solidus_frontend 2.9.5 → 2.10.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f647b50dc184e8ecd61a6e6cd3766306157e9793135ec3fc76b7073cce2e032
-  data.tar.gz: a48fce4086cafbcb66a34d6a2d2fc3b3e29fe5ba9b8c9321cfb86935a7f34986
+  metadata.gz: e1d1115296b3520f07356e280c02ceab2609125ee67758dcb29c9c6f18efcd4f
+  data.tar.gz: 4f63523b78b45c1068627238f9b1db48c6ab153159486cc179788dc9dc711137
 SHA512:
-  metadata.gz: b8318ce8e4bfe6f7467c40f54411ffc1296ac70aea640beea75a5d21c6f254d0046304b25284b01f36ea2cae7f6d959a711e7ef600125df6e4874316b22b5088
-  data.tar.gz: d17f4516dbfed0880d5385e320d21ba2311eb48c003e77f458ac267dbe2af27e03764b8584e2a3a7cdc2e9eb89552d60ee35774ac388cd07fded637e3c89c3f8
+  metadata.gz: e5da6d12d9fddc6bae0699a7d9a042b8481d6a4f08fde2e6313e9e726b41cc74c067473cda1253fefd5b8ce9d6268ad6be508dbf020a60df54a3d8c926a2a4ba
+  data.tar.gz: 8764e0fae47581fdfc0c34b7f64a6bd4f841cbaeee229d0f5a3b27b2961f0a5197a0d93e3d9c6ddae3bf3421d8170c4ee3a442f02a01f42281a4312854851ffe

data/app/assets/stylesheets/spree/frontend/screen.css.scss

@@ -963,8 +963,8 @@ p[data-hook="use_billing"] {
   }
 
   input[type="text"] {
-    flex: 3 0;
-    width: 100%;
+    flex: 1 auto;
+    width: 50%;
     margin-right: 5px;
   }
 
@@ -1268,7 +1268,7 @@ table.order-summary {
 // # Logo
 #logo {
   padding: 20px 0;
-  
+
   > a {
     display: inline-block;
   }

data/app/controllers/spree/checkout_controller.rb

@@ -17,7 +17,7 @@ module Spree
 
     before_action :associate_user
     before_action :check_authorization
-    before_action :apply_coupon_code
+    before_action :apply_coupon_code, only: [:update]
 
     before_action :setup_for_current_state, only: [:edit, :update]
 
@@ -87,11 +87,23 @@ module Spree
     end
 
     def update_params
-      if update_params = massaged_params[:order]
-        update_params.permit(permitted_checkout_attributes)
+      case params[:state].to_sym
+      when :address
+        massaged_params.require(:order).permit(
+          permitted_checkout_address_attributes
+        )
+      when :delivery
+        massaged_params.require(:order).permit(
+          permitted_checkout_delivery_attributes
+        )
+      when :payment
+        massaged_params.require(:order).permit(
+          permitted_checkout_payment_attributes
+        )
       else
-        # We currently allow update requests without any parameters in them.
-        {}
+        massaged_params.fetch(:order, {}).permit(
+          permitted_checkout_confirm_attributes
+        )
       end
     end
 
@@ -137,6 +149,10 @@ module Spree
       redirect_to(spree.cart_path) && return unless @order
     end
 
+    # Allow the customer to only go back or stay on the current state
+    # when trying to change it via params[:state]. It's not allowed to
+    # jump forward and skip states (unless #skip_state_validation? is
+    # truthy).
     def set_state_if_present
       if params[:state]
         redirect_to checkout_state_path(@order.state) if @order.can_go_to_state?(params[:state]) && !skip_state_validation?

data/app/controllers/spree/orders_controller.rb

@@ -42,6 +42,10 @@ module Spree
       @order = current_order || Spree::Order.incomplete.find_or_initialize_by(guest_token: cookies.signed[:guest_token])
       authorize! :read, @order, cookies.signed[:guest_token]
       associate_user
+      if params[:id] && @order.number != params[:id]
+        flash[:error] = t('spree.cannot_edit_orders')
+        redirect_to cart_path
+      end
     end
 
