodology can also be used by gems that extend spree and want/need to add permissions.
74
-
75
71
  Testing
76
72
  -------
77
73
 
data/circle.yml ADDED
@@ -0,0 +1,6 @@
1
+ machine:
2
+ ruby:
3
+ version: 2.1.5
4
+ test:
5
+ pre:
6
+ - bundle exec rake test_app
@@ -3,15 +3,12 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
3
3
 
4
4
  include Spree::Core::ControllerHelpers::Auth
5
5
  include Spree::Core::ControllerHelpers::Common
6
- include Spree::Core::ControllerHelpers::SSL
7
6
  include Spree::Core::ControllerHelpers::Store
8
7
 
9
8
  helper 'spree/admin/navigation'
10
9
  helper 'spree/admin/tables'
11
10
  layout 'spree/layouts/admin'
12
11
 
13
- ssl_required
14
-
15
12
  # Overridden due to bug in Devise.
16
13
  # respond_with resource, :location => new_session_path(resource_name)
17
14
  # is generating bad url /session/new.user
@@ -3,15 +3,12 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
3
3
 
4
4
  include Spree::Core::ControllerHelpers::Auth
5
5
  include Spree::Core::ControllerHelpers::Common
6
- include Spree::Core::ControllerHelpers::SSL
7
6
  include Spree::Core::ControllerHelpers::Store
8
7
 
9
8
  helper 'spree/admin/navigation'
10
9
  helper 'spree/admin/tables'
11
10
  layout 'spree/layouts/admin'
12
11
 
13
- ssl_required :new, :create, :destroy, :update
14
-
15
12
  def create
16
13
  authenticate_spree_user!
17
14
 
@@ -8,11 +8,8 @@ class Spree::UserConfirmationsController < Devise::ConfirmationsController
8
8
  include Spree::Core::ControllerHelpers::Auth
9
9
  include Spree::Core::ControllerHelpers::Common
10
10
  include Spree::Core::ControllerHelpers::Order
11
- include Spree::Core::ControllerHelpers::SSL
12
11
  include Spree::Core::ControllerHelpers::Store
13
12
 
14
- ssl_required
15
-
16
13
  protected
17
14
 
18
15
  def after_confirmation_path_for(resource_name, resource)
@@ -8,11 +8,8 @@ class Spree::UserPasswordsController < Devise::PasswordsController
8
8
  include Spree::Core::ControllerHelpers::Auth
9
9
  include Spree::Core::ControllerHelpers::Common
10
10
  include Spree::Core::ControllerHelpers::Order
11
- include Spree::Core::ControllerHelpers::SSL
12
11
  include Spree::Core::ControllerHelpers::Store
13
12
 
14
- ssl_required
15
-
16
13
  # Overridden due to bug in Devise.
17
14
  # respond_with resource, :location => new_session_path(resource_name)
18
15
  # is generating bad url /session/new.user
@@ -47,6 +44,10 @@ class Spree::UserPasswordsController < Devise::PasswordsController
47
44
 
48
45
  protected
49
46
 
47
+ def translation_scope
48
+ 'devise.user_passwords'
49
+ end
50
+
50
51
  def new_session_path(resource_name)
51
52
  spree.send("new_#{resource_name}_session_path")
52
53
  end
@@ -8,65 +8,38 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
8
8
  include Spree::Core::ControllerHelpers::Auth
9
9
  include Spree::Core::ControllerHelpers::Common
10
10
  include Spree::Core::ControllerHelpers::Order
11
- include Spree::Core::ControllerHelpers::SSL
12
11
  include Spree::Core::ControllerHelpers::Store
13
12
 
14
- ssl_required
15
13
  before_filter :check_permissions, :only => [:edit, :update]
16
14
  skip_before_filter :require_no_authentication
17
15
 
