solidus_auth_devise_devise_token_auth 2.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e80fd8e5351b0d71fac358c522288c37f7829b578d407e556d5bf83523617c1c
+  data.tar.gz: 8cef39af520395863bbffe5dbd821a6c462477e79c472b70c07ad4ba1e980729
+SHA512:
+  metadata.gz: 54ea0b9bdd421cb88bc59549ab7faf5c60f991b10ab03f992becb5ff282ea4cf654e1f1484d83d4a6fb20a2507383358e325d9b6c6d432aa162ce2d5479ab6c7
+  data.tar.gz: b5acef055e1b52999b5190a93e33ffcefb43a4456435eb928d5451bc7affbc39493e7882a1c361d37bbc8b92efbfe2ee07c74af9c75fe18820316ccc977d9412

data/.gitignore

@@ -0,0 +1,12 @@
+spec/dummy
+spec/examples.txt
+.sass-cache
+coverage
+Gemfile.lock
+*.swp
+.rvmrc
+.ruby-gemsets
+.ruby-version
+.bundle
+pkg
+vendor

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,20 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.1
+env:
+  matrix:
+    - SOLIDUS_BRANCH=v2.2 DB=postgres
+    - SOLIDUS_BRANCH=v2.3 DB=postgres
+    - SOLIDUS_BRANCH=v2.4 DB=postgres
+    - SOLIDUS_BRANCH=v2.5 DB=postgres
+    - SOLIDUS_BRANCH=v2.6 DB=postgres
+    - SOLIDUS_BRANCH=v2.7 DB=postgres
+    - SOLIDUS_BRANCH=master DB=postgres
+    - SOLIDUS_BRANCH=v2.2 DB=mysql
+    - SOLIDUS_BRANCH=v2.3 DB=mysql
+    - SOLIDUS_BRANCH=v2.4 DB=mysql
+    - SOLIDUS_BRANCH=v2.5 DB=mysql
+    - SOLIDUS_BRANCH=v2.6 DB=mysql
+    - SOLIDUS_BRANCH=v2.7 DB=mysql
+    - SOLIDUS_BRANCH=master DB=mysql

