Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Fixes spree custom user generator #1618

wants to merge 225 commits into from

Having a vanilla rails app with no spree initializer in it the spree::custom_user generator fails with file not found error.

This fixes this by creating a spree initializer if no one is present, otherwise appending to it.

radar added some commits
@radar radar Rip out auth component, provide facilities for custom authentication af7803d
@radar radar Add authorize_admin hook to Admin::BaseController
This is so the admin section is disabled *by default*
@radar radar user_class method inside Spree module should be defined as a module m…
@radar radar Add spree/shared/unauthorized view 4678bfc
@radar radar Define a spree_login_path method in BaseController that is overridable a134193
@radar radar Don't do permission checking in ability.rb if user obj does not respo…
…nd to has_spree_role? method
@radar radar Default current_spree_user to nil when user_class or current_user_met…
…hod not provided
@radar radar Replace references to current_user with current_spree_user f0d9874
@radar radar Replace two more occurrences of current_user with current_spree_user
@radar radar Make current_spree_user a helper_method f3584a0
@radar radar Move current_ability, current_spree_user and unauthorized methods int…
…o ControllerHelpers.

This is so these methods are available for places, such as Spree::UserRegistrationsController inside spree_auth_devise that don't inherit from Spree::BaseController but do include Spree::Core::ControllerHelpers
@radar radar Correct call to helper_method inside ControllerHelpers 8a01c41
@radar radar Remove instantiate_controller_and_action_names from ControllerHelpers
What was this even doing? Just use params[:action] and params[:controller] instead.
@radar radar Add store_location to controller_helpers, define spree_signup_path an…
…d spree_logout_path methods that can be overridden
@radar radar spree_login_path, spree_signup_path and spree_logout_path methods nee…
…d to be inside of an auth extension, as they are particular to that
@radar radar Rename current_spree_user to spree_current_user to keep it in line wi…
…th all other auth methods
@radar radar Fix one more occurrences of current_spree_user in orders/show c45cf9f
@radar radar Remove current_user_method
It is better to simply define a spree_current_user method by using a decorator inside the auth extension, than defining it arbitrarily inside an initializer. The login_path, logout_path and sign_in_path methods are already supposed to be in a decorator, so this can join it
@radar radar Add auth-take-two to Travis 48b1d2e
@radar radar Remove auth from install script and Rake tasks a5d61f9
@radar radar Remove auth from travis 9fea502
@radar radar Remove spree_auth as a dependency of api 25efc16
@radar radar Call has_spree_role? method on current_api_user in api's base_controller b9b74b2
@radar radar Define has_spree_role? dummy method on Spree::User be2ce64
@radar radar Correct script/rails file in core
It was generating things inside of spec/dummy, which is wrong
@radar radar Add Spree::Core::TokenResource
This was taken from the auth component of Spree, but really belongs in Core as it is an AUTHORIZATION thing, and not an AUTHENTICATION thing
@radar radar Fix script/rails in API 41c51c9
@radar radar Include Spree::TokenResource into ActiveRecord::Base at end of token_…
@radar radar Use correct module in token_resource 7338de3
@radar radar Add TokenResource spec e1db14d
@radar radar Correct prefix tokenized_permissions table with spree_ c70da69
@radar radar [api] use has_spree_role, not has_role? in orders_controller b51ed4b
@radar radar [api] Add roles association and override for has_spree_role? method t…
…o User decorator
@radar radar [api] Stub has_spree_role? not has_role? in sign_in_as_admin! helper 6ee8d0d
@radar radar Add initializer to dummy app that sets Spree.user_class f9618f2
@radar radar Use correct class in TokenResource spec 5fb3a5c
@radar radar Remove useless db/sample directory
It contained the users.rb file which was commented out
@radar radar Due to changes in #1504, permalinks that share similar names to other…
… permalinks may now have numbers suffixed or incremented higher than expected to avoid potential conflicts
@radar radar There is no more spree_auth for dash to rely on bfaed51
@radar radar Hack around not being able to sign in as a user in analytics_spec 84dac82
@radar radar No more auth for promo to rely on either 754b6fd
@radar radar Add roles association to User for dash 02a40bb
@radar radar Add roles association to User for promo 8a3dc04
@radar radar Remove mention of spree_auth assets from spree_promo assets 633d86f
@radar radar remove authentication helpers from dash 0dc586d
@radar radar Remove authentication helpers form promo a927960
@radar radar No longer link orders to anonymous users. Every order must have a val…
…id email address associated with it
@radar radar Prompt for email address on checkout page if one is not already provided eb0e5a5
@radar radar Use Spree.user_class in Spree::Promotion::Rules::User eb020f5
@radar radar Remove sign up spec from promotion adjustments and switch over from u…
…sing sign_in_as! now that auth is gone
@radar radar Add question asking if user wants default authentication (spree_auth_…
@radar radar Remove Auth::Engine seed loading from install generator 2c74185
@radar radar [petty] fix spacing for inside call in cmd/installer 36a6253
@radar radar Default Spree.user_class in config/initializers/spree.rb 5d26f24
@radar radar Remove Spree::Auth::Engine mounting in rails/routes template for sandbox 875fb9d
@radar radar only mount core inside sandbox routes e02c276
@radar radar Revert "Remove Auth::Engine seed loading from install generator"
This reverts commit 2c74185.

