Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Removed authlogic in favor of Devise.

  • Loading branch information...
commit 3e1b833b982058bf48763634c61814a55221de09 1 parent 8e0e441
@schof schof authored
Showing with 430 additions and 390 deletions.
  1. +12 −5 Gemfile.lock
  2. +13 −12 api/lib/spree_api.rb
  3. +3 −0  auth/README.md
  4. +0 −12 auth/app/controllers/spree/base_controller_decorator.rb
  5. +33 −0 auth/app/models/user.rb
  6. +21 −13 auth/app/models/user_decorator.rb
  7. +12 −0 auth/app/views/devise/confirmations/new.html.erb
  8. +5 −0 auth/app/views/devise/mailer/confirmation_instructions.html.erb
  9. +8 −0 auth/app/views/devise/mailer/reset_password_instructions.html.erb
  10. +7 −0 auth/app/views/devise/mailer/unlock_instructions.html.erb
  11. +16 −0 auth/app/views/devise/passwords/edit.html.erb
  12. +12 −0 auth/app/views/devise/passwords/new.html.erb
  13. +25 −0 auth/app/views/devise/registrations/edit.html.erb
  14. +22 −0 auth/app/views/devise/registrations/new.html.erb
  15. +20 −0 auth/app/views/devise/sessions/new.html.erb
  16. +19 −0 auth/app/views/devise/shared/_links.erb
  17. +12 −0 auth/app/views/devise/unlocks/new.html.erb
  18. +6 −0 auth/app/views/shared/_login_bar.html.erb
  19. +3 −0  auth/config/routes.rb
  20. +31 −0 auth/db/migrate/20100811003924_switch_to_devise.rb
  21. +146 −0 auth/lib/generators/templates/devise.rb
  22. +1 −0  auth/lib/spree_auth.rb
  23. +0 −1  auth/spec/models/ability_spec.rb
  24. +1 −13 auth/spec/models/user_spec.rb
  25. +1 −0  auth/spree_auth.gemspec
  26. +0 −106 core/app/controllers/user_sessions_controller.rb
  27. +0 −49 core/app/controllers/users_controller.rb
  28. +0 −82 core/app/models/user.rb
  29. +0 −11 core/app/models/user_mailer.rb
  30. +0 −2  core/app/models/user_session.rb
  31. +0 −6 core/app/views/shared/_login_bar.html.erb
  32. +0 −9 core/app/views/user_mailer/password_reset_instructions.erb
  33. +0 −4 core/app/views/user_sessions/authorization_failure.html.erb
  34. +0 −8 core/app/views/user_sessions/new.html.erb
  35. +0 −9 core/app/views/users/_openid_identifier.html.erb
  36. +0 −22 core/app/views/users/new.html.erb
  37. +1 −20 core/config/routes.rb
  38. +0 −1  core/lib/spree_core.rb
  39. +0 −4 core/spec/models/user_spec.rb
  40. +0 −1  core/spree-core.gemspec
View
17 Gemfile.lock
@@ -3,6 +3,7 @@ PATH
specs:
spree (0.30.0.beta1)
spree_api (= 0.30.0.beta1)
+ spree_auth (= 0.30.0.beta1)
spree_core (= 0.30.0.beta1)
spree_dashboard (= 0.30.0.beta1)
spree_payment_gateway (= 0.30.0.beta1)
@@ -10,13 +11,15 @@ PATH
spree_sample (= 0.30.0.beta1)
spree_api (0.30.0.beta1)
spree_core (= 0.30.0.beta1)
+ spree_auth (0.30.0.beta1)
+ cancan (>= 1.3.0)
+ devise (>= 1.1.1)
+ spree_core (= 0.30.0.beta1)
spree_core (0.30.0.beta1)
activemerchant (>= 1.7.1)
activerecord-tableless (>= 0.1.0)
acts_as_list (>= 0.1.2)
- authlogic (>= 2.1.5)
bundler (>= 0.9.26)
- cancan (>= 1.3.0)
faker (>= 0.3.1)
highline (>= 1.5.1)
less (>= 1.2.20)
@@ -78,13 +81,15 @@ GEM
acts_as_list (0.1.2)
arel (0.4.0)
activesupport (>= 3.0.0.beta)
- authlogic (2.1.6)
- activesupport
+ bcrypt-ruby (2.1.2)
braintree (2.4.0)
builder
builder (2.1.2)
- cancan (1.3.0)
+ cancan (1.3.2)
columnize (0.3.1)
+ devise (1.1.1)
+ bcrypt-ruby (~> 2.1.2)
+ warden (~> 0.10.7)
erubis (2.6.6)
abstract (>= 1.0.0)
faker (0.3.1)
@@ -143,6 +148,8 @@ GEM
treetop (1.4.8)
polyglot (>= 0.3.1)
tzinfo (0.3.22)
+ warden (0.10.7)
+ rack (>= 1.0.0)
will_paginate (3.0.pre2)
PLATFORMS
View
25 api/lib/spree_api.rb
@@ -17,18 +17,19 @@ def generate_api_key
end
- Spree::BaseController.class_eval do
