spree_auth_devise 4.3.2 → 4.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 632dbf0ba8467163e8cff132261a9173f5c4a9b9b670c3e93599d66bb07575a1
-  data.tar.gz: 2e400ddce6368507961c686f4e094eb9c09ab47ebb8ecd97ade3c1f425e5ce5d
+  metadata.gz: 565373eb7dea3f9d8862356201ff23400aae3c29f5b77114d223de0f146f4dda
+  data.tar.gz: '05666786abb74456941e152e4217e10e9bd26ac8f10655a069ad499c39410352'
 SHA512:
-  metadata.gz: b07a757183970dc752ad4187daf50acca0783f1914ee4f0ed99a68f533a5e98ee5525dac009bd509760f70c74577f3f6de0d3acf30060bd4319f1b24a495bd02
-  data.tar.gz: 1c0fb11dbf07ed2c308a7bd693118254a933c5204e535d0765958679ae6576a098f71671eb18c42b7943e7b1fd18af32eaf1b8273664090e6a8e7dd625a804b6
+  metadata.gz: 89bfa5e3bbf864449b1937682af334f85201f484f23360d5dc40834a9a0d31999c06380531eb883f547dfe34e1df8072fb45c4707918d3eeeefc972649af8438
+  data.tar.gz: 39c55713494bd990c1cb8a7ff5f978227e8e62136564ae76c7f840b3028dcf30d86b8f6f2e94d52397aab7a66c2b0dc96804c4e3cd0b65454b9cd89a64c7a129

data/.gem_release.yml

@@ -0,0 +1,2 @@
+bump:
+  file: 'lib/spree/auth/version.rb'

data/.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: pry
+    versions:
+    - 0.14.0

data/.travis.yml

@@ -11,6 +11,7 @@ addons:
 services:
   - mysql
   - postgresql
+  - redis-server
 
 language: ruby
 
@@ -22,17 +23,6 @@ env:
   - DB=mysql
   - DB=postgres
 
-gemfile:
-  - gemfiles/spree_4_1.gemfile
-  - gemfiles/spree_master.gemfile
-
-jobs:
-  exclude:
-  - rvm: 3.0
-    gemfile: gemfiles/spree_4_1.gemfile
-  allow_failures:
-  - gemfile: gemfiles/spree_master.gemfile
-
 before_install:
   - mysql -u root -e "GRANT ALL ON *.* TO 'travis'@'%';"
 

data/Gemfile

@@ -1,6 +1,10 @@
 source 'https://rubygems.org'
 
 gem 'rails-controller-testing'
-gem 'spree', github: 'spree/spree', branch: 'master'
+gem 'spree', '~> 4.3.0'
+gem 'spree_backend', '~> 4.3.0'
+gem 'spree_frontend', '~> 4.3.0'
+gem 'spree_emails', '~> 4.3.0'
 
+gem 'pry', '~> 0.14.1'
 gemspec

data/README.md

@@ -1,6 +1,6 @@
 # Spree Auth (Devise)
 
-[![Build Status](https://travis-ci.org/spree/spree_auth_devise.svg?branch=master)](https://travis-ci.org/spree/spree_auth_devise)
+[![Build Status](https://travis-ci.com/spree/spree_auth_devise.svg?branch=main)](https://travis-ci.org/spree/spree_auth_devise)
 [![Code Climate](https://codeclimate.com/github/spree/spree_auth_devise/badges/gpa.svg)](https://codeclimate.com/github/spree/spree_auth_devise)
 
 Provides authentication services for [Spree](https://spreecommerce.org), using the [Devise](https://github.com/plataformatec/devise) gem.

data/app/mailers/spree/user_mailer.rb

@@ -1,5 +1,5 @@
 module Spree
-  class UserMailer < BaseMailer
+  class UserMailer < defined?(Spree::BaseMailer) ? Spree::BaseMailer : ActionMailer::Base
     def reset_password_instructions(user, token, *_args)
       current_store_id = _args.inject(:merge)[:current_store_id]
       @current_store = Spree::Store.find(current_store_id) || Spree::Store.current
@@ -8,16 +8,16 @@ module Spree
       @edit_password_reset_url = spree.edit_spree_user_password_url(reset_password_token: token, host: @current_store.url)
       @user = user
 
-      mail to: user.email, from: from_address, subject: @current_store.name + ' ' + I18n.t(:subject, scope: [:devise, :mailer, :reset_password_instructions]), store_url: @current_store.url
+      mail to: user.email, from: @current_store.mail_from_address, subject: @current_store.name + ' ' + I18n.t(:subject, scope: [:devise, :mailer, :reset_password_instructions]), store_url: @current_store.url
     end
 
     def confirmation_instructions(user, token, _opts = {})
       current_store_id = _opts[:current_store_id]
       @current_store = Spree::Store.find(current_store_id) || Spree::Store.current
-      @confirmation_url = spree_user_confirmation_url(confirmation_token: token, host: Spree::Store.current.url)
+      @confirmation_url = spree.confirmation_url(confirmation_token: token, host: Spree::Store.current.url)
       @email = user.email
 
-      mail to: user.email, from: from_address, subject: @current_store.name + ' ' + I18n.t(:subject, scope: [:devise, :mailer, :confirmation_instructions]), store_url: @current_store.url
+      mail to: user.email, from: @current_store.mail_from_address, subject: @current_store.name + ' ' + I18n.t(:subject, scope: [:devise, :mailer, :confirmation_instructions]), store_url: @current_store.url
     end
   end
 end

data/app/models/spree/user.rb

@@ -48,7 +48,7 @@ module Spree
       end
 
       opts = pending_reconfirmation? ? { to: unconfirmed_email } : {}
-      opts[:current_store_id] = current_store.id
+      opts[:current_store_id] = current_store&.id || Spree::Store.default.id
       send_devise_notification(:confirmation_instructions, @raw_confirmation_token, opts)
     end
 
