spree_auth_devise 4.4.0 → 4.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +165 -29
- data/Gemfile +3 -2
- data/README.md +1 -2
- data/app/models/spree/user.rb +3 -0
- data/config/routes.rb +33 -29
- data/lib/controllers/backend/spree/admin/user_passwords_controller.rb +5 -4
- data/lib/controllers/backend/spree/admin/user_sessions_controller.rb +1 -2
- data/lib/controllers/frontend/spree/users_controller.rb +6 -1
- data/lib/spree/auth/version.rb +1 -1
- data/lib/views/backend/spree/admin/user_passwords/edit.html.erb +12 -11
- data/lib/views/backend/spree/admin/user_passwords/new.html.erb +9 -11
- data/lib/views/backend/spree/admin/user_sessions/new.html.erb +4 -4
- data/spec/features/admin/password_reset_spec.rb +1 -1
- data/spec/features/admin/sign_out_spec.rb +2 -2
- data/spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb +0 -9
- data/spec/requests/spree/frontend/user_update_spec.rb +42 -0
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4fb338dbef2e181d223f6e14b1a8d56bd70e583bb236ecad2e8dd789831961da
|
|
4
|
+
data.tar.gz: bb1d7586b41087b8aea34ec13f1bad8be7474b4cd86595b66cab11c4debd0ff5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2c787c99ace2df8fc064fcf729f00aee7443e3bace6633a9a105c68378cd672eee15fab48230318ce9af3c43b15e763eca90fe16287f114515d7a2f0922bf7a1
|
|
7
|
+
data.tar.gz: e0ee63fa233a7e7e1b9300e5c283ee786127fbca22bfbfd352377b0d73b75a054008113cdeb90ceae4e9727cbc7b1007db4257fa2d2fa1f0f14a9c981b7f8fbe
|
data/.circleci/config.yml
CHANGED
|
@@ -1,41 +1,177 @@
|
|
|
1
|
-
version: 2
|
|
1
|
+
version: 2.1
|
|
2
|
+
|
|
3
|
+
defaults: &defaults
|
|
4
|
+
environment: &environment
|
|
5
|
+
CIRCLE_TEST_REPORTS: /tmp/test-results
|
|
6
|
+
CIRCLE_ARTIFACTS: /tmp/test-artifacts
|
|
7
|
+
BUNDLE_JOBS: 4
|
|
8
|
+
BUNDLE_RETRY: 3
|
|
9
|
+
BUNDLE_PATH: ~/spree/vendor/bundle
|
|
10
|
+
working_directory: ~/spree
|
|
11
|
+
docker:
|
|
12
|
+
- image: &ruby_image circleci/ruby:2.7-node-browsers
|
|
13
|
+
- image: &redis_image circleci/redis:6.2-alpine
|
|
14
|
+
|
|
15
|
+
defaults_3_0: &defaults_3_0
|
|
16
|
+
<<: *defaults
|
|
17
|
+
docker:
|
|
18
|
+
- image: &ruby_3_0_image circleci/ruby:3.0-node-browsers
|
|
19
|
+
- image: *redis_image
|
|
20
|
+
|
|
21
|
+
run_tests: &run_tests
|
|
22
|
+
<<: *defaults
|
|
23
|
+
steps:
|
|
24
|
+
- checkout
|
|
25
|
+
- restore_cache:
|
|
26
|
+
keys:
|
|
27
|
+
- spree-auth-devise-bundle-v9-ruby-2-7-{{ .Branch }}
|
|
28
|
+
- spree-auth-devise-bundle-v9-ruby-2-7
|
|
29
|
+
- run:
|
|
30
|
+
name: Set bundle path
|
|
31
|
+
command: bundle config --local path vendor/bundle
|
|
32
|
+
- run:
|
|
33
|
+
name: Ensure bundle Install
|
|
34
|
+
command: |
|
|
35
|
+
bundle check || bundle install
|
|
36
|
+
- run:
|
|
37
|
+
name: Create test app
|
|
38
|
+
command: |
|
|
39
|
+
bundle exec rake test_app
|
|
40
|
+
- run:
|
|
41
|
+
name: Run Rspec
|
|
42
|
+
command: |
|
|
43
|
+
TESTFILES=$(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)
|
|
44
|
+
