spree_auth_devise 1.3.1 → 3.0.5

data/lib/views/frontend/spree/shared/_login.html.erb

@@ -0,0 +1,18 @@
+<%= form_for Spree::User.new, :as => :spree_user, :url => spree.create_new_session_path do |f| %>
+  <div id="password-credentials">
+    <p>
+      <%= f.label :email, Spree.t(:email) %><br />
+      <%= f.email_field :email, :class => 'form-control', :tabindex => 1, autofocus: true %>
+    </p>
+    <p>
+      <%= f.label :password, Spree.t(:password) %><br />
+      <%= f.password_field :password, :class => 'form-control', :tabindex => 2 %>
+    </p>
+  </div>
+  <p>
+    <%= f.check_box :remember_me, :tabindex => 3 %>
+    <%= f.label :remember_me, Spree.t(:remember_me) %>
+  </p>
+
+  <p><%= f.submit Spree.t(:login), :class => 'btn btn-lg btn-success btn-block', :tabindex => 4 %></p>
+<% end %>

data/lib/views/frontend/spree/shared/_login_bar.html.erb

@@ -0,0 +1,6 @@
+<% if spree_current_user %>
+  <li><%= link_to Spree.t(:my_account), spree.account_path %></li>
+  <li><%= link_to Spree.t(:logout), spree.logout_path %></li>
+<% else %>
+  <li id="link-to-login"><%= link_to Spree.t(:login), spree.login_path %></li>
+<% end %>

data/lib/views/frontend/spree/shared/_user_form.html.erb

@@ -0,0 +1,13 @@
+<fieldset id="password-credentials">
+  <div class="form-group">
+    <%= f.email_field :email, :class => 'form-control', :placeholder => Spree.t(:email) %>
+  </div>
+  <hr />
+  <div class="form-group">
+    <%= f.password_field :password, :class => 'form-control', :placeholder => Spree.t(:password) %>
+  </div> 
+  <div class="form-group">
+    <%= f.password_field :password_confirmation, :class => 'form-control', :placeholder => Spree.t(:confirm_password) %>
+  </div> 
+</fieldset>
+<div data-hook="signup_below_password_fields"></div>

data/lib/views/frontend/spree/user_mailer/confirmation_instructions.text.erb

@@ -0,0 +1,5 @@
+Welcome <%= @email %>!
+
+You can confirm your account email through the url below:
+
+<%= @confirmation_url %>

data/lib/views/frontend/spree/user_mailer/reset_password_instructions.text.erb

@@ -0,0 +1,10 @@
+A request to reset your password has been made.
+If you did not make this request, simply ignore this email.
+
+If you did make this request just click the link below:
+
+<%= @edit_password_reset_url %>
+
+If the above URL does not work try copying and pasting it into your browser.
+If you continue to have problems please feel free to contact us.
+

data/lib/views/frontend/spree/user_passwords/edit.html.erb

@@ -0,0 +1,22 @@
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @spree_user } %>
+<div class="col-md-6 col-md-offset-3">
+  <div class="panel panel-default">
+    <div class="panel-heading">
+      <h3 class="panel-title"><%= Spree.t(:change_your_password) %></h3>
+    </div>
+    <div class="panel-body">
+      <%= form_for @spree_user, :as => :spree_user, :url => spree.update_password_path, :method => :put do |f| %>
+        <p>
+          <%= f.label :password, Spree.t(:password) %><br />
+          <%= f.password_field :password, :class => "form-control" %><br />
+        </p>
+        <p>
+          <%= f.label :password_confirmation, Spree.t(:confirm_password) %><br />
+          <%= f.password_field :password_confirmation, :class => "form-control" %><br />
+        </p>
+        <%= f.hidden_field :reset_password_token %>
+        <%= f.submit Spree.t(:update), :class => 'btn btn-lg btn-success btn-block' %>
+      <% end %>
+    </div>
+  </div>
+</div>

data/lib/views/frontend/spree/user_passwords/new.html.erb

@@ -0,0 +1,21 @@
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @spree_user } %>
+<div class="col-md-6 col-md-offset-3" id="forgot-password">
+  <div class="panel panel-default">
+    <div class="panel-heading">
+      <h3 class="panel-title"><%= Spree.t(:forgot_password) %></h3>
+    </div>
+    <div class="panel-body">
+      <p><%= Spree.t(:instructions_to_reset_password) %></p>
+
+      <%= form_for Spree::User.new, :as => :spree_user, :url => spree.reset_password_path do |f| %>
+        <p>
+          <%= f.label :email, Spree.t(:email) %><br />
+          <%= f.email_field :email, :class => "form-control" %>
+        </p>
+        <p>
+          <%= f.submit Spree.t(:reset_password), :class => 'btn btn-lg btn-success btn-block' %>
+        </p>
+      <% end %>
+    </div>
+  </div>
+</div>

