solidus_api 2.9.5 → 2.9.6

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9ead99f957c13a661698c4f368979a94f1068be778550779d368dd0859698894
4
- data.tar.gz: 63f6e8abe0a910222163a7c3afcb9f9b55ee00b15c9b23205a35b7ca14efe067
3
+ metadata.gz: 9041e899f4cd40c0426851ecab468e5b0e6799979026651d90ed71c68e9a33d2
4
+ data.tar.gz: 6b6195d91d485815fc3e609c661efa408146b7ab49296c8db33987e568916ee4
5
5
  SHA512:
6
- metadata.gz: 3b0b734a3d20c74295e479717df705bd2212e8bbb323a4bbbb7965187c72419f458f8e2763e1a39909c629c4e395015836d80cbf33d8ba9556362a069dee0ffb
7
- data.tar.gz: 6bf3a472fee1cfbcbff63977120e48a75b0b979c53b62702331bcd7bb7bf41be1b064db5dda40c8b9edb6854db7ad6e81f3882dd9c248e4f595b2eaec1d7cd89
6
+ metadata.gz: 72241153b2007035f40f1869e76a276597580d11fe4d8b24bd37529a03520f799edfd9530a18677df79aeaafffa8f929d1f2bae1b9a320871b781b705c21a2f5
7
+ data.tar.gz: dcb64f63cb2edd713a03bb3c971ed9de693d4e1af34bb3cb5746ed73b2294660ddb3805382587f10675f2ec71642ebb79f979373b21b7f03af8157bde6250067
@@ -76,11 +76,24 @@ module Spree
76
76
  end
77
77
 
78
78
  def update_params
79
- if update_params = massaged_params[:order]
80
- update_params.permit(permitted_checkout_attributes)
79
+ state = @order.state
80
+ case state.to_sym
81
+ when :cart, :address
82
+ massaged_params.fetch(:order, {}).permit(
83
+ permitted_checkout_address_attributes
84
+ )
85
+ when :delivery
86
+ massaged_params.require(:order).permit(
87
+ permitted_checkout_delivery_attributes
88
+ )
89
+ when :payment
90
+ massaged_params.require(:order).permit(
91
+ permitted_checkout_payment_attributes
92
+ )
81
93
  else
82
- # We current allow update requests without any parameters in them.
83
- {}
94
+ massaged_params.fetch(:order, {}).permit(
95
+ permitted_checkout_confirm_attributes
96
+ )
84
97
  end
85
98
  end
86
99
 
@@ -131,7 +131,13 @@ module Spree
131
131
  end
132
132
 
133
133
  def normalize_params
134
- params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
134
+ if params[:order][:payments]
135
+ payments_params = params[:order].delete(:payments)
136
+ params[:order][:payments_attributes] = payments_params.map do |payment_params|
137
+ payment_params[:source_attributes] = payment_params.delete(:source) if payment_params[:source].present?
138
+ payment_params
139
+ end
140
+ end
135
141
  params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
136
142
  params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
137
143
  params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address].present?
@@ -172,6 +172,7 @@ module Spree
172
172
  end
173
173
 
174
174
  describe 'setting the payment amount' do
175
+ let(:order) { create(:order_with_line_items, state: :payment) }
175
176
  let(:params) do
176
177
  {
177
178
  order_token: order.guest_token,
@@ -322,17 +323,44 @@ module Spree
322
323
  end
323
324
  end
324
325
 
326
+ it "cannot update attributes of another step" do
327
+ order.update_column(:state, "payment")
328
+
329
+ params = {
330
+ order_token: order.guest_token,
331
+ order: {
332
+ payments_attributes: [
333
+ {
334
+ payment_method_id: @payment_method.id.to_s,
335
+ source_attributes: attributes_for(:credit_card)
336
+ }
337
+ ],
338
+ ship_address_attributes: {
339
+ zipcode: 'MALICIOUS ZIPCODE'
340
+ }
341
+ }
342
+ }
343
+ expect do
344
+ put spree.api_checkout_path(order), params: params
345
+ end.not_to change { order.reload.ship_address.zipcode }
346
+ expect(response.status).to eq(200)
347
+ end
348
+
325
349
  it "returns the order if the order is already complete" do
326
350
  order.update_columns(completed_at: Time.current, state: 'complete')
327
351
  put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token }
328
352
  assert_unauthorized!
329
353
  end
330
354
 
331
- # Regression test for https://github.com/spree/spree/issues/3784
332
- it "can update the special instructions for an order" do
333
- instructions = "Don't drop it. (Please)"
334
- put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { special_instructions: instructions } }
335
- expect(json_response['special_instructions']).to eql(instructions)
355
+ context "in delivery state" do
356
+ let(:order) { create(:order_with_line_items, state: :delivery) }
357
+
358
+ # Regression test for https://github.com/spree/spree/issues/3784
359
+ it "can update the special instructions for an order" do
360
+ instructions = "Don't drop it. (Please)"
361
+ put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { special_instructions: instructions } }
362
+ expect(json_response['special_instructions']).to eql(instructions)
363
+ end
336
364
  end
337
365
 
338
366
  context "as an admin" do
@@ -156,6 +156,7 @@ module Spree
156
156
  end
157
157
 
158
158
  context 'creating payment' do
159
+ let!(:order) { create(:order_with_line_items) }
159
160
  let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
160
161
 
161
162
  context "with allowed payment method" do
@@ -166,6 +167,28 @@ module Spree
166
167
  subject
167
168
  }.to change { Spree::Payment.count }.by(1)
168
169
  end
170
+
171
+ context 'trying to change the address' do
172
+ let(:order_params) do
173
+ super().merge(
174
+ ship_address_attributes: {
175
+ zipcode: '90100'
176
+ }
177
+ )
178
+ end
179
+
180
+ it 'changes the address' do
181
+ expect {
182
+ subject
183
+ }.to change { order.reload.ship_address.zipcode }
184
+ end
185
+
186
+ it 'invalidates the shipments' do
187
+ expect {
188
+ subject
189
+ }.to change { order.reload.shipments }.to([])
190
+ end
191
+ end
169
192
  end
170
193
 
171
194
  context "with disallowed payment method" do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.9.5
4
+ version: 2.9.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-02-04 00:00:00.000000000 Z
11
+ date: 2020-07-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jbuilder
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - '='
60
60
  - !ruby/object:Gem::Version
61
- version: 2.9.5
61
+ version: 2.9.6
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - '='
67
67
  - !ruby/object:Gem::Version
68
- version: 2.9.5
68
+ version: 2.9.6
69
69
  description: REST API for the Solidus e-commerce framework.
70
70
  email: contact@solidus.io
71
71
  executables: []