data/CHANGELOG.md

@@ -0,0 +1,173 @@
+## Master (unreleased)
+
+## Solidus Auth Devise v2.1.0 (devise_token_auth version) (2018-10-25)
+
+* Stop generating spree_api_key (because it's supposed to be replaced by devise_token_auth stuff)
+* Remove spree_api_key functionality entirely
+
+## Solidus Auth Devise v2.1.0 (2018-01-22)
+
+* Avoid requiring deface on Solidus 2.5+.
+
+  On older versions, you may need to add `gem 'deface'` to your gemfile.
+
+* Remove reference to unused admin tables helper removed from Solidus 2.5
+
+## Solidus Auth Devise v2.0.0 (2017-09-20)
+
+* Drop support for Solidus v1.0 and v1.1
+* Use `match` for Devise logout route
+* Remove references to dash
+* Leverage `*_available?` helpers from `solidus-support`
+* Use `spec_helper` from `solidus-support`
+* Correct `set_current_order` callback for newer versions of Solidus
+
+## Solidus Auth Devise v1.6.4 (2017-07-24)
+
+* Fix error trying to call helper_method in api-only applications
+* Fix deprecated devise `bypass` option
+* Pin development dependencies to minor versions
+* Update outdated development dependencies
+* Remove implicit dependency on highline
+
+## Solidus Auth Devise v1.6.3 (2017-05-09)
+
+* Add missing translations for already_authenticated
+* Do not require core email validator
+* Remove dependency on `json`, `multi_json`
+* Remove unnecessary sass/coffeescript requires
+* Fix warnings on Rails 5, support Rails 5.1
+* Change deface dependency from `~> 1.0.0` to `~> 1.0`
+
+## Solidus Auth Devise v1.6.2 (2016-11-18)
+
+* Fix an issue where invalid addresses could be persisted after starting a
+  checkout as a guest and then returning to the cart page.
+
+## Solidus Auth Devise v1.6.1 (2016-08-24)
+
+* Replace usages of `before_filter` with `before_action` (#73)
+
+## Solidus Auth Devise v1.6.0 (2016-08-23)
+
+* Loading of routes can be disabled through config (#71)
+
+* Support for Solidus 2.0 and Rails 5.0
+
+* Remove load-time manipulation of the Devise secret key (#67)
+
+## Solidus Auth Devise v1.5.0 (2016-07-18)
+
+* Add call to set_current_order on sign in. This replaces a before filter that
+  is being eliminated from Solidus controllers where set_current_order was
+  called excessively.
+
+* Update backend views to only reference backend routes (#57)
+
+* Devise dependency updates
+
+  The locked versions of Devise and Devise-Encryptable have been updated.
+  Devise, in particular, has been bumped to a new major version, which removes
+  support for the following:
+
+  - Rails 3.2. and 4.0
+  - Ruby 1.9 and 2.0
+
+  These losses are deemed acceptable, as Solidus' core itself does not
+  support any of these versions.
+
+  For more details on the changes, see the Devise changelog:
+  https://github.com/plataformatec/devise/blob/master/CHANGELOG.md
+
+  Similar changes in `devise-encryptable`, with details in the changelog:
+  https://github.com/plataformatec/devise-encryptable/blob/master/Changelog.md
+
+* Addition of Chinese translations (#64)
+
+## Solidus Auth Devise v1.4.0 (2016-05-16)
+
+* Update hash syntax for routes.rb
+* Make route syntax consistent and modern
+* Make devise_for routes conditional
+* Test against solidus 1.3
+* check_authorization first in CheckoutController
+* Ensure current_order exists checking registration
+* Add vendor to .gitignore
+* Revert "ChcktController checks auth and registration first"
+* ChcktController checks auth and registration first
+* Remove obsolete regression test
+* Remove superfluous call to associate_user
+* Test and fix order association
+* Re-add Solidus 1.0 compatability
+* Improve readability of check_registration
+* Force registration when guest checkout not allowed
+* Improve check_registration spec for guest case
+* Add pg and mysql2 to Gemfile
+* Also test against v1.1 and v1.2
+* Allow https instead of git in gemfile
+* Ignore pkg directory
+* Update .travis.yml
+* Update README testing section
+* Fix specs now that order's store is required
+* Moved the encryptor setting for the User model into the devise config, allowing it to be easily overridden from the local devise config.
+
+## Solidus Auth Devise v1.3.0 (2016-01-12)
+
+* Add capybara-screenshot
+* Remove restriction on sass-rails and coffee-rails
+* Remove the "Logged in as:" message
+* Correct use of font-awesome
+* Swap .inline-menu for specific hook
+* Add new template override
+* remove duplicate translation
+* add missing translations for German locale
+
+## Solidus Auth Devise v1.2.3 (2015-11-30)
+
+* Add an explicit require to deface
+* Check if front/backend are available before decorating the controllers
+* Rename spree@example.com to admin@example.com
+* Skip the confirmation spec
+* Permit editing email
+
+## Solidus Auth Devise v1.2.2 (2015-10-01)
+
+* Automatically regenerate a user's spree_api_key upon password change.
+* Inherit from Spree::Base
+* Explicitely add deface to gemfile
+* Remove some redundant includes
+* Remove unneeded monkey patching
+* Remove brittle spec
+* Pass store to from_address helper
+* Fix broken specs
+
+## Solidus Auth Devise v1.2.0 (2015-07-22)
+
+* Use new extension point for access denied.
+* Explicitly include UserMethods on Spree::User
+* Bump rspec to 3.3 and remove minor patch restriction.
+* We no longer redirect to admin/orders by default.
+* Skip adding devise.rb if it already exists.
+* Fix checkout spec
+* Bump to RSpec 3.2
+* Use non-deprecated `deliver_now` in mailer spec.
+* Fix generator name.
+
+## Solidus Auth Devise v1.1.0 (2015-06-03)
+
+* Updates for devise 3.5.1
+* Bump devise to ~> 3.5.1
+* Avoid stubbing to fix checkout spec
+* Minor update to README.md
+* Remove Spree::Core::ControllerHelpers::SSL
+* Add circle.yml
+* Use git+ssh for solidus gem
+* Remove dead code.
+* Refactor UserSessionsController and specs
+* Remove @user from UserRegistrationsController
+* Add specs for UserRegistrationsController
+* Remove empty overrides in registrations controller
+
+## Solidus Auth Devise v1.0.0 (2015-05-26)
+
+* Initial Release

