solidus_auth_devise 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fdc058e59afb482f83388e1873d1a431adb0c82e
-  data.tar.gz: c1b6defab1f7469a5eabf71e906b4afdb097fb87
+  metadata.gz: fb97d2596201f6b868061b6064d27ab4ea0df410
+  data.tar.gz: b05459072856d24460abed0bd7adc90a2d258113
 SHA512:
-  metadata.gz: 342e347a661b1bb4237db893e2affc82b576f4ae0c93d5cdc2a03d4c80b3ee92be071a9ffea555f52b5b8dd7f54a6f4627e8b3e6600e0594795ed7cacc704364
-  data.tar.gz: d35c102bbf92ffe67ba025c7f063c3aecd61e78ea41dc6d24190b5705c75b93508ca05e7f465dc1320a82083c8915cb3c82bed6124f14be8ed075204c86e5b80
+  metadata.gz: 636e4dd8e7aed3bd4309a8075c5b6831bdcf5063a406290ed8b46079cc31fd5305989b94d5ac5805264bc4147ca09786012cba274a102e45a36c19ad19bd3930
+  data.tar.gz: d109430fe560ecae80f6172192a0b8181cbcaa5f51770f56f67a6f81f6f024be0a2cf2e1d8d001d970d090a92f09779d79e486cadab4a9ebda6cc7fa9cbea9f5

data/Gemfile

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-gem "solidus", github: "solidusio/solidus", branch: "master"
+gem "solidus", git: "git@github.com:solidusio/solidus.git", branch: "master"
 
 group :development, :test do
   gem "pry-rails"

data/README.md

@@ -35,14 +35,14 @@ Devise.setup do |config|
 end
 ```
 
-Using in an existing Rails application
---------------------------------------
+Using in an existing application
+--------------------------------
 
-If you are installing Solidus inside of a host application in which you want your own permission setup, you can do this using solidus_auth_devise's `register_ability` method.
+If you are installing Solidus inside of a host application in which you want your own permission setup, you can do this using the `register_ability` method.
 
 First create your own CanCan Ability class following the CanCan documentation.
 
-For example: app/models/super_abilities.rb
+For example: `app/models/super_abilities.rb`
 
 ```ruby
 class SuperAbilities
@@ -63,15 +63,11 @@ Spree::Ability.register_ability(SuperAbilities)
 
 Inside of your host application you can then use CanCan like you normally would.
 ```erb
-<% if can? :show SomeRailsObject %>
+<% if can? :stop Bullet %>
   ...
 <% end %>
 ```
 
-### Adding Permissions to Gems
-
-This methodology can also be used by gems that extend spree and want/need to add permissions.
-
 Testing
 -------
 

data/circle.yml

@@ -0,0 +1,6 @@
+machine:
+  ruby:
+    version: 2.1.5
+test:
+  pre:
+    - bundle exec rake test_app

data/lib/controllers/backend/spree/admin/user_passwords_controller.rb

@@ -3,15 +3,12 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
 
   include Spree::Core::ControllerHelpers::Auth
   include Spree::Core::ControllerHelpers::Common
-  include Spree::Core::ControllerHelpers::SSL
   include Spree::Core::ControllerHelpers::Store
 
   helper 'spree/admin/navigation'
   helper 'spree/admin/tables'
   layout 'spree/layouts/admin'
 
-  ssl_required
-
   # Overridden due to bug in Devise.
   #   respond_with resource, :location => new_session_path(resource_name)
   # is generating bad url /session/new.user

data/lib/controllers/backend/spree/admin/user_sessions_controller.rb

@@ -3,15 +3,12 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
 
   include Spree::Core::ControllerHelpers::Auth
   include Spree::Core::ControllerHelpers::Common
-  include Spree::Core::ControllerHelpers::SSL
   include Spree::Core::ControllerHelpers::Store
 
   helper 'spree/admin/navigation'
   helper 'spree/admin/tables'
   layout 'spree/layouts/admin'
 
