spree_auth_devise 4.1.0 → 4.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/lib/controllers/frontend/spree/users_controller.rb +6 -1
- data/spec/requests/spree/frontend/user_update_spec.rb +42 -0
- data/spree_auth_devise.gemspec +2 -2
- metadata +14 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 46ff8af21fa16c063b0f61f5993e37f93072587b1e663e58089b2ea0a028b51b
|
4
|
+
data.tar.gz: 6d7fa7607dd17ff3b6c5231bd8295c5fef51ea7620e1e459d199b39b42649858
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1eefe313a0b7cd621e9192d483624541790292872576927da6089350aaa14352faa00e0b2dd8f36d2920b9faf4776cc5287df6c5308d2bce9111ec95228f26a1
|
7
|
+
data.tar.gz: 3e941ccde2788291ec91709149786c03dab905cf142811186a43949c3ce6549b89306e8ceb7692070dbb1a7a92ef306ae0adc808d62bb18d1ad27404afbc24f0
|
data/Gemfile
CHANGED
@@ -1,14 +1,18 @@
|
|
1
1
|
class Spree::UsersController < Spree::StoreController
|
2
2
|
before_action :set_current_order, except: :show
|
3
|
-
prepend_before_action :load_object, only: [:show, :edit, :update]
|
4
3
|
prepend_before_action :authorize_actions, only: :new
|
5
4
|
|
6
5
|
include Spree::Core::ControllerHelpers
|
7
6
|
|
8
7
|
def show
|
8
|
+
load_object
|
9
9
|
@orders = @user.orders.complete.order('completed_at desc')
|
10
10
|
end
|
11
11
|
|
12
|
+
def edit
|
13
|
+
load_object
|
14
|
+
end
|
15
|
+
|
12
16
|
def create
|
13
17
|
@user = Spree.user_class.new(user_params)
|
14
18
|
if @user.save
|
@@ -24,6 +28,7 @@ class Spree::UsersController < Spree::StoreController
|
|
24
28
|
end
|
25
29
|
|
26
30
|
def update
|
31
|
+
load_object
|
27
32
|
if @user.update(user_params)
|
28
33
|
if params[:user][:password].present?
|
29
34
|
# this logic needed b/c devise wants to log us out after password changes
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
RSpec.feature 'User update', type: :request do
|
4
|
+
context 'CSRF protection' do
|
5
|
+
%i[exception reset_session null_session].each do |strategy|
|
6
|
+
# Completely clean the configuration of forgery protection for the
|
7
|
+
# controller and reset it after the expectations. However, besides `:with`,
|
8
|
+
# the options given to `protect_from_forgery` are processed on the fly.
|
9
|
+
# I.e., there's no way to retain them. The initial setup corresponds to the
|
10
|
+
# dummy application, which uses the default Rails skeleton in that regard.
|
11
|
+
# So, if at some point Rails changed the given options, we should update it
|
12
|
+
# here.
|
13
|
+
around do |example|
|
14
|
+
controller = Spree::UsersController
|
15
|
+
old_allow_forgery_protection_value = controller.allow_forgery_protection
|
16
|
+
old_forgery_protection_strategy = controller.forgery_protection_strategy
|
17
|
+
controller.skip_forgery_protection
|
18
|
+
controller.allow_forgery_protection = true
|
19
|
+
controller.protect_from_forgery with: strategy
|
20
|
+
|
21
|
+
example.run
|
22
|
+
|
23
|
+
controller.allow_forgery_protection = old_allow_forgery_protection_value
|
24
|
+
controller.forgery_protection_strategy = old_forgery_protection_strategy
|
25
|
+
end
|
26
|
+
|
27
|
+
it "is not possible to take account over with the #{strategy} forgery protection strategy" do
|
28
|
+
user = create(:user, email: 'legit@mail.com', password: 'password')
|
29
|
+
|
30
|
+
post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
|
31
|
+
begin
|
32
|
+
put '/users/123456', params: 'user[email]=hacked@example.com'
|
33
|
+
rescue
|
34
|
+
# testing that the account is not compromised regardless of any raised
|
35
|
+
# exception
|
36
|
+
end
|
37
|
+
|
38
|
+
expect(user.reload.email).to eq('legit@mail.com')
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
data/spree_auth_devise.gemspec
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.platform = Gem::Platform::RUBY
|
5
5
|
s.name = 'spree_auth_devise'
|
6
|
-
s.version = '4.1.
|
6
|
+
s.version = '4.1.1'
|
7
7
|
s.summary = 'Provides authentication and authorization services for use with Spree by using Devise and CanCan.'