data/Gemfile

@@ -0,0 +1,36 @@
+source 'https://rubygems.org'
+
+git_source(:github) do |repo_name|
+  repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
+  "https://github.com/#{repo_name}.git"
+end
+
+branch = ENV.fetch('SOLIDUS_BRANCH', 'master')
+gem 'solidus_devise_token_auth', github: 'skycocker/solidus_devise_token_auth', branch: branch
+
+group :test do
+  if branch == 'master' || branch >= "v2.0"
+    gem "rails-controller-testing"
+  else
+    gem "rails_test_params_backport"
+  end
+  if branch < "v2.5"
+    gem 'factory_bot', '4.10.0'
+  else
+    gem 'factory_bot', '> 4.10.0'
+  end
+end
+
+if ENV['DB'] == 'mysql'
+  gem 'mysql2', '~> 0.4.10'
+else
+  gem 'pg', '~> 0.21'
+end
+
+group :development, :test do
+  gem "pry-rails"
+end
+
+gem 'deface', require: false
+
+gemspec

data/LICENSE.md

@@ -0,0 +1,26 @@
+Copyright (c) 2014, Spree Commerce, Inc. and other contributors
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name Spree nor the names of its contributors may be used to
+      endorse or promote products derived from this software without specific
+      prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,98 @@
+Solidus Auth (Devise)
+=====================
+
+Provides authentication services for Solidus, using the Devise gem.
+
+Installation
+------------
+
+Just add this line to your `Gemfile`:
+
+```ruby
+gem "solidus_auth_devise"
+
+# For Solidus versions < 2.5
+# gem 'deface'
+```
+
+Then, run `bundle install`.
+
+After that's done, you can install and run the necessary migrations, then seed the database:
+
+```shell
+bundle exec rake solidus_auth:install:migrations
+bundle exec rake db:migrate
+bundle exec rake db:seed
+```
+
+### Default Username/Password
+
+As part of running the above installation steps, you will be asked to set an admin email/password combination. The default values are `admin@example.com` and `test123`, respectively.
+
+### Confirmable
+
+To enable Devise's Confirmable module, which will send the user an email with a link to confirm their account, you must do the following:
+
+* Add this line to an initializer in your Rails project (typically `config/initializers/spree.rb`):
+
+```ruby
+Spree::Auth::Config[:confirmable] = true
+```
+
+* Add a Devise initializer to your Rails project (typically `config/initializers/devise.rb`):
+
+```ruby
+Devise.setup do |config|
+  # Required so users don't lose their carts when they need to confirm.
+  config.allow_unconfirmed_access_for = 1.days
+
+  # Fixes the bug where Confirmation errors result in a broken page.
+  config.router_name = :spree
+
+  # Add any other devise configurations here, as they will override the defaults provided by solidus_auth_devise.
+end
+```
+
+Using in an existing application
+--------------------------------
+
+If you are installing Solidus inside of a host application in which you want your own permission setup, you can do this using the `register_ability` method.
+
+First create your own CanCan Ability class following the CanCan documentation.
+
+For example: `app/models/super_abilities.rb`
+
+```ruby
+class SuperAbilities
+  include CanCan::Ability
+
+  def initialize user
+    if user.is? "Superman"
+      can :stop, Bullet
+    end
+  end
+end
+```
+
+Then register your class in your spree initializer: config/initializers/spree.rb
+
+```ruby
+Spree::Ability.register_ability(SuperAbilities)
+```
+
+Inside of your host application you can then use CanCan like you normally would.
+
+```erb
+<% if can? :stop Bullet %>
+  ...
+<% end %>
+```
+
+Testing
+-------
+
+Run the following to automatically build a dummy app if necessary and run the tests:
+
+```shell
+bundle exec rake
+```

