solidus_api 2.2.2 → 2.3.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9bf090ca7d6dce9405c4514004a088dffe253498
-  data.tar.gz: 59d40cff4dc3259b807d908b0cb3b8f23c74561d
+  metadata.gz: 928c0cebd7463ee3e18cfc1908bf8ca8159bed63
+  data.tar.gz: ce51986e249ddbdbba441aa0f2129fcb5d4d7566
 SHA512:
-  metadata.gz: 1d6706de3c8ca25c4b136b531198faa318011731298ce37826f0ad9ee9c0ed869f579666c73966ae3b69c95fce7e163cddcdea33970ae06ddc89c869db83f02f
-  data.tar.gz: 6caefd25b36f1e933ec25597c565243fafc00c821100e4481a384fd12351783bfff379cd2e067c7c0f6d2f8a02f33247e4be10dd5d4aba9cf09f2894c29d1bb0
+  metadata.gz: cf5bce9111f255c90f026c5b5ea8197782be2376bf13196717f3cc499dc7c9a4ee70181d358391489463329afae41393887f4460ae60bf5bb619a833e49b4656
+  data.tar.gz: a10878a8da640034946b6fc4c20933814022bd542aa6ad8b0973bb20cdf5810d512c9a1d659cd618f049cedf5134fec625cdbee27460c346f81898081e98b86b

data/app/controllers/spree/api/images_controller.rb

@@ -18,13 +18,13 @@ module Spree
       end
 
       def update
-        @image = scope.images.accessible_by(current_ability, :update).find(params[:id])
+        @image = Spree::Image.accessible_by(current_ability, :update).find(params[:id])
         @image.update_attributes(image_params)
         respond_with(@image, default_template: :show)
       end
 
       def destroy
-        @image = scope.images.accessible_by(current_ability, :destroy).find(params[:id])
+        @image = Spree::Image.accessible_by(current_ability, :destroy).find(params[:id])
         @image.destroy
         respond_with(@image, status: 204)
       end

data/app/controllers/spree/api/line_items_controller.rb

@@ -1,10 +1,6 @@
 module Spree
   module Api
     class LineItemsController < Spree::Api::BaseController
-      class_attribute :line_item_options
-
-      self.line_item_options = []
-
       before_action :load_order, only: [:create, :update, :destroy]
       around_action :lock_order, only: [:create, :update, :destroy]
 
@@ -18,7 +14,7 @@ module Spree
           params[:line_item][:quantity] || 1,
           {
             stock_location_quantities: params[:line_item][:stock_location_quantities]
-          }.merge(line_item_params[:options].to_h || {})
+          }.merge({ options: line_item_params[:options].to_h })
         )
 
         if @line_item.errors.empty?
@@ -66,11 +62,7 @@ module Spree
       end
 
       def line_item_params
-        params.require(:line_item).permit(
-          :quantity,
-            :variant_id,
-            options: line_item_options
-        )
+        params.require(:line_item).permit(permitted_line_item_attributes)
       end
     end
   end

data/app/controllers/spree/api/orders_controller.rb

@@ -27,18 +27,8 @@ module Spree
 
       def create
         authorize! :create, Order
-
-        if can?(:admin, Order)
-          @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
-          respond_with(@order, default_template: :show, status: 201)
-        else
-          @order = Spree::Order.create!(user: current_api_user, store: current_store)
-          if OrderUpdateAttributes.new(@order, order_params).apply
-            respond_with(@order, default_template: :show, status: 201)
-          else
-            invalid_resource!(@order)
-          end
-        end
+        @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)
+        respond_with(@order, default_template: :show, status: 201)
       end
 
       def empty

data/app/controllers/spree/api/payments_controller.rb

@@ -16,7 +16,6 @@ module Spree
       end
 
       def create
-        @order.validate_payments_attributes(payment_params)
         @payment = PaymentCreate.new(@order, payment_params).build
         if @payment.save
           respond_with(@payment, status: 201, default_template: :show)

data/app/controllers/spree/api/promotions_controller.rb

@@ -20,7 +20,7 @@ module Spree
       end
 
       def load_promotion
-        @promotion = Spree::Promotion.find_by_id(params[:id]) || Spree::Promotion.with_coupon_code(params[:id])
+        @promotion = Spree::Promotion.find_by(id: params[:id]) || Spree::Promotion.with_coupon_code(params[:id])
       end
     end
   end

data/app/controllers/spree/api/variants_controller.rb

@@ -65,8 +65,9 @@ module Spree
           variants = variants.with_deleted
         end
 
