spree_auth_devise 4.1.0.rc1 → 4.3.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of spree_auth_devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +32 -23
- data/Appraisals +1 -1
- data/README.md +3 -12
- data/Rakefile +9 -3
- data/app/controllers/spree/api/v2/storefront/account_confirmations_controller.rb +20 -0
- data/app/controllers/spree/api/v2/storefront/passwords_controller.rb +35 -0
- data/app/controllers/spree/user_confirmations_controller.rb +45 -1
- data/app/controllers/spree/user_passwords_controller.rb +15 -1
- data/app/controllers/spree/user_registrations_controller.rb +33 -1
- data/app/controllers/spree/user_sessions_controller.rb +8 -0
- data/app/mailers/spree/user_mailer.rb +11 -4
- data/app/models/spree/user.rb +42 -0
- data/app/services/spree/account/create.rb +19 -0
- data/app/services/spree/account/update.rb +17 -0
- data/app/views/spree/user_mailer/confirmation_instructions.html.erb +20 -0
- data/app/views/spree/user_mailer/confirmation_instructions.text.erb +8 -5
- data/app/views/spree/user_mailer/reset_password_instructions.html.erb +20 -0
- data/app/views/spree/user_mailer/reset_password_instructions.text.erb +7 -5
- data/app/views/spree/user_passwords/new.html.erb +2 -3
- data/config/locales/de.yml +16 -0
- data/config/locales/en.yml +21 -6
- data/config/locales/zh-TW.yml +58 -0
- data/config/routes.rb +12 -2
- data/db/migrate/20120203010234_add_reset_password_sent_at_to_spree_users.rb +2 -2
- data/gemfiles/spree_4_1.gemfile +1 -1
- data/lib/controllers/api/spree/api/v2/storefront/account_controller_decorator.rb +41 -0
- data/lib/controllers/frontend/spree/checkout_controller_decorator.rb +3 -2
- data/lib/controllers/frontend/spree/users_controller.rb +3 -3
- data/lib/spree/auth/engine.rb +14 -1
- data/lib/spree_auth_devise.rb +0 -1
- data/lib/views/backend/spree/admin/user_passwords/new.html.erb +1 -1
- data/lib/views/backend/spree/admin/user_sessions/new.html.erb +1 -1
- data/spec/controllers/spree/api/v2/storefront/passwords_controller_spec.rb +63 -0
- data/spec/controllers/spree/user_registrations_controller_spec.rb +1 -1
- data/spec/features/admin/sign_in_spec.rb +8 -2
- data/spec/features/checkout_spec.rb +4 -4
- data/spec/features/confirmation_spec.rb +3 -3
- data/spec/features/sign_in_spec.rb +13 -7
- data/spec/features/sign_out_spec.rb +1 -3
- data/spec/features/sign_up_spec.rb +2 -2
- data/spec/mailers/user_mailer_spec.rb +3 -3
- data/spec/models/user_spec.rb +10 -8
- data/spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb +48 -0
- data/spec/requests/spree/api/v2/storefront/account_spec.rb +101 -0
- data/spec/spec_helper.rb +7 -38
- data/spree_auth_devise.gemspec +12 -29
- metadata +29 -359
- data/app/overrides/spree/admin/shared/_header/auth_admin_login_navigation_bar.html.erb.deface +0 -4
- data/spec/support/add_to_cart.rb +0 -22
- data/spec/support/authentication_helpers.rb +0 -14
- data/spec/support/cache_helpers.rb +0 -5
- data/spec/support/capybara.rb +0 -23
- data/spec/support/database_cleaner.rb +0 -17
- data/spec/support/factory_girl.rb +0 -5
- data/spec/support/spree.rb +0 -10
data/lib/spree_auth_devise.rb
CHANGED
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
<p><%= Spree.t(:instructions_to_reset_password) %></p>
|
7
7
|
|
8
|
-
<%= form_for Spree
|
8
|
+
<%= form_for Spree.user_class.new, :as => :spree_user, :url => spree.reset_password_path do |f| %>
|
9
9
|
<p>
|
10
10
|
<%= f.label :email, Spree.t(:email) %><br />
|
11
11
|
<%= f.email_field :email %>
|
@@ -4,7 +4,7 @@
|
|
4
4
|
|
5
5
|
<div data-hook="login" class="card border-0">
|
6
6
|
<div class="card-body">
|
7
|
-
<%= form_for Spree
|
7
|
+
<%= form_for Spree.user_class.new, :as => :spree_user, :url => spree.admin_create_new_session_path do |f| %>
|
8
8
|
<div id="password-credentials">
|
9
9
|
<div class="form-group text-center">
|
10
10
|