data/lib/views/frontend/spree/user_registrations/new.html.erb

@@ -0,0 +1,22 @@
+<% @body_id = 'signup' %>
+<%= render :partial => 'spree/shared/error_messages', :locals => { :target => @user } %>
+<div class="col-md-6 col-md-offset-3">
+  <div class="panel panel-default">
+      <div class="panel-heading">
+        <h3 class="panel-title"><%= Spree.t(:new_customer) %></h3>
+    </div>
+      <div id="new-customer" class="panel-body" data-hook="login">
+          <%= form_for resource, :as => :spree_user, :url => spree.registration_path do |f| %>
+            <div data-hook="signup_inside_form">
+              <%= render :partial => 'spree/shared/user_form', :locals => { :f => f } %>
+              <p><%= f.submit Spree.t(:create), :class => 'btn btn-lg btn-success btn-block' %></p>
+            </div>
+          <% end %>
+          <div class="text-center">
+            <%= Spree.t(:or) %> 
+              <%= link_to Spree.t(:login_as_existing), spree.login_path %>
+          </div>
+          <div data-hook="login_extras"></div>
+      </div>
+  </div>
+</div>

data/lib/views/frontend/spree/user_sessions/new.html.erb

@@ -0,0 +1,20 @@
+<% @body_id = 'login' %>
+<div class="col-md-6 <%= request.path == spree.login_path ? "col-md-offset-3" : "" %>">
+  <div class="panel panel-default">
+      <div class="panel-heading">
+        <h3 class="panel-title"><%= Spree.t(:login_as_existing) %></h3>
+    </div>
+      <div id="existing-customer" class="panel-body" data-hook="login">
+          <% if flash[:alert] %>
+            <div class="alert alert-danger"><%= flash[:alert] %></div>
+          <% end %>
+          <%= render :partial => 'spree/shared/login' %>
+          <div class="text-center">
+            <%= Spree.t(:or) %> 
+                <%= link_to Spree.t(:create_a_new_account), spree.signup_path %> |
+                <%= link_to Spree.t(:forgot_password), spree.recover_password_path %>
+          </div>
+          <div data-hook="login_extras"></div>
+      </div>
+  </div>
+</div>

data/lib/views/frontend/spree/users/edit.html.erb

@@ -0,0 +1,17 @@
+<div class="col-md-6 col-md-offset-3">
+  <div class="panel panel-default">
+    <div class="panel-heading">
+      <h3 class="panel-title"><%= Spree.t(:editing_user) %></h3>
+    </div>
+    <div class="panel-body">
+      <%= render :partial => 'spree/shared/error_messages', :locals => { :target => @user } %>
+      
+      <%= form_for Spree::User.new, :as => @user, :url => spree.user_path(@user), :method => :put do |f| %>
+        <%= render :partial => 'spree/shared/user_form', :locals => { :f => f } %>
+        <p>
+          <%= f.submit Spree.t(:update), :class => 'btn btn-primary' %>
+        </p>
+      <% end %>
+    </div>
+  </div>
+</div>