If the user says "yes please install the default auth", we still want
the default users created.
@radar radar Use radar's copy of spree_auth_devise until it is made official 45b36e5
@radar radar Remove initializer from custom_user generator
This is actually taken care of inside the spree.rb initializer now
@radar radar Add checks for Spree.user_class to api, dash and promo user decorators e15009e
@radar radar Remove initializer template call from custom user generator 5de8d73
@radar radar Correct comment in Spree::User to point at correct spree_auth_devise …
@radar radar Remove spree_auth mentions from assets 45171e3
@radar radar Insert require for spree/core/controller_helpers_ext into config/init…
@radar radar WIP: adding spree_auth_devise to sandbox Gemfile
This is currently NOT working. Will investigate lateR
@radar radar Remove sandbox_generator, replace with Rails template
The rails template's code is much simpler and allows us to enforce specific gem requirements that the dummy application should never have.

This fixes the sandbox's requirement of spree_signup_path as pointed out by BDQ here: spree#1512 (comment)
@radar radar Move sandbox.rb to lib/sandbox.rb 73ded00

What about invoking it?


What difference does it make?

radar and others added some commits
@radar radar Move common Spree.user_class role decorations into core
As per BDQ's comment here: spree#1512 (comment)
@radar radar Put user class extensions inside a to_prepare block fab8d3d
@radar radar Use rm_rf to delete sandbox directory b64ac4c
@radar radar Fixed typo in sandbox.rb 1cc3144
@radar radar to_prepare method is on Spree::Core::Engine.config, not Spree::Core::…
@radar radar Remove spree_auth_devise and devise_encryptable from sandbox 459a8d5
@radar radar Redirect to either spree_login_path (if it exists) or root_path for s…
@radar radar Stub authorization for admin controllers 3263215
@radar radar Move associate_user out of ControllerHelpers, into CheckoutController
The only place this is necessary is in CheckoutController's actions. This now runs as a before_filter
@radar radar Move clone_billing_address to be with other before_validation call in…
… Order model

This was previously ~250 lines down in the model
@radar radar Move controller helpers into Spree::AuthenticationHelpers module 4812d22
@radar radar Add debugger gem f9018e8
@radar radar Remove debug from checkout_controller 632b5d2
@radar radar Only use spree_account_path in orders/show if available ae99482
@radar radar Stub authorization in correct OrdersController 2bae6e1
@radar radar Re-add as_null_object to Order model stub in CheckoutController spec …
…to fix broken tests
@radar radar Move regression test for #538 into its own controller spec
Read the comment in the spec
@radar radar Added stub_authorization! for request specs
This is used to give the current request spec permission to perform any and all admin actions
@JDutil JDutil Only use Spree::Responder if needed for the current controller.
Stops preventing when any spree_responders are
defined. [fixes #1301]

Merges #1515
@jumph4x jumph4x Changing Admin AJAX urls in the _head partial to use relative paths. #… 0e86ce5
@deJaVisions deJaVisions Updated @user.authentication_token.present? check, and print out to u…
…se @user.api_key instead in the api_fields partial. Not sure why @user_authentication_token was being used instead.

