solidus_frontend_devise_token_auth 2.8.0.alpha.2

data/spec/controllers/spree/orders_controller_ability_spec.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+module Spree
+  describe OrdersController, type: :controller do
+    ORDER_TOKEN = 'ORDER_TOKEN'
+
+    let!(:store) { create(:store) }
+    let(:user) { create(:user) }
+    let(:guest_user) { create(:user) }
+    let(:order) { Spree::Order.create }
+    let(:variant) { create(:variant) }
+
+    it 'should understand order routes with token' do
+      expect(spree.token_order_path('R123456', 'ABCDEF')).to eq('/orders/R123456/token/ABCDEF')
+    end
+
+    context 'when an order exists in the cookies.signed' do
+      let(:token) { 'some_token' }
+
+      before do
+        allow(controller).to receive_messages current_order: order
+        allow(controller).to receive_messages spree_current_user: user
+      end
+
+      context '#populate' do
+        it 'should check if user is authorized for :update' do
+          expect(controller).to receive(:authorize!).with(:update, order, token)
+          post :populate, params: { variant_id: variant.id, token: token }
+        end
+      end
+
+      context '#edit' do
+        it 'should check if user is authorized for :read' do
+          expect(controller).to receive(:authorize!).with(:read, order, token)
+          get :edit, params: { token: token }
+        end
+      end
+
+      context '#update' do
+        it 'should check if user is authorized for :update' do
+          allow(order).to receive :update_attributes
+          expect(controller).to receive(:authorize!).with(:update, order, token)
+          post :update, params: { order: { email: "foo@bar.com" }, token: token }
+        end
+      end
+
+      context '#empty' do
+        it 'should check if user is authorized for :update' do
+          expect(controller).to receive(:authorize!).with(:update, order, token)
+          post :empty, params: { token: token }
+        end
+      end
+
+      context "#show" do
+        let(:specified_order) { create(:order) }
+
+        it "should check against the specified order" do
+          expect(controller).to receive(:authorize!).with(:read, specified_order, token)
+          get :show, params: { id: specified_order.number, token: token }
+        end
+      end
+    end
+
+    context 'when no authenticated user' do
+      let(:order) { create(:order, number: 'R123') }
+
+      context '#show' do
+        context 'when token parameter present' do
+          it 'always ooverride existing token when passing a new one' do
+            cookies.signed[:guest_token] = "soo wrong"
+            get :show, params: { id: 'R123', token: order.guest_token }
+            expect(cookies.signed[:guest_token]).to eq(order.guest_token)
+          end
+
+          it 'should store as guest_token in session' do
+            get :show, params: { id: 'R123', token: order.guest_token }
+            expect(cookies.signed[:guest_token]).to eq(order.guest_token)
+          end
+        end
+
+        context 'when no token present' do
+          it 'should respond with 404' do
+            expect {
+              get :show, params: { id: 'R123' }
+            }.to raise_error(ActiveRecord::RecordNotFound)
+          end
+        end
+      end
+    end
+  end
+end

