spree_cm_commissioner 2.1.7 → 2.1.9.pre.pre1

data/app/models/spree_cm_commissioner/inventory_item.rb

@@ -48,7 +48,7 @@ module SpreeCmCommissioner
     end
 
     def adjust_quantity_in_redis(quantity)
-      SpreeCmCommissioner.redis_pool.with do |redis|
+      SpreeCmCommissioner.inventory_redis_pool.with do |redis|
         cached_quantity_available = redis.get(redis_key)
         # ignore if redis doesn't exist
         return if cached_quantity_available.nil? # rubocop:disable Lint/NonLocalExitFromIterator

data/app/models/spree_cm_commissioner/invite_team.rb

@@ -14,6 +14,8 @@ module SpreeCmCommissioner
 
     validate :validate_roles
 
+    before_validation :normalize_email
+
     after_create :set_expiration
     after_create :send_team_invite_email
 
@@ -42,5 +44,11 @@ module SpreeCmCommissioner
     def url_valid?
       expires_at.present? && expires_at > Time.current
     end
+
+    private
+
+    def normalize_email
+      self.email = email.strip.downcase if email.present?
+    end
   end
 end

data/app/models/spree_cm_commissioner/redis_stock/cached_inventory_items_builder.rb

@@ -12,7 +12,7 @@ module SpreeCmCommissioner
         keys = inventory_items.map { |item| "inventory:#{item.id}" }
         return [] unless keys.any?
 
-        counts = SpreeCmCommissioner.redis_pool.with { |redis| redis.mget(*keys) }
+        counts = SpreeCmCommissioner.inventory_redis_pool.with { |redis| redis.mget(*keys) }
         inventory_items.map.with_index do |inventory_item, i|
           ::SpreeCmCommissioner::CachedInventoryItem.new(
             inventory_key: keys[i],
@@ -30,7 +30,7 @@ module SpreeCmCommissioner
         return count_in_redis.to_i if count_in_redis.present?
         return inventory_item.quantity_available unless inventory_item.active?
 
-        SpreeCmCommissioner.redis_pool.with do |redis|
+        SpreeCmCommissioner.inventory_redis_pool.with do |redis|
           redis.set(key, inventory_item.quantity_available, ex: inventory_item.redis_expired_in)
         end
 

data/app/models/spree_cm_commissioner/redis_stock/inventory_updater.rb

@@ -51,13 +51,13 @@ module SpreeCmCommissioner
       end
 
       def unstock(keys, quantities)
-        SpreeCmCommissioner.redis_pool.with do |redis|
+        SpreeCmCommissioner.inventory_redis_pool.with do |redis|
           redis.eval(unstock_redis_script, keys: keys, argv: quantities)
         end.positive?
       end
 
       def restock(keys, quantities)
-        SpreeCmCommissioner.redis_pool.with do |redis|
+        SpreeCmCommissioner.inventory_redis_pool.with do |redis|
           redis.eval(restock_redis_script, keys: keys, argv: quantities)
         end.positive?
       end

data/app/models/spree_cm_commissioner/seat_layout.rb

@@ -27,13 +27,13 @@ module SpreeCmCommissioner
 
     private
 
-    # layoutable (taxon, vehicle) must have seat_layout_id attribute,
+    # layoutable (taxon, vehicle) must have preload_seat_layout_id attribute,
     # either as a column or as a key in a JSONB column (e.g., metadata)
     def sync_seat_layout_id_to_layoutable!
       if destroyed?
-        layoutable.update!(seat_layout_id: nil)
+        layoutable.update!(preload_seat_layout_id: nil)
       else
-        layoutable.update!(seat_layout_id: id)
+        layoutable.update!(preload_seat_layout_id: id)
       end
     end
   end

data/app/models/spree_cm_commissioner/taxon_decorator.rb

@@ -1,20 +1,10 @@
 module SpreeCmCommissioner
   module TaxonDecorator
     def self.prepended(base) # rubocop:disable Metrics/AbcSize,Metrics/MethodLength
+      base.include SpreeCmCommissioner::StoreMetadata
       base.include SpreeCmCommissioner::TaxonKind
       base.include SpreeCmCommissioner::ParticipationTypeBitwise
-      base.include SpreeCmCommissioner::EventCheckInFlowable
-
-      base.preference :background_color, :string
-      base.preference :foreground_color, :string
-
-      # seat_layout_id:
-      #   This model has no seat_layout column (polymorphic association), so we store the seat_layout ID in public_metadata.
-      #   This lets us check if a seat layout exists without triggering a database query.
-      #   The ID is automatically updated whenever the seat_layout is saved.
-      base.store :public_metadata, accessors: %i[
-        seat_layout_id
-      ], coder: JSON
+      base.include SpreeCmCommissioner::EventMetadata
 
       base.has_many :taxon_vendors, class_name: 'SpreeCmCommissioner::TaxonVendor'
       base.has_many :vendors, through: :taxon_vendors
@@ -104,14 +94,6 @@ module SpreeCmCommissioner
       end
     end
 
