spree_auth_devise 4.2.1 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of spree_auth_devise might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +6 -3
- data/Gemfile +1 -1
- data/app/controllers/spree/user_confirmations_controller.rb +11 -8
- data/app/controllers/spree/user_passwords_controller.rb +9 -10
- data/app/controllers/spree/user_registrations_controller.rb +10 -10
- data/app/controllers/spree/user_sessions_controller.rb +3 -10
- data/app/mailers/spree/user_mailer.rb +6 -3
- data/app/models/spree/user.rb +25 -0
- data/app/views/spree/user_mailer/confirmation_instructions.html.erb +20 -0
- data/app/views/spree/user_mailer/confirmation_instructions.text.erb +7 -4
- data/app/views/spree/user_mailer/reset_password_instructions.html.erb +20 -0
- data/app/views/spree/user_mailer/reset_password_instructions.text.erb +9 -2
- data/config/locales/de.yml +0 -2
- data/config/locales/en.yml +14 -6
- data/config/locales/zh-TW.yml +0 -2
- data/lib/controllers/frontend/spree/checkout_controller_decorator.rb +2 -1
- data/lib/controllers/frontend/spree/users_controller.rb +1 -6
- data/lib/spree_auth_devise.rb +0 -1
- data/spec/features/checkout_spec.rb +2 -2
- data/spec/features/confirmation_spec.rb +1 -1
- data/spec/mailers/user_mailer_spec.rb +1 -1
- data/spec/models/user_spec.rb +1 -1
- data/spree_auth_devise.gemspec +11 -6
- metadata +13 -23
- data/app/overrides/spree/admin/shared/_header/auth_admin_login_navigation_bar.html.erb.deface +0 -4
- data/spec/requests/spree/frontend/user_update_spec.rb +0 -42
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 91d6026f95c5de39d8065c441df4c64af29eccd78bf0aeafebfea951bbf87a91
|
4
|
+
data.tar.gz: 67f50ef5c962e5248621d94311a704db4c0081b6dc8864a1c01892adb5374a26
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7a8bd6c26af9821c350b367937f93901d1fc94c89b3e8fc99f2b1c583332455b4f66f23f7c015f2c94a43cca7af940fc11cae6dbab21656d05c3b57db5efec72
|
7
|
+
data.tar.gz: 6796f33284e8c55fa71045d39c0e8209d59550a044cb7c92efaf441a3bc8c70d4d68dcaface2ea6be690ebafbe1ed6a68f2e0bbbfa539c6a118d2d359b46a0a7
|
data/.travis.yml
CHANGED
@@ -15,8 +15,8 @@ services:
|
|
15
15
|
language: ruby
|
16
16
|
|
17
17
|
rvm:
|
18
|
-
- 2.
|
19
|
-
-
|
18
|
+
- 2.7
|
19
|
+
- 3.0
|
20
20
|
|
21
21
|
env:
|
22
22
|
- DB=mysql
|
@@ -27,8 +27,11 @@ gemfile:
|
|
27
27
|
- gemfiles/spree_master.gemfile
|
28
28
|
|
29
29
|
jobs:
|
30
|
+
exclude:
|
31
|
+
- rvm: 3.0
|
32
|
+
gemfile: gemfiles/spree_4_1.gemfile
|
30
33
|
allow_failures:
|
31
|
-
|
34
|
+
- gemfile: gemfiles/spree_master.gemfile
|
32
35
|
|
33
36
|
before_install:
|
34
37
|
- mysql -u root -e "GRANT ALL ON *.* TO 'travis'@'%';"
|
data/Gemfile
CHANGED
@@ -6,16 +6,19 @@ class Spree::UserConfirmationsController < Devise::ConfirmationsController
|
|
6
6
|
include Spree::Core::ControllerHelpers::Order
|
7
7
|
include Spree::Core::ControllerHelpers::Store
|
8
8
|
|
9
|
-
|
9
|
+
before_action :set_current_order
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
11
|
+
# POST /resource/confirmation
|
12
|
+
def create
|
13
|
+
self.resource = resource_class.send_confirmation_instructions(resource_params, current_store)
|
14
|
+
yield resource if block_given?
