RubyGems - spree_auth_devise - Versions diffs - 4.0.0 → 4.3.1 - Mend

spree_auth_devise 4.0.0 → 4.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of spree_auth_devise might be problematic. Click here for more details.

Files changed (96) hide show

checksums.yaml +4 -4
data/.circleci/config.yml +41 -0
data/.gitignore +1 -0
data/.travis.yml +33 -37
data/Appraisals +3 -14
data/Gemfile +1 -1
data/README.md +3 -12
data/Rakefile +9 -3
data/app/controllers/spree/api/v2/storefront/account_confirmations_controller.rb +20 -0
data/app/controllers/spree/api/v2/storefront/passwords_controller.rb +35 -0
data/app/controllers/spree/user_confirmations_controller.rb +38 -0
data/app/controllers/spree/user_passwords_controller.rb +9 -1
data/app/controllers/spree/user_registrations_controller.rb +34 -1
data/app/controllers/spree/user_sessions_controller.rb +23 -1
data/app/mailers/spree/user_mailer.rb +11 -4
data/app/models/spree/user.rb +42 -0
data/app/services/spree/account/create.rb +19 -0
data/app/services/spree/account/update.rb +17 -0
data/app/views/spree/user_mailer/confirmation_instructions.html.erb +20 -0
data/app/views/spree/user_mailer/confirmation_instructions.text.erb +8 -5
data/app/views/spree/user_mailer/reset_password_instructions.html.erb +20 -0
data/app/views/spree/user_mailer/reset_password_instructions.text.erb +7 -5
data/app/views/spree/user_passwords/edit.html.erb +20 -17
data/app/views/spree/user_passwords/new.html.erb +17 -15
data/app/views/spree/user_registrations/new.html.erb +12 -17
data/app/views/spree/user_sessions/new.html.erb +11 -12
data/config/locales/de.yml +16 -0
data/config/locales/en.yml +21 -6
data/config/locales/zh-TW.yml +58 -0
data/config/routes.rb +12 -3
data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb +2 -2
data/gemfiles/{spree_3_2.gemfile → spree_4_1.gemfile} +1 -1
data/lib/controllers/api/spree/api/v2/storefront/account_controller_decorator.rb +41 -0
data/lib/controllers/frontend/spree/checkout_controller_decorator.rb +3 -2
data/lib/controllers/frontend/spree/users_controller.rb +4 -4
data/lib/generators/spree/auth/install/install_generator.rb +0 -4
data/lib/spree/auth/engine.rb +14 -1
data/lib/spree/testing_support/auth_helpers.rb +36 -0
data/lib/spree/testing_support/checkout_helpers.rb +24 -0
data/lib/spree_auth_devise.rb +0 -1
data/lib/views/backend/spree/admin/user_passwords/new.html.erb +1 -1
data/lib/views/backend/spree/admin/user_sessions/new.html.erb +1 -1
data/spec/controllers/spree/admin/orders_controller_spec.rb +1 -1
data/spec/controllers/spree/admin/user_sessions_controller_spec.rb +1 -1
data/spec/controllers/spree/api/v2/storefront/passwords_controller_spec.rb +63 -0
data/spec/controllers/spree/checkout_controller_spec.rb +12 -13
data/spec/controllers/spree/products_controller_spec.rb +1 -1
data/spec/controllers/spree/user_passwords_controller_spec.rb +4 -4
data/spec/controllers/spree/user_registrations_controller_spec.rb +8 -8
data/spec/controllers/spree/user_sessions_controller_spec.rb +17 -17
data/spec/controllers/spree/users_controller_spec.rb +4 -4
data/spec/features/account_spec.rb +10 -8
data/spec/features/admin/password_reset_spec.rb +2 -4
data/spec/features/admin/sign_in_spec.rb +13 -9
data/spec/features/admin/sign_out_spec.rb +1 -1
data/spec/features/admin_permissions_spec.rb +1 -1
data/spec/features/change_email_spec.rb +1 -7
data/spec/features/checkout_spec.rb +40 -65
data/spec/features/confirmation_spec.rb +4 -6
data/spec/features/order_spec.rb +9 -15
data/spec/features/password_reset_spec.rb +2 -4
data/spec/features/sign_in_spec.rb +21 -17
data/spec/features/sign_out_spec.rb +14 -23
data/spec/features/sign_up_spec.rb +6 -4
data/spec/mailers/user_mailer_spec.rb +4 -4
data/spec/models/user_spec.rb +10 -8
data/spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb +48 -0
data/spec/requests/spree/api/v2/storefront/account_spec.rb +101 -0
data/spec/spec_helper.rb +7 -22
data/spree_auth_devise.gemspec +14 -27
metadata +35 -337
data/app/overrides/auth_shared_login_bar.rb +0 -6
data/app/overrides/spree/admin/shared/_header/auth_admin_login_navigation_bar.html.erb.deface +0 -4
data/app/views/spree/shared/_login.html.erb +0 -18
data/app/views/spree/shared/_user_form.html.erb +0 -17
data/gemfiles/spree_3_5.gemfile +0 -8
data/gemfiles/spree_3_7.gemfile +0 -9
data/gemfiles/spree_4_0.gemfile +0 -8
data/lib/assets/javascripts/spree/backend/spree_auth.js.erb +0 -1
data/lib/assets/javascripts/spree/frontend/account.js +0 -8
data/lib/assets/javascripts/spree/frontend/spree_auth.js.erb +0 -2
data/lib/assets/stylesheets/spree/backend/spree_auth.css.erb +0 -3
data/lib/assets/stylesheets/spree/frontend/spree_auth.css.erb +0 -3
data/lib/controllers/frontend/spree/store_controller_decorator.rb +0 -7
data/lib/views/frontend/spree/checkout/_new_user.html.erb +0 -20
data/lib/views/frontend/spree/checkout/registration.html.erb +0 -25
data/lib/views/frontend/spree/shared/_link_to_account.html.erb +0 -6
data/lib/views/frontend/spree/users/edit.html.erb +0 -17
data/lib/views/frontend/spree/users/show.html.erb +0 -48
data/spec/support/add_to_cart.rb +0 -15
data/spec/support/authentication_helpers.rb +0 -14
data/spec/support/cache_helpers.rb +0 -5
data/spec/support/capybara.rb +0 -16
data/spec/support/database_cleaner.rb +0 -17
data/spec/support/factory_girl.rb +0 -5
data/spec/support/spree.rb +0 -10

