RubyGems - spree_auth_devise - Versions diffs - 1.3.1 → 3.0.5 - Mend

spree_auth_devise 1.3.1 → 3.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (144) hide show

checksums.yaml +7 -0
data/.gitignore +10 -0
data/.rspec +3 -0
data/.travis.yml +11 -0
data/Gemfile +5 -0
data/{LICENSE → LICENSE.md} +1 -1
data/README.md +86 -10
data/Rakefile +15 -0
data/Versionfile +5 -0
data/app/controllers/metal_decorator.rb +6 -0
data/app/mailers/spree/user_mailer.rb +12 -5
data/app/models/spree/auth_configuration.rb +1 -0
data/app/models/spree/user.rb +17 -50
data/app/overrides/spree/admin/shared/_header/auth_admin_login_navigation_bar.html.erb.deface +4 -0
data/bin/rails +7 -0
data/circle.yml +11 -0
data/config.ru +4 -0
data/config/initializers/devise.rb +3 -8
data/config/initializers/warden.rb +14 -0
data/config/locales/de.yml +40 -37
data/config/locales/en.yml +48 -39
data/config/locales/es.yml +49 -0
data/config/locales/fr.yml +49 -0
data/config/locales/it.yml +76 -0
data/config/locales/nl.yml +41 -46
data/config/locales/pt-BR.yml +51 -0
data/config/locales/tr.yml +49 -0
data/config/routes.rb +32 -15
data/db/default/users.rb +13 -6
data/db/migrate/20140904000425_add_deleted_at_to_users.rb +6 -0
data/db/migrate/20141002154641_add_confirmable_to_users.rb +7 -0
data/lib/assets/javascripts/spree/backend/spree_auth.js.erb +1 -0
data/lib/assets/javascripts/spree/frontend/spree_auth.js.erb +1 -0
data/lib/assets/stylesheets/spree/backend/spree_auth.css.erb +3 -0
data/lib/assets/stylesheets/spree/frontend/spree_auth.css.erb +3 -0
data/lib/controllers/backend/spree/admin/admin_controller_decorator.rb +26 -0
data/lib/controllers/backend/spree/admin/admin_orders_controller_decorator.rb +20 -0
data/{app/controllers → lib/controllers/backend}/spree/admin/admin_resource_controller_decorator.rb +0 -0
data/{app/controllers/spree/admin/admin_orders_controller_decorator.rb → lib/controllers/backend/spree/admin/orders/customer_details_controller_decorator.rb} +3 -2
data/lib/controllers/backend/spree/admin/user_passwords_controller.rb +42 -0
data/lib/controllers/backend/spree/admin/user_sessions_controller.rb +53 -0
data/{app/controllers → lib/controllers/frontend}/spree/checkout_controller_decorator.rb +8 -15
data/lib/controllers/frontend/spree/user_confirmations_controller.rb +14 -0
data/{app/controllers → lib/controllers/frontend}/spree/user_passwords_controller.rb +10 -9
data/{app/controllers → lib/controllers/frontend}/spree/user_registrations_controller.rb +18 -15
data/lib/controllers/frontend/spree/user_sessions_controller.rb +46 -0
data/{app/controllers → lib/controllers/frontend}/spree/users_controller.rb +13 -9
data/lib/generators/spree/auth/install/install_generator.rb +26 -0
data/lib/generators/spree/auth/install/templates/config/initializers/devise.rb +1 -0
data/lib/spree/auth.rb +2 -1
data/lib/spree/auth/devise.rb +7 -0
data/lib/spree/auth/engine.rb +57 -2
data/lib/spree/authentication_helpers.rb +1 -1
data/lib/spree_auth_devise.rb +3 -0
data/lib/views/backend/spree/admin/user_passwords/edit.html.erb +15 -0
data/lib/views/backend/spree/admin/user_passwords/new.html.erb +17 -0
data/lib/views/backend/spree/admin/user_sessions/authorization_failure.html.erb +4 -0
data/lib/views/backend/spree/admin/user_sessions/new.html.erb +38 -0
data/lib/views/backend/spree/layouts/admin/_login_nav.html.erb +33 -0
data/lib/views/backend/spree/layouts/login.html.erb +25 -0
data/lib/views/frontend/spree/checkout/_new_user.html.erb +20 -0
data/lib/views/frontend/spree/checkout/registration.html.erb +27 -0
data/{app/views → lib/views/frontend}/spree/shared/_flashes.html.erb +0 -0
data/lib/views/frontend/spree/shared/_login.html.erb +18 -0
data/lib/views/frontend/spree/shared/_login_bar.html.erb +6 -0
data/lib/views/frontend/spree/shared/_user_form.html.erb +13 -0
data/lib/views/frontend/spree/user_mailer/confirmation_instructions.text.erb +5 -0
data/lib/views/frontend/spree/user_mailer/reset_password_instructions.text.erb +10 -0
