spree_auth_devise 4.4.0 → 4.4.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 565373eb7dea3f9d8862356201ff23400aae3c29f5b77114d223de0f146f4dda
|
4
|
+
data.tar.gz: '05666786abb74456941e152e4217e10e9bd26ac8f10655a069ad499c39410352'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 89bfa5e3bbf864449b1937682af334f85201f484f23360d5dc40834a9a0d31999c06380531eb883f547dfe34e1df8072fb45c4707918d3eeeefc972649af8438
|
7
|
+
data.tar.gz: 39c55713494bd990c1cb8a7ff5f978227e8e62136564ae76c7f840b3028dcf30d86b8f6f2e94d52397aab7a66c2b0dc96804c4e3cd0b65454b9cd89a64c7a129
|
data/Gemfile
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
source 'https://rubygems.org'
|
2
2
|
|
3
3
|
gem 'rails-controller-testing'
|
4
|
-
gem 'spree',
|
5
|
-
gem 'spree_backend',
|
6
|
-
gem 'spree_frontend',
|
7
|
-
gem 'spree_emails',
|
4
|
+
gem 'spree', '~> 4.3.0'
|
5
|
+
gem 'spree_backend', '~> 4.3.0'
|
6
|
+
gem 'spree_frontend', '~> 4.3.0'
|
7
|
+
gem 'spree_emails', '~> 4.3.0'
|
8
8
|
|
9
9
|
gem 'pry', '~> 0.14.1'
|
10
10
|
gemspec
|
@@ -1,14 +1,18 @@
|
|
1
1
|
class Spree::UsersController < Spree::StoreController
|
2
2
|
before_action :set_current_order, except: :show
|
3
|
-
prepend_before_action :load_object, only: [:show, :edit, :update]
|
4
3
|
prepend_before_action :authorize_actions, only: :new
|
5
4
|
|
6
5
|
include Spree::Core::ControllerHelpers
|
7
6
|
|
8
7
|
def show
|
8
|
+
load_object
|
9
9
|
@orders = @user.orders.for_store(current_store).complete.order('completed_at desc')
|
10
10
|
end
|
11
11
|
|
12
|
+
def edit
|
13
|
+
load_object
|
14
|
+
end
|
15
|
+
|
12
16
|
def create
|
13
17
|
@user = Spree.user_class.new(user_params)
|
14
18
|
if @user.save
|
@@ -24,6 +28,7 @@ class Spree::UsersController < Spree::StoreController
|
|
24
28
|
end
|
25
29
|
|
26
30
|
def update
|
31
|
+
load_object
|
27
32
|
if @user.update(user_params)
|
28
33
|
if params[:user][:password].present?
|
29
34
|
# this logic needed b/c devise wants to log us out after password changes
|
data/lib/spree/auth/version.rb
CHANGED
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
RSpec.feature 'User update', type: :request do
|
4
|
+
context 'CSRF protection' do
|
5
|
+
%i[exception reset_session null_session].each do |strategy|
|
6
|
+
# Completely clean the configuration of forgery protection for the
|
7
|
+
# controller and reset it after the expectations. However, besides `:with`,
|
8
|
+
# the options given to `protect_from_forgery` are processed on the fly.
|
9
|
+
# I.e., there's no way to retain them. The initial setup corresponds to the
|
10
|
+
# dummy application, which uses the default Rails skeleton in that regard.
|
11
|
+
# So, if at some point Rails changed the given options, we should update it
|
12
|
+
# here.
|
13
|
+
around do |example|
|
14
|
+
controller = Spree::UsersController
|
15
|
+
old_allow_forgery_protection_value = controller.allow_forgery_protection
|
16
|
+
old_forgery_protection_strategy = controller.forgery_protection_strategy
|
17
|
+
controller.skip_forgery_protection
|
18
|
+
controller.allow_forgery_protection = true
|
19
|
+
controller.protect_from_forgery with: strategy
|
20
|
+
|
21
|
+
example.run
|
22
|
+
|
23
|
+
controller.allow_forgery_protection = old_allow_forgery_protection_value
|
24
|
+
controller.forgery_protection_strategy = old_forgery_protection_strategy
|
25
|
+
end
|
26
|
+
|
27
|
+
it "is not possible to take account over with the #{strategy} forgery protection strategy" do
|
28
|
+
user = create(:user, email: 'legit@mail.com', password: 'password')
|
29
|
+
|
30
|
+
post '/login', params: "spree_user[email]=legit@mail.com&spree_user[password]=password"
|
31
|
+
begin
|
32
|
+
put '/users/123456', params: 'user[email]=hacked@example.com'
|
33
|
+
rescue
|
34
|
+
# testing that the account is not compromised regardless of any raised
|
35
|
+
# exception
|
36
|
+
end
|
37
|
+
|
38
|
+
expect(user.reload.email).to eq('legit@mail.com')
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: spree_auth_devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.4.
|
4
|
+
version: 4.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sean Schofield
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-11-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: devise
|
@@ -201,6 +201,7 @@ files:
|
|
201
201
|
- spec/models/user_spec.rb
|
202
202
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
203
203
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
204
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
204
205
|
- spec/spec_helper.rb
|
205
206
|
- spec/support/ability.rb
|
206
207
|
- spec/support/configuration_helpers.rb
|
@@ -212,9 +213,9 @@ licenses:
|
|
212
213
|
- BSD-3-Clause
|
213
214
|
metadata:
|
214
215
|
bug_tracker_uri: https://github.com/spree/spree_auth_devise/issues
|
215
|
-
changelog_uri: https://github.com/spree/spree_auth_devise/releases/tag/v4.4.
|
216
|
+
changelog_uri: https://github.com/spree/spree_auth_devise/releases/tag/v4.4.1
|
216
217
|
documentation_uri: https://guides.spreecommerce.org/
|
217
|
-
source_code_uri: https://github.com/spree/spree_auth_devise/tree/v4.4.
|
218
|
+
source_code_uri: https://github.com/spree/spree_auth_devise/tree/v4.4.1
|
218
219
|
post_install_message:
|
219
220
|
rdoc_options: []
|
220
221
|
require_paths:
|
@@ -267,6 +268,7 @@ test_files:
|
|
267
268
|
- spec/models/user_spec.rb
|
268
269
|
- spec/requests/spree/api/v2/storefront/account_confirmation_spec.rb
|
269
270
|
- spec/requests/spree/api/v2/storefront/account_spec.rb
|
271
|
+
- spec/requests/spree/frontend/user_update_spec.rb
|
270
272
|
- spec/spec_helper.rb
|
271
273
|
- spec/support/ability.rb
|
272
274
|
- spec/support/configuration_helpers.rb
|