solidus_auth_devise 1.3.0 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 68251ee8c8dbd193472c5d9e77c082699d99cbec
-  data.tar.gz: 9230ce9f639bd25adaa884ec143131a963279777
+  metadata.gz: 069e3cf3d0b487a02fd0cd8f90229d91d21ee49c
+  data.tar.gz: 8c03169fd0298d4ddeeb75b82974fffcd97faf5c
 SHA512:
-  metadata.gz: abfef5712300c46f1af842e9107ce7484e5a313a98ec04e16a00fdb4ba764f62387aeb64ac55c62a1d69423ff83ad99b9328e1691b40346e170a994ddedc10b6
-  data.tar.gz: 9e090cb6ddbfda0e779e9b5159f3f8a78e67d8becc9050d0124aeac557c421601e19fbbdd9da816d7d24b07db3e711ba5d7f24f4266a41b3a9d9b35b53a4dce4
+  metadata.gz: b4cfbbb456e6a83241eb691cf1fa639bf30a8803ceb2a24cf2f18b7f36cd091ee20b16eb44cfe38c2e059afbe0f53ac23c0580b906f12265ca597845ce5b546a
+  data.tar.gz: f4caa243ed037ab7dfe34e629c36b43a5e0cce9d2b6ecc82d353917bd1e5389a0b1a42fc9c92ac5a95ab22481313a206559f39d559aecde8927e9a158b4c6734

data/.gitignore

@@ -7,3 +7,5 @@ Gemfile.lock
 .ruby-gemsets
 .ruby-version
 .bundle
+pkg
+vendor

data/.travis.yml

@@ -1,11 +1,16 @@
+sudo: false
 language: ruby
 rvm:
-  - 1.9.3
-  - 2.1.3
+  - 2.1.8
 env:
-  - DB=mysql
-  - DB=postgres
-before_script:
-  - bundle exec rake test_app
-  - export DISPLAY=:99.0
-  - sh -e /etc/init.d/xvfb start
+  matrix:
+    - SOLIDUS_BRANCH=v1.0 DB=postgres
+    - SOLIDUS_BRANCH=v1.1 DB=postgres
+    - SOLIDUS_BRANCH=v1.2 DB=postgres
+    - SOLIDUS_BRANCH=v1.3 DB=postgres
+    - SOLIDUS_BRANCH=master DB=postgres
+    - SOLIDUS_BRANCH=v1.0 DB=mysql
+    - SOLIDUS_BRANCH=v1.1 DB=mysql
+    - SOLIDUS_BRANCH=v1.2 DB=mysql
+    - SOLIDUS_BRANCH=v1.3 DB=mysql
+    - SOLIDUS_BRANCH=master DB=mysql

data/Gemfile

@@ -1,6 +1,10 @@
 source "https://rubygems.org"
 
-gem "solidus", git: "git@github.com:solidusio/solidus.git", branch: "master"
+branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
+gem "solidus", github: "solidusio/solidus", branch: branch
+
+gem 'pg'
+gem 'mysql2'
 
 group :development, :test do
   gem "pry-rails"

data/README.md

@@ -71,13 +71,7 @@ Inside of your host application you can then use CanCan like you normally would.
 Testing
 -------
 