data/config/routes.rb CHANGED

@@ -1,6 +1,6 @@
 Spree::Core::Engine.add_routes do
   devise_for :spree_user,
-             class_name: 'Spree::User',
+             class_name: Spree.user_class.to_s,
              controllers: { sessions: 'spree/user_sessions',
                                registrations: 'spree/user_registrations',
                                passwords: 'spree/user_passwords',
@@ -27,12 +27,11 @@ Spree::Core::Engine.add_routes do
   get '/checkout/registration' => 'checkout#registration', :as => :checkout_registration
   put '/checkout/registration' => 'checkout#update_registration', :as => :update_checkout_registration
-  get '/account_link' => 'store#account_link'
   resource :account, controller: 'users'
   namespace :admin, path: Spree.admin_path do
     devise_for :spree_user,
-               class_name: 'Spree::User',
+               class_name: Spree.user_class.to_s,
                controllers: { sessions: 'spree/admin/user_sessions',
                                  passwords: 'spree/admin/user_passwords' },
                skip: [:unlocks, :omniauth_callbacks, :registrations],
@@ -45,4 +44,14 @@ Spree::Core::Engine.add_routes do
       get '/logout' => 'user_sessions#destroy', :as => :logout
     end
   end
+  namespace :api, defaults: { format: 'json' } do
+    namespace :v2 do
+      namespace :storefront do
+        resource :account, controller: :account, only: %i[show create update]
+        resources :account_confirmations, only: %i[show]
+        resources :passwords, controller: :passwords, only: %i[create update]
+      end
+    end
+  end
 end