- private
- def current_user
- return @current_user if defined?(@current_user)
- if current_user_session && current_user_session.user
- return @current_user = current_user_session.user
- end
- if token = request.headers['X-SpreeAPIKey']
- @current_user = User.find_by_api_key(token)
- end
- end
- end
+ # RAILS3 TODO: Get the API stuff working with Devise
+ # Spree::BaseController.class_eval do
+ # private
+ # def current_user
+ # return @current_user if defined?(@current_user)
+ # if current_user_session && current_user_session.user
+ # return @current_user = current_user_session.user
+ # end
+ # if token = request.headers['X-SpreeAPIKey']
+ # @current_user = User.find_by_api_key(token)
+ # end
+ # end
+ # end
LineItem.class_eval do
def description
View
3  auth/README.md
@@ -0,0 +1,3 @@
+authentication by token example
+
+ http://localhost:3000/?auth_token=oWBSN16k6dWx46TtSGcp
View
12 auth/app/controllers/spree/base_controller_decorator.rb
@@ -1,12 +0,0 @@
-Spree::BaseController.class_eval do
- private
- def current_user_session
- return @current_user_session if defined?(@current_user_session)
- @current_user_session = UserSession.find
- end
-
- def current_user
- return @current_user if defined?(@current_user)
- @current_user = current_user_session && current_user_session.user
- end
-end
View
33 auth/app/models/user.rb
@@ -0,0 +1,33 @@
+class User < ActiveRecord::Base
+
+ # Include default devise modules. Others available are:
+ # :confirmable, :lockable and :timeoutable
+ devise :database_authenticatable, :registerable, :token_authenticatable,
+ :recoverable, :rememberable, :trackable, :validatable
+
+ # Setup accessible (or protected) attributes for your model
+ attr_accessible :email, :password, :password_confirmation, :remember_me
+
+ has_many :orders
+ has_and_belongs_to_many :roles
+
+ belongs_to :ship_address, :foreign_key => "ship_address_id", :class_name => "Address"
+ belongs_to :bill_address, :foreign_key => "bill_address_id", :class_name => "Address"
+
+ after_save :ensure_authentication_token!
+
+ # has_role? simply needs to return true or false whether a user has a role or not.
+ def has_role?(role_in_question)
+ roles.any? { |role| role.name == role_in_question.to_s }
+ end
+
+ def self.guest!
+ token = User.generate_token(:authentication_token)
+ User.create(:email => "#{token}@spree.com", :password => token, :password_confirmation => token)
+ end
+
+ def guest?
+ self.email.blank?
+ end
+
+end
View
34 auth/app/models/user_decorator.rb
@@ -1,18 +1,26 @@
User.class_eval do
- alias_attribute :token, :api_key
- before_validation :generate_token
- validates_presence_of :token
+ #alias_attribute :token, :api_key
+ #before_validation :generate_token
+ #validates_presence_of :token
- def generate_token
- self.token ||= secure_digest(Time.now, (1..10).map{ rand.to_s })
- end
+ # Include default devise modules. Others available are:
+ # :confirmable, :lockable and :timeoutable
+ devise :database_authenticatable, :registerable, :token_authenticatable,
+ :recoverable, :rememberable, :trackable, :validatable
- def regenerate_token!
- self.update_attribute(:api_key, secure_digest(Time.now, (1..10).map{ rand.to_s }))
- end
+ # Setup accessible (or protected) attributes for your model
+ attr_accessible :email, :password, :password_confirmation, :remember_me
- private
- def secure_digest(*args)
- Digest::SHA1.hexdigest(args.flatten.join('--'))
- end
+ # def generate_token
+ # self.token ||= secure_digest(Time.now, (1..10).map{ rand.to_s })
+ # end
+ #
+ # def regenerate_token!