bundle exec rspec --format documentation \
|
|
45
|
+
--format RspecJunitFormatter \
|
|
46
|
+
-o ~/rspec/rspec.xml \
|
|
47
|
+
-- ${TESTFILES}
|
|
48
|
+
- store_test_results:
|
|
49
|
+
path: ~/rspec
|
|
50
|
+
- store_artifacts:
|
|
51
|
+
path: tmp/capybara
|
|
52
|
+
|
|
53
|
+
run_tests_3_0: &run_tests_3_0
|
|
54
|
+
<<: *defaults_3_0
|
|
55
|
+
steps:
|
|
56
|
+
- checkout
|
|
57
|
+
- restore_cache:
|
|
58
|
+
keys:
|
|
59
|
+
- spree-auth-devise-bundle-v9-ruby-3-0-{{ .Branch }}
|
|
60
|
+
- spree-auth-devise-bundle-v9-ruby-3-0
|
|
61
|
+
- run:
|
|
62
|
+
name: Set bundle path
|
|
63
|
+
command: bundle config --local path vendor/bundle
|
|
64
|
+
- run:
|
|
65
|
+
name: Ensure bundle Install
|
|
66
|
+
command: |
|
|
67
|
+
bundle check || bundle install
|
|
68
|
+
- run:
|
|
69
|
+
name: Create test app
|
|
70
|
+
command: |
|
|
71
|
+
bundle exec rake test_app
|
|
72
|
+
- run:
|
|
73
|
+
name: Run Rspec
|
|
74
|
+
command: |
|
|
75
|
+
TESTFILES=$(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)
|
|
76
|
+
bundle exec rspec --format documentation \
|
|
77
|
+
--format RspecJunitFormatter \
|
|
78
|
+
-o ~/rspec/rspec.xml \
|
|
79
|
+
-- ${TESTFILES}
|
|
80
|
+
- store_test_results:
|
|
81
|
+
path: ~/rspec
|
|
82
|
+
- store_artifacts:
|
|
83
|
+
path: tmp/capybara
|
|
2
84
|
|
|
3
85
|
jobs:
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
- image: circleci/ruby:2.6.3
|
|
86
|
+
bundle:
|
|
87
|
+
<<: *defaults
|
|
7
88
|
steps:
|
|
8
|
-
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
- run: ssh-add -D
|
|
14
|
-
- run: ssh-add ~/.ssh/id_rsa_54505e4e806d2e2643c699bd39b271dc
|
|
15
|
-
- run: git clone -b master git@github.com:spark-solutions/spree-designs.git
|
|
16
|
-
- run: gem install bundler -v 1.17.3
|
|
89
|
+
- checkout
|
|
90
|
+
- restore_cache:
|
|
91
|
+
keys:
|
|
92
|
+
- spree-auth-devise-bundle-v9-ruby-2-7-{{ .Branch }}
|
|
93
|
+
- spree-auth-devise-bundle-v9-ruby-2-7
|
|
17
94
|
- run:
|
|
18
|
-
|
|
19
|
-
|
|
95
|
+
name: Set bundle path
|
|
96
|
+
command: bundle config --local path vendor/bundle
|
|
20
97
|
- run:
|
|
98
|
+
name: Bundle Install
|
|
21
99
|
command: |
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
100
|
+
bundle check || bundle install
|
|
101
|
+
- save_cache:
|
|
102
|
+
paths:
|
|
103
|
+
- vendor/bundle
|
|
104
|
+
key: spree-auth-devise-bundle-v9-ruby-2-7-{{ checksum "Gemfile.lock" }}
|
|
105
|
+
|
|
106
|
+
bundle_ruby_3_0:
|
|
107
|
+
<<: *defaults_3_0
|
|
108
|
+
steps:
|
|
109
|
+
- checkout
|
|
110
|
+
- restore_cache:
|
|
111
|
+
keys:
|
|
112
|
+
- spree-auth-devise-bundle-v9-ruby-3-0-{{ .Branch }}
|
|
113
|
+
- spree-auth-devise-bundle-v9-ruby-3-0
|
|
25
114
|
- run:
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
git commit -m "Auto-commit v#${CIRCLE_BUILD_NUM}"
|
|
29
|
-
working_directory: ~/project/spree-designs
|
|
115
|
+
name: Set bundle path
|
|
116
|
+
command: bundle config --local path vendor/bundle
|
|
30
117
|
- run:
|
|
31
|
-
|
|
32
|
-
|
|
118
|
+
name: Bundle Install
|
|
119
|
+
command: |
|
|
120
|
+
bundle check || bundle install
|
|
121
|
+
- save_cache:
|
|
122
|
+
paths:
|
|
123
|
+
- vendor/bundle
|
|
124
|
+
key: spree-auth-devise-bundle-v9-ruby-3-0-{{ checksum "Gemfile.lock" }}
|
|
125
|
+
|
|
126
|
+
tests_postgres: &tests_postgres
|
|
127
|
+
<<: *run_tests
|
|
128
|
+
environment: &postgres_environment
|
|
129
|
+
<<: *environment
|
|
130
|
+
DB: postgres
|
|
131
|
+
DB_HOST: localhost
|
|
132
|
+
DB_USERNAME: postgres
|
|
133
|
+
docker:
|
|
134
|
+
- image: *ruby_image
|
|
135
|
+
- image: *redis_image
|
|
136
|
+
- image: &postgres_image circleci/postgres:12-alpine
|
|
137
|
+
environment:
|
|
138
|
+
POSTGRES_USER: postgres
|
|
139
|
+
|
|
140
|
+
tests_postgres_ruby_3_0: &tests_postgres_ruby_3_0
|
|
141
|
+
<<: *run_tests_3_0
|
|
142
|
+
environment:
|
|
143
|
+
<<: *postgres_environment
|
|
144
|
+
docker:
|
|
145
|
+
- image: *ruby_3_0_image
|
|
146
|
+
- image: *postgres_image
|
|
147
|
+
- image: *redis_image
|
|
148
|
+
|
|
149
|
+
tests_mysql: &tests_mysql
|
|
150
|
+
<<: *run_tests
|
|
151
|
+
environment: &mysql_environment
|
|
152
|
+
<<: *environment
|
|
153
|
+
DB: mysql
|
|
154
|
+
DB_HOST: 127.0.0.1
|
|
155
|
+
DB_USERNAME: root
|
|
156
|
+
COVERAGE: true
|
|
157
|
+
COVERAGE_DIR: /tmp/workspace/simplecov
|
|
158
|
+
docker:
|
|
159
|
+
- image: *ruby_image
|
|
160
|
+
- image: *redis_image
|
|
161
|
+
- image: &mysql_image circleci/mysql:8-ram
|
|
33
162
|
|
|
34
163
|
workflows:
|
|
35
164
|
version: 2
|
|
36
|
-
|
|
165
|
+
main:
|
|
37
166
|
jobs:
|
|
38
|
-
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
167
|
+
- bundle
|
|
168
|
+
- bundle_ruby_3_0
|
|
169
|
+
- tests_postgres:
|
|
170
|
+
requires:
|
|
171
|
+
- bundle
|
|
172
|
+
- tests_postgres_ruby_3_0:
|
|
173
|
+
requires:
|
|
174
|
+
- bundle_ruby_3_0
|
|
175
|
+
- tests_mysql:
|
|
176
|
+
requires:
|
|
177
|
+
- bundle
|
data/Gemfile
CHANGED
|
@@ -2,9 +2,10 @@ source 'https://rubygems.org'
|
|
|
2
2
|
|
|
3
3
|
gem 'rails-controller-testing'
|
|
4
4
|
gem 'spree', github: 'spree/spree', branch: 'main'
|
|
5
|
-
gem 'spree_backend', github: 'spree/
|
|
6
|
-
gem 'spree_frontend', github: 'spree/
|
|
5
|
+
gem 'spree_backend', github: 'spree/spree_backend', branch: 'main'
|
|
6
|
+
gem 'spree_frontend', github: 'spree/spree_legacy_frontend', branch: 'main'
|
|
7
7
|
gem 'spree_emails', github: 'spree/spree', branch: 'main'
|
|
8
|
+
gem 'rspec_junit_formatter', '~> 0.4.1'
|
|
8
9
|
|
|
9
10
|
gem 'pry', '~> 0.14.1'
|
|
10
11
|
gemspec
|
data/README.md
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
# Spree Auth (Devise)
|
|
2
2
|
|
|
3
|
-
[](https://codeclimate.com/github/spree/spree_auth_devise)
|
|
3
|
+
[](https://circleci.com/gh/spree/spree_auth_devise/tree/main)
|
|
5
4
|
|
|
6
5
|
Provides authentication services for [Spree](https://spreecommerce.org), using the [Devise](https://github.com/plataformatec/devise) gem.