data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb CHANGED

@@ -1,7 +1,7 @@
 class AddResetPasswordSentAtToSpreeUsers < SpreeExtension::Migration[4.2]
   def change
-    Spree::User.reset_column_information
-    unless Spree::User.column_names.include?("reset_password_sent_at")
+    Spree.user_class.reset_column_information
+    unless Spree.user_class.column_names.include?("reset_password_sent_at")
       add_column :spree_users, :reset_password_sent_at, :datetime
     end
   end

data/gemfiles/{spree_3_2.gemfile → spree_4_1.gemfile} RENAMED

@@ -3,6 +3,6 @@
 source "https://rubygems.org"
 gem "rails-controller-testing"
-gem "spree", "~> 3.2.0"
+gem "spree", "~> 4.1"
 gemspec path: "../"

data/lib/controllers/api/spree/api/v2/storefront/account_controller_decorator.rb ADDED

@@ -0,0 +1,41 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        module AccountControllerDecorator
+          def self.prepended(base)
+            base.skip_before_action :require_spree_current_user, only: [:create]
+          end
+          def create
+            result = Spree::Account::Create.call(user_params: spree_user_params)
+            render_payload(result)
+          end
+          def update
+            result = Spree::Account::Update.call(user: spree_current_user, user_params: spree_user_params)
+            render_payload(result)
+          end
+          private
+          def render_payload(result)
+            if result.success?
+              render_serialized_payload { serialize_resource(result.value) }
+            else
+              render_error_payload(result.error)
+            end
+          end
+          def spree_user_params
+            params.require(:user).permit(Spree::PermittedAttributes.user_attributes)
+          end
+        end
+      end
+    end
+  end
+end
+::Spree::Api::V2::Storefront::AccountController.prepend(Spree::Api::V2::Storefront::AccountControllerDecorator)

data/lib/controllers/frontend/spree/checkout_controller_decorator.rb CHANGED

@@ -6,7 +6,8 @@ module Spree::CheckoutControllerDecorator
   end
   def registration
-    @user = Spree::User.new
+    @user = Spree.user_class.new
+    @title = Spree.t(:registration)
   end
   def update_registration
@@ -14,7 +15,7 @@ module Spree::CheckoutControllerDecorator
       redirect_to spree.checkout_state_path(:address)
     else
       flash[:error] = t(:email_is_invalid, scope: [:errors, :messages])
-      @user = Spree::User.new
+      @user = Spree.user_class.new
       render 'registration'
     end
   end

data/lib/controllers/frontend/spree/users_controller.rb CHANGED

@@ -1,5 +1,5 @@
 class Spree::UsersController < Spree::StoreController
-  skip_before_action :set_current_order, only: :show
+  before_action :set_current_order, except: :show
   prepend_before_action :load_object, only: [:show, :edit, :update]
   prepend_before_action :authorize_actions, only: :new
@@ -10,7 +10,7 @@ class Spree::UsersController < Spree::StoreController
   end
   def create
-    @user = Spree::User.new(user_params)
+    @user = Spree.user_class.new(user_params)
     if @user.save
       if current_order
@@ -27,7 +27,7 @@ class Spree::UsersController < Spree::StoreController
     if @user.update(user_params)
       if params[:user][:password].present?
         # this logic needed b/c devise wants to log us out after password changes
-        Spree::User.reset_password_by_token(params[:user])
+        Spree.user_class.reset_password_by_token(params[:user])
         if Spree::Auth::Config[:signout_after_password_change]
           sign_in(@user, event: :authentication)
         else
@@ -52,7 +52,7 @@ class Spree::UsersController < Spree::StoreController
   end
   def authorize_actions
-    authorize! params[:action].to_sym, Spree::User.new
+    authorize! params[:action].to_sym, Spree.user_class.new
   end
   def accurate_title

