spree_auth 0.30.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of spree_auth might be problematic. Click here for more details.
- data/LICENSE +26 -0
- data/README.md +35 -0
- data/app/controllers/admin_controller_decorator.rb +7 -0
- data/app/controllers/checkout_controller_decorator.rb +30 -0
- data/app/controllers/devise/sessions_controller_decorator.rb +12 -0
- data/app/controllers/orders_controller_decorator.rb +18 -0
- data/app/controllers/resource_controller_decorator.rb +15 -0
- data/app/controllers/spree/base_controller_decorator.rb +38 -0
- data/app/models/ability.rb +41 -0
- data/app/models/order_decorator.rb +12 -0
- data/app/models/spree_auth_configuration.rb +3 -0
- data/app/models/user.rb +43 -0
- data/app/views/checkout/registration.html.erb +19 -0
- data/app/views/devise/confirmations/new.html.erb +12 -0
- data/app/views/devise/mailer/confirmation_instructions.html.erb +5 -0
- data/app/views/devise/mailer/reset_password_instructions.html.erb +8 -0
- data/app/views/devise/mailer/unlock_instructions.html.erb +7 -0
- data/app/views/devise/passwords/edit.html.erb +16 -0
- data/app/views/devise/passwords/new.html.erb +12 -0
- data/app/views/devise/registrations/edit.html.erb +25 -0
- data/app/views/devise/registrations/new.html.erb +22 -0
- data/app/views/devise/sessions/new.html.erb +20 -0
- data/app/views/devise/shared/_links.erb +19 -0
- data/app/views/devise/unlocks/new.html.erb +12 -0
- data/app/views/shared/_login_bar.html.erb +6 -0
- data/app/views/shared/unauthorized.html.erb +0 -0
- data/config/routes.rb +4 -0
- data/lib/generators/spree_auth/install_generator.rb +25 -0
- data/lib/generators/templates/db/migrate/20100811003924_switch_to_devise.rb +31 -0
- data/lib/generators/templates/devise.rb +146 -0
- data/lib/spree/auth/config.rb +22 -0
- data/lib/spree/auth_user.rb +20 -0
- data/lib/spree_auth.rb +19 -0
- metadata +141 -0
data/LICENSE
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
Copyright (c) 2007-2010, Rails Dog LLC and other contributors
|
2
|
+
All rights reserved.
|
3
|
+
|
4
|
+
Redistribution and use in source and binary forms, with or without modification,
|
5
|
+
are permitted provided that the following conditions are met:
|
6
|
+
|
7
|
+
* Redistributions of source code must retain the above copyright notice,
|
8
|
+
this list of conditions and the following disclaimer.
|
9
|
+
* Redistributions in binary form must reproduce the above copyright notice,
|
10
|
+
this list of conditions and the following disclaimer in the documentation
|
11
|
+
and/or other materials provided with the distribution.
|
12
|
+
* Neither the name Spree nor the names of its contributors may be used to
|
13
|
+
endorse or promote products derived from this software without specific
|
14
|
+
prior written permission.
|
15
|
+
|
16
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
17
|
+
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
18
|
+
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
19
|
+
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
|
20
|
+
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
21
|
+
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
22
|
+
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
23
|
+
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
24
|
+
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
25
|
+
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
26
|
+
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
data/README.md
ADDED
@@ -0,0 +1,35 @@
|
|
1
|
+
Overview
|
2
|
+
--------
|
3
|
+
|
4
|
+
This gem provides the so-called "core" functionality of Spree and is a requirement for any Spree application or
|
5
|
+
store. The basic data models as well as product catalog and admin functionality are all provided by this gem.
|
6
|
+
|
7
|
+
|
8
|
+
Security Warning
|
9
|
+
----------------
|
10
|
+
|
11
|
+
*This gem provides absolutely no authentication and authorization. You are strongly encouraged to install
|
12
|
+
and use the spree-auth gem in addition to spree-core in order to restrict access to orders and other admin
|
13
|
+
functionality.*
|
14
|
+
|
15
|
+
|
16
|
+
Running Tests
|
17
|
+
-------------
|
18
|
+
|
19
|
+
You need to do a quick one-time creation of a test application and then you can use it to run the tests.
|
20
|
+
|
21
|
+
rails new testapp -m spec/test_template.rb -T -J
|
22
|
+
cd testapp
|
23
|
+
rails g spree_core:install
|
24
|
+
rake db:migrate db:seed db:test:prepare
|
25
|
+
|
26
|
+
Then run the tests
|
27
|
+
|
28
|
+
rspec spec
|
29
|
+
|
30
|
+
Misc
|
31
|
+
----
|
32
|
+
|
33
|
+
authentication by token example
|
34
|
+
|
35
|
+
http://localhost:3000/?auth_token=oWBSN16k6dWx46TtSGcp
|
@@ -0,0 +1,30 @@
|
|
1
|
+
CheckoutController.class_eval do
|
2
|
+
before_filter :check_authorization
|
3
|
+
before_filter :check_registration, :except => [:registration, :update_registration]
|
4
|
+
|
5
|
+
def registration
|
6
|
+
@user = User.new
|
7
|
+
end
|
8
|
+
|
9
|
+
def update_registration
|
10
|
+
@user = current_order.user
|
11
|
+
@user.email = params[:user][:email]
|
12
|
+
if @user.save
|
13
|
+
redirect_to checkout_path and return
|
14
|
+
else
|
15
|
+
render :registration and return
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
private
|
20
|
+
def check_authorization
|
21
|
+
authorize!(:edit, current_order)