-    def background_color
-      preferred_background_color
-    end
-
-    def foreground_color
-      preferred_foreground_color
-    end
-
     def set_kind
       self.kind = taxonomy.kind
     end

data/app/models/spree_cm_commissioner/trip.rb

@@ -1,16 +1,14 @@
 module SpreeCmCommissioner
   class Trip < Base
+    include SpreeCmCommissioner::StoreMetadata
     include SpreeCmCommissioner::RouteType
 
     attr_accessor :hours, :minutes, :seconds
 
-    # seat_layout_id:
-    #   This model has no seat_layout column (polymorphic association), so we store the seat_layout ID in public_metadata.
-    #   This lets us check if a seat layout exists without triggering a database query.
-    #   The ID is automatically updated whenever the seat_layout is saved.
-    store :public_metadata, accessors: %i[
-      seat_layout_id
-    ], coder: JSON
+    # This model has no seat_layout column (polymorphic association), so we store the preload_seat_layout_id ID in public_metadata.
+    # This lets us check if a seat layout exists without triggering a database query.
+    # The ID is automatically updated whenever the seat_layout is saved.
+    store_public_metadata :preload_seat_layout_id, :integer
 
     before_validation :convert_duration_to_seconds
 

data/app/models/spree_cm_commissioner/user_decorator.rb

@@ -46,6 +46,10 @@ module SpreeCmCommissioner
       # Store has_incomplete_guest_info in public_metadata for easy frontend access
       base.store :public_metadata, accessors: [:has_incomplete_guest_info], coder: JSON
 
+      base.devise :two_factor_authenticatable
+
+      base.store :private_metadata, accessors: %i[otp_secret otp_required_for_login consumed_timestep], coder: JSON
+
       define_user_places(base)
 
       def base.end_users
@@ -63,6 +67,18 @@ module SpreeCmCommissioner
       end
     end
 
+    def otp_secret
+      private_metadata['otp_secret']
+    end
+
+    def otp_required_for_login
+      private_metadata['otp_required_for_login']
+    end
+
+    def consumed_timestep
+      private_metadata['consumed_timestep']
+    end
+
     def self.define_user_places(base)
       base.has_many :user_places, class_name: 'SpreeCmCommissioner::UserPlace'
       base.has_many :places, through: :user_places, class_name: 'SpreeCmCommissioner::Place'

data/app/models/spree_cm_commissioner/vehicle.rb

@@ -1,14 +1,12 @@
 module SpreeCmCommissioner
   class Vehicle < Base
+    include SpreeCmCommissioner::StoreMetadata
     include SpreeCmCommissioner::VehicleType
 
-    # seat_layout_id:
-    #   This model has no seat_layout column (polymorphic association), so we store the seat_layout ID in public_metadata.
-    #   This lets us check if a seat layout exists without triggering a database query.
-    #   The ID is automatically updated whenever the seat_layout is saved.
-    store :public_metadata, accessors: %i[
-      seat_layout_id
-    ], coder: JSON
+    # This model has no seat_layout column (polymorphic association), so we store the preload_seat_layout_id ID in public_metadata.
+    # This lets us check if a seat layout exists without triggering a database query.
+    # The ID is automatically updated whenever the seat_layout is saved.
+    store_public_metadata :preload_seat_layout_id, :integer
 
     belongs_to :vendor, class_name: 'Spree::Vendor'
 

data/app/overrides/spree/admin/taxons/_form/background_color_and_foreground_color.html.erb.deface