data/lib/generators/spree/auth/install/install_generator.rb CHANGED

@@ -10,10 +10,6 @@ module Spree
           paths.flatten
         end
-        def add_javascripts
-          append_file 'vendor/assets/javascripts/spree/frontend/all.js', "//= require spree/frontend/spree_auth\n"
-        end
         def generate_devise_key
           return if ENV['CI']
           template 'config/initializers/devise.rb', 'config/initializers/devise.rb'

data/lib/spree/auth/engine.rb CHANGED

@@ -42,7 +42,12 @@ module Spree
             'lib/assets/javascripts/spree/frontend/spree_auth.js',
             'lib/assets/javascripts/spree/frontend/spree_auth.css'
           ]
-          Dir.glob(File.join(File.dirname(__FILE__), "../../controllers/frontend/*/*_decorator*.rb")) do |c|
+          Dir.glob(File.join(File.dirname(__FILE__), "../../controllers/frontend/**/*_decorator*.rb")) do |c|
+            Rails.configuration.cache_classes ? require(c) : load(c)
+          end
+        end
+        if Spree::Auth::Engine.api_available?
+          Dir.glob(File.join(File.dirname(__FILE__), "../../controllers/api/**/*_decorator*.rb")) do |c|
             Rails.configuration.cache_classes ? require(c) : load(c)
           end
         end
@@ -61,6 +66,10 @@ module Spree
         @@frontend_available ||= ::Rails::Engine.subclasses.map(&:instance).map{ |e| e.class.to_s }.include?('Spree::Frontend::Engine')
       end
+      def self.api_available?
+        @@api_available ||= ::Rails::Engine.subclasses.map(&:instance).map{ |e| e.class.to_s }.include?('Spree::Api::Engine')
+      end
       if backend_available?
         paths["app/controllers"] << "lib/controllers/backend"
         paths["app/views"] << "lib/views/backend"
@@ -71,6 +80,10 @@ module Spree
         paths["app/views"] << "lib/views/frontend"
       end
+      if api_available?
+        paths["app/controllers"] << "lib/controllers/api"
+      end
       config.to_prepare &method(:activate).to_proc
     end
   end

data/lib/spree/testing_support/auth_helpers.rb ADDED

@@ -0,0 +1,36 @@
+module Spree
+  module TestingSupport
+    module AuthHelpers
+      def log_in(email:, password:, remember_me: true)
+        visit spree.login_path
+        fill_in 'Email', with: email
+        fill_in 'Password', with: password
+        # Regression test for #1257
+        first('label', text: 'Remember me').click if remember_me
+        click_button 'Log in'
+        expect(page).to have_content 'Logged in successfully'
+      end
+      def log_out
+        show_user_menu
+        click_link 'LOG OUT'
+        expect(page).to have_content 'Signed out successfully'
+      end
+      def show_user_menu
+        find("button[aria-label='Show user menu']").click
+      end
+      def show_user_account
+        within '#nav-bar' do
+          show_user_menu
+          click_link 'MY ACCOUNT'
+        end
+      end
+    end
+  end
+end

data/lib/spree/testing_support/checkout_helpers.rb ADDED

@@ -0,0 +1,24 @@
+module Spree
+  module TestingSupport
+    module CheckoutHelpers
+      def fill_in_address
+        address = 'order_bill_address_attributes'
+        fill_in "#{address}_firstname", with: 'Ryan'
+        fill_in "#{address}_lastname", with: 'Bigg'
+        fill_in "#{address}_address1", with: '143 Swan Street'
+        fill_in "#{address}_city", with: 'Richmond'
+        select country.name, from: "#{address}_country_id"
+        select state.name, from: "#{address}_state_id"
+        fill_in "#{address}_zipcode", with: '12345'
+        fill_in "#{address}_phone", with: '(555) 555-5555'
+      end
+      def fill_in_credit_card_info(invalid: false)
+        fill_in 'name_on_card', with: 'Spree Commerce'
+        fill_in 'card_number', with: invalid ? '123' : '4111 1111 1111 1111'
+        fill_in 'card_expiry', with: '12 / 24'
+        fill_in 'card_code', with: '123'
+      end
+    end
+  end
+end