+ # self.update_attribute(:api_key, secure_digest(Time.now, (1..10).map{ rand.to_s }))
+ # end
+ #
+ # private
+ # def secure_digest(*args)
+ # Digest::SHA1.hexdigest(args.flatten.join('--'))
+ # end
end
View
12 auth/app/views/devise/confirmations/new.html.erb
@@ -0,0 +1,12 @@
+<h2>Resend confirmation instructions</h2>
+
+<%= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f| %>
+ <%= devise_error_messages! %>
+
+ <p><%= f.label :email %><br />
+ <%= f.text_field :email %></p>
+
+ <p><%= f.submit "Resend confirmation instructions" %></p>
+<% end %>
+
+<%= render :partial => "devise/shared/links" %>
View
5 auth/app/views/devise/mailer/confirmation_instructions.html.erb
@@ -0,0 +1,5 @@
+<p>Welcome <%= @resource.email %>!</p>
+
+<p>You can confirm your account through the link below:</p>
+
+<p><%= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @resource.confirmation_token) %></p>
View
8 auth/app/views/devise/mailer/reset_password_instructions.html.erb
@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has requested a link to change your password, and you can do this through the link below.</p>
+
+<p><%= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @resource.reset_password_token) %></p>
+
+<p>If you didn't request this, please ignore this email.</p>
+<p>Your password won't change until you access the link above and create a new one.</p>
View
7 auth/app/views/devise/mailer/unlock_instructions.html.erb
@@ -0,0 +1,7 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Your account has been locked due to an excessive amount of unsuccessful sign in attempts.</p>
+
+<p>Click the link below to unlock your account:</p>
+
+<p><%= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @resource.unlock_token) %></p>
View
16 auth/app/views/devise/passwords/edit.html.erb
@@ -0,0 +1,16 @@
+<h2>Change your password</h2>
+
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f| %>
+ <%= devise_error_messages! %>
+ <%= f.hidden_field :reset_password_token %>
+
+ <p><%= f.label :password %><br />
+ <%= f.password_field :password %></p>
+
+ <p><%= f.label :password_confirmation %><br />
+ <%= f.password_field :password_confirmation %></p>
+
+ <p><%= f.submit "Change my password" %></p>
+<% end %>
+
+<%= render :partial => "devise/shared/links" %>
View
12 auth/app/views/devise/passwords/new.html.erb
@@ -0,0 +1,12 @@
+<h2>Forgot your password?</h2>
+
+<%= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f| %>
+ <%= devise_error_messages! %>
+
+ <p><%= f.label :email %><br />
+ <%= f.text_field :email %></p>
+
+ <p><%= f.submit "Send me reset password instructions" %></p>
+<% end %>
+
+<%= render :partial => "devise/shared/links" %>
View
25 auth/app/views/devise/registrations/edit.html.erb
@@ -0,0 +1,25 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+ <%= devise_error_messages! %>
+
+ <p><%= f.label :email %><br />
+ <%= f.text_field :email %></p>
+
+ <p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+ <%= f.password_field :password %></p>
+
+ <p><%= f.label :password_confirmation %><br />
+ <%= f.password_field :password_confirmation %></p>
+
+ <p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+ <%= f.password_field :current_password %></p>
+
+ <p><%= f.submit "Update" %></p>
+<% end %>
+
+<h3>Cancel my account</h3>
+
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
+
+<%= link_to "Back", :back %>
View
22 auth/app/views/devise/registrations/new.html.erb
@@ -0,0 +1,22 @@
+<% @body_id = 'signup' %>
+
+<div id="new-customer">
+ <h2><%= t("new_customer") %></h2>
+
+ <%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
+ <%= devise_error_messages! %>
+
+ <p><%= f.label :email %><br />
+ <%= f.text_field :email %></p>
+
+ <p><%= f.label :password %><br />
+ <%= f.password_field :password %></p>
+
+ <p><%= f.label :password_confirmation %><br />
+ <%= f.password_field :password_confirmation %></p>
+
+ <p><%= f.submit "Sign up" %></p>
+ <% end %>
+
+ <%= render :partial => "devise/shared/links" %>
+</div>
View
20 auth/app/views/devise/sessions/new.html.erb
@@ -0,0 +1,20 @@
+<% @body_id = 'login' %>
+<div id="existing-customer">
+ <h2><%= t("login_as_existing") %></h2>
+
+ <%= form_for(resource, :as => resource_name, :url => session_path(resource_name)) do |f| %>
+ <p><%= f.label :email %><br />
+ <%= f.text_field :email %></p>
+
+ <p><%= f.label :password %><br />
+ <%= f.password_field :password %></p>
+
+ <% if devise_mapping.rememberable? -%>
+ <p><%= f.check_box :remember_me %> <%= f.label :remember_me %></p>
+ <% end -%>
+
+ <p><%= f.submit "Sign in" %></p>
+ <% end %>
+
+ <%= render :partial => "devise/shared/links" %>
+</div>
View
19 auth/app/views/devise/shared/_links.erb
@@ -0,0 +1,19 @@
+<%- if controller_name != 'sessions' %>