@@ -4,17 +4,17 @@
 
 <div class="row <%= "d-none" unless @taxon.depth == 1 %>">
   <div class="col-md-6">
-    <%= f.label :preferred_background_color, Spree.t('background_color'), class: 'form-label' %>
-    <%= f.text_field :preferred_background_color, class: 'form-control color-picker', placeholder: '#FFFFFF', value: @object.preferred_background_color %>
+    <%= f.label :background_color, Spree.t('background_color'), class: 'form-label' %>
+    <%= f.text_field :background_color, class: 'form-control color-picker', placeholder: '#FFFFFF', value: @object.background_color %>
     <div class="color-preview" style="margin-top: 10px;">
-      <%= content_tag :div, nil, style: "background-color: #{@object.preferred_background_color}; width: 60px; height: 60px; border: 1px solid #ccc; box-sizing: border-box; display: block;" %>
+      <%= content_tag :div, nil, style: "background-color: #{@object.background_color}; width: 60px; height: 60px; border: 1px solid #ccc; box-sizing: border-box; display: block;" %>
     </div>
   </div>
   <div class="col-md-6">
-    <%= f.label :preferred_foreground_color, Spree.t('foreground_color'), class: 'form-label' %>
-    <%= f.text_field :preferred_foreground_color, class: 'form-control color-picker', placeholder: '#FFFFFF', value: @object.preferred_foreground_color %>
+    <%= f.label :foreground_color, Spree.t('foreground_color'), class: 'form-label' %>
+    <%= f.text_field :foreground_color, class: 'form-control color-picker', placeholder: '#FFFFFF', value: @object.foreground_color %>
     <div class="color-preview" style="margin-top: 10px;">
-      <%= content_tag :div, nil, style: "background-color: #{@object.preferred_foreground_color}; width: 60px; height: 60px; border: 1px solid #ccc; box-sizing: border-box; display: block;" %>
+      <%= content_tag :div, nil, style: "background-color: #{@object.foreground_color}; width: 60px; height: 60px; border: 1px solid #ccc; box-sizing: border-box; display: block;" %>
     </div>
   </div>
 </div>

data/app/overrides/spree/admin/taxons/_form/check_in_flows.html.erb.deface

@@ -2,17 +2,23 @@
 
 <%# Sections don't use video banner, so we hide the form here to avoid confusing admin. %>
 
-<%= f.field_container :preferred_group_check_in_enabled, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
-  <%= f.check_box :preferred_group_check_in_enabled, class: 'custom-control-input' %>
-  <%= f.label :preferred_group_check_in_enabled, Spree.t(:enable_group_check_in), class: 'custom-control-label' %>
-  <%= f.error_message_on :preferred_group_check_in_enabled %>
+<%= f.field_container :group_check_in_enabled, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
+  <%= f.check_box :group_check_in_enabled, class: 'custom-control-input' %>
+  <%= f.label :group_check_in_enabled, Spree.t(:enable_group_check_in), class: 'custom-control-label' %>
+  <%= f.error_message_on :group_check_in_enabled %>
   <small class="form-text text-muted">
     Enabled by default for most events where users can purchase multiple tickets or use group scanning. For large events (like PSK, ASK, etc.) or invitation-based events, you should disable this to ensure each ticket or invitation is scanned individually.
   </small>
 <% end if @taxon.event? && @taxon.depth == 1 %> %>
 
-<%= f.field_container :preferred_individual_check_in_enabled, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
-  <%= f.check_box :preferred_individual_check_in_enabled, class: 'custom-control-input' %>
-  <%= f.label :preferred_individual_check_in_enabled, Spree.t(:enable_individual_check_in), class: 'custom-control-label' %>
-  <%= f.error_message_on :preferred_individual_check_in_enabled %>
+<%= f.field_container :individual_check_in_enabled, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
+  <%= f.check_box :individual_check_in_enabled, class: 'custom-control-input' %>
+  <%= f.label :individual_check_in_enabled, Spree.t(:enable_individual_check_in), class: 'custom-control-label' %>
+  <%= f.error_message_on :individual_check_in_enabled %>
+<% end if @taxon.event? && @taxon.depth == 1 %> %>
+
+<%= f.field_container :allow_manual_search_for_operator, class: ['custom-control', 'custom-checkbox', 'my-4'] do %>
+  <%= f.check_box :allow_manual_search_for_operator, class: 'custom-control-input' %>
+  <%= f.label :allow_manual_search_for_operator, Spree.t(:allow_manual_search_for_operator), class: 'custom-control-label' %>
+  <%= f.error_message_on :allow_manual_search_for_operator %>
 <% end if @taxon.event? && @taxon.depth == 1 %> %>