data/lib/spree_auth_devise.rb CHANGED

@@ -1,5 +1,4 @@
 require 'spree_core'
 require 'spree/auth/devise'
 require 'spree/authentication_helpers'
-require 'deface'
 require 'spree_extension'

data/lib/views/backend/spree/admin/user_passwords/new.html.erb CHANGED

@@ -5,7 +5,7 @@
   <p><%= Spree.t(:instructions_to_reset_password) %></p>
-  <%= form_for Spree::User.new, :as => :spree_user, :url => spree.reset_password_path do |f| %>
+  <%= form_for Spree.user_class.new, :as => :spree_user, :url => spree.reset_password_path do |f| %>
     <p>
       <%= f.label :email, Spree.t(:email) %><br />
       <%= f.email_field :email %>

data/lib/views/backend/spree/admin/user_sessions/new.html.erb CHANGED

@@ -4,7 +4,7 @@
 <div data-hook="login" class="card border-0">
   <div class="card-body">
-    <%= form_for Spree::User.new, :as => :spree_user, :url => spree.admin_create_new_session_path do |f| %>
+    <%= form_for Spree.user_class.new, :as => :spree_user, :url => spree.admin_create_new_session_path do |f| %>
       <div id="password-credentials">
         <div class="form-group text-center">
           <%= f.label :email, Spree.t(:email) %>

data/spec/controllers/spree/admin/orders_controller_spec.rb CHANGED

@@ -5,7 +5,7 @@ module Spree
       context '#authorize_admin' do
         it 'grants access to users with an admin role' do
-          spree_get :new
+          get :new
           expect(response).to redirect_to spree.cart_admin_order_path(Order.last)
         end
       end

data/spec/controllers/spree/admin/user_sessions_controller_spec.rb CHANGED

@@ -2,7 +2,7 @@ RSpec.describe Spree::Admin::UserSessionsController, type: :controller do
   before { @request.env['devise.mapping'] = Devise.mappings[:spree_user] }
   describe '#authorization_failure' do
-    subject { spree_get :authorization_failure }
+    subject { get :authorization_failure }
     context 'user signed in' do
       before { allow(controller).to receive(:spree_current_user) { build_stubbed(:user) } }

data/spec/controllers/spree/api/v2/storefront/passwords_controller_spec.rb ADDED

@@ -0,0 +1,63 @@
+RSpec.describe Spree::Api::V2::Storefront::PasswordsController, type: :controller do
+  let(:user) { create(:user) }
+  let(:password) { 'new_password' }
+  let(:store) { create(:store) }
+  describe 'POST create' do
+    before { post :create, params: params }
+    context 'when the user email has not been specified' do
+      let(:params) { { user: { email: '' } } }
+      it 'responds with not found status' do
+        expect(response.code).to eq('404')
+      end
+    end
+    context 'when the user email not found' do
+      let(:params) { { user: { email: 'dummy_email@example.com' } } }
+      it 'responds with not found status' do
+        expect(response.code).to eq('404')
+      end
+    end
+    context 'when the user email has been specified' do
+      let(:params) { { user: { email: user.email } } }
+      it_behaves_like 'returns 200 HTTP status'
+    end
+  end
+  describe 'PATCH update' do
+    before { patch :update, params: params }
+    context 'when updating password with blank password' do
+      let(:params) {
+        {
+          id: user.send_reset_password_instructions(Spree::Store.current),
+          user: {
+            password: '',
+            password_confirmation: ''
+          }
+        }
+      }
+      it 'responds with error' do
+        expect(response.code).to eq('422')
+        expect(JSON.parse(response.body)['error']).to eq("Password can't be blank")
+      end
+    end
+    context 'when updating password with specified password' do
+      let(:params) {
+        {
+          id: user.send_reset_password_instructions(Spree::Store.current),
+          user: {
+            password: password,
+            password_confirmation: password
+          }
+        }
+      }
+      it_behaves_like 'returns 200 HTTP status'
+    end
+  end
+end