|
15
15
|
|
16
|
-
|
17
|
-
|
18
|
-
|
16
|
+
if successfully_sent?(resource)
|
17
|
+
respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
|
18
|
+
else
|
19
|
+
respond_with(resource)
|
20
|
+
end
|
21
|
+
end
|
19
22
|
|
20
23
|
# GET /resource/confirmation?confirmation_token=abcdef
|
21
24
|
def show
|
@@ -6,16 +6,9 @@ class Spree::UserPasswordsController < Devise::PasswordsController
|
|
6
6
|
include Spree::Core::ControllerHelpers::Order
|
7
7
|
include Spree::Core::ControllerHelpers::Store
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
|
13
|
-
|
14
|
-
include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
|
15
|
-
|
16
|
-
helper 'spree/locale' if defined?(Spree::LocaleHelper)
|
17
|
-
helper 'spree/currency' if defined?(Spree::CurrencyHelper)
|
18
|
-
helper 'spree/store' if defined?(Spree::StoreHelper)
|
9
|
+
if defined?(SpreeI18n::ControllerLocaleHelper)
|
10
|
+
include SpreeI18n::ControllerLocaleHelper
|
11
|
+
end
|
19
12
|
|
20
13
|
before_action :set_current_order
|
21
14
|
|
@@ -60,4 +53,10 @@ class Spree::UserPasswordsController < Devise::PasswordsController
|
|
60
53
|
def new_session_path(resource_name)
|
61
54
|
spree.send("new_#{resource_name}_session_path")
|
62
55
|
end
|
56
|
+
|
57
|
+
private
|
58
|
+
|
59
|
+
def accurate_title
|
60
|
+
Spree.t(:reset_password)
|
61
|
+
end
|
63
62
|
end
|
@@ -6,16 +6,9 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
|
|
6
6
|
include Spree::Core::ControllerHelpers::Order
|
7
7
|
include Spree::Core::ControllerHelpers::Store
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
|
13
|
-
|
14
|
-
include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
|
15
|
-
|
16
|
-
helper 'spree/locale' if defined?(Spree::LocaleHelper)
|
17
|
-
helper 'spree/currency' if defined?(Spree::CurrencyHelper)
|
18
|
-
helper 'spree/store' if defined?(Spree::StoreHelper)
|
9
|
+
if defined?(SpreeI18n::ControllerLocaleHelper)
|
10
|
+
include SpreeI18n::ControllerLocaleHelper
|
11
|
+
end
|
19
12
|
|
20
13
|
before_action :check_permissions, only: [:edit, :update]
|
21
14
|
before_action :set_current_order
|
@@ -30,6 +23,7 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
|
|
30
23
|
# POST /resource/sign_up
|
31
24
|
def create
|
32
25
|
@user = build_resource(spree_user_params)
|
26
|
+
resource.skip_confirmation_notification! if Spree::Auth::Config[:confirmable]
|
33
27
|
resource_saved = resource.save
|
34
28
|
yield resource if block_given?
|
35
29
|
if resource_saved
|
@@ -37,10 +31,12 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
|
|
37
31
|
set_flash_message :notice, :signed_up
|
38
32
|
sign_up(resource_name, resource)
|
39
33
|
session[:spree_user_signup] = true
|
34
|
+
resource.send_confirmation_instructions(current_store) if Spree::Auth::Config[:confirmable]
|
40
35
|
redirect_to_checkout_or_account_path(resource)
|
41
36
|
else
|
42
37
|
set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}"
|
43
38
|
expire_data_after_sign_in!