     # Adds a new item to the order (creating a new order if none already exists)
@@ -59,8 +63,8 @@ module Spree
 
       begin
         @line_item = @order.contents.add(variant, quantity)
-      rescue ActiveRecord::RecordInvalid => e
-        @order.errors.add(:base, e.record.errors.full_messages.join(", "))
+      rescue ActiveRecord::RecordInvalid => error
+        @order.errors.add(:base, error.record.errors.full_messages.join(", "))
       end
 
       respond_with(@order) do |format|

data/lib/generators/solidus/views/override_generator.rb

@@ -24,6 +24,7 @@ module Solidus
       def copy_views
         views_to_copy.each do |file|
           next if File.directory?(file)
+
           dest_file = Pathname.new(file).relative_path_from(source_dir)
           copy_file file, Rails.root.join('app', 'views', 'spree', dest_file)
         end
@@ -33,8 +34,8 @@ module Solidus
 
       def views_to_copy
         if @options['only']
-          VIEWS.select do |v|
-            Pathname.new(v).relative_path_from(source_dir).to_s.include?(@options['only'])
+          VIEWS.select do |view|
+            Pathname.new(view).relative_path_from(source_dir).to_s.include?(@options['only'])
           end
         else
           VIEWS

data/lib/spree/frontend/config.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'spree/frontend_configuration'
+
+module Spree
+  module Frontend
+    Config = Spree::FrontendConfiguration.new
+  end
+end

data/lib/spree/frontend/engine.rb

@@ -1,13 +1,15 @@
 # frozen_string_literal: true
 
+require 'spree/frontend/config'
+
 module Spree
   module Frontend
     class Engine < ::Rails::Engine
       config.middleware.use "Spree::Frontend::Middleware::SeoAssist"
 
-      initializer "spree.frontend.environment", before: :load_config_initializers do |_app|
-        Spree::Frontend::Config = Spree::FrontendConfiguration.new
-      end
+      # Leave initializer empty for backwards-compatability. Other apps
+      # might still rely on this event.
+      initializer "spree.frontend.environment", before: :load_config_initializers do; end
     end
   end
 end

data/lib/spree/frontend/middleware/seo_assist.rb

@@ -38,11 +38,11 @@ module Spree
         end
 
         def build_query(params)
-          params.map { |k, v|
-            if v.class == Array
-              build_query(v.map { |x| ["#{k}[]", x] })
+          params.map { |key, value|
+            if value.class == Array
+              build_query(value.map { |parameter| ["#{key}[]", parameter] })
             else
-              k + "=" + Rack::Utils.escape(v)
+              key + "=" + Rack::Utils.escape(value)
             end
           }.join("&")
         end

data/{app/models → lib}/spree/frontend_configuration.rb

@@ -2,7 +2,7 @@
 
 module Spree
   class FrontendConfiguration < Preferences::Configuration
-    preference :locale, :string, default: Rails.application.config.i18n.default_locale
+    preference :locale, :string, default: I18n.default_locale
 
     # Add your terms and conditions in app/views/spree/checkout/_terms_and_conditions.en.html.erb
     preference :require_terms_and_conditions_acceptance, :boolean, default: false

data/solidus_frontend.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
   s.require_path = 'lib'
   s.requirements << 'none'
 
-  s.required_ruby_version = '>= 2.2.2'
+  s.required_ruby_version = '>= 2.4.0'
   s.required_rubygems_version = '>= 1.8.23'
 
   s.add_dependency 'solidus_api', s.version
@@ -28,6 +28,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'font-awesome-rails', '~> 4.0'
   s.add_dependency 'jquery-rails'
   s.add_dependency 'kaminari', '~> 1.1'
+  s.add_dependency 'responders'
   s.add_dependency 'sassc-rails'
   s.add_dependency 'truncate_html', '~> 0.9', '>= 0.9.2'
 

data/spec/controllers/spree/checkout_controller_spec.rb

@@ -68,7 +68,7 @@ describe Spree::CheckoutController, type: :controller do
     it 'should check if the user is authorized for :edit' do
       expect(controller).to receive(:authorize!).with(:edit, order, token)
       request.cookie_jar.signed[:guest_token] = token
-      post :update, params: { state: 'address' }
+      post :update, params: { state: 'address', order: { bill_address_attributes: address_params } }
     end
 
     context "save successful" do
@@ -91,12 +91,12 @@ describe Spree::CheckoutController, type: :controller do
 
       context "with the order in the cart state", partial_double_verification: false do
         before do
-          order.update_attributes! user: user
+          order.update! user: user
           order.update_column(:state, "cart")
         end
 
         it "should assign order" do
-          post :update, params: { state: "address" }
+          post :update, params: { state: "address", order: { bill_address_attributes: address_params } }
           expect(assigns[:order]).not_to be_nil
         end
 
@@ -140,7 +140,7 @@ describe Spree::CheckoutController, type: :controller do
 
       context "with the order in the address state", partial_double_verification: false do
         before do
-          order.update_attributes! user: user
+          order.update! user: user
           order.update_columns(ship_address_id: create(:address).id, state: "address")
         end
 
