RubyGems - solidus_core - Versions diffs - 2.11.10 → 2.11.14 - Mend

solidus_core 2.11.10 → 2.11.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/app/models/spree/order.rb +1 -1
data/app/models/spree/payment/cancellation.rb +22 -3
data/app/models/spree/product.rb +0 -1
data/app/models/spree/stock/simple_coordinator.rb +6 -1
data/app/models/spree/variant.rb +1 -1
data/lib/spree/core/engine.rb +8 -0
data/lib/spree/core/validators/email.rb +1 -1
data/lib/spree/core/version.rb +1 -1
data/lib/spree/permitted_attributes.rb +7 -1
data/lib/spree/testing_support/blacklist_urls.rb +1 -1
data/lib/spree/testing_support/dummy_app.rb +1 -0
data/lib/tasks/migrations/migrate_default_billing_addresses_to_address_book.rake +13 -6
data/lib/tasks/solidus/check_orders_with_invalid_email.rake +18 -0
metadata +6 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8eb3e5a4b41af8809472fc7d7875fd2be9101bc2673b2d289bc32e5f6bc0cabc
-  data.tar.gz: 48aac9f88550bbaa4ce69271426877fed50459b23c5fe3109bed565e553fe0b3
+  metadata.gz: 951e0e89e1af8c513b29c60dfbfadcf052e1a7de740535d50153ad6be0115778
+  data.tar.gz: 55c861630141295e78ae954c25954e32a5170fa9764f9f586e6c408b2f67167d
 SHA512:
-  metadata.gz: 7b3adaf152c0e1a8bf34de8bf8577a8a369e51a6acb0215b558f055a1235b1b7499e50778cc040cf08221ee98d79df07d72b9112f61ad3158dd226b5c8af73e1
-  data.tar.gz: dd950b0d62311e85c9e72cea449650b04d9388c2443e1dbb187bc885bf24f128338fb96e0b0b5eb177b9b444c2bb738b8d59d6bfdb298eb774b7391367e15b2d
+  metadata.gz: 6a7d5eb25cc8d7f509f1de83adcc830872ed3694accbb7f79ecb689ff3d4008551c5deb2058dcbc9157132aada24562013643888c3a3ad269672e1d2ac0a3689
+  data.tar.gz: 7a71356dbd7487559b25fa92604a9a7b787752a28e42cb2b373dcf7da15406fdb378ab5b2b7a934f2700546cd71210419334ca4261afb01cde7d6fa229d20d27

data/app/models/spree/order.rb CHANGED Viewed

@@ -584,7 +584,7 @@ module Spree
         raise CannotRebuildShipments.new(I18n.t('spree.cannot_rebuild_shipments_shipments_not_pending'))
       else
         shipments.destroy_all
-        self.shipments = Spree::Config.stock.coordinator_class.new(self).shipments
+        shipments.push(*Spree::Config.stock.coordinator_class.new(self).shipments)
       end
     end

data/app/models/spree/payment/cancellation.rb CHANGED Viewed

@@ -26,10 +26,16 @@ module Spree
       # @param payment [Spree::Payment] - the payment that should be canceled
       #
       def cancel(payment)
-        if response = payment.payment_method.try_void(payment)
-          payment.handle_void_response(response)
+        # For payment methods already implemeting `try_void`
+        if try_void_available?(payment.payment_method)
+          if response = payment.payment_method.try_void(payment)
+            payment.handle_void_response(response)
+          else
+            payment.refunds.create!(amount: payment.credit_allowed, reason: refund_reason, perform_after_create: false).perform!
+          end
         else
-          payment.refunds.create!(amount: payment.credit_allowed, reason: refund_reason, perform_after_create: false).perform!
+          # For payment methods not yet implemeting `try_void`
+          deprecated_behavior(payment)
         end
       end
@@ -38,6 +44,19 @@ module Spree
       def refund_reason
         Spree::RefundReason.where(name: reason).first_or_create
       end
+      def try_void_available?(payment_method)
+        payment_method.respond_to?(:try_void) &&
+          payment_method.method(:try_void).owner != Spree::PaymentMethod
+      end
+      def deprecated_behavior(payment)
+        Spree::Deprecation.warn "#{payment.payment_method.class.name}#cancel is deprecated and will be removed. " \
+          'Please implement a `try_void` method instead that returns a response object if void succeeds ' \
+          'or `false|nil` if not. Solidus will refund the payment then.'
+        response = payment.payment_method.cancel(payment.response_code)
+        payment.handle_void_response(response)
+      end
     end
   end
 end

