From 17448699f96a184038bd56d1faf37f94c8de51cb Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Fri, 5 Jul 2019 22:45:59 +0100 Subject: [PATCH] Bring devise initializer from spree_auth_devise and fix spree initializer details --- app/controllers/spree/checkout_controller.rb | 2 +- app/controllers/spree/users_controller.rb | 2 +- config/initializers/devise.rb | 143 ++++++++++++++++++- config/initializers/spree.rb | 7 +- config/initializers/spree_auth_devise.rb | 16 --- lib/spree/authentication_helpers.rb | 26 ++++ spec/spec_helper.rb | 2 +- 7 files changed, 177 insertions(+), 21 deletions(-) delete mode 100644 config/initializers/spree_auth_devise.rb create mode 100644 lib/spree/authentication_helpers.rb diff --git a/app/controllers/spree/checkout_controller.rb b/app/controllers/spree/checkout_controller.rb index f4fa56f492..c5eb64a62f 100644 --- a/app/controllers/spree/checkout_controller.rb +++ b/app/controllers/spree/checkout_controller.rb @@ -56,7 +56,7 @@ module Spree # Introduces a registration step whenever the +registration_step+ preference is true. def check_registration - return unless Spree::Auth::Config[:registration_step] + return unless AuthConfig[:registration_step] return if spree_current_user or current_order.email store_location redirect_to spree.checkout_registration_path diff --git a/app/controllers/spree/users_controller.rb b/app/controllers/spree/users_controller.rb index 286181aeb4..1de4b0eafe 100644 --- a/app/controllers/spree/users_controller.rb +++ b/app/controllers/spree/users_controller.rb @@ -29,7 +29,7 @@ class Spree::UsersController < Spree::StoreController if params[:user][:password].present? # this logic needed b/c devise wants to log us out after password changes user = Spree::User.reset_password_by_token(params[:user]) - sign_in(@user, :event => :authentication, :bypass => !Spree::Auth::Config[:signout_after_password_change]) + sign_in(@user, :event => :authentication, :bypass => !AuthConfig[:signout_after_password_change]) end redirect_to spree.account_url, :notice => Spree.t(:account_updated) else diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 9fef52fc8c..b2424cdbbd 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -1,5 +1,146 @@ +# Use this hook to configure devise mailer, warden hooks and so forth. The first +# four configuration values can also be set straight in your models. Devise.setup do |config| + # ==> Mailer Configuration + # Configure the e-mail address which will be shown in DeviseMailer. + config.mailer_sender = 'please-change-me@config-initializers-devise.com' + + # Configure the class responsible to send e-mails. + config.mailer = 'Spree::UserMailer' + + # ==> ORM configuration + # Load and configure the ORM. Supports :active_record (default) and + # :mongoid (bson_ext recommended) by default. Other ORMs may be + # available as additional gems. + require 'devise/orm/active_record' + + # ==> Configuration for any authentication mechanism + # Configure which keys are used when authenticating an user. By default is + # just :email. You can configure it to use [:username, :subdomain], so for + # authenticating an user, both parameters are required. Remember that those + # parameters are used only when authenticating and not when retrieving from + # session. If you need permissions, you should implement that in a before filter. + # config.authentication_keys = [ :email ] + + # Tell if authentication through request.params is enabled. True by default. + # config.params_authenticatable = true + + # Tell if authentication through HTTP Basic Auth is enabled. False by default. + config.http_authenticatable = true + + # Set this to true to use Basic Auth for AJAX requests. True by default. + #config.http_authenticatable_on_xhr = false + + # The realm used in Http Basic Authentication + config.http_authentication_realm = 'Spree Application' + + # ==> Configuration for :database_authenticatable + # For bcrypt, this is the cost for hashing the password and defaults to 10. If + # using other encryptors, it sets how many times you want the password re-encrypted. + config.stretches = 20 + + # Setup a pepper to generate the encrypted password. + config.pepper = Rails.configuration.secret_token + + # ==> Configuration for :confirmable + # The time you want to give your user to confirm his account. During this time + # he will be able to access your application without confirming. Default is nil. + # When confirm_within is zero, the user won't be able to sign in without confirming. + # You can use this to let your user access some features of your application + # without confirming the account, but blocking it after a certain period + # (ie 2 days). + # config.confirm_within = 2.days + + # ==> Configuration for :rememberable + # The time the user will be remembered without asking for credentials again. + # config.remember_for = 2.weeks + + # If true, a valid remember token can be re-used between multiple browsers. + # config.remember_across_browsers = true + + # If true, extends the user's remember period when remembered via cookie. + # config.extend_remember_period = false + + # ==> Configuration for :validatable + # Range for password length + # config.password_length = 6..20 + + # Regex to use to validate the email address + config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i + + # ==> Configuration for :timeoutable + # The time you want to timeout the user session without activity. After this + # time the user will be asked for credentials again. + # config.timeout_in = 10.minutes + + # ==> Configuration for :lockable + # Defines which strategy will be used to lock an account. + # :failed_attempts = Locks an account after a number of failed attempts to sign in. + # :none = No lock strategy. You should handle locking by yourself. + # config.lock_strategy = :failed_attempts + + # Defines which strategy will be used to unlock an account. + # :email = Sends an unlock link to the user email + # :time = Re-enables login after a certain amount of time (see :unlock_in below) + # :both = Enables both strategies + # :none = No unlock strategy. You should handle unlocking by yourself. + # config.unlock_strategy = :both + + # Number of authentication tries before locking an account if lock_strategy + # is failed attempts. + # config.maximum_attempts = 20 + + # Time interval to unlock the account if :time is enabled as unlock_strategy. + # config.unlock_in = 1.hour + + # ==> Configuration for :token_authenticatable + # Defines name of the authentication token params key + config.token_authentication_key = :auth_token + + # ==> Scopes configuration + # Turn scoped views on. Before rendering 'sessions/new', it will first check for + # 'users/sessions/new'. It's turned off by default because it's slower if you + # are using only default views. + # config.scoped_views = true + + # Configure the default scope given to Warden. By default it's the first + # devise role declared in your routes. # Add a default scope to devise, to prevent it from checking # whether other devise enabled models are signed into a session or not config.default_scope = :spree_user -end \ No newline at end of file + + # Configure sign_out behavior. + # By default sign_out is scoped (i.e. /users/sign_out affects only :user scope). + # In case of sign_out_all_scopes set to true any logout action will sign out all active scopes. + # config.sign_out_all_scopes = false + + # ==> Navigation configuration + # Lists the formats that should be treated as navigational. Formats like + # :html, should redirect to the sign in page when the user does not have + # access, but formats like :xml or :json, should return 401. + # If you have any extra navigational formats, like :iphone or :mobile, you + # should add them to the navigational formats lists. Default is [:html] + config.navigational_formats = [:html, :json, :xml] + + # ==> Warden configuration + # If you want to use other strategies, that are not (yet) supported by Devise, + # you can configure them inside the config.warden block. The example below + # allows you to setup OAuth, using http://github.com/roman/warden_oauth + # + # config.warden do |manager| + # manager.oauth(:twitter) do |twitter| + # twitter.consumer_secret = + # twitter.consumer_key = + # twitter.options :site => 'http://twitter.com' + # end + # manager.default_strategies(:scope => :user).unshift :twitter_oauth + # end + # + # Time interval you can reset your password with a reset password key. + # Don't put a too small interval or your users won't have the time to + # change their passwords. + config.reset_password_within = 6.hours + config.sign_out_via = :get + + config.case_insensitive_keys = [:email] +end diff --git a/config/initializers/spree.rb b/config/initializers/spree.rb index df21b91421..68de82143e 100644 --- a/config/initializers/spree.rb +++ b/config/initializers/spree.rb @@ -42,11 +42,16 @@ Spree.config do |config| config.s3_protocol = ENV.fetch('S3_PROTOCOL', 'https') end +# Initialize authentication +require 'spree/authentication_helpers' +ApplicationController.send :include, Spree::AuthenticationHelpers + # Spree 2.0 recommends explicitly setting this here when using spree_auth_devise Spree.user_class = 'Spree::User' +AuthConfig = Spree::AuthConfiguration.new # Don't log users out when setting a new password -Spree::Auth::Config[:signout_after_password_change] = false +AuthConfig[:signout_after_password_change] = false # TODO Work out why this is necessary # Seems like classes within OFN module become 'uninitialized' when server reloads diff --git a/config/initializers/spree_auth_devise.rb b/config/initializers/spree_auth_devise.rb deleted file mode 100644 index a59badf636..0000000000 --- a/config/initializers/spree_auth_devise.rb +++ /dev/null @@ -1,16 +0,0 @@ -# `spree_auth_devise` gem decorators get loaded in a `to_prepare` callback -# referring to Spree classes that have not been loaded yet -# -# When this initializer is loaded we're sure that those Spree classes have been -# loaded and we load again the `spree_auth_devise` decorators to effectively -# apply them. -# -# Give a look at `if defined?(Spree::Admin::BaseController)` in the following file -# to get an example: -# https://github.com/openfoodfoundation/spree_auth_devise/blob/spree-upgrade-intermediate/app/controllers/spree/admin/admin_controller_decorator.rb#L1 -# -# TODO: remove this hack once we get to Spree 3.0 -gem_dir = Gem::Specification.find_by_name("spree_auth_devise").gem_dir -Dir.glob(File.join(gem_dir, 'app/**/*_decorator*.rb')) do |c| - load c -end diff --git a/lib/spree/authentication_helpers.rb b/lib/spree/authentication_helpers.rb new file mode 100644 index 0000000000..8ec570fc99 --- /dev/null +++ b/lib/spree/authentication_helpers.rb @@ -0,0 +1,26 @@ +module Spree + module AuthenticationHelpers + def self.included(receiver) + receiver.send :helper_method, :spree_current_user + receiver.send :helper_method, :spree_login_path + receiver.send :helper_method, :spree_signup_path + receiver.send :helper_method, :spree_logout_path + end + + def spree_current_user + current_spree_user + end + + def spree_login_path + spree.login_path + end + + def spree_signup_path + spree.signup_path + end + + def spree_logout_path + spree.logout_path + end + end +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index cad940fac8..b10e48068a 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -128,7 +128,7 @@ RSpec.configure do |config| spree_config.auto_capture = true end - Spree::Auth::Config[:signout_after_password_change] = false + AuthConfig[:signout_after_password_change] = false Spree::Api::Config[:requires_authentication] = true end