spree_auth 0.40.4 → 0.50.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of spree_auth might be problematic. Click here for more details.

data/README.md CHANGED
@@ -20,13 +20,17 @@ You need to do a quick one-time creation of a test application and then you can
20
20
 
21
21
  rake test_app
22
22
 
23
- Then run the tests
23
+ Then run the rspec tests
24
24
 
25
25
  rake spec
26
26
 
27
+ Then run the cucumber tests
28
+
29
+ bundle exec cucumber
30
+
27
31
  Misc
28
32
  ----
29
33
 
30
34
  authentication by token example
31
35
 
32
- http://localhost:3000/?auth_token=oWBSN16k6dWx46TtSGcp
36
+ http://localhost:3000/?auth_token=oWBSN16k6dWx46TtSGcp
@@ -1,5 +1,7 @@
1
1
  Spree::BaseController.class_eval do
2
2
 
3
+ before_filter :set_current_user
4
+
3
5
  # graceful error handling for cancan authorization exceptions
4
6
  rescue_from CanCan::AccessDenied do |exception|
5
7
  return unauthorized
@@ -17,6 +19,7 @@ Spree::BaseController.class_eval do
17
19
  flash.now[:error] = I18n.t(:authorization_failure)
18
20
  render 'shared/unauthorized', :layout => 'spree_application'
19
21
  else
22
+ flash[:error] = I18n.t(:authorization_failure)
20
23
  store_location
21
24
  redirect_to login_path and return
22
25
  end
@@ -39,4 +42,8 @@ Spree::BaseController.class_eval do
39
42
  end
40
43
  end
41
44
 
45
+ def set_current_user
46
+ User.current = current_user
47
+ end
48
+
42
49
  end
@@ -1,4 +1,4 @@
1
- class UserPasswordResetsController < Devise::PasswordsController
1
+ class UserPasswordsController < Devise::PasswordsController
2
2
  include SpreeBase
3
3
  helper :users, 'spree/base'
4
4
 
@@ -2,6 +2,8 @@ class UserRegistrationsController < Devise::RegistrationsController
2
2
  include SpreeBase
3
3
  helper :users, 'spree/base'
4
4
 
5
+ ssl_required
6
+ after_filter :associate_user, :only => :create
5
7
  before_filter :check_permissions, :only => [:edit, :update]
6
8
  skip_before_filter :require_no_authentication
7
9
 
@@ -53,4 +55,10 @@ class UserRegistrationsController < Devise::RegistrationsController
53
55
  authorize!(:create, resource)
54
56
  end
55
57
 
56
- end
58
+ def associate_user
59
+ return unless current_user and current_order
60
+ current_order.associate_user!(current_user)
61
+ session[:guest_token] = nil
62
+ end
63
+
64
+ end
@@ -20,7 +20,7 @@ class UserSessionsController < Devise::SessionsController
20
20
  if user_signed_in?
21
21
  respond_to do |format|
22
22
  format.html {
23
- flash[:notice] = t("logged_in_succesfully")
23
+ flash[:notice] = I18n.t("logged_in_succesfully")
24
24
  redirect_back_or_default(products_path)
25
25
  }
26
26
  format.js {
@@ -28,6 +28,9 @@ class UserSessionsController < Devise::SessionsController
28
28
  render :json => {:ship_address => user.ship_address, :bill_address => user.bill_address}.to_json
29
29
  }
30
30
  end
31
+ else
32
+ flash[:error] = I18n.t("devise.failure.invalid")
33
+ render :new
31
34
  end
32
35
  end
33
36
 
@@ -52,4 +55,4 @@ class UserSessionsController < Devise::SessionsController
52
55
  I18n.t(:log_in)
53
56
  end
54
57
 
55
- end
58
+ end
@@ -1,42 +1,54 @@
1
1
  class UsersController < Spree::BaseController
2
- resource_controller
2
+ prepend_before_filter :load_object, :only => [:show, :edit, :update]
3
+ prepend_before_filter :authorize_actions, :only => :new
3
4
 
4
- ssl_required :new, :create, :edit, :update, :show
5
-
6
- actions :all, :except => [:index, :destroy]
7
-
8
- show.before do
5
+ def show
9
6
  @orders = @user.orders.complete
10
7
  end
11
8
 
