spree_auth_devise 4.0.0.rc2 → 4.1.1

data/spec/features/checkout_spec.rb

@@ -1,5 +1,4 @@
 RSpec.feature 'Checkout', :js, type: :feature do
-  given!(:store) { create(:store) }
   given!(:country) { create(:country, name: 'United States', states_required: true) }
   given!(:state)   { create(:state, name: 'Maryland', country: country) }
   given!(:shipping_method) do
@@ -9,12 +8,13 @@ RSpec.feature 'Checkout', :js, type: :feature do
     shipping_method.tap(&:save)
   end
 
+  given!(:user) { create(:user, email: 'email@person.com', password: 'password', password_confirmation: 'password') }
   given!(:zone)    { create(:zone) }
   given!(:address) { create(:address, state: state, country: country) }
+  given!(:mug) { create(:product, name: 'RoR Mug') }
 
   background do
-    @product = create(:product, name: 'RoR Mug')
-    @product.master.stock_items.first.update_column(:count_on_hand, 1)
+    mug.master.stock_items.first.update_column(:count_on_hand, 1)
 
     # Bypass gateway error on checkout | ..or stub a gateway
     Spree::Config[:allow_checkout_on_gateway_error] = true
@@ -31,71 +31,56 @@ RSpec.feature 'Checkout', :js, type: :feature do
 
     scenario 'allow a visitor to checkout as guest, without registration' do
       Spree::Auth::Config.set(registration_step: true)
-      add_to_cart 'RoR Mug'
-      click_button 'Checkout'
+      add_to_cart(mug)
+      click_link 'checkout'
 
-      expect(page).to have_content(/Checkout as a Guest/i)
+      expect(page).to have_selector(:button, 'Continue as a guest')
 
-      within('#guest_checkout') { fill_in 'Email', with: 'spree@test.com' }
+      within('#checkout_form_registration') { fill_in 'Email', with: 'spree@test.com' }
       click_button 'Continue'
 
       expect(page).to have_text(/Billing Address/i)
       expect(page).to have_text(/Shipping Address/i)
 
-      str_addr = 'bill_address'
-      select 'United States', from: "order_#{str_addr}_attributes_country_id"
-      %w(firstname lastname address1 city zipcode phone).each do |field|
-        fill_in "order_#{str_addr}_attributes_#{field}", with: address.send(field).to_s
-      end
-      select address.state.name.to_s, from: "order_#{str_addr}_attributes_state_id"
-      check 'order_use_billing'
-
+      fill_in_address
       click_button 'Save and Continue'
       click_button 'Save and Continue'
 
-      expect(page).to have_text 'Your order has been processed successfully'
+      expect(page).to have_text 'Order placed successfully'
     end
 
     scenario 'associate an uncompleted guest order with user after logging in' do
-      user = create(:user, email: 'email@person.com', password: 'password', password_confirmation: 'password')
-      add_to_cart 'RoR Mug'
+      add_to_cart(mug)
 
       visit spree.login_path
       fill_in 'Email', with: user.email
       fill_in 'Password', with: user.password
-      click_button 'Login'
-      expect(page).to have_text('Cart')
-      click_link 'Cart'
+      click_button 'Log in'
+      expect(page).to have_text('Logged in successfully')
+      find('a.cart-icon').click
 
       expect(page).to have_text 'RoR Mug'
-      within('h1') { expect(page).to have_text 'Shopping Cart' }
-
-      click_button 'Checkout'
+      within('h1') { expect(page).to have_text 'YOUR SHOPPING BAG' }
 
-      str_addr = 'bill_address'
-      select 'United States', from: "order_#{str_addr}_attributes_country_id"
-      %w(firstname lastname address1 city zipcode phone).each do |field|
-        fill_in "order_#{str_addr}_attributes_#{field}", with: address.send(field).to_s
-      end
-      select address.state.name.to_s, from: "order_#{str_addr}_attributes_state_id"
-      check 'order_use_billing'
+      click_link 'checkout'
 
+      fill_in_address
       click_button 'Save and Continue'
       click_button 'Save and Continue'
 
-      expect(page).to have_text 'Your order has been processed successfully'
+      expect(page).to have_text 'Order placed successfully'
       expect(Spree::Order.first.user).to eq user
     end
 