+        in_stock_only = ActiveRecord::Type::Boolean.new.cast(params[:in_stock_only])
         variants = variants.accessible_by(current_ability, :read)
-        variants = variants.in_stock if params[:in_stock_only] || cannot?(:view_out_of_stock, Spree::Variant)
+        variants = variants.in_stock if in_stock_only || cannot?(:view_out_of_stock, Spree::Variant)
         variants
       end
 

data/app/views/spree/api/orders/show.v1.rabl

@@ -2,7 +2,8 @@ object @order
 extends "spree/api/orders/order"
 
 child :available_payment_methods => :payment_methods do
-  attributes :id, :name, :method_type
+  attributes :id, :name, :partial_name
+  attributes :partial_name, as: :method_type
 end
 
 child :billing_address => :bill_address do

data/lib/spree/api/testing_support/setup.rb

@@ -4,7 +4,7 @@ module Spree
       module Setup
         def sign_in_as_admin!
           let!(:current_api_user) do
-            stub_model(Spree::LegacyUser, spree_roles: [Spree::Role.new(name: 'admin')])
+            stub_model(Spree::LegacyUser, spree_roles: [Spree::Role.find_or_initialize_by(name: 'admin')])
           end
         end
       end

data/spec/controllers/spree/api/base_controller_spec.rb

@@ -24,19 +24,19 @@ describe Spree::Api::BaseController, type: :controller do
 
     context "with a correct order token" do
       it "succeeds" do
-        api_get :index, order_token: order.guest_token, order_id: order.number
+        get :index, params: { order_token: order.guest_token, order_id: order.number }
         expect(response.status).to eq(200)
       end
 
       it "succeeds with an order_number parameter" do
-        api_get :index, order_token: order.guest_token, order_number: order.number
+        get :index, params: { order_token: order.guest_token, order_number: order.number }
         expect(response.status).to eq(200)
       end
     end
 
     context "with an incorrect order token" do
       it "returns unauthorized" do
-        api_get :index, order_token: "NOT_A_TOKEN", order_id: order.number
+        get :index, params: { order_token: "NOT_A_TOKEN", order_id: order.number }
         expect(response.status).to eq(401)
       end
     end
@@ -44,7 +44,7 @@ describe Spree::Api::BaseController, type: :controller do
 
   context "cannot make a request to the API" do
     it "without an API key" do
-      api_get :index
+      get :index
       expect(json_response).to eq({ "error" => "You must specify an API key." })
       expect(response.status).to eq(401)
     end
@@ -117,7 +117,7 @@ describe Spree::Api::BaseController, type: :controller do
 
     it 'should notify notify_error_during_processing' do
       expect(MockHoneybadger).to receive(:notify_or_ignore).once.with(kind_of(Exception), rack_env: kind_of(Hash))
-      api_get :foo, token: 123
+      get :foo, params: { token: 123 }
       expect(response.status).to eq(422)
     end
   end
@@ -153,7 +153,7 @@ describe Spree::Api::BaseController, type: :controller do
 
     context 'without an existing lock' do
       it 'succeeds' do
-        api_get :index, order_token: order.guest_token, order_id: order.number
+        get :index, params: { order_token: order.guest_token, order_id: order.number }
         expect(response.status).to eq(200)
       end
     end
@@ -164,7 +164,7 @@ describe Spree::Api::BaseController, type: :controller do
       end
 
       it 'returns a 409 conflict' do
-        api_get :index, order_token: order.guest_token, order_id: order.number
+        get :index, params: { order_token: order.guest_token, order_id: order.number }
         expect(response.status).to eq(409)
       end
     end

data/spec/controllers/spree/api/resource_controller_spec.rb

@@ -50,14 +50,14 @@ module Spree
       let!(:widget) { Widget.create!(name: "a widget") }
 
       it "returns no widgets" do
-        api_get :index, token: user.spree_api_key
+        get :index, params: { token: user.spree_api_key }, as: :json
         expect(response).to be_success
         expect(json_response['widgets']).to be_blank
       end
 