data/lib/views/frontend/spree/user_passwords/edit.html.erb +22 -0
data/lib/views/frontend/spree/user_passwords/new.html.erb +21 -0
data/lib/views/frontend/spree/user_registrations/new.html.erb +22 -0
data/lib/views/frontend/spree/user_sessions/new.html.erb +20 -0
data/lib/views/frontend/spree/users/edit.html.erb +17 -0
data/lib/views/frontend/spree/users/show.html.erb +43 -0
data/spec/controllers/spree/admin/orders_controller_spec.rb +14 -0
data/spec/controllers/spree/checkout_controller_spec.rb +141 -0
data/spec/controllers/spree/products_controller_spec.rb +21 -0
data/spec/controllers/spree/user_passwords_controller_spec.rb +44 -0
data/spec/controllers/spree/user_registrations_controller_spec.rb +13 -0
data/spec/controllers/spree/user_sessions_controller_spec.rb +56 -0
data/spec/controllers/spree/users_controller_spec.rb +38 -0
data/spec/factories/confirmed_user.rb +7 -0
data/spec/features/account_spec.rb +58 -0
data/spec/features/admin/orders_spec.rb +28 -0
data/spec/features/admin/password_reset_spec.rb +24 -0
data/spec/features/admin/products_spec.rb +9 -0
data/spec/features/admin/sign_in_spec.rb +45 -0
data/spec/features/admin/sign_out_spec.rb +22 -0
data/spec/features/admin_permissions_spec.rb +46 -0
data/spec/features/change_email_spec.rb +24 -0
data/spec/features/checkout_spec.rb +160 -0
data/spec/features/confirmation_spec.rb +28 -0
data/spec/features/order_spec.rb +62 -0
data/spec/features/password_reset_spec.rb +24 -0
data/spec/features/sign_in_spec.rb +54 -0
data/spec/features/sign_out_spec.rb +25 -0
data/spec/features/sign_up_spec.rb +30 -0
data/spec/mailers/user_mailer_spec.rb +46 -0
data/spec/models/order_spec.rb +26 -0
data/spec/models/user_spec.rb +58 -0
data/spec/spec_helper.rb +24 -0
data/spec/support/ability.rb +15 -0
data/spec/support/authentication_helpers.rb +14 -0
data/spec/support/capybara.rb +7 -0
data/spec/support/confirm_helpers.rb +11 -0
data/spec/support/database_cleaner.rb +18 -0
data/spec/support/email.rb +5 -0
data/spec/support/factory_girl.rb +5 -0
data/spec/support/spree.rb +26 -0
data/spree_auth_devise.gemspec +48 -0
metadata +441 -79
data/app/assets/javascripts/admin/spree_auth.js +0 -1
data/app/assets/javascripts/store/spree_auth.js +0 -1
data/app/assets/stylesheets/admin/spree_auth.css +0 -3
data/app/assets/stylesheets/store/spree_auth.css +0 -3
data/app/controllers/spree/admin/admin_controller_decorator.rb +0 -7
data/app/controllers/spree/admin/admin_users_controller_decorator.rb +0 -21
data/app/controllers/spree/admin/users_controller.rb +0 -77
data/app/controllers/spree/base_controller_decorator.rb +0 -18
data/app/controllers/spree/orders_controller_decorator.rb +0 -15
data/app/controllers/spree/user_sessions_controller.rb +0 -54
data/app/helpers/spree/users_helper.rb +0 -15
data/app/models/spree/current_order_decorator.rb +0 -12
data/app/overrides/admin_tab.rb +0 -6
data/app/overrides/auth_admin_login_navigation_bar.rb +0 -5
data/app/overrides/auth_user_login_form.rb +0 -6
data/app/views/spree/admin/users/_form.html.erb +0 -37
data/app/views/spree/admin/users/edit.html.erb +0 -28
data/app/views/spree/admin/users/index.html.erb +0 -53
data/app/views/spree/admin/users/new.html.erb +0 -23
data/app/views/spree/admin/users/show.html.erb +0 -21
data/app/views/spree/layouts/admin/_login_nav.html.erb +0 -8
data/app/views/spree/shared/_login.html.erb +0 -20
data/app/views/spree/shared/_login_bar.html.erb +0 -6
data/app/views/spree/shared/_user_form.html.erb +0 -17
data/app/views/spree/user_mailer/reset_password_instructions.text.erb +0 -10
data/app/views/spree/user_passwords/edit.html.erb +0 -15
data/app/views/spree/user_passwords/new.html.erb +0 -15
data/app/views/spree/user_registrations/new.html.erb +0 -22
data/app/views/spree/user_sessions/authorization_failure.html.erb +0 -4
data/app/views/spree/user_sessions/new.html.erb +0 -13
data/app/views/spree/users/edit.html.erb +0 -11
data/app/views/spree/users/show.html.erb +0 -43
data/config/initializers/spree.rb +0 -1