@@ -71,6 +71,10 @@ module Spree
 
     protected
 
+    def send_on_create_confirmation_instructions(current_store = nil)
+      send_confirmation_instructions(current_store || Spree::Store.default)
+    end
+
     def password_required?
       !persisted? || password.present? || password_confirmation.present?
     end

data/config/initializers/warden.rb

@@ -3,7 +3,7 @@ Warden::Manager.after_set_user except: :fetch do |user, auth, _opts|
   token = auth.cookies.signed[:guest_token] || auth.cookies.signed[:token]
   token_attr = Spree::Order.has_attribute?(:token) ? :token : :guest_token
 
-  if token.present? && user.is_a?(Spree::User)
+  if token.present? && user.is_a?(Spree.user_class)
     Spree::Order.incomplete.where(token_attr => token, user_id: nil).each do |order|
       order.associate_user!(user)
     end

data/config/routes.rb

@@ -21,7 +21,7 @@ Spree::Core::Engine.add_routes do
     post '/password/recover' => 'user_passwords#create', :as => :reset_password
     get '/password/change' => 'user_passwords#edit', :as => :edit_password
     put '/password/change' => 'user_passwords#update', :as => :update_password
-    get '/confirm' => 'user_confirmations#show', :as => :confirmation if Spree::Auth::Config[:confirmable]
+    get '/confirm' => 'user_confirmations#show', :as => :confirmation
   end
 
   get '/checkout/registration' => 'checkout#registration', :as => :checkout_registration
@@ -42,6 +42,8 @@ Spree::Core::Engine.add_routes do
       get '/login' => 'user_sessions#new', :as => :login
       post '/login' => 'user_sessions#create', :as => :create_new_session
       get '/logout' => 'user_sessions#destroy', :as => :logout
+      get '/password/recover' => 'user_passwords#new', :as => :recover_password
+      post '/password/recover' => 'user_passwords#create', :as => :reset_password
     end
   end
 

data/db/migrate/20210728103922_change_type_of_ship_address_id_and_bill_address_id_for_spree_users.rb

@@ -0,0 +1,8 @@
+class ChangeTypeOfShipAddressIdAndBillAddressIdForSpreeUsers < ActiveRecord::Migration[4.2]
+  def change
+    change_table(:spree_users) do |t|
+      t.change :ship_address_id, :bigint
+      t.change :bill_address_id, :bigint
+    end
+  end
+end

data/lib/controllers/backend/spree/admin/user_sessions_controller.rb

@@ -14,7 +14,7 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
     if spree_user_signed_in?
       respond_to do |format|
         format.html {
-          flash[:success] = Spree.t(:logged_in_succesfully)
+          flash[:success] = Spree.t(:logged_in_successfully)
           redirect_back_or_default(after_sign_in_path_for(spree_current_user))
         }
         format.js {
@@ -59,4 +59,20 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
       "spree/layouts/admin"
     end
   end
+
+  def respond_to_on_destroy
+    # We actually need to hardcode this as Rails default responder doesn't
+    # support returning empty response on GET request
+    respond_to do |format|
+      format.all { head :no_content }
+      format.any(*navigational_formats) { redirect_to after_sign_out_redirect(resource_name) }
+    end
+  end
+
+  def after_sign_out_redirect(resource_or_scope)
+    scope = Devise::Mapping.find_scope!(resource_or_scope)
+    router_name = Devise.mappings[scope].router_name
+    context = router_name ? send(router_name) : self
+    context.respond_to?(:admin_login_path) ? context.admin_login_path : "/"
+  end
 end

data/{app/controllers → lib/controllers/frontend}/spree/user_confirmations_controller.rb

@@ -6,13 +6,16 @@ class Spree::UserConfirmationsController < Devise::ConfirmationsController
   include Spree::Core::ControllerHelpers::Order
   include Spree::Core::ControllerHelpers::Store
 
-  if defined?(Spree::Core::ControllerHelpers::Currency)
-    include Spree::Core::ControllerHelpers::Currency
-  end
+  include SpreeI18n::ControllerLocaleHelper if defined?(SpreeI18n::ControllerLocaleHelper)
 
-  if defined?(Spree::Core::ControllerHelpers::Locale)
-    include Spree::Core::ControllerHelpers::Locale
-  end
+  include Spree::Core::ControllerHelpers::Currency if defined?(Spree::Core::ControllerHelpers::Currency)
+  include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
+
+  include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
+
+  helper 'spree/locale' if defined?(Spree::LocaleHelper)
+  helper 'spree/currency' if defined?(Spree::CurrencyHelper)
+  helper 'spree/store' if defined?(Spree::StoreHelper)
 
   before_action :set_current_order
 

data/{app/controllers → lib/controllers/frontend}/spree/user_passwords_controller.rb

@@ -6,17 +6,16 @@ class Spree::UserPasswordsController < Devise::PasswordsController
   include Spree::Core::ControllerHelpers::Order
   include Spree::Core::ControllerHelpers::Store
 
-  if defined?(Spree::Core::ControllerHelpers::Currency)
-    include Spree::Core::ControllerHelpers::Currency
-  end
+  include SpreeI18n::ControllerLocaleHelper if defined?(SpreeI18n::ControllerLocaleHelper)
 
-  if defined?(Spree::Core::ControllerHelpers::Locale)
-    include Spree::Core::ControllerHelpers::Locale
-  end
+  include Spree::Core::ControllerHelpers::Currency if defined?(Spree::Core::ControllerHelpers::Currency)
+  include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
 
-  if defined?(SpreeI18n::ControllerLocaleHelper)
-    include SpreeI18n::ControllerLocaleHelper
-  end
+  include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
+
+  helper 'spree/locale' if defined?(Spree::LocaleHelper)
+  helper 'spree/currency' if defined?(Spree::CurrencyHelper)
+  helper 'spree/store' if defined?(Spree::StoreHelper)
 
   before_action :set_current_order
 

data/{app/controllers → lib/controllers/frontend}/spree/user_registrations_controller.rb