+ <%= link_to "Sign in", new_session_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+ <%= link_to "Sign up", new_registration_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
+ <%= link_to "Forgot your password?", new_password_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
+ <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
+<% end -%>
+
+<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' %>
+ <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br />
+<% end -%>
View
12 auth/app/views/devise/unlocks/new.html.erb
@@ -0,0 +1,12 @@
+<h2>Resend unlock instructions</h2>
+
+<%= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f| %>
+ <%= devise_error_messages! %>
+
+ <p><%= f.label :email %><br />
+ <%= f.text_field :email %></p>
+
+ <p><%= f.submit "Resend unlock instructions" %></p>
+<% end %>
+
+<%= render :partial => "devise/shared/links" %>
View
6 auth/app/views/shared/_login_bar.html.erb
@@ -0,0 +1,6 @@
+<% if current_user %>
+ <li><%= link_to t('my_account'), edit_user_registration_path(current_user) %></li>
+ <li><%= link_to t('logout'), destroy_user_session_path %></li>
+<% else %>
+ <li><%= link_to t('log_in'), new_user_session_path %></li>
+<% end %>
View
3  auth/config/routes.rb
@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+ devise_for :users
+end
View
31 auth/db/migrate/20100811003924_switch_to_devise.rb
@@ -0,0 +1,31 @@
+class SwitchToDevise < ActiveRecord::Migration
+ def self.up
+ change_table(:users) do |t|
+ t.rename :crypted_password, :encrypted_password
+ t.rename :salt, :password_salt
+ t.rename :remember_token_expires_at, :remember_created_at
+ t.rename :persistence_token, :authentication_token
+ t.rename :single_access_token, :reset_password_token
+ t.remove :perishable_token
+ t.rename :login_count, :sign_in_count
+ t.remove :failed_login_count
+ t.remove :last_request_at
+ t.rename :current_login_at, :current_sign_in_at
+ t.rename :last_login_at, :last_sign_in_at
+ t.rename :current_login_ip, :current_sign_in_ip
+ t.rename :last_login_ip, :last_sign_in_ip
+ t.remove :login
+ t.remove :openid_identifier
+ t.remove :api_key
+ end
+ drop_table :open_id_authentication_associations
+ drop_table :open_id_authentication_nonces
+
+ add_index :devise_users, :email, :unique => true
+ add_index :devise_users, :reset_password_token, :unique => true
+ end
+
+ def self.down
+ drop_table :devise_users
+ end
+end
View
146 auth/lib/generators/templates/devise.rb
@@ -0,0 +1,146 @@
+# Use this hook to configure devise mailer, warden hooks and so forth. The first
+# four configuration values can also be set straight in your models.
+Devise.setup do |config|
+ # ==> Mailer Configuration
+ # Configure the e-mail address which will be shown in DeviseMailer.
+ config.mailer_sender = "please-change-me@config-initializers-devise.com"
+
+ # Configure the class responsible to send e-mails.
+ # config.mailer = "Devise::Mailer"
+
+ # ==> ORM configuration
+ # Load and configure the ORM. Supports :active_record (default) and
+ # :mongoid (bson_ext recommended) by default. Other ORMs may be
+ # available as additional gems.
+ require 'devise/orm/<%= options[:orm] %>'
+
+ # ==> Configuration for any authentication mechanism
+ # Configure which keys are used when authenticating an user. By default is
+ # just :email. You can configure it to use [:username, :subdomain], so for
+ # authenticating an user, both parameters are required. Remember that those
+ # parameters are used only when authenticating and not when retrieving from
+ # session. If you need permissions, you should implement that in a before filter.
+ # config.authentication_keys = [ :email ]
+
+ # Tell if authentication through request.params is enabled. True by default.
+ # config.params_authenticatable = true
+
+ # Tell if authentication through HTTP Basic Auth is enabled. True by default.
+ # config.http_authenticatable = true
+
+ # Set this to true to use Basic Auth for AJAX requests. True by default.
+ # config.http_authenticatable_on_xhr = true
+
+ # The realm used in Http Basic Authentication
+ # config.http_authentication_realm = "Application"
+
+ # ==> Configuration for :database_authenticatable
+ # Define which will be the encryption algorithm. Devise also supports encryptors
+ # from others authentication tools as :clearance_sha1, :authlogic_sha512 (then
+ # you should set stretches above to 20 for default behavior) and :restful_authentication_sha1
+ # (then you should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
+ config.encryptor = :bcrypt
+
+ # For bcrypt, this is the cost for hashing the password and defaults to 10. If
+ # using other encryptors, it sets how many times you want the password re-encrypted.
