spree_auth_devise 4.4.2 → 4.6.0

data/lib/views/backend/spree/admin/user_passwords/edit.html.erb

@@ -1,16 +1,18 @@
-<%= render partial: 'spree/admin/shared/error_messages', locals: { target: @spree_user } %>
-
-<h2><%= Spree.t(:change_my_password) %></h2>
-
-<%= form_for @spree_user, as: :spree_user, url: spree.admin_update_password_path, method: :put do |f| %>
-  <div class="form-group">
-    <%= f.label :password, Spree.t(:password) %>
-    <%= f.password_field :password, class: 'form-control', required: true %>
+<div id="forgot-password" class="card mt-5 shadow-sm">
+  <div class="card-body">
+    <%= render partial: 'spree/admin/shared/error_messages', locals: { target: @spree_user } %>
+    <h5 class="card-title"><%= Spree.t(:change_my_password) %></h5>
+    <%= form_for @spree_user, as: :spree_user, url: spree.admin_update_password_path, method: :put do |f| %>
+      <div class="form-group">
+        <%= f.label :password, Spree.t(:password) %>
+        <%= f.password_field :password, class: 'form-control', required: true %>
+      </div>
+      <div class="form-group">
+        <%= f.label :password_confirmation, Spree.t(:confirm_password) %>
+        <%= f.password_field :password_confirmation, class: 'form-control', required: true %>
+      </div>
+      <%= f.hidden_field :reset_password_token %>
+      <%= f.submit Spree.t(:update), class: 'btn btn-primary btn-block' %>
+    <% end %>
   </div>
-  <div class="form-group">
-    <%= f.label :password_confirmation, Spree.t(:confirm_password) %>
-    <%= f.password_field :password_confirmation, class: 'form-control', required: true %>
-  </div>
-  <%= f.hidden_field :reset_password_token %>
-  <%= f.submit Spree.t(:update), class: 'btn btn-primary btn-block' %>
-<% end %>
+</div>

data/lib/views/backend/spree/admin/user_passwords/new.html.erb

@@ -1,15 +1,15 @@
-<%= render partial: 'spree/admin/shared/error_messages', locals: { target: @spree_user } %>
+<div id="forgot-password" class="card mt-5 shadow-sm">
+  <div class="card-body">
+    <%= render partial: 'spree/admin/shared/error_messages', locals: { target: @spree_user } %>
 
-<div id="forgot-password" class="col-lg-6">
-  <h1><%= Spree.t(:forgot_password) %></h1>
-
-  <p><%= Spree.t(:instructions_to_reset_password) %></p>
-
-  <%= form_for Spree.user_class.new, :as => :spree_user, :url => spree.admin_reset_password_path, data: { turbo: false } do |f| %>
-    <div class="form-group">
-      <%= f.label :email, Spree.t(:email) %>
-      <%= f.email_field :email, class: 'form-control', required: true %>
-    </div>
-    <%= f.submit Spree.t(:reset_password), class: 'btn btn-primary' %>
-  <% end %>
+    <h5 class="card-title"><%= Spree.t(:forgot_password) %></h5>
+    <p><%= Spree.t(:instructions_to_reset_password) %></p>
+    <%= form_for Spree.user_class.new, :as => :spree_user, :url => spree.admin_reset_password_path, data: { turbo: false } do |f| %>
+      <div class="form-group">
+        <%= f.label :email, Spree.t(:email) %>
+        <%= f.email_field :email, class: 'form-control', required: true %>
+      </div>
+      <%= f.submit Spree.t(:reset_password), class: 'btn btn-primary' %>
+    <% end %>
+  </div>
 </div>

data/lib/views/backend/spree/admin/user_sessions/authorization_failure.html.erb

@@ -1,4 +1,4 @@
-<div class="alert alert-danger">
+<div class="alert alert-danger m-5">
   <%= Spree.t(:authorization_failure) %>
 </div>
 <!-- Add your own custom access denied message here if you like -->

