spree_auth_devise 4.0.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa05d3638b5f55b4d34d7fac9d9eb3cddf96eeb473f1d08fb6fc8ca479095e93
4
- data.tar.gz: 5199a26bce744922a94d8364061020c9a7e7d45c7631398a19879a780b619ed5
3
+ metadata.gz: 0a4c46da7628319c592ae1a9675173fd8add8ca34dbb6fd7d5ffdb92345207c2
4
+ data.tar.gz: e6d9d38bc3e2fa09ff21fc024193160d04f2ba89c4439d8703b6a19f058a6fcd
5
5
  SHA512:
6
- metadata.gz: b773b386f23743e4097751f8e471f34f984a4e34c6f20638ae6e011605c11dbb459d56c898c7b729053b59eafb30fd8aff3f481cd6dc8dda674c71cd668ba406
7
- data.tar.gz: dbf83d876e7b4a8c86b8776e56462ab4c7cc33105db55d944d920cbbc96415ce4516fb981e9105650096591b400e38f4a00fd5a9da11518b710dc04d6d8636b0
6
+ metadata.gz: 7f0c22c01027c613ab423d73af40ce43f02d4a14e26c76865ecd5a381943c2049366c52f2386697c4fa6a394c15d10b91da06b47d563a6f0081e897e948f77a5
7
+ data.tar.gz: 235a7977bb12281f9c3a0f00c0b99b59f7ee63d609b34e413ab530b1e2fde43384bc82e0dce91b784abf8f3518ae72a61d022916ceaa110394466e1aff854f39
@@ -1,11 +1,11 @@
1
1
  class Spree::UsersController < Spree::StoreController
2
- skip_before_action :set_current_order, only: :show
3
- prepend_before_action :load_object, only: [:show, :edit, :update]
2
+ skip_before_action :set_current_order, only: :show
4
3
  prepend_before_action :authorize_actions, only: :new
5
4
 
6
5
  include Spree::Core::ControllerHelpers
7
6
 
8
7
  def show
8
+ load_object
9
9
  @orders = @user.orders.complete.order('completed_at desc')
10
10
  end
11
11
 
@@ -23,7 +23,12 @@ class Spree::UsersController < Spree::StoreController
23
23
  end
24
24
  end
25
25
 
26
+ def edit
27
+ load_object
28
+ end
29
+
26
30
  def update
31
+ load_object
27
32
  if @user.update(user_params)
28
33
  if params[:user][:password].present?
29
34
  # this logic needed b/c devise wants to log us out after password changes
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+
3
+ RSpec.feature 'User update', type: :request do
4
+ context 'CSRF protection' do
5
+ %i[exception reset_session null_session].each do |strategy|
6
+ # Completely clean the configuration of forgery protection for the
7
+ # controller and reset it after the expectations. However, besides `:with`,
8
+ # the options given to `protect_from_forgery` are processed on the fly.
9
+ # I.e., there's no way to retain them. The initial setup corresponds to the
10
+ # dummy application, which uses the default Rails skeleton in that regard.
11
+ # So, if at some point Rails changed the given options, we should update it
12
+ # here.
13
+ around do |example|
14
+ controller = Spree::UsersController
15
+ old_allow_forgery_protection_value = controller.allow_forgery_protection
16
+ old_forgery_protection_strategy = controller.forgery_protection_strategy
17
+ controller.skip_forgery_protection
18
+ controller.allow_forgery_protection = true
19
+ controller.protect_from_forgery with: strategy
20
+
21
+ example.run
22
+
23
+ controller.allow_forgery_protection = old_allow_forgery_protection_value
24
+ controller.forgery_protection_strategy = old_forgery_protection_strategy
25
+ end
26
+
27
+ it "is not possible to take account over with the #{strategy} forgery protection strategy" do
28
+ user = create(:user, email: 'legit@mail.com', password: 'password')
29
+
30
+ post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
31
+ begin
32
+ put '/users/123456', params: 'user[email]=hacked@example.com'
33
+ rescue
34
+ # testing that the account is not compromised regardless of any raised
35
+ # exception
36
+ end
37
+
38
+ expect(user.reload.email).to eq('legit@mail.com')
39
+ end
40
+ end
41
+ end
42
+ end
@@ -3,7 +3,7 @@
3
3
  Gem::Specification.new do |s|
4
4
  s.platform = Gem::Platform::RUBY
5
5
  s.name = 'spree_auth_devise'
6
- s.version = '4.0.0'
6
+ s.version = '4.0.1'
7
7
  s.summary = 'Provides authentication and authorization services for use with Spree by using Devise and CanCan.'
8
8
  s.description = s.summary
9
9
 