|
39
|
+
resource.send_confirmation_instructions(current_store) if Spree::Auth::Config[:confirmable]
|
44
40
|
respond_with resource, location: after_inactive_sign_up_path_for(resource)
|
45
41
|
end
|
46
42
|
else
|
@@ -96,6 +92,10 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
|
|
96
92
|
|
97
93
|
private
|
98
94
|
|
95
|
+
def accurate_title
|
96
|
+
Spree.t(:sign_up)
|
97
|
+
end
|
98
|
+
|
99
99
|
def spree_user_params
|
100
100
|
params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes)
|
101
101
|
end
|
@@ -6,16 +6,9 @@ class Spree::UserSessionsController < Devise::SessionsController
|
|
6
6
|
include Spree::Core::ControllerHelpers::Order
|
7
7
|
include Spree::Core::ControllerHelpers::Store
|
8
8
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
|
13
|
-
|
14
|
-
include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
|
15
|
-
|
16
|
-
helper 'spree/locale' if defined?(Spree::LocaleHelper)
|
17
|
-
helper 'spree/currency' if defined?(Spree::CurrencyHelper)
|
18
|
-
helper 'spree/store' if defined?(Spree::StoreHelper)
|
9
|
+
if defined?(SpreeI18n::ControllerLocaleHelper)
|
10
|
+
include SpreeI18n::ControllerLocaleHelper
|
11
|
+
end
|
19
12
|
|
20
13
|
before_action :set_current_order
|
21
14
|
|
@@ -6,15 +6,18 @@ module Spree
|
|
6
6
|
@locale = @current_store.has_attribute?(:default_locale) ? @current_store.default_locale : I18n.default_locale
|
7
7
|
I18n.locale = @locale if @locale.present?
|
8
8
|
@edit_password_reset_url = spree.edit_spree_user_password_url(reset_password_token: token, host: @current_store.url)
|
9
|
+
@user = user
|
9
10
|
|
10
|
-
mail to: user.email, from: from_address, subject: @current_store.name + ' ' + I18n.t(:subject, scope: [:devise, :mailer, :reset_password_instructions])
|
11
|
+
mail to: user.email, from: from_address, subject: @current_store.name + ' ' + I18n.t(:subject, scope: [:devise, :mailer, :reset_password_instructions]), store_url: @current_store.url
|
11
12
|
end
|
12
13
|
|
13
14
|
def confirmation_instructions(user, token, _opts = {})
|
14
|
-
|
15
|
+
current_store_id = _opts[:current_store_id]
|
16
|
+
@current_store = Spree::Store.find(current_store_id) || Spree::Store.current
|
17
|
+
@confirmation_url = spree_user_confirmation_url(confirmation_token: token, host: Spree::Store.current.url)
|
15
18
|
@email = user.email
|
16
19
|
|
17
|
-
mail to: user.email, from: from_address, subject:
|
20
|
+
mail to: user.email, from: from_address, subject: @current_store.name + ' ' + I18n.t(:subject, scope: [:devise, :mailer, :confirmation_instructions]), store_url: @current_store.url
|
18
21
|
end
|
19
22
|
end
|
20
23
|
end
|
data/app/models/spree/user.rb
CHANGED
@@ -27,6 +27,31 @@ module Spree
|
|
27
27
|
has_spree_role?('admin')
|
28
28
|
end
|
29
29
|
|
30
|
+
def self.send_confirmation_instructions(attributes = {}, current_store)
|
31
|
+
confirmable = find_by_unconfirmed_email_with_errors(attributes) if reconfirmable
|
32
|
+
unless confirmable.try(:persisted?)
|
33
|
+
confirmable = find_or_initialize_with_errors(confirmation_keys, attributes, :not_found)
|
34
|
+
end
|
35
|
+
confirmable.resend_confirmation_instructions(current_store) if confirmable.persisted?
|
36
|
+
confirmable
|
37
|
+
end
|
38
|
+
|
39
|
+
def resend_confirmation_instructions(current_store)
|
40
|
+
pending_any_confirmation do
|
41
|
+
send_confirmation_instructions(current_store)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
def send_confirmation_instructions(current_store)
|
46
|
+
unless @raw_confirmation_token
|
47
|
+
generate_confirmation_token!