-  ssl_required :new, :create, :destroy, :update
-
   def create
     authenticate_spree_user!
 

data/lib/controllers/frontend/spree/user_confirmations_controller.rb

@@ -8,11 +8,8 @@ class Spree::UserConfirmationsController < Devise::ConfirmationsController
   include Spree::Core::ControllerHelpers::Auth
   include Spree::Core::ControllerHelpers::Common
   include Spree::Core::ControllerHelpers::Order
-  include Spree::Core::ControllerHelpers::SSL
   include Spree::Core::ControllerHelpers::Store
 
-  ssl_required
-
   protected
 
   def after_confirmation_path_for(resource_name, resource)

data/lib/controllers/frontend/spree/user_passwords_controller.rb

@@ -8,11 +8,8 @@ class Spree::UserPasswordsController < Devise::PasswordsController
   include Spree::Core::ControllerHelpers::Auth
   include Spree::Core::ControllerHelpers::Common
   include Spree::Core::ControllerHelpers::Order
-  include Spree::Core::ControllerHelpers::SSL
   include Spree::Core::ControllerHelpers::Store
 
-  ssl_required
-
   # Overridden due to bug in Devise.
   #   respond_with resource, :location => new_session_path(resource_name)
   # is generating bad url /session/new.user
@@ -47,6 +44,10 @@ class Spree::UserPasswordsController < Devise::PasswordsController
 
   protected
 
+  def translation_scope
+    'devise.user_passwords'
+  end
+
   def new_session_path(resource_name)
     spree.send("new_#{resource_name}_session_path")
   end

data/lib/controllers/frontend/spree/user_registrations_controller.rb

@@ -8,65 +8,38 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
   include Spree::Core::ControllerHelpers::Auth
   include Spree::Core::ControllerHelpers::Common
   include Spree::Core::ControllerHelpers::Order
-  include Spree::Core::ControllerHelpers::SSL
   include Spree::Core::ControllerHelpers::Store
 
-  ssl_required
   before_filter :check_permissions, :only => [:edit, :update]
   skip_before_filter :require_no_authentication
 
-  # GET /resource/sign_up
-  def new
-    super
-    @user = resource
-  end
-
-  # POST /resource/sign_up
   def create
-    @user = build_resource(spree_user_params)
+    build_resource(spree_user_params)
     if resource.save
       set_flash_message(:notice, :signed_up)
-      sign_in(:spree_user, @user)
+      sign_in(:spree_user, resource)
       session[:spree_user_signup] = true
       associate_user
       respond_with resource, location: after_sign_up_path_for(resource)
     else
       clean_up_passwords(resource)
-      render :new
+      respond_with(resource) do |format|
+        format.html { render :new }
+      end
     end
   end
 
-  # GET /resource/edit
-  def edit
-    super
-  end
-
-  # PUT /resource
-  def update
-    super
-  end
-
-  # DELETE /resource
-  def destroy
-    super
+  protected
+  def translation_scope
+    'devise.user_registrations'
   end
 
-  # GET /resource/cancel
-  # Forces the session data which is usually expired after sign
-  # in to be expired now. This is useful if the user wants to
-  # cancel oauth signing in/up in the middle of the process,
-  # removing all OAuth session data.
-  def cancel
-    super
+  def check_permissions
+    authorize!(:create, resource)
   end
 
-  protected
-    def check_permissions
-      authorize!(:create, resource)
-    end
-
   private
-    def spree_user_params
-      params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes)
-    end
+  def spree_user_params
+    params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes)
+  end
 end

data/lib/controllers/frontend/spree/user_sessions_controller.rb

@@ -7,47 +7,57 @@ class Spree::UserSessionsController < Devise::SessionsController
   include Spree::Core::ControllerHelpers::Auth
   include Spree::Core::ControllerHelpers::Common
   include Spree::Core::ControllerHelpers::Order
-  include Spree::Core::ControllerHelpers::SSL
   include Spree::Core::ControllerHelpers::Store
 