data/spec/controllers/spree/orders_controller_spec.rb

@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Spree::OrdersController, type: :controller do
+  let!(:store) { create(:store) }
+  let(:user) { create(:user) }
+
+  context "Order model mock" do
+    let(:order) do
+      Spree::Order.create!
+    end
+    let(:variant) { create(:variant) }
+
+    before do
+      allow(controller).to receive_messages(try_spree_current_user: user)
+    end
+
+    context "#populate" do
+      it "should create a new order when none specified" do
+        post :populate, params: { variant_id: variant.id }
+        expect(response).to be_redirect
+        expect(cookies.signed[:guest_token]).not_to be_blank
+
+        order_by_token = Spree::Order.find_by(guest_token: cookies.signed[:guest_token])
+        assigned_order = assigns[:order]
+
+        expect(assigned_order).to eq order_by_token
+        expect(assigned_order).to be_persisted
+      end
+
+      context "with Variant" do
+        it "should handle population" do
+          expect do
+            post :populate, params: { variant_id: variant.id, quantity: 5 }
+          end.to change { user.orders.count }.by(1)
+          order = user.orders.last
+          expect(response).to redirect_to spree.cart_path
+          expect(order.line_items.size).to eq(1)
+          line_item = order.line_items.first
+          expect(line_item.variant_id).to eq(variant.id)
+          expect(line_item.quantity).to eq(5)
+        end
+
+        it "shows an error when population fails" do
+          request.env["HTTP_REFERER"] = spree.root_path
+          allow_any_instance_of(Spree::LineItem).to(
+            receive(:valid?).and_return(false)
+          )
+          allow_any_instance_of(Spree::LineItem).to(
+            receive_message_chain(:errors, :full_messages).
+              and_return(["Order population failed"])
+          )
+
+          post :populate, params: { variant_id: variant.id, quantity: 5 }
+
+          expect(response).to redirect_to(spree.root_path)
+          expect(flash[:error]).to eq("Order population failed")
+        end
+
+        it "shows an error when quantity is invalid" do
+          request.env["HTTP_REFERER"] = spree.root_path
+
+          post(
+            :populate,
+            params: { variant_id: variant.id, quantity: -1 }
+          )
+
+          expect(response).to redirect_to(spree.root_path)
+          expect(flash[:error]).to eq(
+            I18n.t('spree.please_enter_reasonable_quantity')
+          )
+        end
+
+        context "when quantity is empty string" do
+          it "should populate order with 1 of given variant" do
+            expect do
+              post :populate, params: { variant_id: variant.id, quantity: '' }
+            end.to change { Spree::Order.count }.by(1)
+            order = Spree::Order.last
+            expect(response).to redirect_to spree.cart_path
+            expect(order.line_items.size).to eq(1)
+            line_item = order.line_items.first
+            expect(line_item.variant_id).to eq(variant.id)
+            expect(line_item.quantity).to eq(1)
+          end
+        end
+
+        context "when quantity is nil" do
+          it "should populate order with 1 of given variant" do
+            expect do
+              post :populate, params: { variant_id: variant.id, quantity: nil }
+            end.to change { Spree::Order.count }.by(1)
+            order = Spree::Order.last
+            expect(response).to redirect_to spree.cart_path
+            expect(order.line_items.size).to eq(1)
+            line_item = order.line_items.first
+            expect(line_item.variant_id).to eq(variant.id)
+            expect(line_item.quantity).to eq(1)
+          end
+        end
+      end
+    end
+
+    context "#update" do
+      context "with authorization" do
+        before do
+          allow(controller).to receive :authorize!
+          allow(controller).to receive_messages current_order: order
+        end
+
+        it "should render the edit view (on failure)" do
+          # email validation is only after address state
+          order.update_column(:state, "delivery")
+          put :update, params: { order: { email: "" } }
+          expect(response).to render_template :edit
+        end
+
+        it "should redirect to cart path (on success)" do
+          allow(order).to receive(:update_attributes).and_return true
+          put :update
+          expect(response).to redirect_to(spree.cart_path)
+        end
+
+        it "should advance the order if :checkout button is pressed" do
+          allow(order).to receive(:update_attributes).and_return true
+          expect(order).to receive(:next)
+          put :update, params: { checkout: true }
+          expect(response).to redirect_to checkout_state_path('address')
+        end
+
+        context 'trying to apply a coupon code' do
+          let(:order) { create(:order_with_line_items, state: 'cart') }
+          let(:coupon_code) { "coupon_code" }
+
+          context "when coupon code is empty" do
+            let(:coupon_code) { "" }
+
+            it 'does not try to apply coupon code' do
+              expect(Spree::PromotionHandler::Coupon).not_to receive :new
+
+              put :update, params: { state: order.state, order: { coupon_code: coupon_code } }
+
+              expect(response).to redirect_to(spree.cart_path)
+            end
+          end
+
+          context "when coupon code is applied" do
+            let(:promotion_handler) { instance_double('Spree::PromotionHandler::Coupon', error: nil, success: 'Coupon Applied!') }
+
+            it "continues checkout flow normally" do
+              expect(Spree::PromotionHandler::Coupon)
+                .to receive_message_chain(:new, :apply)
+                .and_return(promotion_handler)
+
+              put :update, params: { state: order.state, order: { coupon_code: coupon_code } }
+
+              expect(response).to redirect_to(spree.cart_path)
+              expect(flash.now[:success]).to eq('Coupon Applied!')
+            end
+
+            context "when coupon code is not applied" do
+              let(:promotion_handler) { instance_double('Spree::PromotionHandler::Coupon', error: 'Some error', success: false) }
+
+              it "render cart with coupon error" do
+                expect(Spree::PromotionHandler::Coupon)
+                  .to receive_message_chain(:new, :apply)
+                  .and_return(promotion_handler)
+
+                put :update, params: { state: order.state, order: { coupon_code: coupon_code } }
+
+                expect(response).to render_template :edit
+                expect(flash.now[:error]).to eq('Some error')
+              end
+            end
+          end
+        end
+      end
+    end
+
+    context "#empty" do
+      before do
+        allow(controller).to receive :authorize!
+      end
+
+      it "should destroy line items in the current order" do
+        allow(controller).to receive(:current_order).and_return(order)
+        expect(order).to receive(:empty!)
+        put :empty
+        expect(response).to redirect_to(spree.cart_path)
+      end
+    end
+
+    # Regression test for https://github.com/spree/spree/issues/2750
+    context "#update" do
+      before do
+        allow(user).to receive :last_incomplete_spree_order
+        allow(controller).to receive :set_current_order
+      end
+
+      it "cannot update a blank order" do
+        put :update, params: { order: { email: "foo" } }
+        expect(flash[:error]).to eq(I18n.t('spree.order_not_found'))
+        expect(response).to redirect_to(spree.root_path)
+      end
+    end
+  end
+
+  context "line items quantity is 0" do
+    let(:order) { Spree::Order.create(store: store) }
+    let(:variant) { create(:variant) }
+    let!(:line_item) { order.contents.add(variant, 1) }
+
+    before do
+      allow(controller).to receive :authorize!
+      allow(controller).to receive_messages(current_order: order)
+    end
+
+    it "removes line items on update" do
+      expect(order.line_items.count).to eq 1
+      put :update, params: { order: { line_items_attributes: { "0" => { id: line_item.id, quantity: 0 } } } }
+      expect(order.reload.line_items.count).to eq 0
+    end
+  end
+end