+ config.stretches = 10
+
+ # Setup a pepper to generate the encrypted password.
+ config.pepper = <%= ActiveSupport::SecureRandom.hex(64).inspect %>
+
+ # ==> Configuration for :confirmable
+ # The time you want to give your user to confirm his account. During this time
+ # he will be able to access your application without confirming. Default is nil.
+ # When confirm_within is zero, the user won't be able to sign in without confirming.
+ # You can use this to let your user access some features of your application
+ # without confirming the account, but blocking it after a certain period
+ # (ie 2 days).
+ # config.confirm_within = 2.days
+
+ # ==> Configuration for :rememberable
+ # The time the user will be remembered without asking for credentials again.
+ # config.remember_for = 2.weeks
+
+ # If true, a valid remember token can be re-used between multiple browsers.
+ # config.remember_across_browsers = true
+
+ # If true, extends the user's remember period when remembered via cookie.
+ # config.extend_remember_period = false
+
+ # ==> Configuration for :validatable
+ # Range for password length
+ # config.password_length = 6..20
+
+ # Regex to use to validate the email address
+ # config.email_regexp = /^([\w\.%\+\-]+)@([\w\-]+\.)+([\w]{2,})$/i
+
+ # ==> Configuration for :timeoutable
+ # The time you want to timeout the user session without activity. After this
+ # time the user will be asked for credentials again.
+ # config.timeout_in = 10.minutes
+
+ # ==> Configuration for :lockable
+ # Defines which strategy will be used to lock an account.
+ # :failed_attempts = Locks an account after a number of failed attempts to sign in.
+ # :none = No lock strategy. You should handle locking by yourself.
+ # config.lock_strategy = :failed_attempts
+
+ # Defines which strategy will be used to unlock an account.
+ # :email = Sends an unlock link to the user email
+ # :time = Re-enables login after a certain amount of time (see :unlock_in below)
+ # :both = Enables both strategies
+ # :none = No unlock strategy. You should handle unlocking by yourself.
+ # config.unlock_strategy = :both
+
+ # Number of authentication tries before locking an account if lock_strategy
+ # is failed attempts.
+ # config.maximum_attempts = 20
+
+ # Time interval to unlock the account if :time is enabled as unlock_strategy.
+ # config.unlock_in = 1.hour
+
+ # ==> Configuration for :token_authenticatable
+ # Defines name of the authentication token params key
+ # config.token_authentication_key = :auth_token
+
+ # ==> Scopes configuration
+ # Turn scoped views on. Before rendering "sessions/new", it will first check for
+ # "users/sessions/new". It's turned off by default because it's slower if you
+ # are using only default views.
+ # config.scoped_views = true
+
+ # Configure the default scope given to Warden. By default it's the first
+ # devise role declared in your routes.
+ # config.default_scope = :user
+
+ # Configure sign_out behavior.
+ # By default sign_out is scoped (i.e. /users/sign_out affects only :user scope).
+ # In case of sign_out_all_scopes set to true any logout action will sign out all active scopes.
+ # config.sign_out_all_scopes = false
+
+ # ==> Navigation configuration
+ # Lists the formats that should be treated as navigational. Formats like
+ # :html, should redirect to the sign in page when the user does not have
+ # access, but formats like :xml or :json, should return 401.
+ # If you have any extra navigational formats, like :iphone or :mobile, you
+ # should add them to the navigational formats lists. Default is [:html]
+ # config.navigational_formats = [:html, :iphone]
+
+ # ==> OAuth2
+ # Add a new OAuth2 provider. Check the README for more information on setting
+ # up on your models and hooks.
+ # config.oauth :github, 'APP_ID', 'APP_SECRET',
+ # :site => 'https://github.com/',
+ # :authorize_path => '/login/oauth/authorize',
+ # :access_token_path => '/login/oauth/access_token',
+ # :scope => %w(user public_repo)
+
+ # ==> Warden configuration
+ # If you want to use other strategies, that are not supported by Devise, or
+ # change the failure app, you can configure them inside the config.warden block.