@@ -213,7 +213,7 @@ describe Spree::CheckoutController, type: :controller do
         end
 
         before do
-          order.update_attributes! user: user
+          order.update! user: user
           3.times { order.next! } # should put us in the payment state
         end
 
@@ -245,7 +245,7 @@ describe Spree::CheckoutController, type: :controller do
         end
 
         before do
-          order.update_attributes! user: user
+          order.update! user: user
           3.times { order.next! } # should put us in the payment state
         end
 
@@ -271,11 +271,36 @@ describe Spree::CheckoutController, type: :controller do
             expect(order.payments).to be_empty
           end
         end
+
+        context 'trying to change the address' do
+          let(:params) do
+            {
+              state: 'payment',
+              order: {
+                payments_attributes: [
+                  {
+                    payment_method_id: payment_method.id.to_s,
+                    source_attributes: attributes_for(:credit_card)
+                  }
+                ],
+                ship_address_attributes: {
+                  zipcode: 'TEST'
+                }
+              }
+            }
+          end
+
+          it 'does not change the address' do
+            expect do
+              post :update, params: params
+            end.not_to change { order.reload.ship_address.zipcode }
+          end
+        end
       end
 
       context "when in the confirm state" do
         before do
-          order.update_attributes! user: user
+          order.update! user: user
           order.update_column(:state, "confirm")
           # An order requires a payment to reach the complete state
           # This is because payment_required? is true on the order
@@ -305,21 +330,23 @@ describe Spree::CheckoutController, type: :controller do
 
     context "save unsuccessful" do
       before do
-        order.update_attributes! user: user
+        order.update! user: user
         allow(order).to receive_messages valid?: false
       end
 
       it "should not assign order" do
-        post :update, params: { state: "address", email: '' }
+        post :update, params: { state: "address", order: { email: ''}  }
         expect(assigns[:order]).not_to be_nil
       end
 
       it "should not change the order state" do
-        post :update, params: { state: 'address' }
+        expect do
+          post :update, params: { state: 'address', order: { bill_address_attributes: address_params } }
+        end.not_to change { order.reload.state }
       end
 
       it "should render the edit template" do
-        post :update, params: { state: 'address' }
+        post :update, params: { state: 'address', order: { bill_address_attributes: address_params } }
         expect(response).to render_template :edit
       end
     end
@@ -340,9 +367,9 @@ describe Spree::CheckoutController, type: :controller do
 
     context "Spree::Core::GatewayError" do
       before do
-        order.update_attributes! user: user
+        order.update! user: user
         allow(order).to receive(:next).and_raise(Spree::Core::GatewayError.new("Invalid something or other."))
-        post :update, params: { state: "address" }
+        post :update, params: { state: "address", order: { bill_address_attributes: address_params } }
       end
 
       it "should render the edit template and display exception message" do
@@ -373,7 +400,7 @@ describe Spree::CheckoutController, type: :controller do
         end
 
         it "due to the order having errors" do
-          put :update, params: { state: order.state, order: {} }
+          put :update, params: { state: order.state, order: { bill_address_attributes: address_params } }
           expect(flash[:error]).to eq("Base error\nAdjustments error")
           expect(response).to redirect_to(spree.checkout_state_path('address'))
         end
@@ -387,7 +414,7 @@ describe Spree::CheckoutController, type: :controller do
         end
 
         it "due to no available shipping rates for any of the shipments" do
-          put :update, params: { state: "address", order: {} }
+          put :update, params: { state: "address", order: { bill_address_attributes: address_params } }
           expect(flash[:error]).to eq(I18n.t('spree.items_cannot_be_shipped'))
           expect(response).to redirect_to(spree.checkout_state_path('address'))
         end
@@ -437,7 +464,7 @@ describe Spree::CheckoutController, type: :controller do
         end
 
         it "redirects the customer to the cart page with an error message" do
-          put :update, params: { state: order.state, order: {} }
+          put :update, params: { state: order.state, order: { bill_address_attributes: address_params } }
           expect(flash[:error]).to eq(I18n.t('spree.insufficient_stock_for_order'))
           expect(response).to redirect_to(spree.cart_path)
         end
@@ -494,9 +521,11 @@ describe Spree::CheckoutController, type: :controller do
       allow(controller).to receive_messages check_authorization: true
     end
 