|
8
8
|
s.description = s.summary
|
9
9
|
|
@@ -24,7 +24,7 @@ Gem::Specification.new do |s|
|
|
24
24
|
s.add_dependency 'devise', '~> 4.7'
|
25
25
|
s.add_dependency 'devise-encryptable', '0.2.0'
|
26
26
|
|
27
|
-
spree_version = '>= 4.1.0.alpha', '<
|
27
|
+
spree_version = '>= 4.1.0.alpha', '< 4.2'
|
28
28
|
s.add_dependency 'spree_core', spree_version
|
29
29
|
s.add_dependency 'spree_extension'
|
30
30
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spree_auth_devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.1.
|
4
|
+
version: 4.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sean Schofield
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-11-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: deface
|
@@ -61,7 +61,7 @@ dependencies:
|
|
61
61
|
version: 4.1.0.alpha
|
62
62
|
- - "<"
|
63
63
|
- !ruby/object:Gem::Version
|
64
|
-
version: '
|
64
|
+
version: '4.2'
|
65
65
|
type: :runtime
|
66
66
|
prerelease: false
|
67
67
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -71,7 +71,7 @@ dependencies:
|
|
71
71
|
version: 4.1.0.alpha
|
72
72
|
- - "<"
|
73
73
|
- !ruby/object:Gem::Version
|
74
|
-
version: '
|
74
|
+
version: '4.2'
|
75
75
|
- !ruby/object:Gem::Dependency
|
76
76
|
name: spree_extension
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|
@@ -361,7 +361,7 @@ dependencies:
|
|
361
361
|
version: 4.1.0.alpha
|
362
362
|
- - "<"
|
363
363
|
- !ruby/object:Gem::Version
|
364
|
-
version: '
|
364
|
+
version: '4.2'
|
365
365
|
type: :development
|
366
366
|
prerelease: false
|
367
367
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -371,7 +371,7 @@ dependencies:
|
|
371
371
|
version: 4.1.0.alpha
|
372
372
|
- - "<"
|
373
373
|
- !ruby/object:Gem::Version
|
374
|
-
version: '
|
374
|
+
version: '4.2'
|
375
375
|
- !ruby/object:Gem::Dependency
|
376
376
|
name: spree_frontend
|
377
377
|
requirement: !ruby/object:Gem::Requirement
|
@@ -381,7 +381,7 @@ dependencies:
|
|
381
381
|
version: 4.1.0.alpha
|
382
382
|
- - "<"
|
383
383
|
- !ruby/object:Gem::Version
|
384
|
-
version: '
|
384
|
+
version: '4.2'
|
385
385
|
type: :development
|
386
386
|
prerelease: false
|
387
387
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -391,7 +391,7 @@ dependencies:
|
|
391
391
|
version: 4.1.0.alpha
|
392
392
|
- - "<"
|
393
393
|
- !ruby/object:Gem::Version
|
394
|
-
version: '
|
394
|
+
version: '4.2'
|
395
395
|
- !ruby/object:Gem::Dependency
|
396
396
|
name: sqlite3
|
397
397
|
requirement: !ruby/object:Gem::Requirement
|
@@ -532,6 +532,7 @@ files:
|
|
532
532
|
- spec/mailers/user_mailer_spec.rb
|
533
533
|
- spec/models/order_spec.rb
|
534
534
|
- spec/models/user_spec.rb
|
535
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
535
536
|
- spec/spec_helper.rb
|
536
537
|
- spec/support/ability.rb
|
537
538
|
- spec/support/add_to_cart.rb
|
@@ -550,7 +551,7 @@ homepage: https://spreecommerce.org
|
|
550
551
|
licenses:
|
551
552
|
- BSD-3-Clause
|
552
553
|
metadata: {}
|
553
|
-
post_install_message:
|
554
|
+
post_install_message:
|
554
555
|
rdoc_options: []
|
555
556
|
require_paths:
|
556
557
|
- lib
|
@@ -566,8 +567,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
566
567
|
version: '0'
|
567
568
|
requirements:
|
568
569
|
- none
|
569
|
-
rubygems_version: 3.
|
570
|
-
signing_key:
|
570
|
+
rubygems_version: 3.1.4
|
571
|
+
signing_key:
|
571
572
|
specification_version: 4
|
572
573
|
summary: Provides authentication and authorization services for use with Spree by
|
573
574
|
using Devise and CanCan.
|
@@ -599,6 +600,7 @@ test_files:
|
|
599
600
|
- spec/mailers/user_mailer_spec.rb
|
600
601
|
- spec/models/order_spec.rb
|
601
602
|
- spec/models/user_spec.rb
|
603
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
602
604
|
- spec/spec_helper.rb
|
603
605
|
- spec/support/ability.rb
|
604
606
|
- spec/support/add_to_cart.rb
|