|
22
|
+
end
|
23
|
+
|
24
|
+
# Introduces a registration step whenever the +registration_step+ preference is true.
|
25
|
+
def check_registration
|
26
|
+
return unless Spree::Auth::Config[:registration_step]
|
27
|
+
return if current_user or not current_order.user.anonymous?
|
28
|
+
redirect_to checkout_registration_path
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
Devise::SessionsController.class_eval do
|
2
|
+
after_filter :associate_user, :only => :create
|
3
|
+
|
4
|
+
include Spree::CurrentOrder
|
5
|
+
include Spree::AuthUser
|
6
|
+
|
7
|
+
def associate_user
|
8
|
+
return unless current_user and current_order
|
9
|
+
current_order.associate_user!(current_user) if can? :edit, current_order
|
10
|
+
session[:guest_token] = nil
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
OrdersController.class_eval do
|
2
|
+
after_filter :store_guest, :only => :populate
|
3
|
+
before_filter :check_authorization
|
4
|
+
|
5
|
+
private
|
6
|
+
def store_guest
|
7
|
+
return if current_user
|
8
|
+
session[:guest_token] ||= @order.user.authentication_token
|
9
|
+
end
|
10
|
+
|
11
|
+
def check_authorization
|
12
|
+
if current_order
|
13
|
+
authorize! :edit, current_order
|
14
|
+
else
|
15
|
+
authorize! :create, Order
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# This overrides the before method provided by resource_controller so that the current_user is authorized
|
2
|
+
# for each action before proceding.
|
3
|
+
module ResourceController
|
4
|
+
module Helpers
|
5
|
+
module Internal
|
6
|
+
protected
|
7
|
+
# Calls the before block for the action, if one is present.
|
8
|
+
#
|
9
|
+
def before(action)
|
10
|
+
authorize! action, object || model
|
11
|
+
invoke_callbacks *self.class.send(action).before
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
Spree::BaseController.class_eval do
|
2
|
+
|
3
|
+
include Spree::AuthUser
|
4
|
+
|
5
|
+
# graceful error handling for cancan authorization exceptions
|
6
|
+
rescue_from CanCan::AccessDenied, :with => :unauthorized
|
7
|
+
|
8
|
+
private
|
9
|
+
|
10
|
+
# Redirect as appropriate when an access request fails. The default action is to redirect to the login screen.
|
11
|
+
# Override this method in your controllers if you want to have special behavior in case the user is not authorized
|
12
|
+
# to access the requested action. For example, a popup window might simply close itself.
|
13
|
+
def unauthorized
|
14
|
+
respond_to do |format|
|
15
|
+
format.html do
|
16
|
+
if current_user
|
17
|
+
flash.now[:error] = I18n.t(:authorization_failure)
|
18
|
+
render 'shared/unauthorized', :layout => 'spree_application'
|
19
|
+
else
|
20
|
+
store_location
|
21
|
+
redirect_to new_user_session_path and return
|
22
|
+
end
|
23
|
+
end
|
24
|
+
format.xml do
|
25
|
+
request_http_basic_authentication 'Web Password'
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def store_location
|
31
|
+
# disallow return to login, logout, signup pages
|
32
|
+
disallowed_urls = [new_user_registration_path, new_user_session_path, destroy_user_session_path]
|
33
|
+
disallowed_urls.map!{|url| url[/\/\w+$/]}
|
34
|
+
unless disallowed_urls.include?(request.fullpath)
|
35
|
+
session[:return_to] = request.fullpath
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
class Ability
|
2
|
+
include CanCan::Ability
|
3
|
+
|
4
|
+
def initialize(user)
|
5
|
+
self.clear_aliased_actions
|
6
|
+
|
7
|
+
# override cancan default aliasing (we don't want to differentiate between read and index)
|
8
|
+
alias_action :edit, :to => :update
|
9
|
+
alias_action :new, :to => :create
|
10
|
+
alias_action :show, :to => :read
|
11
|
+
|
12
|
+
user ||= User.new
|
13
|
+
if user.has_role? 'admin'
|
14
|
+
can :manage, :all
|
15
|
+
else
|
16
|
+
#############################
|
17
|
+
can :read, User do |resource|
|
18
|
+
resource == user
|
19
|
+
end
|
20
|
+
can :update, User do |resource|
|
21
|
+
resource == user
|
22
|
+
end
|
23
|
+
can :create, User
|
24
|
+
#############################
|
25
|
+
can :read, Order do |order|
|
26
|
+
order.user == user
|
27
|
+
end
|
28
|
+
can :update, Order do |order|
|
29
|
+
order.user == user
|
30
|
+
end
|
31
|
+
can :create, Order
|
32
|
+
#############################
|
33
|
+
can :read, Product
|
34
|
+
can :index, Product
|
35
|
+
#############################
|
36
|
+
can :read, Taxon
|
37
|
+
can :index, Taxon
|
38
|
+
#############################
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
Order.class_eval do
|
2
|
+
# Associates the specified user with the order and destroys any previous association with guest user if
|
3
|
+
# necessary.
|
4
|
+
def associate_user!(user)
|
5
|
+
self.user = user
|
6
|
+
save!