<%= f.label :email, Spree.t(:email) %>
|
@@ -0,0 +1,63 @@
|
|
1
|
+
RSpec.describe Spree::Api::V2::Storefront::PasswordsController, type: :controller do
|
2
|
+
let(:user) { create(:user) }
|
3
|
+
let(:password) { 'new_password' }
|
4
|
+
let(:store) { create(:store) }
|
5
|
+
|
6
|
+
describe 'POST create' do
|
7
|
+
before { post :create, params: params }
|
8
|
+
|
9
|
+
context 'when the user email has not been specified' do
|
10
|
+
let(:params) { { user: { email: '' } } }
|
11
|
+
it 'responds with not found status' do
|
12
|
+
expect(response.code).to eq('404')
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
context 'when the user email not found' do
|
17
|
+
let(:params) { { user: { email: 'dummy_email@example.com' } } }
|
18
|
+
it 'responds with not found status' do
|
19
|
+
expect(response.code).to eq('404')
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
context 'when the user email has been specified' do
|
24
|
+
let(:params) { { user: { email: user.email } } }
|
25
|
+
it_behaves_like 'returns 200 HTTP status'
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
describe 'PATCH update' do
|
30
|
+
before { patch :update, params: params }
|
31
|
+
|
32
|
+
context 'when updating password with blank password' do
|
33
|
+
let(:params) {
|
34
|
+
{
|
35
|
+
id: user.send_reset_password_instructions(Spree::Store.current),
|
36
|
+
user: {
|
37
|
+
password: '',
|
38
|
+
password_confirmation: ''
|
39
|
+
}
|
40
|
+
}
|
41
|
+
}
|
42
|
+
|
43
|
+
it 'responds with error' do
|
44
|
+
expect(response.code).to eq('422')
|
45
|
+
expect(JSON.parse(response.body)['error']).to eq("Password can't be blank")
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
context 'when updating password with specified password' do
|
50
|
+
let(:params) {
|
51
|
+
{
|
52
|
+
id: user.send_reset_password_instructions(Spree::Store.current),
|
53
|
+
user: {
|
54
|
+
password: password,
|
55
|
+
password_confirmation: password
|
56
|
+
}
|
57
|
+
}
|
58
|
+
}
|
59
|
+
|
60
|
+
it_behaves_like 'returns 200 HTTP status'
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
@@ -25,7 +25,7 @@ RSpec.describe Spree::UserRegistrationsController, type: :controller do
|
|
25
25
|
order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
|
26
26
|
end
|
27
27
|
post :create, params: { spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' }}
|
28
|
-
user = Spree
|
28
|
+
user = Spree.user_class.find_by_email('foobar@example.com')
|
29
29
|
|
30
30
|
order.reload
|
31
31
|
expect(order.user_id).to eq user.id
|
@@ -34,8 +34,14 @@ RSpec.feature 'Admin - Sign In', type: :feature do
|
|
34
34
|
fill_in 'Email', with: user.email
|
35
35
|
fill_in 'Password', with: 'secret'
|
36
36
|
click_button 'Log in'
|
37
|
-
|
38
|
-
|
37
|
+
if Spree.version.to_f > 4.1
|
38
|
+
within '.navbar .dropdown-menu' do
|
39
|
+
expect(page).to have_text 'admin@person.com'
|
40
|
+
end
|
41
|
+
else
|
42
|
+
within '.user-menu' do
|
43
|
+
expect(page).to have_text 'admin@person.com'
|
44
|
+
end
|
39
45
|
end
|
40
46
|
expect(current_path).to eq '/admin/orders'
|
41
47
|
end
|
@@ -60,7 +60,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
|
|
60
60
|
find('a.cart-icon').click
|
61
61
|
|
62
62
|
expect(page).to have_text 'RoR Mug'
|
63
|
-
within('h1') { expect(page).to have_text 'YOUR SHOPPING
|
63
|
+
within('h1') { expect(page).to have_text 'YOUR SHOPPING CART' }
|
64
64
|
|
65
65
|
click_link 'checkout'
|
66
66
|
|
@@ -87,9 +87,9 @@ RSpec.feature 'Checkout', :js, type: :feature do
|
|
87
87
|
# The 'plain-text' version is sent in the email and there's one way to get that!
|
88
88
|
reset_password_email = ActionMailer::Base.deliveries.first
|
89
89
|
token_url_regex = /^http:\/\/www.example.com\/user\/spree_user\/password\/edit\?reset_password_token=(.*)$/
|
90
|
-
token = token_url_regex.match(reset_password_email.body.