       context "it has authorization to read widgets" do
         it "returns widgets" do
-          api_get :index, token: admin_user.spree_api_key
+          get :index, params: { token: admin_user.spree_api_key }, as: :json
           expect(response).to be_success
           expect(json_response['widgets']).to include(hash_including(
             'name' => 'a widget',
@@ -69,26 +69,26 @@ module Spree
           let!(:widget2) { Widget.create!(name: "a widget") }
 
           it "returns both widgets from comma separated string" do
-            api_get :index, ids: [widget.id, widget2.id].join(','), token: admin_user.spree_api_key
+            get :index, params: { ids: [widget.id, widget2.id].join(','), token: admin_user.spree_api_key }, as: :json
             expect(response).to be_success
             expect(json_response['widgets'].size).to eq 2
           end
 
           it "returns both widgets from multiple arguments" do
-            api_get :index, ids: [widget.id, widget2.id], token: admin_user.spree_api_key
+            get :index, params: { ids: [widget.id, widget2.id], token: admin_user.spree_api_key }, as: :json
             expect(response).to be_success
             expect(json_response['widgets'].size).to eq 2
           end
 
           it "returns one requested widgets" do
-            api_get :index, ids: widget2.id.to_s, token: admin_user.spree_api_key
+            get :index, params: { ids: widget2.id.to_s, token: admin_user.spree_api_key }, as: :json
             expect(response).to be_success
             expect(json_response['widgets'].size).to eq 1
             expect(json_response['widgets'][0]['id']).to eq widget2.id
           end
 
           it "returns no widgets if empty" do
-            api_get :index, ids: '', token: admin_user.spree_api_key
+            get :index, params: { ids: '', token: admin_user.spree_api_key }, as: :json
             expect(response).to be_success
             expect(json_response['widgets']).to be_empty
           end
@@ -100,13 +100,13 @@ module Spree
       let(:widget) { Widget.create!(name: "a widget") }
 
       it "returns not found" do
-        api_get :show, id: widget.to_param, token: user.spree_api_key
+        get :show, params: { id: widget.to_param, token: user.spree_api_key }, as: :json
         assert_not_found!
       end
 
       context "it has authorization read widgets" do
         it "returns widget details" do
-          api_get :show, id: widget.to_param, token: admin_user.spree_api_key
+          get :show, params: { id: widget.to_param, token: admin_user.spree_api_key }, as: :json
           expect(response).to be_success
           expect(json_response['name']).to eq 'a widget'
         end
@@ -115,13 +115,13 @@ module Spree
 
     describe "#new" do
       it "returns unauthorized" do
-        api_get :new, token: user.spree_api_key
+        get :new, params: { token: user.spree_api_key }, as: :json
         expect(response).to be_unauthorized
       end
 
       context "it is allowed to view a new widget" do
         it "can learn how to create a new widget" do
-          api_get :new, token: admin_user.spree_api_key
+          get :new, params: { token: admin_user.spree_api_key }, as: :json
           expect(response).to be_success
           expect(json_response["attributes"]).to eq(['name'])
         end
@@ -131,7 +131,7 @@ module Spree
     describe "#create" do
       it "returns unauthorized" do
         expect {
-          api_post :create, widget: { name: "a widget" }, token: user.spree_api_key
+          post :create, params: { widget: { name: "a widget" }, token: user.spree_api_key }, as: :json
         }.not_to change(Widget, :count)
         expect(response).to be_unauthorized
       end
@@ -139,7 +139,7 @@ module Spree
       context "it is authorized to create widgets" do
         it "can create a widget" do
           expect {
-            api_post :create, widget: { name: "a widget" }, token: admin_user.spree_api_key
+            post :create, params: { widget: { name: "a widget" }, token: admin_user.spree_api_key }, as: :json
           }.to change(Widget, :count).by(1)
           expect(response).to be_created
           expect(json_response['name']).to eq 'a widget'
@@ -151,14 +151,14 @@ module Spree
     describe "#update" do
       let!(:widget) { Widget.create!(name: "a widget") }
       it "returns unauthorized" do
-        api_put :update, id: widget.to_param, widget: { name: "another widget" }, token: user.spree_api_key
+        put :update, params: { id: widget.to_param, widget: { name: "another widget" }, token: user.spree_api_key }, as: :json
         assert_not_found!
         expect(widget.reload.name).to eq 'a widget'
       end
 