data/spec/controllers/spree/checkout_controller_spec.rb CHANGED

@@ -19,14 +19,14 @@ RSpec.describe Spree::CheckoutController, type: :controller do
         before { allow(controller).to receive(:spree_current_user) { user } }
         it 'proceeds to the first checkout step' do
-          spree_get :edit, { state: 'address' }
+          get :edit, params: { state: 'address' }
           expect(response).to render_template :edit
         end
       end
       context 'when authenticated as guest' do
         it 'redirects to registration step' do
-          spree_get :edit, { state: 'address' }
+          get :edit, params: { state: 'address' }
           expect(response).to redirect_to spree.checkout_registration_path
         end
       end
@@ -42,14 +42,14 @@ RSpec.describe Spree::CheckoutController, type: :controller do
         before { allow(controller).to receive(:spree_current_user) { user } }
         it 'proceeds to the first checkout step' do
-          spree_get :edit, { state: 'address' }
+          get :edit, params: { state: 'address' }
           expect(response).to render_template :edit
         end
       end
       context 'when authenticated as guest' do
         it 'proceeds to the first checkout step' do
-          spree_get :edit, { state: 'address' }
+          get :edit, params: { state: 'address' }
           expect(response).to render_template :edit
         end
       end
@@ -81,9 +81,8 @@ RSpec.describe Spree::CheckoutController, type: :controller do
           else
             request.cookie_jar.signed[:guest_token] = 'ABC'
           end
-          spree_post :update, { state: 'confirm' }
+          post :update, params: { state: 'confirm' }
           expect(response).to redirect_to spree.order_path(order)
-          expect(flash.notice).to eq Spree.t(:order_processed_successfully)
         end
       end
@@ -99,7 +98,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
         end
         it 'redirects to the standard order view' do
-          spree_post :update, { state: 'confirm' }
+          post :update, params: { state: 'confirm' }
           expect(response).to redirect_to spree.order_path(order)
         end
       end
@@ -110,7 +109,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
     it 'does not check registration' do
       allow(controller).to receive(:check_authorization)
       expect(controller).not_to receive(:check_registration)
-      spree_get :registration
+      get :registration
     end
     it 'checks if the user is authorized for :edit' do
@@ -120,7 +119,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
       else
         request.cookie_jar.signed[:guest_token] = token
       end
-      spree_get :registration, {}
+      get :registration, params: {}
     end
   end
@@ -131,12 +130,12 @@ RSpec.describe Spree::CheckoutController, type: :controller do
       controller.stub :check_authorization
       order.stub update: true
       controller.should_not_receive :check_registration
-      spree_put :update_registration, { order: {} }
+      put :update_registration, params: { order: {} }
     end
     it 'renders the registration view if unable to save' do
       allow(controller).to receive(:check_authorization)
-      spree_put :update_registration, { order: { email: 'invalid' } }
+      put :update_registration, params: { order: { email: 'invalid' } }
       expect(flash[:error]).to eq I18n.t(:email_is_invalid, scope: [:errors, :messages])
       expect(response).to render_template :registration
     end
@@ -144,7 +143,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
     it 'redirects to the checkout_path after saving' do
       allow(order).to receive(:update) { true }
       allow(controller).to receive(:check_authorization)
-      spree_put :update_registration, { order: { email: 'jobs@spreecommerce.com' } }
+      put :update_registration, params: { order: { email: 'jobs@spreecommerce.com' } }
       expect(response).to redirect_to spree.checkout_state_path(:address)
     end
@@ -156,7 +155,7 @@ RSpec.describe Spree::CheckoutController, type: :controller do
       end
       allow(order).to receive(:update) { true }
       expect(controller).to receive(:authorize!).with(:edit, order, token)
-      spree_put :update_registration, { order: { email: 'jobs@spreecommerce.com' } }
+      put :update_registration, params: { order: { email: 'jobs@spreecommerce.com' } }
     end
   end
 end