spree_auth 0.30.0.beta1 → 0.30.0

data/app/views/users/show.html.erb

@@ -0,0 +1,46 @@
+<h1><%= t("my_account") %></h1>
+
+<%= hook :account_summary do %>
+
+<table>
+  <tr>
+    <td><%= t("email") %>:</td>
+    <td>
+      <%= @user.email %>
+    </td>
+  </tr>
+</table>
+<p><%= link_to t('edit'), edit_account_path %></p>
+
+<% end %>
+
+<%= hook :account_my_orders do %>
+
+<h2><%= t("my_orders") %></h2>
+ 
+<table class="order-summary" width="545">
+  <thead>
+    <tr>
+      <th><%= t("order_number") %></th>
+      <th><%= t("order_date") %></th>
+      <th><%= t("status") %></th>
+      <th><%= t("customer") %></th>
+      <th><%= t("total") %></th>
+    </tr>
+  </thead>
+  <tbody>
+  <% @orders.each do |order| %>
+    <tr class="<%= cycle('even', 'odd') %>">
+      <td><%= link_to order.number, order_url(order) %></td>
+      <td><%=order.created_at.to_date%></td>
+      <td><%= t(order.state).titleize %></td>
+      <td><%= order.user.email if order.user %></td>
+      <td><%= number_to_currency order.total %></td>
+    </tr>
+  <% end %>
+  </tbody>
+</table>
+ 
+<br />
+
+<% end %>

data/config/routes.rb

@@ -1,4 +1,21 @@
 Rails.application.routes.draw do
+
   match '/checkout/registration' => 'checkout#registration', :via => :get, :as => :checkout_registration
   match '/checkout/registration' => 'checkout#update_registration', :via => :put, :as => :update_checkout_registration
-end
+
+  match '/login', :to => 'user_sessions#new', :as => :login
+  match '/logout', :to => 'user_sessions#destroy', :as => :logout
+  match '/signup', :to => 'users#new', :as => :signup
+
+  match '/orders/:id/token/:token' => 'orders#show', :via => :get, :as => :token_order
+
+  resource :user_session do
+    member do
+      get :nav_bar
+    end
+  end
+  resource :account, :controller => "users"
+  resources :password_resets
+  resources :users
+
+end

data/db/sample/users.rb

@@ -0,0 +1,53 @@
+# see last line where we create an admin if there is none, asking for email and password
+def prompt_for_admin_password
+  password = ask('Password [spree123]: ', String) do |q|
+    q.echo = false
+    q.validate = /^(|.{5,40})$/
+    q.responses[:not_valid] = "Invalid password. Must be at least 5 characters long."
+    q.whitespace = :strip
+  end
+  password = "spree123" if password.blank?
+  password
+end
+
+def prompt_for_admin_email
+  email = ask('Email [spree@example.com]: ', String) do |q|
+    q.echo = true
+    q.whitespace = :strip
+  end
+  email = "spree@example.com" if email.blank?
+  email
+end
+
+def create_admin_user
+  if ENV['AUTO_ACCEPT']
+    password =  "spree"
+    email =  "spree@example.com"
+  else
+    require 'highline/import'
+    puts "Create the admin user (press enter for defaults)."
+    #name = prompt_for_admin_name unless name
+    email = prompt_for_admin_email
+    password = prompt_for_admin_password
+  end
+  attributes = {
+    :password => password,
+    :password_confirmation => password,
+    :email => email,
+    :login => email
+  }
+
+  load 'user.rb'
+
+  if User.find_by_email(email)
+    say "\nWARNING: There is already a user with the email: #{email}, so no account changes were made.  If you wish to create an additional admin user, please run rake db:admin:create again with a different email.\n\n"
+  else
+    admin = User.create(attributes)
+    # create an admin role and and assign the admin user to that role
+    role = Role.find_or_create_by_name "admin"
+    admin.roles << role
+    admin.save
+  end
+end
+
+create_admin_user if User.where("roles.name" => 'admin').includes(:roles).empty?