|
|
7
6
|
|
data/app/models/spree/user.rb
CHANGED
|
@@ -3,6 +3,9 @@ module Spree
|
|
|
3
3
|
include UserAddress
|
|
4
4
|
include UserMethods
|
|
5
5
|
include UserPaymentSource
|
|
6
|
+
if defined?(Spree::Metadata)
|
|
7
|
+
include Metadata
|
|
8
|
+
end
|
|
6
9
|
|
|
7
10
|
devise :database_authenticatable, :registerable, :recoverable,
|
|
8
11
|
:rememberable, :trackable, :encryptable, encryptor: 'authlogic_sha512'
|
data/config/routes.rb
CHANGED
|
@@ -1,15 +1,13 @@
|
|
|
1
1
|
Spree::Core::Engine.add_routes do
|
|
2
2
|
devise_for :spree_user,
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
resources :users, only: [:edit, :update]
|
|
3
|
+
class_name: Spree.user_class.to_s,
|
|
4
|
+
controllers: { sessions: 'spree/user_sessions',
|
|
5
|
+
registrations: 'spree/user_registrations',
|
|
6
|
+
passwords: 'spree/user_passwords',
|
|
7
|
+
confirmations: 'spree/user_confirmations' },
|
|
8
|
+
skip: [:unlocks, :omniauth_callbacks],
|
|
9
|
+
path_names: { sign_out: 'logout' },
|
|
10
|
+
path_prefix: :user
|
|
13
11
|
|
|
14
12
|
devise_scope :spree_user do
|
|
15
13
|
get '/login' => 'user_sessions#new', :as => :login
|
|
@@ -24,26 +22,32 @@ Spree::Core::Engine.add_routes do
|
|
|
24
22
|
get '/confirm' => 'user_confirmations#show', :as => :confirmation
|
|
25
23
|
end
|
|
26
24
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
25
|
+
if Spree::Core::Engine.frontend_available?
|
|
26
|
+
resources :users, only: [:edit, :update]
|
|
27
|
+
get '/checkout/registration' => 'checkout#registration', :as => :checkout_registration
|
|
28
|
+
put '/checkout/registration' => 'checkout#update_registration', :as => :update_checkout_registration
|
|
29
|
+
resource :account, controller: 'users'
|
|
30
|
+
end
|
|
31
31
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
32
|
+
if Spree.respond_to?(:admin_path) && Spree::Core::Engine.backend_available?