data/app/overrides/spree/admin/users/_tabs/tabs.html.erb.deface

@@ -49,4 +49,10 @@
       admin_user_events_path(user_id: @user.id),
       class: "nav-link #{'active' if current == :user_events }" %>
   </li>
+  <li class="nav-item">
+    <%= link_to_with_icon 'shield-check.svg',
+      Spree.t(:security),
+      admin_user_security_path(@user),
+      class: "nav-link #{'active' if current == :security }" %>
+  </li>
 <% end %>

data/app/serializers/spree/v2/storefront/order_serializer_decorator.rb

@@ -0,0 +1,63 @@
+module Spree
+  module V2
+    module Storefront
+      module OrderSerializerDecorator
+        def self.prepended(base)
+          base.attribute :has_incomplete_guest_info do |order|
+            order.user.public_metadata['has_incomplete_guest_info'] || false
+          end
+
+          base.attribute :guest_info_status do |order|
+            {
+              incomplete: order_has_incomplete_guests?(order),
+              can_mark_complete: can_mark_complete?(order)
+            }
+          end
+        end
+
+        def self.order_has_incomplete_guests?(order)
+          order.line_items.any? do |line_item|
+            line_item.guests.any? do |guest|
+              guest_incomplete?(guest)
+            end
+          end
+        end
+
+        def self.guest_incomplete?(guest)
+          (guest.pre_registration_fields? && !guest.pre_registration_completed?) ||
+            (guest.post_registration_fields? && !guest.post_registration_completed?) ||
+            (guest.during_check_in_fields? && !guest.check_in_completed?)
+        end
+
+        def self.can_mark_complete?(order)
+          event_ended?(order) || all_guest_info_complete?(order)
+        end
+
+        def self.event_ended?(order)
+          order.line_items.any? { |line_item| event_ended_for_line_item?(line_item) }
+        end
+
+        def self.event_ended_for_line_item?(line_item)
+          event = line_item.event
+          event&.to_date.present? && event.to_date < Time.zone.today
+        end
+
+        def self.all_guest_info_complete?(order)
+          order.line_items.all? { |line_item| line_item_guests_complete?(line_item) }
+        end
+
+        def self.line_item_guests_complete?(line_item)
+          line_item.guests.all? { |guest| guest_complete?(guest) }
+        end
+
+        def self.guest_complete?(guest)
+          guest.pre_registration_completed? &&
+            (!guest.post_registration_fields? || guest.post_registration_completed?) &&
+            (!guest.during_check_in_fields? || guest.check_in_completed?)
+        end
+      end
+    end
+  end
+end
+
+Spree::V2::Storefront::OrderSerializer.prepend(Spree::V2::Storefront::OrderSerializerDecorator)

data/app/serializers/spree/v2/storefront/taxon_serializer_decorator.rb

@@ -18,7 +18,7 @@ module Spree
                           :purchasable_on, :vendor_id, :available_on, :hide_video_banner
 
           # To get full seat layout details, call the seat_layouts API with this ID.
-          base.attributes :seat_layout_id
+          base.attribute :seat_layout_id, &:preload_seat_layout_id
 
           base.attribute :purchasable_on_app do |taxon|
             taxon.purchasable_on == 'app' || taxon.purchasable_on == 'both'

data/app/serializers/spree_cm_commissioner/v2/operator/dashboard_crew_event_serializer.rb

@@ -5,6 +5,7 @@ module SpreeCmCommissioner
         attributes :id, :name, :permalink,
                    :from_date, :to_date,
                    :check_in_flows,
+                   :allow_manual_search_for_operator,
                    :updated_at
 
         has_many :children_classifications, serializer: :classification

data/app/views/spree/admin/user_security/show.html.erb

@@ -0,0 +1,25 @@
+<%= render partial: 'spree/admin/users/tabs', locals: { current: :security } %>
+
+<div class="card shadow-sm">
+  <div class="card-header bg-light">
+    <h5 class="card-title mb-0 h6">
+      <%= Spree.t(:two_factor_authentication) %>
+    </h5>
+  </div>
+
+  <div class="card-body text-center">
+    <% if @user.otp_secret.present? && @user.otp_required_for_login == true %>
+      <p class="text-muted mb-3">
+        Two-factor authentication is currently active for this user.
+      </p>
+      <%= button_to disable_authenticator_admin_user_security_path, method: :delete, class: "btn btn-danger btn-md",
+                    data: { confirm: "Are you sure?" } do %>
+          Disable 2FA
+      <% end %>
+    <% else %>
+      <p class="text-muted mb-0">
+        Two-factor authentication is <strong>not enabled</strong> for this user.
+      </p>
+    <% end %>
+  </div>
+</div>