@@ -6,17 +6,16 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
   include Spree::Core::ControllerHelpers::Order
   include Spree::Core::ControllerHelpers::Store
 
-  if defined?(Spree::Core::ControllerHelpers::Currency)
-    include Spree::Core::ControllerHelpers::Currency
-  end
+  include SpreeI18n::ControllerLocaleHelper if defined?(SpreeI18n::ControllerLocaleHelper)
 
-  if defined?(Spree::Core::ControllerHelpers::Locale)
-    include Spree::Core::ControllerHelpers::Locale
-  end
+  include Spree::Core::ControllerHelpers::Currency if defined?(Spree::Core::ControllerHelpers::Currency)
+  include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
 
-  if defined?(SpreeI18n::ControllerLocaleHelper)
-    include SpreeI18n::ControllerLocaleHelper
-  end
+  include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
+
+  helper 'spree/locale' if defined?(Spree::LocaleHelper)
+  helper 'spree/currency' if defined?(Spree::CurrencyHelper)
+  helper 'spree/store' if defined?(Spree::StoreHelper)
 
   before_action :check_permissions, only: [:edit, :update]
   before_action :set_current_order

data/{app/controllers → lib/controllers/frontend}/spree/user_sessions_controller.rb

@@ -6,17 +6,16 @@ class Spree::UserSessionsController < Devise::SessionsController
   include Spree::Core::ControllerHelpers::Order
   include Spree::Core::ControllerHelpers::Store
 
-  if defined?(Spree::Core::ControllerHelpers::Currency)
-    include Spree::Core::ControllerHelpers::Currency
-  end
+  include SpreeI18n::ControllerLocaleHelper if defined?(SpreeI18n::ControllerLocaleHelper)
 
-  if defined?(Spree::Core::ControllerHelpers::Locale)
-    include Spree::Core::ControllerHelpers::Locale
-  end
+  include Spree::Core::ControllerHelpers::Currency if defined?(Spree::Core::ControllerHelpers::Currency)
+  include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
 
-  if defined?(SpreeI18n::ControllerLocaleHelper)
-    include SpreeI18n::ControllerLocaleHelper
-  end
+  include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
+
+  helper 'spree/locale' if defined?(Spree::LocaleHelper)
+  helper 'spree/currency' if defined?(Spree::CurrencyHelper)
+  helper 'spree/store' if defined?(Spree::StoreHelper)
 
   before_action :set_current_order
 
@@ -26,7 +25,7 @@ class Spree::UserSessionsController < Devise::SessionsController
     if spree_user_signed_in?
       respond_to do |format|
         format.html {
-          flash[:success] = Spree.t(:logged_in_succesfully)
+          flash[:success] = Spree.t(:logged_in_successfully)
           redirect_back_or_default(after_sign_in_redirect(spree_current_user))
         }
         format.js {
@@ -66,7 +65,7 @@ class Spree::UserSessionsController < Devise::SessionsController
   end
 
   def after_sign_in_redirect(resource_or_scope)
-    stored_location_for(resource_or_scope) || account_path
+    stored_location_for(resource_or_scope) || spree.account_path
   end
 
   def respond_to_on_destroy
@@ -82,6 +81,6 @@ class Spree::UserSessionsController < Devise::SessionsController
     scope = Devise::Mapping.find_scope!(resource_or_scope)
     router_name = Devise.mappings[scope].router_name
     context = router_name ? send(router_name) : self
-    context.respond_to?(:login_path) ? context.login_path : "/"
+    context.respond_to?(:login_path) ? context.login_path : spree.root_path
   end
 end

data/lib/controllers/frontend/spree/users_controller.rb

@@ -1,12 +1,16 @@
 class Spree::UsersController < Spree::StoreController
   before_action :set_current_order, except: :show
-  prepend_before_action :load_object, only: [:show, :edit, :update]
   prepend_before_action :authorize_actions, only: :new
 
   include Spree::Core::ControllerHelpers
 
   def show
-    @orders = @user.orders.complete.order('completed_at desc')
+    load_object
+    @orders = @user.orders.for_store(current_store).complete.order('completed_at desc')
+  end
+
+  def edit
+    load_object
   end
 
   def create
@@ -24,6 +28,7 @@ class Spree::UsersController < Spree::StoreController
   end
 
   def update
+    load_object
     if @user.update(user_params)
       if params[:user][:password].present?
         # this logic needed b/c devise wants to log us out after password changes
@@ -34,7 +39,7 @@ class Spree::UsersController < Spree::StoreController
           bypass_sign_in(@user)
         end
       end
-      redirect_to spree.account_url, notice: Spree.t(:account_updated)
+      redirect_to spree.account_path, notice: Spree.t(:account_updated)
     else
       render :edit
     end

data/lib/spree/auth/engine.rb

@@ -12,7 +12,7 @@ module Spree
       end
 
       initializer "spree_auth_devise.set_user_class", after: :load_config_initializers do
-        Spree.user_class = "Spree::User"
+        Spree.user_class = 'Spree::User' if Spree.user_class.blank? || Spree.user_class.to_s == 'Spree::LegacyUser'
       end
 
       initializer "spree_auth_devise.check_secret_token" do
@@ -29,19 +29,11 @@ module Spree
           Rails.configuration.cache_classes ? require(c) : load(c)
         end
         if Spree::Auth::Engine.backend_available?
-          Rails.application.config.assets.precompile += [
-            'lib/assets/javascripts/spree/backend/spree_auth.js',
-            'lib/assets/javascripts/spree/backend/spree_auth.css'
-          ]
           Dir.glob(File.join(File.dirname(__FILE__), "../../controllers/backend/*/*/*_decorator*.rb")) do |c|
             Rails.configuration.cache_classes ? require(c) : load(c)
           end
         end
         if Spree::Auth::Engine.frontend_available?
-          Rails.application.config.assets.precompile += [
-            'lib/assets/javascripts/spree/frontend/spree_auth.js',
-            'lib/assets/javascripts/spree/frontend/spree_auth.css'
-          ]
           Dir.glob(File.join(File.dirname(__FILE__), "../../controllers/frontend/**/*_decorator*.rb")) do |c|
             Rails.configuration.cache_classes ? require(c) : load(c)
           end

