solidus_api 1.0.0.pre

data/spec/controllers/spree/api/base_controller_spec.rb

@@ -0,0 +1,164 @@
+require 'spec_helper'
+
+class FakesController < Spree::Api::BaseController
+end
+
+describe Spree::Api::BaseController, :type => :controller do
+  render_views
+  controller(Spree::Api::BaseController) do
+    def index
+      render :text => { "products" => [] }.to_json
+    end
+  end
+
+  before do
+    @routes = ActionDispatch::Routing::RouteSet.new.tap do |r|
+      r.draw { get 'index', to: 'spree/api/base#index' }
+    end
+  end
+
+  context "when validating based on an order token" do
+    let!(:order) { create :order }
+
+    context "with a correct order token" do
+      it "succeeds" do
+        api_get :index, order_token: order.guest_token, order_id: order.number
+        expect(response.status).to eq(200)
+      end
+
+      it "succeeds with an order_number parameter" do
+        api_get :index, order_token: order.guest_token, order_number: order.number
+        expect(response.status).to eq(200)
+      end
+    end
+
+    context "with an incorrect order token" do
+      it "returns unauthorized" do
+        api_get :index, order_token: "NOT_A_TOKEN", order_id: order.number
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
+  context "cannot make a request to the API" do
+    it "without an API key" do
+      api_get :index
+      expect(json_response).to eq({ "error" => "You must specify an API key." })
+      expect(response.status).to eq(401)
+    end
+
+    it "with an invalid API key" do
+      request.headers["X-Spree-Token"] = "fake_key"
+      get :index, {}
+      expect(json_response).to eq({ "error" => "Invalid API key (fake_key) specified." })
+      expect(response.status).to eq(401)
+    end
+
+    it "using an invalid token param" do
+      get :index, :token => "fake_key"
+      expect(json_response).to eq({ "error" => "Invalid API key (fake_key) specified." })
+    end
+  end
+
+  it 'chatches StandardError' do
+    expect(subject).to receive(:authenticate_user).and_return(true)
+    expect(subject).to receive(:load_user_roles).and_return(true)
+    expect(subject).to receive(:index).and_raise("no joy")
+    get :index, :token => "fake_key"
+    expect(json_response).to eq({ "exception" => "no joy" })
+  end
+
+  it 'raises Exception' do
+    expect(subject).to receive(:authenticate_user).and_return(true)
+    expect(subject).to receive(:load_user_roles).and_return(true)
+    expect(subject).to receive(:index).and_raise(Exception.new("no joy"))
+    expect {
+      get :index, :token => "fake_key"
+    }.to raise_error(Exception, "no joy")
+  end
+
+  it "maps semantic keys to nested_attributes keys" do
+    klass = double(:nested_attributes_options => { :line_items => {},
+                                                  :bill_address => {} })
+    attributes = { 'line_items' => { :id => 1 },
+                   'bill_address' => { :id => 2 },
+                   'name' => 'test order' }
+
+    mapped = subject.map_nested_attributes_keys(klass, attributes)
+    expect(mapped.has_key?('line_items_attributes')).to be true
+    expect(mapped.has_key?('name')).to be true
+  end
+
+  it "lets a subclass override the product associations that are eager-loaded" do
+    expect(controller.respond_to?(:product_includes, true)).to be
+  end
+
+  describe '#error_during_processing' do
+    controller(FakesController) do
+      # GET /foo
+      # Simulates a failed API call.