data/lib/views/backend/spree/admin/user_sessions/new.html.erb

@@ -1,17 +1,16 @@
-<% if flash[:alert] %>
-  <div class="alert alert-danger"><%= flash[:alert] %></div>
-<% end %>
-
-<div data-hook="login" class="card border-0">
+<div data-hook="login" class="card mt-5 shadow-sm">
   <div class="card-body">
+    <% if flash[:error] %>
+      <div class="alert alert-danger"><%= flash[:error] %></div>
+    <% end %>
+    <h5 class="card-title"><%= Spree.t(:login) %></h5>
+
     <%= form_for Spree.user_class.new, :as => :spree_user, :url => spree.admin_create_new_session_path do |f| %>
       <div id="password-credentials">
-        <div class="form-group text-center">
-          <%= f.label :email, Spree.t(:email) %>
+        <div class="form-group">
           <%= f.email_field :email, class: 'form-control', tabindex: 1, placeholder: Spree.t(:email) %>
         </div>
-        <div class="form-group text-center">
-          <%= f.label :password, Spree.t(:password) %>
+        <div class="form-group">
           <%= f.password_field :password, :class => 'form-control', :tabindex => 2, placeholder: Spree.t(:password) %>
         </div>
       </div>

data/lib/views/backend/spree/layouts/login.html.erb

@@ -8,7 +8,7 @@
     <%= render partial: 'spree/admin/shared/head' %>
   </head>
 
-  <body class="pt-5">
+  <body class="admin bg-light pt-5">
     <div class="container">
 
       <div class="row">

data/lib/views/frontend/spree/user_registrations/new.html.erb

@@ -3,7 +3,7 @@
 <div class="col-lg-6 offset-lg-3">
   <h3 class="spree-header spree-mb-large spree-mt-large"><%= Spree.t(:new_customer) %></h3>
   <div id="new-customer" data-hook="login">
-    <%= form_for resource, as: :spree_user, url: spree.registration_path do |f| %>
+    <%= form_for resource, as: :spree_user, url: spree.registration_path, data: { turbo: false } do |f| %>
       <div data-hook="signup_inside_form">
         <%= render partial: 'spree/shared/user_form', locals: { f: f, remember_me_field: true } %>
         <div><%= f.submit Spree.t(:sign_up), class: 'btn btn-primary btn-block spree-btn mb-5' %></div>

data/spec/controllers/spree/api/v2/storefront/passwords_controller_spec.rb

@@ -32,7 +32,7 @@ RSpec.describe Spree::Api::V2::Storefront::PasswordsController, type: :controlle
     context 'when updating password with blank password' do
       let(:params) {
         {
-          id: user.send_reset_password_instructions(Spree::Store.current),
+          id: user.send_reset_password_instructions(Spree::Store.default),
           user: {
             password: '',
             password_confirmation: ''
@@ -49,7 +49,7 @@ RSpec.describe Spree::Api::V2::Storefront::PasswordsController, type: :controlle
     context 'when updating password with specified password' do
       let(:params) {
         {
-          id: user.send_reset_password_instructions(Spree::Store.current),
+          id: user.send_reset_password_instructions(Spree::Store.default),
           user: {
             password: password,
             password_confirmation: password

data/spec/controllers/spree/checkout_controller_spec.rb

@@ -6,13 +6,14 @@ RSpec.describe Spree::CheckoutController, type: :controller do
   before do
     allow(controller).to receive(:current_order) { order }
     allow(order).to receive(:confirmation_required?) { true }
+    Spree::Store.default.update(default_locale: 'en', supported_locales: 'en,fr') if Spree.version.to_f >= 4.2
   end
 
   context '#edit' do
     context 'when registration step enabled' do
       before do
         allow(controller).to receive(:check_authorization)
-        Spree::Auth::Config.set(registration_step: true)
+        Spree::Auth::Config.set(:registration_step, true)
       end
 
       context 'when authenticated as registered user' do
@@ -29,12 +30,19 @@ RSpec.describe Spree::CheckoutController, type: :controller do
           get :edit, params: { state: 'address' }
           expect(response).to redirect_to spree.checkout_registration_path
         end
+
+        context 'non default locale' do
+          it 'redirects to registration step with non default locale' do
+            get :edit, params: { state: 'address', locale: 'fr' }
+            expect(response).to redirect_to spree.checkout_registration_path(locale: 'fr')
+          end
+        end
       end
     end
 
     context 'when registration step disabled' do
       before do
-        Spree::Auth::Config.set(registration_step: false)
+        Spree::Auth::Config.set(:registration_step, false)
         allow(controller).to receive(:check_authorization)
       end
 