-Until Solidus is publicly available, the easiest way to satisfy the Solidus dependancy is with a local Bundler override:
-
-```shell
-bundle config local.spree /path/to/local/solidus/repository
-```
-
-Then just run the following to automatically build a dummy app if necessary and run the tests:
+Run the following to automatically build a dummy app if necessary and run the tests:
 
 ```shell
 bundle exec rake

data/app/models/spree/user.rb

@@ -3,7 +3,7 @@ module Spree
     include UserMethods
 
     devise :database_authenticatable, :registerable, :recoverable,
-           :rememberable, :trackable, :validatable, :encryptable, :encryptor => 'authlogic_sha512'
+           :rememberable, :trackable, :validatable, :encryptable
     devise :confirmable if Spree::Auth::Config[:confirmable]
 
     acts_as_paranoid

data/config/initializers/devise.rb

@@ -38,6 +38,7 @@ Devise.setup do |config|
   # For bcrypt, this is the cost for hashing the password and defaults to 10. If
   # using other encryptors, it sets how many times you want the password re-encrypted.
   config.stretches = 20
+  config.encryptor = 'authlogic_sha512'
 
   # Setup a pepper to generate the encrypted password.
   config.pepper = Rails.configuration.secret_token

data/config/initializers/warden.rb

@@ -2,7 +2,7 @@
 Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
   if auth.cookies.signed[:guest_token].present?
     if user.is_a?(Spree::User)
-      Spree::Order.where(guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
+      Spree::Order.incomplete.where(guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
         order.associate_user!(user)
       end
     end

data/config/routes.rb

@@ -1,48 +1,58 @@
 Spree::Core::Engine.add_routes do
-  devise_for :spree_user,
-             :class_name => 'Spree::User',
-             :controllers => { :sessions => 'spree/user_sessions',
-                               :registrations => 'spree/user_registrations',
-                               :passwords => 'spree/user_passwords',
-                               :confirmations => 'spree/user_confirmations' },
-             :skip => [:unlocks, :omniauth_callbacks],
-             :path_names => { :sign_out => 'logout' },
-             :path_prefix => :user
+  if Spree::Auth::Engine.frontend_available?
+    devise_for(:spree_user, {
+      class_name: 'Spree::User',
+      controllers: {
+        sessions: 'spree/user_sessions',
+        registrations: 'spree/user_registrations',
+        passwords: 'spree/user_passwords',
+        confirmations: 'spree/user_confirmations'
+      },
+      skip: [:unlocks, :omniauth_callbacks],
+      path_names: { sign_out: 'logout' },
+      path_prefix: :user
+    })
 
-  resources :users, :only => [:edit, :update]
+    resources :users, only: [:edit, :update]
 
-  devise_scope :spree_user do
-    get '/login' => 'user_sessions#new', :as => :login
-    post '/login' => 'user_sessions#create', :as => :create_new_session
-    get '/logout' => 'user_sessions#destroy', :as => :logout
-    get '/signup' => 'user_registrations#new', :as => :signup
-    post '/signup' => 'user_registrations#create', :as => :registration
-    get '/password/recover' => 'user_passwords#new', :as => :recover_password
-    post '/password/recover' => 'user_passwords#create', :as => :reset_password
-    get '/password/change' => 'user_passwords#edit', :as => :edit_password
-    put '/password/change' => 'user_passwords#update', :as => :update_password
-    get '/confirm' => 'user_confirmations#show', :as => :confirmation if Spree::Auth::Config[:confirmable]
-  end
+    devise_scope :spree_user do
+      get '/login', to: 'user_sessions#new', as: :login
+      post '/login', to: 'user_sessions#create', as: :create_new_session
+      get '/logout', to: 'user_sessions#destroy', as: :logout
+      get '/signup', to: 'user_registrations#new', as: :signup
+      post '/signup', to: 'user_registrations#create', as: :registration
+      get '/password/recover', to: 'user_passwords#new', as: :recover_password
+      post '/password/recover', to: 'user_passwords#create', as: :reset_password
+      get '/password/change', to: 'user_passwords#edit', as: :edit_password
+      put '/password/change', to: 'user_passwords#update', as: :update_password
+      get '/confirm', to: 'user_confirmations#show', as: :confirmation if Spree::Auth::Config[:confirmable]
+    end
 
-  get '/checkout/registration' => 'checkout#registration', :as => :checkout_registration
-  put '/checkout/registration' => 'checkout#update_registration', :as => :update_checkout_registration
+    get '/checkout/registration', to: 'checkout#registration', as: :checkout_registration
+    put '/checkout/registration', to: 'checkout#update_registration', as: :update_checkout_registration
 
-  resource :account, :controller => 'users'
+    resource :account, controller: 'users'
+  end
 
-  namespace :admin do
-    devise_for :spree_user,
-               :class_name => 'Spree::User',
-               :controllers => { :sessions => 'spree/admin/user_sessions',
-                                 :passwords => 'spree/admin/user_passwords' },
-               :skip => [:unlocks, :omniauth_callbacks, :registrations],
-               :path_names => { :sign_out => 'logout' },
-               :path_prefix => :user
-    devise_scope :spree_user do
-      get '/authorization_failure', :to => 'user_sessions#authorization_failure', :as => :unauthorized
-      get '/login' => 'user_sessions#new', :as => :login
-      post '/login' => 'user_sessions#create', :as => :create_new_session
-      get '/logout' => 'user_sessions#destroy', :as => :logout
