raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-03-20 04:59:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14054 from mkllnk/devise

Browse Source 
Bump devise from 4.9.4 to 5.0.3
This commit is contained in:
Maikel
2026-03-20 12:18:48 +11:00
committed by GitHub
parent fdfb155682 66d6627c89
commit d25eea660e
6 changed files with 162 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@@ -63,7 +63,6 @@ gem "taler"
gem 'devise'
gem 'devise-encryptable'
gem 'devise-i18n'
gem 'devise-token_authenticatable'
gem 'jwt', '~> 2.3'
gem 'oauth2', '~> 1.4.7' # Used for Stripe Connect

9
Gemfile.lock
View File

@@ -282,10 +282,10 @@ GEM
debug (1.11.1)
irb (~> 1.10)
reline (>= 0.3.8)
devise (4.9.4)
devise (5.0.3)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
railties (>= 7.0)
responders
warden (~> 1.2.3)
devise-encryptable (0.2.0)
@@ -293,8 +293,6 @@ GEM
devise-i18n (1.15.0)
devise (>= 4.9.0)
rails-i18n
devise-token_authenticatable (1.1.0)
devise (>= 4.0.0, < 5.0.0)
diff-lcs (1.6.2)
digest (3.2.1)
docile (1.4.1)
@@ -532,7 +530,7 @@ GEM
net-protocol
newrelic_rpm (9.24.0)
nio4r (2.7.5)
nokogiri (1.19.1)
nokogiri (1.19.2)
mini_portile2 (~> 2.8.2)
racc (~> 1.4)
nokogiri-html5-inference (0.3.0)
@@ -1018,7 +1016,6 @@ DEPENDENCIES
devise
devise-encryptable
devise-i18n
devise-token_authenticatable
dfc_provider!
digest
dotenv

2
app/controllers/spree/admin/users_controller.rb
View File

@@ -102,7 +102,7 @@ module Spree
def sign_in_if_change_own_password
return unless spree_current_user == @user && @user.password.present?
sign_in(@user, event: :authentication, bypass: true)
bypass_sign_in(@user)
end
def new_email_unconfirmed?

3
app/models/spree/user.rb
View File

@@ -5,10 +5,11 @@ module Spree
include SetUnusedAddressFields
self.belongs_to_required_by_default = false
self.ignored_columns += [:authentication_token]
searchable_attributes :email
devise :database_authenticatable, :token_authenticatable, :registerable, :recoverable,
devise :database_authenticatable, :registerable, :recoverable,
:rememberable, :trackable, :validatable, :omniauthable,
:encryptable, :confirmable,
encryptor: 'authlogic_sha512', reconfirmable: true,

5
config/initializers/devise.rb
View File

@@ -138,11 +138,6 @@ Devise.setup do |config|
config.case_insensitive_keys = [:email]
end
Devise::TokenAuthenticatable.setup do |config|
# Defines name of the authentication token params key
config.token_authentication_key = :auth_token
end
if ENV["OPENID_APP_ID"].present? && ENV["OPENID_APP_SECRET"].present?
Devise.setup do |config|
site = if Rails.env.development?