-  ssl_required :new, :create, :destroy, :update
-  ssl_allowed :login_bar
-
   def create
     authenticate_spree_user!
 
     if spree_user_signed_in?
       respond_to do |format|
-        format.html {
+        format.html do
           flash[:success] = Spree.t(:logged_in_succesfully)
           redirect_back_or_default(after_sign_in_path_for(spree_current_user))
-        }
-        format.js {
-          render :json => {:user => spree_current_user,
-                           :ship_address => spree_current_user.ship_address,
-                           :bill_address => spree_current_user.bill_address}.to_json
-        }
+        end
+        format.js { render success_json }
       end
     else
       respond_to do |format|
-        format.html {
+        format.html do
           flash.now[:error] = t('devise.failure.invalid')
           render :new
-        }
-        format.js {
-          render :json => { error: t('devise.failure.invalid') }, status: :unprocessable_entity
-        }
+        end
+        format.js do
+          render json: { error: t('devise.failure.invalid') },
+            status: :unprocessable_entity
+        end
       end
     end
   end
 
+  protected
+
+  def translation_scope
+    'devise.user_sessions'
+  end
+
   private
-    def accurate_title
-      Spree.t(:login)
-    end
 
-    def redirect_back_or_default(default)
-      redirect_to(session["spree_user_return_to"] || default)
-      session["spree_user_return_to"] = nil
-    end
+  def accurate_title
+    Spree.t(:login)
+  end
+
+  def redirect_back_or_default(default)
+    redirect_to(session["spree_user_return_to"] || default)
+    session["spree_user_return_to"] = nil
+  end
+
+  def success_json
+    {
+      json: {
+        user: spree_current_user,
+        ship_address: spree_current_user.ship_address,
+        bill_address: spree_current_user.bill_address
+      }.to_json
+    }
+  end
 end

data/lib/controllers/frontend/spree/users_controller.rb

@@ -1,5 +1,4 @@
 class Spree::UsersController < Spree::StoreController
-  ssl_required
   skip_before_filter :set_current_order, :only => :show
   prepend_before_filter :load_object, :only => [:show, :edit, :update]
   prepend_before_filter :authorize_actions, :only => :new

data/lib/spree/auth/engine.rb

@@ -25,9 +25,6 @@ module Spree
       end
 
       def self.activate
-        Dir.glob(File.join(File.dirname(__FILE__), '../../app/**/*_decorator*.rb')) do |c|
-          Rails.configuration.cache_classes ? require(c) : load(c)
-        end
         if Spree::Auth::Engine.backend_available?
           Rails.application.config.assets.precompile += [
             'lib/assets/javascripts/spree/backend/solidus_auth.js',

data/lib/views/frontend/spree/user_registrations/new.html.erb

@@ -1,12 +1,12 @@
 <% @body_id = 'signup' %>
 
-<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @user } %>
+<%= render 'spree/shared/error_messages', target: resource %>
 
 <div id="new-customer">
   <h6><%= Spree.t(:new_customer) %></h6>
 
   <div data-hook="signup">
-    <%= form_for resource, :as => :spree_user, :url => spree.registration_path(@user) do |f| %>
+    <%= form_for resource, :as => :spree_user, :url => spree.registration_path(resource) do |f| %>
       <div data-hook="signup_inside_form">
         <%= render :partial => 'spree/shared/user_form', :locals => { :f => f } %>
         <p><%= f.submit Spree.t(:create), :class => 'button primary' %></p>

data/solidus_auth_devise.gemspec

@@ -3,7 +3,7 @@
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "solidus_auth_devise"
-  s.version     = "1.0.0"
+  s.version     = "1.1.0"
   s.summary     = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
   s.description = s.summary
 