data/Rakefile

@@ -0,0 +1,21 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core/rake_task'
+require 'spree/testing_support/common_rake'
+
+RSpec::Core::RakeTask.new
+
+task :default do
+  if Dir["spec/dummy"].empty?
+    Rake::Task[:test_app].invoke
+    Dir.chdir("../../")
+  end
+  Rake::Task[:spec].invoke
+end
+
+desc 'Generates a dummy app for testing'
+task :test_app do
+  ENV['LIB_NAME'] = 'solidus/auth'
+  Rake::Task['common:test_app'].invoke("Spree::User")
+end

data/app/mailers/spree/user_mailer.rb

@@ -0,0 +1,15 @@
+module Spree
+  class UserMailer < BaseMailer
+    def reset_password_instructions(user, token, *args)
+      @store = Spree::Store.default
+      @edit_password_reset_url = spree.edit_spree_user_password_url(reset_password_token: token, host: @store.url)
+      mail to: user.email, from: from_address(@store), subject: "#{@store.name} #{I18n.t(:subject, scope: [:devise, :mailer, :reset_password_instructions])}"
+    end
+
+    def confirmation_instructions(user, token, opts={})
+      @store = Spree::Store.default
+      @confirmation_url = spree.spree_user_confirmation_url(confirmation_token: token, host: @store.url)
+      mail to: user.email, from: from_address(@store), subject: "#{@store.name} #{I18n.t(:subject, scope: [:devise, :mailer, :confirmation_instructions])}"
+    end
+  end
+end

data/app/models/spree/auth_configuration.rb

@@ -0,0 +1,9 @@
+module Spree
+  class AuthConfiguration < Preferences::Configuration
+    preference :registration_step, :boolean, default: true
+    preference :signout_after_password_change, :boolean, default: true
+    preference :confirmable, :boolean, default: false
+    preference :draw_frontend_routes, :boolean, default: true
+    preference :draw_backend_routes, :boolean, default: true
+  end
+end

data/app/models/spree/user.rb

@@ -0,0 +1,47 @@
+module Spree
+  class User < Spree::Base
+    include UserMethods
+
+    devise :database_authenticatable, :registerable, :recoverable,
+           :rememberable, :trackable, :validatable, :encryptable
+    devise :confirmable if Spree::Auth::Config[:confirmable]
+
+    acts_as_paranoid
+    after_destroy :scramble_email_and_password
+
+    before_validation :set_login
+
+    users_table_name = User.table_name
+    roles_table_name = Role.table_name
+
+    scope :admin, -> { includes(:spree_roles).where("#{roles_table_name}.name" => "admin") }
+
+    def self.admin_created?
+      User.admin.count > 0
+    end
+
+    def admin?
+      has_spree_role?('admin')
+    end
+
+    protected
+      def password_required?
+        !persisted? || password.present? || password_confirmation.present?
+      end
+
+    private
+
+      def set_login
+        # for now force login to be same as email, eventually we will make this configurable, etc.
+        self.login ||= self.email if self.email
+      end
+
+      def scramble_email_and_password
+        self.email = SecureRandom.uuid + "@example.net"
+        self.login = self.email
+        self.password = SecureRandom.hex(8)
+        self.password_confirmation = self.password
+        self.save
+      end
+  end
+end