-    it "doesn't set shipping address on the order" do
+    # This does not test whether the shipping address is set via params.
+    # It only tests whether it is set in the before action.
+    it "doesn't set a default shipping address on the order" do
       expect(order).to_not receive(:ship_address=)
-      post :update, params: { state: order.state }
+      post :update, params: { state: order.state, order: { bill_address_attributes: address_params } }
     end
 
     it "doesn't remove unshippable items before payment" do
@@ -511,7 +540,7 @@ describe Spree::CheckoutController, type: :controller do
     allow(controller).to receive_messages check_authorization: true
 
     expect {
-      post :update, params: { state: "payment" }
+      post :update, params: { state: "payment", order: { email: "johndoe@example.com"} }
     }.to change { order.line_items.to_a.size }.from(1).to(0)
   end
 

data/spec/controllers/spree/orders_controller_ability_spec.rb

@@ -37,7 +37,7 @@ module Spree
 
       context '#update' do
         it 'should check if user is authorized for :update' do
-          allow(order).to receive :update_attributes
+          allow(order).to receive :update
           expect(controller).to receive(:authorize!).with(:update, order, token)
           post :update, params: { order: { email: "foo@bar.com" }, token: token }
         end

data/spec/controllers/spree/orders_controller_spec.rb

@@ -102,6 +102,31 @@ describe Spree::OrdersController, type: :controller do
       end
     end
 
+    context '#edit' do
+      before do
+        allow(controller).to receive :authorize!
+        allow(controller).to receive_messages current_order: order
+      end
+
+      it 'should render cart' do
+        get :edit, params: { id: order.number }
+
+        expect(flash[:error]).to be_nil
+        expect(response).to be_ok
+      end
+
+      context 'with another order number than the current_order' do
+        let(:other_order) { create(:completed_order_with_totals) }
+
+        it 'should display error message' do
+          get :edit, params: { id: other_order.number }
+
+          expect(flash[:error]).to eq "You may only edit your current shopping cart."
+          expect(response).to redirect_to cart_path
+        end
+      end
+    end
+
     context "#update" do
       context "with authorization" do
         before do
@@ -117,13 +142,13 @@ describe Spree::OrdersController, type: :controller do
         end
 
         it "should redirect to cart path (on success)" do
-          allow(order).to receive(:update_attributes).and_return true
+          allow(order).to receive(:update).and_return true
           put :update
           expect(response).to redirect_to(spree.cart_path)
         end
 
         it "should advance the order if :checkout button is pressed" do
-          allow(order).to receive(:update_attributes).and_return true
+          allow(order).to receive(:update).and_return true
           expect(order).to receive(:next)
           put :update, params: { checkout: true }
           expect(response).to redirect_to checkout_state_path('address')

data/spec/features/checkout_spec.rb

@@ -374,6 +374,14 @@ describe "Checkout", type: :feature, inaccessible: true do
       expect(page).to have_current_path(spree.order_path(Spree::Order.last))
       expect(page).to have_content('Ending in 1111')
     end
+
+    it "allows user to save a billing address associated to the credit card" do
+      choose "use_existing_card_no"
+      fill_in_credit_card
+
+      click_on "Save and Continue"
+      expect(Spree::CreditCard.last.address).to be_present
+    end
   end
 
   # regression for https://github.com/spree/spree/issues/2921
@@ -672,6 +680,57 @@ describe "Checkout", type: :feature, inaccessible: true do
     end
   end
 
+  # Regression test for: https://github.com/solidusio/solidus/issues/2998
+  context 'when two shipping categories are available' do
+    let!(:first_category) { create(:shipping_category) }
+    let!(:second_category) { create(:shipping_category) }
+
+    let!(:first_shipping_method) do
+      create(:shipping_method,
+             shipping_categories: [first_category],
+             stores: [store])
+    end
+
+    let!(:second_shipping_method) do
+      create(:shipping_method,
+             shipping_categories: [second_category],
+             stores: [store])
+    end
+
+    context 'assigned to two different products' do
+      let!(:first_product) do
+        create(:product,
+               name: 'First product',
+               shipping_category: first_category)
+      end
+
+      let!(:second_product) do
+        create(:product,
+               name: 'Second product',
+               shipping_category: second_category)
+      end
+
+      before do
+        stock_location.stock_items.update_all(count_on_hand: 10)
+      end
+
+      it 'transitions successfully to the delivery step', js: true do
+        visit spree.product_path(first_product)
+        click_button 'add-to-cart-button'
+        visit spree.product_path(second_product)
+        click_button 'add-to-cart-button'
+
+        click_button 'Checkout'
+
+        fill_in_address
+        fill_in 'order_email', with: 'test@example.com'
+        click_button 'Save and Continue'
+
+        expect(Spree::Order.last.state).to eq('delivery')
+      end
+    end
+  end
+
   def fill_in_credit_card(number: "4111 1111 1111 1111")
     fill_in "Name on card", with: 'Mary Doe'
     fill_in_with_force "Card Number", with: number

