spree_auth_devise 1.3.1 → 3.0.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of spree_auth_devise might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/.gitignore +10 -0
- data/.rspec +3 -0
- data/.travis.yml +11 -0
- data/Gemfile +5 -0
- data/{LICENSE → LICENSE.md} +1 -1
- data/README.md +86 -10
- data/Rakefile +15 -0
- data/Versionfile +5 -0
- data/app/controllers/metal_decorator.rb +6 -0
- data/app/mailers/spree/user_mailer.rb +12 -5
- data/app/models/spree/auth_configuration.rb +1 -0
- data/app/models/spree/user.rb +17 -50
- data/app/overrides/spree/admin/shared/_header/auth_admin_login_navigation_bar.html.erb.deface +4 -0
- data/bin/rails +7 -0
- data/circle.yml +11 -0
- data/config.ru +4 -0
- data/config/initializers/devise.rb +3 -8
- data/config/initializers/warden.rb +14 -0
- data/config/locales/de.yml +40 -37
- data/config/locales/en.yml +48 -39
- data/config/locales/es.yml +49 -0
- data/config/locales/fr.yml +49 -0
- data/config/locales/it.yml +76 -0
- data/config/locales/nl.yml +41 -46
- data/config/locales/pt-BR.yml +51 -0
- data/config/locales/tr.yml +49 -0
- data/config/routes.rb +32 -15
- data/db/default/users.rb +13 -6
- data/db/migrate/20140904000425_add_deleted_at_to_users.rb +6 -0
- data/db/migrate/20141002154641_add_confirmable_to_users.rb +7 -0
- data/lib/assets/javascripts/spree/backend/spree_auth.js.erb +1 -0
- data/lib/assets/javascripts/spree/frontend/spree_auth.js.erb +1 -0
- data/lib/assets/stylesheets/spree/backend/spree_auth.css.erb +3 -0
- data/lib/assets/stylesheets/spree/frontend/spree_auth.css.erb +3 -0
- data/lib/controllers/backend/spree/admin/admin_controller_decorator.rb +26 -0
- data/lib/controllers/backend/spree/admin/admin_orders_controller_decorator.rb +20 -0
- data/{app/controllers → lib/controllers/backend}/spree/admin/admin_resource_controller_decorator.rb +0 -0
- data/{app/controllers/spree/admin/admin_orders_controller_decorator.rb → lib/controllers/backend/spree/admin/orders/customer_details_controller_decorator.rb} +3 -2
- data/lib/controllers/backend/spree/admin/user_passwords_controller.rb +42 -0
- data/lib/controllers/backend/spree/admin/user_sessions_controller.rb +53 -0
- data/{app/controllers → lib/controllers/frontend}/spree/checkout_controller_decorator.rb +8 -15
- data/lib/controllers/frontend/spree/user_confirmations_controller.rb +14 -0
- data/{app/controllers → lib/controllers/frontend}/spree/user_passwords_controller.rb +10 -9
- data/{app/controllers → lib/controllers/frontend}/spree/user_registrations_controller.rb +18 -15
- data/lib/controllers/frontend/spree/user_sessions_controller.rb +46 -0
- data/{app/controllers → lib/controllers/frontend}/spree/users_controller.rb +13 -9
- data/lib/generators/spree/auth/install/install_generator.rb +26 -0
- data/lib/generators/spree/auth/install/templates/config/initializers/devise.rb +1 -0
- data/lib/spree/auth.rb +2 -1
- data/lib/spree/auth/devise.rb +7 -0
- data/lib/spree/auth/engine.rb +57 -2
- data/lib/spree/authentication_helpers.rb +1 -1
- data/lib/spree_auth_devise.rb +3 -0
- data/lib/views/backend/spree/admin/user_passwords/edit.html.erb +15 -0
- data/lib/views/backend/spree/admin/user_passwords/new.html.erb +17 -0
- data/lib/views/backend/spree/admin/user_sessions/authorization_failure.html.erb +4 -0
- data/lib/views/backend/spree/admin/user_sessions/new.html.erb +38 -0
- data/lib/views/backend/spree/layouts/admin/_login_nav.html.erb +33 -0
- data/lib/views/backend/spree/layouts/login.html.erb +25 -0
- data/lib/views/frontend/spree/checkout/_new_user.html.erb +20 -0
- data/lib/views/frontend/spree/checkout/registration.html.erb +27 -0
- data/{app/views → lib/views/frontend}/spree/shared/_flashes.html.erb +0 -0
- data/lib/views/frontend/spree/shared/_login.html.erb +18 -0
- data/lib/views/frontend/spree/shared/_login_bar.html.erb +6 -0
- data/lib/views/frontend/spree/shared/_user_form.html.erb +13 -0
- data/lib/views/frontend/spree/user_mailer/confirmation_instructions.text.erb +5 -0
- data/lib/views/frontend/spree/user_mailer/reset_password_instructions.text.erb +10 -0
- data/lib/views/frontend/spree/user_passwords/edit.html.erb +22 -0
- data/lib/views/frontend/spree/user_passwords/new.html.erb +21 -0
- data/lib/views/frontend/spree/user_registrations/new.html.erb +22 -0
- data/lib/views/frontend/spree/user_sessions/new.html.erb +20 -0
- data/lib/views/frontend/spree/users/edit.html.erb +17 -0
- data/lib/views/frontend/spree/users/show.html.erb +43 -0
- data/spec/controllers/spree/admin/orders_controller_spec.rb +14 -0
- data/spec/controllers/spree/checkout_controller_spec.rb +141 -0
- data/spec/controllers/spree/products_controller_spec.rb +21 -0
- data/spec/controllers/spree/user_passwords_controller_spec.rb +44 -0
- data/spec/controllers/spree/user_registrations_controller_spec.rb +13 -0
- data/spec/controllers/spree/user_sessions_controller_spec.rb +56 -0
- data/spec/controllers/spree/users_controller_spec.rb +38 -0
- data/spec/factories/confirmed_user.rb +7 -0
- data/spec/features/account_spec.rb +58 -0
- data/spec/features/admin/orders_spec.rb +28 -0
- data/spec/features/admin/password_reset_spec.rb +24 -0
- data/spec/features/admin/products_spec.rb +9 -0
- data/spec/features/admin/sign_in_spec.rb +45 -0
- data/spec/features/admin/sign_out_spec.rb +22 -0
- data/spec/features/admin_permissions_spec.rb +46 -0
- data/spec/features/change_email_spec.rb +24 -0
- data/spec/features/checkout_spec.rb +160 -0
- data/spec/features/confirmation_spec.rb +28 -0
- data/spec/features/order_spec.rb +62 -0
- data/spec/features/password_reset_spec.rb +24 -0
- data/spec/features/sign_in_spec.rb +54 -0
- data/spec/features/sign_out_spec.rb +25 -0
- data/spec/features/sign_up_spec.rb +30 -0
- data/spec/mailers/user_mailer_spec.rb +46 -0
- data/spec/models/order_spec.rb +26 -0
- data/spec/models/user_spec.rb +58 -0
- data/spec/spec_helper.rb +24 -0
- data/spec/support/ability.rb +15 -0
- data/spec/support/authentication_helpers.rb +14 -0
- data/spec/support/capybara.rb +7 -0
- data/spec/support/confirm_helpers.rb +11 -0
- data/spec/support/database_cleaner.rb +18 -0
- data/spec/support/email.rb +5 -0
- data/spec/support/factory_girl.rb +5 -0
- data/spec/support/spree.rb +26 -0
- data/spree_auth_devise.gemspec +48 -0
- metadata +441 -79
- data/app/assets/javascripts/admin/spree_auth.js +0 -1
- data/app/assets/javascripts/store/spree_auth.js +0 -1
- data/app/assets/stylesheets/admin/spree_auth.css +0 -3
- data/app/assets/stylesheets/store/spree_auth.css +0 -3
- data/app/controllers/spree/admin/admin_controller_decorator.rb +0 -7
- data/app/controllers/spree/admin/admin_users_controller_decorator.rb +0 -21
- data/app/controllers/spree/admin/users_controller.rb +0 -77
- data/app/controllers/spree/base_controller_decorator.rb +0 -18
- data/app/controllers/spree/orders_controller_decorator.rb +0 -15
- data/app/controllers/spree/user_sessions_controller.rb +0 -54
- data/app/helpers/spree/users_helper.rb +0 -15
- data/app/models/spree/current_order_decorator.rb +0 -12
- data/app/overrides/admin_tab.rb +0 -6
- data/app/overrides/auth_admin_login_navigation_bar.rb +0 -5
- data/app/overrides/auth_user_login_form.rb +0 -6
- data/app/views/spree/admin/users/_form.html.erb +0 -37
- data/app/views/spree/admin/users/edit.html.erb +0 -28
- data/app/views/spree/admin/users/index.html.erb +0 -53
- data/app/views/spree/admin/users/new.html.erb +0 -23
- data/app/views/spree/admin/users/show.html.erb +0 -21
