Only use custom routes

.circleci/config.yml

@@ -28,6 +28,10 @@ jobs:
     steps:
       - checkout
       - browser-tools/install-chrome
+      - solidusio_extensions/dependencies
+      - run:
+          name: 'fix ffi'
+          command: 'bundle install && bundle pristine ffi'
       - solidusio_extensions/run-tests-solidus-master
       - solidusio_extensions/store-test-results
       - notify
@@ -39,6 +43,7 @@ jobs:
     steps:
       - checkout
       - browser-tools/install-chrome
+      - solidusio_extensions/dependencies
       - solidusio_extensions/run-tests-solidus-current
       - solidusio_extensions/store-test-results
       - notify
@@ -50,6 +55,7 @@ jobs:
     steps:
       - checkout
       - browser-tools/install-chrome
+      - solidusio_extensions/dependencies
       - solidusio_extensions/run-tests-solidus-older
       - solidusio_extensions/store-test-results
       - notify

app/controllers/concerns/solidus_auth_devise/deprecated_routes.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module SolidusAuthDevise
+  module DeprecatedRoutes
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :deprecates_solidus_auth_devise_routes
+    end
+
+    private
+
+    def deprecates_solidus_auth_devise_routes
+      return unless params[:deprecated_route]
+
+      Spree::Deprecation.warn(
+        <<~TEXT
+          This route is deprecated: #{request.fullpath.inspect}.
+          It will be removed in solidus_auth_devise v3.
+          If you want to continue using this route please define it in your application code:
+
+          Spree::Core::Engine.routes.draw do
+            devise_scope :spree_user do
+              #{request.method.downcase} #{request.fullpath.inspect}, to: #{controller_path}##{action_name}, ...
+            end
+          end
+
+          Please check your application for places in which this route was generated.
+
+        TEXT
+      )
+    end
+  end
+end

config/routes.rb

@@ -10,7 +10,7 @@
         passwords: 'spree/user_passwords',
         confirmations: 'spree/user_confirmations'
       },
-      skip: [:unlocks, :omniauth_callbacks],
+      skip: :all,
       path_names: { sign_out: 'logout' },
       path_prefix: :user,
       router_name: :spree
@@ -19,16 +19,46 @@
     resources :users, only: [:edit, :update]
 
     devise_scope :spree_user do
-      get '/login', to: 'user_sessions#new', as: :login
-      post '/login', to: 'user_sessions#create', as: :create_new_session
-      match '/logout', to: 'user_sessions#destroy', as: :logout, via: Devise.sign_out_via
-      get '/signup', to: 'user_registrations#new', as: :signup
-      post '/signup', to: 'user_registrations#create', as: :registration
-      get '/password/recover', to: 'user_passwords#new', as: :recover_password
-      post '/password/recover', to: 'user_passwords#create', as: :reset_password
-      get '/password/change', to: 'user_passwords#edit', as: :edit_password
-      put '/password/change', to: 'user_passwords#update', as: :update_password
-      get '/confirm', to: 'user_confirmations#show', as: :confirmation if Spree::Auth::Config[:confirmable]
+      # Custom devise routes
+      get   '/login', to: 'user_sessions#new', as: :login
+      post  '/login', to: 'user_sessions#create', as: :create_new_session
+      match '/logout', to: 'user_sessions#destroy', via: Devise.sign_out_via, as: :logout
+      get   '/password/recover', to: 'user_passwords#new', as: :recover_password
+      get   '/password/change', to: 'user_passwords#edit', as: :edit_password
+      put   '/password/change', to: 'user_passwords#update', as: :update_password
+      post  '/password/recover', to: 'user_passwords#create', as: :reset_password
+      get   '/signup', to: 'user_registrations#new', as: :signup
+      post  '/signup', to: 'user_registrations#create', as: :registration
+      get   '/confirm', to: 'user_confirmations#show', as: :confirmation if Spree::Auth::Config[:confirmable]
+
+      # Legacy devise generated paths
+      #
+      # These are deprecated but we still want to support the incoming routes, in order to give existing stores an upgrade path.
+      # Will be removed at the next major release of solidus_auth_devise.
+      with_options deprecated_route: true do
+        get    '/user/spree_user/password/edit' => 'user_passwords#edit', as: :deprecated_edit_spree_user_password
+        get    '/password/change'               => 'user_passwords#edit', as: :edit_spree_user_password
+        get    '/user/spree_user/password/new'  => 'user_passwords#new', as: :deprecated_new_spree_user_password
+        get    '/password/recover'              => 'user_passwords#new', as: :new_spree_user_password
+        match  '/user/spree_user/password'      => 'user_passwords#update', via: [:patch, :put], as: :deprecated_spree_user_password
+        put    '/password/change'               => 'user_passwords#update', as: :spree_user_password
+        post   '/user/spree_user/password'      => 'user_passwords#create', as: nil
+
+        get    '/login'                         => 'user_sessions#new', as: :new_spree_user_session
+        get    '/user/spree_user/sign_in'       => 'user_sessions#new', as: :deprecated_new_spree_user_session
+        match  '/user/spree_user/logout'        => 'user_sessions#destroy', via: Devise.sign_out_via, as: :deprecated_destroy_spree_user_session
+        match  '/logout'                        => 'user_sessions#destroy', via: Devise.sign_out_via, as: :destroy_spree_user_session
+        post   '/user/spree_user/sign_in'       => 'user_sessions#create', as: :deprecated_spree_user_session
+        post   '/login'                         => 'user_sessions#create', as: :spree_user_session
+
+        get    '/user/spree_user/sign_up'       => 'user_registrations#new', as: :deprecated_new_spree_user_registration
+        get    '/signup'                        => 'user_registrations#new', as: :new_spree_user_registration
+        post   '/user/spree_user'               => 'user_registrations#create', as: nil
+        get    '/user/spree_user/cancel'        => 'user_registrations#cancel', as: :cancel_spree_user_registration
+        get    '/user/spree_user/edit'          => 'user_registrations#edit', as: :edit_spree_user_registration
+        delete '/user/spree_user'               => 'user_registrations#destroy', as: nil
+        match  '/user/spree_user'               => 'user_registrations#update', as: :spree_user_registration, via: [:patch, :put]
+      end
     end
 