12
- create.after do
13
- associate_user
14
- end
9
+ def create
10
+ @user = User.new(params[:user])
11
+ if @user.save
15
12
 
16
- create.flash nil
17
- create.wants.html { redirect_back_or_default(root_url) }
13
+ if current_order
14
+ current_order.associate_user!(@user)
15
+ session[:guest_token] = nil
16
+ end
17
+
18
+ redirect_back_or_default(root_url)
19
+ else
20
+ render 'new'
21
+ end
18
22
 
19
- new_action.before do
20
- flash.now[:notice] = I18n.t(:please_create_user) unless User.admin_created?
21
23
  end
22
24
 
23
- update.wants.html { redirect_to account_url }
24
- update.flash { I18n.t("account_updated") }
25
+ def update
26
+ if @user.update_attributes(params[:user])
27
+ if params[:user][:password].present?
28
+ # this logic needed b/c devise wants to log us out after password changes
29
+ user = User.reset_password_by_token(params[:user])
30
+ sign_in(@user, :event => :authentication)
31
+ end
32
+ flash.notice = I18n.t("account_updated")
33
+ redirect_to account_url
34
+ else
35
+ render 'edit'
36
+ end
25
37
 
26
- private
27
- def object
28
- @object ||= current_user
29
38
  end
30
39
 
31
- def accurate_title
32
- I18n.t(:account)
33
- end
40
+ private
41
+ def load_object
42
+ @user ||= current_user
43
+ authorize! params[:action].to_sym, @user
44
+ end
34
45
 
35
- def associate_user
36
- return unless current_order and @user.valid?
37
- current_order.associate_user!(@user)
38
- session[:guest_token] = nil
39
- end
46
+ def authorize_actions
47
+ authorize! params[:action].to_sym, User
48
+ end
40
49
 
41
- end
50
+ def accurate_title
51
+ I18n.t(:account)
52
+ end
42
53
 
54
+ end
@@ -1,10 +1,10 @@
1
- module UsersHelper
1
+ module UsersHelper
2
2
  def password_style(user)
3
3
  ActiveSupport::Deprecation.warn "[SPREE] Password style has be depreciated due to the removal of OpenID from the Auth Gem. "
4
4
  "Please install the spree_social gem to regain this functionality and more."
5
5
  ""
6
- end
7
- def openid_style(user)
6
+ end
7
+ def openid_style(user)
8
8
  ActiveSupport::Deprecation.warn "[SPREE] Password style has be depreciated due to the removal of OpenID from the Auth Gem. "
9
9
  "Please install the spree_social gem to regain this functionality and more."
10
10
  "display:none"
@@ -5,7 +5,7 @@
5
5
  class Ability
6
6
  include CanCan::Ability
7
7
 
8
- class_inheritable_accessor :abilities
8
+ class_attribute :abilities
9
9
  self.abilities = Set.new
10
10
 
11
11
  # Allows us to go beyond the standard cancan initialize method which makes it difficult for engines to
@@ -57,7 +57,7 @@ class Ability
57
57
  #include any abilities registered by extensions, etc.
58
58
  Ability.abilities.each do |clazz|
59
59
  ability = clazz.send(:new, user)
60
- @can_definitions = can_definitions + ability.send(:can_definitions)
60
+ @rules = rules + ability.send(:rules)
61
61
  end
62
62
 
63
63
  end
data/app/models/user.rb CHANGED
@@ -14,6 +14,9 @@ class User < ActiveRecord::Base
14
14
  # Setup accessible (or protected) attributes for your model
15
15
  attr_accessible :email, :password, :password_confirmation, :remember_me, :persistence_token
16
16
 
17
+ scope :admin, lambda { includes(:roles).where("roles.name" => "admin") }
18
+ scope :registered, where("users.email NOT LIKE ?", "%@example.net")
19
+
17
20
  # has_role? simply needs to return true or false whether a user has a role or not.
18
21
  def has_role?(role_in_question)
19
22
  roles.any? { |role| role.name == role_in_question.to_s }
@@ -28,7 +31,7 @@ class User < ActiveRecord::Base
28
31
  end
29
32
 
30
33
  def self.admin_created?
31
- Role.where(:name => "admin").includes(:users).count > 0
34
+ User.admin.count > 0
32
35
  end
33
36
 
