RubyGems - spree_auth - Versions diffs - 1.0.7 → 1.1.0.rc1 - Mend

spree_auth 1.0.7 → 1.1.0.rc1

Potentially problematic release.

This version of spree_auth might be problematic. Click here for more details.

Files changed (21) hide show

data/app/controllers/spree/admin/admin_users_controller_decorator.rb CHANGED Viewed

@@ -1,5 +1,21 @@
 require File.expand_path('../../base_controller_decorator', __FILE__)
 Spree::Admin::UsersController.class_eval do
   rescue_from Spree::User::DestroyWithOrdersError, :with => :user_destroy_with_orders_error
+  update.after :sign_in_if_change_own_password
+  before_filter :load_roles, :only => [:edit, :new, :update, :create]
+  private
+    def sign_in_if_change_own_password
+      if current_user == @user && @user.password.present?
+        sign_in(@user, :event => :authentication, :bypass => true)
+      end
+    end
+    def load_roles
+      @roles = Spree::Role.scoped
+    end
 end

data/app/controllers/spree/base_controller_decorator.rb CHANGED Viewed

@@ -19,7 +19,7 @@ Spree::BaseController.class_eval do
         format.html do
           if current_user
             flash.now[:error] = t(:authorization_failure)
-            render 'spree/shared/unauthorized', :layout => '/spree/layouts/spree_application'
+            render 'spree/shared/unauthorized', :layout => '/spree/layouts/spree_application', :status => 401
           else
             store_location
             redirect_to spree.login_path and return

data/app/controllers/spree/user_passwords_controller.rb CHANGED Viewed

@@ -2,6 +2,8 @@ class Spree::UserPasswordsController < Devise::PasswordsController
   include Spree::Core::ControllerHelpers
   helper 'spree/users', 'spree/base'
+  ssl_required
   after_filter :associate_user
   def new
@@ -23,7 +25,7 @@ class Spree::UserPasswordsController < Devise::PasswordsController
       set_flash_message(:notice, :send_instructions) if is_navigational_format?
       respond_with resource, :location => spree.login_path
     else
-      respond_with_navigational(resource){ render_with_scope :new }
+      respond_with_navigational(resource) { render :new }
     end
   end

data/app/controllers/spree/user_registrations_controller.rb CHANGED Viewed

@@ -18,11 +18,11 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
     if resource.save
       set_flash_message(:notice, :signed_up)
       sign_in(:user, @user)
-      fire_event('spree.user.signup', :user => @user)
+      fire_event('spree.user.signup', :user => @user, :order => current_order(true))
       sign_in_and_redirect(:user, @user)
     else
       clean_up_passwords(resource)
-      render_with_scope(:new)
+      render :new
     end
   end

data/app/controllers/spree/user_sessions_controller.rb CHANGED Viewed

@@ -35,7 +35,7 @@ class Spree::UserSessionsController < Devise::SessionsController
   end
   def destroy
-    cookies.clear if cookies.respond_to?(:clear)
+    cookies.clear
     session.clear
     super
   end

data/app/controllers/spree/users_controller.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 class Spree::UsersController < Spree::BaseController
+  ssl_required
   prepend_before_filter :load_object, :only => [:show, :edit, :update]
   prepend_before_filter :authorize_actions, :only => :new

data/app/mailers/spree/user_mailer.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 class Spree::UserMailer < ActionMailer::Base
   def reset_password_instructions(user)
-    default_url_options[:host] = Spree::Config[:site_url]
     @edit_password_reset_url = spree.edit_user_password_url(:reset_password_token => user.reset_password_token)
     mail(:to => user.email,

data/app/models/spree/user.rb CHANGED Viewed

@@ -15,7 +15,7 @@ module Spree
     before_destroy :check_completed_orders
     # Setup accessible (or protected) attributes for your model
-    attr_accessible :email, :password, :password_confirmation, :remember_me, :persistence_token
+    attr_accessible :email, :password, :password_confirmation, :remember_me, :persistence_token, :login, :role_ids
     users_table_name = User.table_name
     roles_table_name = Role.table_name

data/app/overrides/admin_payment_methods_index.rb ADDED Viewed

@@ -0,0 +1,6 @@
+Deface::Override.new(:virtual_path => "spree/admin/payment_methods/index",
+                     :name => "gateway_banner",
+                     :insert_after => "#listing_payment_methods",
+                     :partial => "spree/admin/banners/gateway")

