solidus_core 3.0.1 → 3.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23a2ea44528d022e92a2e20276022fc71a8870a7b51502dcfcd441e31789606a
-  data.tar.gz: ca5d3d936f3e8517aecf63b458e40800fb16f4c0d6f434e90e8e3f8c0d21a030
+  metadata.gz: 275634b986861f1d46f20d5c8dea9408edb6ec94b1ef7166f4628192284ada9f
+  data.tar.gz: 3bf674ac805c53475aba8f1a531df66d4c169bac1714f413384041c54991247b
 SHA512:
-  metadata.gz: f61253c30c143c442ff677c483119cf9831aceadde9179dd7aec8247d32d0bbb776b300387966eeaac36df7fb00ea439ebab025321426f8d465469b6d5dec1c3
-  data.tar.gz: 0b2e62a6323d33962f9019399a62a47944d9f2698ca3b7c6d725a70d66a5fdab47def7960428a9d4586d65b1a7421f26eefe3948c122fc7c1ce47a8f57e8ab07
+  metadata.gz: c90f454bdf14219807e9cef5470c777733af9a225357a31999913f984af23da81ba80b044966b59113499984287c84b55834a9475c34b3f0054c0a2599bac325
+  data.tar.gz: 1b7c8ac8e0cbe4bfb77aa4e51cf4c863387fff1e360424a7ec02006675c6f7bf976a728b39ed8e7ee6fccd0aa56878ac599bb64be660af32a4726f693a3da302

data/app/models/spree/order.rb

@@ -490,7 +490,7 @@ module Spree
         raise CannotRebuildShipments.new(I18n.t('spree.cannot_rebuild_shipments_shipments_not_pending'))
       else
         shipments.destroy_all
-        self.shipments = Spree::Config.stock.coordinator_class.new(self).shipments
+        shipments.push(*Spree::Config.stock.coordinator_class.new(self).shipments)
       end
     end
 

data/app/models/spree/product.rb

@@ -45,7 +45,6 @@ module Spree
 
     has_many :variants,
       -> { where(is_master: false).order(:position) },
-      inverse_of: :product,
       class_name: 'Spree::Variant'
 
     has_many :variants_including_master,

data/app/models/spree/return_item.rb

@@ -254,10 +254,9 @@ module Spree
       }).where.not(id: id).first
 
       if other_return_item && (new_record? || COMPLETED_RECEPTION_STATUSES.include?(reception_status.to_sym))
-        errors.add(:inventory_unit, :other_completed_return_item_exists, {
+        errors.add(:inventory_unit, :other_completed_return_item_exists,
           inventory_unit_id: inventory_unit_id,
-          return_item_id: other_return_item.id
-        })
+          return_item_id: other_return_item.id)
       end
     end
 

data/app/models/spree/stock/simple_coordinator.rb

@@ -73,11 +73,16 @@ module Spree
         packages = split_packages(packages)
 
         # Turn the Stock::Packages into a Shipment with rates
-        packages.map do |package|
+        shipments = packages.map do |package|
           shipment = package.shipment = package.to_shipment
           shipment.shipping_rates = Spree::Config.stock.estimator_class.new.shipping_rates(package)
           shipment
         end
+
+        # Make sure we don't add the proposed shipments to the order
+        order.shipments = order.shipments - shipments
+
+        shipments
       end
 
       def split_packages(initial_packages)

data/app/models/spree/variant.rb

@@ -30,7 +30,7 @@ module Spree
     attr_writer :rebuild_vat_prices
     include Spree::DefaultPrice
 