data/app/models/spree/product.rb CHANGED Viewed

@@ -49,7 +49,6 @@ module Spree
     has_many :variants,
       -> { where(is_master: false).order(:position) },
-      inverse_of: :product,
       class_name: 'Spree::Variant'
     has_many :variants_including_master,

data/app/models/spree/stock/simple_coordinator.rb CHANGED Viewed

@@ -73,11 +73,16 @@ module Spree
         packages = split_packages(packages)
         # Turn the Stock::Packages into a Shipment with rates
-        packages.map do |package|
+        shipments = packages.map do |package|
           shipment = package.shipment = package.to_shipment
           shipment.shipping_rates = Spree::Config.stock.estimator_class.new.shipping_rates(package)
           shipment
         end
+        # Make sure we don't add the proposed shipments to the order
+        order.shipments = order.shipments - shipments
+        shipments
       end
       def split_packages(initial_packages)

data/app/models/spree/variant.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module Spree
     attr_writer :rebuild_vat_prices
     include Spree::DefaultPrice
-    belongs_to :product, -> { with_discarded }, touch: true, class_name: 'Spree::Product', inverse_of: :variants, optional: false
+    belongs_to :product, -> { with_discarded }, touch: true, class_name: 'Spree::Product', inverse_of: :variants_including_master, optional: false
     belongs_to :tax_category, class_name: 'Spree::TaxCategory', optional: true
     delegate :name, :description, :slug, :available_on, :discontinue_on, :discontinued?,

data/lib/spree/core/engine.rb CHANGED Viewed

@@ -103,6 +103,14 @@ module Spree
           end
         end
       end
+      config.after_initialize do
+        if defined?(Spree::Auth::Engine) &&
+            Gem::Version.new(Spree::Auth::VERSION) < Gem::Version.new('2.5.4') &&
+            defined?(Spree::UsersController)
+          Spree::UsersController.protect_from_forgery with: :exception
+        end
+      end
     end
   end
 end

data/lib/spree/core/validators/email.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module Spree
   #     end
   #
   class EmailValidator < ActiveModel::EachValidator
-    EMAIL_REGEXP = /\A([^@\.]|[^@\.]([^@\s]*)[^@\.])@([^@\s]+\.)+[^@\s]+\z/
+    EMAIL_REGEXP = URI::MailTo::EMAIL_REGEXP
     def validate_each(record, attribute, value)
       unless EMAIL_REGEXP.match? value

data/lib/spree/core/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 module Spree
-  VERSION = "2.11.10"
+  VERSION = "2.11.14"
   def self.solidus_version
     VERSION

data/lib/spree/permitted_attributes.rb CHANGED Viewed

@@ -52,7 +52,13 @@ module Spree
       :month, :year, :expiry, :first_name, :last_name, :name
     ]
-    @@customer_return_attributes = [:stock_location_id, return_items_attributes: [:id, :inventory_unit_id, :return_authorization_id, :returned, :amount, :reception_status_event, :acceptance_status, :exchange_variant_id, :resellable]]
+    @@customer_return_attributes = [
+      :stock_location_id, return_items_attributes: [
+        :id, :inventory_unit_id, :return_authorization_id, :returned, :amount,
+        :reception_status_event, :acceptance_status, :exchange_variant_id,
+        :resellable, :return_reason_id
+      ]
+    ]
     @@image_attributes = [:alt, :attachment, :position, :viewable_type, :viewable_id]

