spree_auth 0.40.4 → 0.50.0

data/README.md

@@ -20,13 +20,17 @@ You need to do a quick one-time creation of a test application and then you can
 
     rake test_app
 
-Then run the tests
+Then run the rspec tests
 
     rake spec
 
+Then run the cucumber tests
+
+    bundle exec cucumber
+
 Misc
 ----
 
 authentication by token example
 
-    http://localhost:3000/?auth_token=oWBSN16k6dWx46TtSGcp
+    http://localhost:3000/?auth_token=oWBSN16k6dWx46TtSGcp

data/app/controllers/spree/base_controller_decorator.rb

@@ -1,5 +1,7 @@
 Spree::BaseController.class_eval do
 
+  before_filter :set_current_user
+
   # graceful error handling for cancan authorization exceptions
   rescue_from CanCan::AccessDenied do |exception|
     return unauthorized
@@ -17,6 +19,7 @@ Spree::BaseController.class_eval do
           flash.now[:error] = I18n.t(:authorization_failure)
           render 'shared/unauthorized', :layout => 'spree_application'
         else
+          flash[:error] = I18n.t(:authorization_failure)
           store_location
           redirect_to login_path and return
         end
@@ -39,4 +42,8 @@ Spree::BaseController.class_eval do
     end
   end
 
+  def set_current_user
+    User.current = current_user
+  end
+
 end

data/app/controllers/{user_password_resets_controller.rb → user_passwords_controller.rb}

@@ -1,4 +1,4 @@
-class UserPasswordResetsController < Devise::PasswordsController
+class UserPasswordsController < Devise::PasswordsController
   include SpreeBase
   helper :users, 'spree/base'
 

data/app/controllers/user_registrations_controller.rb

@@ -2,6 +2,8 @@ class UserRegistrationsController < Devise::RegistrationsController
   include SpreeBase
   helper :users, 'spree/base'
 
+  ssl_required
+  after_filter :associate_user, :only => :create
   before_filter :check_permissions, :only => [:edit, :update]
   skip_before_filter :require_no_authentication
 
@@ -53,4 +55,10 @@ class UserRegistrationsController < Devise::RegistrationsController
     authorize!(:create, resource)
   end
 
-end
+  def associate_user
+    return unless current_user and current_order
+    current_order.associate_user!(current_user)
+    session[:guest_token] = nil
+  end
+
+end

data/app/controllers/user_sessions_controller.rb

@@ -20,7 +20,7 @@ class UserSessionsController < Devise::SessionsController
     if user_signed_in?
       respond_to do |format|
         format.html {
-          flash[:notice] = t("logged_in_succesfully")
+          flash[:notice] = I18n.t("logged_in_succesfully")
           redirect_back_or_default(products_path)
         }
         format.js {
@@ -28,6 +28,9 @@ class UserSessionsController < Devise::SessionsController
           render :json => {:ship_address => user.ship_address, :bill_address => user.bill_address}.to_json
         }
       end
+    else
+      flash[:error] = I18n.t("devise.failure.invalid")
+      render :new
     end
   end
 
@@ -52,4 +55,4 @@ class UserSessionsController < Devise::SessionsController
     I18n.t(:log_in)
   end
 
-end
+end

data/app/controllers/users_controller.rb

@@ -1,42 +1,54 @@
 class UsersController < Spree::BaseController
-  resource_controller
+  prepend_before_filter :load_object, :only => [:show, :edit, :update]
+  prepend_before_filter :authorize_actions, :only => :new
 
-  ssl_required :new, :create, :edit, :update, :show
-
-  actions :all, :except => [:index, :destroy]
-
-  show.before do
+  def show
     @orders = @user.orders.complete
   end
 
-  create.after do
-    associate_user
-  end
+  def create
+    @user = User.new(params[:user])
+    if @user.save
 
-  create.flash nil
-  create.wants.html { redirect_back_or_default(root_url) }
+      if current_order
+        current_order.associate_user!(@user)
+        session[:guest_token] = nil
+      end
+
+      redirect_back_or_default(root_url)
+    else
+      render 'new'
+    end
 
-  new_action.before do
-    flash.now[:notice] = I18n.t(:please_create_user) unless User.admin_created?
   end
 
-  update.wants.html { redirect_to account_url }
-  update.flash { I18n.t("account_updated") }
+  def update
+    if @user.update_attributes(params[:user])
+      if params[:user][:password].present?
+        # this logic needed b/c devise wants to log us out after password changes
+        user = User.reset_password_by_token(params[:user])
+        sign_in(@user, :event => :authentication)
+      end
+      flash.notice = I18n.t("account_updated")
+      redirect_to account_url
+    else
+      render 'edit'
+    end
 
-  private
-  def object
-    @object ||= current_user
   end
 
-  def accurate_title
-    I18n.t(:account)
-  end
+  private
+    def load_object
+      @user ||= current_user
+      authorize! params[:action].to_sym, @user
+    end
 
-  def associate_user
-    return unless current_order and @user.valid?
-    current_order.associate_user!(@user)
-    session[:guest_token] = nil
-  end
+    def authorize_actions
+      authorize! params[:action].to_sym, User
+    end
 
-end
+    def accurate_title
+      I18n.t(:account)
+    end
 
+end

data/app/helpers/users_helper.rb

@@ -1,10 +1,10 @@
-module UsersHelper       
+module UsersHelper
   def password_style(user)
     ActiveSupport::Deprecation.warn "[SPREE] Password style has be depreciated due to the removal of OpenID from the Auth Gem. "
       "Please install the spree_social gem to regain this functionality and more."
     ""
-  end         
-  def openid_style(user) 
+  end
+  def openid_style(user)
     ActiveSupport::Deprecation.warn "[SPREE] Password style has be depreciated due to the removal of OpenID from the Auth Gem. "
       "Please install the spree_social gem to regain this functionality and more."
     "display:none"

data/app/models/ability.rb

@@ -5,7 +5,7 @@
 class Ability
   include CanCan::Ability
 
-  class_inheritable_accessor :abilities
+  class_attribute :abilities
   self.abilities = Set.new
 
   # Allows us to go beyond the standard cancan initialize method which makes it difficult for engines to
@@ -57,7 +57,7 @@ class Ability
     #include any abilities registered by extensions, etc.
     Ability.abilities.each do |clazz|
       ability = clazz.send(:new, user)
-      @can_definitions = can_definitions + ability.send(:can_definitions)
+      @rules = rules + ability.send(:rules)
     end
 
   end

data/app/models/user.rb

@@ -14,6 +14,9 @@ class User < ActiveRecord::Base
   # Setup accessible (or protected) attributes for your model
   attr_accessible :email, :password, :password_confirmation, :remember_me, :persistence_token
 
+  scope :admin, lambda { includes(:roles).where("roles.name" => "admin") }
+  scope :registered, where("users.email NOT LIKE ?", "%@example.net")
+
   # has_role? simply needs to return true or false whether a user has a role or not.
   def has_role?(role_in_question)
     roles.any? { |role| role.name == role_in_question.to_s }
@@ -28,7 +31,7 @@ class User < ActiveRecord::Base
   end
 
   def self.admin_created?
-    Role.where(:name => "admin").includes(:users).count > 0
+    User.admin.count > 0
   end
 
   def anonymous?
@@ -71,4 +74,12 @@ class User < ActiveRecord::Base
     end
   end
 
+  def self.current
+    Thread.current[:user]
+  end
+
+  def self.current=(user)
+    Thread.current[:user] = user
+  end
+
 end

data/app/models/user_mailer.rb

@@ -1,8 +1,10 @@
 class UserMailer < ActionMailer::Base
-  default_url_options[:host] = Spree::Config[:site_url]
 
   def reset_password_instructions(user)
+    default_url_options[:host] = Spree::Config[:site_url]
+
     @edit_password_reset_url = edit_user_password_url(:reset_password_token => user.reset_password_token)
+
     mail(:to => user.email,
          :subject => Spree::Config[:site_name] + ' ' + I18n.t("password_reset_instructions"))
   end

data/app/views/layouts/admin/_login_nav.html.erb

@@ -0,0 +1,8 @@
+<% if  current_user %>
+  <ul id="login-nav">
+    <li><%= t('logged_in_as') %>: <%= current_user.email %></li>
+    <li><%= link_to t('account'), edit_user_path(current_user) %></li>
+    <li><%= link_to t('logout'), destroy_user_session_path %></li>
+    <li><%= link_to t('store'), products_path %></li>
+  </ul>
+<% end %>

data/app/views/users/edit.html.erb

@@ -2,7 +2,7 @@
 
 <h1><%= t("editing_user") %></h1>
 
-<%= form_for(:user, :url => object_url, :html => { :method => :put }) do |f| %>
+<%= form_for(@user, :html => { :method => :put }) do |f| %>
   <%= render 'shared/user_form', :f => f %>
   <p>
     <%=submit_tag t("update") %>