[Fixes #1521]

Merges #1522
@cmar cmar unnest images api from variants and products, use viewable_id instead 6e3beec
Andrea Schiavini Per item calculator should only apply to matching products
Fixes #1524

Merges #1526
@cmar cmar fixed travis syntax error, unexpected tSYMBEG, expecting tAMPER 8e263b6
@JDutil JDutil Edge version is 1.2.0.beta
[Fixes #1530]
@shadchnev shadchnev passing the currency code from payment method preferences to the gateway
[fixes #1528]
@cmar cmar using lambda change count for image tests 1fbb331
Matthias Wagner Removed useless hidden submit button
[Fixes #1535] [Fixes #1538]
@JDutil JDutil Allow pagination of product search results.
[Fixes #1539]
@maximkulkin maximkulkin Properly escape permalink when checking it for uniqueness.
[Fixes #1505]
@GeekOnCoffee GeekOnCoffee Adding Load Path to API to fix #1536 d115953
@beneggett beneggett Locked devise at version 2.0.x, as 2.1 just launched and breaks auth.…
… Devise just launched 2.1, running bundle update breaks Spree Auth; locking devise to 2.0.x.

Will update to Spree to use Devise 2.1 as 2.1 clears RC process and docs are released, etc.. See for details
tneems and others added some commits
@tneems tneems Allow voiding of transactions on gateways supporting profiles
Closes #1546
@JDutil JDutil Explicitly nest promotion classes.
Fixes #1548
@radar radar Remove old site generator 705da27
@GeekOnCoffee GeekOnCoffee Switching from Order BETWEEN Sql fragment to AR Range 8a617b7
Ted Lilley Add SalesTax to DefaultTax migration for spree_calculators
Fixes #1581

Closes #1585
@radar radar Convert all Order scopes to class methods 10666e4
@radar radar Remove core/ext/string
This file:

1) Contained a method that wasn't in use anywhere.
2) Wasn't being required
@radar radar Remove very old comments from core/config/initializers/spree.rb 32586ed
@radar radar Increase price of T-Shirt in 'custom products' shared context
This is because it was causing randomly failing builds, like this:!/spree/spree/jobs/1406098.

What happens is that because the Tote, Stein and T-Shirt all fall within
the $15-18 price range, you would get three products returned. The per
page on this test is set to two, and so *sometimes* you'd get the two
you were expecting, other times you would get the Stein included and not
the T-Shirt or the Tote.

@mscottford mscottford Fixes mass assignment exception when creating a promo code that creat…
…es a line item.

Closes #1587
@mscottford mscottford Fixes issue with redeeming a promo code for a 'free' item.
Closes #1589
@mscottford mscottford Adds a `serializable_hash` method to the result of `Product#variant_i…

Fixes #1570
@joneslee85 joneslee85 No need self. for getter context 042b38e
@joneslee85 joneslee85 It is good to use dot to denote class method convention in spec 5a7e12e
@kennyadsl kennyadsl resets cycle if taxon contians less then four products
Merges #1586
@pirj pirj fixing "1 234.00 " cost_price validation failure coming from admin pr…
…oduct controller

Closes #1592
@radar radar [core] Correct test breakages in requests/products_spec.rb caused by @1… dbf4f63
@radar radar Correct products spec to have three products so that pagination is en…
@radar radar Remove effective_tax_rate method that was not being used
Closes #1419
@mscottford mscottford Fixes issue that causes order totals to be stale after calling Order#…

Merges #1595
@GeekOnCoffee GeekOnCoffee Adjustment Scope Refactor
[Fixes #1597]
@joneslee85 joneslee85 Updating master variant should also touch product
[Fixes #1583]
@radar radar Revert "Fixes issue that causes order totals to be stale after callin…
…g Order#add_variant."