data/app/overrides/auth_admin_user_roles.rb ADDED Viewed

@@ -0,0 +1,5 @@
+Deface::Override.new(:virtual_path => "spree/admin/users/_form",
+                     :name => "auth_admin_user_roles",
+                     :insert_after => "[data-hook='admin_user_form_fields']",
+                     :partial => "spree/admin/users/roles",
+                     :disabled => false)

data/app/overrides/auth_user_login_form.rb ADDED Viewed

@@ -0,0 +1,5 @@
+Deface::Override.new(:virtual_path => "spree/checkout/registration",
+                     :name => "auth_user_login_form",
+                     :replace_contents => "[data-hook='registration'] #account, #registration[data-hook] #account",
+                     :template => "spree/user_sessions/new",
+                     :disabled => false)

data/app/views/spree/admin/banners/_gateway.html.erb ADDED Viewed

@@ -0,0 +1,14 @@
+<% if !current_user.dismissed_banner?(:gateway) &&
+      Spree::PaymentMethod.production.where("type != 'Spree::Gateway::Bogus'").empty?  %>
+  <div class="banner payment_banner">
+    <p class="message">
+      <%= t(:payment_processor_choose_banner_text)%>
+      <%= link_to t(:payment_processor_choose_link), "http://spreecommerce.com/products/payment_processing", :target => '_blank' %>
+    </p>
+    <%= link_to t(:dismiss_banner), dismiss_banner_admin_user_path(current_user, :banner_id => :gateway),
+                :remote => true, :method => :post, :class => 'dismiss' %>
+  </div>
+<% end %>

data/app/views/spree/admin/users/_roles.html.erb ADDED Viewed

@@ -0,0 +1,12 @@
+<div data-hook="admin_user_form_roles">
+  <p>
+    <%= label_tag nil, t(:roles) %><br />
+    <% @roles.each do |role| %>
+      <label class="sub">
+        <%= check_box_tag 'user[role_ids][]', role.id, @user.roles.include?(role), :id => "user_role_#{role.name}" %>
+        <%= role.name %>
+      </label> &nbsp;
+    <% end %>
+    <%= hidden_field_tag 'user[role_ids][]', '' %>
+  </p>
+</div>

data/app/views/spree/shared/_login.html.erb CHANGED Viewed

@@ -2,11 +2,11 @@
   <div id="password-credentials">
     <p>
       <%= f.label :email, t(:email) %><br />
-      <%= f.email_field :email, :class => 'title' %>
+      <%= f.email_field :email, :class => 'title', :tabindex => 1 %>
     </p>
     <p>
       <%= f.label :password, t(:password) %><br />
-      <%= f.password_field :password, :class => 'title' %>
+      <%= f.password_field :password, :class => 'title', :tabindex => 2 %>
     </p>
   </div>
   <p>

data/app/views/spree/user_registrations/new.html.erb CHANGED Viewed

@@ -8,7 +8,7 @@
   <div data-hook="signup">
     <%= form_for :user, :url => spree.user_registration_path(@user) do |f| %>
-      <div data-hook="signup_inside_form"%>
+      <div data-hook="signup_inside_form">
         <%= render :partial => 'spree/shared/user_form', :locals => { :f => f } %>
         <p><%= f.submit t(:create), :class => 'button primary' %></p>
       </div>

data/config/initializers/devise.rb CHANGED Viewed

@@ -133,4 +133,9 @@ Devise.setup do |config|
   #   end
   #   manager.default_strategies(:scope => :user).unshift :twitter_oauth
   # end
-end
+  #
+  # Time interval you can reset your password with a reset password key.
+  # Don't put a too small interval or your users won't have the time to
+  # change their passwords.
+  config.reset_password_within = 6.hours
+end

data/db/migrate/20101219201531_tokens_for_legacy_orders.rb CHANGED Viewed

@@ -5,7 +5,9 @@ class TokensForLegacyOrders < ActiveRecord::Migration
     # add token permissions for legacy orders (stop relying on user persistence token)
     Spree::Order.all.each do |order|
       next unless order.user
-      order.create_tokenized_permission(:token => order.user.persistence_token)
+      permission = order.build_tokenized_permission
+      permission.token = order.user.persistence_token
+      permission.save!
     end
     Spree::TokenizedPermission.table_name = 'spree_tokenized_permissions'