321
spec/system/admin/users_spec.rb
View File

@@ -5,201 +5,192 @@ require "system_helper"
RSpec.describe "Managing users" do
include AuthenticationHelper
context "as super-admin" do
before do
login_as_admin
end
let(:admin_user) { create(:admin_user) }
context "from the index page" do
before do
create(:user, email: "a@example.com")
create(:user, email: "b@example.com")
before do
login_as admin_user
end
context "from the index page" do
let!(:user_a) { create(:user, email: "a@example.com") }
let!(:user_b) { create(:user, email: "b@example.com") }
context "searching users" do
it "should display the correct results for a user search" do
visit spree.admin_dashboard_path
click_link "Users"
end
context "users index page with sorting" do
before(:each) do
click_link "users_email_title"
end
it "should list users with order email asc" do
expect(page).to have_css('table#listing_users')
within("table#listing_users") do
expect(page).to have_content("a@example.com")
expect(page).to have_content("b@example.com")
end
end
it "should list users with order email desc" do
click_link "users_email_title"
within("table#listing_users") do
expect(page).to have_content("a@example.com")
expect(page).to have_content("b@example.com")
end
fill_in "q_email_cont", with: "a@example"
click_button "Search"
within("table#listing_users") do
expect(page).to have_content("a@example")
expect(page).not_to have_content("b@example")
end
end
end
context "searching users" do
it "should display the correct results for a user search" do
fill_in "q_email_cont", with: "a@example"
click_button "Search"
within("table#listing_users") do
expect(page).to have_content("a@example")
expect(page).not_to have_content("b@example")
end
end
context "editing users" do
it "should allow editing the user password" do
visit spree.admin_users_path
click_link("a@example.com")
fill_in "user_password", with: "welcome"
fill_in "user_password_confirmation", with: "welcome"
click_button "Update"
expect(page).to have_content("Account updated")
expect(current_path).to eq spree.edit_admin_user_path(user_a)
end
context "editing users" do
before(:each) do
click_link("a@example.com")
end
it "allows to change your own password without logging you out" do
visit spree.edit_admin_user_path(admin_user)
it "should allow editing the user password" do
fill_in "user_password", with: "welcome"
fill_in "user_password_confirmation", with: "welcome"
click_button "Update"
fill_in "user_password", with: "welcome"
fill_in "user_password_confirmation", with: "welcome"
click_button "Update"
expect(page).to have_content("Account updated")
end
expect(page).to have_content("Account updated")
expect(current_path).to eq spree.edit_admin_user_path(admin_user)
end
it "should let me edit the user email" do
fill_in "Email", with: "newemail@example.org"
click_button "Update"
it "should let me edit the user email" do
visit spree.edit_admin_user_path(user_a)
expect(page).to have_content("The account will be updated once " \
"the new email is confirmed.")
end
fill_in "Email", with: "newemail@example.org"
click_button "Update"
it "should allow to generate, regenarate and clear the user api key" do
user = Spree::User.find_by(email: "a@example.com")
expect(page).to have_content "NO KEY"
expect(page).to have_content("The account will be updated once " \
"the new email is confirmed.")
end
click_button "Generate API key"
first_user_api_key = user.reload.spree_api_key
expect(page).to have_content first_user_api_key
it "should allow to generate, regenarate and clear the user api key" do
visit spree.edit_admin_user_path(user_a)
click_button "Regenerate Key"
second_user_api_key = user.reload.spree_api_key
expect(page).to have_content second_user_api_key
expect(second_user_api_key).not_to eq first_user_api_key
expect(page).to have_content "NO KEY"
click_button "Clear key"
expect(page).to have_content "NO KEY"
end
click_button "Generate API key"
first_user_api_key = user_a.reload.spree_api_key
expect(page).to have_content first_user_api_key
it "should allow to disable the user and to enable it" do
expect(page).to have_unchecked_field "Disabled"
check "Disabled"
click_button "Update"
click_button "Regenerate Key"
second_user_api_key = user_a.reload.spree_api_key
expect(page).to have_content second_user_api_key
expect(second_user_api_key).not_to eq first_user_api_key
expect(page).to have_content("Account updated")
expect(page).to have_checked_field "Disabled"
uncheck "Disabled"
click_button "Update"
click_button "Clear key"
expect(page).to have_content "NO KEY"
end
expect(page).to have_content("Account updated")
expect(page).to have_unchecked_field "Disabled"
end
it "should allow to disable the user and to enable it" do
visit spree.edit_admin_user_path(user_a)
it "should toggle the api key generation view" do
user = Spree::User.find_by(email: "a@example.com")
expect(page).to have_unchecked_field "Disabled"
check "Disabled"
click_button "Update"
expect(page).to have_content "NO KEY"
expect {
click_button("Generate API key")
expect(page).to have_content("Key generated")
}.to change { user.reload.spree_api_key }.from(nil)