@@ -84,6 +92,15 @@ RSpec.describe Spree::CheckoutController, type: :controller do
           post :update, params: { state: 'confirm' }
           expect(response).to redirect_to spree.order_path(order)
         end
+
+        context 'non default locale' do
+          it 'redirects to the tokenized order view with a non default locale' do
+            # spree version higher than 3.6 required for test to work correctly
+            request.cookie_jar.signed[:token] = 'ABC'
+            post :update, params: { state: 'confirm', locale: 'fr' }
+            expect(response).to redirect_to spree.order_path(order, locale: 'fr')
+          end
+        end
       end
 
       context 'with a registered user' do
@@ -101,6 +118,13 @@ RSpec.describe Spree::CheckoutController, type: :controller do
           post :update, params: { state: 'confirm' }
           expect(response).to redirect_to spree.order_path(order)
         end
+
+        context 'non default locale' do
+          it 'redirects to the standard order view with a non default locale' do
+            post :update, params: { state: 'confirm', locale: 'fr' }
+            expect(response).to redirect_to spree.order_path(order, locale: 'fr')
+          end
+        end
       end
     end
   end
@@ -147,6 +171,14 @@ RSpec.describe Spree::CheckoutController, type: :controller do
       expect(response).to redirect_to spree.checkout_state_path(:address)
     end
 
+    context 'non default locale' do
+      it 'redirects to the checkout_path after saving with non default locale' do
+        allow(controller).to receive(:check_authorization)
+        put :update_registration, params: { order: { email: 'jobs@spreecommerce.com' }, locale: 'fr' }
+        expect(response).to redirect_to spree.checkout_state_path(:address, locale: 'fr')
+      end
+    end
+
     it 'checks if the user is authorized for :edit' do
       if Spree.version.to_f > 3.6
         request.cookie_jar.signed[:token] = token

data/spec/controllers/spree/products_controller_spec.rb

@@ -17,6 +17,7 @@ RSpec.describe Spree::ProductsController, type: :controller do
   end
 
   it 'cannot view non-active products' do
+    skip if Spree.version.to_f > 4.0
     allow(user).to receive(:has_spree_role?) { false }
 
     # this behaviour was introduced in rails 5.1 & Spree 3.5

data/spec/controllers/spree/user_registrations_controller_spec.rb

@@ -9,6 +9,25 @@ RSpec.describe Spree::UserRegistrationsController, type: :controller do
       expect(response).to redirect_to spree.account_path
     end
 
+    context 'with non default locale' do
+      before do
+        Spree::Store.default.update(default_locale: 'en', supported_locales: 'en,fr')
+      end
+
+      after { I18n.locale = :en }
+
+      it 'redirects to account_path with locale' do
+        post :create, params: { spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' }, locale: 'fr'}
+        expect(response).to redirect_to spree.account_path(locale: 'fr')
+      end
+
+      it 'saves locale in user' do
+        post :create, params: { spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' }, locale: 'fr'}
+        user = Spree.user_class.find_by_email('foobar@example.com')
+        expect(user.selected_locale).to eq('fr')
+      end
+    end
+
     context 'with a guest token present' do
       before do
         if Spree.version.to_f > 3.6
@@ -55,4 +74,29 @@ RSpec.describe Spree::UserRegistrationsController, type: :controller do
       end
     end
   end
+
+  context 'when user session times out' do
+    let(:user) { build_stubbed(:user) }
+
+    before do
+      Spree::Store.default.update(default_locale: 'en', supported_locales: 'en,fr')
+      allow(Devise::Mapping).to receive(:find_scope!).and_return(:spree_user)
+    end
+
+    after { I18n.locale = :en }
+
+    it 'redirects to sign in after timeout' do
+      expect(controller.send(:after_inactive_sign_up_path_for, :user)).to eq(spree.login_path)
+    end
+
+    context 'with locale changed to fr' do
+      before do
+        allow(controller).to receive(:locale_param).and_return('fr')
+      end
+
+      it 'redirect to sign in after timeout with changed locale' do
+        expect(controller.send(:after_inactive_sign_up_path_for, :user)).to eq(spree.login_path('fr'))
+      end
+    end
+  end
 end