|
48
|
+
end
|
49
|
+
|
50
|
+
opts = pending_reconfirmation? ? { to: unconfirmed_email } : {}
|
51
|
+
opts[:current_store_id] = current_store.id
|
52
|
+
send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
|
53
|
+
end
|
54
|
+
|
30
55
|
def self.send_reset_password_instructions(attributes={}, current_store)
|
31
56
|
recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
|
32
57
|
recoverable.send_reset_password_instructions(current_store) if recoverable.persisted?
|
@@ -0,0 +1,20 @@
|
|
1
|
+
<h1>
|
2
|
+
<%= Spree.t('user_mailer.confirmation_instructions.welcome', email: @email) %>
|
3
|
+
</h1>
|
4
|
+
<p>
|
5
|
+
<%= Spree.t('user_mailer.confirmation_instructions.instructions_1', { store_name: @current_store.name }) %>
|
6
|
+
</p>
|
7
|
+
<p>
|
8
|
+
<%= Spree.t('user_mailer.confirmation_instructions.instructions_2') %>
|
9
|
+
</p>
|
10
|
+
<p class="body-action">
|
11
|
+
<a href="<%= @confirmation_url %>" class="button button--green"><%= Spree.t('user_mailer.confirmation_instructions.button') %></a>
|
12
|
+
</p>
|
13
|
+
<p>
|
14
|
+
<%= Spree.t('user_mailer.confirmation_instructions.instructions_3') %>
|
15
|
+
</p>
|
16
|
+
<p>
|
17
|
+
<%= Spree.t('user_mailer.confirmation_instructions.thanks') %>
|
18
|
+
<br />
|
19
|
+
<%= Spree.t('user_mailer.confirmation_instructions.store_team', { store_name: @current_store.name }) %>
|
20
|
+
</p>
|
@@ -1,5 +1,8 @@
|
|
1
|
-
<%= Spree.t('confirmation_instructions.welcome', email: @email) %>
|
2
|
-
|
3
|
-
<%= Spree.t('confirmation_instructions.
|
4
|
-
|
1
|
+
<%= Spree.t('user_mailer.confirmation_instructions.welcome', email: @email) %>
|
2
|
+
<%= Spree.t('user_mailer.confirmation_instructions.instructions_1', { store_name: @current_store.name }) %>
|
3
|
+
<%= Spree.t('user_mailer.confirmation_instructions.instructions_2') %>
|
4
|
+
<%= Spree.t('user_mailer.confirmation_instructions.button') %>
|
5
5
|
<%= @confirmation_url %>
|
6
|
+
<%= Spree.t('user_mailer.confirmation_instructions.instructions_3') %>
|
7
|
+
<%= Spree.t('user_mailer.confirmation_instructions.thanks') %>
|
8
|
+
<%= Spree.t('user_mailer.confirmation_instructions.store_team', { store_name: @current_store.name }) %>
|
@@ -0,0 +1,20 @@
|
|
1
|
+
<h1>
|
2
|
+
<%= Spree.t('user_mailer.reset_password_instructions.welcome', email: @user.email) %>
|
3
|
+
</h1>
|
4
|
+
<p>
|
5
|
+
<%= Spree.t('user_mailer.reset_password_instructions.instructions_1', { store_name: @current_store.name }) %>
|
6
|
+
</p>
|
7
|
+
<p>
|
8
|
+
<%= Spree.t('user_mailer.reset_password_instructions.instructions_2') %>
|
9
|
+
</p>
|
10
|
+
<p class="body-action">
|
11
|
+
<a href="<%= @edit_password_reset_url %>" class="button button--green"><%= Spree.t('user_mailer.reset_password_instructions.button') %></a>
|
12
|
+
</p>
|
13
|
+
<p>
|
14
|
+
<%= Spree.t('user_mailer.reset_password_instructions.instructions_3') %>
|
15
|
+
</p>
|
16
|
+
<p>
|
17
|
+
<%= Spree.t('user_mailer.reset_password_instructions.thanks') %>
|
18
|
+
<br />
|
19
|
+
<%= Spree.t('user_mailer.reset_password_instructions.store_team', { store_name: @current_store.name }) %>
|
20
|
+
</p>
|
@@ -1,5 +1,12 @@
|
|
1
|
-
<%= Spree.t('user_mailer.reset_password_instructions.
