Copy routes/controllers/views/tests from auth_devise

README.md

@@ -36,10 +36,13 @@ Just run:
 rails new store --skip-javascript
 cd store
 bundle add solidus_core solidus_backend solidus_api solidus_sample
-bin/rails generate solidus:install
+bin/rails generate solidus:install --auto-accept
 ```
 
-And type `y` when prompted if you want to install Solidus Auth Devise
+Please note that `--auto-accept` will add [Solidus Auth Devise]
+(https://github.com/solidusio/solidus_auth_devise) to your application. At the
+moment, SolidusStarterFrontend requires the application to include the gem. In
+the future, we'll make Solidus Auth Devise optional.
 
 ### For existing stores
 
@@ -61,6 +64,10 @@ gem 'solidus_sample'
 And replace all the references of the string `Spree::Frontend::Config` in your
 project with `SolidusStarterFrontend::Config`.
 
+You'll also need to make sure that [Solidus Auth Devise]
+(https://github.com/solidusio/solidus_auth_devise) is installed in your
+application.
+
 ### Frontend installation
 
 You can copy the starter frontend files to your project:
@@ -74,7 +81,11 @@ These commands will install the gem globally and copy this project's views,
 assets, routes and controllers to your project. You can change easily anything
 that we created; this gives you a lot of freedom of customization.
 
-Please note however that you won't be able to auto-update the storefront code
+In addition, please note that the command will add Solidus Auth Devise
+frontend components to your app. At the moment, you will need to manually
+remove the gem and its frontend components if you don't need them.
+
+Finally, please note that you won't be able to auto-update the storefront code
 with the next versions released since this project's gem will not be present in
 your Gemfile.
 

app/controllers/spree/checkout_controller.rb

@@ -16,10 +16,15 @@ class CheckoutController < Spree::StoreController
     before_action :ensure_valid_state
 
     before_action :associate_user
+    before_action :check_registration, except: [:registration, :update_registration]
     before_action :check_authorization
 
     before_action :setup_for_current_state, only: [:edit, :update]
 
+    # This action builds some associations on the order, ex. addresses, which we
+    # don't need to build or save here.
+    skip_before_action :setup_for_current_state, only: [:registration, :update_registration]
+
     helper 'spree/orders'
 
     rescue_from Spree::Core::GatewayError, with: :rescue_from_spree_gateway_error
@@ -47,6 +52,20 @@ def update
       end
     end
 
+    def registration
+      @user = Spree::User.new
+    end
+
+    def update_registration
+      if params[:order][:email] =~ Devise.email_regexp && current_order.update(email: params[:order][:email])
+        redirect_to spree.checkout_path
+      else
+        flash[:registration_error] = t(:email_is_invalid, scope: [:errors, :messages])
+        @user = Spree::User.new
+        render 'registration'
+      end
+    end
+
     private
 
     def update_order
@@ -173,11 +192,6 @@ def ensure_sufficient_stock_lines
       end
     end
 
-    # Provides a route to redirect after order completion
-    def completion_route
-      spree.order_path(@order)
-    end
-
     def setup_for_current_state
       method_name = :"before_#{@order.state}"
       send(method_name) if respond_to?(method_name, true)
@@ -220,10 +234,6 @@ def rescue_from_spree_gateway_error(exception)
       render :edit
     end
 
-    def check_authorization
-      authorize!(:edit, current_order, cookies.signed[:guest_token])
-    end
-
     def insufficient_stock_error
       packages = @order.shipments.map(&:to_package)
       if packages.empty?
@@ -240,5 +250,49 @@ def insufficient_stock_error
         end
       end
     end
+
+    def order_params
+      params.
+        fetch(:order, {}).
+        permit(:email)
+    end
+
+    def skip_state_validation?
+      %w(registration update_registration).include?(params[:action])
+    end
+
+    def check_authorization
+      authorize!(:edit, current_order, cookies.signed[:guest_token])
+    end
+
+    # Introduces a registration step whenever the +registration_step+ preference is true.
+    def check_registration
+      return unless registration_required?
+
+      store_location
+      redirect_to spree.checkout_registration_path
+    end
+
+    def registration_required?
+      Spree::Auth::Config[:registration_step] &&
+        !already_registered?
+    end
+
+    def already_registered?
+      spree_current_user || guest_authenticated?
+    end
+
+    def guest_authenticated?
+      current_order&.email.present? &&
+        Spree::Config[:allow_guest_checkout]
+    end
+
+    # Overrides the equivalent method defined in Spree::Core.  This variation of the method will ensure that users
+    # are redirected to the tokenized order url unless authenticated as a registered user.