data/spec/controllers/spree/orders_controller_transitions_spec.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+Spree::Order.class_eval do
+  attr_accessor :did_transition
+end
+
+module Spree
+  describe OrdersController, type: :controller do
+    # Regression test for https://github.com/spree/spree/issues/2004
+    context "with a transition callback on first state" do
+      let(:order) { Spree::Order.new }
+
+      before do
+        allow(controller).to receive_messages current_order: order
+        expect(controller).to receive(:authorize!).at_least(:once).and_return(true)
+
+        first_state, = Spree::Order.checkout_steps.first
+        Spree::Order.state_machine.after_transition to: first_state do |order|
+          order.did_transition = true
+        end
+      end
+
+      it "correctly calls the transition callback" do
+        expect(order.did_transition).to be_nil
+        order.line_items << FactoryBot.create(:line_item)
+        put :update, params: { checkout: "checkout" }
+        expect(order.did_transition).to be true
+      end
+    end
+  end
+end

data/spec/controllers/spree/products_controller_spec.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Spree::ProductsController, type: :controller do
+  let!(:product) { create(:product, available_on: 1.year.from_now) }
+
+  # Regression test for https://github.com/spree/spree/issues/1390
+  it "allows admins to view non-active products" do
+    allow(controller).to receive_messages spree_current_user: mock_model(Spree.user_class, has_spree_role?: true, last_incomplete_spree_order: nil)
+    get :show, params: { id: product.to_param }
+    expect(response.status).to eq(200)
+  end
+
+  it "cannot view non-active products" do
+    expect {
+      get :show, params: { id: product.to_param }
+    }.to raise_error(ActiveRecord::RecordNotFound)
+  end
+
+  it "should provide the current user to the searcher class" do
+    user = mock_model(Spree.user_class, last_incomplete_spree_order: nil)
+    allow(controller).to receive_messages spree_current_user: user
+    expect_any_instance_of(Spree::Config.searcher_class).to receive(:current_user=).with(user)
+    get :index
+    expect(response.status).to eq(200)
+  end
+
+  # Regression test for https://github.com/spree/spree/issues/2249
+  it "doesn't error when given an invalid referer" do
+    current_user = mock_model(Spree.user_class, has_spree_role?: true, last_incomplete_spree_order: nil)
+    allow(controller).to receive_messages spree_current_user: current_user
+    request.env['HTTP_REFERER'] = "not|a$url"
+
+    # Previously a URI::InvalidURIError exception was being thrown
+    get :show, params: { id: product.to_param }
+  end
+end

data/spec/controllers/spree/taxons_controller_spec.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Spree::TaxonsController, type: :controller do
+  it "should provide the current user to the searcher class" do
+    taxon = create(:taxon, permalink: "test")
+    user = mock_model(Spree.user_class, last_incomplete_spree_order: nil)
+    allow(controller).to receive_messages spree_current_user: user
+    expect_any_instance_of(Spree::Config.searcher_class).to receive(:current_user=).with(user)
+    get :show, params: { id: taxon.permalink }
+    expect(response.status).to eq(200)
+  end
+end

