Spree Auth (Devise)
Provides authentication services for Spree, using the Devise gem.
Installation
- Add this extension to your Gemfile with this line:
#### Spree >= 3.1
gem 'spree_auth_devise', '~> 3.3'
#### Spree 3.0 and Spree 2.x
gem 'spree_auth_devise', github: 'spree/spree_auth_devise', branch: 'X-X-stable'
The branch
option is important: it must match the version of Spree you're using.
For example, use 3-0-stable
if you're using Spree 3-0-stable
or any 3.0.x
version.
Install the gem using Bundler:
bundle install
Copy & run migrations
bundle exec rails g spree:auth:install
Upgrading from Spree 3.0 to 3.1
If you're upgrading from 3.0 to 3.1 you need to rerun the installer to copy new asset files (javascripts)
bundle exec rails g spree:auth:install
Configuration
Confirmable
To enable Devise's Confirmable module, which will send the user an email with a link to confirm their account, you must do the following:
Add this line to an initializer in your Rails project (typically
config/initializers/spree.rb
):Spree::Auth::Config[:confirmable] = true
Add a Devise initializer to your Rails project (typically
config/initializers/devise.rb
):Devise.setup do |config| # Required so users don't lose their carts when they need to confirm. config.allow_unconfirmed_access_for = 1.days
# Fixes the bug where Confirmation errors result in a broken page. config.router_name = :spree
# Add any other devise configurations here, as they will override the defaults provided by spree_auth_devise. end
### Sign out after password change
To disable signout after password change you must add this line to an initializer in your Rails project (typically `config/initializers/spree.rb`):
```ruby
Spree::Auth::Config[:signout_after_password_change] = false
Using in an existing Rails application
If you are installing Spree inside of a host application in which you want your own permission setup, you can do this using spree_auth_devise's register_ability method.
First create your own CanCan Ability class following the CanCan documentation.
For example: app/models/your_ability_class.rb
class YourAbilityClass
include CanCan::Ability
def initialize user
# direct permissions
can :create, SomeRailsObject
# or permissions by group
if spree_user.has_spree_role? "admin"
can :create, SomeRailsAdminObject
end
end
end
Then register your class in your spree initializer: config/initializers/spree.rb
Spree::Ability.register_ability(YourAbilityClass)
Inside of your host application you can then use CanCan like you normally would.
<% if can? :show, SomeRailsObject %>
<% end %>
Adding Permissions to Gems
This methodology can also be used by gems that extend spree and want/need to add permissions.
Ruby 2.5 issues
If you encounter issues when using Ruby 2.5, please run:
bundle update devise
Testing
You need to do a quick one-time creation of a test application and then you can use it to run the tests.
bundle exec rake test_app
Then run the rspec tests.
bundle exec rspec