Only use custom routes

Using both devise generated routes and custom ones is confusing.

As an example: when failing authentication, the devise route would
send the user to "new_spree_user_session_path", however we want our
users to be redirected to "/login." This commit deprecates the route
and sends users to "/login."

Author: cpfergus1

config/routes.rb

@@ -10,7 +10,7 @@
         passwords: 'spree/user_passwords',
         confirmations: 'spree/user_confirmations'
       },
-      skip: [:unlocks, :omniauth_callbacks],
+      skip: :all,
       path_names: { sign_out: 'logout' },
       path_prefix: :user,
       router_name: :spree
@@ -19,16 +19,44 @@
     resources :users, only: [:edit, :update]
 
     devise_scope :spree_user do
-      get '/login', to: 'user_sessions#new', as: :login
-      post '/login', to: 'user_sessions#create', as: :create_new_session
-      match '/logout', to: 'user_sessions#destroy', as: :logout, via: Devise.sign_out_via
-      get '/signup', to: 'user_registrations#new', as: :signup
-      post '/signup', to: 'user_registrations#create', as: :registration
-      get '/password/recover', to: 'user_passwords#new', as: :recover_password
-      post '/password/recover', to: 'user_passwords#create', as: :reset_password
-      get '/password/change', to: 'user_passwords#edit', as: :edit_password
-      put '/password/change', to: 'user_passwords#update', as: :update_password
-      get '/confirm', to: 'user_confirmations#show', as: :confirmation if Spree::Auth::Config[:confirmable]
+      # Legacy devise generated paths
+      #
+      # These are deprecated but we still want to support the incoming routes, in order to give existing stores an upgrade path.
+      # Will be removed at the next major release of solidus_auth_devise.
+      get    '/user/spree_user/password/edit' => 'user_passwords#edit', as: :deprecated_edit_spree_user_password, deprecated_route: true
+      get    '/password/change'               => 'user_passwords#edit', as: :edit_spree_user_password, deprecated_route: true
+      get    '/user/spree_user/password/new'  => 'user_passwords#new', as: :deprecated_new_spree_user_password, deprecated_route: true
+      get    '/password/recover'              => 'user_passwords#new', as: :new_spree_user_password, deprecated_route: true
+      match  '/user/spree_user/password'      => 'user_passwords#update', via: [:patch, :put], as: :deprecated_spree_user_password, deprecated_route: true
+      put    '/password/change'               => 'user_passwords#update', as: :spree_user_password, deprecated_route: true
+      post   '/user/spree_user/password'      => 'user_passwords#create', as: nil, deprecated_route: true
+
+      get    '/login'                         => 'user_sessions#new', as: :new_spree_user_session, deprecated_route: true
+      get    '/user/spree_user/sign_in'       => 'user_sessions#new', as: :deprecated_new_spree_user_session, deprecated_route: true
+      match  '/user/spree_user/logout'        => 'user_sessions#destroy', via: Devise.sign_out_via, as: :deprecated_destroy_spree_user_session, deprecated_route: true
+      match  '/logout'                        => 'user_sessions#destroy', via: Devise.sign_out_via, as: :destroy_spree_user_session, deprecated_route: true
+      post   '/user/spree_user/sign_in'       => 'user_sessions#create', as: :deprecated_spree_user_session, deprecated_route: true
+      post   '/login'                         => 'user_sessions#create', as: :spree_user_session, deprecated_route: true
+
+      get    '/user/spree_user/sign_up'       => 'user_registrations#new', as: :deprecated_new_spree_user_registration, deprecated_route: true
+      get    '/signup'                        => 'user_registrations#new', as: :new_spree_user_registration, deprecated_route: true
+      post   '/user/spree_user'               => 'user_registrations#create', as: nil, deprecated_route: true
+      get    '/user/spree_user/cancel'        => 'user_registrations#cancel', as: :cancel_spree_user_registration, deprecated_route: true
+      get    '/user/spree_user/edit'          => 'user_registrations#edit', as: :edit_spree_user_registration, deprecated_route: true
+      delete '/user/spree_user'               => 'user_registrations#destroy', as: nil, deprecated_route: true
+      match  '/user/spree_user'               => 'user_registrations#update', as: :spree_user_registration, via: [:patch, :put], deprecated_route: true
+
+      # Custom devise routes
+      get   '/login', to: 'user_sessions#new', as: :login
+      post  '/login', to: 'user_sessions#create', as: :create_new_session
+      match '/logout', to: 'user_sessions#destroy', via: Devise.sign_out_via, as: :logout
+      get   '/password/recover', to: 'user_passwords#new', as: :recover_password
+      get   '/password/change', to: 'user_passwords#edit', as: :edit_password
+      put   '/password/change', to: 'user_passwords#update', as: :update_password
+      post  '/password/recover', to: 'user_passwords#create', as: :reset_password
+      get   '/signup', to: 'user_registrations#new', as: :signup
+      post  '/signup', to: 'user_registrations#create', as: :registration
+      get   '/confirm', to: 'user_confirmations#show', as: :confirmation if Spree::Auth::Config[:confirmable]
     end
 
     get '/checkout/registration', to: 'checkout#registration', as: :checkout_registration

spec/controllers/spree/user_passwords_controller_spec.rb

@@ -10,7 +10,7 @@
       it 'redirects to the new session path' do
         get :edit
         expect(response).to redirect_to(
-          'http://test.host/user/spree_user/sign_in'
+          'http://test.host/login'
         )
       end
 

spec/features/checkout_spec.rb

@@ -111,7 +111,7 @@
       # Need to do this now because the token stored in the DB is the encrypted version
       # The 'plain-text' version is sent in the email and there's one way to get that!
       reset_password_email = ActionMailer::Base.deliveries.first
-      token_url_regex = /\/user\/spree_user\/password\/edit\?reset_password_token=(.*)$/
+      token_url_regex = %r{/password/change\?reset_password_token=(.*)$}
       token = token_url_regex.match(reset_password_email.body.to_s)[1]
 
       visit spree.edit_spree_user_password_path(reset_password_token: token)

spec/mailers/user_mailer_spec.rb

@@ -31,7 +31,7 @@
 
       context 'body includes' do
         it 'password reset url' do
-          expect(@message.body.raw_source).to include "http://#{store.url}/user/spree_user/password/edit"
+          expect(@message.body.raw_source).to include "http://#{store.url}/password/change"
         end
       end
     end