data/config/routes.rb CHANGED Viewed

@@ -1,31 +1,48 @@
-Spree::Core::Engine.routes.draw do
-  devise_for :user,
+Spree::Core::Engine.add_routes do
+  devise_for :spree_user,
              :class_name => 'Spree::User',
              :controllers => { :sessions => 'spree/user_sessions',
                                :registrations => 'spree/user_registrations',
-                               :passwords => 'spree/user_passwords' },
+                               :passwords => 'spree/user_passwords',
+                               :confirmations => 'spree/user_confirmations' },
              :skip => [:unlocks, :omniauth_callbacks],
-             :path_names => { :sign_out => 'logout' }
-end
+             :path_names => { :sign_out => 'logout' },
+             :path_prefix => :user
-Spree::Core::Engine.routes.prepend do
   resources :users, :only => [:edit, :update]
-  devise_scope :user do
+  devise_scope :spree_user do
     get '/login' => 'user_sessions#new', :as => :login
+    post '/login' => 'user_sessions#create', :as => :create_new_session
+    get '/logout' => 'user_sessions#destroy', :as => :logout
     get '/signup' => 'user_registrations#new', :as => :signup
+    post '/signup' => 'user_registrations#create', :as => :registration
+    get '/password/recover' => 'user_passwords#new', :as => :recover_password
+    post '/password/recover' => 'user_passwords#create', :as => :reset_password
+    get '/password/change' => 'user_passwords#edit', :as => :edit_password
+    put '/password/change' => 'user_passwords#update', :as => :update_password
+    get '/confirm' => 'user_confirmations#show', :as => :confirmation if Spree::Auth::Config[:confirmable]
   end
-  match '/checkout/registration' => 'checkout#registration', :via => :get, :as => :checkout_registration
-  match '/checkout/registration' => 'checkout#update_registration', :via => :put, :as => :update_checkout_registration
+  get '/checkout/registration' => 'checkout#registration', :as => :checkout_registration
+  put '/checkout/registration' => 'checkout#update_registration', :as => :update_checkout_registration
-  match '/orders/:id/token/:token' => 'orders#show', :via => :get, :as => :token_order
+  resource :account, :controller => 'users'
-  resource :session do
-    member do
-      get :nav_bar
+  namespace :admin do
+    devise_for :spree_user,
+               :class_name => 'Spree::User',
+               :controllers => { :sessions => 'spree/admin/user_sessions',
+                                 :passwords => 'spree/admin/user_passwords' },
+               :skip => [:unlocks, :omniauth_callbacks, :registrations],
+               :path_names => { :sign_out => 'logout' },
+               :path_prefix => :user
+    devise_scope :spree_user do
+      get '/authorization_failure', :to => 'user_sessions#authorization_failure', :as => :unauthorized
+      get '/login' => 'user_sessions#new', :as => :login
+      post '/login' => 'user_sessions#create', :as => :create_new_session
+      get '/logout' => 'user_sessions#destroy', :as => :logout
     end
-  end
-  resource :account, :controller => 'users'
+  end
 end