data/config/initializers/spree_permitted_attributes.rb

@@ -31,10 +31,11 @@ module Spree
       from_date
       kind
       subtitle
-      preferred_background_color
-      preferred_foreground_color
-      preferred_group_check_in_enabled
-      preferred_individual_check_in_enabled
+      background_color
+      foreground_color
+      group_check_in_enabled
+      individual_check_in_enabled
+      allow_manual_search_for_operator
       show_badge_status
       purchasable_on
       available_on

data/config/locales/en.yml

@@ -30,6 +30,7 @@ en:
     incorrect_password: "Incorrect password"
     invalid_or_missing_params: "Invalid or missing params"
     invalid_client_credentials: "Invalid client credentials"
+    success_disabled_2fa: "Successfully disabled 2FA"
 
   hello: "Hello world"
 

data/config/routes.rb

@@ -91,6 +91,11 @@ Spree::Core::Engine.add_routes do
     resources :users do
       resources :device_tokens
       resources :user_identity_providers
+      resource :security, controller: :user_security, only: %i[show] do
+        member do
+          delete :disable_authenticator
+        end
+      end
     end
 
     resources :s3_presigned_urls, only: %i[create new]
@@ -472,6 +477,7 @@ Spree::Core::Engine.add_routes do
       end
 
       namespace :tenant do
+        resource :token, controller: :access_tokens, only: [:create]
         resources :vendors
         resources :products
         resources :taxons, only: %i[index show], id: /.+/
@@ -555,6 +561,7 @@ Spree::Core::Engine.add_routes do
       end
 
       namespace :storefront do
+        resource :token, controller: :access_tokens, only: [:create]
         resources :waiting_room_sessions, only: :create
         resources :vattanac_banks, only: %i[create]
         resource :cart, controller: :cart, only: %i[show create destroy] do
@@ -594,6 +601,10 @@ Spree::Core::Engine.add_routes do
 
         namespace :account do
           resource :preferred_payment_method, controller: :preferred_payment_method, only: %i[show update]
+          patch :mark_guest_info_complete, to: 'mark_guest_info_complete#update'
+          resources :guests, only: [] do
+            patch 'dynamic_fields/:phase', to: 'guest_dynamic_fields#update_dynamic_field', as: :update_dynamic_fields
+          end
         end
 
         resource :s3_signed_urls

data/docs/api/scoped-access-token-endpoints.md

@@ -0,0 +1,84 @@
+# Scoped Access Token Endpoints
+
+This document describes the new scoped access token endpoints that provide better security and clarity for different API usage patterns.
+
+## Overview
+
+Previously, all access tokens were retrieved via the generic `/oauth/token` endpoint, which made it difficult to apply security rules and prevent abuse. The new scoped endpoints provide:
+
+- **Clear separation** between storefront and tenant API usage
+- **Enhanced security** with application-specific validations
+- **Better monitoring** and logging capabilities
+- **Easier maintenance** and debugging
+
+## Endpoints
+
+### Storefront Access Token Endpoint
+
+**POST** `/api/v2/storefront/token`
+
+Issues access tokens for storefront applications.
+
+#### Example Response
+
+```json
+{
+  "access_token": "abc123...",
+  "token_type": "Bearer",
+  "expires_in": 86400,
+  "refresh_token": "def456...",
+  "created_at": 1640995200
+}
+```
+
+### Tenant Access Token Endpoint
+
+**POST** `/api/v2/tenant/token`
+
+Issues access tokens for tenant applications (third-party integrations, partner apps, etc.).
+
+#### Example Response
+
+```json
+{
+  "access_token": "xyz789...",
+  "token_type": "Bearer",
+  "expires_in": 86400,
+  "refresh_token": "uvw012...",
+  "created_at": 1640995200
+}
+```
+
+## Migration Guide
+
+### For Storefront Applications
+
+1. **Update endpoint URL**: Change from `/oauth/token` to `/api/v2/storefront/token`
+2. **No other changes required**: All existing parameters and flows work identically
+
+### For Tenant Applications
+
+1. **Update endpoint URL**: Change from `/oauth/token` to `/api/v2/tenant/token`
+2. **No other changes required**: All existing parameters and flows work identically
+
+### Legacy Support
+
+The original `/oauth/token` endpoint remains available.
+
+## Implementation
+
+### Controller Inheritance
+
+Both controllers inherit from `Doorkeeper::TokensController`.
+
+### Route Configuration
+
+```ruby
+namespace :storefront do
+  resource :token, controller: :access_tokens, only: [:create]
+end
+
+namespace :tenant do
+  resource :token, controller: :access_tokens, only: [:create]
+end
+```