+      def foo
+        raise StandardError
+      end
+    end
+
+    # What would be placed in config/initializers/spree.rb
+    Spree::Api::BaseController.error_notifier = Proc.new do |e, controller|
+      MockHoneybadger.notify_or_ignore(e, rack_env: controller.request.env)
+    end
+
+    ##
+    # Fake HB alert class
+    class MockHoneybadger
+      # https://github.com/honeybadger-io/honeybadger-ruby/blob/master/lib/honeybadger.rb#L136
+      def self.notify_or_ignore(exception, opts = {})
+      end
+    end
+
+    before do
+      user = double(email: "spree@example.com")
+      allow(user).to receive_message_chain :spree_roles, pluck: []
+      allow(Spree.user_class).to receive_messages find_by: user
+      @routes = ActionDispatch::Routing::RouteSet.new.tap do |r|
+        r.draw { get 'foo' => 'fakes#foo' }
+      end
+    end
+
+    it 'should notify notify_error_during_processing' do
+      expect(MockHoneybadger).to receive(:notify_or_ignore).once.with(kind_of(Exception), rack_env: kind_of(Hash))
+      api_get :foo, token: 123
+      expect(response.status).to eq(422)
+    end
+  end
+
+  context 'lock_order' do
+    let!(:order) { create :order }
+
+    controller(Spree::Api::BaseController) do
+      around_filter :lock_order
+
+      def index
+        render :text => { "products" => [] }.to_json
+      end
+    end
+
+    context 'without an existing lock' do
+      it 'succeeds' do
+        api_get :index, order_token: order.guest_token, order_id: order.number
+        response.status.should == 200
+      end
+    end
+
+    context 'with an existing lock' do
+      around do |example|
+        Spree::OrderMutex.with_lock!(order) { example.run }
+      end
+
+      it 'returns a 409 conflict' do
+        api_get :index, order_token: order.guest_token, order_id: order.number
+        response.status.should == 409
+      end
+    end
+  end
+
+end

data/spec/controllers/spree/api/checkouts_controller_spec.rb

@@ -0,0 +1,386 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::CheckoutsController, type: :controller do
+    render_views
+
+    before(:each) do
+      stub_authentication!
+      Spree::Config[:track_inventory_levels] = false
+      country_zone = create(:zone, name: 'CountryZone')
+      @state = create(:state)
+      @country = @state.country
+      country_zone.members.create(zoneable: @country)
+      create(:stock_location)
+
+      @shipping_method = create(:shipping_method, zones: [country_zone])
+      @payment_method = create(:credit_card_payment_method)
+    end
+
+    after do
+      Spree::Config[:track_inventory_levels] = true
+    end
+
+    context "PUT 'update'" do
+      let(:order) do
+        order = create(:order_with_line_items)
+        # Order should be in a pristine state
+        # Without doing this, the order may transition from 'cart' straight to 'delivery'
+        order.shipments.delete_all
+        order
+      end
+
+      before(:each) do
+        allow_any_instance_of(Order).to receive_messages(confirmation_required?: true)
+        allow_any_instance_of(Order).to receive_messages(payment_required?: true)
+      end
+
+      it "should transition a recently created order from cart to address" do
+        expect(order.state).to eq "cart"
+        expect(order.email).not_to be_nil
+        api_put :update, id: order.to_param, order_token: order.guest_token
+        expect(order.reload.state).to eq "address"
+      end
+
+      it "should transition a recently created order from cart to address with order token in header" do
+        expect(order.state).to eq "cart"
+        expect(order.email).not_to be_nil
+        request.headers["X-Spree-Order-Token"] = order.guest_token
+        api_put :update, :id => order.to_param
+        expect(order.reload.state).to eq "address"
+      end
+
+      it "can take line_items_attributes as a parameter" do
+        line_item = order.line_items.first
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+                         order: { line_items_attributes: { 0 => { id: line_item.id, quantity: 1 } } }
+        expect(response.status).to eq(200)
+        expect(order.reload.state).to eq "address"
+      end
+
+      it "can take line_items as a parameter" do
+        line_item = order.line_items.first
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+                         order: { line_items: { 0 => { id: line_item.id, quantity: 1 } } }
+        expect(response.status).to eq(200)
+        expect(order.reload.state).to eq "address"
+      end
+
+      it "will return an error if the order cannot transition" do
+        skip "not sure if this test is valid"
+        order.bill_address = nil
+        order.save
+        order.update_column(:state, "address")
+        api_put :update, id: order.to_param, order_token: order.guest_token
+        # Order has not transitioned
+        expect(response.status).to eq(422)
+      end
+
+      context "transitioning to delivery" do
+        before do
+          order.update_column(:state, "address")
+        end
+
+        let(:address) do
+          {
+            firstname:  'John',
+            lastname:   'Doe',
+            address1:   '7735 Old Georgetown Road',
+            city:       'Bethesda',
+            phone:      '3014445002',
+            zipcode:    '20814',
+            state_id:   @state.id,
+            country_id: @country.id
+          }
+        end
+
+        it "can update addresses and transition from address to delivery" do
+          api_put :update,
+            id: order.to_param, order_token: order.guest_token,
+            order: {
+              bill_address_attributes: address,
+              ship_address_attributes: address
+            }
+          expect(json_response['state']).to eq('delivery')
+          expect(json_response['bill_address']['firstname']).to eq('John')
+          expect(json_response['ship_address']['firstname']).to eq('John')
+          expect(response.status).to eq(200)
+        end
+
+        # Regression Spec for #5389 & #5880
+        it "can update addresses but not transition to delivery w/o shipping setup" do
+          Spree::ShippingMethod.destroy_all
+          api_put :update,