data/spec/controllers/spree/user_sessions_controller_spec.rb

@@ -200,4 +200,22 @@ RSpec.describe Spree::UserSessionsController, type: :controller do
       end
     end
   end
+
+  context "#destroy" do
+    before do
+      Spree::Store.default.update(default_locale: 'en', supported_locales: 'en,fr')
+    end
+
+    it "redirects to login page after signing out with default locale" do
+      post :create, params: { spree_user: { email: user.email, password: 'secret' }}
+      delete :destroy
+      expect(response).to redirect_to(spree.login_path)
+    end
+
+    it "persists fr locale when redirecting to login page after signing out" do
+      post :create, params: { spree_user: { email: user.email, password: 'secret' }, locale: 'fr' }
+      delete :destroy, params: { locale: 'fr' }
+      expect(response).to redirect_to spree.login_path(locale: 'fr')
+    end
+end
 end

data/spec/controllers/spree/users_controller_spec.rb

@@ -3,7 +3,10 @@ RSpec.describe Spree::UsersController, type: :controller do
   let(:user) { create(:user) }
   let(:role) { create(:role) }
 
-  before { allow(controller).to receive(:spree_current_user) { user } }
+  before do 
+    allow(controller).to receive(:spree_current_user) { user }
+    Spree::Store.default.update(default_locale: 'en', supported_locales: 'en,fr')
+  end
 
   context '#load_object' do
     it 'redirects to signup path if user is not found' do
@@ -11,6 +14,14 @@ RSpec.describe Spree::UsersController, type: :controller do
       put :update, params: { user: { email: 'foobar@example.com' } }
       expect(response).to redirect_to spree.login_path
     end
+
+    context "non default locale" do
+      it 'redirects to signup path with non default locale if user is not found' do
+        allow(controller).to receive(:spree_current_user) { nil }
+        put :update, params: { user: { email: 'foobar@example.com' }, locale: 'fr' }
+        expect(response).to redirect_to spree.login_path(locale: 'fr')
+      end
+    end
   end
 
   context '#create' do
@@ -22,10 +33,33 @@ RSpec.describe Spree::UsersController, type: :controller do
 
   context '#update' do
     context 'when updating own account' do
-      it 'performs update' do
-        put :update, params: { user: { email: 'mynew@email-address.com' } }
-        expect(assigns[:user].email).to eq 'mynew@email-address.com'
-        expect(response).to redirect_to spree.account_path
+      context 'deafult locale' do
+        before { put :update, params: { user: { email: 'mynew@email-address.com' } } }
+
+        it 'performs update of email' do
+          expect(assigns[:user].email).to eq 'mynew@email-address.com'
+        end
+
+        it 'redirects to correct path' do
+          expect(response).to redirect_to spree.account_path
+        end
+      end
+
+      context 'non default locale' do
+        before { put :update, params: { user: { email: 'mynew@email-address.com' }, locale: 'fr' } }
+
+        it 'performs update of email' do
+          expect(assigns[:user].email).to eq 'mynew@email-address.com'
+        end
+
+        it 'persists locale when redirecting to account' do
+          expect(response).to redirect_to spree.account_path(locale: 'fr')
+        end
+      end
+
+      it 'performs update of selected_locale' do
+        put :update, params: { user: { selected_locale: 'pl' } }
+        expect(assigns[:user].selected_locale).to eq 'pl'
       end
     end
 

data/spec/features/account_spec.rb

@@ -28,6 +28,7 @@ RSpec.feature 'Accounts', type: :feature do
       expect(page).to have_text 'email@person.com'
 
       find('a.account-page-user-info-item-title-edit').click
+      wait_for_turbo
 
       fill_in 'Password', with: 'foobar'
       fill_in 'Password Confirmation', with: 'foobar'

data/spec/features/admin/sign_in_spec.rb

@@ -18,6 +18,25 @@ RSpec.feature 'Admin - Sign In', type: :feature do
     expect(current_path).to eq '/account'
   end
 
