RubyGems - spree_auth - Versions diffs - 1.0.7 → 1.1.0.rc1 - Mend

spree_auth 1.0.7 → 1.1.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of spree_auth might be problematic. Click here for more details.

Files changed (21) hide show

data/app/controllers/spree/admin/admin_users_controller_decorator.rb CHANGED Viewed

@@ -1,5 +1,21 @@
 require File.expand_path('../../base_controller_decorator', __FILE__)
 Spree::Admin::UsersController.class_eval do
   rescue_from Spree::User::DestroyWithOrdersError, :with => :user_destroy_with_orders_error
+  update.after :sign_in_if_change_own_password
+  before_filter :load_roles, :only => [:edit, :new, :update, :create]
+  private
+    def sign_in_if_change_own_password
+      if current_user == @user && @user.password.present?
+        sign_in(@user, :event => :authentication, :bypass => true)
+      end
+    end
+    def load_roles
+      @roles = Spree::Role.scoped
+    end
 end

data/app/controllers/spree/base_controller_decorator.rb CHANGED Viewed

@@ -19,7 +19,7 @@ Spree::BaseController.class_eval do
         format.html do
           if current_user
             flash.now[:error] = t(:authorization_failure)
-            render 'spree/shared/unauthorized', :layout => '/spree/layouts/spree_application'
+            render 'spree/shared/unauthorized', :layout => '/spree/layouts/spree_application', :status => 401
           else
             store_location
             redirect_to spree.login_path and return

data/app/controllers/spree/user_passwords_controller.rb CHANGED Viewed

@@ -2,6 +2,8 @@ class Spree::UserPasswordsController < Devise::PasswordsController
   include Spree::Core::ControllerHelpers
   helper 'spree/users', 'spree/base'
+  ssl_required
   after_filter :associate_user
   def new
@@ -23,7 +25,7 @@ class Spree::UserPasswordsController < Devise::PasswordsController
       set_flash_message(:notice, :send_instructions) if is_navigational_format?
       respond_with resource, :location => spree.login_path
     else
-      respond_with_navigational(resource){ render_with_scope :new }
+      respond_with_navigational(resource) { render :new }
     end
   end

data/app/controllers/spree/user_registrations_controller.rb CHANGED Viewed

@@ -18,11 +18,11 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
     if resource.save
       set_flash_message(:notice, :signed_up)
       sign_in(:user, @user)
-      fire_event('spree.user.signup', :user => @user)
+      fire_event('spree.user.signup', :user => @user, :order => current_order(true))
       sign_in_and_redirect(:user, @user)
     else
       clean_up_passwords(resource)
-      render_with_scope(:new)
+      render :new
     end
   end

data/app/controllers/spree/user_sessions_controller.rb CHANGED Viewed

@@ -35,7 +35,7 @@ class Spree::UserSessionsController < Devise::SessionsController
   end
   def destroy
-    cookies.clear if cookies.respond_to?(:clear)
+    cookies.clear
     session.clear
     super
   end

data/app/controllers/spree/users_controller.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 class Spree::UsersController < Spree::BaseController
+  ssl_required
   prepend_before_filter :load_object, :only => [:show, :edit, :update]
   prepend_before_filter :authorize_actions, :only => :new

data/app/mailers/spree/user_mailer.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 class Spree::UserMailer < ActionMailer::Base
   def reset_password_instructions(user)
-    default_url_options[:host] = Spree::Config[:site_url]
     @edit_password_reset_url = spree.edit_user_password_url(:reset_password_token => user.reset_password_token)
     mail(:to => user.email,

data/app/models/spree/user.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Spree
     before_destroy :check_completed_orders
     # Setup accessible (or protected) attributes for your model
-    attr_accessible :email, :password, :password_confirmation, :remember_me, :persistence_token
+    attr_accessible :email, :password, :password_confirmation, :remember_me, :persistence_token, :login, :role_ids
     users_table_name = User.table_name
     roles_table_name = Role.table_name

data/app/overrides/admin_payment_methods_index.rb ADDED Viewed

@@ -0,0 +1,6 @@
+Deface::Override.new(:virtual_path => "spree/admin/payment_methods/index",
+                     :name => "gateway_banner",
+                     :insert_after => "#listing_payment_methods",
+                     :partial => "spree/admin/banners/gateway")