       context "it is authorized to update widgets" do
         it "can update a widget" do
-          api_put :update, id: widget.to_param, widget: { name: "another widget" }, token: admin_user.spree_api_key
+          put :update, params: { id: widget.to_param, widget: { name: "another widget" }, token: admin_user.spree_api_key }, as: :json
           expect(response).to be_success
           expect(json_response['name']).to eq 'another widget'
           expect(widget.reload.name).to eq 'another widget'
@@ -169,14 +169,14 @@ module Spree
     describe "#destroy" do
       let!(:widget) { Widget.create!(name: "a widget") }
       it "returns unauthorized" do
-        api_delete :destroy, id: widget.to_param, token: user.spree_api_key
+        delete :destroy, params: { id: widget.to_param, token: user.spree_api_key }, as: :json
         assert_not_found!
         expect { widget.reload }.not_to raise_error
       end
 
       context "it is authorized to destroy widgets" do
         it "can destroy a widget" do
-          api_delete :destroy, id: widget.to_param, token: admin_user.spree_api_key
+          delete :destroy, params: { id: widget.to_param, token: admin_user.spree_api_key }, as: :json
           expect(response.status).to eq 204
           expect { widget.reload }.to raise_error(ActiveRecord::RecordNotFound)
         end

data/spec/requests/api/address_books_spec.rb

@@ -131,7 +131,7 @@ module Spree
           other_user.save_in_address_book(ron_address_attributes, false)
 
           get "/api/users/#{other_user.id}/address_book",
-          headers: { 'X-SPREE-TOKEN' => 'galleon' }
+            headers: { 'X-SPREE-TOKEN' => 'galleon' }
 
           json_response = JSON.parse(response.body)
           expect(response.status).to eq(200)

data/spec/{controllers → requests}/spree/api/addresses_controller_spec.rb

@@ -1,8 +1,7 @@
 require 'spec_helper'
 
 module Spree
-  describe Api::AddressesController, type: :controller do
-    render_views
+  describe Api::AddressesController, type: :request do
 
     before do
       stub_authentication!
@@ -17,20 +16,18 @@ module Spree
 
       context "with their own address" do
         it "gets an address" do
-          api_get :show, id: @address.id, order_id: @order.number
+          get spree.api_order_address_path(@order, @address.id)
           expect(json_response['address1']).to eq @address.address1
         end
 
         it "update replaces the readonly Address associated to the Order" do
-          api_put :update, id: @address.id, order_id: @order.number,
-                           address: { address1: "123 Test Lane" }
+          put spree.api_order_address_path(@order, @address.id), params: { address: { address1: "123 Test Lane" } }
           expect(Order.find(@order.id).bill_address_id).not_to eq @address.id
           expect(json_response['address1']).to eq '123 Test Lane'
         end
 
         it "receives the errors object if address is invalid" do
-          api_put :update, id: @address.id, order_id: @order.number,
-                           address: { address1: "" }
+          put spree.api_order_address_path(@order, @address.id), params: { address: { address1: "" } }
 
           expect(json_response['error']).not_to be_nil
           expect(json_response['errors']).not_to be_nil
@@ -46,12 +43,12 @@ module Spree
       end
 
       it "cannot retrieve address information" do
-        api_get :show, id: @address.id, order_id: @order.number
+        get spree.api_order_address_path(@order, @address.id)
         assert_unauthorized!
       end
 
       it "cannot update address information" do
-        api_get :update, id: @address.id, order_id: @order.number
+        get spree.api_order_address_path(@order, @address.id)
         assert_unauthorized!
       end
     end

data/spec/{controllers → requests}/spree/api/checkouts_controller_spec.rb

@@ -1,8 +1,7 @@
 require 'spec_helper'
 
 module Spree
-  describe Api::CheckoutsController, type: :controller do
-    render_views
+  describe Api::CheckoutsController, type: :request do
 