+    def completion_route
+      return spree.order_path(@order) if spree_current_user
+
+      spree.token_order_path(@order, @order.guest_token)
+    end
   end
 end

app/controllers/spree/user_confirmations_controller.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class Spree::UserConfirmationsController < Devise::ConfirmationsController
+  helper 'spree/base', 'spree/store'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
+  include SolidusStarterFrontend::Taxonomies
+
+  protected
+
+  def after_confirmation_path_for(resource_name, resource)
+    signed_in?(resource_name) ? spree.signed_in_root_path(resource) : spree.login_path
+  end
+end

app/controllers/spree/user_passwords_controller.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+class Spree::UserPasswordsController < Devise::PasswordsController
+  helper 'spree/base', 'spree/store'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
+  include SolidusStarterFrontend::Taxonomies
+
+  # Overridden due to bug in Devise.
+  #   respond_with resource, location: new_session_path(resource_name)
+  # is generating bad url /session/new.user
+  #
+  # overridden to:
+  #   respond_with resource, location: spree.login_path
+  #
+  def create
+    self.resource = resource_class.send_reset_password_instructions(params[resource_name])
+
+    set_flash_message(:notice, :send_instructions) if is_navigational_format?
+
+    if resource.errors.empty?
+      respond_with resource, location: spree.login_path
+    else
+      respond_with_navigational(resource) { render :new }
+    end
+  end
+
+  # Devise::PasswordsController allows for blank passwords.
+  # Silly Devise::PasswordsController!
+  # Fixes spree/spree#2190.
+  def update
+    if params[:spree_user][:password].blank?
+      self.resource = resource_class.new
+      resource.reset_password_token = params[:spree_user][:reset_password_token]
+      set_flash_message(:error, :cannot_be_blank)
+      render :edit
+    else
+      super
+    end
+  end
+
+  protected
+
+  def translation_scope
+    'devise.user_passwords'
+  end
+
+  def new_session_path(resource_name)
+    spree.send("new_#{resource_name}_session_path")
+  end
+end

app/controllers/spree/user_registrations_controller.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+class Spree::UserRegistrationsController < Devise::RegistrationsController
+  helper 'spree/base', 'spree/store'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
+  include SolidusStarterFrontend::Taxonomies
+
+  before_action :check_permissions, only: [:edit, :update]
+  skip_before_action :require_no_authentication
+
+  def create
+    build_resource(spree_user_params)
+    if resource.save
+      set_flash_message(:notice, :signed_up)
+      sign_in(:spree_user, resource)
+      session[:spree_user_signup] = true
+      respond_with resource, location: after_sign_up_path_for(resource)
+    else
+      clean_up_passwords(resource)
+      respond_with(resource) do |format|
+        format.html { render :new }
+      end
+    end
+  end
+
+  protected
+
+  def translation_scope
+    'devise.user_registrations'
+  end
+
+  def check_permissions
+    authorize!(:create, resource)
+  end
+
+  private
+
+  def spree_user_params
+    params.require(:spree_user).permit(Spree::PermittedAttributes.user_attributes | [:email])
+  end
+end

app/controllers/spree/user_sessions_controller.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+class Spree::UserSessionsController < Devise::SessionsController
+  helper 'spree/base', 'spree/store'
+
+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::Common
+  include Spree::Core::ControllerHelpers::Order
+  include Spree::Core::ControllerHelpers::Store
+  include SolidusStarterFrontend::Taxonomies
+
+  # This is included in ControllerHelpers::Order.  We just want to call
+  # it after someone has successfully logged in.
+  after_action :set_current_order, only: :create
+
+  def create
+    authenticate_spree_user!
+
+    if spree_user_signed_in?
+      respond_to do |format|
+        format.html do
+          flash[:success] = I18n.t('spree.logged_in_succesfully')
+          redirect_back_or_default(after_sign_in_path_for(spree_current_user))
+        end
+        format.js { render success_json }
+      end
+    else
+      respond_to do |format|
+        format.html do
+          flash.now[:error] = t('devise.failure.invalid')
+          render :new
+        end
+        format.js do
+          render json: { error: t('devise.failure.invalid') },
+            status: :unprocessable_entity
+        end
+      end
+    end
+  end
+
+  protected
+
+  def translation_scope
+    'devise.user_sessions'
+  end
+
+  private
+
+  def accurate_title
+    I18n.t('spree.login')
+  end
+
+  def redirect_back_or_default(default)
+    redirect_to(session["spree_user_return_to"] || default)
+    session["spree_user_return_to"] = nil
+  end
+
+  def success_json
+    {
+      json: {
+        user: spree_current_user,
+        ship_address: spree_current_user.ship_address,
+        bill_address: spree_current_user.bill_address
+      }.to_json
+    }
+  end
+end