data/app/overrides/auth_admin_user_roles.rb ADDED Viewed

@@ -0,0 +1,5 @@
+Deface::Override.new(:virtual_path => "spree/admin/users/_form",
+                     :name => "auth_admin_user_roles",
+                     :insert_after => "[data-hook='admin_user_form_fields']",
+                     :partial => "spree/admin/users/roles",
+                     :disabled => false)

data/app/overrides/auth_user_login_form.rb ADDED Viewed

@@ -0,0 +1,5 @@
+Deface::Override.new(:virtual_path => "spree/checkout/registration",
+                     :name => "auth_user_login_form",
+                     :replace_contents => "[data-hook='registration'] #account, #registration[data-hook] #account",
+                     :template => "spree/user_sessions/new",
+                     :disabled => false)

data/app/views/spree/admin/banners/_gateway.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<% if !current_user.dismissed_banner?(:gateway) &&
+      Spree::PaymentMethod.production.where("type != 'Spree::Gateway::Bogus'").empty?  %>
+  <div class="banner payment_banner">
+    <p class="message">
+      <%= t(:payment_processor_choose_banner_text)%>
+      <%= link_to t(:payment_processor_choose_link), "http://spreecommerce.com/products/payment_processing", :target => '_blank' %>
+    </p>
+    <%= link_to t(:dismiss_banner), dismiss_banner_admin_user_path(current_user, :banner_id => :gateway),
+                :remote => true, :method => :post, :class => 'dismiss' %>
+  </div>
+<% end %>

data/app/views/spree/admin/users/_roles.html.erb ADDED Viewed

@@ -0,0 +1,12 @@
+<div data-hook="admin_user_form_roles">
+  <p>
+    <%= label_tag nil, t(:roles) %><br />
+    <% @roles.each do |role| %>
+      <label class="sub">
+        <%= check_box_tag 'user[role_ids][]', role.id, @user.roles.include?(role), :id => "user_role_#{role.name}" %>
+        <%= role.name %>
+      </label> &nbsp;
+    <% end %>
+    <%= hidden_field_tag 'user[role_ids][]', '' %>
+  </p>
+</div>

data/app/views/spree/shared/_login.html.erb CHANGED Viewed

@@ -2,11 +2,11 @@
   <div id="password-credentials">
     <p>
       <%= f.label :email, t(:email) %><br />
-      <%= f.email_field :email, :class => 'title' %>
+      <%= f.email_field :email, :class => 'title', :tabindex => 1 %>
     </p>
     <p>
       <%= f.label :password, t(:password) %><br />
-      <%= f.password_field :password, :class => 'title' %>
+      <%= f.password_field :password, :class => 'title', :tabindex => 2 %>
     </p>
   </div>
   <p>

data/app/views/spree/user_registrations/new.html.erb CHANGED Viewed

@@ -8,7 +8,7 @@
   <div data-hook="signup">
     <%= form_for :user, :url => spree.user_registration_path(@user) do |f| %>
-      <div data-hook="signup_inside_form"%>
+      <div data-hook="signup_inside_form">
         <%= render :partial => 'spree/shared/user_form', :locals => { :f => f } %>
         <p><%= f.submit t(:create), :class => 'button primary' %></p>
       </div>

data/config/initializers/devise.rb CHANGED Viewed

@@ -133,4 +133,9 @@ Devise.setup do |config|
   #   end
   #   manager.default_strategies(:scope => :user).unshift :twitter_oauth
   # end
-end
+  #
+  # Time interval you can reset your password with a reset password key.
+  # Don't put a too small interval or your users won't have the time to
+  # change their passwords.
+  config.reset_password_within = 6.hours
+end

data/db/migrate/20101219201531_tokens_for_legacy_orders.rb CHANGED Viewed

@@ -5,7 +5,9 @@ class TokensForLegacyOrders < ActiveRecord::Migration
     # add token permissions for legacy orders (stop relying on user persistence token)
     Spree::Order.all.each do |order|
       next unless order.user
-      order.create_tokenized_permission(:token => order.user.persistence_token)
+      permission = order.build_tokenized_permission
+      permission.token = order.user.persistence_token
+      permission.save!
     end
     Spree::TokenizedPermission.table_name = 'spree_tokenized_permissions'

data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddResetPasswordSentAtToSpreeUsers < ActiveRecord::Migration
+  def change
+    add_column :spree_users, :reset_password_sent_at, :datetime
+  end
+end