data/lib/spree/auth/version.rb

@@ -0,0 +1,9 @@
+module Spree
+  module Auth
+    VERSION = '4.4.1'.freeze
+
+    def gem_version
+      Gem::Version.new(VERSION)
+    end
+  end
+end

data/lib/spree/testing_support/auth_helpers.rb

@@ -1,34 +1,42 @@
 module Spree
   module TestingSupport
     module AuthHelpers
-      def log_in(email:, password:, remember_me: true)
-        visit spree.login_path
+      def login_button
+        Spree.version.to_f == 4.1 ? Spree.t(:log_in) : Spree.t(:login)
+      end
+
+      def logout_button
+        Spree.version.to_f == 4.1 ? Spree.t('nav_bar.log_out') : Spree.t(:logout).upcase
+      end
+
+      def log_in(email:, password:, remember_me: true, locale: nil)
+        visit spree.login_path(locale: locale)
 
-        fill_in 'Email', with: email
-        fill_in 'Password', with: password
+        fill_in Spree.t(:email), with: email
+        fill_in Spree.t(:password), with: password
 
         # Regression test for #1257
-        first('label', text: 'Remember me').click if remember_me
-        click_button 'Log in'
+        first('label', text: Spree.t(:remember_me)).click if remember_me
+        click_button login_button
 
-        expect(page).to have_content 'Logged in successfully'
+        expect(page).to have_content Spree.t(:logged_in_successfully)
       end
 
       def log_out
         show_user_menu
-        click_link 'LOG OUT'
+        click_link logout_button
 
         expect(page).to have_content 'Signed out successfully'
       end
 
       def show_user_menu
-        find("button[aria-label='Show user menu']").click
+        find("button[aria-label='#{Spree.t('nav_bar.show_user_menu')}']").click
       end
 
       def show_user_account
         within '#nav-bar' do
           show_user_menu
-          click_link 'MY ACCOUNT'
+          click_link Spree.t(:my_account).upcase
         end
       end
     end

data/lib/views/backend/spree/admin/user_sessions/new.html.erb

@@ -24,7 +24,7 @@
             <% end %>  
           </div>
           <div class="col-lg-6 text-right">
-            <%= link_to Spree.t(:forgot_password), spree.recover_password_path %>
+            <%= link_to Spree.t(:forgot_password), spree.admin_recover_password_path %>
           </div>  
         </div>      
       </div>

data/spec/controllers/spree/user_sessions_controller_spec.rb

@@ -137,7 +137,7 @@ RSpec.describe Spree::UserSessionsController, type: :controller do
           request.cookie_jar.signed[:guest_token] = 'ABC'
           request.cookie_jar.signed[:token] = 'DEF'
         end
-          
+
         it 'assigns the correct token attribute for the order' do 
           if Spree.version.to_f > 3.6
             order = create(:order, email: user.email, token: 'ABC', user_id: nil, created_by_id: nil)
@@ -157,6 +157,18 @@ RSpec.describe Spree::UserSessionsController, type: :controller do
           post :create, params: { spree_user: { email: user.email, password: 'secret' }}
           expect(response).to redirect_to spree.account_path
         end
+
+        context 'different locale' do
+          before do
+            Spree::Store.default.update(default_locale: 'en', supported_locales: 'en,fr') if Spree.version.to_f >= 4.2
+          end
+
+          it 'redirects to localized account path after signing in' do
+            skip if Spree.version.to_f < 4.2
+            post :create, params: { spree_user: { email: user.email, password: 'secret' }, locale: 'fr' }
+            expect(response).to redirect_to spree.account_path(locale: 'fr')
+          end
+        end
       end
 
       context "and js format is used" do

data/spec/controllers/spree/users_controller_spec.rb

@@ -25,7 +25,7 @@ RSpec.describe Spree::UsersController, type: :controller do
       it 'performs update' do
         put :update, params: { user: { email: 'mynew@email-address.com' } }
         expect(assigns[:user].email).to eq 'mynew@email-address.com'
-        expect(response).to redirect_to spree.account_url(only_path: true)
+        expect(response).to redirect_to spree.account_path
       end
     end
 

data/spec/features/account_spec.rb

@@ -10,7 +10,7 @@ RSpec.feature 'Accounts', type: :feature do
 
       fill_in 'Email', with: user.email
       fill_in 'Password', with: user.password
-      click_button 'Log in'
+      click_button login_button
 
       show_user_account
       expect(page).to have_text 'admin@person.com'
@@ -43,7 +43,7 @@ RSpec.feature 'Accounts', type: :feature do
 
       fill_in 'Email', with: user.email
       fill_in 'Password', with: user.password
-      click_button 'Log in'
+      click_button login_button
 
       show_user_account
       expect(page).to have_text 'email@person.com'

data/spec/features/admin/orders_spec.rb

@@ -1,6 +1,7 @@
 RSpec.feature 'Admin orders', type: :feature do
   background do
-    sign_in_as! create(:admin_user)
+    user = create(:admin_user)
+    log_in email: user.email, password: user.password
   end
 
   # Regression #203
@@ -15,7 +16,8 @@ RSpec.feature 'Admin orders', type: :feature do
 
   # Regression #203
   scenario 'can not edit orders' do
-    expect { visit spree.edit_admin_order_path('nodata') }.to raise_error(ActiveRecord::RecordNotFound)
+    visit spree.edit_admin_order_path('nodata')
+    expect(page).to have_text('Order is not found')
   end
 