data/lib/spree/testing_support/blacklist_urls.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Spree
     module BlacklistUrls
       def setup_url_blacklist(browser)
         if browser.respond_to?(:url_blacklist)
-          browser.url_blacklist = ['http://fonts.googleapis.com']
+          browser.url_blacklist = ['https://fonts.googleapis.com']
         end
       end
     end

data/lib/spree/testing_support/dummy_app.rb CHANGED Viewed

@@ -45,6 +45,7 @@ module DummyApp
   end
   class Application < ::Rails::Application
+    config.has_many_inverse = true
     config.eager_load = false
     config.cache_classes = true
     config.cache_store = :memory_store

data/lib/tasks/migrations/migrate_default_billing_addresses_to_address_book.rake CHANGED Viewed

@@ -3,22 +3,29 @@
 namespace :solidus do
   namespace :migrations do
     namespace :migrate_default_billing_addresses_to_address_book do
-      task up: :environment do
-        print "Migrating default billing addresses to address book ... "
+      task :up, [:batch_size] => [:environment] do |_t, args|
+        batch_size = args[:batch_size] || 100_000
+        print "Migrating default billing addresses to address book in batches of #{batch_size} ... "
         if Spree::UserAddress.where(default_billing: true).any?
-          Spree.user_class.joins(:bill_address).update_all(bill_address_id: nil) # rubocop:disable Rails/SkipsModelValidations
+          Spree.user_class.joins(:bill_address).in_batches(of: batch_size).each do |batch|
+            batch.update_all(bill_address_id: nil) # rubocop:disable Rails/SkipsModelValidations
+          end
         end
         Spree::UserAddress.joins(
           <<~SQL
             JOIN spree_users ON spree_user_addresses.user_id = spree_users.id
                              AND spree_user_addresses.address_id = spree_users.bill_address_id
           SQL
-        ).update_all(default_billing: true)
+        ).in_batches(of: batch_size).each do |batch|
+          batch.update_all(default_billing: true) # rubocop:disable Rails/SkipsModelValidations
+        end
         puts "Success"
       end
-      task down: :environment do
-        Spree::UserAddress.update_all(default_billing: false) # rubocop:disable Rails/SkipsModelValidations
+      task :down, [:batch_size] => [:environment] do |_t, args|
+        batch_size = args[:batch_size] || 100_000
+        Spree::UserAddress.in_batches(of: batch_size).update_all(default_billing: false) # rubocop:disable Rails/SkipsModelValidations
         puts "Rolled back default billing address migration to address book"
       end
     end

data/lib/tasks/solidus/check_orders_with_invalid_email.rake ADDED Viewed

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+namespace :solidus do
+  desc 'Prints orders with invalid email (after fix for GHSA-qxmr-qxh6-2cc9)'
+  task check_orders_with_invalid_email: :environment do
+    matches = Spree::Order.find_each.reduce([]) do |matches, order|
+      order.email.nil? || Spree::EmailValidator::EMAIL_REGEXP.match?(order.email) ? matches : matches + [order]
+    end
+    if matches.any?
+      puts 'Email / ID / Number'
+      puts(matches.map do |order|
+        "#{order.email} / #{order.id} / #{order.number}"
+      end.join("\n"))
+    else
+      puts 'NO MATCHES'
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_core
 version: !ruby/object:Gem::Version
-  version: 2.11.10
+  version: 2.11.14
 platform: ruby
 authors:
 - Solidus Team
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-10 00:00:00.000000000 Z
+date: 2021-12-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -942,6 +942,7 @@ files:
 - lib/tasks/migrations/migrate_user_addresses.rake
 - lib/tasks/migrations/rename_gateways.rake
 - lib/tasks/order_capturing.rake
+- lib/tasks/solidus/check_orders_with_invalid_email.rake
 - lib/tasks/upgrade.rake
 - solidus_core.gemspec
 - vendor/assets/javascripts/jquery.payment.js
@@ -985,8 +986,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.8.23
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Essential models, mailers, and classes for the Solidus e-commerce project.
 test_files: []