+  context 'with non default locale' do
+    before do
+      add_french_locales
+      Spree::Store.default.update(default_locale: 'en', supported_locales: 'en,fr')
+      I18n.locale = :fr
+    end
+
+    after { I18n.locale = :en }
+
+    scenario 'lets a user sign in successfully', js: true do
+      log_in(email: @user.email, password: 'secret', locale: 'fr')
+      show_user_menu
+  
+      expect(page).not_to have_text login_button.upcase
+      expect(page).to have_text logout_button.upcase
+      expect(current_path).to eq '/fr/account'
+    end
+  end
+
   scenario 'shows validation errors' do
     fill_in 'Email', with: @user.email
     fill_in 'Password', with: 'wrong_password'
@@ -44,6 +63,6 @@ RSpec.feature 'Admin - Sign In', type: :feature do
         expect(page).to have_text 'admin@person.com'
       end
     end
-    expect(current_path).to eq '/admin/orders'
+    expect(current_path).to match('/admin')
   end
 end

data/spec/features/checkout_spec.rb

@@ -30,7 +30,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
     end
 
     scenario 'allow a visitor to checkout as guest, without registration' do
-      Spree::Auth::Config.set(registration_step: true)
+      Spree::Auth::Config.set(:registration_step, true)
       add_to_cart(mug)
       click_link 'checkout'
 
@@ -73,7 +73,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
     end
 
     # Regression test for #890
-    scenario 'associate an incomplete guest order with user after successful password reset' do
+    xscenario 'associate an incomplete guest order with user after successful password reset' do
       add_to_cart(mug)
 
       visit spree.login_path
@@ -81,12 +81,12 @@ RSpec.feature 'Checkout', :js, type: :feature do
       fill_in('Email', with: 'email@person.com')
       find('#spree_user_email').set('email@person.com')
 
-      click_button 'Reset my password'
+      expect { click_button 'Reset my password' }.to change { ActionMailer::Base.deliveries.size }.by(1)
 
       # Need to do this now because the token stored in the DB is the encrypted version
       # The 'plain-text' version is sent in the email and there's one way to get that!
       reset_password_email = ActionMailer::Base.deliveries.first
-      token_url_regex = /^http:\/\/www.example.com\/user\/spree_user\/password\/edit\?reset_password_token=(.*)$/
+      token_url_regex = /^http:\/\/www.example.com\/password\/change\?reset_password_token=(.*)$/
       token = token_url_regex.match(reset_password_email.body.encoded)[1]
 
       visit spree.edit_spree_user_password_path(reset_password_token: token.strip).tr("%0D","")
@@ -103,6 +103,7 @@ RSpec.feature 'Checkout', :js, type: :feature do
       click_button 'Save and Continue'
 
       expect(page).not_to have_text 'Email is invalid'
+      ActiveJob::Base.queue_adapter = :test
     end
 
     scenario 'allow a user to register during checkout' do

data/spec/features/confirmation_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 RSpec.feature 'Confirmation', type: :feature, confirmable: true do
   before do
-    expect(Spree::UserMailer).to receive(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.current.id }).and_return(double(deliver: true))
+    expect(Spree::UserMailer).to receive(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.default.id }).and_return(double(deliver: true))
   end
 
   background do

data/spec/features/sign_in_spec.rb

@@ -45,7 +45,7 @@ RSpec.feature 'Sign In', type: :feature do
         expect(page).to have_text 'admin@person.com'
       end
     end
-    expect(current_path).to eq '/admin/orders'
+    expect(current_path).to match('/admin')
   end
 
   it 'should store the user previous location' do
@@ -74,7 +74,7 @@ RSpec.feature 'Sign In', type: :feature do
 
       expect(page).not_to have_text Spree.t(:login).upcase
       expect(page).to have_text Spree.t(:logout).upcase
-      expect(current_url).to match(/\/account\?locale\=fr$/)
+      expect(current_url).to match(/\/fr\/account/)
     end
   end
 end