   # Regression #203

data/spec/features/admin/sign_in_spec.rb

@@ -13,8 +13,8 @@ RSpec.feature 'Admin - Sign In', type: :feature do
     log_in(email: @user.email, password: 'secret')
     show_user_menu
 
-    expect(page).not_to have_text 'Login'
-    expect(page).to have_text 'LOG OUT'
+    expect(page).not_to have_text login_button.upcase
+    expect(page).to have_text logout_button.upcase
     expect(current_path).to eq '/account'
   end
 
@@ -33,9 +33,10 @@ RSpec.feature 'Admin - Sign In', type: :feature do
 
     fill_in 'Email', with: user.email
     fill_in 'Password', with: 'secret'
-    click_button 'Log in'
+    click_button login_button
+
     if Spree.version.to_f > 4.1
-      within '.navbar .dropdown-menu' do
+      within '.navbar .dropdown-menu-right' do
         expect(page).to have_text 'admin@person.com'
       end
     else

data/spec/features/admin/sign_out_spec.rb

@@ -9,13 +9,13 @@ RSpec.feature 'Admin - Sign Out', type: :feature do
     fill_in 'Password', with: 'secret'
     # Regression test for #1257
     check 'Remember me'
-    click_button 'Login'
+    click_button Spree.t(:login)
   end
 
   scenario 'allows a signed in user to logout', js: true do
     log_out
     visit spree.admin_login_path
-    expect(page).to have_button 'Login'
-    expect(page).not_to have_text 'Logout'
+    expect(page).to have_button Spree.t(:login)
+    expect(page).not_to have_text Spree.t(:logout)
   end
 end

data/spec/features/admin_permissions_spec.rb

@@ -7,7 +7,7 @@ RSpec.feature 'Admin Permissions', type: :feature do
 
       fill_in 'Email', with: user.email
       fill_in 'Password', with: user.password
-      click_button 'Log in'
+      click_button login_button
     end
 
     context 'admin is restricted from accessing orders' do

data/spec/features/checkout_spec.rb

@@ -55,7 +55,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
       visit spree.login_path
       fill_in 'Email', with: user.email
       fill_in 'Password', with: user.password
-      click_button 'Log in'
+      click_button login_button
       expect(page).to have_text('Logged in successfully')
       find('a.cart-icon').click
 
@@ -89,7 +89,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
       token_url_regex = /^http:\/\/www.example.com\/user\/spree_user\/password\/edit\?reset_password_token=(.*)$/
       token = token_url_regex.match(reset_password_email.body.encoded)[1]
 
-      visit spree.edit_spree_user_password_path(reset_password_token: token).tr("%0D","")
+      visit spree.edit_spree_user_password_path(reset_password_token: token.strip).tr("%0D","")
       fill_in 'Password', with: 'password'
       fill_in 'Password Confirmation', with: 'password'
       click_button 'Update'

data/spec/features/confirmation_spec.rb

@@ -1,13 +1,10 @@
 require 'spec_helper'
 
-RSpec.feature 'Confirmation', type: :feature, reload_user: true do
+RSpec.feature 'Confirmation', type: :feature, confirmable: true do
   before do
-    set_confirmable_option(true)
     expect(Spree::UserMailer).to receive(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.current.id }).and_return(double(deliver: true))
   end
 
-  after(:each) { set_confirmable_option(false) }
-
   background do
     ActionMailer::Base.default_url_options[:host] = 'http://example.com'
   end

data/spec/features/order_spec.rb

@@ -17,7 +17,7 @@ RSpec.feature 'Orders', :js, type: :feature do
       visit spree.login_path
       fill_in 'Email', with: user.email
       fill_in 'Password', with: user.password
-      click_button 'Log in'
+      click_button login_button
 
       visit spree.cart_path
       expect(page).to have_text 'RoR Mug'
@@ -29,7 +29,7 @@ RSpec.feature 'Orders', :js, type: :feature do
       visit spree.login_path
       fill_in 'Email', with: user.email
       fill_in 'Password', with: user.password
-      click_button 'Log in'
+      click_button login_button
 
       # Order should have been merged with first session
       visit spree.cart_path

data/spec/features/sign_in_spec.rb

@@ -13,15 +13,15 @@ RSpec.feature 'Sign In', type: :feature do
     log_in(email: @user.email, password: @user.password)
     show_user_menu
 
-    expect(page).not_to have_text 'Login'
-    expect(page).to have_text 'LOG OUT'
+    expect(page).not_to have_text login_button.upcase
+    expect(page).to have_text logout_button.upcase
     expect(current_path).to eq '/account'
   end
 
   scenario 'show validation erros' do
     fill_in 'Email', with: @user.email
     fill_in 'Password', with: 'wrong_password'
-    click_button 'Log in'
+    click_button login_button
 
     expect(page).to have_text 'Invalid email or password'
     expect(page).to have_text 'Log in'
@@ -33,13 +33,14 @@ RSpec.feature 'Sign In', type: :feature do
 
     fill_in 'Email', with: user.email
     fill_in 'Password', with: user.password
-    click_button 'Log in'
 
     if Spree.version.to_f > 4.1
-      within '.navbar .dropdown-menu' do
+      click_button login_button
+      within '.navbar .dropdown-menu-right' do
         expect(page).to have_text 'admin@person.com'
       end
     else
+      click_button login_button
       within '.user-menu' do
         expect(page).to have_text 'admin@person.com'
       end
@@ -51,7 +52,29 @@ RSpec.feature 'Sign In', type: :feature do
     visit spree.account_path
     fill_in 'Email', with: @user.email
     fill_in 'Password', with: @user.password
-    click_button 'Log in'
+    click_button login_button
     expect(current_path).to eq '/account'
   end
+
+  context 'localized' do
+    before do
+      if Spree.version.to_f >= 4.2
+        add_french_locales
+        Spree::Store.default.update(default_locale: 'en', supported_locales: 'en,fr')
+        I18n.locale = :fr
+      end
+    end
+
+    after { I18n.locale = :en }
+
+    scenario 'let a user sign in successfully', js: true do
+      skip if Spree.version.to_f < 4.2
+      log_in(email: @user.email, password: @user.password, locale: 'fr')
+      show_user_menu
+
+      expect(page).not_to have_text Spree.t(:login).upcase
+      expect(page).to have_text Spree.t(:logout).upcase
+      expect(current_url).to match(/\/account\?locale\=fr$/)
+    end
+  end
 end

data/spec/features/sign_out_spec.rb

@@ -16,8 +16,8 @@ RSpec.feature 'Sign Out', type: :feature, js: true do
     visit spree.root_path
     show_user_menu
 