34
37
  def anonymous?
@@ -71,4 +74,12 @@ class User < ActiveRecord::Base
71
74
  end
72
75
  end
73
76
 
77
+ def self.current
78
+ Thread.current[:user]
79
+ end
80
+
81
+ def self.current=(user)
82
+ Thread.current[:user] = user
83
+ end
84
+
74
85
  end
@@ -1,8 +1,10 @@
1
1
  class UserMailer < ActionMailer::Base
2
- default_url_options[:host] = Spree::Config[:site_url]
3
2
 
4
3
  def reset_password_instructions(user)
4
+ default_url_options[:host] = Spree::Config[:site_url]
5
+
5
6
  @edit_password_reset_url = edit_user_password_url(:reset_password_token => user.reset_password_token)
7
+
6
8
  mail(:to => user.email,
7
9
  :subject => Spree::Config[:site_name] + ' ' + I18n.t("password_reset_instructions"))
8
10
  end
@@ -0,0 +1,8 @@
1
+ <% if current_user %>
2
+ <ul id="login-nav">
3
+ <li><%= t('logged_in_as') %>: <%= current_user.email %></li>
4
+ <li><%= link_to t('account'), edit_user_path(current_user) %></li>
5
+ <li><%= link_to t('logout'), destroy_user_session_path %></li>
6
+ <li><%= link_to t('store'), products_path %></li>
7
+ </ul>
8
+ <% end %>
@@ -2,7 +2,7 @@
2
2
 
3
3
  <h1><%= t("editing_user") %></h1>
4
4
 
5
- <%= form_for(:user, :url => object_url, :html => { :method => :put }) do |f| %>
5
+ <%= form_for(@user, :html => { :method => :put }) do |f| %>
6
6
  <%= render 'shared/user_form', :f => f %>
7
7
  <p>
8
8
  <%=submit_tag t("update") %>
@@ -17,30 +17,32 @@
17
17
  <%= hook :account_my_orders do %>
18
18
 
19
19
  <h2><%= t("my_orders") %></h2>
20
-
21
- <table class="order-summary" width="545">
22
- <thead>
23
- <tr>
24
- <th><%= t("order_number") %></th>
25
- <th><%= t("order_date") %></th>
26
- <th><%= t("status") %></th>
27
- <th><%= t("customer") %></th>
28
- <th><%= t("total") %></th>
29
- </tr>
30
- </thead>
31
- <tbody>
32
- <% @orders.each do |order| %>
33
- <tr class="<%= cycle('even', 'odd') %>">
34
- <td><%= link_to order.number, order_url(order) %></td>
35
- <td><%=order.created_at.to_date%></td>
36
- <td><%= t(order.state).titleize %></td>
37
- <td><%= order.user.email if order.user %></td>
38
- <td><%= number_to_currency order.total %></td>
39
- </tr>
40
- <% end %>
41
- </tbody>
42
- </table>
43
-
20
+ <% if @orders.present? %>
21
+ <table class="order-summary" width="545">
22
+ <thead>
23
+ <tr>
24
+ <th><%= t("order_number") %></th>
25
+ <th><%= t("order_date") %></th>
26
+ <th><%= t("status") %></th>
27
+ <th><%= t("customer") %></th>
28
+ <th><%= t("total") %></th>
29
+ </tr>
30
+ </thead>
31
+ <tbody>
32
+ <% @orders.each do |order| %>
33
+ <tr class="<%= cycle('even', 'odd') %>">
34
+ <td><%= link_to order.number, order_url(order) %></td>
35
+ <td><%=order.created_at.to_date%></td>
36
+ <td><%= t(order.state).titleize %></td>
37
+ <td><%= order.user.email if order.user %></td>
38
+ <td><%= number_to_currency order.total %></td>
39
+ </tr>
40
+ <% end %>
41
+ </tbody>
42
+ </table>
43
+ <% else %>
44
+ <p><%= t(:you_have_no_orders_yet) %></p>
45
+ <% end %>
44
46
  <br />
45
47
 
