spree_cm_commissioner 2.1.6 → 2.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a95912c38ef5e186747ac34d70d48d7f08db4fc4f4c69412f32706f3d72fd678
-  data.tar.gz: ca0e0437c30f7ecf6a0fb6a91aa8186126c02e8e671c9b98249261bd2c61ffea
+  metadata.gz: 36165e2d7e9f037f00a0590045ae9c6171825a79f0499ec4cb70af91a246b0d5
+  data.tar.gz: b6d46f79ab01845de456585f50881dbca8b0b28d208e2db386a1833a9dfe1b30
 SHA512:
-  metadata.gz: c4fcf779134f8a8a8e5e94d7da2796899f1c32efe9e588e7fe314ddda4584b5c9c2c22766c7e3860d5a2b1ace1989ee6077f2e50b43fe9d879b2885b32033e00
-  data.tar.gz: 255a2d1f41917634ef14529eaa5e35d648dcbe748b87191f3c4457d8ab544dac50cef02b6e68f58000aae2c8b71dbb65a91e46a71576b3416ff1dc334085427a
+  metadata.gz: bd7ac99403f71109009b3d06dff1fc5a72b61b833d00e27f2a7513c552f7005782ff819a5e69ca67d64160865af6fabf4dd9554f7253b3cbd85ea4ba283b555a
+  data.tar.gz: f7d227c43eb5ecfc72eeebbf715e651f576f998a769106a1303e647680a9b4e82820b1e31e3c3b10299a1ee79fa6da9fde4fce5ea9ec62074b62d5b6e937d560

data/Gemfile.lock

@@ -34,7 +34,7 @@ GIT
 PATH
   remote: .
   specs:
-    spree_cm_commissioner (2.1.6)
+    spree_cm_commissioner (2.1.8)
       activerecord-multi-tenant
       activerecord_json_validator (~> 2.1, >= 2.1.3)
       aws-sdk-cloudfront
@@ -44,6 +44,7 @@ PATH
       byebug
       connection_pool
       counter_culture (~> 3.2)
+      devise-two-factor
       dry-validation (~> 1.10)
       elasticsearch (~> 8.5)
       exception_notification
@@ -291,6 +292,11 @@ GEM
       warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
+    devise-two-factor (6.1.0)
+      activesupport (>= 7.0, < 8.1)
+      devise (~> 4.0)
+      railties (>= 7.0, < 8.1)
+      rotp (~> 6.0)
     diff-lcs (1.5.0)
     docile (1.4.0)
     domain_name (0.5.20190701)
@@ -701,6 +707,7 @@ GEM
       railties (>= 5.2)
     retriable (3.1.2)
     rexml (3.2.6)
+    rotp (6.3.0)
     rqrcode (2.2.0)
       chunky_png (~> 1.0)
       rqrcode_core (~> 1.0)

data/app/controllers/spree/admin/product_completion_steps_controller.rb

@@ -7,7 +7,8 @@ module Spree
 
       def load_step_types
         @step_types = [
-          'SpreeCmCommissioner::ProductCompletionSteps::ChatraceTelegram'
+          'SpreeCmCommissioner::ProductCompletionSteps::ChatraceTelegram',
+          'SpreeCmCommissioner::ProductCompletionSteps::SocialEntryUrl'
         ]
       end
 
@@ -21,7 +22,7 @@ module Spree
 
       # @overrided
       def collection
-        parent.product_completion_steps
+        parent.product_completion_steps.order(:position)
       end
 
       # @overrided

data/app/controllers/spree/admin/user_security_controller.rb

@@ -0,0 +1,25 @@
+module Spree
+  module Admin
+    class UserSecurityController < Spree::Admin::BaseController
+      before_action :load_user
+
+      def disable_authenticator
+        @user.otp_secret = nil
+        @user.otp_required_for_login = false
+        begin
+          @user.save!
+          flash[:success] = I18n.t('authenticator.success_disabled_2fa')
+        rescue StandardError => e
+          flash[:error] = "Failed to disable 2FA: #{e.message}"
+        end
+        redirect_to admin_user_security_path(@user)
+      end
+
+      private
+
+      def load_user
+        @user = Spree::User.find(params[:user_id])
+      end
+    end
+  end
+end

data/app/controllers/spree/api/v2/tenant/line_items_controller.rb

@@ -18,6 +18,34 @@ module Spree
             render_serialized_payload { serialize_resource(line_item) }
           end
 