data/spec/features/address_spec.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe "Address", type: :feature, inaccessible: true do
+  let!(:product) { create(:product, name: "RoR Mug") }
+  let!(:order) { create(:order_with_totals, state: 'cart') }
+
+  stub_authorization!
+
+  before do
+    visit spree.root_path
+
+    click_link "RoR Mug"
+    click_button "add-to-cart-button"
+
+    address = "order_bill_address_attributes"
+    @country_css = "#{address}_country_id"
+    @state_select_css = "##{address}_state_id"
+    @state_name_css = "##{address}_state_name"
+  end
+
+  context "country requires state", js: true, focus: true do
+    let!(:canada) { create(:country, name: "Canada", states_required: true, iso: "CA") }
+    let!(:uk) { create(:country, name: "United Kingdom", states_required: true, iso: "GB") }
+
+    before { Spree::Config[:default_country_iso] = uk.iso }
+
+    context "but has no state" do
+      it "shows the state input field" do
+        click_button "Checkout"
+
+        select canada.name, from: @country_css
+        expect(page).to have_no_css(@state_select_css)
+        expect(page).to have_css("#{@state_name_css}.required")
+      end
+    end
+
+    context "and has state" do
+      before { create(:state, name: "Ontario", country: canada) }
+
+      it "shows the state collection selection" do
+        click_button "Checkout"
+
+        select canada.name, from: @country_css
+        expect(page).to have_no_css(@state_name_css)
+        expect(page).to have_css("#{@state_select_css}.required")
+      end
+    end
+
+    context "user changes to country without states required" do
+      let!(:france) { create(:country, name: "France", states_required: false, iso: "FR") }
+
+      it "clears the state name" do
+        click_button "Checkout"
+        select canada.name, from: @country_css
+        page.find(@state_name_css).set("Toscana")
+
+        select france.name, from: @country_css
+
+        expect(page).to have_no_css(@state_name_css)
+        expect(page).to have_no_css(@state_select_css)
+      end
+    end
+  end
+
+  context "country does not require state", js: true do
+    let!(:france) { create(:country, name: "France", states_required: false, iso: "FR") }
+
+    it "shows a disabled state input field" do
+       click_button "Checkout"
+
+       select france.name, from: @country_css
+       expect(page).to have_no_css(@state_name_css)
+       expect(page).to have_css("#{@state_select_css}[disabled]", visible: false)
+    end
+  end
+end

data/spec/features/automatic_promotion_adjustments_spec.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe "Automatic promotions", type: :feature, js: true do
+  let!(:store) { create(:store) }
+  let!(:country) { create(:country, name: "United States of America", states_required: true) }
+  let!(:state) { create(:state, name: "Alabama", country: country) }
+  let!(:zone) { create(:zone) }
+  let!(:shipping_method) { create(:shipping_method) }
+  let!(:payment_method) { create(:check_payment_method) }
+  let!(:product) { create(:product, name: "RoR Mug", price: 20) }
+
+  let!(:promotion) do
+    promotion = Spree::Promotion.create!(name: "$10 off when you spend more than $100", apply_automatically: true)
+
+    calculator = Spree::Calculator::FlatRate.new
+    calculator.preferred_amount = 10
+
+    rule = Spree::Promotion::Rules::ItemTotal.create
+    rule.preferred_amount = 100
+    rule.save
+
+    promotion.rules << rule
+
+    action = Spree::Promotion::Actions::CreateAdjustment.create
+    action.calculator = calculator
+    action.save
+
+    promotion.actions << action
+  end
+
+  context "on the cart page" do
+    before do
+      visit spree.root_path
+      click_link product.name
+      click_button "add-to-cart-button"
+    end
+
+    it "automatically applies the promotion once the order crosses the threshold" do
+      fill_in "order_line_items_attributes_0_quantity", with: 10
+      click_button "Update"
+      expect(page).to have_content("Promotion ($10 off when you spend more than $100) -$10.00")
+      fill_in "order_line_items_attributes_0_quantity", with: 1
+      click_button "Update"
+      expect(page).not_to have_content("Promotion ($10 off when you spend more than $100) -$10.00")
+    end
+  end
+end