+            id: order.to_param, order_token: order.guest_token,
+            order: {
+              bill_address_attributes: address,
+              ship_address_attributes: address
+            }
+          expect(json_response['error']).to eq(I18n.t(:could_not_transition, scope: "spree.api.order"))
+          expect(response.status).to eq(422)
+        end
+
+        # Regression test for #4498
+        it "does not contain duplicate variant data in delivery return" do
+          api_put :update,
+            id: order.to_param, order_token: order.guest_token,
+            order: {
+              bill_address_attributes: address,
+              ship_address_attributes: address
+            }
+          # Shipments manifests should not return the ENTIRE variant
+          # This information is already present within the order's line items
+          expect(json_response['shipments'].first['manifest'].first['variant']).to be_nil
+          expect(json_response['shipments'].first['manifest'].first['variant_id']).to_not be_nil
+        end
+      end
+
+      it "can update shipping method and transition from delivery to payment" do
+        order.update_column(:state, "delivery")
+        shipment = create(:shipment, order: order)
+        shipment.refresh_rates
+        shipping_rate = shipment.shipping_rates.where(selected: false).first
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { shipments_attributes: { "0" => { selected_shipping_rate_id: shipping_rate.id, id: shipment.id } } }
+        expect(response.status).to eq(200)
+        # Find the correct shipment...
+        json_shipment = json_response['shipments'].detect { |s| s["id"] == shipment.id }
+        # Find the correct shipping rate for that shipment...
+        json_shipping_rate = json_shipment['shipping_rates'].detect { |sr| sr["id"] == shipping_rate.id }
+        # ... And finally ensure that it's selected
+        expect(json_shipping_rate['selected']).to be true
+        # Order should automatically transfer to payment because all criteria are met
+        expect(json_response['state']).to eq('payment')
+      end
+
+      it "can update payment method and transition from payment to confirm" do
+        order.update_column(:state, "payment")
+        Spree::Gateway::Bogus.any_instance.stub(:source_required?).and_return(false)
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
+        expect(json_response['state']).to eq('confirm')
+        expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
+        expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
+        expect(response.status).to eq(200)
+      end
+
+      it "returns errors when source is required and missing" do
+        order.update_column(:state, "payment")
+        api_put :update, :id => order.to_param, :order_token => order.guest_token,
+          :order => { :payments_attributes => [{ :payment_method_id => @payment_method.id }] }
+        response.status.should == 422
+        source_errors = json_response['errors']['payments.source']
+        source_errors.should include("can't be blank")
+      end
+
+      it "can update payment method with source and transition from payment to confirm" do
+        order.update_column(:state, "payment")
+        source_attributes = {
+          number: "4111111111111111",
+          month: 1.month.from_now.month,
+          year: 1.month.from_now.year,
+          verification_value: "123",
+          name: "Spree Commerce"
+        }
+
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { payments_attributes: [{ payment_method_id: @payment_method.id.to_s }]},
+                      payment_source: { @payment_method.id.to_s => source_attributes }
+        expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
+        expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
+        expect(response.status).to eq(200)
+      end
+
+      it "returns errors when source is missing attributes" do
+        order.update_column(:state, "payment")
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: {
+            payments_attributes: [{ payment_method_id: @payment_method.id }]
+          },
+          payment_source: {
+            @payment_method.id.to_s => { name: "Spree" }
+          }
+
+        expect(response.status).to eq(422)
+        cc_errors = json_response['errors']['payments.Credit Card']
+        expect(cc_errors).to include("Number can't be blank")
+        expect(cc_errors).to include("Month is not a number")
+        expect(cc_errors).to include("Year is not a number")
+        expect(cc_errors).to include("Verification Value can't be blank")
+      end
+
+      it "allow users to reuse a credit card" do
+        order.update_column(:state, "payment")
+        credit_card = create(:credit_card, user_id: order.user_id, payment_method_id: @payment_method.id)
+
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { existing_card: credit_card.id }
+
+        expect(response.status).to eq 200
+        expect(order.credit_cards).to match_array [credit_card]
+      end
+
+      it "can transition from confirm to complete" do
+        order.update_columns(completed_at: Time.now, state: 'complete')
+        allow_any_instance_of(Spree::Order).to receive_messages(payment_required?: false)
+        api_put :update, id: order.to_param, order_token: order.guest_token
+        expect(json_response['state']).to eq('complete')
+        expect(response.status).to eq(200)
+      end
+
+      it "returns the order if the order is already complete" do
+        order.update_columns(completed_at: Time.now, state: 'complete')
+        api_put :update, id: order.to_param, order_token: order.guest_token
+        expect(json_response['number']).to eq(order.number)
+        expect(response.status).to eq(200)
+      end
+
+      # Regression test for #3784
+      it "can update the special instructions for an order" do
+        instructions = "Don't drop it. (Please)"
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { special_instructions: instructions }
+        expect(json_response['special_instructions']).to eql(instructions)
+      end
+
+      context "as an admin" do
+        sign_in_as_admin!