@@ -21,7 +21,7 @@ Gem::Specification.new do |s|
   solidus_version = [">= 1.0.0.pre", "< 2"]
 
   s.add_dependency "solidus_core", solidus_version
-  s.add_dependency "devise", "~> 3.2.3"
+  s.add_dependency "devise", '~> 3.5.1'
   s.add_dependency "devise-encryptable", "0.1.2"
 
   s.add_dependency "json"

data/spec/controllers/spree/user_registrations_controller_spec.rb

@@ -3,11 +3,66 @@ RSpec.describe Spree::UserRegistrationsController, type: :controller do
   before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
 
   context '#create' do
-    before { allow(controller).to receive(:after_sign_up_path_for).and_return(spree.root_path(thing: 7)) }
+    before do
+      allow(controller).to receive(:after_sign_up_path_for) do
+        spree.root_path(thing: 7)
+      end
+    end
+
+    let(:password_confirmation) { 'foobar123' }
+
+    subject do
+      spree_post(:create,
+        spree_user: {
+          email: 'foobar@example.com',
+          password: 'foobar123',
+          password_confirmation: password_confirmation
+        })
+    end
+
+    context 'when user created successfuly' do
+      it 'saves the user' do
+        expect { subject }.to change { Spree::User.count }.from(0).to(1)
+      end
+
+      it 'sets flash message' do
+        subject
+        expect(flash[:notice]).to eq('Welcome! You have signed up successfully.')
+      end
+
+      it 'signs in user' do
+        expect(controller.warden).to receive(:set_user)
+        subject
+      end
+
+      it 'sets spree_user_signup session' do
+        subject
+        expect(session[:spree_user_signup]).to be true
+      end
+
+      it 'tries to associate user with current_order' do
+        expect(controller).to receive(:associate_user)
+        subject
+      end
+
+      it 'redirects to after_sign_up path' do
+        subject
+        expect(response).to redirect_to spree.root_path(thing: 7)
+      end
+    end
+
+    context 'when user not valid' do
+      let(:password_confirmation) { 'foobard123' }
+
+      it 'resets password fields' do
+        expect(controller).to receive(:clean_up_passwords)
+        subject
+      end
 
-    it 'redirects to after_sign_up_path_for' do
-      spree_post :create, { spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' } }
-      expect(response).to redirect_to spree.root_path(thing: 7)
+      it 'renders new view' do
+        subject
+        expect(:response).to render_template(:new)
+      end
     end
   end
 end

data/spec/controllers/spree/user_sessions_controller_spec.rb

@@ -1,32 +1,46 @@
 RSpec.describe Spree::UserSessionsController, type: :controller do
-
   let(:user) { create(:user) }
 
   before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
 
   context "#create" do
-    context "using correct login information" do
+    let(:format) { :html }
+    let(:password) { 'secret' }
+
+    subject do
+      spree_post(:create,
+        spree_user: {
+          email: user.email,
+          password: password
+        },
+        format: format)
+    end
+
+    context "when using correct login information" do
       it 'properly assigns orders user from guest_token' do
         order1 = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
         order2 = create(:order, guest_token: 'ABC', user_id: 200)
         request.cookie_jar.signed[:guest_token] = 'ABC'
-        spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+        subject
 
         expect(order1.reload.user_id).to eq user.id
         expect(order1.reload.created_by_id).to eq user.id
         expect(order2.reload.user_id).to eq 200
       end
 
-      context "and html format is used" do
+      context "when html format is requested" do
         it "redirects to default after signing in" do
-          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+          subject
           expect(response).to redirect_to spree.root_path
         end
       end
 
-      context "and js format is used" do
+      context "when js format is requested" do
+        let(:format) { :js }
+
         it "returns a json with ship and bill address" do
-          spree_post :create, spree_user: { email: user.email, password: 'secret' }, format: 'js'
+          subject
           parsed = ActiveSupport::JSON.decode(response.body)
           expect(parsed).to have_key("user")
           expect(parsed).to have_key("ship_address")
@@ -35,18 +49,21 @@ RSpec.describe Spree::UserSessionsController, type: :controller do
       end
     end
 