|
90
|
+
token = token_url_regex.match(reset_password_email.body.encoded)[1]
|
91
91
|
|
92
|
-
visit spree.edit_spree_user_password_path(reset_password_token: token)
|
92
|
+
visit spree.edit_spree_user_password_path(reset_password_token: token).tr("%0D","")
|
93
93
|
fill_in 'Password', with: 'password'
|
94
94
|
fill_in 'Password Confirmation', with: 'password'
|
95
95
|
click_button 'Update'
|
@@ -126,7 +126,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
|
|
126
126
|
click_button 'Save and Continue'
|
127
127
|
|
128
128
|
expect(page).to have_text 'Order placed successfully'
|
129
|
-
expect(Spree::Order.first.user).to eq Spree
|
129
|
+
expect(Spree::Order.first.user).to eq Spree.user_class.find_by_email('test@person.com')
|
130
130
|
end
|
131
131
|
end
|
132
132
|
end
|
@@ -3,7 +3,7 @@ require 'spec_helper'
|
|
3
3
|
RSpec.feature 'Confirmation', type: :feature, reload_user: true do
|
4
4
|
before do
|
5
5
|
set_confirmable_option(true)
|
6
|
-
Spree::UserMailer.
|
6
|
+
expect(Spree::UserMailer).to receive(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.current.id }).and_return(double(deliver: true))
|
7
7
|
end
|
8
8
|
|
9
9
|
after(:each) { set_confirmable_option(false) }
|
@@ -20,7 +20,7 @@ RSpec.feature 'Confirmation', type: :feature, reload_user: true do
|
|
20
20
|
fill_in 'Password Confirmation', with: 'password'
|
21
21
|
click_button 'Sign Up'
|
22
22
|
|
23
|
-
expect(page).to have_text '
|
24
|
-
expect(Spree
|
23
|
+
expect(page).to have_text I18n.t('devise.user_registrations.signed_up_but_unconfirmed')
|
24
|
+
expect(Spree.user_class.last.confirmed?).to be(false)
|
25
25
|
end
|
26
26
|
end
|
@@ -35,17 +35,23 @@ RSpec.feature 'Sign In', type: :feature do
|
|
35
35
|
fill_in 'Password', with: user.password
|
36
36
|
click_button 'Log in'
|
37
37
|
|
38
|
-
|
39
|
-
|
38
|
+
if Spree.version.to_f > 4.1
|
39
|
+
within '.navbar .dropdown-menu' do
|
40
|
+
expect(page).to have_text 'admin@person.com'
|
41
|
+
end
|
42
|
+
else
|
43
|
+
within '.user-menu' do
|
44
|
+
expect(page).to have_text 'admin@person.com'
|
45
|
+
end
|
40
46
|
end
|
41
47
|
expect(current_path).to eq '/admin/orders'
|
42
48
|
end
|
43
49
|
|
44
|
-
|
50
|
+
it 'should store the user previous location' do
|
45
51
|
visit spree.account_path
|
46
|
-
fill_in
|
47
|
-
fill_in
|
48
|
-
click_button
|
49
|
-
expect(current_path).to eq
|
52
|
+
fill_in 'Email', with: @user.email
|
53
|
+
fill_in 'Password', with: @user.password
|
54
|
+
click_button 'Log in'
|
55
|
+
expect(current_path).to eq '/account'
|
50
56
|
end
|
51
57
|
end
|
@@ -10,7 +10,7 @@ RSpec.feature 'Sign Up', type: :feature do
|
|
10
10
|
click_button 'Sign Up'
|
11
11
|
|
12
12
|
expect(page).to have_text 'You have signed up successfully.'
|
13
|
-
expect(Spree
|
13
|
+
expect(Spree.user_class.count).to eq(1)
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
@@ -25,7 +25,7 @@ RSpec.feature 'Sign Up', type: :feature do
|
|
25
25
|
click_button 'Sign Up'
|
26
26
|
|
27
27
|
expect(page).to have_css '#errorExplanation'
|
28
|
-
expect(Spree
|
28
|
+
expect(Spree.user_class.count).to eq(0)
|
29
29
|
end
|
30
30
|
end
|
31
31
|
end
|
@@ -5,7 +5,7 @@ RSpec.describe Spree::UserMailer, type: :mailer do
|
|
5
5
|
describe '#reset_password_instructions' do
|
6
6
|
describe 'message contents' do
|
7
7
|
before do
|
8
|
-
@message = described_class.reset_password_instructions(user, 'token goes here')
|
8
|
+
@message = described_class.reset_password_instructions(user, 'token goes here', { current_store_id: Spree::Store.current.id })
|
9
9
|
end
|
10
10
|
|
11
11
|
context 'subject includes' do
|
@@ -22,7 +22,7 @@ RSpec.describe Spree::UserMailer, type: :mailer do
|
|
22
22
|
|
23
23
|
context 'body includes' do
|
24
24
|
it 'password reset url' do
|
25
|
-
expect(@message.body.