|
7
|
+
end
|
8
|
+
|
9
|
+
def token
|
10
|
+
user.token if user.anonymous?
|
11
|
+
end
|
12
|
+
end
|
data/app/models/user.rb
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
class User < ActiveRecord::Base
|
2
|
+
|
3
|
+
has_many :orders
|
4
|
+
has_and_belongs_to_many :roles
|
5
|
+
belongs_to :ship_address, :foreign_key => "ship_address_id", :class_name => "Address"
|
6
|
+
belongs_to :bill_address, :foreign_key => "bill_address_id", :class_name => "Address"
|
7
|
+
|
8
|
+
before_save :check_admin
|
9
|
+
|
10
|
+
# Include default devise modules. Others available are:
|
11
|
+
# :confirmable, :lockable and :timeoutable
|
12
|
+
devise :database_authenticatable, :registerable, :token_authenticatable,
|
13
|
+
:recoverable, :rememberable, :trackable, :validatable
|
14
|
+
|
15
|
+
# Setup accessible (or protected) attributes for your model
|
16
|
+
attr_accessible :email, :password, :password_confirmation, :remember_me, :anonymous
|
17
|
+
after_save :ensure_authentication_token!
|
18
|
+
|
19
|
+
alias_attribute :token, :authentication_token
|
20
|
+
|
21
|
+
# has_role? simply needs to return true or false whether a user has a role or not.
|
22
|
+
def has_role?(role_in_question)
|
23
|
+
roles.any? { |role| role.name == role_in_question.to_s }
|
24
|
+
end
|
25
|
+
|
26
|
+
def self.anonymous!
|
27
|
+
token = User.generate_token(:authentication_token)
|
28
|
+
User.create(:email => "#{token}@example.com", :password => token, :password_confirmation => token, :anonymous => true)
|
29
|
+
end
|
30
|
+
|
31
|
+
def email=(email)
|
32
|
+
self.anonymous = false unless email.include?("example.com")
|
33
|
+
write_attribute :email, email
|
34
|
+
end
|
35
|
+
|
36
|
+
private
|
37
|
+
def check_admin
|
38
|
+
if User.where("roles.name" => "admin").includes(:roles).empty?
|
39
|
+
self.roles << Role.find_by_name("admin")
|
40
|
+
end
|
41
|
+
true
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
<%= render "shared/error_messages", :target => @user %>
|
2
|
+
<h2><%= t("registration")%></h2>
|
3
|
+
<div id="registration">
|
4
|
+
<div id="account">
|
5
|
+
<!-- TODO: add partial with devise registration form -->
|
6
|
+
</div>
|
7
|
+
<% if Spree::Config[:allow_guest_checkout] %>
|
8
|
+
<div id="guest_checkout">
|
9
|
+
<h2><%= t(:guest_user_account) %></h2>
|
10
|
+
<%= form_for :user, :url => update_checkout_registration_path, :html => { :method => :put, :id => "checkout_form_registration"} do |f| %>
|
11
|
+
<p>
|
12
|
+
<%= f.label :email, t("email") %><br />
|
13
|
+
<%= f.text_field :email, :class => 'title' %>
|
14
|
+
</p>
|
15
|
+
<p><%= submit_tag t("continue"), :class => 'button primary' %></p>
|
16
|
+
<% end %>
|
17
|
+
</div>
|
18
|
+
<% end %>
|
19
|
+
</div>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
<h2><%= t(:resend_confirmation_instructions) %></h2>
|
2
|
+
|
3
|
+
<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
|
4
|
+
<%= devise_error_messages! %>
|
5
|
+
|
6
|
+
<p><%= f.label :email %><br />
|
7
|
+
<%= f.text_field :email %></p>
|
8
|
+
|
9
|
+
<p><%= f.submit t(:resend_confirmation_instructions) %></p>
|
10
|
+
<% end %>
|
11
|
+
|
12
|
+
<%= render :partial => "devise/shared/links" %>
|
@@ -0,0 +1,8 @@
|
|
1
|
+
<p>Hello <%= @resource.email %>!</p>
|
2
|
+
|
3
|
+
<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
|
4
|
+
|
5
|
+
<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
|
6
|
+
|
7
|
+
<p>If you didn't request this, please ignore this email.</p>
|
8
|
+
<p>Your password won't change until you access the link above and create a new one.</p>
|
@@ -0,0 +1,7 @@
|
|
1
|
+
<p>Hello <%= @resource.email %>!</p>
|
2
|
+
|
3
|
+
<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
|
4
|
+
|
5
|
+
<p>Click the link below to unlock your account:</p>
|
6
|
+
|
7
|
+