-    expect(page).to have_link 'LOG IN'
-    expect(page).not_to have_link 'LOG OUT'
+    expect(page).to have_link login_button.upcase
+    expect(page).not_to have_link logout_button.upcase
   end
 
   describe 'before_logout' do

data/spec/models/user_spec.rb

@@ -27,6 +27,33 @@ RSpec.describe Spree::User, type: :model do
     end
   end
 
+  describe 'validations' do
+    context 'email' do
+      let(:user) { build(:user, email: nil) }
+
+      it 'cannot be empty' do
+        expect(user.valid?).to be false
+        expect(user.errors.messages[:email].first).to eq "can't be blank"
+      end
+    end
+
+    context 'password' do
+      let(:user) { build(:user, password_confirmation: nil) }
+
+      it 'password confirmation cannot be empty' do
+        expect(user.valid?).to be false
+        expect(user.errors.messages[:password_confirmation].first).to eq "doesn't match Password"
+      end
+
+      let(:user) { build(:user, password: 'pass1234', password_confirmation: 'pass') }
+
+      it 'passwords has to be equal to password confirmation' do
+        expect(user.valid?).to be false
+        expect(user.errors.messages[:password_confirmation].first).to eq "doesn't match Password"
+      end
+    end
+  end
+
   context '#destroy' do
     it 'will soft delete with uncompleted orders' do
       order = build(:order)
@@ -65,17 +92,48 @@ RSpec.describe Spree::User, type: :model do
     end
   end
 
-  describe "confirmable", reload_user: true do
-    it "is confirmable if the confirmable option is enabled" do
-      set_confirmable_option(true)
+  describe "confirmable" do
+    it "is confirmable if the confirmable option is enabled", confirmable: true do
       Spree::UserMailer.stub(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.current.id }).and_return(double(deliver: true))
       expect(Spree.user_class.devise_modules).to include(:confirmable)
-      set_confirmable_option(false)
     end
 
-    it "is not confirmable if the confirmable option is disabled" do
-      set_confirmable_option(false)
-      expect(Spree.user_class.devise_modules).to_not include(:confirmable)
+    it "is not confirmable if the confirmable option is disabled", confirmable: false do
+      expect(Spree.user_class.devise_modules).not_to include(:confirmable)
+    end
+  end
+
+  describe "#send_confirmation_instructions", retry: 2 do
+    let(:default_store) { Spree::Store.default }
+
+    context "when current store not exists" do
+      it 'takes default store and sends confirmation instruction', confirmable: true do
+        user = Spree.user_class.new
+        user.email = FFaker::Internet.email
+        user.password = user.password_confirmation = 'pass1234'
+        user.save
+        
+        expect(Spree::UserMailer).to receive(:confirmation_instructions).with(
+          user, anything, { current_store_id: default_store.id }).and_return(double(deliver: true)
+        )
+
+        user.send_confirmation_instructions(nil)
+      end
+    end
+
+    context "when current store exists" do
+      it 'takes current store and sends confirmation instruction', confirmable: true do
+        user = Spree.user_class.new
+        user.email = FFaker::Internet.email
+        user.password = user.password_confirmation = 'pass1234'
+        user.save
+
+        expect(Spree::UserMailer).to receive(:confirmation_instructions).with(
+          user, anything, { current_store_id: store.id }).and_return(double(deliver: true)
+        )
+
+        user.send_confirmation_instructions(store)
+      end
     end
   end
 end

data/spec/requests/spree/frontend/user_update_spec.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+RSpec.feature 'User update', type: :request do
+  context 'CSRF protection' do
+    %i[exception reset_session null_session].each do |strategy|
+      # Completely clean the configuration of forgery protection for the
+      # controller and reset it after the expectations. However, besides `:with`,
+      # the options given to `protect_from_forgery` are processed on the fly.
+      # I.e., there's no way to retain them. The initial setup corresponds to the
+      # dummy application, which uses the default Rails skeleton in that regard.
+      # So, if at some point Rails changed the given options, we should update it
+      # here.
+      around do |example|
+        controller = Spree::UsersController
+        old_allow_forgery_protection_value = controller.allow_forgery_protection
+        old_forgery_protection_strategy = controller.forgery_protection_strategy
+        controller.skip_forgery_protection
+        controller.allow_forgery_protection = true
+        controller.protect_from_forgery with: strategy
+
+        example.run
+
+        controller.allow_forgery_protection = old_allow_forgery_protection_value
+        controller.forgery_protection_strategy = old_forgery_protection_strategy
+      end
+
+      it "is not possible to take account over with the #{strategy} forgery protection strategy" do
+        user = create(:user, email: 'legit@mail.com', password: 'password')
+
+        post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
+        begin
+          put '/users/123456', params: 'user[email]=hacked@example.com'
+        rescue
+          # testing that the account is not compromised regardless of any raised
+          # exception
+        end
+
+        expect(user.reload.email).to eq('legit@mail.com')
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -9,10 +9,14 @@ require 'spree_dev_tools/rspec/spec_helper'
 # in spec/support/ and its subdirectories.
 Dir[File.join(File.dirname(__FILE__), 'support/**/*.rb')].sort.each { |f| require f }
 