18
- # GET /resource/sign_up
19
- def new
20
- super
21
- @user = resource
22
- end
23
-
24
- # POST /resource/sign_up
25
16
  def create
26
- @user = build_resource(spree_user_params)
17
+ build_resource(spree_user_params)
27
18
  if resource.save
28
19
  set_flash_message(:notice, :signed_up)
29
- sign_in(:spree_user, @user)
20
+ sign_in(:spree_user, resource)
30
21
  session[:spree_user_signup] = true
31
22
  associate_user
32
23
  respond_with resource, location: after_sign_up_path_for(resource)
33
24
  else
34
25
  clean_up_passwords(resource)
35
- render :new
26
+ respond_with(resource) do |format|
27
+ format.html { render :new }
28
+ end
36
29
  end
37
30
  end
38
31
 
39
- # GET /resource/edit
40
- def edit
41
- super
42
- end
43
-
44
- # PUT /resource
45
- def update
46
- super
47
- end
48
-
49
- # DELETE /resource
50
- def destroy
51
- super
32
+ protected
33
+ def translation_scope
34
+ 'devise.user_registrations'
52
35
  end
53
36
 
54
- # GET /resource/cancel
55
- # Forces the session data which is usually expired after sign
56
- # in to be expired now. This is useful if the user wants to
57
- # cancel oauth signing in/up in the middle of the process,
58
- # removing all OAuth session data.
59
- def cancel
60
- super
37
+ def check_permissions
38
+ authorize!(:create, resource)
61
39
  end
62
40
 
63
- protected
64
- def check_permissions
65
- authorize!(:create, resource)
66
- end
67
-
68
41
  private
69
- def spree_user_params
70
- params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes)
71
- end
42
+ def spree_user_params
43
+ params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes)
44
+ end
72
45
  end
@@ -7,47 +7,57 @@ class Spree::UserSessionsController < Devise::SessionsController
7
7
  include Spree::Core::ControllerHelpers::Auth
8
8
  include Spree::Core::ControllerHelpers::Common
9
9
  include Spree::Core::ControllerHelpers::Order
10
- include Spree::Core::ControllerHelpers::SSL
11
10
  include Spree::Core::ControllerHelpers::Store
12
11
 
13
- ssl_required :new, :create, :destroy, :update
14
- ssl_allowed :login_bar
15
-
16
12
  def create
17
13
  authenticate_spree_user!
18
14
 
19
15
  if spree_user_signed_in?
20
16
  respond_to do |format|
21
- format.html {
17
+ format.html do
22
18
  flash[:success] = Spree.t(:logged_in_succesfully)
23
19
  redirect_back_or_default(after_sign_in_path_for(spree_current_user))
24
- }
25
- format.js {
26
- render :json => {:user => spree_current_user,
27
- :ship_address => spree_current_user.ship_address,
28
- :bill_address => spree_current_user.bill_address}.to_json
29
- }
20
+ end
21
+ format.js { render success_json }
30
22
  end
31
23
  else
32
24
  respond_to do |format|
33
- format.html {
25
+ format.html do
34
26
  flash.now[:error] = t('devise.failure.invalid')
35
27
  render :new
36
- }
37
- format.js {
38
- render :json => { error: t('devise.failure.invalid') }, status: :unprocessable_entity
39
- }
28
+ end
29
+ format.js do
30
+ render json: { error: t('devise.failure.invalid') },
31
+ status: :unprocessable_entity
32
+ end
40
33
  end
41
34
  end
42
35
  end
43
36
 
37
+ protected
38
+
39
+ def translation_scope
40
+ 'devise.user_sessions'
41
+ end
42
+
44
43
  private
45
- def accurate_title
46
- Spree.t(:login)
47
- end
48
44
 
