spree_auth_devise 4.2.0 → 4.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/app/controllers/spree/user_confirmations_controller.rb +10 -1
- data/app/controllers/spree/user_passwords_controller.rb +10 -3
- data/app/controllers/spree/user_registrations_controller.rb +10 -3
- data/app/controllers/spree/user_sessions_controller.rb +10 -3
- data/lib/controllers/frontend/spree/users_controller.rb +6 -1
- data/spec/requests/spree/frontend/user_update_spec.rb +42 -0
- data/spree_auth_devise.gemspec +2 -2
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7cd5aef076f37e51acf8e77f9dc7aa8c14b3c38d38bb58c689fca12e59d6fc82
|
|
4
|
+
data.tar.gz: df4827dc1c68ed09ad300257ae97c9a10ad88e564a629bff09cd9b8568df9c6f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4a07f459d80a0260fd2a19a875d0ea6f392768c7d4a33db41574a238231e5a68234dc1e73c35d2287fb4eb73d9f30f9ac0ea1cbfb86af35fe5418fb061daf116
|
|
7
|
+
data.tar.gz: b14f4d2f862e49522de9f4704baa56bb81f876185ee693e27171a5ba68eb1abe5cc2c527a2fe8e4c1dfc01620765093d4edd8d62ca98471633f9163af2fd4eda
|
data/Gemfile
CHANGED
|
@@ -6,7 +6,16 @@ class Spree::UserConfirmationsController < Devise::ConfirmationsController
|
|
|
6
6
|
include Spree::Core::ControllerHelpers::Order
|
|
7
7
|
include Spree::Core::ControllerHelpers::Store
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
include SpreeI18n::ControllerLocaleHelper if defined?(SpreeI18n::ControllerLocaleHelper)
|
|
10
|
+
|
|
11
|
+
include Spree::Core::ControllerHelpers::Currency if defined?(Spree::Core::ControllerHelpers::Currency)
|
|
12
|
+
include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
|
|
13
|
+
|
|
14
|
+
include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
|
|
15
|
+
|
|
16
|
+
helper 'spree/locale' if defined?(Spree::LocaleHelper)
|
|
17
|
+
helper 'spree/currency' if defined?(Spree::CurrencyHelper)
|
|
18
|
+
helper 'spree/store' if defined?(Spree::StoreHelper)
|
|
10
19
|
|
|
11
20
|
# GET /resource/confirmation?confirmation_token=abcdef
|
|
12
21
|
def show
|
|
@@ -6,9 +6,16 @@ class Spree::UserPasswordsController < Devise::PasswordsController
|
|
|
6
6
|
include Spree::Core::ControllerHelpers::Order
|
|
7
7
|
include Spree::Core::ControllerHelpers::Store
|
|
8
8
|
|
|
9
|
-
if defined?(SpreeI18n::ControllerLocaleHelper)
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
include SpreeI18n::ControllerLocaleHelper if defined?(SpreeI18n::ControllerLocaleHelper)
|
|
10
|
+
|
|
11
|
+
include Spree::Core::ControllerHelpers::Currency if defined?(Spree::Core::ControllerHelpers::Currency)
|
|
12
|
+
include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
|
|
13
|
+
|
|
14
|
+
include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
|
|
15
|
+
|
|
16
|
+
helper 'spree/locale' if defined?(Spree::LocaleHelper)
|
|
17
|
+
helper 'spree/currency' if defined?(Spree::CurrencyHelper)
|
|
18
|
+
helper 'spree/store' if defined?(Spree::StoreHelper)
|
|
12
19
|
|
