spree_auth_devise 4.4.0 → 4.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 565373eb7dea3f9d8862356201ff23400aae3c29f5b77114d223de0f146f4dda
|
4
|
+
data.tar.gz: '05666786abb74456941e152e4217e10e9bd26ac8f10655a069ad499c39410352'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 89bfa5e3bbf864449b1937682af334f85201f484f23360d5dc40834a9a0d31999c06380531eb883f547dfe34e1df8072fb45c4707918d3eeeefc972649af8438
|
7
|
+
data.tar.gz: 39c55713494bd990c1cb8a7ff5f978227e8e62136564ae76c7f840b3028dcf30d86b8f6f2e94d52397aab7a66c2b0dc96804c4e3cd0b65454b9cd89a64c7a129
|
data/Gemfile
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
3
|
gem 'rails-controller-testing'
|
4
|
-
gem 'spree',
|
5
|
-
gem 'spree_backend',
|
6
|
-
gem 'spree_frontend',
|
7
|
-
gem 'spree_emails',
|
4
|
+
gem 'spree', '~> 4.3.0'
|
5
|
+
gem 'spree_backend', '~> 4.3.0'
|
6
|
+
gem 'spree_frontend', '~> 4.3.0'
|
7
|
+
gem 'spree_emails', '~> 4.3.0'
|
8
8
|
|
9
9
|
gem 'pry', '~> 0.14.1'
|
10
10
|
gemspec
|
@@ -1,14 +1,18 @@
|
|
1
1
|
class Spree::UsersController < Spree::StoreController
|
2
2
|
before_action :set_current_order, except: :show
|
3
|
-
prepend_before_action :load_object, only: [:show, :edit, :update]
|
4
3
|
prepend_before_action :authorize_actions, only: :new
|
5
4
|
|
6
5
|
include Spree::Core::ControllerHelpers
|
7
6
|
|
8
7
|
def show
|
8
|
+
load_object
|
9
9
|
@orders = @user.orders.for_store(current_store).complete.order('completed_at desc')
|
10
10
|
end
|
11
11
|
|
12
|
+
def edit
|
13
|
+
load_object
|
14
|
+
end
|
15
|
+
|
12
16
|
def create
|
13
17
|
@user = Spree.user_class.new(user_params)
|
14
18
|
if @user.save
|
@@ -24,6 +28,7 @@ class Spree::UsersController < Spree::StoreController
|
|
24
28
|
end
|
25
29
|
|
26
30
|
def update
|
31
|
+
load_object
|
27
32
|
if @user.update(user_params)
|
28
33
|
if params[:user][:password].present?
|
29
34
|
# this logic needed b/c devise wants to log us out after password changes
|
data/lib/spree/auth/version.rb
CHANGED
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
RSpec.feature 'User update', type: :request do
|
4
|
+
context 'CSRF protection' do
|
5
|
+
%i[exception reset_session null_session].each do |strategy|
|
6
|
+
# Completely clean the configuration of forgery protection for the
|
7
|
+
# controller and reset it after the expectations. However, besides `:with`,
|
8
|
+
# the options given to `protect_from_forgery` are processed on the fly.
|
9
|
+
# I.e., there's no way to retain them. The initial setup corresponds to the
|
10
|
+
# dummy application, which uses the default Rails skeleton in that regard.
|
11
|
+
# So, if at some point Rails changed the given options, we should update it
|
12
|
+
# here.
|
13
|
+
around do |example|
|
14
|
+
controller = Spree::UsersController
|
15
|
+
old_allow_forgery_protection_value = controller.allow_forgery_protection
|
16
|
+
old_forgery_protection_strategy = controller.forgery_protection_strategy
|
17
|
+
controller.skip_forgery_protection
|
18
|
+
controller.allow_forgery_protection = true
|
19
|
+
controller.protect_from_forgery with: strategy
|
20
|
+
|
21
|
+
example.run
|
22
|
+
|
23
|
+
controller.allow_forgery_protection = old_allow_forgery_protection_value
|
24
|
+
controller.forgery_protection_strategy = old_forgery_protection_strategy
|
25
|
+
end
|
26
|
+
|
27
|
+
it "is not possible to take account over with the #{strategy} forgery protection strategy" do
|
28
|
+
user = create(:user, email: 'legit@mail.com', password: 'password')
|
29
|
+
|
30
|
+
post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
|
31
|
+
begin
|
32
|
+
put '/users/123456', params: 'user[email]=hacked@example.com'
|
33
|
+
rescue
|
34
|
+
# testing that the account is not compromised regardless of any raised
|
35
|
+
# exception
|
36
|
+
end
|
37
|
+
|
38
|
+
expect(user.reload.email).to eq('legit@mail.com')
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spree_auth_devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.4.
|
4
|
+
version: 4.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sean Schofield
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-11-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: devise
|
@@ -201,6 +201,7 @@ files:
|
|
201
201
|
- spec/models/user_spec.rb
|
202
202
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
203
203
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
204
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
204
205
|
- spec/spec_helper.rb
|
205
206
|
- spec/support/ability.rb
|
206
207
|
- spec/support/configuration_helpers.rb
|
@@ -212,9 +213,9 @@ licenses:
|
|
212
213
|
- BSD-3-Clause
|
213
214
|
metadata:
|
214
215
|
bug_tracker_uri: https://github.com/spree/spree_auth_devise/issues
|
215
|
-
changelog_uri: https://github.com/spree/spree_auth_devise/releases/tag/v4.4.
|
216
|
+
changelog_uri: https://github.com/spree/spree_auth_devise/releases/tag/v4.4.1
|
216
217
|
documentation_uri: https://guides.spreecommerce.org/
|
217
|
-
source_code_uri: https://github.com/spree/spree_auth_devise/tree/v4.4.
|
218
|
+
source_code_uri: https://github.com/spree/spree_auth_devise/tree/v4.4.1
|
218
219
|
post_install_message:
|
219
220
|
rdoc_options: []
|
220
221
|
require_paths:
|
@@ -267,6 +268,7 @@ test_files:
|
|
267
268
|
- spec/models/user_spec.rb
|
268
269
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
269
270
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
271
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
270
272
|
- spec/spec_helper.rb
|
271
273
|
- spec/support/ability.rb
|
272
274
|
- spec/support/configuration_helpers.rb
|