spree_auth_devise 4.0.0 → 4.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0a4c46da7628319c592ae1a9675173fd8add8ca34dbb6fd7d5ffdb92345207c2
|
4
|
+
data.tar.gz: e6d9d38bc3e2fa09ff21fc024193160d04f2ba89c4439d8703b6a19f058a6fcd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7f0c22c01027c613ab423d73af40ce43f02d4a14e26c76865ecd5a381943c2049366c52f2386697c4fa6a394c15d10b91da06b47d563a6f0081e897e948f77a5
|
7
|
+
data.tar.gz: 235a7977bb12281f9c3a0f00c0b99b59f7ee63d609b34e413ab530b1e2fde43384bc82e0dce91b784abf8f3518ae72a61d022916ceaa110394466e1aff854f39
|
@@ -1,11 +1,11 @@
|
|
1
1
|
class Spree::UsersController < Spree::StoreController
|
2
|
-
|
3
|
-
prepend_before_action :load_object, only: [:show, :edit, :update]
|
2
|
+
skip_before_action :set_current_order, only: :show
|
4
3
|
prepend_before_action :authorize_actions, only: :new
|
5
4
|
|
6
5
|
include Spree::Core::ControllerHelpers
|
7
6
|
|
8
7
|
def show
|
8
|
+
load_object
|
9
9
|
@orders = @user.orders.complete.order('completed_at desc')
|
10
10
|
end
|
11
11
|
|
@@ -23,7 +23,12 @@ class Spree::UsersController < Spree::StoreController
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
|
+
def edit
|
27
|
+
load_object
|
28
|
+
end
|
29
|
+
|
26
30
|
def update
|
31
|
+
load_object
|
27
32
|
if @user.update(user_params)
|
28
33
|
if params[:user][:password].present?
|
29
34
|
# this logic needed b/c devise wants to log us out after password changes
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
RSpec.feature 'User update', type: :request do
|
4
|
+
context 'CSRF protection' do
|
5
|
+
%i[exception reset_session null_session].each do |strategy|
|
6
|
+
# Completely clean the configuration of forgery protection for the
|
7
|
+
# controller and reset it after the expectations. However, besides `:with`,
|
8
|
+
# the options given to `protect_from_forgery` are processed on the fly.
|
9
|
+
# I.e., there's no way to retain them. The initial setup corresponds to the
|
10
|
+
# dummy application, which uses the default Rails skeleton in that regard.
|
11
|
+
# So, if at some point Rails changed the given options, we should update it
|
12
|
+
# here.
|
13
|
+
around do |example|
|
14
|
+
controller = Spree::UsersController
|
15
|
+
old_allow_forgery_protection_value = controller.allow_forgery_protection
|
16
|
+
old_forgery_protection_strategy = controller.forgery_protection_strategy
|
17
|
+
controller.skip_forgery_protection
|
18
|
+
controller.allow_forgery_protection = true
|
19
|
+
controller.protect_from_forgery with: strategy
|
20
|
+
|
21
|
+
example.run
|
22
|
+
|
23
|
+
controller.allow_forgery_protection = old_allow_forgery_protection_value
|
24
|
+
controller.forgery_protection_strategy = old_forgery_protection_strategy
|
25
|
+
end
|
26
|
+
|
27
|
+
it "is not possible to take account over with the #{strategy} forgery protection strategy" do
|
28
|
+
user = create(:user, email: 'legit@mail.com', password: 'password')
|
29
|
+
|
30
|
+
post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
|
31
|
+
begin
|
32
|
+
put '/users/123456', params: 'user[email]=hacked@example.com'
|
33
|
+
rescue
|
34
|
+
# testing that the account is not compromised regardless of any raised
|
35
|
+
# exception
|
36
|
+
end
|
37
|
+
|
38
|
+
expect(user.reload.email).to eq('legit@mail.com')
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
data/spree_auth_devise.gemspec
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.platform = Gem::Platform::RUBY
|
5
5
|
s.name = 'spree_auth_devise'
|
6
|
-
s.version = '4.0.
|
6
|
+
s.version = '4.0.1'
|
7
7
|
s.summary = 'Provides authentication and authorization services for use with Spree by using Devise and CanCan.'