49
- def redirect_back_or_default(default)
50
- redirect_to(session["spree_user_return_to"] || default)
51
- session["spree_user_return_to"] = nil
52
- end
45
+ def accurate_title
46
+ Spree.t(:login)
47
+ end
48
+
49
+ def redirect_back_or_default(default)
50
+ redirect_to(session["spree_user_return_to"] || default)
51
+ session["spree_user_return_to"] = nil
52
+ end
53
+
54
+ def success_json
55
+ {
56
+ json: {
57
+ user: spree_current_user,
58
+ ship_address: spree_current_user.ship_address,
59
+ bill_address: spree_current_user.bill_address
60
+ }.to_json
61
+ }
62
+ end
53
63
  end
@@ -1,5 +1,4 @@
1
1
  class Spree::UsersController < Spree::StoreController
2
- ssl_required
3
2
  skip_before_filter :set_current_order, :only => :show
4
3
  prepend_before_filter :load_object, :only => [:show, :edit, :update]
5
4
  prepend_before_filter :authorize_actions, :only => :new
@@ -25,9 +25,6 @@ module Spree
25
25
  end
26
26
 
27
27
  def self.activate
28
- Dir.glob(File.join(File.dirname(__FILE__), '../../app/**/*_decorator*.rb')) do |c|
29
- Rails.configuration.cache_classes ? require(c) : load(c)
30
- end
31
28
  if Spree::Auth::Engine.backend_available?
32
29
  Rails.application.config.assets.precompile += [
33
30
  'lib/assets/javascripts/spree/backend/solidus_auth.js',
@@ -1,12 +1,12 @@
1
1
  <% @body_id = 'signup' %>
2
2
 
3
- <%= render :partial => 'spree/shared/error_messages', :locals => { :target => @user } %>
3
+ <%= render 'spree/shared/error_messages', target: resource %>
4
4
 
5
5
  <div id="new-customer">
6
6
  <h6><%= Spree.t(:new_customer) %></h6>
7
7
 
8
8
  <div data-hook="signup">
9
- <%= form_for resource, :as => :spree_user, :url => spree.registration_path(@user) do |f| %>
9
+ <%= form_for resource, :as => :spree_user, :url => spree.registration_path(resource) do |f| %>
10
10
  <div data-hook="signup_inside_form">
11
11
  <%= render :partial => 'spree/shared/user_form', :locals => { :f => f } %>
12
12
  <p><%= f.submit Spree.t(:create), :class => 'button primary' %></p>
@@ -3,7 +3,7 @@
3
3
  Gem::Specification.new do |s|
4
4
  s.platform = Gem::Platform::RUBY
5
5
  s.name = "solidus_auth_devise"
6
- s.version = "1.0.0"
6
+ s.version = "1.1.0"
7
7
  s.summary = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
8
8
  s.description = s.summary
9
9
 
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
21
21
  solidus_version = [">= 1.0.0.pre", "< 2"]
22
22
 
23
23
  s.add_dependency "solidus_core", solidus_version
24
- s.add_dependency "devise", "~> 3.2.3"
24
+ s.add_dependency "devise", '~> 3.5.1'
25
25
  s.add_dependency "devise-encryptable", "0.1.2"
26
26
 
27
27
  s.add_dependency "json"
@@ -3,11 +3,66 @@ RSpec.describe Spree::UserRegistrationsController, type: :controller do
3
3
  before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
4
4
 
5
5
  context '#create' do
6
- before { allow(controller).to receive(:after_sign_up_path_for).and_return(spree.root_path(thing: 7)) }
6
+ before do
7
+ allow(controller).to receive(:after_sign_up_path_for) do
8
+ spree.root_path(thing: 7)
9
+ end
10
+ end
11
+
12
+ let(:password_confirmation) { 'foobar123' }
13
+
14
+ subject do
15
+ spree_post(:create,
16
+ spree_user: {
17
+ email: 'foobar@example.com',
18
+ password: 'foobar123',
19
+ password_confirmation: password_confirmation
20
+ })
21
+ end
22
+
23
+ context 'when user created successfuly' do
24
+ it 'saves the user' do
25
+ expect { subject }.to change { Spree::User.count }.from(0).to(1)
26
+ end
27
+
28
+ it 'sets flash message' do
29
+ subject
30
+ expect(flash[:notice]).to eq('Welcome! You have signed up successfully.')
31
+ end
32
+
33
+ it 'signs in user' do
34
+ expect(controller.warden).to receive(:set_user)
35
+ subject
36
+ end
37
+
38
+ it 'sets spree_user_signup session' do
39
+ subject
40
+ expect(session[:spree_user_signup]).to be true
41
+ end
42
+
43
+ it 'tries to associate user with current_order' do
44
+ expect(controller).to receive(:associate_user)
45
+ subject
46
+ end
47
+
48
+ it 'redirects to after_sign_up path' do
49
+ subject
50
+ expect(response).to redirect_to spree.root_path(thing: 7)
51
+ end
52
+ end
53
+
54
+ context 'when user not valid' do
55
+ let(:password_confirmation) { 'foobard123' }
56
+
57
+ it 'resets password fields' do
58
+ expect(controller).to receive(:clean_up_passwords)
59
+ subject
60
+ end
7
61
 