|
13
20
|
before_action :set_current_order
|
|
14
21
|
|
|
@@ -6,9 +6,16 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
|
|
|
6
6
|
include Spree::Core::ControllerHelpers::Order
|
|
7
7
|
include Spree::Core::ControllerHelpers::Store
|
|
8
8
|
|
|
9
|
-
if defined?(SpreeI18n::ControllerLocaleHelper)
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
include SpreeI18n::ControllerLocaleHelper if defined?(SpreeI18n::ControllerLocaleHelper)
|
|
10
|
+
|
|
11
|
+
include Spree::Core::ControllerHelpers::Currency if defined?(Spree::Core::ControllerHelpers::Currency)
|
|
12
|
+
include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
|
|
13
|
+
|
|
14
|
+
include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
|
|
15
|
+
|
|
16
|
+
helper 'spree/locale' if defined?(Spree::LocaleHelper)
|
|
17
|
+
helper 'spree/currency' if defined?(Spree::CurrencyHelper)
|
|
18
|
+
helper 'spree/store' if defined?(Spree::StoreHelper)
|
|
12
19
|
|
|
13
20
|
before_action :check_permissions, only: [:edit, :update]
|
|
14
21
|
before_action :set_current_order
|
|
@@ -6,9 +6,16 @@ class Spree::UserSessionsController < Devise::SessionsController
|
|
|
6
6
|
include Spree::Core::ControllerHelpers::Order
|
|
7
7
|
include Spree::Core::ControllerHelpers::Store
|
|
8
8
|
|
|
9
|
-
if defined?(SpreeI18n::ControllerLocaleHelper)
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
include SpreeI18n::ControllerLocaleHelper if defined?(SpreeI18n::ControllerLocaleHelper)
|
|
10
|
+
|
|
11
|
+
include Spree::Core::ControllerHelpers::Currency if defined?(Spree::Core::ControllerHelpers::Currency)
|
|
12
|
+
include Spree::Core::ControllerHelpers::Locale if defined?(Spree::Core::ControllerHelpers::Locale)
|
|
13
|
+
|
|
14
|
+
include Spree::LocaleUrls if defined?(Spree::LocaleUrls)
|
|
15
|
+
|
|
16
|
+
helper 'spree/locale' if defined?(Spree::LocaleHelper)
|
|
17
|
+
helper 'spree/currency' if defined?(Spree::CurrencyHelper)
|
|
18
|
+
helper 'spree/store' if defined?(Spree::StoreHelper)
|
|
12
19
|
|
|
13
20
|
before_action :set_current_order
|
|
14
21
|
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
class Spree::UsersController < Spree::StoreController
|
|
2
2
|
before_action :set_current_order, except: :show
|
|
3
|
-
prepend_before_action :load_object, only: [:show, :edit, :update]
|
|
4
3
|
prepend_before_action :authorize_actions, only: :new
|
|
5
4
|
|
|
6
5
|
include Spree::Core::ControllerHelpers
|
|
7
6
|
|
|
8
7
|
def show
|
|
8
|
+
load_object
|
|
9
9
|
@orders = @user.orders.complete.order('completed_at desc')
|
|
10
10
|
end
|
|
11
11
|
|
|
@@ -23,7 +23,12 @@ class Spree::UsersController < Spree::StoreController
|
|
|
23
23
|
end
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
+
def edit
|
|
27
|
+
load_object
|
|
28
|
+
end
|
|
29
|
+
|
|
26
30
|
def update
|
|
31
|
+
load_object
|
|
27
32
|
if @user.update(user_params)
|
|
28
33
|
if params[:user][:password].present?