|
|
33
|
+
namespace :admin, path: Spree.admin_path do
|
|
34
|
+
devise_for :spree_user,
|
|
35
|
+
class_name: Spree.user_class.to_s,
|
|
36
|
+
controllers: { sessions: 'spree/admin/user_sessions',
|
|
37
|
+
passwords: 'spree/admin/user_passwords' },
|
|
38
|
+
skip: [:unlocks, :omniauth_callbacks, :registrations],
|
|
39
|
+
path_names: { sign_out: 'logout' },
|
|
40
|
+
path_prefix: :user
|
|
41
|
+
devise_scope :spree_user do
|
|
42
|
+
get '/authorization_failure', to: 'user_sessions#authorization_failure', as: :unauthorized
|
|
43
|
+
get '/login' => 'user_sessions#new', :as => :login
|
|
44
|
+
post '/login' => 'user_sessions#create', :as => :create_new_session
|
|
45
|
+
get '/logout' => 'user_sessions#destroy', :as => :logout
|
|
46
|
+
get '/password/recover' => 'user_passwords#new', :as => :recover_password
|
|
47
|
+
post '/password/recover' => 'user_passwords#create', :as => :reset_password
|
|
48
|
+
get '/password/change' => 'user_passwords#edit', :as => :edit_password
|
|
49
|
+
put '/password/change' => 'user_passwords#update', :as => :update_password
|
|
50
|
+
end
|
|
47
51
|
end
|
|
48
52
|
end
|
|
49
53
|
|
|
@@ -2,7 +2,6 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
|
|
|
2
2
|
helper 'spree/base'
|
|
3
3
|
|
|
4
4
|
include Spree::Core::ControllerHelpers::Auth
|
|
5
|
-
include Spree::Core::ControllerHelpers::Common
|
|
6
5
|
include Spree::Core::ControllerHelpers::Store
|
|
7
6
|
|
|
8
7
|
helper 'spree/admin/navigation'
|
|
@@ -16,13 +15,13 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
|
|
|
16
15
|
# respond_with resource, :location => spree.login_path
|
|
17
16
|
#
|
|
18
17
|
def create
|
|
19
|
-
self.resource = resource_class.send_reset_password_instructions(params[resource_name])
|
|
18
|
+
self.resource = resource_class.send_reset_password_instructions(params[resource_name], current_store)
|
|
20
19
|
|
|
21
20
|
if resource.errors.empty?
|
|
22
21
|
set_flash_message(:notice, :send_instructions) if is_navigational_format?
|
|
23
22
|
respond_with resource, location: spree.admin_login_path
|
|
24
23
|
else
|
|
25
|
-
respond_with_navigational(resource) { render :new }
|
|
24
|
+
respond_with_navigational(resource) { render :new, status: :unprocessable_entity }
|
|
26
25
|
end
|
|
27
26
|
end
|
|
28
27
|
|
|
@@ -31,8 +30,10 @@ class Spree::Admin::UserPasswordsController < Devise::PasswordsController
|
|
|
31
30
|
# Fixes spree/spree#2190.
|
|
32
31
|
def update
|
|
33
32
|
if params[:spree_user][:password].blank?
|
|
33
|
+
self.resource = resource_class.new
|
|
34
|
+
resource.reset_password_token = params[:spree_user][:reset_password_token]
|
|
34
35
|
set_flash_message(:error, :cannot_be_blank)
|
|
35
|
-
render :edit
|
|
36
|
+
render :edit, status: :unprocessable_entity
|
|
36
37
|
else
|
|
37
38
|
super
|
|
38
39
|
end
|
|
@@ -2,7 +2,6 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
|
|
|
2
2
|
helper 'spree/base'
|
|
3
3
|
|
|
4
4
|
include Spree::Core::ControllerHelpers::Auth
|
|
5
|
-
include Spree::Core::ControllerHelpers::Common
|
|
6
5
|
include Spree::Core::ControllerHelpers::Store
|
|
7
6
|
|
|
8
7
|
helper 'spree/admin/navigation'
|
|
@@ -24,7 +23,7 @@ class Spree::Admin::UserSessionsController < Devise::SessionsController
|
|
|
24
23
|
end
|
|
25
24
|
else
|
|
26
25
|
flash.now[:error] = t('devise.failure.invalid')
|
|
27
|
-
render :new
|
|
26
|
+
render :new, status: :unprocessable_entity
|
|
28
27
|
end
|
|
29
28
|
end
|
|
30
29
|
|
|
@@ -1,14 +1,18 @@
|
|
|
1
1
|
class Spree::UsersController < Spree::StoreController
|
|
2
2
|
before_action :set_current_order, except: :show
|
|
3
|
-
prepend_before_action :load_object, only: [:show, :edit, :update]
|
|
4
3
|
prepend_before_action :authorize_actions, only: :new
|
|
5
4
|
|
|
6
5
|
include Spree::Core::ControllerHelpers
|
|
7
6
|
|
|
8
7
|
def show
|
|
8
|
+
load_object
|
|
9
9
|
@orders = @user.orders.for_store(current_store).complete.order('completed_at desc')
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
+
def edit
|
|
13
|
+
load_object
|
|
14
|
+
end
|
|
15
|
+
|
|
12
16
|
def create
|
|
13
17
|
@user = Spree.user_class.new(user_params)
|
|
14
18
|
if @user.save
|
|
@@ -24,6 +28,7 @@ class Spree::UsersController < Spree::StoreController
|
|
|
24
28
|
end
|
|
25
29
|
|
|
26
30
|
def update
|
|
31
|
+
load_object
|
|
27
32
|
if @user.update(user_params)
|
|
28
33
|
if params[:user][:password].present?