data/db/default/users.rb CHANGED Viewed

@@ -55,11 +55,19 @@ def create_admin_user
   if Spree::User.find_by_email(email)
     say "\nWARNING: There is already a user with the email: #{email}, so no account changes were made.  If you wish to create an additional admin user, please run rake spree_auth:admin:create again with a different email.\n\n"
   else
-    admin = Spree::User.create(attributes)
-    # create an admin role and and assign the admin user to that role
-    role = Spree::Role.find_or_create_by_name 'admin'
-    admin.spree_roles << role
-    admin.save
+    admin = Spree::User.new(attributes)
+    if admin.save
+      role = Spree::Role.find_or_create_by(name: 'admin')
+      admin.spree_roles << role
+      admin.save
+      admin.generate_spree_api_key!
+      say "Done!"
+    else
+      say "There was some problems with persisting new admin user:"
+      admin.errors.full_messages.each do |error|
+        say error
+      end
+    end
   end
 end
@@ -73,4 +81,3 @@ else
     puts 'No admin user created.'
   end
 end

data/db/migrate/20140904000425_add_deleted_at_to_users.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class AddDeletedAtToUsers < ActiveRecord::Migration
+  def change
+    add_column :spree_users, :deleted_at, :datetime
+    add_index :spree_users, :deleted_at
+  end
+end

data/db/migrate/20141002154641_add_confirmable_to_users.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class AddConfirmableToUsers < ActiveRecord::Migration
+  def change
+    add_column :spree_users, :confirmation_token, :string
+    add_column :spree_users, :confirmed_at, :datetime
+    add_column :spree_users, :confirmation_sent_at, :datetime
+  end
+end

data/lib/assets/javascripts/spree/backend/spree_auth.js.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ //= require spree/backend

data/lib/assets/javascripts/spree/frontend/spree_auth.js.erb ADDED Viewed

	@@ -0,0 +1 @@
1	+ //= require spree/frontend

data/lib/assets/stylesheets/spree/backend/spree_auth.css.erb ADDED Viewed

@@ -0,0 +1,3 @@
+/*
+ *= require spree/backend
+*/

data/lib/assets/stylesheets/spree/frontend/spree_auth.css.erb ADDED Viewed

@@ -0,0 +1,3 @@
+/*
+ *= require spree/frontend
+*/

data/lib/controllers/backend/spree/admin/admin_controller_decorator.rb ADDED Viewed

@@ -0,0 +1,26 @@
+Spree::Admin::BaseController.class_eval do
+  # Redirect as appropriate when an access request fails.  The default action is to redirect to the login screen.
+  # Override this method in your controllers if you want to have special behavior in case the user is not authorized
+  # to access the requested action.  For example, a popup window might simply close itself.
+  def unauthorized
+    if try_spree_current_user
+      flash[:error] = Spree.t(:authorization_failure)
+      redirect_to spree.admin_unauthorized_path
+    else
+      store_location
+      redirect_to spree.admin_login_path
+    end
+  end
+  protected
+    def model_class
+      const_name = controller_name.classify
+      if Spree.const_defined?(const_name, false)
+        return "Spree::#{const_name}".constantize
+      end
+      nil
+    end
+end

data/lib/controllers/backend/spree/admin/admin_orders_controller_decorator.rb ADDED Viewed

@@ -0,0 +1,20 @@
+Spree::Admin::OrdersController.class_eval do
+  before_filter :check_authorization
+  private
+    def load_order_action
+      [:edit, :update, :cancel, :resume, :approve, :resend, :open_adjustments, :close_adjustments, :cart]
+    end
+    def check_authorization
+      action = params[:action].to_sym
+      if load_order_action.include?(action)
+        load_order
+        session[:access_token] ||= params[:token]
+        resource = @order || Spree::Order.new
+        authorize! action, resource, session[:access_token]
+      else
+        authorize! :index, Spree::Order
+      end
+    end
+end

data/{app/controllers → lib/controllers/backend}/spree/admin/admin_resource_controller_decorator.rb RENAMED Viewed

File without changes

data/{app/controllers/spree/admin/admin_orders_controller_decorator.rb → lib/controllers/backend/spree/admin/orders/customer_details_controller_decorator.rb} RENAMED Viewed