|
8
8
|
s.description = s.summary
|
9
9
|
|
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
|
|
22
22
|
s.add_dependency 'devise', '~> 4.7'
|
23
23
|
s.add_dependency 'devise-encryptable', '0.2.0'
|
24
24
|
|
25
|
-
spree_version = '>= 3.1.0', '<
|
25
|
+
spree_version = '>= 3.1.0', '< 4.1'
|
26
26
|
s.add_dependency 'spree_core', spree_version
|
27
27
|
s.add_dependency 'spree_extension'
|
28
28
|
s.add_dependency 'deface', '~> 1.0'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spree_auth_devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.0.
|
4
|
+
version: 4.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sean Schofield
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-11-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: devise
|
@@ -47,7 +47,7 @@ dependencies:
|
|
47
47
|
version: 3.1.0
|
48
48
|
- - "<"
|
49
49
|
- !ruby/object:Gem::Version
|
50
|
-
version: '
|
50
|
+
version: '4.1'
|
51
51
|
type: :runtime
|
52
52
|
prerelease: false
|
53
53
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -57,7 +57,7 @@ dependencies:
|
|
57
57
|
version: 3.1.0
|
58
58
|
- - "<"
|
59
59
|
- !ruby/object:Gem::Version
|
60
|
-
version: '
|
60
|
+
version: '4.1'
|
61
61
|
- !ruby/object:Gem::Dependency
|
62
62
|
name: spree_extension
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -319,7 +319,7 @@ dependencies:
|
|
319
319
|
version: 3.1.0
|
320
320
|
- - "<"
|
321
321
|
- !ruby/object:Gem::Version
|
322
|
-
version: '
|
322
|
+
version: '4.1'
|
323
323
|
type: :development
|
324
324
|
prerelease: false
|
325
325
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -329,7 +329,7 @@ dependencies:
|
|
329
329
|
version: 3.1.0
|
330
330
|
- - "<"
|
331
331
|
- !ruby/object:Gem::Version
|
332
|
-
version: '
|
332
|
+
version: '4.1'
|
333
333
|
- !ruby/object:Gem::Dependency
|
334
334
|
name: spree_frontend
|
335
335
|
requirement: !ruby/object:Gem::Requirement
|
@@ -339,7 +339,7 @@ dependencies:
|
|
339
339
|
version: 3.1.0
|
340
340
|
- - "<"
|
341
341
|
- !ruby/object:Gem::Version
|
342
|
-
version: '
|
342
|
+
version: '4.1'
|
343
343
|
type: :development
|
344
344
|
prerelease: false
|
345
345
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -349,7 +349,7 @@ dependencies:
|
|
349
349
|
version: 3.1.0
|
350
350
|
- - "<"
|
351
351
|
- !ruby/object:Gem::Version
|
352
|
-
version: '
|
352
|
+
version: '4.1'
|
353
353
|
- !ruby/object:Gem::Dependency
|
354
354
|
name: sqlite3
|
355
355
|
requirement: !ruby/object:Gem::Requirement
|
@@ -504,6 +504,7 @@ files:
|
|
504
504
|
- spec/mailers/user_mailer_spec.rb
|
505
505
|
- spec/models/order_spec.rb
|
506
506
|
- spec/models/user_spec.rb
|
507
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
507
508
|
- spec/spec_helper.rb
|
508
509
|
- spec/support/ability.rb
|
509
510
|
- spec/support/add_to_cart.rb
|
@@ -522,7 +523,7 @@ homepage: https://spreecommerce.org
|
|
522
523
|
licenses:
|
523
524
|
- BSD-3-Clause
|
524
525
|
metadata: {}
|
525
|
-
post_install_message:
|
526
|
+
post_install_message:
|
526
527
|
rdoc_options: []
|
527
528
|
require_paths:
|
528
529
|
- lib
|
@@ -538,8 +539,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
538
539
|
version: '0'
|
539
540
|
requirements:
|
540
541
|
- none
|
541
|
-
rubygems_version: 3.
|
542
|
-
signing_key:
|
542
|
+
rubygems_version: 3.1.4
|
543
|
+
signing_key:
|
543
544
|
specification_version: 4
|
544
545
|
summary: Provides authentication and authorization services for use with Spree by
|
545
546
|
using Devise and CanCan.
|
@@ -571,6 +572,7 @@ test_files:
|
|
571
572
|
- spec/mailers/user_mailer_spec.rb
|
572
573
|
- spec/models/order_spec.rb
|
573
574
|
- spec/models/user_spec.rb
|
575
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
574
576
|
- spec/spec_helper.rb
|
575
577
|
- spec/support/ability.rb
|
576
578
|
- spec/support/add_to_cart.rb
|