solidus_core 3.1.0 → 3.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b6d8a64c0ba51b637a6a5eb82952d5920f388413f74d271920c41b6c34b00b5f
-  data.tar.gz: a92bbdc37bd0a9f9a53fe943542ba0f4890af67290faf937de4a57583cdb1ffa
+  metadata.gz: cabe9b97feb5c88754e6be9c0cb22e63977a3972805c725f88861bfa2c3d8beb
+  data.tar.gz: 3c44f84249aa9dba36fa4afba31ae40943cf80b4484d8adf979c946374b25904
 SHA512:
-  metadata.gz: 0dd269d1a10a861a6d76cba306cf3b42b758773d4fe4e3265986e0abfe318e40ba2468d6431ec89d472b72591a23e19684a20afa37bb48f0be71371e79736e0f
-  data.tar.gz: c524310230c534ebc135368fbf5d1b75def4f3b3672f8b4818b85d6e40d2fd04f1bfb03e37d0218f37d5b5bb7167499c2deff8bbd2593a8571f9b1de211d665c
+  metadata.gz: b488346a08197d39759e4781fdfe087daeb362b76a6f4dd4262c730e7eda328c55a427f7a503c2c301e286814b82106dff5339602e927fc38bf7152f40c1be2c
+  data.tar.gz: 2156b59d9f751645dfcb80a5905d990d2e65945ee60733181eda7e3ba49b2a4a4628517c00c4179560e2ec06af73842047fd8aa1b65d8f99bb4f04ada1c871a3

data/lib/spree/core/engine.rb

@@ -67,6 +67,14 @@ module Spree
       config.after_initialize do
         Spree::Config.check_load_defaults_called('Spree::Config')
       end
+
+      config.after_initialize do
+        if defined?(Spree::Auth::Engine) &&
+            Gem::Version.new(Spree::Auth::VERSION) < Gem::Version.new('2.5.4') &&
+            defined?(Spree::UsersController)
+          Spree::UsersController.protect_from_forgery with: :exception
+        end
+      end
     end
   end
 end

data/lib/spree/core/validators/email.rb

@@ -12,7 +12,7 @@ module Spree
   #     end
   #
   class EmailValidator < ActiveModel::EachValidator
-    EMAIL_REGEXP = /\A([^@\.]|[^@\.]([^@\s]*)[^@\.])@([^@\s]+\.)+[^@\s]+\z/
+    EMAIL_REGEXP = URI::MailTo::EMAIL_REGEXP
 
     def validate_each(record, attribute, value)
       unless EMAIL_REGEXP.match? value

data/lib/spree/core/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Spree
-  VERSION = "3.1.0"
+  VERSION = "3.1.4"
 
   def self.solidus_version
     VERSION

data/lib/spree/core.rb

@@ -62,13 +62,24 @@ module Spree
   end
 
   module Core
-    def self.has_install_generator_been_run?
-      (Rails.env.test? && Rails.application.class.name == 'DummyApp::Application') ||
-        Rails.application.paths['config/initializers'].paths.any? do |path|
-          File.exist?(path.join('spree.rb'))
-        end
+    # @api private
+    def self.has_install_generator_been_run?(rails_paths: Rails.application.paths, initializer_name: 'spree.rb', dummy_app_name: 'DummyApp::Application')
+      does_spree_initializer_exist?(rails_paths, initializer_name) ||
+        running_solidus_test_suite_with_dummy_app?(dummy_app_name)
     end
 
+    def self.running_solidus_test_suite_with_dummy_app?(dummy_app_name)
+      Rails.env.test? && Rails.application.class.name == dummy_app_name
+    end
+    private_class_method :running_solidus_test_suite_with_dummy_app?
+
+    def self.does_spree_initializer_exist?(rails_paths, initializer_name)
+      rails_paths['config/initializers'].any? do |path|
+        File.exist?(Pathname.new(path).join(initializer_name))
+      end
+    end
+    private_class_method :does_spree_initializer_exist?
+
     class GatewayError < RuntimeError; end
   end
 end

data/lib/spree/preferences/preferable_class_methods.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'spree/deprecation'
 require 'spree/encryptor'
 
 module Spree::Preferences
@@ -26,8 +27,38 @@ module Spree::Preferences
         options[:default] = preference_encryptor.encrypt(options[:default])
       end
 