     # Regression test for #890
     scenario 'associate an incomplete guest order with user after successful password reset' do
-      create(:store)
-      user = create(:user, email: 'email@person.com', password: 'password', password_confirmation: 'password')
-      add_to_cart 'RoR Mug'
+      add_to_cart(mug)
 
       visit spree.login_path
-      click_link 'Forgot Password?'
-      fill_in 'spree_user_email', with: 'email@person.com'
+      click_link 'Forgot password?'
+      fill_in('Email', with: 'email@person.com')
+      find('#spree_user_email').set('email@person.com')
+
       click_button 'Reset my password'
 
       # Need to do this now because the token stored in the DB is the encrypted version
@@ -109,49 +94,39 @@ RSpec.feature 'Checkout', :js, type: :feature do
       fill_in 'Password Confirmation', with: 'password'
       click_button 'Update'
 
-      expect(page).to have_text('Cart')
-      click_link 'Cart'
+      expect(page).to have_text('Your password was changed successfully')
+      find('a.cart-icon').click
       expect(page).to have_text('RoR Mug')
-      click_button 'Checkout'
-
-      str_addr = 'bill_address'
-      select 'United States', from: "order_#{str_addr}_attributes_country_id"
-      %w(firstname lastname address1 city zipcode phone).each do |field|
-        fill_in "order_#{str_addr}_attributes_#{field}", with: address.send(field).to_s
-      end
-      select address.state.name.to_s, from: "order_#{str_addr}_attributes_state_id"
-      check 'order_use_billing'
+      click_link 'checkout'
 
+      fill_in_address
       click_button 'Save and Continue'
 
       expect(page).not_to have_text 'Email is invalid'
     end
 
     scenario 'allow a user to register during checkout' do
-      add_to_cart 'RoR Mug'
-      click_button 'Checkout'
+      add_to_cart(mug)
+      click_link 'checkout'
 
-      expect(page).to have_text 'Registration'
+      expect(page).to have_selector(:link, 'Sign Up')
 
-      fill_in 'Email', with: 'email@person.com', match: :first
+      click_link 'Sign Up'
+
+      fill_in 'Email', with: 'test@person.com'
       fill_in 'Password', with: 'spree123'
       fill_in 'Password Confirmation', with: 'spree123'
-      click_button 'Create'
-      expect(page).to have_text 'You have signed up successfully.'
 
-      str_addr = 'bill_address'
-      select 'United States', from: "order_#{str_addr}_attributes_country_id"
-      %w(firstname lastname address1 city zipcode phone).each do |field|
-        fill_in "order_#{str_addr}_attributes_#{field}", with: address.send(field).to_s
-      end
-      select address.state.name.to_s, from: "order_#{str_addr}_attributes_state_id"
-      check 'order_use_billing'
+      click_button 'Sign Up'
+
+      expect(page).to have_text 'You have signed up successfully.'
 
+      fill_in_address
       click_button 'Save and Continue'
       click_button 'Save and Continue'
 
-      expect(page).to have_text 'Your order has been processed successfully'
-      expect(Spree::Order.first.user).to eq Spree::User.find_by_email('email@person.com')
+      expect(page).to have_text 'Order placed successfully'
+      expect(Spree::Order.first.user).to eq Spree.user_class.find_by_email('test@person.com')
     end
   end
 end

data/spec/features/confirmation_spec.rb

@@ -8,8 +8,6 @@ RSpec.feature 'Confirmation', type: :feature, reload_user: true do
 
   after(:each) { set_confirmable_option(false) }
 
-  let!(:store) { create(:store) }
-
   background do
     ActionMailer::Base.default_url_options[:host] = 'http://example.com'
   end
@@ -20,9 +18,9 @@ RSpec.feature 'Confirmation', type: :feature, reload_user: true do
     fill_in 'Email', with: 'email@person.com'
     fill_in 'Password', with: 'password'
     fill_in 'Password Confirmation', with: 'password'
-    click_button 'Create'
+    click_button 'Sign Up'
 