This reverts commit 7868902.

Re-opens #1595
@radar radar Regression test for inadvertent ShippingMethod per-item calculator br…

Replicates #1596
@radar radar Revert "Per item calculator should only apply to matching products"
This reverts commit 93be6fa.

Reverted due to #1596
@radar radar Refactor out shipping_method checks so they can be performed individu…

This would help to determine why a particular shipping method may not apply to an order
@mscottford mscottford Fixes issue that causes order totals to be stale after calling Order#…

Also, Changes order api test to use actual Spree::Variant objects instead of stubs, because of the interactions between Spree::LineItem and Spree::Order.

Merges #1595
@laurens laurens Correct issue with per item calculator when used with shipping method
Relates to #1596

Merges #1601
@radar radar Re-add matching products limiter to per_item calculator
As per #1526, related to #1524 and #1596.
@radar radar Correct issue with per item calculator and no matching products
Relates to #1596
@radar radar Make datepicker use correct month name
Fixes #1602

Clean up relateddayNames and dayNamesMin variables in admin.js.erb too
@radar radar Fix brittle products spec test
Only check that there are two products on first page, one on second. It's not important what their names are, only the counts
@radar radar Don't delete search and taxon information in shared products pagination.
It is necessary to retain these values so that when the next page button is pressed the search and taxon information is preserved for each subsequent page
@radar radar Rip out auth component, provide facilities for custom authentication 3142e7d
@radar radar Remove current_ability, current_spree_user and unauthorized dupe meth…
…ods in BaseController

They were placed there from the rebase
@radar radar Remove duplicate test in products_controller_spec that is now in miss…
@radar radar Add mistakenly removed helpers from promotion_adjustments_spec back b2cd26c
@radar radar Add user decorator for roles, and authorization helpers for promotion…
… adjustments spec
@radar radar Don't include debugger gem by default
As this causes the build to break on Travis because Travis can't compile
it. Travis doesn't need to debug things, so let's leave it out by
@radar radar Correct permission scoping in load_product method in Spree::ProductsC…
@radar radar Try has_spree_role? method on spree_current_user for products_controller
There is *definitely* situations where spree_current_user is going to be nil
@radar radar [promo] Specify table name for roles association in user decorator 58f40cb
@radar radar [promo] Use join_table, not join_table name in user decorator 1093674
@radar radar Remove Admin::UsersController
Moved banner functionality to Admin::BannersController
@radar radar Remove call to spree.admin_users_path in spree/admin/shared/_head 871d045
@radar radar Remove users tab from spree/admin/shared/_tabs.html.erb 04b27dd
@radar radar Remove Users tab testing in admin/homepage_spec 9c7f056
@radar radar Remove users request spec 13c3d97
@radar radar [api] Remove users_controller_decorator
Developers will now need to add this themselves, or use an authentication extension which already provides it
@radar radar [promo] make actions/create_line_items specs not depend on database o…

See broken build #1419.6 for the problems this caused in the past
@radar radar [promo] stop depending on DB order in promotion_adjustments's spec 39f19c8
@radar radar Store location before redirecting in unauthorized no-user situation 2512bb9
@radar radar Controllers always responds to spree_current_user
Due to method definition inside ControllerHelpers
@radar radar Add authentication routes to disallowed_routes in store_location, only
if they exist
@radar radar Check for spree_user_signup in CheckoutController
This is now the event that will trigger spree.user.signup notification for FirstOrder promotion