-      default = options[:default]
-      default = proc { options[:default] } unless default.is_a?(Proc)
+      default = begin
+                  given = options[:default]
+                  if ancestors.include?(Spree::Preferences::Configuration) &&
+                     given.is_a?(Proc) &&
+                     given.lambda? &&
+                     given.arity.zero?
+                    Spree::Deprecation.warn <<~MSG
+                      The arity of a proc given as the default for a preference
+                      has changed from 0 to 1 on Solidus 3.1. The Solidus
+                      version for the loaded preference defaults is given as the
+                      proc's argument from this point on.
+
+                      If you don't need to return a different default value
+                      depending on the loaded Solidus version, you can change
+                      the proc so that it doesn't have lambda semantics (lambdas
+                      raise when extra arguments are supplied, while raw procs
+                      don't). E.g.:
+
+                      preference :foo, :string, default: proc { true }
+
+                      If you want to branch on the provided Solidus version, you can do like the following:
+
+                      preference :foo, :string, default: by_version(true, "3.2.0" => false)
+
+                    MSG
+                    ->(_default_context) { given.call }
+                  elsif given.is_a?(Proc)
+                    given
+                  else
+                    proc { given }
+                  end
+                end
 
       # The defined preferences on a class are all those defined directly on
       # that class as well as those defined on ancestors.

data/lib/spree/testing_support/blacklist_urls.rb

@@ -5,7 +5,7 @@ module Spree
     module BlacklistUrls
       def setup_url_blacklist(browser)
         if browser.respond_to?(:url_blacklist)
-          browser.url_blacklist = ['http://fonts.googleapis.com']
+          browser.url_blacklist = ['https://fonts.googleapis.com']
         end
       end
     end

data/lib/tasks/solidus/check_orders_with_invalid_email.rake

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+namespace :solidus do
+  desc 'Prints orders with invalid email (after fix for GHSA-qxmr-qxh6-2cc9)'
+  task check_orders_with_invalid_email: :environment do
+    matches = Spree::Order.find_each.reduce([]) do |matches, order|
+      order.email.nil? || Spree::EmailValidator::EMAIL_REGEXP.match?(order.email) ? matches : matches + [order]
+    end
+    if matches.any?
+      puts 'Email / ID / Number'
+      puts(matches.map do |order|
+        "#{order.email} / #{order.id} / #{order.number}"
+      end.join("\n"))
+    else
+      puts 'NO MATCHES'
+    end
+  end
+end

data/solidus_core.gemspec

@@ -55,7 +55,12 @@ $ bin/rails g solidus:install
 If you are updating Solidus from an older version, please run
 the following commands to complete the update:
 
-$ bin/rails solidus:upgrade
+$ bin/rails g solidus:update
+
+Please, don't forget to look at the CHANGELOG to see what has changed and
+whether you need to perform other tasks.
+
+https://github.com/solidusio/solidus/blob/master/CHANGELOG.md
 
 Please report any issues at:
 - https://github.com/solidusio/solidus/issues

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_core
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.1.4
 platform: ruby
 authors:
 - Solidus Team
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-10 00:00:00.000000000 Z
+date: 2021-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionmailer
@@ -907,6 +907,7 @@ files:
 - lib/spree/testing_support/url_helpers.rb
 - lib/spree/user_class_handle.rb
 - lib/spree_core.rb
+- lib/tasks/solidus/check_orders_with_invalid_email.rake
 - lib/tasks/solidus/delete_prices_with_nil_amount.rake
 - solidus_core.gemspec
 - vendor/assets/javascripts/jquery.payment.js
@@ -928,7 +929,12 @@ post_install_message: |
   If you are updating Solidus from an older version, please run
   the following commands to complete the update:
 
-  $ bin/rails solidus:upgrade
+  $ bin/rails g solidus:update
+
+  Please, don't forget to look at the CHANGELOG to see what has changed and
+  whether you need to perform other tasks.
+
+  https://github.com/solidusio/solidus/blob/master/CHANGELOG.md
 
   Please report any issues at:
   - https://github.com/solidusio/solidus/issues
@@ -948,8 +954,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.8.23
 requirements: []
-rubygems_version: 3.2.20
-signing_key:
+rubygems_version: 3.1.2
+signing_key: 
 specification_version: 4
 summary: Essential models, mailers, and classes for the Solidus e-commerce project.
 test_files: []