|
|
29
34
|
# this logic needed b/c devise wants to log us out after password changes
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
RSpec.feature 'User update', type: :request do
|
|
4
|
+
context 'CSRF protection' do
|
|
5
|
+
%i[exception reset_session null_session].each do |strategy|
|
|
6
|
+
# Completely clean the configuration of forgery protection for the
|
|
7
|
+
# controller and reset it after the expectations. However, besides `:with`,
|
|
8
|
+
# the options given to `protect_from_forgery` are processed on the fly.
|
|
9
|
+
# I.e., there's no way to retain them. The initial setup corresponds to the
|
|
10
|
+
# dummy application, which uses the default Rails skeleton in that regard.
|
|
11
|
+
# So, if at some point Rails changed the given options, we should update it
|
|
12
|
+
# here.
|
|
13
|
+
around do |example|
|
|
14
|
+
controller = Spree::UsersController
|
|
15
|
+
old_allow_forgery_protection_value = controller.allow_forgery_protection
|
|
16
|
+
old_forgery_protection_strategy = controller.forgery_protection_strategy
|
|
17
|
+
controller.skip_forgery_protection
|
|
18
|
+
controller.allow_forgery_protection = true
|
|
19
|
+
controller.protect_from_forgery with: strategy
|
|
20
|
+
|
|
21
|
+
example.run
|
|
22
|
+
|
|
23
|
+
controller.allow_forgery_protection = old_allow_forgery_protection_value
|
|
24
|
+
controller.forgery_protection_strategy = old_forgery_protection_strategy
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
it "is not possible to take account over with the #{strategy} forgery protection strategy" do
|
|
28
|
+
user = create(:user, email: 'legit@mail.com', password: 'password')
|
|
29
|
+
|
|
30
|
+
post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
|
|
31
|
+
begin
|
|
32
|
+
put '/users/123456', params: 'user[email]=hacked@example.com'
|
|
33
|
+
rescue
|
|
34
|
+
# testing that the account is not compromised regardless of any raised
|
|
35
|
+
# exception
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
expect(user.reload.email).to eq('legit@mail.com')
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
data/spree_auth_devise.gemspec
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.platform = Gem::Platform::RUBY
|
|
5
5
|
s.name = 'spree_auth_devise'
|
|
6
|
-
s.version = '4.2.
|
|
6
|
+
s.version = '4.2.1'
|
|
7
7
|
s.summary = 'Provides authentication and authorization services for use with Spree by using Devise and CanCan.'
|
|
8
8
|
s.description = s.summary
|
|
9
9
|
|
|
@@ -24,7 +24,7 @@ Gem::Specification.new do |s|
|
|
|
24
24
|
s.add_dependency 'devise', '~> 4.7'
|
|
25
25
|
s.add_dependency 'devise-encryptable', '0.2.0'
|
|
26
26
|
|
|
27
|
-
spree_version = '>= 4.1', '<
|
|
27
|
+
spree_version = '>= 4.1', '< 4.3'
|
|
28
28
|
s.add_dependency 'spree_core', spree_version
|
|
29
29
|
s.add_dependency 'spree_extension'
|
|
30
30
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: spree_auth_devise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.2.
|
|
4
|
+
version: 4.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sean Schofield
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-11-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: deface
|
|
@@ -61,7 +61,7 @@ dependencies:
|
|
|
61
61
|
version: '4.1'
|
|
62
62
|
- - "<"
|
|
63
63
|
- !ruby/object:Gem::Version
|
|
64
|
-
version: '
|
|
64
|
+
version: '4.3'
|
|
65
65
|
type: :runtime
|
|
66
66
|
prerelease: false
|
|
67
67
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -71,7 +71,7 @@ dependencies:
|
|
|
71
71
|
version: '4.1'
|
|
72
72
|
- - "<"
|
|
73
73
|
- !ruby/object:Gem::Version
|
|
74
|
-
version: '
|
|
74
|
+
version: '4.3'
|
|
75
75
|
- !ruby/object:Gem::Dependency
|
|
76
76
|
name: spree_extension
|
|
77
77
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -221,6 +221,7 @@ files:
|
|
|
221
221
|
- spec/models/user_spec.rb
|
|
222
222
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
|
223
223
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
|
224
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
|
224
225
|
- spec/spec_helper.rb
|
|
225
226
|
- spec/support/ability.rb
|
|
226
227
|
- spec/support/configuration_helpers.rb
|
|
@@ -248,7 +249,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
248
249
|
version: '0'
|
|
249
250
|
requirements:
|
|
250
251
|
- none
|
|
251
|
-
rubygems_version: 3.
|
|
252
|
+
rubygems_version: 3.2.3
|
|
252
253
|
signing_key:
|
|
253
254
|
specification_version: 4
|
|
254
255
|
summary: Provides authentication and authorization services for use with Spree by
|
|
@@ -284,6 +285,7 @@ test_files:
|
|
|
284
285
|
- spec/models/user_spec.rb
|
|
285
286
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
|
286
287
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
|
288
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
|
287
289
|
- spec/spec_helper.rb
|
|
288
290
|
- spec/support/ability.rb
|
|
289
291
|
- spec/support/configuration_helpers.rb
|