|
25
|
+
expect(@message.body.encoded).to include "http://#{store.url}/user/spree_user/password/edit"
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|
@@ -30,7 +30,7 @@ RSpec.describe Spree::UserMailer, type: :mailer do
|
|
30
30
|
describe 'legacy support for User object' do
|
31
31
|
it 'sends an email' do
|
32
32
|
expect {
|
33
|
-
described_class.reset_password_instructions(user, 'token goes here').deliver_now
|
33
|
+
described_class.reset_password_instructions(user, 'token goes here', { current_store_id: Spree::Store.current.id }).deliver_now
|
34
34
|
}.to change(ActionMailer::Base.deliveries, :size).by(1)
|
35
35
|
end
|
36
36
|
end
|
data/spec/models/user_spec.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
RSpec.describe Spree::User, type: :model do
|
2
2
|
before(:all) { Spree::Role.create name: 'admin' }
|
3
|
+
let!(:store) { create(:store) }
|
3
4
|
|
4
5
|
it '#admin?' do
|
5
6
|
expect(create(:admin_user).admin?).to be true
|
@@ -8,8 +9,9 @@ RSpec.describe Spree::User, type: :model do
|
|
8
9
|
|
9
10
|
it 'generates the reset password token' do
|
10
11
|
user = build(:user)
|
11
|
-
|
12
|
-
user.
|
12
|
+
current_store = Spree::Store.current
|
13
|
+
expect(Spree::UserMailer).to receive(:reset_password_instructions).with(user, anything, { current_store_id: current_store.id }).and_return(double(deliver: true))
|
14
|
+
user.send_reset_password_instructions(current_store)
|
13
15
|
expect(user.reset_password_token).not_to be_nil
|
14
16
|
end
|
15
17
|
|
@@ -31,9 +33,9 @@ RSpec.describe Spree::User, type: :model do
|
|
31
33
|
order.save
|
32
34
|
user = order.user
|
33
35
|
user.destroy
|
34
|
-
expect(Spree
|
35
|
-
expect(Spree
|
36
|
-
expect(Spree
|
36
|
+
expect(Spree.user_class.find_by_id(user.id)).to be_nil
|
37
|
+
expect(Spree.user_class.with_deleted.find_by_id(user.id).id).to eq(user.id)
|
38
|
+
expect(Spree.user_class.with_deleted.find_by_id(user.id).orders.first).to eq(order)
|
37
39
|
|
38
40
|
expect(Spree::Order.find_by_user_id(user.id)).not_to be_nil
|
39
41
|
expect(Spree::Order.where(user_id: user.id).first).to eq(order)
|
@@ -66,14 +68,14 @@ RSpec.describe Spree::User, type: :model do
|
|
66
68
|
describe "confirmable", reload_user: true do
|
67
69
|
it "is confirmable if the confirmable option is enabled" do
|
68
70
|
set_confirmable_option(true)
|
69
|
-
Spree::UserMailer.stub(:confirmation_instructions).and_return(double(deliver: true))
|
70
|
-
expect(Spree
|
71
|
+
Spree::UserMailer.stub(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.current.id }).and_return(double(deliver: true))
|
72
|
+
expect(Spree.user_class.devise_modules).to include(:confirmable)
|
71
73
|
set_confirmable_option(false)
|
72
74
|
end
|
73
75
|
|
74
76
|
it "is not confirmable if the confirmable option is disabled" do
|
75
77
|
set_confirmable_option(false)
|
76
|
-
expect(Spree
|
78
|
+
expect(Spree.user_class.devise_modules).to_not include(:confirmable)
|
77
79
|
end
|
78
80
|
end
|
79
81
|
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'Storefront API v2 Account Confirmation spec', type: :request do
|
4
|
+
describe 'account_confirmations#show' do
|
5
|
+
|
6
|
+
before do
|
7
|
+
Spree::User.stub(:confirm_by_token, confirmation_token: confirmation_token).and_return user
|
8
|
+
get "/api/v2/storefront/account_confirmations/#{confirmation_token}"
|
9
|
+
end
|
10
|
+
|
11
|
+
context 'valid confirmation_token param' do
|
12
|
+
let(:user) { create(:user, confirmation_token: '12345') }
|
13
|
+
let(:confirmation_token) { user.confirmation_token }
|
14
|
+
|
15
|
+
it_behaves_like 'returns 200 HTTP status'
|
16
|
+
|
17
|
+
it 'returns user state' do
|
18
|
+
expect(JSON.parse(response.body)['data']['state']).to eq('')
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