- data/app/views/spree/layouts/admin/_login_nav.html.erb +0 -8
- data/app/views/spree/shared/_login.html.erb +0 -20
- data/app/views/spree/shared/_login_bar.html.erb +0 -6
- data/app/views/spree/shared/_user_form.html.erb +0 -17
- data/app/views/spree/user_mailer/reset_password_instructions.text.erb +0 -10
- data/app/views/spree/user_passwords/edit.html.erb +0 -15
- data/app/views/spree/user_passwords/new.html.erb +0 -15
- data/app/views/spree/user_registrations/new.html.erb +0 -22
- data/app/views/spree/user_sessions/authorization_failure.html.erb +0 -4
- data/app/views/spree/user_sessions/new.html.erb +0 -13
- data/app/views/spree/users/edit.html.erb +0 -11
- data/app/views/spree/users/show.html.erb +0 -43
- data/config/initializers/spree.rb +0 -1
@@ -0,0 +1,13 @@
|
|
1
|
+
RSpec.describe Spree::UserRegistrationsController, type: :controller do
|
2
|
+
|
3
|
+
before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
|
4
|
+
|
5
|
+
context '#create' do
|
6
|
+
before { allow(controller).to receive(:after_sign_up_path_for).and_return(spree.root_path(thing: 7)) }
|
7
|
+
|
8
|
+
it 'redirects to after_sign_up_path_for' do
|
9
|
+
spree_post :create, { spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' } }
|
10
|
+
expect(response).to redirect_to spree.root_path(thing: 7)
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
RSpec.describe Spree::UserSessionsController, type: :controller do
|
2
|
+
|
3
|
+
let(:user) { create(:user) }
|
4
|
+
|
5
|
+
before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
|
6
|
+
|
7
|
+
context "#create" do
|
8
|
+
context "using correct login information" do
|
9
|
+
it 'properly assigns orders user from guest_token' do
|
10
|
+
order1 = create(:order, email: user.email, guest_token: 'ABC', user_id: nil, created_by_id: nil)
|
11
|
+
order2 = create(:order, guest_token: 'ABC', user_id: 200)
|
12
|
+
request.cookie_jar.signed[:guest_token] = 'ABC'
|
13
|
+
spree_post :create, spree_user: { email: user.email, password: 'secret' }
|
14
|
+
|
15
|
+
expect(order1.reload.user_id).to eq user.id
|
16
|
+
expect(order1.reload.created_by_id).to eq user.id
|
17
|
+
expect(order2.reload.user_id).to eq 200
|
18
|
+
end
|
19
|
+
|
20
|
+
context "and html format is used" do
|
21
|
+
it "redirects to default after signing in" do
|
22
|
+
spree_post :create, spree_user: { email: user.email, password: 'secret' }
|
23
|
+
expect(response).to redirect_to spree.root_path
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
context "and js format is used" do
|
28
|
+
it "returns a json with ship and bill address" do
|
29
|
+
spree_post :create, spree_user: { email: user.email, password: 'secret' }, format: 'js'
|
30
|
+
parsed = ActiveSupport::JSON.decode(response.body)
|
31
|
+
expect(parsed).to have_key("user")
|
32
|
+
expect(parsed).to have_key("ship_address")
|
33
|
+
expect(parsed).to have_key("bill_address")
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
context "using incorrect login information" do
|
39
|
+
context "and html format is used" do
|
40
|
+
it "renders new template again with errors" do
|
41
|
+
spree_post :create, spree_user: { email: user.email, password: 'wrong' }
|
42
|
+
expect(response).to render_template('new')
|
43
|
+
expect(flash[:error]).to eq I18n.t(:'devise.failure.invalid')
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
context "and js format is used" do
|
48
|
+
it "returns a json with the error" do
|
49
|
+
spree_post :create, spree_user: { email: user.email, password: 'wrong' }, format: 'js'
|
50
|
+
parsed = ActiveSupport::JSON.decode(response.body)
|
51
|
+
expect(parsed).to have_key("error")
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
RSpec.describe Spree::UsersController, type: :controller do
|
2