+        it "can assign a user to the order" do
+          user = create(:user)
+          # Need to pass email as well so that validations succeed
+          api_put :update, id: order.to_param, order_token: order.guest_token,
+            order: { user_id: user.id, email: "guest@spreecommerce.com" }
+          expect(response.status).to eq(200)
+          expect(json_response['user_id']).to eq(user.id)
+        end
+      end
+
+      it "can assign an email to the order" do
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { email: "guest@spreecommerce.com" }
+        expect(json_response['email']).to eq("guest@spreecommerce.com")
+        expect(response.status).to eq(200)
+      end
+
+      it "can apply a coupon code to an order" do
+        skip "ensure that the order totals are properly updated, see frontend orders_controller or checkout_controller as example"
+
+        order.update_column(:state, "payment")
+        expect(PromotionHandler::Coupon).to receive(:new).with(order).and_call_original
+        expect_any_instance_of(PromotionHandler::Coupon).to receive(:apply).and_return({ coupon_applied?: true })
+        api_put :update, :id => order.to_param, order_token: order.guest_token, order: { coupon_code: "foobar" }
+      end
+    end
+
+    context "PUT 'next'" do
+      let!(:order) { create(:order_with_line_items) }
+      it "cannot transition to address without a line item" do
+        order.line_items.delete_all
+        order.update_column(:email, "spree@example.com")
+        api_put :next, id: order.to_param, order_token: order.guest_token
+        expect(response.status).to eq(422)
+        expect(json_response["errors"]["base"]).to include(Spree.t(:there_are_no_items_for_this_order))
+      end
+
+      it "can transition an order to the next state" do
+        order.update_column(:email, "spree@example.com")
+
+        api_put :next, id: order.to_param, order_token: order.guest_token
+        expect(response.status).to eq(200)
+        expect(json_response['state']).to eq('address')
+      end
+
+      it "cannot transition if order email is blank" do
+        order.update_columns(
+          state: 'address',
+          email: nil
+        )
+
+        api_put :next, :id => order.to_param, :order_token => order.guest_token
+        expect(response.status).to eq(422)
+        expect(json_response['error']).to match(/could not be transitioned/)
+      end
+    end
+
+    # NOTE: Temporarily making "next" behave just like "complete" when order is in confirm state
+    #       Using "next" this way is deprecated.