data/lib/cancan/controller_additions.rb

@@ -0,0 +1,60 @@
+# Overrides the default current_ability method used by Cancan so that we can use the guest_token in addition to current_user.
+# We were having problems layering the custom logic on top of ActionController::Base in certain situations but overriding
+# this file within spree_auth seems to do the trick. Documentation has been stripped (see cancan for the original docs.)
+# Only the current_ability method has been changed.
+
+module CanCan
+
+  module ControllerAdditions
+    module ClassMethods
+
+      def load_and_authorize_resource(*args)
+        ControllerResource.add_before_filter(self, :load_and_authorize_resource, *args)
+      end
+
+      def load_resource(*args)
+        ControllerResource.add_before_filter(self, :load_resource, *args)
+      end
+
+      def authorize_resource(*args)
+        ControllerResource.add_before_filter(self, :authorize_resource, *args)
+      end
+    end
+
+    def self.included(base)
+      base.extend ClassMethods
+      base.helper_method :can?, :cannot?
+    end
+
+    def authorize!(action, subject, *args)
+      message = nil
+      if args.last.kind_of?(Hash) && args.last.has_key?(:message)
+        message = args.pop[:message]
+      end
+      raise AccessDenied.new(message, action, subject) if cannot?(action, subject, *args)
+    end
+
+    def unauthorized!(message = nil)
+      raise ImplementationRemoved, "The unauthorized! method has been removed from CanCan, use authorize! instead."
+    end
+
+    def current_ability
+      # HACKED to use Spree's auth_user instead of current_user
+      @current_ability ||= ::Ability.new(auth_user)
+    end
+
+    def can?(*args)
+      current_ability.can?(*args)
+    end
+
+    def cannot?(*args)
+      current_ability.cannot?(*args)
+    end
+  end
+end
+
+if defined? ActionController
+  ActionController::Base.class_eval do
+    include CanCan::ControllerAdditions
+  end
+end

data/lib/spree/auth_user.rb

@@ -4,17 +4,13 @@ module Spree
     # Gives controllers the ability to learn the +auth_user+ as opposed to limiting them to just the standard
     # +current_user.+  The +auth_user+ method will return the user corresponding to the +guest_token+ if present,
     # otherwise it will return the +current_user.+  This allows us to check authorization against a guest user
-    # without requiring that user to be signed in via warden/devise.  This means the guest can later sign up for
+    # without requiring that user to be signed in.  This means the guest can later sign up for
     # an acccount (or log in to an existing account.)
     def auth_user
-      return current_user unless session[:guest_token]
-      User.find_by_authentication_token(session[:guest_token])
-    end
-
-    # Overrides the default method used by Cancan so that we can use the guest_token in addition to current_user.
-    def current_ability
-      @current_ability ||= ::Ability.new(auth_user)
+      return current_user if current_user
+      return nil if session[:guest_token].blank?
+      User.find_by_persistence_token(session[:guest_token])
     end
 
   end
-end
+end

data/lib/spree_auth.rb

@@ -1,7 +1,5 @@
 require 'spree_core'
-
-require 'devise'
-require 'devise/orm/active_record'
+require 'authlogic'
 require 'cancan'
 
 require 'spree/auth_user'
@@ -11,7 +9,7 @@ module SpreeAuth
   class Engine < Rails::Engine
     def self.activate
       Dir.glob(File.join(File.dirname(__FILE__), "../app/**/*_decorator*.rb")) do |c|
-        Rails.env == "production" ? require(c) : load(c)
+        Rails.env.production? ? require(c) : load(c)
       end
     end
     config.to_prepare &method(:activate).to_proc

data/lib/tasks/auth.rake

@@ -0,0 +1,8 @@
+namespace :db do
+  namespace :admin do
+    desc "Create admin username and password"
+    task :create => :environment do
+      require File.join(Rails.root, 'db', 'sample', 'users.rb')
+    end
+  end
+end