+ #
+ # config.warden do |manager|
+ # manager.failure_app = AnotherApp
+ # manager.default_strategies(:scope => :user).unshift :some_external_strategy
+ # end
+end
View
1  auth/lib/spree_auth.rb
@@ -1,4 +1,5 @@
require 'spree_core'
+require 'devise'
require 'cancan'
module SpreeAuth
View
1  auth/spec/models/ability_spec.rb
@@ -5,7 +5,6 @@
let(:user) { User.new }
let(:ability) { Ability.new(user) }
- let(:token) { "" }
shared_examples_for "access granted" do
it "should allow read" do
View
14 auth/spec/models/user_spec.rb
@@ -5,19 +5,7 @@
let(:user) { User.new(:email => "foo@bar.com", :password => "secret", :password_confirmation => "secret") }
it "should create a token when saving" do
user.save!
- user.token.should_not be_nil
- end
- end
- context "with token" do
- let(:user) { User.create(:email => "foo@bar.com", :password => "secret", :password_confirmation => "secret") }
- let(:original_token) { user.token }
- pending "#regenerate_token! should change the token" do
- user.regenerate_token!
- user.token.should_not == original_token
- end
- it "#save should not change the value of the token" do
- user.save
- user.token.should == original_token
+ user.authentication_token.should_not be_nil
end
end
end
View
1  auth/spree_auth.gemspec
@@ -20,5 +20,6 @@ Gem::Specification.new do |s|
s.has_rdoc = true
s.add_dependency('spree_core', version)
+ s.add_dependency('devise', '>= 1.1.1')
s.add_dependency('cancan', '>= 1.3.0')
end
View
106 core/app/controllers/user_sessions_controller.rb
@@ -1,106 +0,0 @@
-class UserSessionsController < Spree::BaseController
- before_filter :require_no_user, :only => [:new, :create]
- before_filter :require_user, :only => :destroy
- ssl_required :new, :create, :destroy, :update
- ssl_allowed :login_bar
-
- def new
- @user_session = UserSession.new
- end
-
- def create
- not_need_user_auto_creation =
- user_without_openid(params[:user_session]) ||
- user_with_openid_exists?(:openid_identifier => params['openid.identity']) ||
- user_with_openid_exists?(params[:user_session])
-
- if not_need_user_auto_creation
- create_user_session(params[:user_session])
- else
- create_user(params[:user_session])
- end
- end
-
- def destroy
- current_user_session.destroy
- session.clear
- flash.notice = t("logged_out")
- redirect_to products_path
- end
-
- def nav_bar
- render :partial => "shared/nav_bar"
- end
-
- private
-
- def user_with_openid_exists?(data)
- data && !data[:openid_identifier].blank? &&
- !!User.find(:first, :conditions => ["openid_identifier LIKE ?", "%#{data[:openid_identifier]}%"])
- end
-
- def user_without_openid(data)
- data && data[:openid_identifier].blank?
- end
-
- def create_user_session(data)
- @user_session = UserSession.new(data)
- @user_session.save do |result|
- if result
- # Should restore last uncompleted order and add current(guest) order to it, if exists.
- order = @user_session.record.orders.last(:conditions => {:completed_at => nil})
- if order
- if (session[:order_token] && guest_order = Order.find(:first, :conditions => {:token => session[:order_token], :user_id => nil, :completed_at => nil}))
- guest_order.line_items.each do |line_item|
- order.add_variant(line_item.variant, line_item.quantity)
- end
- order.save
- session[:return_to].gsub!(guest_order.number, order.number) if session[:return_to]
- guest_order.destroy
- end
- session[:order_token] = order.token
- session[:order_id] = order.id
- end
-
- respond_to do |format|
- format.html {
- flash.notice = t("logged_in_succesfully") unless session[:return_to]
- redirect_back_or_default products_path
- }
- format.js {
- user = @user_session.record
- render :json => {:ship_address => user.ship_address, :bill_address => user.bill_address}.to_json
- }
- end
- else
- respond_to do |format|
- format.html {
- flash.now[:error] = t("login_failed")
- render :action => :new
- }
- format.js { render :json => false }
- end
- end
- end
- redirect_back_or_default(products_path) unless performed?