+          def mark_as_completed # rubocop:disable Metrics/PerceivedComplexity
+            line_item = Spree::LineItem.find(params[:id])
+
+            metadata = (line_item.public_metadata || {}).deep_transform_keys(&:to_s)
+            steps = metadata['completion_steps']
+
+            if steps.present? && steps.is_a?(Array)
+              step = steps.find { |s| s['position'] == 1 } || steps[0]
+
+              if step
+                if step['action_url'].present?
+                  step['completed'] = true
+                  metadata['completion_steps'] = steps
+                  line_item.public_metadata = metadata
+                  line_item.save!
+
+                  render_serialized_payload { serialize_resource(line_item) }
+                else
+                  render_error_payload('Action url is nil, cannot update to completed')
+                end
+              else
+                render_error_payload('Step with position 1 not found')
+              end
+            else
+              render_error_payload('completion_steps does not exist for this line_item')
+            end
+          end
+
           private
 
           def allowed_sort_attributes

data/app/interactors/spree_cm_commissioner/pin_code_creator.rb

@@ -2,8 +2,9 @@ module SpreeCmCommissioner
   class PinCodeCreator < BaseInteractor
     def call
       set_contact
+      set_application
 
-      attrs = { contact: context.contact, contact_type: context.contact_type, type: context.type }
+      attrs = { contact: context.contact, contact_type: context.contact_type, type: context.type, application: context.application }
       new_pin_code = SpreeCmCommissioner::PinCode.new(attrs)
 
       if new_pin_code.save
@@ -29,5 +30,14 @@ module SpreeCmCommissioner
         context.contact_type = :phone_number
       end
     end
+
+    def set_application
+      return nil if context.tenant.blank?
+
+      context.application = Spree::OauthApplication.find_by(tenant_id: context.tenant.id)
+      context.fail!(message: I18n.t('pincode_creator.application_not_found')) if context.application.nil?
+
+      context.application
+    end
   end
 end

data/app/interactors/spree_cm_commissioner/pin_code_sender.rb

@@ -18,6 +18,7 @@ module  SpreeCmCommissioner
 
     def send_sms
       options = {
+        from: context.pin_code&.application&.sms_sender_id,
         to: context.pin_code.contact,
         body: I18n.t('pincode_sender.sms.body', code: context.pin_code.code, readable_type: context.pin_code.readable_type)
       }

data/app/interactors/spree_cm_commissioner/sms.rb

@@ -48,7 +48,7 @@ module  SpreeCmCommissioner
     end
 
     def from_number
-      context.from || ENV['SMS_SENDER_ID'].presence || 'SMS Info'
+      context.from.presence || ENV['SMS_SENDER_ID'].presence || 'SMS Info'
     end
 
     def sanitize(number)

data/app/jobs/spree_cm_commissioner/sms_pin_code_job.rb

@@ -1,6 +1,6 @@
 module SpreeCmCommissioner
   class SmsPinCodeJob < SpreeCmCommissioner::SmsJob
-    # options = { to: xxxx, body: xxxx }
+    # options = { from: xxxx, to: xxxx, body: xxxx }
     def perform(options)
       SpreeCmCommissioner::Sms.call(options)
     end

data/app/models/spree_cm_commissioner/block.rb

@@ -13,6 +13,10 @@ module SpreeCmCommissioner
     belongs_to :seat_layout, class_name: 'SpreeCmCommissioner::SeatLayout', optional: false
     belongs_to :variant, class_name: 'Spree::Variant', optional: true
 
+    has_many :all_reserved_blocks, class_name: 'SpreeCmCommissioner::ReservedBlock', dependent: :destroy
+    has_many :reserved_blocks, -> { reserved }, class_name: 'SpreeCmCommissioner::ReservedBlock', dependent: :destroy
+    has_many :active_on_hold_reserved_blocks, -> { reserved_or_on_hold }, class_name: 'SpreeCmCommissioner::ReservedBlock', dependent: :destroy
+
     validates :label, presence: true, if: :label_required?
     validates :width, presence: true, numericality: { greater_than: 0 }
     validates :height, presence: true, numericality: { greater_than: 0 }

data/app/models/spree_cm_commissioner/line_item_decorator.rb

@@ -26,6 +26,8 @@ module SpreeCmCommissioner
 
       base.before_save :update_vendor_id
 
+      base.after_commit :persist_completion_steps_to_public_metadata, on: :create
+
       base.before_create :add_due_date, if: :subscription?
 
       base.validate :ensure_not_exceed_max_quantity_per_order, if: -> { variant&.max_quantity_per_order.present? }
@@ -196,9 +198,7 @@ module SpreeCmCommissioner
     end
 
     def completion_steps
-      @completion_steps ||= product_completion_steps.map do |completion_step|
-        completion_step.construct_hash(line_item: self)
-      end
+      public_metadata[:completion_steps] || []
     end
 
     # override
@@ -217,6 +217,16 @@ module SpreeCmCommissioner
 
     private
 
+    def persist_completion_steps_to_public_metadata
+      steps = product_completion_steps.order(:position).map do |pcs|
+        pcs.construct_hash(line_item: self).except(:completed).merge(
+          id: pcs.id,
+          completed: false
+        )
+      end
+      update_column(:public_metadata, (public_metadata || {}).merge(completion_steps: steps)) # rubocop:disable Rails/SkipsModelValidations
+    end
+
     def ensure_not_exceed_max_quantity_per_order
       errors.add(:quantity, I18n.t('line_item.validation.exceeded_max_quantity_per_order')) if quantity > variant.max_quantity_per_order
     end

data/app/models/spree_cm_commissioner/oauth_application_decorator.rb

@@ -2,6 +2,10 @@ module SpreeCmCommissioner
   module OauthApplicationDecorator
     def self.prepended(base)
       base.belongs_to :tenant, class_name: 'SpreeCmCommissioner::Tenant'
+
+      # treat a key inside a JSONB column like a normal Rails attribute,
+      # with getter/setter methods
+      base.store_accessor :settings, :sms_sender_id
     end
   end
 end

data/app/models/spree_cm_commissioner/pin_code.rb

@@ -18,6 +18,8 @@ module SpreeCmCommissioner
     PIN_CODE_MISMATCHED = 'not_match'.freeze
     PIN_CODE_OK = 'ok'.freeze
 
+    belongs_to :application, class_name: 'Spree::OauthApplication', optional: true
+
     def check?(code)
       return PIN_CODE_EXPIRED if expired?
       return PIN_CODE_ATTEMPT_REACHED if number_of_attempt_reached?

data/app/models/spree_cm_commissioner/product_completion_step.rb

@@ -4,6 +4,10 @@ module SpreeCmCommissioner
 
     belongs_to :product, class_name: '::Spree::Product', optional: false
 
+    after_save :propagate_completion_steps_to_line_items
+
+    after_destroy_commit :propagate_completion_steps_to_line_items
+
     def action_url_for(_line_item)
       nil
     end
@@ -23,5 +27,38 @@ module SpreeCmCommissioner
         completed: completed?(line_item)
       }
     end
+
+    private
+
+    def propagate_completion_steps_to_line_items
+      product.line_items.find_each do |line_item|
+        propagate_to_line_item(line_item)
+      end
+    end
+
+    def propagate_to_line_item(line_item)
+      current_metadata = line_item.reload.public_metadata || {}
+      stored_steps = Array(current_metadata[:completion_steps])
+
+      fresh_steps = product.product_completion_steps.order(:position).map do |pcs|
+        base_attrs = pcs.construct_hash(line_item: line_item).except(:completed)
+
+        previous =
+          stored_steps.find { |s| s[:id] == pcs.id } ||
+          stored_steps.find { |s| s[:type] == pcs.type&.underscore && s[:position] == pcs.position }
+
+        completed_flag = previous&.dig(:completed) ? true : false
+
+        base_attrs.merge(
+          id: pcs.id,
+          completed: completed_flag
+        )
+      end
+
+      line_item.update_column( # rubocop:disable Rails/SkipsModelValidations
+        :public_metadata,
+        current_metadata.merge(completion_steps: fresh_steps)
+      )
+    end
   end
 end

data/app/models/spree_cm_commissioner/product_completion_steps/social_entry_url.rb

@@ -0,0 +1,17 @@
+module SpreeCmCommissioner
+  module ProductCompletionSteps
+    class SocialEntryUrl < ProductCompletionStep
+      # eg. https://t.me/ThePlatformKHBot?start=bookmeplus
+      preference :entry_point_link, :string
+
+      # override
+      def action_url_for(_line_item)
+        preferred_entry_point_link.presence
+      end
+
+      def completed?(_line_item)
+        false
+      end
+    end
+  end
+end

data/app/models/spree_cm_commissioner/seat_layout.rb

@@ -6,6 +6,11 @@ module SpreeCmCommissioner
     has_many :top_level_blocks, -> { where(seat_section_id: nil) }, class_name: 'SpreeCmCommissioner::Block', dependent: :destroy
     has_many :section_blocks, -> { where.not(seat_section_id: nil) }, class_name: 'SpreeCmCommissioner::Block' # destroy is handled by seat_section
 
+    has_many :reserved_blocks, class_name: 'SpreeCmCommissioner::ReservedBlock', through: :blocks, source: :all_reserved_blocks
+    has_many :active_on_hold_reserved_blocks, class_name: 'SpreeCmCommissioner::ReservedBlock',
+                                              through: :blocks,
+                                              source: :active_on_hold_reserved_blocks
+
     belongs_to :layoutable, polymorphic: true
 
     enum status: {

data/app/models/spree_cm_commissioner/user_decorator.rb

@@ -46,6 +46,10 @@ module SpreeCmCommissioner
       # Store has_incomplete_guest_info in public_metadata for easy frontend access
       base.store :public_metadata, accessors: [:has_incomplete_guest_info], coder: JSON
 
+      base.devise :two_factor_authenticatable
+
+      base.store :private_metadata, accessors: %i[otp_secret otp_required_for_login consumed_timestep], coder: JSON
+
       define_user_places(base)
 
       def base.end_users
@@ -63,6 +67,18 @@ module SpreeCmCommissioner
       end
     end
 
+    def otp_secret
+      private_metadata['otp_secret']
+    end
+
+    def otp_required_for_login
+      private_metadata['otp_required_for_login']
+    end
+
+    def consumed_timestep
+      private_metadata['consumed_timestep']
+    end
+
     def self.define_user_places(base)
       base.has_many :user_places, class_name: 'SpreeCmCommissioner::UserPlace'
       base.has_many :places, through: :user_places, class_name: 'SpreeCmCommissioner::Place'

data/app/overrides/spree/admin/oauth_applications/_form/tenant_fields.html.erb.deface

@@ -5,3 +5,9 @@
   <%= f.collection_select :tenant_id, SpreeCmCommissioner::Tenant.all, :id, :name, { prompt: Spree.t(:select_tenant) }, { class: 'form-control select2' } %>
   <%= f.error_message_on :tenant_id %>
 <% end %>
+
+<%= f.field_container :sms_sender_id, 'data-hook' => "oauth_application_settings_sms_sender_id" do %>
+  <%= f.label :sms_sender_id, raw('SMS Sender ID (optional)') %>
+  <%= f.text_field :sms_sender_id, class: 'form-control' %>
+  <%= f.error_message_on :sms_sender_id %>
+<% end %>

data/app/overrides/spree/admin/users/_tabs/tabs.html.erb.deface

@@ -49,4 +49,10 @@
       admin_user_events_path(user_id: @user.id),
       class: "nav-link #{'active' if current == :user_events }" %>
   </li>
+  <li class="nav-item">
+    <%= link_to_with_icon 'shield-check.svg',
+      Spree.t(:security),
+      admin_user_security_path(@user),
+      class: "nav-link #{'active' if current == :security }" %>
+  </li>
 <% end %>

data/app/views/spree/admin/product_completion_steps/_form.html.erb

@@ -8,7 +8,7 @@
         <div class="card-body">
           <%= f.field_container :type, 'data-hook' => 'type' do %>
             <%= f.label :type, Spree.t(:type) %>
-            <%= f.select(:type, SpreeCmCommissioner::ProductCompletionStep.descendants.map { |v| [v.to_s.demodulize, v.to_s] }, {}, { class: 'select2' }) %>
+            <%= f.select(:type, @step_types.map { |t| [t.demodulize, t] }, {}, { class: 'select2' }) %>
           <% end %>
 
           <%= f.field_container :title, 'data-hook' => 'title' do %>

data/app/views/spree/admin/user_security/show.html.erb

@@ -0,0 +1,25 @@
+<%= render partial: 'spree/admin/users/tabs', locals: { current: :security } %>
+
+<div class="card shadow-sm">
+  <div class="card-header bg-light">
+    <h5 class="card-title mb-0 h6">
+      <%= Spree.t(:two_factor_authentication) %>
+    </h5>
+  </div>
+
+  <div class="card-body text-center">
+    <% if @user.otp_secret.present? && @user.otp_required_for_login == true %>
+      <p class="text-muted mb-3">
+        Two-factor authentication is currently active for this user.
+      </p>
+      <%= button_to disable_authenticator_admin_user_security_path, method: :delete, class: "btn btn-danger btn-md",
+                    data: { confirm: "Are you sure?" } do %>
+          Disable 2FA
+      <% end %>
+    <% else %>
+      <p class="text-muted mb-0">
+        Two-factor authentication is <strong>not enabled</strong> for this user.
+      </p>
+    <% end %>
+  </div>
+</div>

data/config/locales/en.yml

@@ -11,9 +11,12 @@ en:
     body:
       blank: "sms content can not be blank"
       already_exist: "%{login} already exist"
+
   pincode_creator:
     invalid_phone_number: "Invalid phone number"
     invalid_email_address: "Invalid email address"
+    application_not_found: "Application not found"
+
   pincode_checker:
     error_type:
       not_found: "Verification Code not found!"
@@ -21,11 +24,13 @@ en:
       reached_max_attempt: "Verification Code already reach max attempt!"
       not_match: "Verification code is not valid"
       ok: "Verification code is valid"
+
   authenticator:
     incorrect_login: "Incorrect login"
     incorrect_password: "Incorrect password"
     invalid_or_missing_params: "Invalid or missing params"
     invalid_client_credentials: "Invalid client credentials"
+    success_disabled_2fa: "Successfully disabled 2FA"
 
   hello: "Hello world"
 

data/config/locales/km.yml

@@ -22,12 +22,20 @@ km:
       blank: "recipient can not be blank"
     body:
       blank: "sms content can not be blank"
-
       already_exist: "%{login} already exist"
 
   pincode_creator:
     invalid_phone_number: "លេខទូរសព្ទមិនត្រឹមត្រូវ"
     invalid_email_address: "អ៊ីមែលមិនត្រឹមត្រូវ"
+    application_not_found: "រកមិនឃើញកម្មវិធី"
+
+  pincode_checker:
+    error_type:
+      not_found: "រកមិនឃើញលេខសម្ងាត់"
+      expired: "លេខសម្ងាត់បានផុតកំណត់"
+      reached_max_attempt: "បានដល់កម្រិតអតិបរមា"
+      not_match: "លេខសម្ងាត់មិនត្រឹមត្រូវ"
+      ok: "លេខសម្ងាត់ត្រឹមត្រូវ"
 
   authenticator:
     incorrect_login: "ពត៌មានមិនត្រឹមត្រូវ"

data/config/routes.rb

@@ -91,6 +91,11 @@ Spree::Core::Engine.add_routes do
     resources :users do
       resources :device_tokens
       resources :user_identity_providers
+      resource :security, controller: :user_security, only: %i[show] do
+        member do
+          delete :disable_authenticator
+        end
+      end
     end
 
     resources :s3_presigned_urls, only: %i[create new]
@@ -531,7 +536,12 @@ Spree::Core::Engine.add_routes do
         resources :cart_payment_method_groups, only: %i[index]
         resource :s3_signed_urls
         resource :profile_images, only: %i[update destroy]
-        resources :line_items, only: %i[index show]
+        resources :line_items, only: %i[index show update] do
+          member do
+            patch :mark_as_completed
+          end
+        end
+
         resources :guest_card_classes
         resources :tickets, only: :index
 

data/db/migrate/20250930094228_add_application_id_to_cm_pin_codes.rb

@@ -0,0 +1,10 @@
+class AddApplicationIdToCmPinCodes < ActiveRecord::Migration[7.0]
+  def change
+    unless column_exists?(:cm_pin_codes, :application_id)
+      add_reference :cm_pin_codes,
+                    :application,
+                    foreign_key: { to_table: :spree_oauth_applications },
+                    index: true
+    end
+  end
+end

data/db/migrate/20250930100657_add_settings_to_spree_oauth_applications.rb

@@ -0,0 +1,7 @@
+class AddSettingsToSpreeOauthApplications < ActiveRecord::Migration[7.0]
+  def change
+    unless column_exists?(:spree_oauth_applications, :settings, :jsonb)
+      add_column :spree_oauth_applications, :settings, :jsonb, default: {}, null: false
+    end
+  end
+end

data/lib/spree_cm_commissioner/test_helper/factories/pin_code_factory.rb

@@ -18,5 +18,9 @@ FactoryBot.define do
       contact_type { :phone_number }
       sequence(:contact) { |n| "087420441#{n}" }
     end
+
+    trait :with_application do
+      association :application, factory: :oauth_application
+    end
   end
 end

data/lib/spree_cm_commissioner/version.rb

@@ -1,5 +1,5 @@
 module SpreeCmCommissioner
-  VERSION = '2.1.6'.freeze
+  VERSION = '2.1.8'.freeze
 
   module_function
 

data/lib/spree_cm_commissioner.rb

@@ -46,6 +46,7 @@ require 'premailer/rails'
 require 'cm_app_logger'
 require 'counter_culture'
 require 'paper_trail'
+require 'devise-two-factor'
 
 require 'byebug' if Rails.env.development? || Rails.env.test?
 

data/spree_cm_commissioner.gemspec

@@ -55,6 +55,7 @@ Gem::Specification.new do |s|
   s.add_dependency "premailer-rails"
   s.add_dependency 'counter_culture', '~> 3.2'
   s.add_dependency 'paper_trail', '~> 16.0'
+  s.add_dependency 'devise-two-factor'
 
   # Redis
   s.add_dependency 'redis'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spree_cm_commissioner
 version: !ruby/object:Gem::Version
-  version: 2.1.6
+  version: 2.1.8
 platform: ruby
 authors:
 - You
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-29 00:00:00.000000000 Z
+date: 2025-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: spree
@@ -478,6 +478,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '16.0'
+- !ruby/object:Gem::Dependency
+  name: devise-two-factor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: redis
   requirement: !ruby/object:Gem::Requirement
@@ -851,6 +865,7 @@ files:
 - app/controllers/spree/admin/trip_blazer_queries_controller.rb
 - app/controllers/spree/admin/user_events_controller.rb
 - app/controllers/spree/admin/user_identity_providers_controller.rb
+- app/controllers/spree/admin/user_security_controller.rb
 - app/controllers/spree/admin/users_controller_decorator.rb
 - app/controllers/spree/admin/variant_guest_card_classes_controller.rb
 - app/controllers/spree/admin/vectors/icons_controller.rb
@@ -1423,6 +1438,7 @@ files:
 - app/models/spree_cm_commissioner/price_decorator.rb
 - app/models/spree_cm_commissioner/product_completion_step.rb
 - app/models/spree_cm_commissioner/product_completion_steps/chatrace_telegram.rb
+- app/models/spree_cm_commissioner/product_completion_steps/social_entry_url.rb
 - app/models/spree_cm_commissioner/product_decorator.rb
 - app/models/spree_cm_commissioner/product_dynamic_field.rb
 - app/models/spree_cm_commissioner/product_google_wallet.rb
@@ -2084,6 +2100,7 @@ files:
 - app/views/spree/admin/user_identity_providers/edit.html.erb
 - app/views/spree/admin/user_identity_providers/index.html.erb
 - app/views/spree/admin/user_identity_providers/new.html.erb
+- app/views/spree/admin/user_security/show.html.erb
 - app/views/spree/admin/variant_guest_card_classes/_variant_guest_card_class.html.erb
 - app/views/spree/admin/variant_guest_card_classes/index.html.erb
 - app/views/spree/admin/variants/_date_field.html.erb
@@ -2753,6 +2770,8 @@ files:
 - db/migrate/20250911174607_add_metadata_columns_to_cm_vehicles.rb
 - db/migrate/20250911174653_add_metadata_columns_to_cm_trips.rb
 - db/migrate/20250912084944_add_send_type_to_sms_log.rb
+- db/migrate/20250930094228_add_application_id_to_cm_pin_codes.rb
+- db/migrate/20250930100657_add_settings_to_spree_oauth_applications.rb
 - docker-compose.yml
 - docs/option_types/attr_types.md
 - docs/private_key.pem