+require 'spree/testing_support/locale_helpers' if Spree.version.to_f >= 4.2
+
 RSpec.configure do |config|
   config.before(:each) do
     allow(RSpec::Rails::ViewRendering::EmptyTemplateHandler)
       .to receive(:call)
       .and_return(%("")) if Rails.gem_version >= Gem::Version.new('6.0.0.beta1')
   end
+
+  config.include Spree::TestingSupport::LocaleHelpers if defined?(Spree::TestingSupport::LocaleHelpers)
 end

data/spec/support/confirm_helpers.rb

@@ -1,11 +1,25 @@
-module ConfirmHelpers
-  def set_confirmable_option(value)
-    Spree::Auth::Config[:confirmable] = value
-    Spree.send(:remove_const, 'User')
-    load File.expand_path("../../../app/models/spree/user.rb", __FILE__)
+RSpec.configure do |config|
+  config.around do |example|
+    if example.metadata.key?(:confirmable)
+      old_user = Spree::User
+
+      begin
+        example.run
+      ensure
+        Spree.const_set('User', old_user)
+      end
+    else
+      example.run
+    end
   end
-end
 
-RSpec.configure do |c|
-  c.include ConfirmHelpers
+  config.before do |example|
+    if example.metadata.key?(:confirmable)
+      Rails.cache.clear
+      Spree::Auth::Config[:confirmable] = example.metadata[:confirmable]
+
+      Spree.send(:remove_const, :User)
+      load File.expand_path('../../../app/models/spree/user.rb', __FILE__)
+    end
+  end
 end

data/spree_auth_devise.gemspec

@@ -1,9 +1,13 @@
 # encoding: UTF-8
+lib = File.expand_path('../lib/', __FILE__)
+$LOAD_PATH.unshift lib unless $LOAD_PATH.include?(lib)
+
+require 'spree/auth/version'
 
 Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.name        = 'spree_auth_devise'
-  s.version     = '4.3.2'
+  s.version     = Spree::Auth::VERSION
   s.summary     = 'Provides authentication and authorization services for use with Spree by using Devise and CanCan.'
   s.description = s.summary
 
@@ -29,7 +33,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'devise', '~> 4.7'
   s.add_dependency 'devise-encryptable', '0.2.0'
 
-  spree_version = '>= 4.1', '< 5.0'
+  spree_version = '>= 4.3.0.rc1'
   s.add_dependency 'spree_core', spree_version
   s.add_dependency 'spree_extension'
 

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: spree_auth_devise
 version: !ruby/object:Gem::Version
-  version: 4.3.2
+  version: 4.4.1
 platform: ruby
 authors:
 - Sean Schofield
 - Spark Solutions
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-25 00:00:00.000000000 Z
+date: 2021-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -45,20 +45,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.1'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 4.3.0.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.1'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5.0'
+        version: 4.3.0.rc1
 - !ruby/object:Gem::Dependency
   name: spree_extension
   requirement: !ruby/object:Gem::Requirement
@@ -95,10 +89,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
+- ".gem_release.yml"
+- ".github/dependabot.yml"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
-- Appraisals
 - CHANGELOG.md
 - Gemfile
 - LICENSE.md
@@ -107,23 +102,13 @@ files:
 - app/controllers/metal_decorator.rb
 - app/controllers/spree/api/v2/storefront/account_confirmations_controller.rb
 - app/controllers/spree/api/v2/storefront/passwords_controller.rb
-- app/controllers/spree/user_confirmations_controller.rb
-- app/controllers/spree/user_passwords_controller.rb
-- app/controllers/spree/user_registrations_controller.rb
-- app/controllers/spree/user_sessions_controller.rb
 - app/mailers/spree/user_mailer.rb
 - app/models/spree/auth_configuration.rb
 - app/models/spree/user.rb
-- app/services/spree/account/create.rb
-- app/services/spree/account/update.rb
 - app/views/spree/user_mailer/confirmation_instructions.html.erb
 - app/views/spree/user_mailer/confirmation_instructions.text.erb
 - app/views/spree/user_mailer/reset_password_instructions.html.erb
 - app/views/spree/user_mailer/reset_password_instructions.text.erb
-- app/views/spree/user_passwords/edit.html.erb
-- app/views/spree/user_passwords/new.html.erb
-- app/views/spree/user_registrations/new.html.erb
-- app/views/spree/user_sessions/new.html.erb
 - bin/rails
 - config.ru
 - config/initializers/devise.rb
@@ -149,10 +134,8 @@ files:
 - db/migrate/20140904000425_add_deleted_at_to_users.rb
 - db/migrate/20141002154641_add_confirmable_to_users.rb
 - db/migrate/20150416152553_add_missing_indices_on_user.rb
+- db/migrate/20210728103922_change_type_of_ship_address_id_and_bill_address_id_for_spree_users.rb
 - db/seeds.rb
-- gemfiles/spree_4_1.gemfile
-- gemfiles/spree_master.gemfile
-- lib/controllers/api/spree/api/v2/storefront/account_controller_decorator.rb
 - lib/controllers/backend/spree/admin/base_controller_decorator.rb
 - lib/controllers/backend/spree/admin/orders/customer_details_controller_decorator.rb
 - lib/controllers/backend/spree/admin/orders_controller_decorator.rb
@@ -160,12 +143,17 @@ files:
 - lib/controllers/backend/spree/admin/user_passwords_controller.rb
 - lib/controllers/backend/spree/admin/user_sessions_controller.rb
 - lib/controllers/frontend/spree/checkout_controller_decorator.rb
+- lib/controllers/frontend/spree/user_confirmations_controller.rb
+- lib/controllers/frontend/spree/user_passwords_controller.rb
+- lib/controllers/frontend/spree/user_registrations_controller.rb
+- lib/controllers/frontend/spree/user_sessions_controller.rb
 - lib/controllers/frontend/spree/users_controller.rb
 - lib/generators/spree/auth/install/install_generator.rb
 - lib/generators/spree/auth/install/templates/config/initializers/devise.rb
 - lib/spree/auth.rb
 - lib/spree/auth/devise.rb
 - lib/spree/auth/engine.rb
+- lib/spree/auth/version.rb
 - lib/spree/authentication_helpers.rb
 - lib/spree/testing_support/auth_helpers.rb
 - lib/spree/testing_support/checkout_helpers.rb
@@ -179,6 +167,10 @@ files:
 - lib/views/backend/spree/layouts/login.html.erb
 - lib/views/frontend/spree/shared/_flashes.html.erb
 - lib/views/frontend/spree/shared/_login_bar.html.erb
+- lib/views/frontend/spree/user_passwords/edit.html.erb
+- lib/views/frontend/spree/user_passwords/new.html.erb
+- lib/views/frontend/spree/user_registrations/new.html.erb
+- lib/views/frontend/spree/user_sessions/new.html.erb
 - spec/controllers/spree/admin/orders_controller_spec.rb
 - spec/controllers/spree/admin/user_sessions_controller_spec.rb
 - spec/controllers/spree/api/v2/storefront/passwords_controller_spec.rb
@@ -209,22 +201,22 @@ files:
 - spec/models/user_spec.rb
 - spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
 - spec/requests/spree/api/v2/storefront/account_spec.rb
+- spec/requests/spree/frontend/user_update_spec.rb
 - spec/spec_helper.rb
 - spec/support/ability.rb
 - spec/support/configuration_helpers.rb
 - spec/support/confirm_helpers.rb
 - spec/support/email.rb
-- spec/support/user_helper.rb
 - spree_auth_devise.gemspec
 homepage: https://spreecommerce.org
 licenses:
 - BSD-3-Clause
 metadata:
   bug_tracker_uri: https://github.com/spree/spree_auth_devise/issues
-  changelog_uri: https://github.com/spree/spree_auth_devise/releases/tag/v4.3.2
+  changelog_uri: https://github.com/spree/spree_auth_devise/releases/tag/v4.4.1
   documentation_uri: https://guides.spreecommerce.org/
-  source_code_uri: https://github.com/spree/spree_auth_devise/tree/v4.3.2
-post_install_message: 
+  source_code_uri: https://github.com/spree/spree_auth_devise/tree/v4.4.1
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -240,8 +232,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - none
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Provides authentication and authorization services for use with Spree by
   using Devise and CanCan.
@@ -276,9 +268,9 @@ test_files:
 - spec/models/user_spec.rb
 - spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
 - spec/requests/spree/api/v2/storefront/account_spec.rb
+- spec/requests/spree/frontend/user_update_spec.rb
 - spec/spec_helper.rb
 - spec/support/ability.rb
 - spec/support/configuration_helpers.rb
 - spec/support/confirm_helpers.rb
 - spec/support/email.rb
-- spec/support/user_helper.rb