data/app/views/users/show.html.erb

@@ -17,30 +17,32 @@
 <%= hook :account_my_orders do %>
 
 <h2><%= t("my_orders") %></h2>
- 
-<table class="order-summary" width="545">
-  <thead>
-    <tr>
-      <th><%= t("order_number") %></th>
-      <th><%= t("order_date") %></th>
-      <th><%= t("status") %></th>
-      <th><%= t("customer") %></th>
-      <th><%= t("total") %></th>
-    </tr>
-  </thead>
-  <tbody>
-  <% @orders.each do |order| %>
-    <tr class="<%= cycle('even', 'odd') %>">
-      <td><%= link_to order.number, order_url(order) %></td>
-      <td><%=order.created_at.to_date%></td>
-      <td><%= t(order.state).titleize %></td>
-      <td><%= order.user.email if order.user %></td>
-      <td><%= number_to_currency order.total %></td>
-    </tr>
-  <% end %>
-  </tbody>
-</table>
- 
+<% if @orders.present? %>
+  <table class="order-summary" width="545">
+    <thead>
+      <tr>
+        <th><%= t("order_number") %></th>
+        <th><%= t("order_date") %></th>
+        <th><%= t("status") %></th>
+        <th><%= t("customer") %></th>
+        <th><%= t("total") %></th>
+      </tr>
+    </thead>
+    <tbody>
+    <% @orders.each do |order| %>
+      <tr class="<%= cycle('even', 'odd') %>">
+        <td><%= link_to order.number, order_url(order) %></td>
+        <td><%=order.created_at.to_date%></td>
+        <td><%= t(order.state).titleize %></td>
+        <td><%= order.user.email if order.user %></td>
+        <td><%= number_to_currency order.total %></td>
+      </tr>
+    <% end %>
+    </tbody>
+  </table>
+<% else %>
+  <p><%= t(:you_have_no_orders_yet) %></p>
+<% end %>
 <br />
 
 <% end %>

data/config/cucumber.yml

@@ -0,0 +1,10 @@
+<%
+rerun = File.file?('rerun.txt') ? IO.read('rerun.txt') : ""
+rerun_opts = rerun.to_s.strip.empty? ? "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} features" : "--format #{ENV['CUCUMBER_FORMAT'] || 'pretty'} #{rerun}"
+std_opts = "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} --strict --tags ~@wip"
+ci_opts = "--format progress --strict"
+%>
+default: <%= std_opts %> features
+wip: --tags @wip:3 --wip features
+ci: <%= ci_opts %> features CI=true
+rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip

data/config/locales/en.yml

@@ -16,9 +16,10 @@ en:
       invalid_token: 'Invalid authentication token.'
       timeout: 'Your session expired, please sign in again to continue.'
       inactive: 'Your account was not activated yet.'
-    user_password_resets:
-      send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
-      updated: 'Your password was changed successfully. You are now signed in.'
+    user_passwords:
+      user:
+        send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
+        updated: 'Your password was changed successfully. You are now signed in.'
     confirmations:
       send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
       confirmed: 'Your account was successfully confirmed. You are now signed in.'

data/config/routes.rb

@@ -1,8 +1,8 @@
 Rails.application.routes.draw do
-  devise_for :users,
+  devise_for :user,
              :controllers => { :sessions => 'user_sessions',
                                :registrations => 'user_registrations',
-                               :passwords => "user_password_resets"},
+                               :passwords => "user_passwords" },
              :skip => [:unlocks, :omniauth_callbacks],
              :path_names => { :sign_out => 'logout'}
   resources :users, :only => [:edit, :update]

data/db/migrate/{20101101185116_rename_columns_for_devise.rb → 20101026184950_rename_columns_for_devise.rb}