data/lib/spree/token_resource.rb CHANGED Viewed

@@ -8,16 +8,15 @@ module Spree
       end
     end
-    module InstanceMethods
-      def create_token
-        create_tokenized_permission(:token => ::SecureRandom::hex(8))
-        token
-      end
+    def create_token
+      permission = build_tokenized_permission
+      permission.token = token = ::SecureRandom::hex(8)
+      permission.save!
+      token
     end
     def self.included(receiver)
       receiver.extend ClassMethods
-      receiver.send :include, InstanceMethods
     end
   end
 end

metadata CHANGED Viewed

@@ -1,64 +1,49 @@
 --- !ruby/object:Gem::Specification
 name: spree_auth
 version: !ruby/object:Gem::Version
-  version: 1.0.7
-  prerelease:
+  version: 1.1.0.rc1
+  prerelease: 6
 platform: ruby
 authors:
 - Sean Schofield
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-02-04 00:00:00.000000000 Z
+date: 2012-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree_core
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &70158929553040 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - '='
+    - - =
       - !ruby/object:Gem::Version
-        version: 1.0.7
+        version: 1.1.0.rc1
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.0.7
+  version_requirements: *70158929553040
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &70158929566060 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - '='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.5.3
+        version: '2.0'
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.5.3
+  version_requirements: *70158929566060
 - !ruby/object:Gem::Dependency
   name: cancan
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &70158929563020 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - '='
+    - - =
       - !ruby/object:Gem::Version
         version: 1.6.7
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.6.7
+  version_requirements: *70158929563020
 description: Required dependency for Spree
 email: sean@spreecommerce.com
 executables: []
@@ -90,9 +75,13 @@ files:
 - app/models/spree/order_decorator.rb
 - app/models/spree/tokenized_permission.rb
 - app/models/spree/user.rb
+- app/overrides/admin_payment_methods_index.rb
 - app/overrides/auth_admin_login_navigation_bar.rb
+- app/overrides/auth_admin_user_roles.rb
 - app/overrides/auth_shared_login_bar.rb
-- app/views/spree/checkout/registration.html.erb
+- app/overrides/auth_user_login_form.rb
+- app/views/spree/admin/banners/_gateway.html.erb
+- app/views/spree/admin/users/_roles.html.erb
 - app/views/spree/layouts/admin/_login_nav.html.erb
 - app/views/spree/shared/_flashes.html.erb
 - app/views/spree/shared/_login.html.erb
@@ -122,6 +111,7 @@ files:
 - db/migrate/20101219201531_tokens_for_legacy_orders.rb
 - db/migrate/20111007143030_namespace_tokenized_permission.rb
 - db/migrate/20111206075712_migrate_tokenized_permissions.rb
+- db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb
 - db/seeds.rb
 homepage: http://spreecommerce.com
 licenses: []
@@ -138,16 +128,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>='
+  - - ! '>'
     - !ruby/object:Gem::Version
-      version: '0'
-      segments:
-      - 0
-      hash: 3901928345748841813
+      version: 1.3.1
 requirements:
 - none
 rubyforge_project:
-rubygems_version: 1.8.23
+rubygems_version: 1.8.10
 signing_key:
 specification_version: 3
 summary: Provides authentication and authorization services for use with Spree.

data/app/views/spree/checkout/registration.html.erb DELETED Viewed

@@ -1,20 +0,0 @@
-<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @user } %>
-<h2><%= t(:registration) %></h2>
-<div id="registration">
-  <div id="account" class="columns alpha eight">
-    <%= render :file => 'spree/user_sessions/new' %>
-  </div>
-  <% if Spree::Config[:allow_guest_checkout] %>
-    <div id="guest_checkout" class="columns omega eight">
-      <%= render :partial => 'spree/shared/error_messages', :locals => { :target => @order } %>
-      <h6><%= t(:guest_user_account) %></h6>
-      <%= form_for @order, :url => spree.update_checkout_registration_path, :method => :put, :html => { :id => 'checkout_form_registration' } do |f| %>
-        <p>
-          <%= f.label :email, t(:email) %><br />
-          <%= f.email_field :email, :class => 'title' %>
-        </p>
-        <p><%= f.submit t(:continue), :class => 'button primary' %></p>
-      <% end %>
-    </div>
-  <% end %>
-</div>