solidus_auth_devise_devise_token_auth 2.1.0

data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb

@@ -0,0 +1,8 @@
+class AddResetPasswordSentAtToSpreeUsers < SolidusSupport::Migration[4.2]
+  def change
+    Spree::User.reset_column_information
+    unless Spree::User.column_names.include?("reset_password_sent_at")
+      add_column :spree_users, :reset_password_sent_at, :datetime
+    end
+  end
+end

data/db/migrate/20120605211305_make_users_email_index_unique.rb

@@ -0,0 +1,9 @@
+class MakeUsersEmailIndexUnique < SolidusSupport::Migration[4.2]
+  def up
+    add_index "spree_users", ["email"], :name => "email_idx_unique", :unique => true
+  end
+
+  def down
+    remove_index "spree_users", :name => "email_idx_unique"
+  end
+end

data/db/migrate/20140904000425_add_deleted_at_to_users.rb

@@ -0,0 +1,6 @@
+class AddDeletedAtToUsers < SolidusSupport::Migration[4.2]
+  def change
+    add_column :spree_users, :deleted_at, :datetime
+    add_index :spree_users, :deleted_at
+  end
+end

data/db/migrate/20141002154641_add_confirmable_to_users.rb

@@ -0,0 +1,7 @@
+class AddConfirmableToUsers < SolidusSupport::Migration[4.2]
+  def change
+    add_column :spree_users, :confirmation_token, :string
+    add_column :spree_users, :confirmed_at, :datetime
+    add_column :spree_users, :confirmation_sent_at, :datetime
+  end
+end

data/db/seeds.rb

@@ -0,0 +1 @@
+require_relative 'default/users.rb'

data/lib/assets/javascripts/spree/backend/solidus_auth.js

@@ -0,0 +1 @@
+//= require spree/backend

data/lib/assets/javascripts/spree/frontend/solidus_auth.js

@@ -0,0 +1 @@
+//= require spree/frontend

data/lib/assets/stylesheets/spree/backend/solidus_auth.css

@@ -0,0 +1,3 @@
+/*
+ *= require spree/backend
+*/

data/lib/assets/stylesheets/spree/frontend/solidus_auth.css

@@ -0,0 +1,3 @@
+/*
+ *= require spree/frontend
+*/

data/lib/controllers/backend/spree/admin/admin_controller_decorator.rb

@@ -0,0 +1,11 @@
+Spree::Admin::BaseController.class_eval do
+  protected
+
+  def model_class
+    const_name = controller_name.classify
+    if Spree.const_defined?(const_name, false)
+      return "Spree::#{const_name}".constantize
+    end
+    nil
+  end
+end

data/lib/controllers/backend/spree/admin/orders/customer_details_controller_decorator.rb

@@ -0,0 +1,15 @@
+Spree::Admin::Orders::CustomerDetailsController.class_eval do
+  before_action :check_authorization
+
+  private
+    def check_authorization
+      load_order
+      session[:access_token] ||= params[:token]
+
+      resource = @order
+      action = params[:action].to_sym
+      action = :edit if action == :show # show route renders :edit for this controller
+
+      authorize! action, resource, session[:access_token]
+    end
+end

data/lib/controllers/backend/spree/admin/user_passwords_controller.rb

@@ -0,0 +1,41 @@
+class Spree::Admin::UserPasswordsController < Devise::PasswordsController
+  helper 'spree/base'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Store
+
+  helper 'spree/admin/navigation'
+  layout 'spree/layouts/admin'
+
+  # Overridden due to bug in Devise.
+  #   respond_with resource, location: new_session_path(resource_name)
+  # is generating bad url /session/new.user
+  #
+  # overridden to:
+  #   respond_with resource, location: spree.login_path
+  #
+  def create
+    self.resource = resource_class.send_reset_password_instructions(params[resource_name])
+
+    if resource.errors.empty?
+      set_flash_message(:notice, :send_instructions) if is_navigational_format?
+      respond_with resource, location: spree.admin_login_path
+    else
+      respond_with_navigational(resource) { render :new }
+    end
+  end
+
+  # Devise::PasswordsController allows for blank passwords.
+  # Silly Devise::PasswordsController!
+  # Fixes spree/spree#2190.
+  def update
+    if params[:spree_user][:password].blank?
+      set_flash_message(:error, :cannot_be_blank)
+      render :edit
+    else
+      super
+    end
+  end
+
+end