|
|
29
34
|
# this logic needed b/c devise wants to log us out after password changes
|
data/lib/spree/auth/version.rb
CHANGED
|
@@ -1,15 +1,16 @@
|
|
|
1
|
-
<%= render :
|
|
1
|
+
<%= render partial: 'spree/admin/shared/error_messages', locals: { target: @spree_user } %>
|
|
2
|
+
|
|
2
3
|
<h2><%= Spree.t(:change_my_password) %></h2>
|
|
3
4
|
|
|
4
|
-
<%= form_for @spree_user, :
|
|
5
|
-
<
|
|
6
|
-
<%= f.label :password, Spree.t(:password)
|
|
7
|
-
<%= f.password_field :password
|
|
8
|
-
</
|
|
9
|
-
<
|
|
10
|
-
<%= f.label :password_confirmation, Spree.t(:confirm_password)
|
|
11
|
-
<%= f.password_field :password_confirmation
|
|
12
|
-
</
|
|
5
|
+
<%= form_for @spree_user, as: :spree_user, url: spree.admin_update_password_path, method: :put do |f| %>
|
|
6
|
+
<div class="form-group">
|
|
7
|
+
<%= f.label :password, Spree.t(:password) %>
|
|
8
|
+
<%= f.password_field :password, class: 'form-control', required: true %>
|
|
9
|
+
</div>
|
|
10
|
+
<div class="form-group">
|
|
11
|
+
<%= f.label :password_confirmation, Spree.t(:confirm_password) %>
|
|
12
|
+
<%= f.password_field :password_confirmation, class: 'form-control', required: true %>
|
|
13
|
+
</div>
|
|
13
14
|
<%= f.hidden_field :reset_password_token %>
|
|
14
|
-
<%= f.submit Spree.t(:update), :
|
|
15
|
+
<%= f.submit Spree.t(:update), class: 'btn btn-primary btn-block' %>
|
|
15
16
|
<% end %>
|
|
@@ -1,17 +1,15 @@
|
|
|
1
|
-
<%= render :
|
|
1
|
+
<%= render partial: 'spree/admin/shared/error_messages', locals: { target: @spree_user } %>
|
|
2
2
|
|
|
3
|
-
<div id="forgot-password">
|
|
4
|
-
<
|
|
3
|
+
<div id="forgot-password" class="col-lg-6">
|
|
4
|
+
<h1><%= Spree.t(:forgot_password) %></h1>
|
|
5
5
|
|
|
6
6
|
<p><%= Spree.t(:instructions_to_reset_password) %></p>
|
|
7
7
|
|
|
8
|
-
<%= form_for Spree.user_class.new, :as => :spree_user, :url => spree.