@@ -22,7 +22,7 @@ Gem::Specification.new do |s|
22
22
  s.add_dependency 'devise', '~> 4.7'
23
23
  s.add_dependency 'devise-encryptable', '0.2.0'
24
24
 
25
- spree_version = '>= 3.1.0', '< 5.0'
25
+ spree_version = '>= 3.1.0', '< 4.1'
26
26
  s.add_dependency 'spree_core', spree_version
27
27
  s.add_dependency 'spree_extension'
28
28
  s.add_dependency 'deface', '~> 1.0'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spree_auth_devise
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.0.0
4
+ version: 4.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sean Schofield
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-09-30 00:00:00.000000000 Z
11
+ date: 2021-11-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -47,7 +47,7 @@ dependencies:
47
47
  version: 3.1.0
48
48
  - - "<"
49
49
  - !ruby/object:Gem::Version
50
- version: '5.0'
50
+ version: '4.1'
51
51
  type: :runtime
52
52
  prerelease: false
53
53
  version_requirements: !ruby/object:Gem::Requirement
@@ -57,7 +57,7 @@ dependencies:
57
57
  version: 3.1.0
58
58
  - - "<"
59
59
  - !ruby/object:Gem::Version
60
- version: '5.0'
60
+ version: '4.1'
61
61
  - !ruby/object:Gem::Dependency
62
62
  name: spree_extension
63
63
  requirement: !ruby/object:Gem::Requirement
@@ -319,7 +319,7 @@ dependencies:
319
319
  version: 3.1.0
320
320
  - - "<"
321
321
  - !ruby/object:Gem::Version
322
- version: '5.0'
322
+ version: '4.1'
323
323
  type: :development
324
324
  prerelease: false
325
325
  version_requirements: !ruby/object:Gem::Requirement
@@ -329,7 +329,7 @@ dependencies:
329
329
  version: 3.1.0
330
330
  - - "<"
331
331
  - !ruby/object:Gem::Version
332
- version: '5.0'
332
+ version: '4.1'
333
333
  - !ruby/object:Gem::Dependency
334
334
  name: spree_frontend
335
335
  requirement: !ruby/object:Gem::Requirement
@@ -339,7 +339,7 @@ dependencies:
339
339
  version: 3.1.0
340
340
  - - "<"
341
341
  - !ruby/object:Gem::Version
342
- version: '5.0'
342
+ version: '4.1'
343
343
  type: :development
344
344
  prerelease: false
345
345
  version_requirements: !ruby/object:Gem::Requirement
@@ -349,7 +349,7 @@ dependencies:
349
349
  version: 3.1.0
350
350
  - - "<"
351
351
  - !ruby/object:Gem::Version
352
- version: '5.0'
352
+ version: '4.1'
353
353
  - !ruby/object:Gem::Dependency
354
354
  name: sqlite3
355
355
  requirement: !ruby/object:Gem::Requirement
@@ -504,6 +504,7 @@ files:
504
504
  - spec/mailers/user_mailer_spec.rb
505
505
  - spec/models/order_spec.rb
506
506
  - spec/models/user_spec.rb
507
+ - spec/requests/spree/frontend/user_update_spec.rb
507
508
  - spec/spec_helper.rb
508
509
  - spec/support/ability.rb
509
510
  - spec/support/add_to_cart.rb
@@ -522,7 +523,7 @@ homepage: https://spreecommerce.org
522
523
  licenses:
523
524
  - BSD-3-Clause
524
525
  metadata: {}
525
- post_install_message:
526
+ post_install_message:
526
527
  rdoc_options: []
527
528
  require_paths:
528
529
  - lib
@@ -538,8 +539,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
538
539
  version: '0'
539
540
  requirements:
540
541
  - none
541
- rubygems_version: 3.0.2
542
- signing_key:
542
+ rubygems_version: 3.1.4
543
+ signing_key:
543
544
  specification_version: 4
544
545
  summary: Provides authentication and authorization services for use with Spree by
545
546
  using Devise and CanCan.
@@ -571,6 +572,7 @@ test_files:
571
572
  - spec/mailers/user_mailer_spec.rb
572
573
  - spec/models/order_spec.rb
573
574
  - spec/models/user_spec.rb
575
+ - spec/requests/spree/frontend/user_update_spec.rb
574
576
  - spec/spec_helper.rb
575
577
  - spec/support/ability.rb
576
578
  - spec/support/add_to_cart.rb