RubyGems - solidus_api - Versions diffs - 2.9.5 → 2.9.6 - Mend

solidus_api 2.9.5 → 2.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/app/controllers/spree/api/checkouts_controller.rb +17 -4
data/app/controllers/spree/api/orders_controller.rb +7 -1
data/spec/requests/spree/api/checkouts_controller_spec.rb +33 -5
data/spec/requests/spree/api/orders_controller_spec.rb +23 -0
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ead99f957c13a661698c4f368979a94f1068be778550779d368dd0859698894
-  data.tar.gz: 63f6e8abe0a910222163a7c3afcb9f9b55ee00b15c9b23205a35b7ca14efe067
+  metadata.gz: 9041e899f4cd40c0426851ecab468e5b0e6799979026651d90ed71c68e9a33d2
+  data.tar.gz: 6b6195d91d485815fc3e609c661efa408146b7ab49296c8db33987e568916ee4
 SHA512:
-  metadata.gz: 3b0b734a3d20c74295e479717df705bd2212e8bbb323a4bbbb7965187c72419f458f8e2763e1a39909c629c4e395015836d80cbf33d8ba9556362a069dee0ffb
-  data.tar.gz: 6bf3a472fee1cfbcbff63977120e48a75b0b979c53b62702331bcd7bb7bf41be1b064db5dda40c8b9edb6854db7ad6e81f3882dd9c248e4f595b2eaec1d7cd89
+  metadata.gz: 72241153b2007035f40f1869e76a276597580d11fe4d8b24bd37529a03520f799edfd9530a18677df79aeaafffa8f929d1f2bae1b9a320871b781b705c21a2f5
+  data.tar.gz: dcb64f63cb2edd713a03bb3c971ed9de693d4e1af34bb3cb5746ed73b2294660ddb3805382587f10675f2ec71642ebb79f979373b21b7f03af8157bde6250067

data/app/controllers/spree/api/checkouts_controller.rb CHANGED Viewed

@@ -76,11 +76,24 @@ module Spree
       end
       def update_params
-        if update_params = massaged_params[:order]
-          update_params.permit(permitted_checkout_attributes)
+        state = @order.state
+        case state.to_sym
+        when :cart, :address
+          massaged_params.fetch(:order, {}).permit(
+            permitted_checkout_address_attributes
+          )
+        when :delivery
+          massaged_params.require(:order).permit(
+            permitted_checkout_delivery_attributes
+          )
+        when :payment
+          massaged_params.require(:order).permit(
+            permitted_checkout_payment_attributes
+          )
         else
-          # We current allow update requests without any parameters in them.
-          {}
+          massaged_params.fetch(:order, {}).permit(
+            permitted_checkout_confirm_attributes
+          )
         end
       end

data/app/controllers/spree/api/orders_controller.rb CHANGED Viewed

@@ -131,7 +131,13 @@ module Spree
       end
       def normalize_params
-        params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
+        if params[:order][:payments]
+          payments_params = params[:order].delete(:payments)
+          params[:order][:payments_attributes] = payments_params.map do |payment_params|
+            payment_params[:source_attributes] = payment_params.delete(:source) if payment_params[:source].present?
+            payment_params
+          end
+        end
         params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
         params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
         params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address].present?

data/spec/requests/spree/api/checkouts_controller_spec.rb CHANGED Viewed

@@ -172,6 +172,7 @@ module Spree
       end
       describe 'setting the payment amount' do
+        let(:order) { create(:order_with_line_items, state: :payment) }
         let(:params) do
           {
             order_token: order.guest_token,
@@ -322,17 +323,44 @@ module Spree
         end
       end
+      it "cannot update attributes of another step" do
+        order.update_column(:state, "payment")
+        params = {
+          order_token: order.guest_token,
+          order: {
+            payments_attributes: [
+              {
+                payment_method_id: @payment_method.id.to_s,
+                source_attributes: attributes_for(:credit_card)
+              }
+            ],
+            ship_address_attributes: {
+              zipcode: 'MALICIOUS ZIPCODE'
+            }
+          }
+        }
+        expect do
+          put spree.api_checkout_path(order), params: params
+        end.not_to change { order.reload.ship_address.zipcode }
+        expect(response.status).to eq(200)
+      end
       it "returns the order if the order is already complete" do
         order.update_columns(completed_at: Time.current, state: 'complete')
         put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token }
         assert_unauthorized!
       end
-      # Regression test for https://github.com/spree/spree/issues/3784
-      it "can update the special instructions for an order" do
-        instructions = "Don't drop it. (Please)"
-        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { special_instructions: instructions } }
-        expect(json_response['special_instructions']).to eql(instructions)
+      context "in delivery state" do
+        let(:order) { create(:order_with_line_items, state: :delivery) }
+        # Regression test for https://github.com/spree/spree/issues/3784
+        it "can update the special instructions for an order" do
+          instructions = "Don't drop it. (Please)"
+          put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { special_instructions: instructions } }
+          expect(json_response['special_instructions']).to eql(instructions)
+        end
       end
       context "as an admin" do

data/spec/requests/spree/api/orders_controller_spec.rb CHANGED Viewed

@@ -156,6 +156,7 @@ module Spree
         end
         context 'creating payment' do
+          let!(:order) { create(:order_with_line_items) }
           let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
           context "with allowed payment method" do
@@ -166,6 +167,28 @@ module Spree
                 subject
               }.to change { Spree::Payment.count }.by(1)
             end
+            context 'trying to change the address' do
+              let(:order_params) do
+                super().merge(
+                  ship_address_attributes: {
+                    zipcode: '90100'
+                  }
+                )
+              end
+              it 'changes the address' do
+                expect {
+                  subject
+                }.to change { order.reload.ship_address.zipcode }
+              end
+              it 'invalidates the shipments' do
+                expect {
+                  subject
+                }.to change { order.reload.shipments }.to([])
+              end
+            end
           end
           context "with disallowed payment method" do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_api
 version: !ruby/object:Gem::Version
-  version: 2.9.5
+  version: 2.9.6
 platform: ruby
 authors:
 - Solidus Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-04 00:00:00.000000000 Z
+date: 2020-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jbuilder
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.5
+        version: 2.9.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.5
+        version: 2.9.6
 description: REST API for the Solidus e-commerce framework.
 email: contact@solidus.io
 executables: []