|
1
|
+
<%= Spree.t('user_mailer.reset_password_instructions.welcome', email: @user.email) %>
|
2
2
|
|
3
|
+
<%= Spree.t('user_mailer.reset_password_instructions.instructions_1', { store_name: @current_store.name }) %>
|
4
|
+
<%= Spree.t('user_mailer.reset_password_instructions.instructions_2') %>
|
5
|
+
|
6
|
+
<%= Spree.t('user_mailer.reset_password_instructions.button') %>
|
3
7
|
<%= @edit_password_reset_url %>
|
4
8
|
|
5
|
-
<%= Spree.t('user_mailer.reset_password_instructions.
|
9
|
+
<%= Spree.t('user_mailer.reset_password_instructions.instructions_3') %>
|
10
|
+
|
11
|
+
<%= Spree.t('user_mailer.reset_password_instructions.thanks') %>
|
12
|
+
<%= Spree.t('user_mailer.reset_password_instructions.store_team', { store_name: @current_store.name }) %>
|
data/config/locales/de.yml
CHANGED
@@ -3,8 +3,6 @@ de:
|
|
3
3
|
spree:
|
4
4
|
admin_login: Admin Login
|
5
5
|
change_your_password: Kennwort zurücksetzen
|
6
|
-
store_credits:
|
7
|
-
credit_balance: Saldo des Guthabens
|
8
6
|
user_mailer:
|
9
7
|
reset_password_instructions:
|
10
8
|
instructions_1: "Es wurde eine Anfrage zum Zurücksetzen Ihres Passworts gestellt.\nWenn Sie diese Anfrage nicht gestellt haben, ignorieren Sie diese E-Mail.\n\nWenn Sie diese Anfrage gestellt haben, klicken Sie bitte auf den folgenden Link:"
|
data/config/locales/en.yml
CHANGED
@@ -3,18 +3,26 @@ en:
|
|
3
3
|
spree:
|
4
4
|
admin_login: "Admin Login"
|
5
5
|
change_your_password: "Change your password"
|
6
|
-
store_credits:
|
7
|
-
credit_balance: Store Credit Balance
|
8
6
|
user_mailer:
|
9
7
|
reset_password_instructions:
|
10
|
-
|
11
|
-
|
8
|
+
welcome: "Hi %{email}"
|
9
|
+
instructions_1: "A request to reset the password for your %{store_name} account has been made."
|
10
|
+
instructions_2: Click the button below to reset it.
|
11
|
+
instructions_3: If you did not request a password change ignore this email or contact us.
|
12
|
+
button: Reset your password
|
13
|
+
thanks: Thank you,
|
14
|
+
store_team: "%{store_name} Team"
|
12
15
|
confirmation_instructions:
|
13
16
|
welcome: "Welcome %{email}!"
|
14
|
-
|
17
|
+
instructions_1: "Thanks for registering at %{store_name}."
|
18
|
+
instructions_2: "Click the button below to confirm your account:"
|
19
|
+
instructions_3: If you have any questions, feel free to simply reply to this email.
|
20
|
+
button: Confirm email address
|
21
|
+
thanks: Thank you,
|
22
|
+
store_team: "%{store_name} Team"
|
15
23
|
devise:
|
16
24
|
confirmations:
|
17
|
-
confirmed: Your account was successfully confirmed. You
|
25
|
+
confirmed: Your account was successfully confirmed. You can now log in.
|
18
26
|
send_instructions: You will receive an email with instructions about how to confirm your account in a few minutes.
|
19
27
|
spree_user:
|
20
28
|
already_confirmed: Email was already confirmed, please try signing in.