data/lib/views/frontend/spree/users/show.html.erb

@@ -0,0 +1,43 @@
+<h1><%= accurate_title %></h1>
+
+<div data-hook="account_summary" class="account-summary well">
+  <dl id="user-info">
+    <dt><%= Spree.t(:email) %></dt>
+    <dd><%= @user.email %> (<%= link_to Spree.t(:edit), spree.edit_account_path %>)</dd>
+  </dl>
+</div>
+
+<div data-hook="account_my_orders" class="account-my-orders">
+
+  <h3><%= Spree.t(:my_orders) %></h3>
+  <% if @orders.present? %>
+    <table class="table table-striped order-summary">
+      <thead class="active">
+      <tr>
+        <th class="order-number"><%= Spree::Order.human_attribute_name(:number) %></th>
+        <th class="order-date"><%= Spree.t(:date) %></th>
+        <th class="order-status"><%= Spree.t(:status) %></th>
+        <th class="order-payment-state"><%= Spree.t(:payment_state) %></th>
+        <th class="order-shipment-state"><%= Spree.t(:shipment_state) %></th>
+        <th class="order-total"><%= Spree.t(:total) %></th>
+      </tr>
+      </thead>
+      <tbody>
+      <% @orders.each do |order| %>
+        <tr>
+          <td class="order-number"><%= link_to order.number, order_url(order) %></td>
+          <td class="order-date"><%= l order.completed_at.to_date %></td>
+          <td class="order-status"><%= Spree.t("order_state.#{order.state}").titleize %></td>
+          <td class="order-payment-state"><%= Spree.t("payment_states.#{order.payment_state}").titleize if order.payment_state %></td>
+          <td class="order-shipment-state"><%= Spree.t("shipment_states.#{order.shipment_state}").titleize if order.shipment_state %></td>
+          <td class="lead text-primary order-total"><%= order.display_total %></td>
+        </tr>
+      <% end %>
+      </tbody>
+    </table>
+  <% else %>
+    <div class="alert alert-info"><%= Spree.t(:you_have_no_orders_yet) %></div>
+  <% end %>
+  <br />
+
+</div>

data/spec/controllers/spree/admin/orders_controller_spec.rb

@@ -0,0 +1,14 @@
+module Spree
+  module Admin
+    RSpec.describe OrdersController, type: :controller do
+      stub_authorization!
+
+      context '#authorize_admin' do
+        it 'grants access to users with an admin role' do
+          spree_get :new
+          expect(response).to redirect_to spree.cart_admin_order_path(Order.last)
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/checkout_controller_spec.rb

@@ -0,0 +1,141 @@
+RSpec.describe Spree::CheckoutController, type: :controller do
+
+  let(:order) { create(:order_with_totals, email: nil, user: nil) }
+  let(:user)  { build(:user, spree_api_key: 'fake') }
+  let(:token) { 'some_token' }
+
+  before do
+    allow(controller).to receive(:current_order) { order }
+    allow(order).to receive(:confirmation_required?) { true }
+  end
+
+  context '#edit' do
+    context 'when registration step enabled' do
+      before do
+        allow(controller).to receive(:check_authorization)
+        Spree::Auth::Config.set(registration_step: true)
+      end
+
+      context 'when authenticated as registered user' do
+        before { allow(controller).to receive(:spree_current_user) { user } }
+
+        it 'proceeds to the first checkout step' do
+          spree_get :edit, { state: 'address' }
+          expect(response).to render_template :edit
+        end
+      end
+
+      context 'when authenticated as guest' do
+        it 'redirects to registration step' do
+          spree_get :edit, { state: 'address' }
+          expect(response).to redirect_to spree.checkout_registration_path
+        end
+      end
+    end
+
+    context 'when registration step disabled' do
+      before do
+        Spree::Auth::Config.set(registration_step: false)
+        allow(controller).to receive(:check_authorization)
+      end
+
+      context 'when authenticated as registered' do
+        before { allow(controller).to receive(:spree_current_user) { user } }
+
+        it 'proceeds to the first checkout step' do
+          spree_get :edit, { state: 'address' }
+          expect(response).to render_template :edit
+        end
+      end
+
+      context 'when authenticated as guest' do
+        it 'proceeds to the first checkout step' do
+          spree_get :edit, { state: 'address' }
+          expect(response).to render_template :edit
+        end
+      end
+    end
+  end
+
+  context '#update' do
+    context 'when in the confirm state' do
+      before do
+        order.update_column(:email, 'spree@example.com')
+        order.update_column(:state, 'confirm')
+
+        # So that the order can transition to complete successfully
+        allow(order).to receive(:payment_required?) { false }
+      end
+
+      context 'with a token' do
+        before { allow(order).to receive(:guest_token) { 'ABC' } }
+
+        it 'redirects to the tokenized order view' do
+          request.cookie_jar.signed[:guest_token] = 'ABC'
+          spree_post :update, { state: 'confirm' }
+          expect(response).to redirect_to spree.order_path(order)
+          expect(flash.notice).to eq Spree.t(:order_processed_successfully)
+        end
+      end
+
+      context 'with a registered user' do
+        before do
+          allow(controller).to receive(:spree_current_user) { user }
+          allow(order).to receive(:user) { user }
+          allow(order).to receive(:guest_token) { nil }
+        end
+
+        it 'redirects to the standard order view' do
+          spree_post :update, { state: 'confirm' }
+          expect(response).to redirect_to spree.order_path(order)
+        end
+      end
+    end
+  end
+
+  context '#registration' do
+    it 'does not check registration' do
+      allow(controller).to receive(:check_authorization)
+      expect(controller).not_to receive(:check_registration)
+      spree_get :registration
+    end
+
+    it 'checks if the user is authorized for :edit' do
+      expect(controller).to receive(:authorize!).with(:edit, order, token)
+      request.cookie_jar.signed[:guest_token] = token
+      spree_get :registration, {}
+    end
+  end
+
+  context '#update_registration' do
+    let(:user) { build(:user) }
+
+    it 'does not check registration' do
+      controller.stub :check_authorization
+      order.stub update_attributes: true
+      controller.should_not_receive :check_registration
+      spree_put :update_registration, { order: { } }
+    end
+
+    it 'renders the registration view if unable to save' do
+      allow(controller).to receive(:check_authorization)
+      spree_put :update_registration, { order: { email: 'invalid' } }
+      expect(flash[:registration_error]).to eq I18n.t(:email_is_invalid, scope: [:errors, :messages])
+      expect(response).to render_template :registration
+    end
+
+    it 'redirects to the checkout_path after saving' do
+      allow(order).to receive(:update_attributes) { true }
+      allow(controller).to receive(:check_authorization)
+      spree_put :update_registration, { order: { email: 'jobs@spreecommerce.com' } }
+      expect(response).to redirect_to spree.checkout_path
+    end
+
+    it 'checks if the user is authorized for :edit' do
+      request.cookie_jar.signed[:guest_token] = token
+      allow(order).to receive(:update_attributes) { true }
+      expect(controller).to receive(:authorize!).with(:edit, order, token)
+      spree_put :update_registration, { order: { email: 'jobs@spreecommerce.com' } }
+    end
+  end
+end