|
+
|
3
|
+
let(:admin_user) { create(:user) }
|
4
|
+
let(:user) { create(:user) }
|
5
|
+
let(:role) { create(:role) }
|
6
|
+
|
7
|
+
before { allow(controller).to receive(:spree_current_user) { user } }
|
8
|
+
|
9
|
+
context '#load_object' do
|
10
|
+
it 'redirects to signup path if user is not found' do
|
11
|
+
allow(controller).to receive(:spree_current_user) { nil }
|
12
|
+
spree_put :update, { user: { email: 'foobar@example.com' } }
|
13
|
+
expect(response).to redirect_to spree.login_path
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
context '#create' do
|
18
|
+
it 'creates a new user' do
|
19
|
+
spree_post :create, { user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' } }
|
20
|
+
expect(assigns[:user].new_record?).to be false
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
context '#update' do
|
25
|
+
context 'when updating own account' do
|
26
|
+
it 'performs update' do
|
27
|
+
spree_put :update, { user: { email: 'mynew@email-address.com' } }
|
28
|
+
expect(assigns[:user].email).to eq 'mynew@email-address.com'
|
29
|
+
expect(response).to redirect_to spree.account_url(only_path: true)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'does not update roles' do
|
34
|
+
spree_put :update, user: { spree_role_ids: [role.id] }
|
35
|
+
expect(assigns[:user].spree_roles).to_not include role
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
RSpec.feature 'Accounts', type: :feature do
|
2
|
+
|
3
|
+
context 'editing' do
|
4
|
+
scenario 'can edit an admin user' do
|
5
|
+
user = create(:admin_user, email: 'admin@person.com', password: 'password', password_confirmation: 'password')
|
6
|
+
visit spree.login_path
|
7
|
+
|
8
|
+
fill_in 'Email', with: user.email
|
9
|
+
fill_in 'Password', with: user.password
|
10
|
+
click_button 'Login'
|
11
|
+
|
12
|
+
click_link 'My Account'
|
13
|
+
expect(page).to have_text 'admin@person.com'
|
14
|
+
end
|
15
|
+
|
16
|
+
scenario 'can edit a new user' do
|
17
|
+
Spree::Auth::Config.set(signout_after_password_change: false)
|
18
|
+
visit spree.signup_path
|
19
|
+
|
20
|
+
fill_in 'Email', with: 'email@person.com'
|
21
|
+
fill_in 'Password', with: 'password'
|
22
|
+
fill_in 'Password Confirmation', with: 'password'
|
23
|
+
click_button 'Create'
|
24
|
+
|
25
|
+
click_link 'My Account'
|
26
|
+
expect(page).to have_text 'email@person.com'
|
27
|
+
click_link 'Edit'
|
28
|
+
|
29
|
+
fill_in 'Password', with: 'foobar'
|
30
|
+
fill_in 'Password Confirmation', with: 'foobar'
|
31
|
+
click_button 'Update'
|
32
|
+
|
33
|
+
expect(page).to have_text 'email@person.com'
|
34
|
+
expect(page).to have_text 'Account updated'
|
35
|
+
end
|
36
|
+
|
37
|
+
scenario 'can edit an existing user account' do
|
38
|
+
Spree::Auth::Config.set(signout_after_password_change: false)
|
39
|
+
user = create(:user, email: 'email@person.com', password: 'secret', password_confirmation: 'secret')
|
40
|
+
visit spree.login_path
|
41
|
+
|
42
|
+
fill_in 'Email', with: user.email
|
43
|
+
fill_in 'Password', with: user.password
|
44
|
+
click_button 'Login'
|
45
|
+
|
46
|
+
click_link 'My Account'
|
47
|
+
expect(page).to have_text 'email@person.com'
|
48
|
+
click_link 'Edit'
|
49
|
+
|
50
|
+
fill_in 'Password', with: 'foobar'
|
51
|
+
fill_in 'Password Confirmation', with: 'foobar'
|
52
|
+
click_button 'Update'
|
53
|
+
|
54
|
+
expect(page).to have_text 'email@person.com'
|
55
|
+
expect(page).to have_text 'Account updated'
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
RSpec.feature 'Admin orders', type: :feature do
|
2
|
+
|
3
|
+
background do
|
4
|
+
sign_in_as! create(:admin_user)
|
5
|
+
end
|
6
|
+
|
7
|
+
# Regression #203
|
8
|
+
scenario 'can list orders' do
|
9
|
+