<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>
|
@@ -0,0 +1,16 @@
|
|
1
|
+
<h2><%= t(:change_my_password) %></h2>
|
2
|
+
|
3
|
+
<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
|
4
|
+
<%= devise_error_messages! %>
|
5
|
+
<%= f.hidden_field :reset_password_token %>
|
6
|
+
|
7
|
+
<p><%= f.label :password %><br />
|
8
|
+
<%= f.password_field :password %></p>
|
9
|
+
|
10
|
+
<p><%= f.label :password_confirmation %><br />
|
11
|
+
<%= f.password_field :password_confirmation %></p>
|
12
|
+
|
13
|
+
<p><%= f.submit t(:change_my_password) %></p>
|
14
|
+
<% end %>
|
15
|
+
|
16
|
+
<%= render :partial => "devise/shared/links" %>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
<h2><%= t(:forgot_password) %></h2>
|
2
|
+
|
3
|
+
<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
|
4
|
+
<%= devise_error_messages! %>
|
5
|
+
|
6
|
+
<p><%= f.label :email %><br />
|
7
|
+
<%= f.text_field :email %></p>
|
8
|
+
|
9
|
+
<p><%= f.submit t(:send_me_reset_password_instructions) %></p>
|
10
|
+
<% end %>
|
11
|
+
|
12
|
+
<%= render :partial => "devise/shared/links" %>
|
@@ -0,0 +1,25 @@
|
|
1
|
+
<h2><%= t(:my_account) %></h2>
|
2
|
+
|
3
|
+
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
|
4
|
+
<%= devise_error_messages! %>
|
5
|
+
|
6
|
+
<p><%= f.label :email %><br />
|
7
|
+
<%= f.text_field :email %></p>
|
8
|
+
|
9
|
+
<p><%= f.label :password %> <i><%= t(:leave_blank_to_not_change) %></i><br />
|
10
|
+
<%= f.password_field :password %></p>
|
11
|
+
|
12
|
+
<p><%= f.label :password_confirmation %><br />
|
13
|
+
<%= f.password_field :password_confirmation %></p>
|
14
|
+
|
15
|
+
<p><%= f.label :current_password %> <i><%= t(:enter_password_to_confirm) %></i><br />
|
16
|
+
<%= f.password_field :current_password %></p>
|
17
|
+
|
18
|
+
<p><%= f.submit t(:update) %></p>
|
19
|
+
<% end %>
|
20
|
+
|
21
|
+
<h3><%= t(:cancel_my_account) %></h3>
|
22
|
+
|
23
|
+
<p><%= t(:cancel_my_account_description) %> <%= link_to t(:cancel_my_account), registration_path(resource_name), :confirm => t(:are_you_sure), :method => :delete %>.</p>
|
24
|
+
|
25
|
+
<%= link_to t(:back), :back %>
|
@@ -0,0 +1,22 @@
|
|
1
|
+
<% @body_id = 'signup' %>
|
2
|
+
|
3
|
+
<div id="new-customer">
|
4
|
+
<h2><%= t("new_customer") %></h2>
|
5
|
+
|
6
|
+
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
|
7
|
+
<%= devise_error_messages! %>
|
8
|
+
|
9
|
+
<p><%= f.label :email %><br />
|
10
|
+
<%= f.text_field :email %></p>
|
11
|
+
|
12
|
+
<p><%= f.label :password %><br />
|
13
|
+
<%= f.password_field :password %></p>
|
14
|
+
|
15
|
+
<p><%= f.label :password_confirmation %><br />
|
16
|
+
<%= f.password_field :password_confirmation %></p>
|
17
|
+
|
18
|
+
<p><%= f.submit t(:sign_up) %></p>
|
19
|
+
<% end %>
|
20
|
+
|
21
|
+
<%= render :partial => "devise/shared/links" %>
|
22
|
+
</div>
|
@@ -0,0 +1,20 @@
|
|
1
|
+
<% @body_id = 'login' %>
|
2
|
+
<div id="existing-customer">
|
3
|
+
<h2><%= t("login_as_existing") %></h2>
|
4
|
+
|
5
|
+
<%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
|
6
|
+
<p><%= f.label :email %><br />
|
7
|
+
<%= f.text_field :email %></p>
|
8
|
+
|
9
|
+
<p><%= f.label :password %><br />
|
10
|
+
<%= f.password_field :password %></p>
|
11
|
+
|
12
|
+
<% if devise_mapping.rememberable? -%>
|
13
|
+
<p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
|
14
|
+
<% end -%>
|
15
|
+
|
16
|
+
<p><%= f.submit t(:log_in) %></p>
|
17
|
+
<% end %>
|
18
|
+
|
19
|
+
<%= render :partial => "devise/shared/links" %>
|
20
|
+
</div>
|
@@ -0,0 +1,19 @@
|
|
1
|
+
<%- if controller_name != 'sessions' %>
|
2
|
+
<%= link_to t(:log_in), new_session_path(resource_name) %><br />
|
3
|
+
<% end -%>
|
4
|
+
|
5
|
+
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
|
6
|
+
<%= link_to t(:sign_up), new_registration_path(resource_name) %><br />