|
|
9
|
-
<
|
|
10
|
-
<%= f.label :email, Spree.t(:email)
|
|
11
|
-
<%= f.email_field :email %>
|
|
12
|
-
</
|
|
13
|
-
|
|
14
|
-
<%= f.submit Spree.t(:reset_password), :class => 'button primary' %>
|
|
15
|
-
</p>
|
|
8
|
+
<%= form_for Spree.user_class.new, :as => :spree_user, :url => spree.admin_reset_password_path, data: { turbo: false } do |f| %>
|
|
9
|
+
<div class="form-group">
|
|
10
|
+
<%= f.label :email, Spree.t(:email) %>
|
|
11
|
+
<%= f.email_field :email, class: 'form-control', required: true %>
|
|
12
|
+
</div>
|
|
13
|
+
<%= f.submit Spree.t(:reset_password), class: 'btn btn-primary' %>
|
|
16
14
|
<% end %>
|
|
17
15
|
</div>
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
<div id="password-credentials">
|
|
9
9
|
<div class="form-group text-center">
|
|
10
10
|
<%= f.label :email, Spree.t(:email) %>
|
|
11
|
-
<%= f.email_field :email, class: 'form-control', tabindex: 1, placeholder: Spree.t(:email) %>
|
|
11
|
+
<%= f.email_field :email, class: 'form-control', tabindex: 1, placeholder: Spree.t(:email) %>
|
|
12
12
|
</div>
|
|
13
13
|
<div class="form-group text-center">
|
|
14
14
|
<%= f.label :password, Spree.t(:password) %>
|
|
@@ -21,12 +21,12 @@
|
|
|
21
21
|
<%= f.label :remember_me do %>
|
|
22
22
|
<%= f.check_box :remember_me, :tabindex => 3 %>
|
|
23
23
|
<%= Spree.t(:remember_me) %>
|
|
24
|
-
<% end %>
|
|
24
|
+
<% end %>
|
|
25
25
|
</div>
|
|
26
26
|
<div class="col-lg-6 text-right">
|
|
27
27
|
<%= link_to Spree.t(:forgot_password), spree.admin_recover_password_path %>
|
|
28
|
-
</div>
|
|
29
|
-
</div>
|
|
28
|
+
</div>
|
|
29
|
+
</div>
|
|
30
30
|
</div>
|
|
31
31
|
<div class="form-group">
|
|
32
32
|
<%= f.submit Spree.t(:login), :class => 'btn btn-primary btn-block', :tabindex => 4 %>
|
|
@@ -7,7 +7,7 @@ RSpec.feature 'Admin - Reset Password', type: :feature do
|
|
|
7
7
|
user = create(:user, email: 'foobar@example.com', password: 'secret', password_confirmation: 'secret')
|
|
8
8
|
visit spree.admin_login_path
|
|
9
9
|
click_link 'Forgot password?'
|
|
10
|
-
fill_in 'Email', with:
|
|
10
|
+
fill_in 'Email', with: user.email
|
|
11
11
|
click_button 'Reset my password'
|
|
12
12
|
expect(page).to have_text 'You will receive an email with instructions'
|
|
13
13
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
RSpec.feature 'Admin - Sign Out', type: :feature do
|
|
1
|
+
RSpec.feature 'Admin - Sign Out', type: :feature, js: true do
|
|
2
2
|
given!(:user) do
|
|
3
3
|
create :user, email: 'email@person.com'
|
|
4
4
|
end
|
|
@@ -12,7 +12,7 @@ RSpec.feature 'Admin - Sign Out', type: :feature do
|
|
|
12
12
|
click_button Spree.t(:login)
|
|
13
13
|
end
|
|
14
14
|
|
|
15
|
-
scenario 'allows a signed in user to logout'
|
|
15
|
+
scenario 'allows a signed in user to logout' do
|
|
16
16
|
log_out
|
|
17
17
|
visit spree.admin_login_path
|
|
18
18
|
expect(page).to have_button Spree.t(:login)
|
|
@@ -35,14 +35,5 @@ describe 'Storefront API v2 Account Confirmation spec', type: :request do
|
|
|
35
35
|
expect(JSON.parse(response.body)['error']).to eq("Confirmation token is invalid")
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
|
-
|
|
39
|
-
context 'blank confirmation_token param' do
|
|
40
|
-
let(:user) { build(:user) }
|
|
41
|
-
let(:confirmation_token) { '' }
|
|
42
|
-
|
|
43
|
-
it 'return 301 status' do
|
|
44
|
-
expect(response.code).to eq('301')