- end
-
- def create_user(data)
- @user = User.new(data)
-
- @user.save do |result|
- if result
- flash.notice = t(:user_created_successfully) unless session[:return_to]
- redirect_back_or_default products_url
- else
- flash.notice = t(:missing_required_information)
- redirect_to :controller => :users, :action => :new, :user => {:openid_identifier => @user.openid_identifier}
- end
- end
- end
-
- def accurate_title
- I18n.t(:log_in)
- end
-
-end
View
49 core/app/controllers/users_controller.rb
@@ -1,49 +0,0 @@
-class UsersController < Spree::BaseController
- resource_controller
-
- before_filter :require_no_user, :only => [:new, :create]
- before_filter :require_user, :only => [:show, :edit, :update]
-
- ssl_required :new, :create, :edit, :update, :show
-
- actions :all, :except => [:index, :destroy]
-
- create do
- flash nil
- success.wants.html { redirect_back_or_default products_path }
- success.wants.js { render :js => true.to_json }
- failure.wants.html { render :new }
- failure.wants.js { render :js => @user.errors.to_json }
- end
-
- show.before :show_before
- new_action.before :new_action_before
-
- def update
- @user = current_user
- if @user.update_attributes(params[:user])
- flash.notice = t("account_updated")
- redirect_to account_url
- else
- render :action => :edit
- end
- end
-
- private
-
- def object
- @object ||= current_user
- end
-
- def show_before
- @orders = @user.orders.checkout_complete
- end
-
- def new_action_before
- flash.now[:notice] = I18n.t(:please_create_user) unless admin_created?
- end
-
- def accurate_title
- I18n.t(:account)
- end
-end
View
82 core/app/models/user.rb
@@ -1,82 +0,0 @@
-class User < ActiveRecord::Base
- before_validation :set_login
- before_save :add_user_role
-
- has_many :orders
- has_and_belongs_to_many :roles
-
- belongs_to :ship_address, :foreign_key => "ship_address_id", :class_name => "Address"
- belongs_to :bill_address, :foreign_key => "bill_address_id", :class_name => "Address"
-
- #RAILS3 TODO
- #extend AuthlogicOpenid::ActsAsAuthentic::Config
- #include AuthlogicOpenid::ActsAsAuthentic::Methods if User.table_exists?
-
- acts_as_authentic do |c|
- c.transition_from_restful_authentication = true
- #AuthLogic defaults
- c.validate_email_field = false
- #c.validates_length_of_email_field_options = {:within => 6..100}
- #c.validates_format_of_email_field_options = {:with => email_regex, :message => I18n.t(‘error_messages.email_invalid’, :default => “should look like an email address.”)}
- c.validate_password_field = false
- #c.validates_length_of_password_field_options = {:minimum => 4, :if => :require_password?}
- #for more defaults check the AuthLogic documentation
- end
-
- #RAILS3 TODO
- #openid_required_fields [:email]
- #openid_optional_fields [:nickname]
-
- # prevents a user from submitting a crafted form that bypasses activation
- # anything else you want your user to change should be added here.
- attr_accessible :email, :password, :password_confirmation, :login#, :openid_identifier
-
- def deliver_password_reset_instructions!
- reset_perishable_token!
- UserMailer.deliver_password_reset_instructions(self)
- end
-
- # has_role? simply needs to return true or false whether a user has a role or not.
- def has_role?(role_in_question)
- roles.any? { |role| role.name == role_in_question.to_s }
- end
-
- def self.guest!
- User.create(:email => "foo@bar.com", :password => "secret", :password_confirmation => "secret")
- end
-
- def guest?
- self.email.blank?
- end
-
- private
- def password_required?
- return false if openid_identifier
- crypted_password.blank? || !password.blank?
- end
-
- # fetch persona from openid.sreg parameters returned by openid server if supported
- # http://openid.net/specs/openid-simple-registration-extension-1_0.html
- def map_openid_registration(registration)
- self.login = registration["nickname"] unless registration["nickname"].blank?
- self.email = registration["email"] unless registration["email"].blank?
- end
-
- # Since we use attr_accessible or attr_protected,
- # we should overwrite this method defined in authlogic_openid.
- def map_saved_attributes(attrs)
- attrs.each do |key, value|
- send("#{key}=", value)
- end
- end
-
- def set_login
- # for now force login to be same as email, eventually we will make this configurable, etc.
- self.login ||= self.email if self.email
- end
-
- def add_user_role
- user_role = Role.find_by_name("user")
- self.roles << user_role if user_role and self.roles.empty?
- end
-end
View
11 core/app/models/user_mailer.rb
@@ -1,11 +0,0 @@
-class UserMailer < ActionMailer::Base
- default_url_options[:host] = Spree::Config[:site_url]
-
- def password_reset_instructions(user)
- subject Spree::Config[:site_name] + ' ' + I18n.t("password_reset_instructions")
- from Spree::Config[:mails_from]
- recipients user.email
- sent_on Time.now
- body :edit_password_reset_url => edit_password_reset_url(user.perishable_token)
- end
-end
View
2  core/app/models/user_session.rb
@@ -1,2 +0,0 @@
-class UserSession < Authlogic::Session::Base
-end
View
6 core/app/views/shared/_login_bar.html.erb
@@ -1,6 +0,0 @@
-<% if current_user %>
- <li><%= link_to t('my_account'), user_path(current_user) %></li>
- <li><%= link_to t('logout'), logout_path %></li>
-<% else %>
- <li><%= link_to t('log_in'), login_path %></li>
-<% end %>
View
9 core/app/views/user_mailer/password_reset_instructions.erb
@@ -1,9 +0,0 @@
-A request to reset your password has been made.