data/lib/tasks/install.rake

@@ -0,0 +1,24 @@
+namespace :spree_auth do
+  desc "Copies all migrations and assets (NOTE: This will be obsolete with Rails 3.1)"
+  task :install do
+    Rake::Task['spree_auth:install:migrations'].invoke
+    Rake::Task['spree_auth:install:assets'].invoke
+  end
+
+  namespace :install do
+
+    desc "Copies all migrations (NOTE: This will be obsolete with Rails 3.1)"
+    task :migrations do
+      source = File.join(File.dirname(__FILE__), '..', '..', 'db')
+      destination = File.join(Rails.root, 'db')
+      puts "INFO: Mirroring assets from #{source} to #{destination}"
+      Spree::FileUtilz.mirror_files(source, destination)
+    end
+
+    desc "Copies all assets (NOTE: This will be obsolete with Rails 3.1)"
+    task :assets do
+      # No assets
+    end
+
+  end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: spree_auth
 version: !ruby/object:Gem::Version 
-  prerelease: true
+  hash: 103
+  prerelease: false
   segments: 
   - 0
   - 30
   - 0
-  - beta1
-  version: 0.30.0.beta1
+  version: 0.30.0
 platform: ruby
 authors: 
 - Sean Schofield
@@ -15,45 +15,50 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-03 00:00:00 -04:00
+date: 2010-11-09 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: spree_core
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
+        hash: 103
         segments: 
         - 0
         - 30
         - 0
-        - beta1
-        version: 0.30.0.beta1
+        version: 0.30.0
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: devise
+  name: authlogic
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
+        hash: 7
         segments: 
-        - 1
-        - 1
         - 2
-        version: 1.1.2
+        - 1
+        - 6
+        version: 2.1.6
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
   name: cancan
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 29
         segments: 
         - 1
         - 3
@@ -74,35 +79,39 @@ files:
 - README.md
 - app/controllers/admin_controller_decorator.rb
 - app/controllers/checkout_controller_decorator.rb
-- app/controllers/devise/sessions_controller_decorator.rb
 - app/controllers/orders_controller_decorator.rb
 - app/controllers/resource_controller_decorator.rb
 - app/controllers/spree/base_controller_decorator.rb
+- app/controllers/user_sessions_controller.rb
+- app/controllers/users_controller.rb
 - app/models/ability.rb
 - app/models/order_decorator.rb
 - app/models/spree_auth_configuration.rb
+- app/models/spree_current_order_decorator.rb
 - app/models/user.rb
+- app/models/user_mailer.rb
+- app/models/user_session.rb
 - app/views/checkout/registration.html.erb
-- app/views/devise/confirmations/new.html.erb
-- app/views/devise/mailer/confirmation_instructions.html.erb
-- app/views/devise/mailer/reset_password_instructions.html.erb
-- app/views/devise/mailer/unlock_instructions.html.erb
-- app/views/devise/passwords/edit.html.erb
-- app/views/devise/passwords/new.html.erb
-- app/views/devise/registrations/edit.html.erb
-- app/views/devise/registrations/new.html.erb
-- app/views/devise/sessions/new.html.erb
-- app/views/devise/shared/_links.erb
-- app/views/devise/unlocks/new.html.erb
+- app/views/password_resets/edit.html.erb
+- app/views/password_resets/new.html.erb
+- app/views/shared/_error_messages.html.erb
+- app/views/shared/_flashes.html.erb
 - app/views/shared/_login_bar.html.erb
 - app/views/shared/unauthorized.html.erb
+- app/views/user_mailer/password_reset_instructions.erb
+- app/views/user_sessions/authorization_failure.html.erb
+- app/views/user_sessions/new.html.erb
+- app/views/users/edit.html.erb
+- app/views/users/new.html.erb
+- app/views/users/show.html.erb
 - config/routes.rb
-- lib/generators/spree_auth/install_generator.rb
-- lib/generators/templates/db/migrate/20100811003924_switch_to_devise.rb
-- lib/generators/templates/devise.rb
+- lib/cancan/controller_additions.rb
 - lib/spree/auth/config.rb
 - lib/spree/auth_user.rb
 - lib/spree_auth.rb
+- lib/tasks/auth.rake
+- lib/tasks/install.rake
+- db/sample/users.rb
 has_rdoc: true
 homepage: http://spreecommerce.com
 licenses: []
@@ -113,27 +122,29 @@ rdoc_options: []
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 57
       segments: 
       - 1
       - 8
       - 7
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
-      - 1
-      - 3
-      - 1
-      version: 1.3.1
+      - 0
+      version: "0"
 requirements: 
 - none
 rubyforge_project: spree_auth
-rubygems_version: 1.3.6
+rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: Provides authentication and authorization services for use with Spree.