expect { visit spree.admin_orders_path }.not_to raise_error
|
10
|
+
end
|
11
|
+
|
12
|
+
# Regression #203
|
13
|
+
scenario 'can new orders' do
|
14
|
+
expect { visit spree.new_admin_order_path }.not_to raise_error
|
15
|
+
end
|
16
|
+
|
17
|
+
# Regression #203
|
18
|
+
scenario 'can not edit orders' do
|
19
|
+
expect { visit spree.edit_admin_order_path('nodata') }.to raise_error(ActiveRecord::RecordNotFound)
|
20
|
+
end
|
21
|
+
|
22
|
+
# Regression #203
|
23
|
+
scenario 'can edit orders' do
|
24
|
+
create(:order, number: 'R123')
|
25
|
+
visit spree.edit_admin_order_path('R123')
|
26
|
+
expect(page).not_to have_text 'Authorization Failure'
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
RSpec.feature 'Admin - Reset Password', type: :feature do
|
2
|
+
|
3
|
+
let!(:store) { create(:store) }
|
4
|
+
|
5
|
+
background do
|
6
|
+
ActionMailer::Base.default_url_options[:host] = 'http://example.com'
|
7
|
+
end
|
8
|
+
|
9
|
+
scenario 'allows a user to supply an email for the password reset' do
|
10
|
+
user = create(:user, email: 'foobar@example.com', password: 'secret', password_confirmation: 'secret')
|
11
|
+
visit spree.admin_login_path
|
12
|
+
click_link 'Forgot Password?'
|
13
|
+
fill_in 'Email', with: 'foobar@example.com'
|
14
|
+
click_button 'Reset my password'
|
15
|
+
expect(page).to have_text 'You will receive an email with instructions'
|
16
|
+
end
|
17
|
+
|
18
|
+
scenario 'shows errors if no email is supplied' do
|
19
|
+
visit spree.admin_login_path
|
20
|
+
click_link 'Forgot Password?'
|
21
|
+
click_button 'Reset my password'
|
22
|
+
expect(page).to have_text "Email can't be blank"
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
RSpec.feature 'Admin products', type: :feature do
|
2
|
+
|
3
|
+
context 'as anonymous user' do
|
4
|
+
# Regression test for #1250
|
5
|
+
scenario 'redirects to login page when attempting to access product listing' do
|
6
|
+
expect { visit spree.admin_products_path }.not_to raise_error
|
7
|
+
end
|
8
|
+
end
|
9
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
RSpec.feature 'Admin - Sign In', type: :feature do
|
2
|
+
|
3
|
+
background do
|
4
|
+
@user = create(:user, email: 'email@person.com')
|
5
|
+
visit spree.admin_login_path
|
6
|
+
end
|
7
|
+
|
8
|
+
scenario 'asks user to sign in' do
|
9
|
+
visit spree.admin_path
|
10
|
+
expect(page).not_to have_text 'Authorization Failure'
|
11
|
+
end
|
12
|
+
|
13
|
+
scenario 'lets a user sign in successfully' do
|
14
|
+
fill_in 'Email', with: @user.email
|
15
|
+
fill_in 'Password', with: 'secret'
|
16
|
+
click_button 'Login'
|
17
|
+
|
18
|
+
expect(page).to have_text 'Logged in successfully'
|
19
|
+
expect(page).not_to have_text 'Login'
|
20
|
+
expect(page).to have_text 'Logout'
|
21
|
+
expect(current_path).to eq '/'
|
22
|
+
end
|
23
|
+
|
24
|
+
scenario 'shows validation errors' do
|
25
|
+
fill_in 'Email', with: @user.email
|
26
|
+
fill_in 'Password', with: 'wrong_password'
|
27
|
+
click_button 'Login'
|
28
|
+
|
29
|
+
expect(page).to have_text 'Invalid email or password'
|
30
|
+
expect(page).to have_button 'Login'
|
31
|
+
end
|
32
|
+
|
33
|
+
scenario 'allows a user to access a restricted page after logging in' do
|
34
|
+
user = create(:admin_user, email: 'admin@person.com')
|
35
|
+
visit spree.admin_path
|
36
|
+
|
37
|
+
fill_in 'Email', with: user.email
|
38
|
+
fill_in 'Password', with: 'secret'
|
39
|
+
click_button 'Login'
|
40
|
+
within '.user-menu' do
|
41
|
+
expect(page).to have_text 'admin@person.com'
|
42
|
+
end
|
43
|
+
expect(current_path).to eq '/admin/orders'
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
RSpec.feature 'Admin - Sign Out', type: :feature do
|
2
|
+
|
3
|
+
given!(:user) do
|
4
|
+