data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddResetPasswordSentAtToSpreeUsers < ActiveRecord::Migration
+  def change
+    add_column :spree_users, :reset_password_sent_at, :datetime
+  end
+end

data/lib/spree/token_resource.rb CHANGED Viewed

@@ -8,16 +8,15 @@ module Spree
       end
     end
-    module InstanceMethods
-      def create_token
-        create_tokenized_permission(:token => ::SecureRandom::hex(8))
-        token
-      end
+    def create_token
+      permission = build_tokenized_permission
+      permission.token = token = ::SecureRandom::hex(8)
+      permission.save!
+      token
     end
     def self.included(receiver)
       receiver.extend ClassMethods
-      receiver.send :include, InstanceMethods
     end
   end
 end

metadata CHANGED Viewed

@@ -1,64 +1,49 @@
 --- !ruby/object:Gem::Specification
 name: spree_auth
 version: !ruby/object:Gem::Version
-  version: 1.0.7
-  prerelease:
+  version: 1.1.0.rc1
+  prerelease: 6
 platform: ruby
 authors:
 - Sean Schofield
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-02-04 00:00:00.000000000 Z
+date: 2012-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree_core
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &70158929553040 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - '='
+    - - =
       - !ruby/object:Gem::Version
-        version: 1.0.7
+        version: 1.1.0.rc1
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.0.7
+  version_requirements: *70158929553040
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &70158929566060 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - '='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.5.3
+        version: '2.0'
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.5.3
+  version_requirements: *70158929566060
 - !ruby/object:Gem::Dependency
   name: cancan
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &70158929563020 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - '='
+    - - =
       - !ruby/object:Gem::Version
         version: 1.6.7
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.6.7
+  version_requirements: *70158929563020
 description: Required dependency for Spree
 email: sean@spreecommerce.com
 executables: []
@@ -90,9 +75,13 @@ files:
 - app/models/spree/order_decorator.rb
 - app/models/spree/tokenized_permission.rb
 - app/models/spree/user.rb
+- app/overrides/admin_payment_methods_index.rb
 - app/overrides/auth_admin_login_navigation_bar.rb
+- app/overrides/auth_admin_user_roles.rb
 - app/overrides/auth_shared_login_bar.rb
-- app/views/spree/checkout/registration.html.erb
+- app/overrides/auth_user_login_form.rb
+- app/views/spree/admin/banners/_gateway.html.erb
+- app/views/spree/admin/users/_roles.html.erb
 - app/views/spree/layouts/admin/_login_nav.html.erb
 - app/views/spree/shared/_flashes.html.erb
 - app/views/spree/shared/_login.html.erb
@@ -122,6 +111,7 @@ files:
 - db/migrate/20101219201531_tokens_for_legacy_orders.rb
 - db/migrate/20111007143030_namespace_tokenized_permission.rb
 - db/migrate/20111206075712_migrate_tokenized_permissions.rb
+- db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb
 - db/seeds.rb
 homepage: http://spreecommerce.com
 licenses: []
@@ -138,16 +128,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>='
+  - - ! '>'
     - !ruby/object:Gem::Version
-      version: '0'
-      segments:
-      - 0
-      hash: 3901928345748841813
+      version: 1.3.1
 requirements:
 - none
 rubyforge_project:
-rubygems_version: 1.8.23
+rubygems_version: 1.8.10
 signing_key:
 specification_version: 3
 summary: Provides authentication and authorization services for use with Spree.

data/app/views/spree/checkout/registration.html.erb DELETED Viewed

@@ -1,20 +0,0 @@
-<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @user } %>
-<h2><%= t(:registration) %></h2>
-<div id="registration">
-  <div id="account" class="columns alpha eight">
-    <%= render :file => 'spree/user_sessions/new' %>
-  </div>
-  <% if Spree::Config[:allow_guest_checkout] %>
-    <div id="guest_checkout" class="columns omega eight">
-      <%= render :partial => 'spree/shared/error_messages', :locals => { :target => @order } %>
-      <h6><%= t(:guest_user_account) %></h6>
-      <%= form_for @order, :url => spree.update_checkout_registration_path, :method => :put, :html => { :id => 'checkout_form_registration' } do |f| %>
-        <p>
-          <%= f.label :email, t(:email) %><br />
-          <%= f.email_field :email, :class => 'title' %>
-        </p>
-        <p><%= f.submit t(:continue), :class => 'button primary' %></p>
-      <% end %>
-    </div>
-  <% end %>
-</div>