8
- it 'redirects to after_sign_up_path_for' do
9
- spree_post :create, { spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' } }
10
- expect(response).to redirect_to spree.root_path(thing: 7)
62
+ it 'renders new view' do
63
+ subject
64
+ expect(:response).to render_template(:new)
65
+ end
11
66
  end
12
67
  end
13
68
  end
@@ -1,32 +1,46 @@
1
1
  RSpec.describe Spree::UserSessionsController, type: :controller do
2
-
3
2
  let(:user) { create(:user) }
4
3
 
5
4
  before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
6
5
 
7
6
  context "#create" do
8
- context "using correct login information" do
7
+ let(:format) { :html }
8
+ let(:password) { 'secret' }
9
+
10
+ subject do
11
+ spree_post(:create,
12
+ spree_user: {
13
+ email: user.email,
14
+ password: password
15
+ },
16
+ format: format)
17
+ end
18
+
19
+ context "when using correct login information" do
9
20
  it 'properly assigns orders user from guest_token' do
10
21
  order1 = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
11
22
  order2 = create(:order, guest_token: 'ABC', user_id: 200)
12
23
  request.cookie_jar.signed[:guest_token] = 'ABC'
13
- spree_post :create, spree_user: { email: user.email, password: 'secret' }
24
+
25
+ subject
14
26
 
15
27
  expect(order1.reload.user_id).to eq user.id
16
28
  expect(order1.reload.created_by_id).to eq user.id
17
29
  expect(order2.reload.user_id).to eq 200
18
30
  end
19
31
 
20
- context "and html format is used" do
32
+ context "when html format is requested" do
21
33
  it "redirects to default after signing in" do
22
- spree_post :create, spree_user: { email: user.email, password: 'secret' }
34
+ subject
23
35
  expect(response).to redirect_to spree.root_path
24
36
  end
25
37
  end
26
38
 
27
- context "and js format is used" do
39
+ context "when js format is requested" do
40
+ let(:format) { :js }
41
+
28
42
  it "returns a json with ship and bill address" do
29
- spree_post :create, spree_user: { email: user.email, password: 'secret' }, format: 'js'
43
+ subject
30
44
  parsed = ActiveSupport::JSON.decode(response.body)
31
45
  expect(parsed).to have_key("user")
32
46
  expect(parsed).to have_key("ship_address")
@@ -35,18 +49,21 @@ RSpec.describe Spree::UserSessionsController, type: :controller do
35
49
  end
36
50
  end
37
51
 
38
- context "using incorrect login information" do
39
- context "and html format is used" do
52
+ context "when using incorrect login information" do
53
+ let(:password) { 'wrong' }
54
+
55
+ context "when html format is requested" do
40
56
  it "renders new template again with errors" do
41
- spree_post :create, spree_user: { email: user.email, password: 'wrong' }
42
- expect(response).to render_template('new')
57
+ subject
58
+ expect(response).to render_template(:new)
43
59
  expect(flash[:error]).to eq I18n.t(:'devise.failure.invalid')
44
60
  end
45
61
  end
46
62
 
47
- context "and js format is used" do
48
- it "returns a json with the error" do
49
- spree_post :create, spree_user: { email: user.email, password: 'wrong' }, format: 'js'
63
+ context "when js format is requested" do
64
+ let(:format) { :js }
65
+ it "returns json with the error" do
66
+ subject
50
67
  parsed = ActiveSupport::JSON.decode(response.body)
51
68
  expect(parsed).to have_key("error")
52
69
  end
@@ -11,6 +11,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
11
11
 