data/app/controllers/devise/sessions_controller_decorator.rb

@@ -1,12 +0,0 @@
-Devise::SessionsController.class_eval do
-  after_filter :associate_user, :only => :create
-
-  include Spree::CurrentOrder
-  include Spree::AuthUser
-
-  def associate_user
-    return unless current_user and current_order
-    current_order.associate_user!(current_user) if can? :edit, current_order
-    session[:guest_token] = nil
-  end
-end

data/app/views/devise/confirmations/new.html.erb

@@ -1,12 +0,0 @@
-<h2><%= t(:resend_confirmation_instructions) %></h2>
-
-<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
-  <%= devise_error_messages! %>
-
-  <p><%= f.label :email %><br />
-  <%= f.text_field :email %></p>
-
-  <p><%= f.submit t(:resend_confirmation_instructions) %></p>
-<% end %>
-
-<%= render :partial => "devise/shared/links" %>

data/app/views/devise/mailer/confirmation_instructions.html.erb

@@ -1,5 +0,0 @@
-<p>Welcome <%= @resource.email %>!</p>
-
-<p>You can confirm your account through the link below:</p>
-
-<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>

data/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -1,8 +0,0 @@
-<p>Hello <%= @resource.email %>!</p>
-
-<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
-
-<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
-
-<p>If you didn't request this, please ignore this email.</p>
-<p>Your password won't change until you access the link above and create a new one.</p>

data/app/views/devise/mailer/unlock_instructions.html.erb

@@ -1,7 +0,0 @@
-<p>Hello <%= @resource.email %>!</p>
-
-<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
-
-<p>Click the link below to unlock your account:</p>
-
-<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>

data/app/views/devise/passwords/edit.html.erb

@@ -1,16 +0,0 @@
-<h2><%= t(:change_my_password) %></h2>
-
-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
-  <%= devise_error_messages! %>
-  <%= f.hidden_field :reset_password_token %>
-
-  <p><%= f.label :password %><br />
-  <%= f.password_field :password %></p>
-
-  <p><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></p>
-
-  <p><%= f.submit t(:change_my_password) %></p>
-<% end %>
-
-<%= render :partial => "devise/shared/links" %>

data/app/views/devise/passwords/new.html.erb

@@ -1,12 +0,0 @@
-<h2><%= t(:forgot_password) %></h2>
-
-<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
-  <%= devise_error_messages! %>
-
-  <p><%= f.label :email %><br />
-  <%= f.text_field :email %></p>
-
-  <p><%= f.submit t(:send_me_reset_password_instructions) %></p>
-<% end %>
-
-<%= render :partial => "devise/shared/links" %>