|
data/config/locales/zh-TW.yml
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
class Spree::UsersController < Spree::StoreController
|
2
2
|
before_action :set_current_order, except: :show
|
3
|
+
prepend_before_action :load_object, only: [:show, :edit, :update]
|
3
4
|
prepend_before_action :authorize_actions, only: :new
|
4
5
|
|
5
6
|
include Spree::Core::ControllerHelpers
|
6
7
|
|
7
8
|
def show
|
8
|
-
load_object
|
9
9
|
@orders = @user.orders.complete.order('completed_at desc')
|
10
10
|
end
|
11
11
|
|
@@ -23,12 +23,7 @@ class Spree::UsersController < Spree::StoreController
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
|
-
def edit
|
27
|
-
load_object
|
28
|
-
end
|
29
|
-
|
30
26
|
def update
|
31
|
-
load_object
|
32
27
|
if @user.update(user_params)
|
33
28
|
if params[:user][:password].present?
|
34
29
|
# this logic needed b/c devise wants to log us out after password changes
|
data/lib/spree_auth_devise.rb
CHANGED
@@ -87,9 +87,9 @@ RSpec.feature 'Checkout', :js, type: :feature do
|
|
87
87
|
# The 'plain-text' version is sent in the email and there's one way to get that!
|
88
88
|
reset_password_email = ActionMailer::Base.deliveries.first
|
89
89
|
token_url_regex = /^http:\/\/www.example.com\/user\/spree_user\/password\/edit\?reset_password_token=(.*)$/
|
90
|
-
token = token_url_regex.match(reset_password_email.body.
|
90
|
+
token = token_url_regex.match(reset_password_email.body.encoded)[1]
|
91
91
|
|
92
|
-
visit spree.edit_spree_user_password_path(reset_password_token: token)
|
92
|
+
visit spree.edit_spree_user_password_path(reset_password_token: token).tr("%0D","")
|
93
93
|
fill_in 'Password', with: 'password'
|
94
94
|
fill_in 'Password Confirmation', with: 'password'
|
95
95
|
click_button 'Update'
|
@@ -3,7 +3,7 @@ require 'spec_helper'
|
|
3
3
|
RSpec.feature 'Confirmation', type: :feature, reload_user: true do
|
4
4
|
before do
|
5
5
|
set_confirmable_option(true)
|
6
|
-
Spree::UserMailer.
|
6
|
+
expect(Spree::UserMailer).to receive(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.current.id }).and_return(double(deliver: true))
|
7
7
|
end
|
8
8
|
|
9
9
|
after(:each) { set_confirmable_option(false) }
|
@@ -22,7 +22,7 @@ RSpec.describe Spree::UserMailer, type: :mailer do
|
|
22
22
|
|
23
23
|
context 'body includes' do
|
24
24
|
it 'password reset url' do
|
25
|
-
expect(@message.body.
|
25
|
+
expect(@message.body.encoded).to include "http://#{store.url}/user/spree_user/password/edit"
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|
data/spec/models/user_spec.rb
CHANGED
@@ -68,7 +68,7 @@ RSpec.describe Spree::User, type: :model do
|
|
68
68
|
describe "confirmable", reload_user: true do
|
69
69
|
it "is confirmable if the confirmable option is enabled" do
|
70
70
|
set_confirmable_option(true)
|
71
|
-
Spree::UserMailer.stub(:confirmation_instructions).and_return(double(deliver: true))
|
71
|
+
Spree::UserMailer.stub(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.current.id }).and_return(double(deliver: true))
|
72
72
|
expect(Spree.user_class.devise_modules).to include(:confirmable)
|
73
73
|
set_confirmable_option(false)
|
74
74
|
end
|
data/spree_auth_devise.gemspec
CHANGED
@@ -3,28 +3,33 @@
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.platform = Gem::Platform::RUBY
|
5
5
|
s.name = 'spree_auth_devise'
|
6
|
-
s.version = '4.
|
6
|
+
s.version = '4.3.0'
|
7
7
|
s.summary = 'Provides authentication and authorization services for use with Spree by using Devise and CanCan.'
|
8
8
|
s.description = s.summary
|
9
9
|
|
10
10
|
s.required_ruby_version = '>= 2.5.0'
|
11
11
|
|
12
|
-
s.