data/spec/features/products_spec.rb

@@ -51,20 +51,20 @@ describe "Visiting Products", type: :feature, inaccessible: true do
     end
 
     it 'displays metas' do
-      jersey.update_attributes metas
+      jersey.update metas
       click_link jersey.name
       expect(page).to have_meta(:description, 'Brand new Ruby on Rails Jersey')
       expect(page).to have_meta(:keywords, 'ror, jersey, ruby')
     end
 
     it 'displays title if set' do
-      jersey.update_attributes metas
+      jersey.update metas
       click_link jersey.name
       expect(page).to have_title('Ruby on Rails Baseball Jersey Buy High Quality Geek Apparel')
     end
 
     it "doesn't use meta_title as heading on page" do
-      jersey.update_attributes metas
+      jersey.update metas
       click_link jersey.name
       within("h1") do
         expect(page).to have_content(jersey.name)
@@ -73,7 +73,7 @@ describe "Visiting Products", type: :feature, inaccessible: true do
     end
 
     it 'uses product name in title when meta_title set to empty string' do
-      jersey.update_attributes meta_title: ''
+      jersey.update meta_title: ''
       click_link jersey.name
       expect(page).to have_title('Ruby on Rails Baseball Jersey - ' + store_name)
     end

data/spec/features/taxons_spec.rb

@@ -30,14 +30,14 @@ describe "viewing products", type: :feature, inaccessible: true do
 
   describe 'meta tags and title' do
     it 'displays metas' do
-      t_shirts.update_attributes metas
+      t_shirts.update metas
       visit '/t/category/super-clothing/t-shirts'
       expect(page).to have_meta(:description, 'Brand new Ruby on Rails TShirts')
       expect(page).to have_meta(:keywords, 'ror, tshirt, ruby')
     end
 
     it 'display title if set' do
-      t_shirts.update_attributes metas
+      t_shirts.update metas
       visit '/t/category/super-clothing/t-shirts'
       expect(page).to have_title("Ruby On Rails TShirt")
     end
@@ -49,7 +49,7 @@ describe "viewing products", type: :feature, inaccessible: true do
 
     # Regression test for https://github.com/spree/spree/issues/2814
     it "doesn't use meta_title as heading on page" do
-      t_shirts.update_attributes metas
+      t_shirts.update metas
       visit '/t/category/super-clothing/t-shirts'
       within("h1.taxon-title") do
         expect(page).to have_content(t_shirts.name)
@@ -57,7 +57,7 @@ describe "viewing products", type: :feature, inaccessible: true do
     end
 
     it 'uses taxon name in title when meta_title set to empty string' do
-      t_shirts.update_attributes meta_title: ''
+      t_shirts.update meta_title: ''
       visit '/t/category/super-clothing/t-shirts'
       expect(page).to have_title('Category - T-Shirts - ' + store_name)
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: solidus_frontend
 version: !ruby/object:Gem::Version
-  version: 2.9.5
+  version: 2.10.2
 platform: ruby
 authors:
 - Solidus Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-04 00:00:00.000000000 Z
+date: 2020-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: solidus_api
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.5
+        version: 2.10.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.5
+        version: 2.10.2
 - !ruby/object:Gem::Dependency
   name: solidus_core
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.5
+        version: 2.10.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.9.5
+        version: 2.10.2
 - !ruby/object:Gem::Dependency
   name: canonical-rails
   requirement: !ruby/object:Gem::Requirement
@@ -94,6 +94,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: responders
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sassc-rails
   requirement: !ruby/object:Gem::Requirement
@@ -204,7 +218,6 @@ files:
 - app/controllers/spree/taxons_controller.rb
 - app/helpers/spree/orders_helper.rb
 - app/helpers/spree/taxon_filters_helper.rb
-- app/models/spree/frontend_configuration.rb
 - app/views/spree/address/_form.html.erb
 - app/views/spree/address/_form_hidden.html.erb
 - app/views/spree/checkout/_address.html.erb
@@ -264,8 +277,10 @@ files:
 - lib/generators/solidus/views/override_generator.rb
 - lib/solidus_frontend.rb
 - lib/spree/frontend.rb
+- lib/spree/frontend/config.rb
 - lib/spree/frontend/engine.rb
 - lib/spree/frontend/middleware/seo_assist.rb
+- lib/spree/frontend_configuration.rb
 - lib/spree_frontend.rb
 - lib/tasks/rake_util.rb
 - lib/tasks/taxon.rake
@@ -324,7 +339,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.2
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="