46
48
  <% end %>
@@ -0,0 +1,10 @@
1
+ <%
2
+ rerun = File.file?('rerun.txt') ? IO.read('rerun.txt') : ""
3
+ rerun_opts = rerun.to_s.strip.empty? ? "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} features" : "--format #{ENV['CUCUMBER_FORMAT'] || 'pretty'} #{rerun}"
4
+ std_opts = "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} --strict --tags ~@wip"
5
+ ci_opts = "--format progress --strict"
6
+ %>
7
+ default: <%= std_opts %> features
8
+ wip: --tags @wip:3 --wip features
9
+ ci: <%= ci_opts %> features CI=true
10
+ rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip
@@ -16,9 +16,10 @@ en:
16
16
  invalid_token: 'Invalid authentication token.'
17
17
  timeout: 'Your session expired, please sign in again to continue.'
18
18
  inactive: 'Your account was not activated yet.'
19
- user_password_resets:
20
- send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
21
- updated: 'Your password was changed successfully. You are now signed in.'
19
+ user_passwords:
20
+ user:
21
+ send_instructions: 'You will receive an email with instructions about how to reset your password in a few minutes.'
22
+ updated: 'Your password was changed successfully. You are now signed in.'
22
23
  confirmations:
23
24
  send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
24
25
  confirmed: 'Your account was successfully confirmed. You are now signed in.'
data/config/routes.rb CHANGED
@@ -1,8 +1,8 @@
1
1
  Rails.application.routes.draw do
2
- devise_for :users,
2
+ devise_for :user,
3
3
  :controllers => { :sessions => 'user_sessions',
4
4
  :registrations => 'user_registrations',
5
- :passwords => "user_password_resets"},
5
+ :passwords => "user_passwords" },
6
6
  :skip => [:unlocks, :omniauth_callbacks],
7
7
  :path_names => { :sign_out => 'logout'}
8
8
  resources :users, :only => [:edit, :update]
@@ -1,5 +1,6 @@
1
1
  class RenameColumnsForDevise < ActiveRecord::Migration
2
2
  def self.up
3
+ return if column_exists?(:users, :password_salt)
3
4
  rename_column :users, :crypted_password, :encrypted_password
4
5
  rename_column :users, :salt, :password_salt
5
6
  rename_column :users, :remember_token_expires_at, :remember_created_at
data/lib/spree_auth.rb CHANGED
@@ -4,6 +4,7 @@ require 'cancan'
4
4
 
5
5
  require 'spree/auth/config'
6
6
  require 'spree/token_resource'
7
+ require 'spree_auth_hooks'
7
8
 