data/spec/controllers/spree/products_controller_spec.rb

@@ -0,0 +1,21 @@
+RSpec.describe Spree::ProductsController, type: :controller do
+
+  let!(:product) { create(:product, available_on: 1.year.from_now) }
+  let!(:user)    { build(:user, spree_api_key: 'fake') }
+
+  it 'allows admins to view non-active products' do
+    allow(controller).to receive(:before_save_new_order)
+    allow(controller).to receive(:spree_current_user) { user }
+    allow(user).to receive(:has_spree_role?) { true }
+    spree_get :show, id: product.to_param
+    expect(response.status).to eq(200)
+  end
+
+  it 'cannot view non-active products' do
+    allow(controller).to receive(:before_save_new_order)
+    allow(controller).to receive(:spree_current_user) { user }
+    allow(user).to receive(:has_spree_role?) { false }
+    spree_get :show, id: product.to_param
+    expect(response.status).to eq(404)
+  end
+end

data/spec/controllers/spree/user_passwords_controller_spec.rb

@@ -0,0 +1,44 @@
+RSpec.describe Spree::UserPasswordsController, type: :controller do
+
+  let(:token) { 'some_token' }
+
+  before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
+
+  describe 'GET edit' do
+    context 'when the user token has not been specified' do
+      it 'redirects to the new session path' do
+        spree_get :edit
+        expect(response).to redirect_to(
+          'http://test.host/user/spree_user/sign_in'
+        )
+      end
+
+      it 'flashes an error' do
+        spree_get :edit
+        expect(flash[:alert]).to include(
+          "You can't access this page without coming from a password reset " +
+          'email'
+        )
+      end
+    end
+
+    context 'when the user token has been specified' do
+      it 'does something' do
+        spree_get :edit, reset_password_token: token
+        expect(response.code).to eq('200')
+      end
+    end
+  end
+
+  context '#update' do
+    context 'when updating password with blank password' do
+      it 'shows error flash message, sets spree_user with token and re-displays password edit form' do
+        spree_put :update, { spree_user: { password: '', password_confirmation: '', reset_password_token: token } }
+        expect(assigns(:spree_user).kind_of?(Spree::User)).to eq true
+        expect(assigns(:spree_user).reset_password_token).to eq token
+        expect(flash[:error]).to eq I18n.t(:cannot_be_blank, scope: [:devise, :user_passwords, :spree_user])
+        expect(response).to render_template :edit
+      end
+    end
+  end
+end