@@ -1,5 +1,6 @@
 class RenameColumnsForDevise < ActiveRecord::Migration
   def self.up
+    return if column_exists?(:users, :password_salt)
     rename_column :users, :crypted_password, :encrypted_password
     rename_column :users, :salt, :password_salt
     rename_column :users, :remember_token_expires_at, :remember_created_at

data/lib/spree_auth.rb

@@ -4,6 +4,7 @@ require 'cancan'
 
 require 'spree/auth/config'
 require 'spree/token_resource'
+require 'spree_auth_hooks'
 
 module SpreeAuth
   class Engine < Rails::Engine

data/lib/spree_auth_hooks.rb

@@ -0,0 +1,6 @@
+class SpreeAuthHooks < Spree::ThemeSupport::HookListener
+
+  replace :admin_login_navigation_bar, :partial => "layouts/admin/login_nav"
+  replace :shared_login_bar, :partial => "shared/login_bar"
+
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: spree_auth
 version: !ruby/object:Gem::Version 
-  hash: 183
-  prerelease: 
+  hash: 215
+  prerelease: false
   segments: 
   - 0
-  - 40
-  - 4
-  version: 0.40.4
+  - 50
+  - 0
+  version: 0.50.0
 platform: ruby
 authors: 
 - Sean Schofield
@@ -15,7 +15,8 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-10-21 00:00:00 Z
+date: 2011-03-23 00:00:00 -04:00
+default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: spree_core
@@ -25,12 +26,12 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 183
+        hash: 215
         segments: 
         - 0
-        - 40
-        - 4
-        version: 0.40.4
+        - 50
+        - 0
+        version: 0.50.0
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -41,12 +42,12 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 7712074
+        hash: 977940511
         segments: 
         - 1
         - 2
-        - rc
-        version: 1.2.rc
+        - rc2
+        version: 1.2.rc2
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
@@ -57,12 +58,12 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 29
+        hash: 1
         segments: 
         - 1
-        - 3
-        - 3
-        version: 1.3.3
+        - 5
+        - 1
+        version: 1.5.1
   type: :runtime
   version_requirements: *id003
 description: Required dependancy for Spree
@@ -81,7 +82,7 @@ files:
 - app/controllers/orders_controller_decorator.rb
 - app/controllers/resource_controller_decorator.rb
 - app/controllers/spree/base_controller_decorator.rb
-- app/controllers/user_password_resets_controller.rb
+- app/controllers/user_passwords_controller.rb
 - app/controllers/user_registrations_controller.rb
 - app/controllers/user_sessions_controller.rb
 - app/controllers/users_controller.rb
@@ -94,33 +95,36 @@ files:
 - app/models/user.rb
 - app/models/user_mailer.rb
 - app/views/checkout/registration.html.erb
-- app/views/shared/_error_messages.html.erb
+- app/views/layouts/admin/_login_nav.html.erb
 - app/views/shared/_flashes.html.erb
 - app/views/shared/_login.html.erb
 - app/views/shared/_login_bar.html.erb
 - app/views/shared/_user_form.html.erb
 - app/views/shared/unauthorized.html.erb
 - app/views/user_mailer/reset_password_instructions.text.erb
-- app/views/user_password_resets/edit.html.erb
-- app/views/user_password_resets/new.html.erb
+- app/views/user_passwords/edit.html.erb
+- app/views/user_passwords/new.html.erb
 - app/views/user_registrations/new.html.erb
 - app/views/user_sessions/authorization_failure.html.erb
 - app/views/user_sessions/new.html.erb
 - app/views/users/edit.html.erb
 - app/views/users/show.html.erb
+- config/cucumber.yml
 - config/initializers/devise.rb
 - config/locales/en.yml
 - config/routes.rb
 - lib/spree/auth/config.rb
 - lib/spree/token_resource.rb
 - lib/spree_auth.rb
+- lib/spree_auth_hooks.rb
 - lib/tasks/auth.rake
 - lib/tasks/install.rake
-- db/migrate/20101101185116_rename_columns_for_devise.rb
+- db/migrate/20101026184950_rename_columns_for_devise.rb
 - db/migrate/20101214150824_convert_user_remember_field.rb
 - db/migrate/20101217012656_create_tokenized_permissions.rb
 - db/migrate/20101219201531_tokens_for_legacy_orders.rb
 - db/sample/users.rb
+has_rdoc: true
 homepage: http://spreecommerce.com
 licenses: []
 
@@ -152,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: 
 - none
 rubyforge_project: spree_auth
-rubygems_version: 1.8.10
+rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: Provides authentication and authorization services for use with Spree.

data/app/views/shared/_error_messages.html.erb

@@ -1,10 +0,0 @@
-<% if target.errors.any? %>
-<div id="errorExplanation">
-  <h2><%= pluralize(target.errors.count, "error") %> prohibited this record from being saved:</h2>
-  <ul>
-  <% target.errors.full_messages.each do |msg| %>
-    <li><%= msg %></li>
-  <% end %>
-  </ul>
-</div>
-<% end %>