8
9
  module SpreeAuth
9
10
  class Engine < Rails::Engine
@@ -0,0 +1,6 @@
1
+ class SpreeAuthHooks < Spree::ThemeSupport::HookListener
2
+
3
+ replace :admin_login_navigation_bar, :partial => "layouts/admin/login_nav"
4
+ replace :shared_login_bar, :partial => "shared/login_bar"
5
+
6
+ end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spree_auth
3
3
  version: !ruby/object:Gem::Version
4
- hash: 183
5
- prerelease:
4
+ hash: 215
5
+ prerelease: false
6
6
  segments:
7
7
  - 0
8
- - 40
9
- - 4
10
- version: 0.40.4
8
+ - 50
9
+ - 0
10
+ version: 0.50.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Sean Schofield
@@ -15,7 +15,8 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-10-21 00:00:00 Z
18
+ date: 2011-03-23 00:00:00 -04:00
19
+ default_executable:
19
20
  dependencies:
20
21
  - !ruby/object:Gem::Dependency
21
22
  name: spree_core
@@ -25,12 +26,12 @@ dependencies:
25
26
  requirements:
26
27
  - - "="
27
28
  - !ruby/object:Gem::Version
28
- hash: 183
29
+ hash: 215
29
30
  segments:
30
31
  - 0
31
- - 40
32
- - 4
33
- version: 0.40.4
32
+ - 50
33
+ - 0
34
+ version: 0.50.0
34
35
  type: :runtime
35
36
  version_requirements: *id001
36
37
  - !ruby/object:Gem::Dependency
@@ -41,12 +42,12 @@ dependencies:
41
42
  requirements:
42
43
  - - "="
43
44
  - !ruby/object:Gem::Version
44
- hash: 7712074
45
+ hash: 977940511
45
46
  segments:
46
47
  - 1
47
48
  - 2
48
- - rc
49
- version: 1.2.rc
49
+ - rc2
50
+ version: 1.2.rc2
50
51
  type: :runtime
51
52
  version_requirements: *id002
52
53
  - !ruby/object:Gem::Dependency
@@ -57,12 +58,12 @@ dependencies:
57
58
  requirements:
58
59
  - - "="
59
60
  - !ruby/object:Gem::Version
60
- hash: 29
61
+ hash: 1
61
62
  segments:
62
63
  - 1
63
- - 3
64
- - 3
65
- version: 1.3.3
64
+ - 5
65
+ - 1
66
+ version: 1.5.1
66
67
  type: :runtime
67
68
  version_requirements: *id003
68
69
  description: Required dependancy for Spree
@@ -81,7 +82,7 @@ files:
81
82
  - app/controllers/orders_controller_decorator.rb
82
83
  - app/controllers/resource_controller_decorator.rb
83
84
  - app/controllers/spree/base_controller_decorator.rb
84
- - app/controllers/user_password_resets_controller.rb
85
+ - app/controllers/user_passwords_controller.rb
85
86
  - app/controllers/user_registrations_controller.rb
86
87
  - app/controllers/user_sessions_controller.rb
87
88
  - app/controllers/users_controller.rb
@@ -94,33 +95,36 @@ files:
94
95
  - app/models/user.rb
95
96
  - app/models/user_mailer.rb
96
97
  - app/views/checkout/registration.html.erb
97
- - app/views/shared/_error_messages.html.erb
98
+ - app/views/layouts/admin/_login_nav.html.erb
98
99
  - app/views/shared/_flashes.html.erb
99
100
  - app/views/shared/_login.html.erb
100
101
  - app/views/shared/_login_bar.html.erb
101
102
  - app/views/shared/_user_form.html.erb
102
103
  - app/views/shared/unauthorized.html.erb
103
104
  - app/views/user_mailer/reset_password_instructions.text.erb
104
- - app/views/user_password_resets/edit.html.erb
105
- - app/views/user_password_resets/new.html.erb
105
+ - app/views/user_passwords/edit.html.erb
106
+ - app/views/user_passwords/new.html.erb
106
107
  - app/views/user_registrations/new.html.erb
107
108
  - app/views/user_sessions/authorization_failure.html.erb
108
109
  - app/views/user_sessions/new.html.erb
109
110
  - app/views/users/edit.html.erb
110
111
  - app/views/users/show.html.erb
112
+ - config/cucumber.yml
111
113
  - config/initializers/devise.rb
112
114
  - config/locales/en.yml
113
115
  - config/routes.rb
114
116
  - lib/spree/auth/config.rb
115
117
  - lib/spree/token_resource.rb
116
118
  - lib/spree_auth.rb
119
+ - lib/spree_auth_hooks.rb
117
120
  - lib/tasks/auth.rake
118
121
  - lib/tasks/install.rake
119
- - db/migrate/20101101185116_rename_columns_for_devise.rb
122
+ - db/migrate/20101026184950_rename_columns_for_devise.rb
120
123
  - db/migrate/20101214150824_convert_user_remember_field.rb
121
124
  - db/migrate/20101217012656_create_tokenized_permissions.rb
122
125
  - db/migrate/20101219201531_tokens_for_legacy_orders.rb
123
126
  - db/sample/users.rb
127
+ has_rdoc: true
124
128
  homepage: http://spreecommerce.com
125
129
  licenses: []
126
130
 
@@ -152,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
152
156
  requirements:
153
157
  - none
154
158
  rubyforge_project: spree_auth
155
- rubygems_version: 1.8.10
159
+ rubygems_version: 1.3.7
156
160
  signing_key:
157
161
  specification_version: 3
158
162
  summary: Provides authentication and authorization services for use with Spree.
@@ -1,10 +0,0 @@
1
- <% if target.errors.any? %>
2
- <div id="errorExplanation">
3
- <h2><%= pluralize(target.errors.count, "error") %> prohibited this record from being saved:</h2>
4
- <ul>
5
- <% target.errors.full_messages.each do |msg| %>
6
- <li><%= msg %></li>
7
- <% end %>
8
- </ul>
9
- </div>
10
- <% end %>