expect(page).to have_content("Account updated")
expect(page).to have_checked_field "Disabled"
uncheck "Disabled"
click_button "Update"
expect(page).to have_content("Account updated")
expect(page).to have_unchecked_field "Disabled"
end
it "should toggle the api key generation view" do
visit spree.edit_admin_user_path(user_a)
expect(page).to have_content "NO KEY"
expect {
click_button("Generate API key")
expect(page).to have_content("Key generated")
}.to change { user_a.reload.spree_api_key }.from(nil)
expect(page).to have_unchecked_field "Show API key view for user"
expect {
check "Show API key view for user"
expect(page).to have_content("Show API key view has been changed!")
expect(page).to have_checked_field "Show API key view for user"
}.to change { user_a.reload.show_api_key_view }.from(false).to(true)
expect {
uncheck "Show API key view for user"
expect(page).to have_content("Show API key view has been changed!")
expect(page).to have_unchecked_field "Show API key view for user"
expect {
check "Show API key view for user"
expect(page).to have_content("Show API key view has been changed!")
expect(page).to have_checked_field "Show API key view for user"
}.to change { user.reload.show_api_key_view }.from(false).to(true)
expect {
uncheck "Show API key view for user"
expect(page).to have_content("Show API key view has been changed!")
expect(page).to have_unchecked_field "Show API key view for user"
}.to change { user.reload.show_api_key_view }.to(false)
end
end
context "pagination" do
before do
# creates 8 more users
8.times { create(:user) }
expect(Spree::User.count).to eq 11
visit spree.admin_users_path
end
it "displays pagination" do
# table displays 10 entries
within('tbody') do
expect(page).to have_css('tr', count: 10)
end
within ".pagination" do
expect(page).not_to have_content "Previous"
expect(page).to have_content "Next"
click_on "2"
end
# table displays 1 entry
within('tbody') do
expect(page).to have_css('tr', count: 1)
end
within ".pagination" do
expect(page).to have_content "Previous"
expect(page).not_to have_content "Next"
end
end
}.to change { user_a.reload.show_api_key_view }.to(false)
end
end
describe "creating a user" do
it "confirms successful creation" do
visit spree.new_admin_user_path
# shows no confirmation message to start with
expect(page).not_to have_text "Email confirmation is pending"
fill_in "Email", with: "user1@example.org"
fill_in "Password", with: "user1Secret"
fill_in "Confirm Password", with: "user1Secret"
expect(page).to have_select "Language", selected: "English"
select "Español", from: "Language"
perform_enqueued_jobs do
expect do
click_button "Create"
end.to change { Spree::User.count }.by 1
expect(page).to have_text "Created Successfully"
expect(page).to have_text "Email confirmation is pending"
expect(Spree::User.last.locale).to eq "es"
expect(ActionMailer::Base.deliveries.first.subject).to match(
"Por favor, confirma tu cuenta de OFN"
)
end
context "pagination" do
before do
# creates 8 more users
8.times { create(:user) }
expect(Spree::User.count).to eq 11
visit spree.admin_users_path
end
end
describe "resending confirmation email" do
let(:user) { create :user, confirmed_at: nil }
it "displays success" do
visit spree.edit_admin_user_path user
expect do
# The `a` element doesn't have an href, so we can't use click_link.
find("a", text: "Resend").click
expect(page).to have_text "Resend done"
end.to enqueue_job ActionMailer::MailDeliveryJob
it "displays pagination" do
# table displays 10 entries
within('tbody') do
expect(page).to have_css('tr', count: 10)
end
within ".pagination" do
expect(page).not_to have_content "Previous"
expect(page).to have_content "Next"
click_on "2"
end
# table displays 1 entry
within('tbody') do
expect(page).to have_css('tr', count: 1)
end
within ".pagination" do
expect(page).to have_content "Previous"
expect(page).not_to have_content "Next"
end
end
end
end
describe "creating a user" do
it "confirms successful creation" do
visit spree.new_admin_user_path
# shows no confirmation message to start with
expect(page).not_to have_text "Email confirmation is pending"
fill_in "Email", with: "user1@example.org"
fill_in "Password", with: "user1Secret"
fill_in "Confirm Password", with: "user1Secret"
expect(page).to have_select "Language", selected: "English"
select "Español", from: "Language"
perform_enqueued_jobs do
expect do
click_button "Create"
end.to change { Spree::User.count }.by 1
expect(page).to have_text "Created Successfully"
expect(page).to have_text "Email confirmation is pending"
expect(Spree::User.last.locale).to eq "es"
expect(ActionMailer::Base.deliveries.first.subject).to match(
"Por favor, confirma tu cuenta de OFN"
)
end
end
end
describe "resending confirmation email" do
let(:user) { create :user, confirmed_at: nil }
it "displays success" do
visit spree.edit_admin_user_path user
expect do
# The `a` element doesn't have an href, so we can't use click_link.
find("a", text: "Resend").click
expect(page).to have_text "Resend done"
end.to enqueue_job ActionMailer::MailDeliveryJob
end
end
end