data/app/views/devise/registrations/edit.html.erb

@@ -1,25 +0,0 @@
-<h2><%= t(:my_account) %></h2>
-
-<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
-  <%= devise_error_messages! %>
-
-  <p><%= f.label :email %><br />
-  <%= f.text_field :email %></p>
-
-  <p><%= f.label :password %> <i><%= t(:leave_blank_to_not_change) %></i><br />
-  <%= f.password_field :password %></p>
-
-  <p><%= f.label :password_confirmation %><br />
-  <%= f.password_field :password_confirmation %></p>
-
-  <p><%= f.label :current_password %> <i><%= t(:enter_password_to_confirm) %></i><br />
-  <%= f.password_field :current_password %></p>
-
-  <p><%= f.submit t(:update) %></p>
-<% end %>
-
-<h3><%= t(:cancel_my_account) %></h3>
-
-<p><%= t(:cancel_my_account_description) %> <%= link_to t(:cancel_my_account), registration_path(resource_name), :confirm => t(:are_you_sure), :method => :delete %>.</p>
-
-<%= link_to t(:back), :back %>

data/app/views/devise/registrations/new.html.erb

@@ -1,22 +0,0 @@
-<% @body_id = 'signup' %>
-
-<div id="new-customer">
-  <h2><%= t("new_customer") %></h2>
-
-  <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
-    <%= devise_error_messages! %>
-
-    <p><%= f.label :email %><br />
-    <%= f.text_field :email %></p>
-
-    <p><%= f.label :password %><br />
-    <%= f.password_field :password %></p>
-
-    <p><%= f.label :password_confirmation %><br />
-    <%= f.password_field :password_confirmation %></p>
-
-    <p><%= f.submit t(:sign_up) %></p>
-  <% end %>
-
-  <%= render :partial => "devise/shared/links" %>
-</div>

data/app/views/devise/sessions/new.html.erb

@@ -1,20 +0,0 @@
-<% @body_id = 'login' %>
-<div id="existing-customer">
-  <h2><%= t("login_as_existing") %></h2>
-
-  <%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
-    <p><%= f.label :email %><br />
-    <%= f.text_field :email %></p>
-
-    <p><%= f.label :password %><br />
-    <%= f.password_field :password %></p>
-
-    <% if devise_mapping.rememberable? -%>
-      <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
-    <% end -%>
-
-    <p><%= f.submit t(:log_in) %></p>
-  <% end %>
-
-  <%= render :partial => "devise/shared/links" %>
-</div>

data/app/views/devise/shared/_links.erb

@@ -1,19 +0,0 @@
-<%- if controller_name != 'sessions' %>
-  <%= link_to t(:log_in), new_session_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
-  <%= link_to t(:sign_up), new_registration_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
-  <%= link_to t(:forgot_password), new_password_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
-  <%= link_to t(:didnt_receive_confirmation_instructions), new_confirmation_path(resource_name) %><br />
-<% end -%>
-
-<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
-  <%= link_to t(:didnt_receive_unlock_instructions), new_unlock_path(resource_name) %><br />
-<% end -%>

data/app/views/devise/unlocks/new.html.erb

@@ -1,12 +0,0 @@
-<h2><%= t(:resend_unlock_instructions) %></h2>
-
-<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
-  <%= devise_error_messages! %>
-
-  <p><%= f.label :email %><br />
-  <%= f.text_field :email %></p>
-
-  <p><%= f.submit t(:resend_unlock_instructions) %></p>
-<% end %>
-
-<%= render :partial => "devise/shared/links" %>

data/lib/generators/spree_auth/install_generator.rb

@@ -1,25 +0,0 @@
-module SpreeAuth
-  module Generators
-    class InstallGenerator < Rails::Generators::Base
-      source_root File.expand_path("../../templates", __FILE__)
-
-      desc "Configures your Rails application for use with spree_auth."
-
-      def setup_routes
-        route 'devise_for :users'
-      end
-
-      def copy_initializer
-        template "devise.rb", "config/initializers/devise.rb"
-      end
-
-      def copy_migrations
-        directory "db"
-      end
-
-      # def show_readme
-      #   readme "README" if behavior == :invoke
-      # end
-    end
-  end
-end