     before(:each) do
       stub_authentication!
@@ -37,30 +36,27 @@ module Spree
       it "should transition a recently created order from cart to address" do
         expect(order.state).to eq "cart"
         expect(order.email).not_to be_nil
-        api_put :update, id: order.to_param, order_token: order.guest_token
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token }
         expect(order.reload.state).to eq "address"
       end
 
       it "should transition a recently created order from cart to address with order token in header" do
         expect(order.state).to eq "cart"
         expect(order.email).not_to be_nil
-        request.headers["X-Spree-Order-Token"] = order.guest_token
-        api_put :update, id: order.to_param
+        put spree.api_checkout_path(order), headers: { "X-Spree-Order-Token" => order.guest_token }
         expect(order.reload.state).to eq "address"
       end
 
       it "can take line_items_attributes as a parameter" do
         line_item = order.line_items.first
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-                         order: { line_items_attributes: { 0 => { id: line_item.id, quantity: 1 } } }
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { line_items_attributes: { 0 => { id: line_item.id, quantity: 1 } } } }
         expect(response.status).to eq(200)
         expect(order.reload.state).to eq "address"
       end
 
       it "can take line_items as a parameter" do
         line_item = order.line_items.first
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-                         order: { line_items: { 0 => { id: line_item.id, quantity: 1 } } }
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { line_items: { 0 => { id: line_item.id, quantity: 1 } } } }
         expect(response.status).to eq(200)
         expect(order.reload.state).to eq "address"
       end
@@ -70,7 +66,7 @@ module Spree
         order.bill_address = nil
         order.save
         order.update_column(:state, "address")
-        api_put :update, id: order.to_param, order_token: order.guest_token
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token }
         # Order has not transitioned
         expect(response.status).to eq(422)
       end
@@ -94,12 +90,11 @@ module Spree
         end
 
         it "can update addresses and transition from address to delivery" do
-          api_put :update,
-            id: order.to_param, order_token: order.guest_token,
-            order: {
+          put spree.api_checkout_path(order),
+            params: { order_token: order.guest_token, order: {
               bill_address_attributes: address,
               ship_address_attributes: address
-            }
+            } }
           expect(json_response['state']).to eq('delivery')
           expect(json_response['bill_address']['firstname']).to eq('John')
           expect(json_response['ship_address']['firstname']).to eq('John')
@@ -109,24 +104,22 @@ module Spree
         # Regression Spec for https://github.com/spree/spree/issues/5389 and https://github.com/spree/spree/issues/5880
         it "can update addresses but not transition to delivery w/o shipping setup" do
           Spree::ShippingMethod.destroy_all
-          api_put :update,
-            id: order.to_param, order_token: order.guest_token,
-            order: {
+          put spree.api_checkout_path(order),
+            params: { order_token: order.guest_token, order: {
               bill_address_attributes: address,
               ship_address_attributes: address
-            }
+            } }
           expect(json_response['error']).to eq(I18n.t(:could_not_transition, scope: "spree.api.order"))
           expect(response.status).to eq(422)
         end
 
         # Regression test for https://github.com/spree/spree/issues/4498
         it "does not contain duplicate variant data in delivery return" do
-          api_put :update,
-            id: order.to_param, order_token: order.guest_token,
-            order: {
+          put spree.api_checkout_path(order),
+            params: { order_token: order.guest_token, order: {
               bill_address_attributes: address,
               ship_address_attributes: address
-            }
+            } }
           # Shipments manifests should not return the ENTIRE variant
           # This information is already present within the order's line items
           expect(json_response['shipments'].first['manifest'].first['variant']).to be_nil
@@ -139,8 +132,7 @@ module Spree
         shipment = create(:shipment, order: order)
         shipment.refresh_rates
         shipping_rate = shipment.shipping_rates.where(selected: false).first
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-          order: { shipments_attributes: { "0" => { selected_shipping_rate_id: shipping_rate.id, id: shipment.id } } }
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { shipments_attributes: { "0" => { selected_shipping_rate_id: shipping_rate.id, id: shipment.id } } } }
         expect(response.status).to eq(200)
         # Find the correct shipment...
         json_shipment = json_response['shipments'].detect { |s| s["id"] == shipment.id }
@@ -154,32 +146,17 @@ module Spree
 
       it "can update payment method and transition from payment to confirm" do
         order.update_column(:state, "payment")
-        allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-          order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
+        allow_any_instance_of(Spree::PaymentMethod::BogusCreditCard).to receive(:source_required?).and_return(false)
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] } }
         expect(json_response['state']).to eq('confirm')
         expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
         expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
         expect(response.status).to eq(200)
       end
 