data/spec/features/caching/products_spec.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'products', type: :feature, caching: true do
+  let!(:product) { create(:product) }
+  let!(:product2) { create(:product) }
+  let!(:taxonomy) { create(:taxonomy) }
+  let!(:taxon) { create(:taxon, taxonomy: taxonomy) }
+
+  before do
+    product2.update_column(:updated_at, 1.day.ago)
+    # warm up the cache
+    visit spree.root_path
+
+    clear_cache_events
+  end
+
+  it "reads from cache upon a second viewing" do
+    visit spree.root_path
+    expect(cache_writes.count).to eq(0)
+  end
+
+  it "busts the cache when a product is updated" do
+    product.update_column(:updated_at, 1.day.from_now)
+    visit spree.root_path
+    expect(cache_writes.count).to eq(2)
+  end
+
+  it "busts the cache when all products are soft-deleted" do
+    product.discard
+    product2.discard
+    visit spree.root_path
+    expect(cache_writes.count).to eq(1)
+  end
+
+  it "busts the cache when the newest product is soft-deleted" do
+    product.discard
+    visit spree.root_path
+    expect(cache_writes.count).to eq(1)
+  end
+
+  it "busts the cache when an older product is soft-deleted" do
+    product2.discard
+    visit spree.root_path
+    expect(cache_writes.count).to eq(1)
+  end
+end

data/spec/features/caching/taxons_spec.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'taxons', type: :feature, caching: true do
+  let!(:taxonomy) { create(:taxonomy) }
+  let!(:taxon) { create(:taxon, taxonomy: taxonomy) }
+
+  before do
+    # warm up the cache
+    visit spree.root_path
+
+    clear_cache_events
+  end
+
+  it "busts the cache when max_level_in_taxons_menu conf changes" do
+    Spree::Config[:max_level_in_taxons_menu] = 5
+    visit spree.root_path
+    expect(cache_writes.count).to eq(1)
+  end
+end

data/spec/features/cart_spec.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe "Cart", type: :feature, inaccessible: true do
+  before { create(:store) }
+
+  it "shows cart icon on non-cart pages" do
+    visit spree.root_path
+    expect(page).to have_selector("li#link-to-cart a", visible: true)
+  end
+
+  it "prevents double clicking the remove button on cart", js: true do
+    @product = create(:product, name: "RoR Mug")
+
+    visit spree.root_path
+    click_link "RoR Mug"
+    click_button "add-to-cart-button"
+
+    # prevent form submit to verify button is disabled
+    page.execute_script("$('#update-cart').submit(function(){return false;})")
+
+    expect(page).not_to have_selector('button#update-button[disabled]')
+    page.find(:css, '.delete img').click
+    expect(page).to have_selector('button#update-button[disabled]')
+  end
+
+  # Regression test for https://github.com/spree/spree/issues/2006
+  it "does not error out with a 404 when GET'ing to /orders/populate" do
+    visit '/orders/populate'
+    within(".error") do
+      expect(page).to have_content(I18n.t('spree.populate_get_error'))
+    end
+  end
+
+  it 'allows you to remove an item from the cart', js: true do
+    create(:product, name: "RoR Mug")
+    visit spree.root_path
+    click_link "RoR Mug"
+    click_button "add-to-cart-button"
+    find('.cart-item-delete .delete').click
+    expect(page).not_to have_content("Line items quantity must be an integer")
+    expect(page).not_to have_content("RoR Mug")
+    expect(page).to have_content("Your cart is empty")
+
+    within "#link-to-cart" do
+      expect(page).to have_content("EMPTY")
+    end
+  end
+
+  it 'allows you to empty the cart', js: true do
+    create(:product, name: "RoR Mug")
+    visit spree.root_path
+    click_link "RoR Mug"
+    click_button "add-to-cart-button"
+
+    expect(page).to have_content("RoR Mug")
+    click_on "Empty Cart"
+    expect(page).to have_content("Your cart is empty")
+
+    within "#link-to-cart" do
+      expect(page).to have_content("EMPTY")
+    end
+  end
+
+  # regression for https://github.com/spree/spree/issues/2276
+  context "product contains variants but no option values" do
+    let(:variant) { create(:variant) }
+    let(:product) { variant.product }
+
+    before { variant.option_values.destroy_all }
+
+    it "still adds product to cart", inaccessible: true do
+      visit spree.product_path(product)
+      click_button "add-to-cart-button"
+
+      visit spree.cart_path
+      expect(page).to have_content(product.name)
+    end
+  end
+  it "should have a surrounding element with data-hook='cart_container'" do
+    visit spree.cart_path
+    expect(page).to have_selector("div[data-hook='cart_container']")
+  end
+end