-    expect(page).to have_text 'You have signed up successfully.'
-    expect(Spree::User.last.confirmed?).to be(false)
+    expect(page).to have_text I18n.t('devise.user_registrations.signed_up_but_unconfirmed')
+    expect(Spree.user_class.last.confirmed?).to be(false)
   end
 end

data/spec/features/order_spec.rb

@@ -6,46 +6,40 @@ RSpec.feature 'Orders', :js, type: :feature do
 
   # regression test for spree/spree#1687
   scenario 'merge incomplete orders from different sessions' do
-    skip %{
-      TODO: has been broken for ~2 months as of:
-      https://github.com/spree/spree_auth_devise/commit/3157b47b22c559817d34ec34024587d8aa6136dc
-      I dont think we can decode these sessions anymore since Rails 4 switched to encrypted cookies I believe devise stores session encrypted.
-    }
-    create(:product, name: 'RoR Mug')
-    create(:product, name: 'RoR Shirt')
+    ror_mug = create(:product, name: 'RoR Mug')
+    ror_shirt = create(:product, name: 'RoR Shirt')
 
     user = create(:user, email: 'email@person.com', password: 'password', password_confirmation: 'password')
 
     using_session('first') do
-      add_to_cart 'RoR Mug'
+      add_to_cart ror_mug
 
       visit spree.login_path
       fill_in 'Email', with: user.email
       fill_in 'Password', with: user.password
-      click_button 'Login'
+      click_button 'Log in'
 
-      click_link 'Cart'
+      visit spree.cart_path
       expect(page).to have_text 'RoR Mug'
     end
 
     using_session('second') do
-      add_to_cart 'RoR Shirt'
+      add_to_cart ror_shirt
 
       visit spree.login_path
       fill_in 'Email', with: user.email
       fill_in 'Password', with: user.password
-      click_button 'Login'
+      click_button 'Log in'
 
       # Order should have been merged with first session
-      click_link 'Cart'
+      visit spree.cart_path
       expect(page).to have_text 'RoR Mug'
       expect(page).to have_text 'RoR Shirt'
     end
 
     using_session('first') do
       visit spree.root_path
-
-      click_link 'Cart'
+      visit spree.cart_path
 
       # Order should have been merged with second session
       expect(page).to have_text 'RoR Mug'

data/spec/features/password_reset_spec.rb

@@ -1,6 +1,4 @@
 RSpec.feature 'Reset Password', type: :feature do
-  let!(:store) { create(:store) }
-
   background do
     ActionMailer::Base.default_url_options[:host] = 'http://example.com'
   end
@@ -8,7 +6,7 @@ RSpec.feature 'Reset Password', type: :feature do
   scenario 'allow a user to supply an email for the password reset' do
     user = create(:user, email: 'foobar@example.com', password: 'secret', password_confirmation: 'secret')
     visit spree.login_path
-    click_link 'Forgot Password?'
+    click_link 'Forgot password?'
     fill_in 'Email', with: 'foobar@example.com'
     click_button 'Reset my password'
     expect(page).to have_text 'You will receive an email with instructions'
@@ -16,7 +14,7 @@ RSpec.feature 'Reset Password', type: :feature do
 
   scenario 'shows errors if no email is supplied' do
     visit spree.login_path
-    click_link 'Forgot Password?'
+    click_link 'Forgot password?'
     click_button 'Reset my password'
     expect(page).to have_text "Email can't be blank"
   end

data/spec/features/sign_in_spec.rb

@@ -10,23 +10,21 @@ RSpec.feature 'Sign In', type: :feature do
   end
 
   scenario 'let a user sign in successfully', js: true do
-    fill_in 'Email', with: @user.email
-    fill_in 'Password', with: @user.password
-    click_button 'Login'
+    log_in(email: @user.email, password: @user.password)
+    show_user_menu
 
-    expect(page).to have_text 'Logged in successfully'
     expect(page).not_to have_text 'Login'
-    expect(page).to have_text 'Logout'
-    expect(current_path).to eq '/'
+    expect(page).to have_text 'LOG OUT'
+    expect(current_path).to eq '/account'
   end
 
   scenario 'show validation erros' do
     fill_in 'Email', with: @user.email
     fill_in 'Password', with: 'wrong_password'
-    click_button 'Login'
+    click_button 'Log in'
 
     expect(page).to have_text 'Invalid email or password'
-    expect(page).to have_text 'Login'
+    expect(page).to have_text 'Log in'
   end
 
   scenario 'allow a user to access a restricted page after logging in' do
@@ -35,7 +33,7 @@ RSpec.feature 'Sign In', type: :feature do
 
     fill_in 'Email', with: user.email
     fill_in 'Password', with: user.password
-    click_button 'Login'
+    click_button 'Log in'
 
     within '.user-menu' do
       expect(page).to have_text 'admin@person.com'