context 'invalid confirmation_token param' do
|
23
|
+
let(:user) do
|
24
|
+
user = create(:user)
|
25
|
+
user.errors.add(:confirmation_token, :invalid)
|
26
|
+
return user
|
27
|
+
end
|
28
|
+
let(:confirmation_token) { 'dummy_token' }
|
29
|
+
|
30
|
+
it 'return 422 status' do
|
31
|
+
expect(response.code).to eq('422')
|
32
|
+
end
|
33
|
+
|
34
|
+
it 'return JSON API payload of error' do
|
35
|
+
expect(JSON.parse(response.body)['error']).to eq("Confirmation token is invalid")
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
context 'blank confirmation_token param' do
|
40
|
+
let(:user) { build(:user) }
|
41
|
+
let(:confirmation_token) { '' }
|
42
|
+
|
43
|
+
it 'return 301 status' do
|
44
|
+
expect(response.code).to eq('301')
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,101 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'Storefront API v2 Account spec', type: :request do
|
4
|
+
describe 'account#create' do
|
5
|
+
before { post '/api/v2/storefront/account', params: params }
|
6
|
+
|
7
|
+
context 'valid user params' do
|
8
|
+
let(:params) do
|
9
|
+
{
|
10
|
+
"user": {
|
11
|
+
"email": "hello@example.com",
|
12
|
+
"password": "password123",
|
13
|
+
"password_confirmation": "password123"
|
14
|
+
}
|
15
|
+
}
|
16
|
+
end
|
17
|
+
|
18
|
+
it_behaves_like 'returns 200 HTTP status'
|
19
|
+
|
20
|
+
it 'return JSON API payload of User' do
|
21
|
+
expect(JSON.parse(response.body)['data']['attributes']['email']).to eq('hello@example.com')
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
context 'invalid user params' do
|
26
|
+
let(:params) do
|
27
|
+
{
|
28
|
+
"user": {
|
29
|
+
"email": "hello@example.com",
|
30
|
+
"password": "password123",
|
31
|
+
"password_confirmation": ""
|
32
|
+
}
|
33
|
+
}
|
34
|
+
end
|
35
|
+
|
36
|
+
it 'return JSON API payload of error' do
|
37
|
+
expect(JSON.parse(response.body)['error']).to eq("Password Confirmation doesn't match Password")
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
42
|
+
|
43
|
+
describe 'account#update' do
|
44
|
+
include_context 'API v2 tokens'
|
45
|
+
|
46
|
+
let!(:user) { create(:user_with_addresses) }
|
47
|
+
let(:headers) { headers_bearer }
|
48
|
+
|
49
|
+
before { patch '/api/v2/storefront/account', params: params, headers: headers }
|
50
|
+
|
51
|
+
context 'valid user params' do
|
52
|
+
let(:params) do
|
53
|
+
{
|
54
|
+
"user": {
|
55
|
+
"email": "spree@example.com",
|
56
|
+
"password": "password123",
|
57
|
+
"password_confirmation": "password123"
|
58
|
+
}
|
59
|
+
}
|
60
|
+
end
|
61
|
+
|
62
|
+
it_behaves_like 'returns 200 HTTP status'
|
63
|
+
|
64
|
+
it 'return JSON API payload of User' do
|
65
|
+
expect(JSON.parse(response.body)['data']['attributes']['email']).to eq('spree@example.com')
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
context 'valid user params without passwords' do
|
70
|
+
let(:params) do
|
71
|
+
{
|
72
|
+
"user": {
|
73
|
+
"email": "spree@example.com"
|
74
|
+
}
|
75
|
+
}
|
76
|
+
end
|
77
|
+
|
78
|
+
it_behaves_like 'returns 200 HTTP status'
|
79
|
+
|
80
|
+
it 'return JSON API payload of User' do
|
81
|
+
expect(JSON.parse(response.body)['data']['attributes']['email']).to eq('spree@example.com')
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
context 'invalid user params' do
|
86
|
+
let(:params) do
|
87
|
+
{
|
88
|
+
"user": {
|
89
|
+
"email": "spree@example.com",
|
90
|
+
"password": "password123",
|
91
|
+
"password_confirmation": ""
|
92
|
+
}
|
93
|
+
}
|
94
|
+
end
|
95
|
+
|
96
|
+
it 'return JSON API payload of error' do
|
97
|
+
expect(JSON.parse(response.body)['error']).to eq("Password Confirmation doesn't match Password")
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|