|
13
|
-
s.email = '
|
12
|
+
s.authors = ['Sean Schofield', 'Spark Solutions']
|
13
|
+
s.email = 'hello@spreecommerce.org'
|
14
14
|
s.homepage = 'https://spreecommerce.org'
|
15
15
|
s.license = 'BSD-3-Clause'
|
16
16
|
|
17
|
+
s.metadata = {
|
18
|
+
"bug_tracker_uri" => "https://github.com/spree/spree_auth_devise/issues",
|
19
|
+
"changelog_uri" => "https://github.com/spree/spree_auth_devise/releases/tag/v#{s.version}",
|
20
|
+
"documentation_uri" => "https://guides.spreecommerce.org/",
|
21
|
+
"source_code_uri" => "https://github.com/spree/spree_auth_devise/tree/v#{s.version}",
|
22
|
+
}
|
23
|
+
|
17
24
|
s.files = `git ls-files`.split("\n")
|
18
25
|
s.test_files = `git ls-files -- spec/*`.split("\n")
|
19
26
|
s.require_path = 'lib'
|
20
27
|
s.requirements << 'none'
|
21
28
|
|
22
|
-
s.add_dependency 'deface', '~> 1.0'
|
23
|
-
|
24
29
|
s.add_dependency 'devise', '~> 4.7'
|
25
30
|
s.add_dependency 'devise-encryptable', '0.2.0'
|
26
31
|
|
27
|
-
spree_version = '>= 4.1', '<
|
32
|
+
spree_version = '>= 4.1', '< 5.0'
|
28
33
|
s.add_dependency 'spree_core', spree_version
|
29
34
|
s.add_dependency 'spree_extension'
|
30
35
|
|
metadata
CHANGED
@@ -1,29 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spree_auth_devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sean Schofield
|
8
|
+
- Spark Solutions
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain: []
|
11
|
-
date: 2021-
|
12
|
+
date: 2021-01-14 00:00:00.000000000 Z
|
12
13
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: deface
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '1.0'
|
20
|
-
type: :runtime
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '1.0'
|
27
14
|
- !ruby/object:Gem::Dependency
|
28
15
|
name: devise
|
29
16
|
requirement: !ruby/object:Gem::Requirement
|
@@ -61,7 +48,7 @@ dependencies:
|
|
61
48
|
version: '4.1'
|
62
49
|
- - "<"
|
63
50
|
- !ruby/object:Gem::Version
|
64
|
-
version: '
|
51
|
+
version: '5.0'
|
65
52
|
type: :runtime
|
66
53
|
prerelease: false
|
67
54
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -71,7 +58,7 @@ dependencies:
|
|
71
58
|
version: '4.1'
|
72
59
|
- - "<"
|
73
60
|
- !ruby/object:Gem::Version
|
74
|
-
version: '
|
61
|
+
version: '5.0'
|
75
62
|
- !ruby/object:Gem::Dependency
|
76
63
|
name: spree_extension
|
77
64
|
requirement: !ruby/object:Gem::Requirement
|
@@ -102,7 +89,7 @@ dependencies:
|
|
102
89
|
version: '0'
|
103
90
|
description: Provides authentication and authorization services for use with Spree
|
104
91
|
by using Devise and CanCan.