-      context "with disallowed payment method" do
-        it "returns not found" do
-          order.update_column(:state, "payment")
-          allow_any_instance_of(Spree::Gateway::Bogus).to receive(:source_required?).and_return(false)
-          @payment_method.update!(available_to_users: false)
-          expect {
-            api_put :update, id: order.to_param, order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
-          }.not_to change { Spree::Payment.count }
-          expect(response.status).to eq(404)
-        end
-      end
-
-
       it "returns errors when source is required and missing" do
         order.update_column(:state, "payment")
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-          order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { payments_attributes: [{ payment_method_id: @payment_method.id }] } }
         expect(response.status).to eq(422)
         source_errors = json_response['errors']['payments.source']
         expect(source_errors).to include("can't be blank")
@@ -188,7 +165,6 @@ module Spree
       describe 'setting the payment amount' do
         let(:params) do
           {
-            id: order.to_param,
             order_token: order.guest_token,
             order: {
               payments_attributes: [
@@ -202,7 +178,7 @@ module Spree
         end
 
         it 'sets the payment amount to the order total' do
-          api_put(:update, params)
+          put spree.api_checkout_path(order), params: params
           expect(response.status).to eq(200)
           expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
         end
@@ -215,7 +191,6 @@ module Spree
 
         let(:params) do
           {
-            id: order.to_param,
             order_token: order.guest_token,
             order: {
               payments_attributes: [
@@ -229,7 +204,7 @@ module Spree
         end
 
         it 'succeeds' do
-          api_put(:update, params)
+          put spree.api_checkout_path(order), params: params
           expect(response.status).to eq(200)
           expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
           expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
@@ -243,7 +218,6 @@ module Spree
 
         let(:params) do
           {
-            id: order.to_param,
             order_token: order.guest_token,
             order: {
               payments_attributes: [
@@ -257,7 +231,7 @@ module Spree
         end
 
         it 'returns errors' do
-          api_put(:update, params)
+          put spree.api_checkout_path(order), params: params
 
           expect(response.status).to eq(422)
           cc_errors = json_response['errors']['payments.Credit Card']
@@ -275,7 +249,6 @@ module Spree
 
         let(:params) do
           {
-            id: order.to_param,
             order_token: order.guest_token,
             order: {
               payments_attributes: [
@@ -306,7 +279,7 @@ module Spree
             receive(:verification_value=).with('456').and_call_original
           )
 
-          api_put(:update, params)
+          put spree.api_checkout_path(order), params: params
 
           expect(response.status).to eq 200
           expect(order.credit_cards).to match_array [credit_card]
@@ -315,7 +288,6 @@ module Spree
         context 'with deprecated existing_card_id param' do
           let(:params) do
             {
-              id: order.to_param,
               order_token: order.guest_token,
               order: {
                 payments_attributes: [
@@ -332,7 +304,7 @@ module Spree
 
           it 'succeeds' do
             Spree::Deprecation.silence do
-              api_put(:update, params)
+              put spree.api_checkout_path(order), params: params
             end
 
             expect(response.status).to eq 200
@@ -343,7 +315,7 @@ module Spree
 
       it "returns the order if the order is already complete" do
         order.update_columns(completed_at: Time.current, state: 'complete')
-        api_put :update, id: order.to_param, order_token: order.guest_token
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token }
         expect(json_response['number']).to eq(order.number)
         expect(response.status).to eq(200)
       end
@@ -351,8 +323,7 @@ module Spree
       # Regression test for https://github.com/spree/spree/issues/3784
       it "can update the special instructions for an order" do
         instructions = "Don't drop it. (Please)"
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-          order: { special_instructions: instructions }
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { special_instructions: instructions } }
         expect(json_response['special_instructions']).to eql(instructions)
       end
 