data/Appraisals

@@ -1,9 +0,0 @@
-appraise 'spree-4-1' do
-  gem 'rails-controller-testing'
-  gem 'spree', '~> 4.1'
-end
-
-appraise 'spree-master' do
-  gem 'rails-controller-testing'
-  gem 'spree', github: 'spree/spree', branch: 'master'
-end

data/app/services/spree/account/create.rb

@@ -1,19 +0,0 @@
-module Spree
-  module Account
-    class Create
-      prepend Spree::ServiceModule::Base
-
-      def call(user_params: nil)
-        user_params ||= {}
-
-        user = Spree.user_class.new(user_params)
-
-        if user.save
-          success(user)
-        else
-          failure(user)
-        end
-      end
-    end
-  end
-end

data/app/services/spree/account/update.rb

@@ -1,17 +0,0 @@
-module Spree
-  module Account
-    class Update
-      prepend Spree::ServiceModule::Base
-
-      def call(user:, user_params: nil)
-        user_params ||= {}
-
-        if user.update(user_params)
-          success(user)
-        else
-          failure(user)
-        end
-      end
-    end
-  end
-end

data/gemfiles/spree_4_1.gemfile

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails-controller-testing"
-gem "spree", "~> 4.1"
-
-gemspec path: "../"

data/gemfiles/spree_master.gemfile

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails-controller-testing"
-gem "spree", github: "spree/spree", branch: "master"
-
-gemspec path: "../"

data/lib/controllers/api/spree/api/v2/storefront/account_controller_decorator.rb

@@ -1,41 +0,0 @@
-module Spree
-  module Api
-    module V2
-      module Storefront
-        module AccountControllerDecorator
-          def self.prepended(base)
-            base.skip_before_action :require_spree_current_user, only: [:create]
-          end
-
-          def create
-            result = Spree::Account::Create.call(user_params: spree_user_params)
-
-            render_payload(result)
-          end
-
-          def update
-            result = Spree::Account::Update.call(user: spree_current_user, user_params: spree_user_params)
-
-            render_payload(result)
-          end
-
-          private
-
-          def render_payload(result)
-            if result.success?
-              render_serialized_payload { serialize_resource(result.value) }
-            else
-              render_error_payload(result.error)
-            end
-          end
-
-          def spree_user_params
-            params.require(:user).permit(Spree::PermittedAttributes.user_attributes)
-          end
-        end
-      end
-    end
-  end
-end
-
-::Spree::Api::V2::Storefront::AccountController.prepend(Spree::Api::V2::Storefront::AccountControllerDecorator)

data/spec/support/user_helper.rb

@@ -1,11 +0,0 @@
-RSpec.configure do |config|
-  # allows to keep user const after reload
-  config.around :each, :reload_user do |example|
-    old_user = Spree::User
-
-    example.run
-
-    Spree.send(:remove_const, 'User')
-    Spree.const_set('User', old_user)
-  end
-end