data/spec/features/sign_out_spec.rb

@@ -7,44 +7,37 @@ RSpec.feature 'Sign Out', type: :feature, js: true do
   end
 
   background do
-    visit spree.login_path
-    fill_in 'Email', with: user.email
-    fill_in 'Password', with: user.password
-    # Regression test for #1257
-    check 'Remember me'
-    click_button 'Login'
+    log_in(email: user.email, password: user.password)
   end
 
   scenario 'allow a signed in user to logout' do
-    click_link 'Logout'
+    log_out
+
     visit spree.root_path
-    expect(page).to have_text 'Login'
-    expect(page).not_to have_text 'Logout'
+    show_user_menu
+
+    expect(page).to have_link 'LOG IN'
+    expect(page).not_to have_link 'LOG OUT'
   end
 
   describe 'before_logout' do
-    before do
-      create(:product, name: 'RoR Mug')
-      create(:product, name: 'RoR Shirt')
-    end
-
+    let!(:mug)        { create(:product_in_stock, name: 'RoR Mug') }
+    let!(:shirt)      { create(:product, name: 'RoR Shirt') }
     let!(:other_user) { create(:user) }
 
     it 'clears token cookies' do
-      add_to_cart 'RoR Mug'
-      expect(page).to have_text 'RoR Mug'
+      add_to_cart(mug) do
+        find('.close').click
+      end
 
-      click_link 'Logout'
+      log_out
 
-      click_link 'Cart'
+      find('#link-to-cart').click
       expect(page).to have_text Spree.t(:your_cart_is_empty)
 
-      visit spree.login_path
-      fill_in 'Email', with: other_user.email
-      fill_in 'Password', with: other_user.password
-      click_button 'Login'
+      log_in(email: other_user.email, password: user.password)
+      find('#link-to-cart').click
 
-      click_link 'Cart'
       expect(page).to have_text Spree.t(:your_cart_is_empty)
     end
   end

data/spec/features/sign_up_spec.rb

@@ -6,10 +6,11 @@ RSpec.feature 'Sign Up', type: :feature do
       fill_in 'Email', with: 'email@person.com'
       fill_in 'Password', with: 'password'
       fill_in 'Password Confirmation', with: 'password'
-      click_button 'Create'
+
+      click_button 'Sign Up'
 
       expect(page).to have_text 'You have signed up successfully.'
-      expect(Spree::User.count).to eq(1)
+      expect(Spree.user_class.count).to eq(1)
     end
   end
 
@@ -20,10 +21,11 @@ RSpec.feature 'Sign Up', type: :feature do
       fill_in 'Email', with: 'email@person.com'
       fill_in 'Password', with: 'password'
       fill_in 'Password Confirmation', with: ''
-      click_button 'Create'
+
+      click_button 'Sign Up'
 
       expect(page).to have_css '#errorExplanation'
-      expect(Spree::User.count).to eq(0)
+      expect(Spree.user_class.count).to eq(0)
     end
   end
 end

data/spec/mailers/user_mailer_spec.rb

@@ -1,6 +1,6 @@
 RSpec.describe Spree::UserMailer, type: :mailer do
-  let!(:store) { create(:store) }
   let(:user) { create(:user) }
+  let(:store) { Spree::Store.default }
 
   describe '#reset_password_instructions' do
     describe 'message contents' do

data/spec/models/user_spec.rb

@@ -31,9 +31,9 @@ RSpec.describe Spree::User, type: :model do
       order.save
       user = order.user
       user.destroy
-      expect(Spree::User.find_by_id(user.id)).to be_nil
-      expect(Spree::User.with_deleted.find_by_id(user.id).id).to eq(user.id)
-      expect(Spree::User.with_deleted.find_by_id(user.id).orders.first).to eq(order)
+      expect(Spree.user_class.find_by_id(user.id)).to be_nil
+      expect(Spree.user_class.with_deleted.find_by_id(user.id).id).to eq(user.id)
+      expect(Spree.user_class.with_deleted.find_by_id(user.id).orders.first).to eq(order)
 