data/lib/controllers/backend/spree/admin/user_sessions_controller.rb

@@ -0,0 +1,43 @@
+class Spree::Admin::UserSessionsController < Devise::SessionsController
+  helper 'spree/base'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Store
+
+  helper 'spree/admin/navigation'
+  layout 'spree/layouts/admin'
+
+  def create
+    authenticate_spree_user!
+
+    if spree_user_signed_in?
+      respond_to do |format|
+        format.html {
+          flash[:success] = Spree.t(:logged_in_succesfully)
+          redirect_back_or_default(after_sign_in_path_for(spree_current_user))
+        }
+        format.js {
+          user = resource.record
+          render json: {ship_address: user.ship_address, bill_address: user.bill_address}.to_json
+        }
+      end
+    else
+      flash.now[:error] = t('devise.failure.invalid')
+      render :new
+    end
+  end
+
+  def authorization_failure
+  end
+
+  private
+    def accurate_title
+      Spree.t(:login)
+    end
+
+    def redirect_back_or_default(default)
+      redirect_to(session["spree_user_return_to"] || default)
+      session["spree_user_return_to"] = nil
+    end
+end

data/lib/controllers/frontend/spree/checkout_controller_decorator.rb

@@ -0,0 +1,66 @@
+Spree::CheckoutController.class_eval do
+  prepend_before_action :check_registration,
+    except: [:registration, :update_registration]
+  prepend_before_action :check_authorization
+
+  # This action builds some associations on the order, ex. addresses, which we
+  # don't to build or save here.
+  skip_before_action :setup_for_current_state, only: [:registration, :update_registration]
+
+  def registration
+    @user = Spree::User.new
+  end
+
+  def update_registration
+    if params[:order][:email] =~ Devise.email_regexp && current_order.update_attributes(email: params[:order][:email])
+      redirect_to spree.checkout_path
+    else
+      flash[:registration_error] = t(:email_is_invalid, scope: [:errors, :messages])
+      @user = Spree::User.new
+      render 'registration'
+    end
+  end
+
+  private
+    def order_params
+      params.
+        fetch(:order, {}).
+        permit(:email)
+    end
+
+    def skip_state_validation?
+      %w(registration update_registration).include?(params[:action])
+    end
+
+    def check_authorization
+      authorize!(:edit, current_order, cookies.signed[:guest_token])
+    end
+
+    # Introduces a registration step whenever the +registration_step+ preference is true.
+    def check_registration
+      return unless registration_required?
+      store_location
+      redirect_to spree.checkout_registration_path
+    end
+
+    def registration_required?
+      Spree::Auth::Config[:registration_step] &&
+        !already_registered?
+    end
+
+    def already_registered?
+      spree_current_user || guest_authenticated?
+    end
+
+    def guest_authenticated?
+      current_order.try!(:email).present? &&
+        Spree::Config[:allow_guest_checkout]
+    end
+
+    # Overrides the equivalent method defined in Spree::Core.  This variation of the method will ensure that users
+    # are redirected to the tokenized order url unless authenticated as a registered user.
+    def completion_route
+      return spree.order_path(@order) if spree_current_user
+      spree.token_order_path(@order, @order.guest_token)
+    end
+end

data/lib/controllers/frontend/spree/user_confirmations_controller.rb

@@ -0,0 +1,14 @@
+class Spree::UserConfirmationsController < Devise::ConfirmationsController
+  helper 'spree/base', 'spree/store'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
+
+  protected
+
+  def after_confirmation_path_for(resource_name, resource)
+    signed_in?(resource_name) ? spree.signed_in_root_path(resource) : spree.login_path
+  end
+end

data/lib/controllers/frontend/spree/user_passwords_controller.rb

@@ -0,0 +1,50 @@
+class Spree::UserPasswordsController < Devise::PasswordsController
+  helper 'spree/base', 'spree/store'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
+
+  # Overridden due to bug in Devise.
+  #   respond_with resource, location: new_session_path(resource_name)
+  # is generating bad url /session/new.user
+  #
+  # overridden to:
+  #   respond_with resource, location: spree.login_path
+  #
+  def create
+    self.resource = resource_class.send_reset_password_instructions(params[resource_name])
+
+    if resource.errors.empty?
+      set_flash_message(:notice, :send_instructions) if is_navigational_format?
+      respond_with resource, location: spree.login_path
+    else
+      respond_with_navigational(resource) { render :new }
+    end
+  end
+
+  # Devise::PasswordsController allows for blank passwords.
+  # Silly Devise::PasswordsController!
+  # Fixes spree/spree#2190.
+  def update
+    if params[:spree_user][:password].blank?
+      self.resource = resource_class.new
+      resource.reset_password_token = params[:spree_user][:reset_password_token]
+      set_flash_message(:error, :cannot_be_blank)
+      render :edit
+    else
+      super
+    end
+  end
+
+  protected
+
+  def translation_scope
+    'devise.user_passwords'
+  end
+
+  def new_session_path(resource_name)
+    spree.send("new_#{resource_name}_session_path")
+  end
+end