-    end
+  if Spree::Auth::Engine.backend_available?
+    namespace :admin do
+      devise_for(:spree_user, {
+        class_name: 'Spree::User',
+        controllers: {
+          sessions: 'spree/admin/user_sessions',
+          passwords: 'spree/admin/user_passwords'
+        },
+        skip: [:unlocks, :omniauth_callbacks, :registrations],
+        path_names: { sign_out: 'logout' },
+        path_prefix: :user
+      })
 
+      devise_scope :spree_user do
+        get '/authorization_failure', to: 'user_sessions#authorization_failure', as: :unauthorized
+        get '/login', to: 'user_sessions#new', as: :login
+        post '/login', to: 'user_sessions#create', as: :create_new_session
+        get '/logout', to: 'user_sessions#destroy', as: :logout
+      end
+    end
   end
 end

data/lib/controllers/frontend/spree/checkout_controller_decorator.rb

@@ -1,7 +1,8 @@
 require 'spree/core/validators/email'
 Spree::CheckoutController.class_eval do
-  before_filter :check_authorization
-  before_filter :check_registration, :except => [:registration, :update_registration]
+  prepend_before_filter :check_registration,
+    except: [:registration, :update_registration]
+  prepend_before_filter :check_authorization
 
   def registration
     @user = Spree::User.new
@@ -32,12 +33,25 @@ Spree::CheckoutController.class_eval do
 
     # Introduces a registration step whenever the +registration_step+ preference is true.
     def check_registration
-      return unless Spree::Auth::Config[:registration_step]
-      return if spree_current_user or current_order.email
+      return unless registration_required?
       store_location
       redirect_to spree.checkout_registration_path
     end
 
+    def registration_required?
+      Spree::Auth::Config[:registration_step] &&
+        !already_registered?
+    end
+
+    def already_registered?
+      spree_current_user || guest_authenticated?
+    end
+
+    def guest_authenticated?
+      current_order.try!(:email).present? &&
+        Spree::Config[:allow_guest_checkout]
+    end
+
     # Overrides the equivalent method defined in Spree::Core.  This variation of the method will ensure that users
     # are redirected to the tokenized order url unless authenticated as a registered user.
     def completion_route

data/lib/controllers/frontend/spree/user_registrations_controller.rb

@@ -19,7 +19,6 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
       set_flash_message(:notice, :signed_up)
       sign_in(:spree_user, resource)
       session[:spree_user_signup] = true
-      associate_user
       respond_with resource, location: after_sign_up_path_for(resource)
     else
       clean_up_passwords(resource)

data/solidus_auth_devise.gemspec

@@ -3,7 +3,7 @@
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = "solidus_auth_devise"
-  s.version     = "1.3.0"
+  s.version     = "1.4.0"
   s.summary     = "Provides authentication and authorization services for use with Solidus by using Devise and CanCan."
   s.description = s.summary
 
@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
   s.require_path = "lib"
   s.requirements << "none"
 
-  solidus_version = [">= 1.1.0.alpha", "< 2"]
+  solidus_version = [">= 1.0.6", "< 2"]
 
   s.add_dependency "solidus_core", solidus_version
   s.add_dependency "devise", '~> 3.5.1'

data/spec/controllers/spree/checkout_controller_spec.rb

@@ -25,12 +25,36 @@ RSpec.describe Spree::CheckoutController, type: :controller do
         end
       end
 
-      context 'when authenticated as guest' do
+      context 'when not authenticated as guest' do
         it 'redirects to registration step' do
           spree_get :edit, { state: 'address' }
           expect(response).to redirect_to spree.checkout_registration_path
         end
       end
+
+      context 'when authenticated as guest' do
+        before { order.email = 'guest@solidus.io' }
+
+        it 'proceeds to the first checkout step' do
+          spree_get :edit, { state: 'address' }
+          expect(response).to render_template :edit
+        end
+
+        context 'when guest checkout not allowed' do
+          before do
+            Spree::Config.set(allow_guest_checkout: false)
+          end
+
+          after do
+            Spree::Config.set(allow_guest_checkout: true)
+          end
+
+          it 'redirects to registration step' do
+            spree_get :edit, { state: 'address' }
+            expect(response).to redirect_to spree.checkout_registration_path
+          end
+        end
+      end
     end
 
     context 'when registration step disabled' do

data/spec/controllers/spree/user_registrations_controller_spec.rb

@@ -40,15 +40,40 @@ RSpec.describe Spree::UserRegistrationsController, type: :controller do
         expect(session[:spree_user_signup]).to be true
       end
 
-      it 'tries to associate user with current_order' do
-        expect(controller).to receive(:associate_user)
-        subject
-      end
-
       it 'redirects to after_sign_up path' do
         subject
         expect(response).to redirect_to spree.root_path(thing: 7)
       end
+
+      context 'with a guest token present' do
+        before do
+          request.cookie_jar.signed[:guest_token] = 'ABC'
+        end
+
+        it 'assigns orders with the correct token and no user present' do
+          order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
+          subject
+          user = Spree::User.find_by_email('foobar@example.com')
+
+          order.reload
+          expect(order.user_id).to eq user.id
+          expect(order.created_by_id).to eq user.id
