-
-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make solidus_auth_devise for backend work without solidus_frontend #61
Comments
@Kingdutch thanks for this thoughtful and detailed issue write up. This gem has been struggling to find it's place in core/frontend/backend for sometime and the more folks who exercise it the better.
My understanding is that there are intentionally two different scopes, but we'll need to hear about this from the maintainer @stewart for final word. However it plays out, we should update the README to speak to this issue. |
Hey, @Kingdutch - as Brian said, thanks for the write-up. It's greatly appreciated.
I've been thinking about this a bit more over the past few weeks, and I think I've found the most useful solution going forward for the project. There's a few pending fixups that need a release. If you've got patches for the issues you described above I'll gladly accept them, if not I'll write some myself to attempt to cover these issues. These fixes will be baked into a v1.5.0 release. v1.6.0 will consist of any further fixes, as well as deprecation warnings for conditional or strangely named methods ( From there, version 2.0.0 of Additionally, explicit (opt-out) configuration options would also provide a better solution for including decorators and the like. Better documentation of these would make adding Does this sound agreeable to you? |
If I understand correctly this would mean that we would move from two scopes to a single scope that would be used for both 'normal' users (customers) as well as admin users. Which would then be separated by the role system that is in core if I understand correctly. I'm still not really sure then why solidus_auth_devise currently has two scopes (although that's what I'd probably do if I had to write this myself). The advantage is that with one scope you could probably get rid of a lot of conditional code because the authentication point would always be the same whether for normal login or for admin usage. I must admit, my knowledge of solidus_auth_devise at this point is a bit foggy. The step in v1.6.0 to rename So your plan sounds good, I'm just not entirely clear on where we'll end up. |
solidus_auth_devise provides the |
Is this problem solved in the latest version? |
Still not solved - we ended up forking this gem - https://github.com/dstld/solidus_auth_devise |
this would be really useful, can't aaron solution be merged back? |
I see a few commits that address frontend specific things being loaded but as far as I can tell solidus_auth_devise is still broken when only solidus_core and solidus_backend are installed.
For the inital issue report please see: solidusio/solidus#1286
What I have found so far:
Because the
:spree_user
scope for backend is created in the:admin
namespace devise will create it and its helpers as admin_spree_user.In
lib/spree/authentication_helpers.rb
on master there are conditionals for the paths butspree_current_user
is defined to usecurrent_spree_user
(the default Devise helper) which does not exist in the described setup.Changing
current_spree_user
tocurrent_admin_spree_user
fixes this part of the issue so there should probably be another conditional included here.This makes the authentication function able to find the current spree user. However, this confuses Devise because in
config/routes.rb
the paths for the admin scope are defined on thespree_user
scope instead of theadmin_spree_user
scope and thus they can not be found. (devise_for
does take any namespaces into account when determining what to pass todevise_scope
but this is not done in the manual invocation ofdevise_scope
in the routes file).By changing
devise_scope
on line 50 to:admin_spree_user
this error is fixed.We are now at a point where the initial navigation to
/admin
will redirect to/admin/login
.A new error occurs here: on line 28 of
lib/views/backend/spree/admin/user_sessions/new.html.erb
the helper functionrecover_password_path
is called. However therecover_password
path is never defined for the admin user scope. It is however defined when the frontend is available.There are two possible fixes:
Either remove the link from the admin login page which is easiest or copy the routes from the frontend to also be used on the backend scope.
Choosing for now the simplest option and removing the links I continue my quest. The login screen is correctly presented however it won't properly submit because of a call to
authenticate_spree_user!
inSpree::Admin::UserSessionsController
. Changing the scope here and on the if statement that checks if authentication was succesful (line 15) will fix the errors upon login form submission.I would be glad to provide a pull request with all the changes. My main problem is that I'm not sure about the intentions in the initial implementation:
This is the point at which I'm stuck. My feeling says that the second option is intended. My fixes however are intended towards the first option. As an alternative, setting the admin namespace
as: nil
will prevent Devise from prefixing the scope withadmin
. This however breaks other places that do useadmin_login_path
.What is the intended way forward?
Apologies for the wall of text, I've tried to document my research best as possible.
The text was updated successfully, but these errors were encountered: