RubyGems - spree_api - Versions diffs - 3.2.9 → 3.3.0.rc1 - Mend

spree_api 3.2.9 → 3.3.0.rc1

Files changed (64) hide show

data/spec/controllers/spree/api/v1/checkouts_controller_spec.rb ADDED Viewed

@@ -0,0 +1,361 @@
+require 'spec_helper'
+module Spree
+  describe Api::V1::CheckoutsController, type: :controller do
+    render_views
+    shared_examples_for 'action which loads order using load_order_with_lock' do
+      before do
+        allow(controller).to receive(:load_order).with(true).and_return(true)
+      end
+      it 'should invoke load_order_with_lock' do
+        expect(controller).to receive(:load_order_with_lock).exactly(1).times
+      end
+      it 'should invoke load_order' do
+        expect(controller).to receive(:load_order).with(true).exactly(1).times.and_return(true)
+      end
+      context 'ensure no double_render_error' do
+        before do
+          def controller.load_order(*)
+            respond_with(@order, default_template: 'spree/api/v1/orders/show', status: 200)
+          end
+        end
+        it 'should not generate double_render_error' do
+          expect(response).to be_success
+        end
+      end
+      after do
+        send_request
+      end
+    end
+    before(:each) do
+      stub_authentication!
+      Spree::Config[:track_inventory_levels] = false
+      country_zone = create(:zone, name: 'CountryZone')
+      @state = create(:state)
+      @country = @state.country
+      country_zone.members.create(zoneable: @country)
+      create(:stock_location)
+      @shipping_method = create(:shipping_method, zones: [country_zone])
+      @payment_method = create(:credit_card_payment_method)
+    end
+    after do
+      Spree::Config[:track_inventory_levels] = true
+    end
+    context "PUT 'update'" do
+      let(:order) do
+        order = create(:order_with_line_items)
+        # Order should be in a pristine state
+        # Without doing this, the order may transition from 'cart' straight to 'delivery'
+        order.shipments.delete_all
+        order
+      end
+      before(:each) do
+        allow_any_instance_of(Order).to receive_messages(confirmation_required?: true)
+        allow_any_instance_of(Order).to receive_messages(payment_required?: true)
+      end
+      it "should transition a recently created order from cart to address" do
+        expect(order.state).to eq "cart"
+        expect(order.email).not_to be_nil
+        api_put :update, id: order.to_param, order_token: order.guest_token
+        expect(order.reload.state).to eq "address"
+      end
+      it "should transition a recently created order from cart to address with order token in header" do
+        expect(order.state).to eq "cart"
+        expect(order.email).not_to be_nil
+        request.headers["X-Spree-Order-Token"] = order.guest_token
+        api_put :update, id: order.to_param
+        expect(order.reload.state).to eq "address"
+      end
+      it "can take line_items_attributes as a parameter" do
+        line_item = order.line_items.first
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+                         order: { line_items_attributes: { 0 => { id: line_item.id, quantity: 1 } } }
+        expect(response.status).to eq(200)
+        expect(order.reload.state).to eq "address"
+      end
+      it "can take line_items as a parameter" do
+        line_item = order.line_items.first
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+                         order: { line_items: { 0 => { id: line_item.id, quantity: 1 } } }
+        expect(response.status).to eq(200)
+        expect(order.reload.state).to eq "address"
+      end
+      it "will return an error if the order cannot transition" do
+        skip "not sure if this test is valid"
+        order.bill_address = nil
+        order.save
+        order.update_column(:state, "address")
+        api_put :update, id: order.to_param, order_token: order.guest_token
+        # Order has not transitioned
+        expect(response.status).to eq(422)
+      end
+      context "transitioning to delivery" do
+        before do
+          order.update_column(:state, "address")
+        end
+        let(:address) do
+          {
+            firstname:  'John',
+            lastname:   'Doe',
+            address1:   '7735 Old Georgetown Road',
+            city:       'Bethesda',
+            phone:      '3014445002',
+            zipcode:    '20814',
+            state_id:   @state.id,
+            country_id: @country.id
+          }
+        end
+        it "can update addresses and transition from address to delivery" do
+          api_put :update,
+            id: order.to_param, order_token: order.guest_token,
+            order: {
+              bill_address_attributes: address,
+              ship_address_attributes: address
+            }
+          expect(json_response['state']).to eq('delivery')
+          expect(json_response['bill_address']['firstname']).to eq('John')
+          expect(json_response['ship_address']['firstname']).to eq('John')
+          expect(response.status).to eq(200)
+        end
+        # Regression Spec for #5389 & #5880
+        it "can update addresses but not transition to delivery w/o shipping setup" do
+          Spree::ShippingMethod.destroy_all
+          api_put :update,
+            id: order.to_param, order_token: order.guest_token,
+            order: {
+              bill_address_attributes: address,
+              ship_address_attributes: address
+            }
+          expect(json_response['error']).to eq(I18n.t(:could_not_transition, scope: "spree.api.order"))
+          expect(response.status).to eq(422)
+        end
+        # Regression test for #4498
+        it "does not contain duplicate variant data in delivery return" do
+          api_put :update,
+            id: order.to_param, order_token: order.guest_token,
+            order: {
+              bill_address_attributes: address,
+              ship_address_attributes: address
+            }
+          # Shipments manifests should not return the ENTIRE variant
+          # This information is already present within the order's line items
+          expect(json_response['shipments'].first['manifest'].first['variant']).to be_nil
+          expect(json_response['shipments'].first['manifest'].first['variant_id']).to_not be_nil
+        end
+      end
+      it "can update shipping method and transition from delivery to payment" do
+        order.update_column(:state, "delivery")
+        shipment = create(:shipment, order: order)
+        shipment.refresh_rates
+        shipping_rate = shipment.shipping_rates.where(selected: false).first
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { shipments_attributes: { "0" => { selected_shipping_rate_id: shipping_rate.id, id: shipment.id } } }
+        expect(response.status).to eq(200)
+        # Find the correct shipment...
+        json_shipment = json_response['shipments'].detect { |s| s["id"] == shipment.id }
+        # Find the correct shipping rate for that shipment...
+        json_shipping_rate = json_shipment['shipping_rates'].detect { |sr| sr["id"] == shipping_rate.id }
+        # ... And finally ensure that it's selected
+        expect(json_shipping_rate['selected']).to be true
+        # Order should automatically transfer to payment because all criteria are met
+        expect(json_response['state']).to eq('payment')
+      end
+      it "can update payment method and transition from payment to confirm" do
+        order.update_column(:state, "payment")
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { payments_attributes: [{ payment_method_id: @payment_method.id }] }
+        expect(json_response['state']).to eq('confirm')
+        expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
+        expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
+        expect(response.status).to eq(200)
+      end
+      it "can update payment method with source and transition from payment to confirm" do
+        order.update_column(:state, "payment")
+        source_attributes = {
+          number: "4111111111111111",
+          month: 1.month.from_now.month,
+          year: 1.month.from_now.year,
+          verification_value: "123",
+          name: "Spree Commerce"
+        }
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { payments_attributes: [{ payment_method_id: @payment_method.id.to_s }],
+                      payment_source: { @payment_method.id.to_s => source_attributes } }
+        expect(json_response['payments'][0]['payment_method']['name']).to eq(@payment_method.name)
+        expect(json_response['payments'][0]['amount']).to eq(order.total.to_s)
+        expect(response.status).to eq(200)
+      end
+      it "returns errors when source is missing attributes" do
+        order.update_column(:state, "payment")
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: {
+            payments_attributes: [{ payment_method_id: @payment_method.id }]
+          },
+          payment_source: {
+            @payment_method.id.to_s => { name: "Spree" }
+          }
+        expect(response.status).to eq(422)
+        cc_errors = json_response['errors']['payments.Credit Card']
+        expect(cc_errors).to include("Number can't be blank")
+        expect(cc_errors).to include("Month is not a number")
+        expect(cc_errors).to include("Year is not a number")
+        expect(cc_errors).to include("Verification Value can't be blank")
+      end
+      it "allow users to reuse a credit card" do
+        order.update_column(:state, "payment")
+        credit_card = create(:credit_card, user_id: order.user_id, payment_method_id: @payment_method.id)
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { existing_card: credit_card.id }
+        expect(response.status).to eq 200
+        expect(order.credit_cards).to match_array [credit_card]
+      end
+      it "can transition from confirm to complete" do
+        order.update_columns(state: 'confirm')
+        allow_any_instance_of(Spree::Order).to receive_messages(payment_required?: false)
+        api_put :update, id: order.to_param, order_token: order.guest_token
+        expect(json_response['state']).to eq('complete')
+        expect(response.status).to eq(200)
+      end
+      it "returns the order if the order is already complete" do
+        order.update_columns(completed_at: Time.current, state: 'complete')
+        api_put :update, id: order.to_param, order_token: order.guest_token
+        expect(json_response['number']).to eq(order.number)
+        expect(response.status).to eq(200)
+      end
+      # Regression test for #3784
+      it "can update the special instructions for an order" do
+        instructions = "Don't drop it. (Please)"
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { special_instructions: instructions }
+        expect(json_response['special_instructions']).to eql(instructions)
+      end
+      context "as an admin" do
+        sign_in_as_admin!
+        it "can assign a user to the order" do
+          user = create(:user)
+          # Need to pass email as well so that validations succeed
+          api_put :update, id: order.to_param, order_token: order.guest_token,
+            order: { user_id: user.id, email: "guest@spreecommerce.org" }
+          expect(response.status).to eq(200)
+          expect(json_response['user_id']).to eq(user.id)
+        end
+      end
+      it "can assign an email to the order" do
+        api_put :update, id: order.to_param, order_token: order.guest_token,
+          order: { email: "guest@spreecommerce.org" }
+        expect(json_response['email']).to eq("guest@spreecommerce.org")
+        expect(response.status).to eq(200)
+      end
+      it "can apply a coupon code to an order" do
+        order.update_column(:state, "payment")
+        expect(PromotionHandler::Coupon).to receive(:new).with(order).and_call_original
+        expect_any_instance_of(PromotionHandler::Coupon).to receive(:apply).and_return({ coupon_applied?: true })
+        api_put :update, id: order.to_param, order_token: order.guest_token, order: { coupon_code: "foobar" }
+      end
+      def send_request
+        api_put :update, id: order.to_param, order_token: order.guest_token
+      end
+      it_should_behave_like 'action which loads order using load_order_with_lock'
+    end
+    context "PUT 'next'" do
+      let!(:order) { create(:order_with_line_items) }
+      it "cannot transition to address without a line item" do
+        order.line_items.delete_all
+        order.update_column(:email, "spree@example.com")
+        api_put :next, id: order.to_param, order_token: order.guest_token
+        expect(response.status).to eq(422)
+        expect(json_response["errors"]["base"]).to include(Spree.t(:there_are_no_items_for_this_order))
+      end
+      it "can transition an order to the next state" do
+        order.update_column(:email, "spree@example.com")
+        api_put :next, id: order.to_param, order_token: order.guest_token
+        expect(response.status).to eq(200)
+        expect(json_response['state']).to eq('address')
+      end
+      it "cannot transition if order email is blank" do
+        order.update_columns(
+          state: 'address',
+          email: nil
+        )
+        api_put :next, id: order.to_param, order_token: order.guest_token
+        expect(response.status).to eq(422)
+        expect(json_response['error']).to match(/could not be transitioned/)
+      end
+      it "doesnt advance payment state if order has no payment" do
+        order.update_column(:state, "payment")
+        api_put :next, id: order.to_param, order_token: order.guest_token, order: {}
+        expect(json_response["errors"]["base"]).to include(Spree.t(:no_payment_found))
+      end
+      def send_request
+        api_put :next, id: order.to_param, order_token: order.guest_token
+      end
+      it_should_behave_like 'action which loads order using load_order_with_lock'
+    end
+    context "PUT 'advance'" do
+      let!(:order) { create(:order_with_line_items) }
+      it 'continues to advance advances an order while it can move forward' do
+        expect_any_instance_of(Spree::Order).to receive(:next).exactly(3).times.and_return(true, true, false)
+        api_put :advance, id: order.to_param, order_token: order.guest_token
+      end
+      it 'returns the order' do
+        api_put :advance, id: order.to_param, order_token: order.guest_token
+        expect(json_response['id']).to eq(order.id)
+      end
+      def send_request
+        api_put :advance, id: order.to_param, order_token: order.guest_token
+      end
+      it_should_behave_like 'action which loads order using load_order_with_lock'
+    end
+  end
+end

data/spec/controllers/spree/api/v1/classifications_controller_spec.rb ADDED Viewed

@@ -0,0 +1,48 @@
+require 'spec_helper'
+module Spree
+  describe Api::V1::ClassificationsController, type: :controller do
+    let(:taxon) do
+      taxon = create(:taxon)
+      3.times do
+        product = create(:product)
+        product.taxons << taxon
+      end
+      taxon
+    end
+    before do
+      stub_authentication!
+    end
+    context "as a user" do
+      it "cannot change the order of a product" do
+        api_put :update, taxon_id: taxon, product_id: taxon.products.first, position: 1
+        expect(response.status).to eq(401)
+      end
+    end
+    context "as an admin" do
+      sign_in_as_admin!
+      let(:last_product) { taxon.products.last }
+      it "can change the order a product" do
+        classification = taxon.classifications.find_by(product_id: last_product.id)
+        expect(classification.position).to eq(3)
+        api_put :update, taxon_id: taxon.id, product_id: last_product.id, position: 0
+        expect(response.status).to eq(200)
+        expect(classification.reload.position).to eq(1)
+      end
+      it "should touch the taxon" do
+        taxon.update_attributes(updated_at: Time.current - 10.seconds)
+        taxon_last_updated_at = taxon.updated_at
+        api_put :update, taxon_id: taxon.id, product_id: last_product.id, position: 0
+        taxon.reload
+        expect(taxon_last_updated_at.to_i).to_not eq(taxon.updated_at.to_i)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/countries_controller_spec.rb ADDED Viewed

@@ -0,0 +1,48 @@
+require 'spec_helper'
+module Spree
+  describe Api::V1::CountriesController, type: :controller do
+    render_views
+    before do
+      stub_authentication!
+      @state = create(:state)
+      @country = @state.country
+    end
+    it "gets all countries" do
+      api_get :index
+      expect(json_response['countries'].first['iso3']).to eq @country.iso3
+    end
+    context "with two countries" do
+      before { @zambia = create(:country, name: "Zambia") }
+      it "can view all countries" do
+        api_get :index
+        expect(json_response['count']).to eq(2)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(1)
+      end
+      it 'can query the results through a paramter' do
+        api_get :index, q: { name_cont: 'zam' }
+        expect(json_response['count']).to eq(1)
+        expect(json_response['countries'].first['name']).to eq @zambia.name
+      end
+      it 'can control the page size through a parameter' do
+        api_get :index, per_page: 1
+        expect(json_response['count']).to eq(1)
+        expect(json_response['current_page']).to eq(1)
+        expect(json_response['pages']).to eq(2)
+      end
+    end
+    it "includes states" do
+      api_get :show, id: @country.id
+      states = json_response['states']
+      expect(states.first['name']).to eq @state.name
+    end
+  end
+end

data/spec/controllers/spree/api/v1/credit_cards_controller_spec.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require 'spec_helper'
+module Spree
+  describe Api::V1::CreditCardsController, type: :controller do
+    render_views
+    let!(:admin_user) do
+      user = Spree.user_class.new(email: "spree@example.com", id: 1)
+      user.generate_spree_api_key!
+      allow(user).to receive(:has_spree_role?).with('admin').and_return(true)
+      user
+    end
+    let!(:normal_user) do
+      user = Spree.user_class.new(email: "spree2@example.com", id: 2)
+      user.generate_spree_api_key!
+      user
+    end
+    let!(:card) { create(:credit_card, user_id: admin_user.id, gateway_customer_profile_id: "random") }
+    before do
+      stub_authentication!
+    end
+    it "the user id doesn't exist" do
+      api_get :index, user_id: 1000
+      expect(response.status).to eq(404)
+    end
+    context "calling user is in admin role" do
+      let(:current_api_user) do
+        user = admin_user
+        user
+      end
+      it "no credit cards exist for user" do
+        api_get :index, user_id: normal_user.id
+        expect(response.status).to eq(200)
+        expect(json_response["pages"]).to eq(0)
+      end
+      it "can view all credit cards for user" do
+        api_get :index, user_id: current_api_user.id
+        expect(response.status).to eq(200)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["credit_cards"].length).to eq(1)
+        expect(json_response["credit_cards"].first["id"]).to eq(card.id)
+      end
+    end
+    context "calling user is not in admin role" do
+      let(:current_api_user) do
+        user = normal_user
+        user
+      end
+      let!(:card) { create(:credit_card, user_id: normal_user.id, gateway_customer_profile_id: "random") }
+      it "can not view user" do
+        api_get :index, user_id: admin_user.id
+        expect(response.status).to eq(404)
+      end
+      it "can view own credit cards" do
+        api_get :index, user_id: normal_user.id
+        expect(response.status).to eq(200)
+        expect(json_response["pages"]).to eq(1)
+        expect(json_response["current_page"]).to eq(1)
+        expect(json_response["credit_cards"].length).to eq(1)
+        expect(json_response["credit_cards"].first["id"]).to eq(card.id)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/customer_returns_controller_spec.rb ADDED Viewed

@@ -0,0 +1,27 @@
+require 'spec_helper'
+module Spree
+  describe Api::V1::CustomerReturnsController, type: :controller do
+    render_views
+    before do
+      stub_authentication!
+      @customer_return = create(:customer_return)
+    end
+    describe '#index' do
+      let(:order)           { customer_return.order }
+      let(:customer_return) { create(:customer_return) }
+      before do
+        api_get :index
+      end
+      it 'loads customer returns' do
+        expect(response.status).to eq(200)
+        expect(json_response['count']).to eq(1)
+      end
+    end
+  end
+end

data/spec/controllers/spree/api/v1/images_controller_spec.rb ADDED Viewed

@@ -0,0 +1,114 @@
+require 'spec_helper'
+module Spree
+  describe Api::V1::ImagesController, type: :controller do
+    render_views
+    let!(:product) { create(:product) }
+    let!(:attributes) { [:id, :position, :attachment_content_type,
+                         :attachment_file_name, :type, :attachment_updated_at, :attachment_width,
+                         :attachment_height, :alt] }
+    before do
+      stub_authentication!
+    end
+    context "as an admin" do
+      sign_in_as_admin!
+      it "can learn how to create a new image" do
+        api_get :new, product_id: product.id
+        expect(json_response["attributes"]).to eq(attributes.map(&:to_s))
+        expect(json_response["required_attributes"]).to be_empty
+      end
+      it "can upload a new image for a variant" do
+        expect do
+          api_post :create,
+                   image: { attachment: upload_image('thinking-cat.jpg'),
+                               viewable_type: 'Spree::Variant',
+                               viewable_id: product.master.to_param  },
+                   product_id: product.id
+          expect(response.status).to eq(201)
+          expect(json_response).to have_attributes(attributes)
+        end.to change(Image, :count).by(1)
+      end
+      it "can't upload a new image for a variant without attachment" do
+        api_post :create,
+                 image: { viewable_type: 'Spree::Variant',
+                          viewable_id: product.master.to_param
+                        },
+                 product_id: product.id
+        expect(response.status).to eq(422)
+      end
+      context "working with an existing image" do
+        let!(:product_image) { product.master.images.create!(attachment: image('thinking-cat.jpg')) }
+        it "can get a single product image" do
+          api_get :show, id: product_image.id, product_id: product.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_attributes(attributes)
+        end
+        it "can get a single variant image" do
+          api_get :show, id: product_image.id, variant_id: product.master.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_attributes(attributes)
+        end
+        it "can get a list of product images" do
+          api_get :index, product_id: product.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_key("images")
+          expect(json_response["images"].first).to have_attributes(attributes)
+        end
+        it "can get a list of variant images" do
+          api_get :index, variant_id: product.master.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_key("images")
+          expect(json_response["images"].first).to have_attributes(attributes)
+        end
+        it "can update image data" do
+          expect(product_image.position).to eq(1)
+          api_post :update, image: { position: 2 }, id: product_image.id, product_id: product.id
+          expect(response.status).to eq(200)
+          expect(json_response).to have_attributes(attributes)
+          expect(product_image.reload.position).to eq(2)
+        end
+        it "can't update an image without attachment" do
+          api_post :update,
+                   id: product_image.id, product_id: product.id
+          expect(response.status).to eq(422)
+        end
+        it "can delete an image" do
+          api_delete :destroy, id: product_image.id, product_id: product.id
+          expect(response.status).to eq(204)
+          expect { product_image.reload }.to raise_error(ActiveRecord::RecordNotFound)
+        end
+      end
+    end
+    context "as a non-admin" do
+      it "cannot create an image" do
+        api_post :create, product_id: product.id
+        assert_unauthorized!
+      end
+      it "cannot update an image" do
+        api_put :update, id: 1, product_id: product.id
+        assert_not_found!
+      end
+      it "cannot delete an image" do
+        api_delete :destroy, id: 1, product_id: product.id
+        assert_not_found!
+      end
+    end
+  end
+end