⚠️ Warning - maintenance mode

This gem is only usable for Spree below version 5.0 (eg, Spree 4.x). For Spree 5 you do not need this gem.

Authentication with Devise in Spree 5 tutorial

Spree Auth Devise

Provides authentication services for Spree, using the Devise gem.

Installation

1. Add this extension to your Gemfile with this line:

gem 'spree_auth_devise'

if you run into any version-mismatch problems please run bundle update

2. Install the gem using Bundler:

bundle install

3. Copy & run migrations

bundle exec rails g spree:auth:install

Upgrading from Spree 3.0 to 3.1

If you're upgrading from 3.0 to 3.1 you need to rerun the installer to copy new asset files (javascripts)

bundle exec rails g spree:auth:install

Configuration

Confirmable

To enable Devise's Confirmable module, which will send the user an email with a link to confirm their account, you must do the following:

• Add this line to an initializer in your Rails project (typically config/initializers/spree.rb):

Spree::Auth::Config[:confirmable] = true

• Add a Devise initializer to your Rails project (typically config/initializers/devise.rb):

Devise.setup do |config|
  # Required so users don't lose their carts when they need to confirm.
  config.allow_unconfirmed_access_for = 1.days

  # Fixes the bug where Confirmation errors result in a broken page.
  config.router_name = :spree

  # Add any other devise configurations here, as they will override the defaults provided by spree_auth_devise.
end

Sign out after password change

To disable signout after password change you must add this line to an initializer in your Rails project (typically config/initializers/spree.rb):

Spree::Auth::Config[:signout_after_password_change] = false

Using in an existing Rails application

If you are installing Spree inside of a host application in which you want your own permission setup, you can do this using spree_auth_devise's register_ability method.

First create your own CanCan Ability class following the CanCan documentation.

For example: app/models/your_ability_class.rb

class YourAbilityClass
  include CanCan::Ability

  def initialize user
    # direct permissions
     can :create, SomeRailsObject

     # or permissions by group
     if spree_user.has_spree_role? "admin"
       can :create, SomeRailsAdminObject
     end
   end
end

Then register your class in your spree initializer: config/initializers/spree.rb

Spree::Ability.register_ability(YourAbilityClass)

Inside of your host application you can then use CanCan like you normally would.

<% if can? :show, SomeRailsObject %>

<% end %>

Adding Permissions to Gems

This methodology can also be used by gems that extend spree and want/need to add permissions.

Ruby 2.5 issues

If you encounter issues when using Ruby 2.5, please run:

bundle update devise

Creating the default Admin user

If you didn't created the Admin user from the installer you can run this rake task:

bundle exec rake spree_auth:admin:create

Testing

You need to do a quick one-time creation of a test application and then you can use it to run the tests.

bundle exec rake test_app

Then run the rspec tests.

bundle exec rspec

License

Spree Starter (formerly Spark Starter Kit) is copyright © 2015-2021 Spark Solutions Sp. z o.o.. It is free software, and may be redistributed under the terms specified in the LICENSE file.

About Spark Solutions

Spree Auth Devise is maintained and funded by Spark Solutions Sp. z o.o. The names and logos are trademarks of Spark Solutions Sp. z o.o.

We are passionate about open source software. We are available for hire.