|
105
|
-
email:
|
92
|
+
email: hello@spreecommerce.org
|
106
93
|
executables: []
|
107
94
|
extensions: []
|
108
95
|
extra_rdoc_files: []
|
@@ -127,10 +114,11 @@ files:
|
|
127
114
|
- app/mailers/spree/user_mailer.rb
|
128
115
|
- app/models/spree/auth_configuration.rb
|
129
116
|
- app/models/spree/user.rb
|
130
|
-
- app/overrides/spree/admin/shared/_header/auth_admin_login_navigation_bar.html.erb.deface
|
131
117
|
- app/services/spree/account/create.rb
|
132
118
|
- app/services/spree/account/update.rb
|
119
|
+
- app/views/spree/user_mailer/confirmation_instructions.html.erb
|
133
120
|
- app/views/spree/user_mailer/confirmation_instructions.text.erb
|
121
|
+
- app/views/spree/user_mailer/reset_password_instructions.html.erb
|
134
122
|
- app/views/spree/user_mailer/reset_password_instructions.text.erb
|
135
123
|
- app/views/spree/user_passwords/edit.html.erb
|
136
124
|
- app/views/spree/user_passwords/new.html.erb
|
@@ -221,7 +209,6 @@ files:
|
|
221
209
|
- spec/models/user_spec.rb
|
222
210
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
223
211
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
224
|
-
- spec/requests/spree/frontend/user_update_spec.rb
|
225
212
|
- spec/spec_helper.rb
|
226
213
|
- spec/support/ability.rb
|
227
214
|
- spec/support/configuration_helpers.rb
|
@@ -232,7 +219,11 @@ files:
|
|
232
219
|
homepage: https://spreecommerce.org
|
233
220
|
licenses:
|
234
221
|
- BSD-3-Clause
|
235
|
-
metadata:
|
222
|
+
metadata:
|
223
|
+
bug_tracker_uri: https://github.com/spree/spree_auth_devise/issues
|
224
|
+
changelog_uri: https://github.com/spree/spree_auth_devise/releases/tag/v4.3.0
|
225
|
+
documentation_uri: https://guides.spreecommerce.org/
|
226
|
+
source_code_uri: https://github.com/spree/spree_auth_devise/tree/v4.3.0
|
236
227
|
post_install_message:
|
237
228
|
rdoc_options: []
|
238
229
|
require_paths:
|
@@ -285,7 +276,6 @@ test_files:
|
|
285
276
|
- spec/models/user_spec.rb
|
286
277
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
287
278
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
288
|
-
- spec/requests/spree/frontend/user_update_spec.rb
|
289
279
|
- spec/spec_helper.rb
|
290
280
|
- spec/support/ability.rb
|
291
281
|
- spec/support/configuration_helpers.rb
|
@@ -1,42 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.feature 'User update', type: :request do
|
4
|
-
context 'CSRF protection' do
|
5
|
-
%i[exception reset_session null_session].each do |strategy|
|
6
|
-
# Completely clean the configuration of forgery protection for the
|
7
|
-
# controller and reset it after the expectations. However, besides `:with`,
|
8
|
-
# the options given to `protect_from_forgery` are processed on the fly.
|
9
|
-
# I.e., there's no way to retain them. The initial setup corresponds to the
|
10
|
-
# dummy application, which uses the default Rails skeleton in that regard.
|
11
|
-
# So, if at some point Rails changed the given options, we should update it
|
12
|
-
# here.
|
13
|
-
around do |example|
|
14
|
-
controller = Spree::UsersController
|
15
|
-
old_allow_forgery_protection_value = controller.allow_forgery_protection
|
16
|
-
old_forgery_protection_strategy = controller.forgery_protection_strategy
|
17
|
-
controller.skip_forgery_protection
|
18
|
-
controller.allow_forgery_protection = true
|
19
|
-
controller.protect_from_forgery with: strategy
|
20
|
-
|
21
|
-
example.run
|
22
|
-
|
23
|
-
controller.allow_forgery_protection = old_allow_forgery_protection_value
|
24
|
-
controller.forgery_protection_strategy = old_forgery_protection_strategy
|
25
|
-
end
|
26
|
-
|
27
|
-
it "is not possible to take account over with the #{strategy} forgery protection strategy" do
|
28
|
-
user = create(:user, email: 'legit@mail.com', password: 'password')
|
29
|
-
|
30
|
-
post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
|
31
|
-
begin
|
32
|
-
put '/users/123456', params: 'user[email]=hacked@example.com'
|
33
|
-
rescue
|
34
|
-
# testing that the account is not compromised regardless of any raised
|
35
|
-
# exception
|
36
|
-
end
|
37
|
-
|
38
|
-
expect(user.reload.email).to eq('legit@mail.com')
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|