data/lib/controllers/frontend/spree/user_registrations_controller.rb

@@ -0,0 +1,40 @@
+class Spree::UserRegistrationsController < Devise::RegistrationsController
+  helper 'spree/base', 'spree/store'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
+
+  before_action :check_permissions, only: [:edit, :update]
+  skip_before_action :require_no_authentication
+
+  def create
+    build_resource(spree_user_params)
+    if resource.save
+      set_flash_message(:notice, :signed_up)
+      sign_in(:spree_user, resource)
+      session[:spree_user_signup] = true
+      respond_with resource, location: after_sign_up_path_for(resource)
+    else
+      clean_up_passwords(resource)
+      respond_with(resource) do |format|
+        format.html { render :new }
+      end
+    end
+  end
+
+  protected
+  def translation_scope
+    'devise.user_registrations'
+  end
+
+  def check_permissions
+    authorize!(:create, resource)
+  end
+
+  private
+  def spree_user_params
+    params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes | [:email])
+  end
+end

data/lib/controllers/frontend/spree/user_sessions_controller.rb

@@ -0,0 +1,64 @@
+class Spree::UserSessionsController < Devise::SessionsController
+  helper 'spree/base', 'spree/store'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
+
+  # This is included in ControllerHelpers::Order.  We just want to call
+  # it after someone has successfully logged in.
+  after_action :set_current_order, only: :create
+
+  def create
+    authenticate_spree_user!
+
+    if spree_user_signed_in?
+      respond_to do |format|
+        format.html do
+          flash[:success] = Spree.t(:logged_in_succesfully)
+          redirect_back_or_default(after_sign_in_path_for(spree_current_user))
+        end
+        format.js { render success_json }
+      end
+    else
+      respond_to do |format|
+        format.html do
+          flash.now[:error] = t('devise.failure.invalid')
+          render :new
+        end
+        format.js do
+          render json: { error: t('devise.failure.invalid') },
+            status: :unprocessable_entity
+        end
+      end
+    end
+  end
+
+  protected
+
+  def translation_scope
+    'devise.user_sessions'
+  end
+
+  private
+
+  def accurate_title
+    Spree.t(:login)
+  end
+
+  def redirect_back_or_default(default)
+    redirect_to(session["spree_user_return_to"] || default)
+    session["spree_user_return_to"] = nil
+  end
+
+  def success_json
+    {
+      json: {
+        user: spree_current_user,
+        ship_address: spree_current_user.ship_address,
+        bill_address: spree_current_user.bill_address
+      }.to_json
+    }
+  end
+end

data/lib/controllers/frontend/spree/users_controller.rb

@@ -0,0 +1,57 @@
+class Spree::UsersController < Spree::StoreController
+  skip_before_action :set_current_order, only: :show, raise: false
+  prepend_before_action :load_object, only: [:show, :edit, :update]
+  prepend_before_action :authorize_actions, only: :new
+
+  include Spree::Core::ControllerHelpers
+
+  def show
+    @orders = @user.orders.complete.order('completed_at desc')
+  end
+
+  def create
+    @user = Spree::User.new(user_params)
+    if @user.save
+
+      if current_order
+        session[:guest_token] = nil
+      end
+
+      redirect_back_or_default(root_url)
+    else
+      render :new
+    end
+  end
+
+  def update
+    if @user.update_attributes(user_params)
+      if params[:user][:password].present?
+        # this logic needed b/c devise wants to log us out after password changes
+        unless Spree::Auth::Config[:signout_after_password_change]
+          bypass_sign_in(@user)
+        end
+      end
+      redirect_to spree.account_url, notice: Spree.t(:account_updated)
+    else
+      render :edit
+    end
+  end
+
+  private
+    def user_params
+      params.require(:user).permit(Spree::PermittedAttributes.user_attributes | [:email])
+    end
+
+    def load_object
+      @user ||= spree_current_user
+      authorize! params[:action].to_sym, @user
+    end
+
+    def authorize_actions
+      authorize! params[:action].to_sym, Spree::User.new
+    end
+
+    def accurate_title
+      Spree.t(:my_account)
+    end
+end