create :user, email: 'email@person.com'
|
5
|
+
end
|
6
|
+
|
7
|
+
background do
|
8
|
+
visit spree.admin_login_path
|
9
|
+
fill_in 'Email', with: user.email
|
10
|
+
fill_in 'Password', with: 'secret'
|
11
|
+
# Regression test for #1257
|
12
|
+
check 'Remember me'
|
13
|
+
click_button 'Login'
|
14
|
+
end
|
15
|
+
|
16
|
+
scenario 'allows a signed in user to logout' do
|
17
|
+
click_link 'Logout'
|
18
|
+
visit spree.admin_login_path
|
19
|
+
expect(page).to have_button 'Login'
|
20
|
+
expect(page).not_to have_text 'Logout'
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
RSpec.feature 'Admin Permissions', type: :feature do
|
2
|
+
|
3
|
+
context 'orders' do
|
4
|
+
background do
|
5
|
+
user = create(:admin_user, email: 'admin@person.com', password: 'password', password_confirmation: 'password')
|
6
|
+
Spree::Ability.register_ability(AbilityDecorator)
|
7
|
+
visit spree.login_path
|
8
|
+
|
9
|
+
fill_in 'Email', with: user.email
|
10
|
+
fill_in 'Password', with: user.password
|
11
|
+
click_button 'Login'
|
12
|
+
end
|
13
|
+
|
14
|
+
context 'admin is restricted from accessing orders' do
|
15
|
+
scenario 'can not list orders' do
|
16
|
+
visit spree.admin_orders_path
|
17
|
+
expect(page).to have_text 'Authorization Failure'
|
18
|
+
end
|
19
|
+
|
20
|
+
scenario 'can not edit orders' do
|
21
|
+
create(:order, number: 'R123')
|
22
|
+
visit spree.edit_admin_order_path('R123')
|
23
|
+
expect(page).to have_text 'Authorization Failure'
|
24
|
+
end
|
25
|
+
|
26
|
+
scenario 'can not new orders' do
|
27
|
+
visit spree.new_admin_order_path
|
28
|
+
expect(page).to have_text 'Authorization Failure'
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
context "admin is restricted from accessing an order's customer details" do
|
33
|
+
given(:order) { create(:order_with_totals) }
|
34
|
+
|
35
|
+
scenario 'can not list customer details for an order' do
|
36
|
+
visit spree.admin_order_customer_path(order)
|
37
|
+
expect(page).to have_text 'Authorization Failure'
|
38
|
+
end
|
39
|
+
|
40
|
+
scenario "can not edit an order's customer details" do
|
41
|
+
visit spree.edit_admin_order_customer_path(order)
|
42
|
+
expect(page).to have_text 'Authorization Failure'
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
RSpec.feature 'Change email', type: :feature do
|
2
|
+
|
3
|
+
background do
|
4
|
+
user = create(:user)
|
5
|
+
visit spree.root_path
|
6
|
+
click_link 'Login'
|
7
|
+
|
8
|
+
fill_in 'spree_user[email]', with: user.email
|
9
|
+
fill_in 'spree_user[password]', with: 'secret'
|
10
|
+
click_button 'Login'
|
11
|
+
|
12
|
+
visit spree.edit_account_path
|
13
|
+
end
|
14
|
+
|
15
|
+
scenario 'work with correct password' do
|
16
|
+
fill_in 'user_email', with: 'tests@example.com'
|
17
|
+
fill_in 'user_password', with: 'password'
|
18
|
+
fill_in 'user_password_confirmation', with: 'password'
|
19
|
+
click_button 'Update'
|
20
|
+
|
21
|
+
expect(page).to have_text 'Account updated'
|
22
|
+
expect(page).to have_text 'tests@example.com'
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,160 @@
|
|
1
|
+
RSpec.feature 'Checkout', :js, type: :feature do
|
2
|
+
given!(:store) { create(:store) }
|
3
|
+
given!(:country) { create(:country, name: 'United States', states_required: true) }
|
4
|
+
given!(:state) { create(:state, name: 'Maryland', country: country) }
|
5
|
+
given!(:shipping_method) do
|
6
|
+
shipping_method = create(:shipping_method)
|
7
|
+
calculator = Spree::Calculator::Shipping::PerItem.create!(calculable: shipping_method, preferred_amount: 10)
|
8
|
+
shipping_method.calculator = calculator
|
9
|
+
shipping_method.tap(&:save)
|
10
|
+
end
|
11
|
+
|
12
|
+
given!(:zone) { create(:zone) }
|
13
|
+