-    context "using incorrect login information" do
-      context "and html format is used" do
+    context "when using incorrect login information" do
+      let(:password) { 'wrong' }
+
+      context "when html format is requested" do
         it "renders new template again with errors" do
-          spree_post :create, spree_user: { email: user.email, password: 'wrong' }
-          expect(response).to render_template('new')
+          subject
+          expect(response).to render_template(:new)
           expect(flash[:error]).to eq I18n.t(:'devise.failure.invalid')
         end
       end
 
-      context "and js format is used" do
-        it "returns a json with the error" do
-          spree_post :create, spree_user: { email: user.email, password: 'wrong' }, format: 'js'
+      context "when js format is requested" do
+        let(:format) { :js }
+        it "returns json with the error" do
+          subject
           parsed = ActiveSupport::JSON.decode(response.body)
           expect(parsed).to have_key("error")
         end

data/spec/features/checkout_spec.rb

@@ -11,6 +11,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
 
   given!(:zone)    { create(:zone) }
   given!(:address) { create(:address, state: state, country: country) }
+  given!(:payment_method){ create :check_payment_method }
 
   background do
     @product = create(:product, name: 'RoR Mug')
@@ -23,12 +24,6 @@ RSpec.feature 'Checkout', :js, type: :feature do
   end
 
   context 'without payment being required' do
-    background do
-      # So that we don't have to setup payment methods just for the sake of it
-      allow_any_instance_of(Spree::Order).to receive(:has_available_payment).and_return(true)
-      allow_any_instance_of(Spree::Order).to receive(:payment_required?).and_return(false)
-    end
-
     scenario 'allow a visitor to checkout as guest, without registration' do
       Spree::Auth::Config.set(registration_step: true)
       click_link 'RoR Mug'
@@ -52,6 +47,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
       select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
       check 'order_use_billing'
 
+      click_button 'Save and Continue'
       click_button 'Save and Continue'
       click_button 'Save and Continue'
       click_button 'Place Order'
@@ -83,6 +79,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
       select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
       check 'order_use_billing'
 
+      click_button 'Save and Continue'
       click_button 'Save and Continue'
       click_button 'Save and Continue'
       click_button 'Place Order'
@@ -154,6 +151,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
       select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
       check 'order_use_billing'
 
+      click_button 'Save and Continue'
       click_button 'Save and Continue'
       click_button 'Save and Continue'
       click_button 'Place Order'

data/spec/models/user_spec.rb

@@ -8,7 +8,7 @@ RSpec.describe Spree::User, type: :model do
   end
 
   it 'generates the reset password token' do
-    user = build(:user)
+    user = create(:user)
     expect(Spree::UserMailer).to receive(:reset_password_instructions).with(user, anything, {}).and_return(double(deliver: true))
     user.send_reset_password_instructions
     expect(user.reset_password_token).not_to be_nil

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_auth_devise
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Solidus Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-26 00:00:00.000000000 Z
+date: 2015-06-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: solidus_core
@@ -36,14 +36,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.3
+        version: 3.5.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.2.3
+        version: 3.5.1
 - !ruby/object:Gem::Dependency
   name: devise-encryptable
   requirement: !ruby/object:Gem::Requirement
@@ -280,13 +280,13 @@ files:
 - LICENSE.md
 - README.md
 - Rakefile
-- app/controllers/metal_decorator.rb
 - app/mailers/spree/user_mailer.rb
 - app/models/spree/auth_configuration.rb
 - app/models/spree/user.rb
 - app/overrides/auth_shared_login_bar.rb
 - app/overrides/spree/admin/shared/_header/auth_admin_login_navigation_bar.html.erb.deface
 - bin/rails
+- circle.yml
 - config/initializers/devise.rb
 - config/initializers/warden.rb
 - config/locales/de.yml

data/app/controllers/metal_decorator.rb

@@ -1,6 +0,0 @@
-# For the API
-ActionController::Metal.class_eval do
-  def spree_current_user
-    @spree_current_user ||= env['warden'].user
-  end
-end