@@ -1,4 +1,4 @@
-Spree::Admin::OrdersController.class_eval do
+Spree::Admin::Orders::CustomerDetailsController.class_eval do
   before_filter :check_authorization
   private
@@ -6,8 +6,9 @@ Spree::Admin::OrdersController.class_eval do
       load_order
       session[:access_token] ||= params[:token]
-      resource = @order || Spree::Order.new
+      resource = @order
       action = params[:action].to_sym
+      action = :edit if action == :show # show route renders :edit for this controller
       authorize! action, resource, session[:access_token]
     end

data/lib/controllers/backend/spree/admin/user_passwords_controller.rb ADDED Viewed

@@ -0,0 +1,42 @@
+class Spree::Admin::UserPasswordsController < Devise::PasswordsController
+  helper 'spree/base'
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Store
+  helper 'spree/admin/navigation'
+  helper 'spree/admin/tables'
+  layout 'spree/layouts/admin'
+  # Overridden due to bug in Devise.
+  #   respond_with resource, :location => new_session_path(resource_name)
+  # is generating bad url /session/new.user
+  #
+  # overridden to:
+  #   respond_with resource, :location => spree.login_path
+  #
+  def create
+    self.resource = resource_class.send_reset_password_instructions(params[resource_name])
+    if resource.errors.empty?
+      set_flash_message(:notice, :send_instructions) if is_navigational_format?
+      respond_with resource, :location => spree.admin_login_path
+    else
+      respond_with_navigational(resource) { render :new }
+    end
+  end
+  # Devise::PasswordsController allows for blank passwords.
+  # Silly Devise::PasswordsController!
+  # Fixes spree/spree#2190.
+  def update
+    if params[:spree_user][:password].blank?
+      set_flash_message(:error, :cannot_be_blank)
+      render :edit
+    else
+      super
+    end
+  end
+end

data/lib/controllers/backend/spree/admin/user_sessions_controller.rb ADDED Viewed

@@ -0,0 +1,53 @@
+class Spree::Admin::UserSessionsController < Devise::SessionsController
+  helper 'spree/base'
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Store
+  helper 'spree/admin/navigation'
+  helper 'spree/admin/tables'
+  layout :resolve_layout
+  def create
+    authenticate_spree_user!
+    if spree_user_signed_in?
+      respond_to do |format|
+        format.html {
+          flash[:success] = Spree.t(:logged_in_succesfully)
+          redirect_back_or_default(after_sign_in_path_for(spree_current_user))
+        }
+        format.js {
+          user = resource.record
+          render :json => {:ship_address => user.ship_address, :bill_address => user.bill_address}.to_json
+        }
+      end
+    else
+      flash.now[:error] = t('devise.failure.invalid')
+      render :new
+    end
+  end
+  def authorization_failure
+  end
+  private
+    def accurate_title
+      Spree.t(:login)
+    end
+    def redirect_back_or_default(default)
+      redirect_to(session["spree_user_return_to"] || default)
+      session["spree_user_return_to"] = nil
+    end
+    def resolve_layout
+      case action_name
+      when "new", "create"
+        "spree/layouts/login"
+      else
+        "spree/layouts/admin"
+      end
+    end
+end

data/{app/controllers → lib/controllers/frontend}/spree/checkout_controller_decorator.rb RENAMED Viewed

@@ -1,33 +1,33 @@
+require 'spree/core/validators/email'
 Spree::CheckoutController.class_eval do
   before_filter :check_authorization
   before_filter :check_registration, :except => [:registration, :update_registration]
-  helper 'spree/users'
   def registration
     @user = Spree::User.new
   end
   def update_registration
-    fire_event("spree.user.signup", :order => current_order)
-    # hack - temporarily change the state to something other than cart so we can validate the order email address
-    current_order.state = 'address'
-    if current_order.update_attributes(params[:order])
-      redirect_to checkout_path
+    if params[:order][:email] =~ Devise.email_regexp && current_order.update_attribute(:email, params[:order][:email])
+      redirect_to spree.checkout_path
     else
+      flash[:registration_error] = t(:email_is_invalid, :scope => [:errors, :messages])
       @user = Spree::User.new
       render 'registration'
     end
   end
   private
+    def order_params
+      params[:order] ? params.require(:order).permit(:email) : {}
+    end
     def skip_state_validation?
       %w(registration update_registration).include?(params[:action])
     end
     def check_authorization
-      authorize!(:edit, current_order, session[:access_token])
+      authorize!(:edit, current_order, cookies.signed[:guest_token])
     end
     # Introduces a registration step whenever the +registration_step+ preference is true.
@@ -37,11 +37,4 @@ Spree::CheckoutController.class_eval do
       store_location
       redirect_to spree.checkout_registration_path
     end
-    # Overrides the equivalent method defined in Spree::Core.  This variation of the method will ensure that users
-    # are redirected to the tokenized order url unless authenticated as a registered user.
-    def completion_route
-      return order_path(@order) if spree_current_user
-      spree.token_order_path(@order, @order.token)
-    end
 end