given!(:address) { create(:address, state: state, country: country) }
|
14
|
+
|
15
|
+
background do
|
16
|
+
@product = create(:product, name: 'RoR Mug')
|
17
|
+
@product.master.stock_items.first.update_column(:count_on_hand, 1)
|
18
|
+
|
19
|
+
# Bypass gateway error on checkout | ..or stub a gateway
|
20
|
+
Spree::Config[:allow_checkout_on_gateway_error] = true
|
21
|
+
|
22
|
+
visit spree.root_path
|
23
|
+
end
|
24
|
+
|
25
|
+
context 'without payment being required' do
|
26
|
+
background do
|
27
|
+
# So that we don't have to setup payment methods just for the sake of it
|
28
|
+
allow_any_instance_of(Spree::Order).to receive(:has_available_payment).and_return(true)
|
29
|
+
allow_any_instance_of(Spree::Order).to receive(:payment_required?).and_return(false)
|
30
|
+
end
|
31
|
+
|
32
|
+
scenario 'allow a visitor to checkout as guest, without registration' do
|
33
|
+
Spree::Auth::Config.set(registration_step: true)
|
34
|
+
click_link 'RoR Mug'
|
35
|
+
click_button 'Add To Cart'
|
36
|
+
within('h1') { expect(page).to have_text 'Shopping Cart' }
|
37
|
+
click_button 'Checkout'
|
38
|
+
|
39
|
+
expect(page).to have_content(/Checkout as a Guest/i)
|
40
|
+
|
41
|
+
within('#guest_checkout') { fill_in 'Email', with: 'spree@test.com' }
|
42
|
+
click_button 'Continue'
|
43
|
+
|
44
|
+
expect(page).to have_text(/Billing Address/i)
|
45
|
+
expect(page).to have_text(/Shipping Address/i)
|
46
|
+
|
47
|
+
str_addr = 'bill_address'
|
48
|
+
select 'United States', from: "order_#{str_addr}_attributes_country_id"
|
49
|
+
%w(firstname lastname address1 city zipcode phone).each do |field|
|
50
|
+
fill_in "order_#{str_addr}_attributes_#{field}", with: "#{address.send(field)}"
|
51
|
+
end
|
52
|
+
select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
|
53
|
+
check 'order_use_billing'
|
54
|
+
|
55
|
+
click_button 'Save and Continue'
|
56
|
+
click_button 'Save and Continue'
|
57
|
+
|
58
|
+
expect(page).to have_text 'Your order has been processed successfully'
|
59
|
+
end
|
60
|
+
|
61
|
+
scenario 'associate an uncompleted guest order with user after logging in' do
|
62
|
+
user = create(:user, email: 'email@person.com', password: 'password', password_confirmation: 'password')
|
63
|
+
click_link 'RoR Mug'
|
64
|
+
click_button 'Add To Cart'
|
65
|
+
|
66
|
+
visit spree.login_path
|
67
|
+
fill_in 'Email', with: user.email
|
68
|
+
fill_in 'Password', with: user.password
|
69
|
+
click_button 'Login'
|
70
|
+
click_link 'Cart'
|
71
|
+
|
72
|
+
expect(page).to have_text 'RoR Mug'
|
73
|
+
within('h1') { expect(page).to have_text 'Shopping Cart' }
|
74
|
+
|
75
|
+
click_button 'Checkout'
|
76
|
+
|
77
|
+
str_addr = 'bill_address'
|
78
|
+
select 'United States', from: "order_#{str_addr}_attributes_country_id"
|
79
|
+
%w(firstname lastname address1 city zipcode phone).each do |field|
|
80
|
+
fill_in "order_#{str_addr}_attributes_#{field}", with: "#{address.send(field)}"
|
81
|
+
end
|
82
|
+
select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
|
83
|
+
check 'order_use_billing'
|
84
|
+
|
85
|
+
click_button 'Save and Continue'
|
86
|
+
click_button 'Save and Continue'
|
87
|
+
|
88
|
+
expect(page).to have_text 'Your order has been processed successfully'
|
89
|
+
expect(Spree::Order.first.user).to eq user
|
90
|
+
end
|
91
|
+
|
92
|
+
# Regression test for #890
|
93
|
+
scenario 'associate an incomplete guest order with user after successful password reset' do
|
94
|
+
create(:store)
|
95
|
+
user = create(:user, email: 'email@person.com', password: 'password', password_confirmation: 'password')
|
96
|
+
click_link 'RoR Mug'
|
97
|
+
click_button 'Add To Cart'
|
98
|
+
|
99
|
+
visit spree.login_path
|
100
|
+
click_link 'Forgot Password?'
|
101
|
+
fill_in 'spree_user_email', with: 'email@person.com'
|
102
|
+
click_button 'Reset my password'
|
103
|
+
|
104
|
+
# Need to do this now because the token stored in the DB is the encrypted version
|
105
|
+
# The 'plain-text' version is sent in the email and there's one way to get that!
|
106
|
+
reset_password_email = ActionMailer::Base.deliveries.first
|
107
|
+
token_url_regex = /^http:\/\/www.example.com\/user\/spree_user\/password\/edit\?reset_password_token=(.*)$/
|
108
|
+
token = token_url_regex.match(reset_password_email.body.to_s)[1]
|
109
|
+
|
110
|
+
visit spree.edit_spree_user_password_path(reset_password_token: token)
|
111
|
+
fill_in 'Password', with: 'password'
|
112
|
+
fill_in 'Password Confirmation', with: 'password'
|
113
|
+
click_button 'Update'
|
114
|
+
|
115
|
+
click_link 'Cart'
|
116
|
+
click_button 'Checkout'
|
117
|
+
|
118
|
+
str_addr = 'bill_address'
|
119
|
+
select 'United States', from: "order_#{str_addr}_attributes_country_id"
|
120
|
+
%w(firstname lastname address1 city zipcode phone).each do |field|
|
121
|
+
fill_in "order_#{str_addr}_attributes_#{field}", with: "#{address.send(field)}"
|
122
|
+
end
|
123
|
+
select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
|
124
|
+
check 'order_use_billing'
|
125
|
+
|
126
|
+
click_button 'Save and Continue'
|
127
|
+
|
128
|
+
expect(page).not_to have_text 'Email is invalid'
|
129
|
+
end
|
130
|
+
|
131
|
+
scenario 'allow a user to register during checkout' do
|
132
|
+
click_link 'RoR Mug'
|
133
|
+
click_button 'Add To Cart'
|
134
|
+
click_button 'Checkout'
|
135
|
+
|
136
|
+
expect(page).to have_text 'Registration'
|
137
|
+
|
138
|
+
fill_in 'Email', with: 'email@person.com'
|
139
|
+
fill_in 'Password', with: 'spree123'
|
140
|
+
fill_in 'Password Confirmation', with: 'spree123'
|
141
|
+
click_button 'Create'
|
142
|
+
|
143
|
+
expect(page).to have_text 'You have signed up successfully.'
|
144
|
+
|
145
|
+
str_addr = 'bill_address'
|
146
|
+
select 'United States', from: "order_#{str_addr}_attributes_country_id"
|
147
|
+
%w(firstname lastname address1 city zipcode phone).each do |field|
|
148
|
+
fill_in "order_#{str_addr}_attributes_#{field}", with: "#{address.send(field)}"
|
149
|
+
end
|
150
|
+
select "#{address.state.name}", from: "order_#{str_addr}_attributes_state_id"
|
151
|
+
check 'order_use_billing'
|
152
|
+
|
153
|
+
click_button 'Save and Continue'
|
154
|
+
click_button 'Save and Continue'
|
155
|
+
|
156
|
+
expect(page).to have_text 'Your order has been processed successfully'
|
157
|
+
expect(Spree::Order.first.user).to eq Spree::User.find_by_email('email@person.com')
|
158
|
+
end
|
159
|
+
end
|
160
|
+
end
|