       expect(Spree::Order.find_by_user_id(user.id)).not_to be_nil
       expect(Spree::Order.where(user_id: user.id).first).to eq(order)
@@ -67,13 +67,13 @@ RSpec.describe Spree::User, type: :model do
     it "is confirmable if the confirmable option is enabled" do
       set_confirmable_option(true)
       Spree::UserMailer.stub(:confirmation_instructions).and_return(double(deliver: true))
-      expect(Spree::User.devise_modules).to include(:confirmable)
+      expect(Spree.user_class.devise_modules).to include(:confirmable)
       set_confirmable_option(false)
     end
 
     it "is not confirmable if the confirmable option is disabled" do
       set_confirmable_option(false)
-      expect(Spree::User.devise_modules).to_not include(:confirmable)
+      expect(Spree.user_class.devise_modules).to_not include(:confirmable)
     end
   end
 end

data/spec/requests/spree/frontend/user_update_spec.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+RSpec.feature 'User update', type: :request do
+  context 'CSRF protection' do
+    %i[exception reset_session null_session].each do |strategy|
+      # Completely clean the configuration of forgery protection for the
+      # controller and reset it after the expectations. However, besides `:with`,
+      # the options given to `protect_from_forgery` are processed on the fly.
+      # I.e., there's no way to retain them. The initial setup corresponds to the
+      # dummy application, which uses the default Rails skeleton in that regard.
+      # So, if at some point Rails changed the given options, we should update it
+      # here.
+      around do |example|
+        controller = Spree::UsersController
+        old_allow_forgery_protection_value = controller.allow_forgery_protection
+        old_forgery_protection_strategy = controller.forgery_protection_strategy
+        controller.skip_forgery_protection
+        controller.allow_forgery_protection = true
+        controller.protect_from_forgery with: strategy
+
+        example.run
+
+        controller.allow_forgery_protection = old_allow_forgery_protection_value
+        controller.forgery_protection_strategy = old_forgery_protection_strategy
+      end
+
+      it "is not possible to take account over with the #{strategy} forgery protection strategy" do
+        user = create(:user, email: 'legit@mail.com', password: 'password')
+
+        post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
+        begin
+          put '/users/123456', params: 'user[email]=hacked@example.com'
+        rescue
+          # testing that the account is not compromised regardless of any raised
+          # exception
+        end
+
+        expect(user.reload.email).to eq('legit@mail.com')
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -8,6 +8,16 @@ require File.expand_path('../dummy/config/environment', __FILE__)
 require 'rspec/rails'
 require 'shoulda-matchers'
 require 'ffaker'
+require 'pry'
+
+require 'spree/testing_support/auth_helpers'
+require 'spree/testing_support/checkout_helpers'
+
+require 'spree/testing_support/authorization_helpers'
+require 'spree/testing_support/capybara_ext'
+require 'spree/testing_support/controller_requests'
+require 'spree/testing_support/factories'
+require 'spree/testing_support/url_helpers'
 
 RSpec.configure do |config|
   config.filter_run focus: true
@@ -27,7 +37,13 @@ RSpec.configure do |config|
     allow(RSpec::Rails::ViewRendering::EmptyTemplateHandler)
       .to receive(:call)
       .and_return(%("")) if Rails.gem_version >= Gem::Version.new('6.0.0.beta1')
+
+    create(:store)
   end
+
+  config.include Spree::TestingSupport::AuthHelpers, type: :feature
+  config.include Spree::TestingSupport::CheckoutHelpers, type: :feature
+  config.include Spree::TestingSupport::UrlHelpers
 end
 
 Dir[File.join(File.dirname(__FILE__), 'support/**/*.rb')].each { |f| require f }

data/spec/support/add_to_cart.rb

@@ -1,6 +1,6 @@
-def add_to_cart(product_name)
-  visit spree.root_path
-  click_link product_name
+def add_to_cart(product)
+  visit spree.product_path(product)
+
   if Spree.version.to_f > 3.6
     expect(page).to have_selector('form#add-to-cart-form')
     expect(page).to have_selector('button#add-to-cart-button')
@@ -10,6 +10,13 @@ def add_to_cart(product_name)
   end
   click_button 'Add To Cart'
   wait_for_condition do
-    expect(page).to have_content(Spree.t(:shopping_cart))
+    expect(page).to have_content(Spree.t(:added_to_cart))
+  end
+
+  if block_given?
+    yield
+  else
+    click_link 'View cart'
+    expect(page).to have_content 'YOUR SHOPPING BAG'
   end
 end