data/lib/controllers/frontend/spree/user_confirmations_controller.rb ADDED Viewed

@@ -0,0 +1,14 @@
+class Spree::UserConfirmationsController < Devise::ConfirmationsController
+  helper 'spree/base'
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
+  protected
+  def after_confirmation_path_for(resource_name, resource)
+    signed_in?(resource_name) ? signed_in_root_path(resource) : spree.login_path
+  end
+end

data/{app/controllers → lib/controllers/frontend}/spree/user_passwords_controller.rb RENAMED Viewed

@@ -1,16 +1,10 @@
 class Spree::UserPasswordsController < Devise::PasswordsController
-  include SslRequirement
-  helper 'spree/users', 'spree/base'
-  if defined?(Spree::Dash)
-    helper 'spree/analytics'
-  end
+  helper 'spree/base'
   include Spree::Core::ControllerHelpers::Auth
   include Spree::Core::ControllerHelpers::Common
   include Spree::Core::ControllerHelpers::Order
-  ssl_required
+  include Spree::Core::ControllerHelpers::Store
   # Overridden due to bug in Devise.
   #   respond_with resource, :location => new_session_path(resource_name)
@@ -34,7 +28,9 @@ class Spree::UserPasswordsController < Devise::PasswordsController
   # Silly Devise::PasswordsController!
   # Fixes spree/spree#2190.
   def update
-    if params[:user][:password].blank?
+    if params[:spree_user][:password].blank?
+      self.resource = resource_class.new
+      resource.reset_password_token = params[:spree_user][:reset_password_token]
       set_flash_message(:error, :cannot_be_blank)
       render :edit
     else
@@ -42,4 +38,9 @@ class Spree::UserPasswordsController < Devise::PasswordsController
     end
   end
+  protected
+  def new_session_path(resource_name)
+    spree.send("new_#{resource_name}_session_path")
+  end
 end

data/{app/controllers → lib/controllers/frontend}/spree/user_registrations_controller.rb RENAMED Viewed

@@ -1,34 +1,31 @@
 class Spree::UserRegistrationsController < Devise::RegistrationsController
-  include SslRequirement
-  helper 'spree/users', 'spree/base'
-  if defined?(Spree::Dash)
-    helper 'spree/analytics'
-  end
+  helper 'spree/base'
   include Spree::Core::ControllerHelpers::Auth
   include Spree::Core::ControllerHelpers::Common
   include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
-  ssl_required
   before_filter :check_permissions, :only => [:edit, :update]
   skip_before_filter :require_no_authentication
   # GET /resource/sign_up
   def new
     super
+    @user = resource
   end
   # POST /resource/sign_up
   def create
-    @user = build_resource(params[:user])
+    @user = build_resource(spree_user_params)
     if resource.save
       set_flash_message(:notice, :signed_up)
-      sign_in(:user, @user)
+      if current_order
+        current_order.associate_user! @user
+      end
+      sign_in(:spree_user, @user)
       session[:spree_user_signup] = true
-      associate_user
-      sign_in_and_redirect(:user, @user)
+      respond_with resource, location: after_sign_up_path_for(resource)
     else
       clean_up_passwords(resource)
       render :new
@@ -60,8 +57,14 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
   end
   protected
-    def check_permissions
-      authorize!(:create, resource)
-    end
+  def check_permissions
+    authorize!(:create, resource)
+  end
+  private
+  def spree_user_params
+    params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes)
+  end
 end