|
7
|
+
<% end -%>
|
8
|
+
|
9
|
+
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
|
10
|
+
<%= link_to t(:forgot_password), new_password_path(resource_name) %><br />
|
11
|
+
<% end -%>
|
12
|
+
|
13
|
+
<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
|
14
|
+
<%= link_to t(:didnt_receive_confirmation_instructions), new_confirmation_path(resource_name) %><br />
|
15
|
+
<% end -%>
|
16
|
+
|
17
|
+
<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
|
18
|
+
<%= link_to t(:didnt_receive_unlock_instructions), new_unlock_path(resource_name) %><br />
|
19
|
+
<% end -%>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
<h2><%= t(:resend_unlock_instructions) %></h2>
|
2
|
+
|
3
|
+
<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
|
4
|
+
<%= devise_error_messages! %>
|
5
|
+
|
6
|
+
<p><%= f.label :email %><br />
|
7
|
+
<%= f.text_field :email %></p>
|
8
|
+
|
9
|
+
<p><%= f.submit t(:resend_unlock_instructions) %></p>
|
10
|
+
<% end %>
|
11
|
+
|
12
|
+
<%= render :partial => "devise/shared/links" %>
|
File without changes
|
data/config/routes.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
module SpreeAuth
|
2
|
+
module Generators
|
3
|
+
class InstallGenerator < Rails::Generators::Base
|
4
|
+
source_root File.expand_path("../../templates", __FILE__)
|
5
|
+
|
6
|
+
desc "Configures your Rails application for use with spree_auth."
|
7
|
+
|
8
|
+
def setup_routes
|
9
|
+
route 'devise_for :users'
|
10
|
+
end
|
11
|
+
|
12
|
+
def copy_initializer
|
13
|
+
template "devise.rb", "config/initializers/devise.rb"
|
14
|
+
end
|
15
|
+
|
16
|
+
def copy_migrations
|
17
|
+
directory "db"
|
18
|
+
end
|
19
|
+
|
20
|
+
# def show_readme
|
21
|
+
# readme "README" if behavior == :invoke
|
22
|
+
# end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
class SwitchToDevise < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
change_table(:users) do |t|
|
4
|
+
t.rename :crypted_password, :encrypted_password
|
5
|
+
t.rename :salt, :password_salt
|
6
|
+
t.rename :remember_token_expires_at, :remember_created_at
|
7
|
+
t.rename :persistence_token, :authentication_token
|
8
|
+
t.rename :single_access_token, :reset_password_token
|
9
|
+
t.remove :perishable_token
|
10
|
+
t.rename :login_count, :sign_in_count
|
11
|
+
t.remove :failed_login_count
|
12
|
+
t.remove :last_request_at
|
13
|
+
t.rename :current_login_at, :current_sign_in_at
|
14
|
+
t.rename :last_login_at, :last_sign_in_at
|
15
|
+
t.rename :current_login_ip, :current_sign_in_ip
|
16
|
+
t.rename :last_login_ip, :last_sign_in_ip
|
17
|
+
t.remove :login
|
18
|
+
t.remove :openid_identifier
|
19
|
+
t.remove :api_key
|
20
|
+
end
|
21
|
+
drop_table :open_id_authentication_associations
|
22
|
+
drop_table :open_id_authentication_nonces
|
23
|
+
|
24
|
+
add_index :users, :email, :unique => true
|
25
|
+
add_index :users, :reset_password_token, :unique => true
|
26
|
+
end
|
27
|
+
|
28
|
+
def self.down
|
29
|
+
# no going back!
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,146 @@
|
|
1
|
+
# Use this hook to configure devise mailer, warden hooks and so forth. The first
|
2
|
+
# four configuration values can also be set straight in your models.
|
3
|
+
Devise.setup do |config|
|
4
|
+
# ==> Mailer Configuration
|
5
|
+
# Configure the e-mail address which will be shown in DeviseMailer.
|
6
|
+
config.mailer_sender = "please-change-me@config-initializers-devise.com"
|
7
|
+
|
8
|
+
# Configure the class responsible to send e-mails.
|
9
|
+
# config.mailer = "Devise::Mailer"
|
10
|
+
|
11
|
+
# ==> ORM configuration
|
12
|
+
# Load and configure the ORM. Supports :active_record (default) and
|
13
|
+
# :mongoid (bson_ext recommended) by default. Other ORMs may be
|
14
|
+
# available as additional gems.
|
15
|
+
require 'devise/orm/active_record'