-    belongs_to :product, -> { with_discarded }, touch: true, class_name: 'Spree::Product', inverse_of: :variants, optional: false
+    belongs_to :product, -> { with_discarded }, touch: true, class_name: 'Spree::Product', inverse_of: :variants_including_master, optional: false
     belongs_to :tax_category, class_name: 'Spree::TaxCategory', optional: true
 
     delegate :name, :description, :slug, :available_on, :discontinue_on, :discontinued?,

data/lib/spree/core/engine.rb

@@ -68,6 +68,14 @@ module Spree
           end
         end
       end
+
+      config.after_initialize do
+        if defined?(Spree::Auth::Engine) &&
+            Gem::Version.new(Spree::Auth::VERSION) < Gem::Version.new('2.5.4') &&
+            defined?(Spree::UsersController)
+          Spree::UsersController.protect_from_forgery with: :exception
+        end
+      end
     end
   end
 end

data/lib/spree/core/validators/email.rb

@@ -12,11 +12,11 @@ module Spree
   #     end
   #
   class EmailValidator < ActiveModel::EachValidator
-    EMAIL_REGEXP = /\A([^@\.]|[^@\.]([^@\s]*)[^@\.])@([^@\s]+\.)+[^@\s]+\z/
+    EMAIL_REGEXP = URI::MailTo::EMAIL_REGEXP
 
     def validate_each(record, attribute, value)
       unless EMAIL_REGEXP.match? value
-        record.errors.add(attribute, :invalid, { value: value }.merge!(options))
+        record.errors.add(attribute, :invalid, **{ value: value }.merge!(options))
       end
     end
   end

data/lib/spree/core/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Spree
-  VERSION = "3.0.1"
+  VERSION = "3.0.5"
 
   def self.solidus_version
     VERSION

data/lib/spree/permitted_attributes.rb

@@ -51,7 +51,13 @@ module Spree
       :month, :year, :expiry, :first_name, :last_name, :name
     ]
 
-    @@customer_return_attributes = [:stock_location_id, return_items_attributes: [:id, :inventory_unit_id, :return_authorization_id, :returned, :amount, :reception_status_event, :acceptance_status, :exchange_variant_id, :resellable]]
+    @@customer_return_attributes = [
+      :stock_location_id, return_items_attributes: [
+        :id, :inventory_unit_id, :return_authorization_id, :returned, :amount,
+        :reception_status_event, :acceptance_status, :exchange_variant_id,
+        :resellable, :return_reason_id
+      ]
+    ]
 
     @@image_attributes = [:alt, :attachment, :position, :viewable_type, :viewable_id]
 

data/lib/spree/testing_support/blacklist_urls.rb

@@ -5,7 +5,7 @@ module Spree
     module BlacklistUrls
       def setup_url_blacklist(browser)
         if browser.respond_to?(:url_blacklist)
-          browser.url_blacklist = ['http://fonts.googleapis.com']
+          browser.url_blacklist = ['https://fonts.googleapis.com']
         end
       end
     end

data/lib/spree/testing_support/dummy_app.rb

@@ -46,6 +46,7 @@ module DummyApp
   end
 
   class Application < ::Rails::Application
+    config.has_many_inverse = true
     config.eager_load = false
     config.cache_classes = true
     config.cache_store = :memory_store

data/lib/tasks/solidus/check_orders_with_invalid_email.rake

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+namespace :solidus do
+  desc 'Prints orders with invalid email (after fix for GHSA-qxmr-qxh6-2cc9)'
+  task check_orders_with_invalid_email: :environment do
+    matches = Spree::Order.find_each.reduce([]) do |matches, order|
+      order.email.nil? || Spree::EmailValidator::EMAIL_REGEXP.match?(order.email) ? matches : matches + [order]
+    end
+    if matches.any?
+      puts 'Email / ID / Number'
+      puts(matches.map do |order|
+        "#{order.email} / #{order.id} / #{order.number}"
+      end.join("\n"))
+    else
+      puts 'NO MATCHES'
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_core
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.0.5
 platform: ruby
 authors:
 - Solidus Team
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-10 00:00:00.000000000 Z
+date: 2021-12-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -903,6 +903,7 @@ files:
 - lib/spree/testing_support/url_helpers.rb
 - lib/spree/user_class_handle.rb
 - lib/spree_core.rb
+- lib/tasks/solidus/check_orders_with_invalid_email.rake
 - lib/tasks/upgrade.rake
 - solidus_core.gemspec
 - vendor/assets/javascripts/jquery.payment.js
@@ -944,8 +945,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.8.23
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.1.2
+signing_key: 
 specification_version: 4
 summary: Essential models, mailers, and classes for the Solidus e-commerce project.
 test_files: []