@@ -361,16 +332,14 @@ module Spree
         it "can assign a user to the order" do
           user = create(:user)
           # Need to pass email as well so that validations succeed
-          api_put :update, id: order.to_param, order_token: order.guest_token,
-            order: { user_id: user.id, email: "guest@spreecommerce.com" }
+          put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { user_id: user.id, email: "guest@spreecommerce.com" } }
           expect(response.status).to eq(200)
           expect(json_response['user_id']).to eq(user.id)
         end
       end
 
       it "can assign an email to the order" do
-        api_put :update, id: order.to_param, order_token: order.guest_token,
-          order: { email: "guest@spreecommerce.com" }
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { email: "guest@spreecommerce.com" } }
         expect(json_response['email']).to eq("guest@spreecommerce.com")
         expect(response.status).to eq(200)
       end
@@ -379,7 +348,7 @@ module Spree
         order.update_column(:state, "payment")
         expect(PromotionHandler::Coupon).to receive(:new).with(order).and_call_original
         expect_any_instance_of(PromotionHandler::Coupon).to receive(:apply).and_return({ coupon_applied?: true })
-        api_put :update, id: order.to_param, order_token: order.guest_token, order: { coupon_code: "foobar" }
+        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { coupon_code: "foobar" } }
       end
     end
 
@@ -388,7 +357,7 @@ module Spree
       it "cannot transition to address without a line item" do
         order.line_items.delete_all
         order.update_column(:email, "spree@example.com")
-        api_put :next, id: order.to_param, order_token: order.guest_token
+        put spree.next_api_checkout_path(order), params: { order_token: order.guest_token }
         expect(response.status).to eq(422)
         expect(json_response["errors"]["base"]).to include(Spree.t(:there_are_no_items_for_this_order))
       end
@@ -396,7 +365,7 @@ module Spree
       it "can transition an order to the next state" do
         order.update_column(:email, "spree@example.com")
 
-        api_put :next, id: order.to_param, order_token: order.guest_token
+        put spree.next_api_checkout_path(order), params: { order_token: order.guest_token }
         expect(response.status).to eq(200)
         expect(json_response['state']).to eq('address')
       end
@@ -407,7 +376,7 @@ module Spree
           email: nil
         )
 
-        api_put :next, id: order.to_param, order_token: order.guest_token
+        put spree.next_api_checkout_path(order), params: { id: order.to_param, order_token: order.guest_token }
         expect(response.status).to eq(422)
         expect(json_response['error']).to match(/could not be transitioned/)
       end
@@ -416,10 +385,10 @@ module Spree
     context "complete" do
       context "with order in confirm state" do
         subject do
-          api_put :complete, params
+          put spree.complete_api_checkout_path(order), params: params
         end
 
-        let(:params) { { id: order.to_param, order_token: order.guest_token } }
+        let(:params) { { order_token: order.guest_token } }
         let(:order) { create(:order_with_line_items) }
 
         before do
@@ -434,7 +403,7 @@ module Spree
         end
 
         it "returns a sensible error when no payment method is specified" do
-          # api_put :complete, id: order.to_param, order_token: order.token, order: {}
+          # put :complete, id: order.to_param, order_token: order.token, order: {}
           subject
           expect(json_response["errors"]["base"]).to include(Spree.t(:no_payment_found))
         end
@@ -443,7 +412,7 @@ module Spree
           let(:params) { super().merge(expected_total: order.total + 1) }
 
           it "returns an error if expected_total is present and does not match actual total" do
-            # api_put :complete, id: order.to_param, order_token: order.token, expected_total: order.total + 1
+            # put :complete, id: order.to_param, order_token: order.token, expected_total: order.total + 1
             subject
             expect(response.status).to eq(400)
             expect(json_response['errors']['expected_total']).to include(Spree.t(:expected_total_mismatch, scope: 'api.order'))
@@ -457,11 +426,11 @@ module Spree
 
       it 'continues to advance an order while it can move forward' do
         expect_any_instance_of(Spree::Order).to receive(:next).exactly(3).times.and_return(true, true, false)
-        api_put :advance, id: order.to_param, order_token: order.guest_token
+        put spree.advance_api_checkout_path(order), params: { order_token: order.guest_token }
       end
 
       it 'returns the order' do
-        api_put :advance, id: order.to_param, order_token: order.guest_token
+        put spree.advance_api_checkout_path(order), params: { order_token: order.guest_token }
         expect(json_response['id']).to eq(order.id)
       end
     end