|
16
|
+
|
17
|
+
# ==> Configuration for any authentication mechanism
|
18
|
+
# Configure which keys are used when authenticating an user. By default is
|
19
|
+
# just :email. You can configure it to use [:username, :subdomain], so for
|
20
|
+
# authenticating an user, both parameters are required. Remember that those
|
21
|
+
# parameters are used only when authenticating and not when retrieving from
|
22
|
+
# session. If you need permissions, you should implement that in a before filter.
|
23
|
+
# config.authentication_keys = [ :email ]
|
24
|
+
|
25
|
+
# Tell if authentication through request.params is enabled. True by default.
|
26
|
+
# config.params_authenticatable = true
|
27
|
+
|
28
|
+
# Tell if authentication through HTTP Basic Auth is enabled. True by default.
|
29
|
+
# config.http_authenticatable = true
|
30
|
+
|
31
|
+
# Set this to true to use Basic Auth for AJAX requests. True by default.
|
32
|
+
# config.http_authenticatable_on_xhr = true
|
33
|
+
|
34
|
+
# The realm used in Http Basic Authentication
|
35
|
+
# config.http_authentication_realm = "Application"
|
36
|
+
|
37
|
+
# ==> Configuration for :database_authenticatable
|
38
|
+
# Define which will be the encryption algorithm. Devise also supports encryptors
|
39
|
+
# from others authentication tools as :clearance_sha1, :authlogic_sha512 (then
|
40
|
+
# you should set stretches above to 20 for default behavior) and :restful_authentication_sha1
|
41
|
+
# (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
|
42
|
+
config.encryptor = :bcrypt
|
43
|
+
|
44
|
+
# For bcrypt, this is the cost for hashing the password and defaults to 10. If
|
45
|
+
# using other encryptors, it sets how many times you want the password re-encrypted.
|
46
|
+
config.stretches = 10
|
47
|
+
|
48
|
+
# Setup a pepper to generate the encrypted password.
|
49
|
+
config.pepper = <%= ActiveSupport::SecureRandom.hex(64).inspect %>
|
50
|
+
|
51
|
+
# ==> Configuration for :confirmable
|
52
|
+
# The time you want to give your user to confirm his account. During this time
|
53
|
+
# he will be able to access your application without confirming. Default is nil.
|
54
|
+
# When confirm_within is zero, the user won't be able to sign in without confirming.
|
55
|
+
# You can use this to let your user access some features of your application
|
56
|
+
# without confirming the account, but blocking it after a certain period
|
57
|
+
# (ie 2 days).
|
58
|
+
# config.confirm_within = 2.days
|
59
|
+
|
60
|
+
# ==> Configuration for :rememberable
|
61
|
+
# The time the user will be remembered without asking for credentials again.
|
62
|
+
# config.remember_for = 2.weeks
|
63
|
+
|
64
|
+
# If true, a valid remember token can be re-used between multiple browsers.
|
65
|
+
# config.remember_across_browsers = true
|
66
|
+
|
67
|
+
# If true, extends the user's remember period when remembered via cookie.
|
68
|
+
# config.extend_remember_period = false
|
69
|
+
|
70
|
+
# ==> Configuration for :validatable
|
71
|
+
# Range for password length
|
72
|
+
# config.password_length = 6..20
|
73
|
+
|
74
|
+
# Regex to use to validate the email address
|
75
|
+
# config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
|
76
|
+
|
77
|
+
# ==> Configuration for :timeoutable
|
78
|
+
# The time you want to timeout the user session without activity. After this
|
79
|
+
# time the user will be asked for credentials again.
|
80
|
+
# config.timeout_in = 10.minutes
|
81
|
+
|
82
|
+
# ==> Configuration for :lockable
|
83
|
+
# Defines which strategy will be used to lock an account.
|
84
|
+
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
|
85
|
+
# :none = No lock strategy. You should handle locking by yourself.
|
86
|
+
# config.lock_strategy = :failed_attempts
|
87
|
+
|
88
|
+
# Defines which strategy will be used to unlock an account.
|
89
|
+
# :email = Sends an unlock link to the user email
|
90
|
+
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
|
91
|
+
# :both = Enables both strategies
|
92
|
+
# :none = No unlock strategy. You should handle unlocking by yourself.
|
93
|
+
# config.unlock_strategy = :both
|
94
|
+
|
95
|
+
# Number of authentication tries before locking an account if lock_strategy
|