12
12
  given!(:zone) { create(:zone) }
13
13
  given!(:address) { create(:address, state: state, country: country) }
14
+ given!(:payment_method){ create :check_payment_method }
14
15
 
15
16
  background do
16
17
  @product = create(:product, name: 'RoR Mug')
@@ -23,12 +24,6 @@ RSpec.feature 'Checkout', :js, type: :feature do
23
24
  end
24
25
 
25
26
  context 'without payment being required' do
26
- background do
27
- # So that we don't have to setup payment methods just for the sake of it
28
- allow_any_instance_of(Spree::Order).to receive(:has_available_payment).and_return(true)
29
- allow_any_instance_of(Spree::Order).to receive(:payment_required?).and_return(false)
30
- end
31
-
32
27
  scenario 'allow a visitor to checkout as guest, without registration' do
33
28
  Spree::Auth::Config.set(registration_step: true)
34
29
  click_link 'RoR Mug'
@@ -52,6 +47,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
52
47
  select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
53
48
  check 'order_use_billing'
54
49
 
50
+ click_button 'Save and Continue'
55
51
  click_button 'Save and Continue'
56
52
  click_button 'Save and Continue'
57
53
  click_button 'Place Order'
@@ -83,6 +79,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
83
79
  select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
84
80
  check 'order_use_billing'
85
81
 
82
+ click_button 'Save and Continue'
86
83
  click_button 'Save and Continue'
87
84
  click_button 'Save and Continue'
88
85
  click_button 'Place Order'
@@ -154,6 +151,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
154
151
  select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
155
152
  check 'order_use_billing'
156
153
 
154
+ click_button 'Save and Continue'
157
155
  click_button 'Save and Continue'
158
156
  click_button 'Save and Continue'
159
157
  click_button 'Place Order'
@@ -8,7 +8,7 @@ RSpec.describe Spree::User, type: :model do
8
8
  end
9
9
 
10
10
  it 'generates the reset password token' do
11
- user = build(:user)
11
+ user = create(:user)
12
12
  expect(Spree::UserMailer).to receive(:reset_password_instructions).with(user, anything, {}).and_return(double(deliver: true))
13
13
  user.send_reset_password_instructions
14
14
  expect(user.reset_password_token).not_to be_nil
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_auth_devise
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-05-26 00:00:00.000000000 Z
11
+ date: 2015-06-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: solidus_core
@@ -36,14 +36,14 @@ dependencies:
36
36
  requirements:
37
37
  - - "~>"
38
38
  - !ruby/object:Gem::Version
39
- version: 3.2.3
39
+ version: 3.5.1
40
40
  type: :runtime
41
41
  prerelease: false
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
44
  - - "~>"
45
45
  - !ruby/object:Gem::Version
46
- version: 3.2.3
46
+ version: 3.5.1
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: devise-encryptable
49
49
  requirement: !ruby/object:Gem::Requirement
@@ -280,13 +280,13 @@ files:
280
280
  - LICENSE.md
281
281
  - README.md
282
282
  - Rakefile
283
- - app/controllers/metal_decorator.rb
284
283
  - app/mailers/spree/user_mailer.rb
285
284
  - app/models/spree/auth_configuration.rb
286
285
  - app/models/spree/user.rb
287
286
  - app/overrides/auth_shared_login_bar.rb
288
287
  - app/overrides/spree/admin/shared/_header/auth_admin_login_navigation_bar.html.erb.deface
289
288
  - bin/rails
289
+ - circle.yml
290
290
  - config/initializers/devise.rb
291
291
  - config/initializers/warden.rb
292
292
  - config/locales/de.yml
@@ -1,6 +0,0 @@
1
- # For the API
2
- ActionController::Metal.class_eval do
3
- def spree_current_user
4
- @spree_current_user ||= env['warden'].user
5
- end
6
- end