+        end
+
+        it 'does not assign orders with an existing user' do
+          order = create(:order, guest_token: 'ABC', user_id: 200)
+          subject
+
+          expect(order.reload.user_id).to eq 200
+        end
+
+        it 'does not assign orders with a different token' do
+          order = create(:order, guest_token: 'DEF', user_id: nil, created_by_id: nil)
+          subject
+
+          expect(order.reload.user_id).to be_nil
+        end
+      end
     end
 
     context 'when user not valid' do

data/spec/controllers/spree/user_sessions_controller_spec.rb

@@ -17,16 +17,53 @@ RSpec.describe Spree::UserSessionsController, type: :controller do
     end
 
     context "when using correct login information" do
-      it 'properly assigns orders user from guest_token' do
-        order1 = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
-        order2 = create(:order, guest_token: 'ABC', user_id: 200)
-        request.cookie_jar.signed[:guest_token] = 'ABC'
+      context 'with a guest token present' do
+        before do
+          request.cookie_jar.signed[:guest_token] = 'ABC'
+        end
+
+        it 'assigns orders with the correct token and no user present' do
+          order = create(:order, email: user.email, guest_token: 'ABC', user_id: nil, created_by_id: nil)
+          subject
+
+          order.reload
+          expect(order.user_id).to eq user.id
+          expect(order.created_by_id).to eq user.id
+        end
 
-        subject
+        it 'assigns orders with the correct token and no user or email present' do
+          order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
+          subject
+
+          order.reload
+          expect(order.user_id).to eq user.id
+          expect(order.created_by_id).to eq user.id
+        end
+
+        it 'does not assign completed orders' do
+          order = create(:order, email: user.email, guest_token: 'ABC',
+                         user_id: nil, created_by_id: nil,
+                         completed_at: 1.minute.ago)
+          subject
 
-        expect(order1.reload.user_id).to eq user.id
-        expect(order1.reload.created_by_id).to eq user.id
-        expect(order2.reload.user_id).to eq 200
+          order.reload
+          expect(order.user_id).to be_nil
+          expect(order.created_by_id).to be_nil
+        end
+
+        it 'does not assign orders with an existing user' do
+          order = create(:order, guest_token: 'ABC', user_id: 200)
+          subject
+
+          expect(order.reload.user_id).to eq 200
+        end
+
+        it 'does not assign orders with a different token' do
+          order = create(:order, guest_token: 'DEF', user_id: nil, created_by_id: nil)
+          subject
+
+          expect(order.reload.user_id).to be_nil
+        end
       end
 
       context "when html format is requested" do

data/spec/features/admin/orders_spec.rb

@@ -1,6 +1,7 @@
 RSpec.feature 'Admin orders', type: :feature do
 
   background do
+    create(:store)
     sign_in_as! create(:admin_user)
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_auth_devise
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Solidus Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-12 00:00:00.000000000 Z
+date: 2016-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: solidus_core
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.0.alpha
+        version: 1.0.6
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.0.alpha
+        version: 1.0.6
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
@@ -106,7 +106,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.0.alpha
+        version: 1.0.6
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
@@ -116,7 +116,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.0.alpha
+        version: 1.0.6
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
@@ -126,7 +126,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.0.alpha
+        version: 1.0.6
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
@@ -136,7 +136,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.0.alpha
+        version: 1.0.6
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
@@ -389,7 +389,6 @@ files:
 - spec/features/account_spec.rb
 - spec/features/admin/orders_spec.rb
 - spec/features/admin/password_reset_spec.rb
-- spec/features/admin/payment_methods_spec.rb
 - spec/features/admin/products_spec.rb
 - spec/features/admin/sign_in_spec.rb
 - spec/features/admin/sign_out_spec.rb
@@ -435,7 +434,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements:
 - none
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: Provides authentication and authorization services for use with Solidus by
@@ -451,7 +450,6 @@ test_files:
 - spec/features/account_spec.rb
 - spec/features/admin/orders_spec.rb
 - spec/features/admin/password_reset_spec.rb
-- spec/features/admin/payment_methods_spec.rb
 - spec/features/admin/products_spec.rb
 - spec/features/admin/sign_in_spec.rb
 - spec/features/admin/sign_out_spec.rb

data/spec/features/admin/payment_methods_spec.rb

@@ -1,16 +0,0 @@
-RSpec.feature 'Payment methods', type: :feature do
-
-  background do
-    sign_in_as! create(:admin_user)
-    visit spree.admin_path
-    click_link 'Settings'
-  end
-
-  # Regression test for #5
-  scenario 'can dismiss the banner' do
-    allow_any_instance_of(Spree::User).to receive(:dismissed_banner?) { false }
-    allow(Spree::PaymentMethod).to receive(:production).and_return(payment_methods = [double])
-    allow(payment_methods).to receive(:where).and_return([])
-    click_link 'Payment Methods'
-  end
-end