     get '/checkout/registration', to: 'checkout#registration', as: :checkout_registration

lib/controllers/frontend/spree/user_confirmations_controller.rb

@@ -8,6 +8,8 @@ class Spree::UserConfirmationsController < Devise::ConfirmationsController
   include Spree::Core::ControllerHelpers::Order
   include Spree::Core::ControllerHelpers::Store
 
+  include SolidusAuthDevise::DeprecatedRoutes
+
   protected
 
   def after_confirmation_path_for(resource_name, resource)

lib/controllers/frontend/spree/user_passwords_controller.rb

@@ -8,6 +8,8 @@ class Spree::UserPasswordsController < Devise::PasswordsController
   include Spree::Core::ControllerHelpers::Order
   include Spree::Core::ControllerHelpers::Store
 
+  include SolidusAuthDevise::DeprecatedRoutes
+
   # Overridden due to bug in Devise.
   #   respond_with resource, location: new_session_path(resource_name)
   # is generating bad url /session/new.user

lib/controllers/frontend/spree/user_registrations_controller.rb

@@ -8,6 +8,8 @@ class Spree::UserRegistrationsController < Devise::RegistrationsController
   include Spree::Core::ControllerHelpers::Order
   include Spree::Core::ControllerHelpers::Store
 
+  include SolidusAuthDevise::DeprecatedRoutes
+
   before_action :check_permissions, only: [:edit, :update]
   skip_before_action :require_no_authentication
 

lib/controllers/frontend/spree/user_sessions_controller.rb

@@ -8,6 +8,8 @@ class Spree::UserSessionsController < Devise::SessionsController
   include Spree::Core::ControllerHelpers::Order
   include Spree::Core::ControllerHelpers::Store
 
+  include SolidusAuthDevise::DeprecatedRoutes
+
   # This is included in ControllerHelpers::Order.  We just want to call
   # it after someone has successfully logged in.
   after_action :set_current_order, only: :create

lib/controllers/frontend/spree/users_controller.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class Spree::UsersController < Spree::StoreController
+  include SolidusAuthDevise::DeprecatedRoutes
+
   skip_before_action :set_current_order, only: :show, raise: false
   prepend_before_action :authorize_actions, only: :new
 

lib/spree/auth/engine.rb

@@ -70,7 +70,6 @@ def self.prepare_backend
         end
       end
 
-
       def self.prepare_frontend
         Spree::BaseController.unauthorized_redirect = -> do
           if spree_current_user

spec/controllers/spree/user_passwords_controller_spec.rb

@@ -10,7 +10,7 @@
       it 'redirects to the new session path' do
         get :edit
         expect(response).to redirect_to(
-          'http://test.host/user/spree_user/sign_in'
+          'http://test.host/login'
         )
       end
 

spec/features/checkout_spec.rb

@@ -111,7 +111,7 @@
       # Need to do this now because the token stored in the DB is the encrypted version
       # The 'plain-text' version is sent in the email and there's one way to get that!
       reset_password_email = ActionMailer::Base.deliveries.first
-      token_url_regex = /\/user\/spree_user\/password\/edit\?reset_password_token=(.*)$/
+      token_url_regex = %r{/password/change\?reset_password_token=(.*)$}
       token = token_url_regex.match(reset_password_email.body.to_s)[1]
 
       visit spree.edit_spree_user_password_path(reset_password_token: token)

spec/mailers/user_mailer_spec.rb

@@ -31,7 +31,7 @@
 
       context 'body includes' do
         it 'password reset url' do
-          expect(@message.body.raw_source).to include "http://#{store.url}/user/spree_user/password/edit"
+          expect(@message.body.raw_source).to include "http://#{store.url}/password/change"
         end
       end
     end