data/spec/support/authentication_helpers.rb

@@ -3,7 +3,7 @@ module AuthenticationHelpers
     visit '/login'
     fill_in 'Email', with: user.email
     fill_in 'Password', with: 'secret'
-    click_button 'Login'
+    click_button 'Log in'
   end
 end
 

data/spec/support/capybara.rb

@@ -1,16 +1,23 @@
 require 'capybara/rspec'
-require 'capybara/rails'
+require 'capybara-screenshot'
 require 'capybara-screenshot/rspec'
-require 'selenium-webdriver'
-
-RSpec.configure do |_config|
-  Capybara.save_and_open_page_path = ENV['CIRCLE_ARTIFACTS'] if ENV['CIRCLE_ARTIFACTS']
+require 'capybara/rails'
+require 'selenium/webdriver'
 
+RSpec.configure do
   Capybara.register_driver :chrome do |app|
+    Selenium::WebDriver.logger.level = :error
+
     Capybara::Selenium::Driver.new app,
       browser: :chrome,
-      options: Selenium::WebDriver::Chrome::Options.new(args: %w[disable-popup-blocking headless disable-gpu window-size=1920,1080])
+      options: Selenium::WebDriver::Chrome::Options.new(
+        args: %w[headless disable-gpu window-size=1920,1080 --enable-features=NetworkService,NetworkServiceInProcess --disable-features=VizDisplayCompositor],
+        log_level: :error
+      )
   end
-
   Capybara.javascript_driver = :chrome
-end
+
+  Capybara::Screenshot.register_driver(:chrome) do |driver, path|
+    driver.browser.save_screenshot(path)
+  end
+end

data/spree_auth_devise.gemspec

@@ -3,11 +3,11 @@
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = 'spree_auth_devise'
-  s.version     = '4.0.0.rc2'
+  s.version     = '4.1.1'
   s.summary     = 'Provides authentication and authorization services for use with Spree by using Devise and CanCan.'
   s.description = s.summary
 
-  s.required_ruby_version = '>= 2.2.7'
+  s.required_ruby_version = '>= 2.5.0'
 
   s.author      = 'Sean Schofield'
   s.email       = 'sean@spreecommerce.com'
@@ -19,18 +19,19 @@ Gem::Specification.new do |s|
   s.require_path = 'lib'
   s.requirements << 'none'
 
+  s.add_dependency 'deface', '~> 1.0'
+
   s.add_dependency 'devise', '~> 4.7'
   s.add_dependency 'devise-encryptable', '0.2.0'
 
-  spree_version = '>= 3.1.0', '< 5.0'
+  spree_version = '>= 4.1.0.alpha', '< 4.2'
   s.add_dependency 'spree_core', spree_version
   s.add_dependency 'spree_extension'
-  s.add_dependency 'deface', '~> 1.0'
 
-  s.add_development_dependency 'capybara', '~> 2.7'
+  s.add_development_dependency 'appraisal'
+  s.add_development_dependency 'capybara'
   s.add_development_dependency 'capybara-screenshot'
   s.add_development_dependency 'coffee-rails', '~> 4.2'
-  s.add_development_dependency 'sass-rails'
   s.add_development_dependency 'database_cleaner', '~> 1.5'
   s.add_development_dependency 'email_spec', '~> 2.1'
   s.add_development_dependency 'factory_bot', '~> 4.7'
@@ -38,13 +39,16 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'launchy'
   s.add_development_dependency 'mysql2'
   s.add_development_dependency 'pg'
-  s.add_development_dependency 'selenium-webdriver'
   s.add_development_dependency 'pry'
-  s.add_development_dependency 'rspec-rails', '~> 3.5'
-  s.add_development_dependency 'shoulda-matchers', '~> 3.1'
+  s.add_development_dependency 'puma'
+  s.add_development_dependency 'rails-controller-testing'
+  s.add_development_dependency 'rspec-rails', '~> 4.0.0.beta2'
+  s.add_development_dependency 'sass-rails'
+  s.add_development_dependency 'selenium-webdriver'
+  s.add_development_dependency 'shoulda-matchers', '~> 4.3'
   s.add_development_dependency 'simplecov', '~> 0.12'
   s.add_development_dependency 'spree_backend', spree_version
   s.add_development_dependency 'spree_frontend', spree_version
   s.add_development_dependency 'sqlite3'
-  s.add_development_dependency 'appraisal'
+  s.add_development_dependency 'webdrivers', '~> 4.2.0'
 end