-If you did not make this request, simply ignore this email.
-
-If you did make this request just click the link below:
-
-<%= @edit_password_reset_url %>
-
-If the above URL does not work try copying and pasting it into your browser.
-If you continue to have problem please feel free to contact us.
View
4 core/app/views/user_sessions/authorization_failure.html.erb
@@ -1,4 +0,0 @@
-<div style="height:50px; padding-top: 20px">
- <strong><%= t("authorization_failure")%></strong>
-</div>
-<!-- Add your own custom access denied message here if you like -->
View
8 core/app/views/user_sessions/new.html.erb
@@ -1,8 +0,0 @@
-<% @body_id = 'login' %>
-<div id="existing-customer">
- <h2><%= t("login_as_existing") %></h2>
- <%= hook :login do %>
- <%= render :partial => 'shared/login' %>
- <%= t("or") %> <%= link_to t("create_a_new_account"), signup_path %> | <%= link_to t("forgot_password"), new_password_reset_path %>
- <% end %>
-</div>
View
9 core/app/views/users/_openid_identifier.html.erb
@@ -1,9 +0,0 @@
-<% if Spree::Config[:allow_openid] %>
- <% unless params[:user] && params[:user][:openid_identifier] %>
- <p><%= t(:or) %></p>
- <% end %>
- <p>
- <%= f.label :openid_identifier, t('OpenID', :default => 'OpenID') %><br />
- <%= f.text_field :openid_identifier, :class => 'title openid_url' %>
- </p>
-<% end %>
View
22 core/app/views/users/new.html.erb
@@ -1,22 +0,0 @@
-<%= render "shared/error_messages", :target => @user %>
-
-<% @body_id = 'signup' %>
-
-<div id="new-customer">
- <h2><%= t("new_customer") %></h2>
-
- <%= hook :signup do %>
-
- <%= form_for(@user) do |f| %>
-
- <%= hook :signup_inside_form do %>
- <%= render 'shared/user_form', :f => f %>
- <p><%= submit_tag t("create"), :class => 'button primary' %></p>
- <% end %>
-
- <% end %>
- <%= t("or") %> <%= link_to t("login_as_existing"), login_path %>
-
- <% end %>
-
-</div>
View
21 core/config/routes.rb
@@ -2,25 +2,8 @@
root :to => 'products#index'
- match 'login' => 'user_sessions#new'
- match 'logout' => 'user_sessions#destroy'
- match 'signup' => 'users#new'
-
resources :products
- # # Loads all extension routes in the order they are specified.
- #TODO map.load_extension_routes
-
- resource :user_session do
- member do
- get :nav_bar
- end
- end
-
- match '/account' => 'users#show'
-
- resources :password_resets
-
match '/locale/set' => 'locale#set'
resources :tax_categories
@@ -31,8 +14,6 @@
resources :states, :only => :index
- resources :users
-
resources :orders do
resources :line_items
@@ -84,7 +65,7 @@
namespace :admin do
resources :zones
- resources :users
+ #resources :users
resources :countries do
resources :states
end
View
1  core/lib/spree_core.rb
@@ -33,7 +33,6 @@
require 'stringex'
require 'will_paginate'
require 'less' #TODO RAILS3: consider making this optional
-require 'authlogic'
require 'awesome_nested_set'
require 'acts_as_list'
require 'resource_controller'
View
4 core/spec/models/user_spec.rb
@@ -15,8 +15,4 @@
user = User.new
user.guest?.should be_true
end
- it "can be created without email or passwords" do
- user = User.new
- user.valid?.should be_true
- end
end
View
1  core/spree-core.gemspec
@@ -26,7 +26,6 @@ Gem::Specification.new do |s|
s.add_dependency('bundler', '>= 0.9.26')
s.add_dependency('rails', '>= 3.0.0.rc')
s.add_dependency('highline', '>= 1.5.1')
- s.add_dependency('authlogic', '>= 2.1.5')
s.add_dependency('activerecord-tableless', '>= 0.1.0')
s.add_dependency('less', '>= 1.2.20')
s.add_dependency('stringex', '>= 1.0.3')
Please sign in to comment.
Something went wrong with that request. Please try again.