data/spec/mailers/user_mailer_spec.rb

@@ -5,7 +5,7 @@ RSpec.describe Spree::UserMailer, type: :mailer do
   describe '#reset_password_instructions' do
     describe 'message contents' do
       before do
-        @message = described_class.reset_password_instructions(user, 'token goes here', { current_store_id: Spree::Store.current.id })
+        @message = described_class.reset_password_instructions(user, 'token goes here', { current_store_id: Spree::Store.default.id })
       end
 
       context 'subject includes' do
@@ -22,7 +22,7 @@ RSpec.describe Spree::UserMailer, type: :mailer do
 
       context 'body includes' do
         it 'password reset url' do
-          expect(@message.body.encoded).to include "http://#{store.url}/user/spree_user/password/edit"
+          expect(@message.body.encoded).to include "http://#{store.url}/password/change"
         end
       end
     end
@@ -30,7 +30,7 @@ RSpec.describe Spree::UserMailer, type: :mailer do
     describe 'legacy support for User object' do
       it 'sends an email' do
         expect {
-          described_class.reset_password_instructions(user, 'token goes here', { current_store_id: Spree::Store.current.id }).deliver_now
+          described_class.reset_password_instructions(user, 'token goes here', { current_store_id: Spree::Store.default.id }).deliver_now
         }.to change(ActionMailer::Base.deliveries, :size).by(1)
       end
     end

data/spec/models/user_spec.rb

@@ -9,7 +9,7 @@ RSpec.describe Spree::User, type: :model do
 
   it 'generates the reset password token' do
     user = build(:user)
-    current_store = Spree::Store.current
+    current_store = Spree::Store.default
     expect(Spree::UserMailer).to receive(:reset_password_instructions).with(user, anything, { current_store_id: current_store.id }).and_return(double(deliver: true))
     user.send_reset_password_instructions(current_store)
     expect(user.reset_password_token).not_to be_nil
@@ -94,7 +94,7 @@ RSpec.describe Spree::User, type: :model do
 
   describe "confirmable" do
     it "is confirmable if the confirmable option is enabled", confirmable: true do
-      Spree::UserMailer.stub(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.current.id }).and_return(double(deliver: true))
+      Spree::UserMailer.stub(:confirmation_instructions).with(anything, anything, { current_store_id: Spree::Store.default.id }).and_return(double(deliver: true))
       expect(Spree.user_class.devise_modules).to include(:confirmable)
     end
 
@@ -112,7 +112,7 @@ RSpec.describe Spree::User, type: :model do
         user.email = FFaker::Internet.email
         user.password = user.password_confirmation = 'pass1234'
         user.save
-        
+
         expect(Spree::UserMailer).to receive(:confirmation_instructions).with(
           user, anything, { current_store_id: default_store.id }).and_return(double(deliver: true)
         )

data/spec/support/configuration_helpers.rb

@@ -1,6 +1,6 @@
 module ConfigurationHelpers
   def allow_bypass_sign_in
-    Spree::Auth::Config.set(signout_after_password_change: false)
+    Spree::Auth::Config.set(:signout_after_password_change, false)
   end
 end
 

data/spec/support/confirm_helpers.rb

@@ -1,12 +1,14 @@
 RSpec.configure do |config|
   config.around do |example|
     if example.metadata.key?(:confirmable)
+      old_setting = Spree::Auth::Config.confirmable
       old_user = Spree::User
 
       begin
         example.run
       ensure
         Spree.const_set('User', old_user)
+        Spree::Auth::Config.confirmable = old_setting
       end
     else
       example.run
@@ -16,7 +18,7 @@ RSpec.configure do |config|
   config.before do |example|
     if example.metadata.key?(:confirmable)
       Rails.cache.clear
-      Spree::Auth::Config[:confirmable] = example.metadata[:confirmable]
+      Spree::Auth::Config.confirmable = example.metadata[:confirmable]
 
       Spree.send(:remove_const, :User)
       load File.expand_path('../../../app/models/spree/user.rb', __FILE__)

data/spree_auth_devise.gemspec

@@ -33,7 +33,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'devise', '~> 4.7'
   s.add_dependency 'devise-encryptable', '0.2.0'
 
-  spree_version = '>= 4.3.0.rc1'
+  spree_version = '>= 4.5.0'
   s.add_dependency 'spree_core', spree_version
   s.add_dependency 'spree_extension'