data/lib/spree_cm_commissioner/version.rb

@@ -1,5 +1,5 @@
 module SpreeCmCommissioner
-  VERSION = '2.1.7'.freeze
+  VERSION = '2.1.9-pre1'.freeze
 
   module_function
 

data/lib/spree_cm_commissioner.rb

@@ -46,32 +46,55 @@ require 'premailer/rails'
 require 'cm_app_logger'
 require 'counter_culture'
 require 'paper_trail'
+require 'devise-two-factor'
 
 require 'byebug' if Rails.env.development? || Rails.env.test?
 
 module SpreeCmCommissioner
   class << self
-    # Allows overriding the default Redis connection pool with a custom one
-    attr_writer :redis_pool
+    # Allows overriding the default Redis connection pools with custom ones
+    attr_writer :inventory_redis_pool, :external_integrations_redis_pool
 
-    def redis_pool
-      @redis_pool ||= default_redis_pool
+    # Inventory Redis pool for inventory management
+    def inventory_redis_pool
+      @inventory_redis_pool ||= default_inventory_redis_pool
     end
 
-    # Resets the Redis pool, useful for testing or reinitialization
-    def reset_redis_pool
-      @redis_pool = nil
+    # External integrations Redis pool for external API integrations
+    def external_integrations_redis_pool
+      @external_integrations_redis_pool ||= default_external_integrations_redis_pool
+    end
+
+    # Resets all Redis pools, useful for testing or reinitialization
+    def reset_redis_pools
+      @inventory_redis_pool = nil
+      @external_integrations_redis_pool = nil
     end
 
     private
 
-    def default_redis_pool
-      pool_size = ENV.fetch('REDIS_POOL_SIZE', '5').to_i
-      timeout = ENV.fetch('REDIS_TIMEOUT', '5').to_i
-      redis_url = ENV.fetch('REDIS_URL', 'redis://localhost:6379/12')
+    def default_inventory_redis_pool
+      create_redis_pool(
+        url: ENV.fetch('REDIS_INVENTORY_URL', ENV.fetch('REDIS_URL', 'redis://localhost:6379/12')),
+        pool_size: ENV.fetch('REDIS_INVENTORY_POOL_SIZE', ENV.fetch('REDIS_POOL_SIZE', '5')).to_i,
+        timeout: ENV.fetch('REDIS_TIMEOUT', '5').to_i
+      )
+    end
+
+    def default_external_integrations_redis_pool
+      create_redis_pool(
+        url: ENV.fetch('REDIS_EXTERNAL_INTEGRATIONS_URL', ENV.fetch('REDIS_URL', 'redis://localhost:6379/13')),
+        pool_size: ENV.fetch('REDIS_EXTERNAL_INTEGRATIONS_POOL_SIZE', ENV.fetch('REDIS_POOL_SIZE', '5')).to_i,
+        timeout: ENV.fetch('REDIS_TIMEOUT', '5').to_i
+      )
+    end
+
+    def create_redis_pool(url:, pool_size:, timeout:)
+      ssl_params = {}
+      ssl_params.merge!({ verify_mode: OpenSSL::SSL::VERIFY_NONE }) if ENV['HEROKU_APP_ID'].present?
 
       ConnectionPool.new(size: pool_size, timeout: timeout) do
-        Redis.new(url: redis_url, timeout: timeout)
+        Redis.new(url: url, timeout: timeout, ssl_params: ssl_params)
       end
     end
   end

data/spree_cm_commissioner.gemspec

@@ -55,6 +55,7 @@ Gem::Specification.new do |s|
   s.add_dependency "premailer-rails"
   s.add_dependency 'counter_culture', '~> 3.2'
   s.add_dependency 'paper_trail', '~> 16.0'
+  s.add_dependency 'devise-two-factor'
 
   # Redis
   s.add_dependency 'redis'