This leads to a shorter syntax in authentication extension gems, while still preserving all of the same functionality. i.e. User signs up, gets credited with the promotion.
@radar radar Clear session[:spree_user_signup] after we're finished with it 4c5e1e7
@radar radar variable name is authentication_routes, not authenticated_routes 911f410
@radar radar Fixed issue where :user was not being passed correct value to spree.u…
…ser.signup event
@radar radar Remove 'Done' from sandbox output, as it just gets swallowed up by
bundle install
@radar radar [cmd] Remove automatic setup of admin user from installer 2d4a848
@radar radar Remove incorrect helper_method calls from authentication_helpers temp…
@radar radar Correct name of roles association in config/initializers/user_class_e…
@radar radar No need for promo user decorator
This is because core/config/initializers/user_class_extensions now deals
with setting up the roles association
@radar radar Rename api_key field to spree_api_key
This is to stop it conflicting with a potentially similarly named field on Spree.user_class models
@radar radar Add orders association for Spree.user_class models f090c83
@radar radar Rename api_key to spree_api_key in custom_user migration too 62f76a9
@radar radar Correct roles association name in user factory 1512ccb
@radar radar Remove devise and cancan dependencies from spree_sample
Devise is now provided by authentication extensions, and cancan is a dependency of core now
@radar radar Use append_file rather than insert_into file for authentication_helpe…
…rs hook

It's not important that this is done before configuration, and therefore can go anywhere in the file

h/t beneggget
@radar radar Fix issue where order was not being remembered
Fixes #1066
@radar radar Remove debug page! in checkout_spec fd288d3
@radar radar Add last_incomplete_spree_order to test doubles in checkout and produ…
…cts controller specs
@radar radar Need to include Spree::AuthenticationHelpers into ApplicationControll…
…er automatically
@radar radar Check for last_incomplete_order before setting session[:order_id] ins…
…ide set_current_order
@radar radar Wrap product descriptions in paragraph tags only when there's a line
followed by two line breaks.

Fixes #1607
@radar radar Move contents of Spree::Core::ControllerHelpers module into Spree::Ba…

This is so that the methods can be more easily overriden. Methods provided by a module cannot be overriden on what they are included into. For example, if Spree::BaseController kept including ControllerHelpers which was defining a spree_current_user method and an authentication extension attempted to override this method, it would not work. The method that would be called would be the dummy one included in ControllerHelpers.

It never made sense to me to have ControllerHelpers only being included in one place. Therefore, let's just throw everything in the BaseController so it's more obvious to people where things come from.

This will probably fix the issue where spree_current_user is nil on custom-auth apps
@radar radar Add spree/analytics helper to Spree::BaseController in to_prepare blo…
…ck for Spree::Dash::Engine
@radar radar Moved cancan require to spree/core, where all the other requires are cbdb3ad
@radar radar Actually remove inclusion of Spree::Core::ControllerHelpers, rather t…
…han just talking about it
@radar radar move default_notification_payload into config.to_prepare, call it on …
…Spree::BaseController instead
@radar radar Add helper_method line for spree_current_user to authentication_helpers 8404a3a
@radar radar Include Spree::AuthenticationHelpers into Spree::BaseController also a353262
@radar radar Bump maximum Rails version to 3.2.4 dde7a0f
@radar radar Revert back to Rails 3.2.3
This is due to a number of regressions reported in Rails:


As well as a failing test inside of api brought on by rails/rails@ac465d5.

There is also the issue of link_to_function's deprecation in this version of Rails, which is still used in a couple of places in Spree.
@radar radar Namespace Taxonomy reference in Spree::BaseController
A user, beneggett, reported that sans-namespace reference was causing uninitialized constant Spree::BaseController::Taxonomy
@radar radar Add spree_current_user back to Spree::BaseController to make tests happy 28e9ffe
@radar radar Need to make spree_current_user a helper method also 0a7aaf9

Made tests happy, made access to /admin area break...resulting in redirect loop again.

It seems this is not being overridden as hoped by the spree/auth_helper.


Providing a proxy method called current_user which will now be used within spree to reference the current user. This will reference spree_current_user if it exists, or nil if it doesn't.


Sorry !

@tvdeyen tvdeyen closed this

I don't know what went wrong. I fetched your branch and made a feature branch, like usually, but sometimes git makes you say WAT?

The commit fixing this issue is 12a10ab


Ah, I see I messed up the branches. I should have sent to auth-take-two.

Sorry about that!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.