96
|
+
# is failed attempts.
|
97
|
+
# config.maximum_attempts = 20
|
98
|
+
|
99
|
+
# Time interval to unlock the account if :time is enabled as unlock_strategy.
|
100
|
+
# config.unlock_in = 1.hour
|
101
|
+
|
102
|
+
# ==> Configuration for :token_authenticatable
|
103
|
+
# Defines name of the authentication token params key
|
104
|
+
# config.token_authentication_key = :auth_token
|
105
|
+
|
106
|
+
# ==> Scopes configuration
|
107
|
+
# Turn scoped views on. Before rendering "sessions/new", it will first check for
|
108
|
+
# "users/sessions/new". It's turned off by default because it's slower if you
|
109
|
+
# are using only default views.
|
110
|
+
# config.scoped_views = true
|
111
|
+
|
112
|
+
# Configure the default scope given to Warden. By default it's the first
|
113
|
+
# devise role declared in your routes.
|
114
|
+
# config.default_scope = :user
|
115
|
+
|
116
|
+
# Configure sign_out behavior.
|
117
|
+
# By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
|
118
|
+
# In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
|
119
|
+
# config.sign_out_all_scopes = false
|
120
|
+
|
121
|
+
# ==> Navigation configuration
|
122
|
+
# Lists the formats that should be treated as navigational. Formats like
|
123
|
+
# :html, should redirect to the sign in page when the user does not have
|
124
|
+
# access, but formats like :xml or :json, should return 401.
|
125
|
+
# If you have any extra navigational formats, like :iphone or :mobile, you
|
126
|
+
# should add them to the navigational formats lists. Default is [:html]
|
127
|
+
# config.navigational_formats = [:html, :iphone]
|
128
|
+
|
129
|
+
# ==> OAuth2
|
130
|
+
# Add a new OAuth2 provider. Check the README for more information on setting
|
131
|
+
# up on your models and hooks.
|
132
|
+
# config.oauth :github, 'APP_ID', 'APP_SECRET',
|
133
|
+
# :site => 'https://github.com/',
|
134
|
+
# :authorize_path => '/login/oauth/authorize',
|
135
|
+
# :access_token_path => '/login/oauth/access_token',
|
136
|
+
# :scope => %w(user public_repo)
|
137
|
+
|
138
|
+
# ==> Warden configuration
|
139
|
+
# If you want to use other strategies, that are not supported by Devise, or
|
140
|
+
# change the failure app, you can configure them inside the config.warden block.
|
141
|
+
#
|
142
|
+
# config.warden do |manager|
|
143
|
+
# manager.failure_app = AnotherApp
|
144
|
+
# manager.default_strategies(:scope => :user).unshift :some_external_strategy
|
145
|
+
# end
|
146
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
module Spree
|
2
|
+
module Auth
|
3
|
+
# Singleton class to access the shipping configuration object (ActiveShippingConfiguration.first by default) and it's preferences.
|
4
|
+
#
|
5
|
+
# Usage:
|
6
|
+
# Spree::Auth::Config[:foo] # Returns the foo preference
|
7
|
+
# Spree::Auth::Config[] # Returns a Hash with all the tax preferences
|
8
|
+
# Spree::Auth::Config.instance # Returns the configuration object (AuthConfiguration.first)
|
9
|
+
# Spree::Auth::Config.set(preferences_hash) # Set the spree auth preferences as especified in +preference_hash+
|
10
|
+
class Config
|
11
|
+
include Singleton
|
12
|
+
include Spree::PreferenceAccess
|
13
|
+
|
14
|
+
class << self
|
15
|
+
def instance
|
16
|
+
return nil unless ActiveRecord::Base.connection.tables.include?('configurations')
|
17
|
+
SpreeAuthConfiguration.find_or_create_by_name("Default spree_auth configuration")
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module Spree
|
2
|
+
module AuthUser
|
3
|
+
|
4
|
+
# Gives controllers the ability to learn the +auth_user+ as opposed to limiting them to just the standard
|
5
|
+
# +current_user.+ The +auth_user+ method will return the user corresponding to the +guest_token+ if present,
|
6
|
+
# otherwise it will return the +current_user.+ This allows us to check authorization against a guest user
|
7
|
+
# without requiring that user to be signed in via warden/devise. This means the guest can later sign up for
|
8
|
+
# an acccount (or log in to an existing account.)
|
9
|
+
def auth_user
|
10
|
+
return current_user unless session[:guest_token]
|
11
|
+
User.find_by_authentication_token(session[:guest_token])