+    [:next, :complete].each do |action|
+      context "#{action}" do
+        context "with order in confirm state" do
+          subject do
+            api_put action, params
+          end
+
+          let(:params) { {id: order.to_param, order_token: order.guest_token} }
+          let(:order) { create(:order_with_line_items) }
+
+          before do
+            order.update_column(:state, "confirm")
+
+            if action == :next
+              #ActiveSupport::Deprecation.should_receive(:warn).once
+            end
+          end
+
+          it "can transition from confirm to complete" do
+            Spree::Order.any_instance.stub(:payment_required? => false)
+            subject
+            json_response['state'].should == 'complete'
+            response.status.should == 200
+          end
+
+          it "returns a sensible error when no payment method is specified" do
+            # api_put :complete, :id => order.to_param, :order_token => order.token, :order => {}
+            subject
+            json_response["errors"]["base"].should include(Spree.t(:no_payment_found))
+          end
+
+          context "with mismatched expected_total" do
+            let(:params) { super().merge(expected_total: order.total + 1) }
+
+            it "returns an error if expected_total is present and does not match actual total" do
+              # api_put :complete, :id => order.to_param, :order_token => order.token, :expected_total => order.total + 1
+              subject
+              response.status.should == 400
+              json_response['errors']['expected_total'].should include(Spree.t(:expected_total_mismatch, :scope => 'api.order'))
+            end
+          end
+        end
+      end
+
+      context 'insufficient stock' do
+        let(:order) { create(:order_with_line_items) }
+        before do
+          expect_any_instance_of(Spree::Order).to receive(:next!).and_raise(Spree::Order::InsufficientStock)
+        end
+
+        subject { api_put :next, :id => order.to_param, :order_token => order.guest_token }
+
+        it "should return a 422" do
+          expect(subject.status).to eq(422)
+        end
+
+        it "returns an error message" do
+          subject
+          expect(JSON.parse(response.body)).to eq(
+            {"errors" => ["Quantity is not available for items in your order"], "type" => "insufficient_stock"}
+          )
+        end
+      end
+    end
+
+    context "PUT 'advance'" do
+      let!(:order) { create(:order_with_line_items) }
+
+      it 'continues to advance advances an order while it can move forward' do
+        expect_any_instance_of(Spree::Order).to receive(:next).exactly(3).times.and_return(true, true, false)
+        api_put :advance, id: order.to_param, order_token: order.guest_token
+      end
+
+      it 'returns the order' do
+        api_put :advance, id: order.to_param, order_token: order.guest_token
+        expect(json_response['id']).to eq(order.id)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/classifications_controller_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::ClassificationsController, type: :controller do
+    let(:taxon) do
+      taxon = create(:taxon)
+
+      3.times do
+        product = create(:product)
+        product.taxons << taxon
+      end
+      taxon
+    end
+
+    before do
+      stub_authentication!
+    end
+
+    context "as a user" do
+      it "cannot change the order of a product" do
+        api_put :update, taxon_id: taxon, product_id: taxon.products.first, position: 1
+        expect(response.status).to eq(401)
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      let(:last_product) { taxon.products.last }
+
+      it "can change the order a product" do
+        classification = taxon.classifications.find_by(product_id: last_product.id)
+        expect(classification.position).to eq(3)
+        api_put :update, taxon_id: taxon, product_id: last_product, position: 0
+        expect(response.status).to eq(200)
+        expect(classification.reload.position).to eq(1)
+      end
+
+      it "should touch the taxon" do
+        taxon.update_attributes(updated_at: Time.now - 10.seconds)
+        taxon_last_updated_at = taxon.updated_at
+        api_put :update, taxon_id: taxon, product_id: last_product, position: 0
+        taxon.reload
+        expect(taxon_last_updated_at.to_i).to_not eq(taxon.updated_at.to_i)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/config_controller_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::ConfigController, :type => :controller do
+    render_views
+
+    before do
+      stub_authentication!
+    end
+
+    it "returns Spree::Money settings" do
+      api_get :money
+      expect(response).to be_success
+      expect(json_response["symbol"]).to eq("$")
+    end
+
+    it "returns some configuration settings" do
+      api_get :show
+      expect(response).to be_success
+      expect(json_response["default_country_id"]).to eq(Spree::Config[:default_country_id])
+    end
+  end
+end

data/spec/controllers/spree/api/countries_controller_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+module Spree
+  describe Api::CountriesController, :type => :controller do
+    render_views
+
+    before do
+      stub_authentication!
+      @state = create(:state)
+      @country = @state.country
+    end
+
+    it "gets all countries" do
+      api_get :index
+      expect(json_response['countries'].first['iso3']).to eq @country.iso3
+    end
+
+    context "with two countries" do
+      before { @zambia = create(:country, :name => "Zambia") }
+
+      it "can view all countries" do
+        api_get :index
+        expect(json_response['count']).to eq(2)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(1)
+      end
+
+      it 'can query the results through a paramter' do
+        api_get :index, :q => { :name_cont => 'zam' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['countries'].first['name']).to eq @zambia.name
+      end
+
+      it 'can control the page size through a parameter' do
+        api_get :index, :per_page => 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+    end
+
+    it "includes states" do
+      api_get :show, :id => @country.id
+      states = json_response['states']
+      expect(states.first['name']).to eq @state.name
+    end
+  end
+end