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
38
|
end
|
|
48
39
|
end
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
RSpec.feature 'User update', type: :request do
|
|
4
|
+
context 'CSRF protection' do
|
|
5
|
+
%i[exception reset_session null_session].each do |strategy|
|
|
6
|
+
# Completely clean the configuration of forgery protection for the
|
|
7
|
+
# controller and reset it after the expectations. However, besides `:with`,
|
|
8
|
+
# the options given to `protect_from_forgery` are processed on the fly.
|
|
9
|
+
# I.e., there's no way to retain them. The initial setup corresponds to the
|
|
10
|
+
# dummy application, which uses the default Rails skeleton in that regard.
|
|
11
|
+
# So, if at some point Rails changed the given options, we should update it
|
|
12
|
+
# here.
|
|
13
|
+
around do |example|
|
|
14
|
+
controller = Spree::UsersController
|
|
15
|
+
old_allow_forgery_protection_value = controller.allow_forgery_protection
|
|
16
|
+
old_forgery_protection_strategy = controller.forgery_protection_strategy
|
|
17
|
+
controller.skip_forgery_protection
|
|
18
|
+
controller.allow_forgery_protection = true
|
|
19
|
+
controller.protect_from_forgery with: strategy
|
|
20
|
+
|
|
21
|
+
example.run
|
|
22
|
+
|
|
23
|
+
controller.allow_forgery_protection = old_allow_forgery_protection_value
|
|
24
|
+
controller.forgery_protection_strategy = old_forgery_protection_strategy
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
it "is not possible to take account over with the #{strategy} forgery protection strategy" do
|
|
28
|
+
user = create(:user, email: 'legit@mail.com', password: 'password')
|
|
29
|
+
|
|
30
|
+
post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
|
|
31
|
+
begin
|
|
32
|
+
put '/users/123456', params: 'user[email]=hacked@example.com'
|
|
33
|
+
rescue
|
|
34
|
+
# testing that the account is not compromised regardless of any raised
|
|
35
|
+
# exception
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
expect(user.reload.email).to eq('legit@mail.com')
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spree_auth_devise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.4.
|
|
4
|
+
version: 4.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sean Schofield
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-
|
|
12
|
+
date: 2021-12-03 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: devise
|
|
@@ -201,6 +201,7 @@ files:
|
|
|
201
201
|
- spec/models/user_spec.rb
|
|
202
202
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
|
203
203
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
|
204
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
|
204
205
|
- spec/spec_helper.rb
|
|
205
206
|
- spec/support/ability.rb
|
|
206
207
|
- spec/support/configuration_helpers.rb
|
|
@@ -212,9 +213,9 @@ licenses:
|
|
|
212
213
|
- BSD-3-Clause
|
|
213
214
|
metadata:
|
|
214
215
|
bug_tracker_uri: https://github.com/spree/spree_auth_devise/issues
|
|
215
|
-
changelog_uri: https://github.com/spree/spree_auth_devise/releases/tag/v4.4.
|
|
216
|
+
changelog_uri: https://github.com/spree/spree_auth_devise/releases/tag/v4.4.2
|
|
216
217
|
documentation_uri: https://guides.spreecommerce.org/
|
|
217
|
-
source_code_uri: https://github.com/spree/spree_auth_devise/tree/v4.4.
|
|
218
|
+
source_code_uri: https://github.com/spree/spree_auth_devise/tree/v4.4.2
|
|
218
219
|
post_install_message:
|
|
219
220
|
rdoc_options: []
|
|
220
221
|
require_paths:
|
|
@@ -231,7 +232,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
231
232
|
version: '0'
|
|
232
233
|
requirements:
|
|
233
234
|
- none
|
|
234
|
-
rubygems_version: 3.2.
|
|
235
|
+
rubygems_version: 3.2.22
|
|
235
236
|
signing_key:
|
|
236
237
|
specification_version: 4
|
|
237
238
|
summary: Provides authentication and authorization services for use with Spree by
|
|
@@ -267,6 +268,7 @@ test_files:
|
|
|
267
268
|
- spec/models/user_spec.rb
|
|
268
269
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
|
269
270
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
|
271
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
|
270
272
|
- spec/spec_helper.rb
|
|
271
273
|
- spec/support/ability.rb
|
|
272
274
|
- spec/support/configuration_helpers.rb
|