|
12
|
+
end
|
13
|
+
|
14
|
+
# Overrides the default method used by Cancan so that we can use the guest_token in addition to current_user.
|
15
|
+
def current_ability
|
16
|
+
@current_ability ||= ::Ability.new(auth_user)
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
data/lib/spree_auth.rb
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'spree_core'
|
2
|
+
|
3
|
+
require 'devise'
|
4
|
+
require 'devise/orm/active_record'
|
5
|
+
require 'cancan'
|
6
|
+
|
7
|
+
require 'spree/auth_user'
|
8
|
+
require 'spree/auth/config'
|
9
|
+
|
10
|
+
module SpreeAuth
|
11
|
+
class Engine < Rails::Engine
|
12
|
+
def self.activate
|
13
|
+
Dir.glob(File.join(File.dirname(__FILE__), "../app/**/*_decorator*.rb")) do |c|
|
14
|
+
Rails.env == "production" ? require(c) : load(c)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
config.to_prepare &method(:activate).to_proc
|
18
|
+
end
|
19
|
+
end
|
metadata
ADDED
@@ -0,0 +1,141 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: spree_auth
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: true
|
5
|
+
segments:
|
6
|
+
- 0
|
7
|
+
- 30
|
8
|
+
- 0
|
9
|
+
- beta1
|
10
|
+
version: 0.30.0.beta1
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Sean Schofield
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2010-09-03 00:00:00 -04:00
|
19
|
+
default_executable:
|
20
|
+
dependencies:
|
21
|
+
- !ruby/object:Gem::Dependency
|
22
|
+
name: spree_core
|
23
|
+
prerelease: false
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
25
|
+
requirements:
|
26
|
+
- - "="
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
segments:
|
29
|
+
- 0
|
30
|
+
- 30
|
31
|
+
- 0
|
32
|
+
- beta1
|
33
|
+
version: 0.30.0.beta1
|
34
|
+
type: :runtime
|
35
|
+
version_requirements: *id001
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: devise
|
38
|
+
prerelease: false
|
39
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
40
|
+
requirements:
|
41
|
+
- - ">="
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
segments:
|
44
|
+
- 1
|
45
|
+
- 1
|
46
|
+
- 2
|
47
|
+
version: 1.1.2
|
48
|
+
type: :runtime
|
49
|
+
version_requirements: *id002
|
50
|
+
- !ruby/object:Gem::Dependency
|
51
|
+
name: cancan
|
52
|
+
prerelease: false
|
53
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - ">="
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
segments:
|
58
|
+
- 1
|
59
|
+
- 3
|
60
|
+
- 3
|
61
|
+
version: 1.3.3
|
62
|
+
type: :runtime
|
63
|
+
version_requirements: *id003
|
64
|
+
description: Required dependancy for Spree
|
65
|
+
email: sean@railsdog.com
|
66
|
+
executables: []
|
67
|
+
|
68
|
+
extensions: []
|
69
|
+
|
70
|
+
extra_rdoc_files: []
|
71
|
+
|
72
|
+
files:
|
73
|
+
- LICENSE
|
74
|
+
- README.md
|
75
|
+
- app/controllers/admin_controller_decorator.rb
|
76
|
+
- app/controllers/checkout_controller_decorator.rb
|
77
|
+
- app/controllers/devise/sessions_controller_decorator.rb
|
78
|
+
- app/controllers/orders_controller_decorator.rb
|
79
|
+
- app/controllers/resource_controller_decorator.rb
|
80
|
+
- app/controllers/spree/base_controller_decorator.rb
|
81
|
+
- app/models/ability.rb
|
82
|
+
- app/models/order_decorator.rb
|
83
|
+
- app/models/spree_auth_configuration.rb
|
84
|
+
- app/models/user.rb
|
85
|
+
- app/views/checkout/registration.html.erb
|
86
|
+
- app/views/devise/confirmations/new.html.erb
|
87
|
+
- app/views/devise/mailer/confirmation_instructions.html.erb
|
88
|
+
- app/views/devise/mailer/reset_password_instructions.html.erb
|
89
|
+
- app/views/devise/mailer/unlock_instructions.html.erb
|
90
|
+
- app/views/devise/passwords/edit.html.erb
|
91
|
+
- app/views/devise/passwords/new.html.erb
|
92
|
+
- app/views/devise/registrations/edit.html.erb
|
93
|
+
- app/views/devise/registrations/new.html.erb
|
94
|
+
- app/views/devise/sessions/new.html.erb
|
95
|
+
- app/views/devise/shared/_links.erb
|
96
|
+
- app/views/devise/unlocks/new.html.erb
|
97
|
+
- app/views/shared/_login_bar.html.erb
|
98
|
+
- app/views/shared/unauthorized.html.erb
|
99
|
+
- config/routes.rb
|
100
|
+
- lib/generators/spree_auth/install_generator.rb
|
101
|
+
- lib/generators/templates/db/migrate/20100811003924_switch_to_devise.rb
|
102
|
+
- lib/generators/templates/devise.rb
|
103
|
+
- lib/spree/auth/config.rb
|
104
|
+
- lib/spree/auth_user.rb
|
105
|
+
- lib/spree_auth.rb
|
106
|
+
has_rdoc: true
|
107
|
+
homepage: http://spreecommerce.com
|
108
|
+
licenses: []
|
109
|
+
|
110
|
+
post_install_message:
|
111
|
+
rdoc_options: []
|
112
|
+
|
113
|
+
require_paths:
|
114
|
+
- lib
|
115
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
116
|
+
requirements:
|
117
|
+
- - ">="
|
118
|
+
- !ruby/object:Gem::Version
|
119
|
+
segments:
|
120
|
+
- 1
|
121
|
+
- 8
|
122
|
+
- 7
|
123
|
+
version: 1.8.7
|
124
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
125
|
+
requirements:
|
126
|
+
- - ">"
|
127
|
+
- !ruby/object:Gem::Version
|
128
|
+
segments:
|
129
|
+
- 1
|
130
|
+
- 3
|
131
|
+
- 1
|
132
|
+
version: 1.3.1
|
133
|
+
requirements:
|
134
|
+
- none
|
135
|
+
rubyforge_project: spree_auth
|
136
|
+
rubygems_version: 1.3.6
|
137
|
+
signing_key:
|
138
|
+
specification_version: 3
|
139
|
+
summary: Provides authentication and authorization services for use with Spree.
|
140
|
+
test_files: []
|
141
|
+
|