spree_core 5.4.0.rc2 → 5.4.0.rc4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5de0595dccb2046acb60805390c641e66c9e87c070c25df2587d5a8eaf9bc358
-  data.tar.gz: 6cd99e1b81481dd826565d1f579ea64965dfa04a808905f830505110f330473d
+  metadata.gz: 7bc3a50296fda5fe9d3f9cfa5ec4547b44e8dc7c718634f0de73314d55210479
+  data.tar.gz: 74757285458b4d4a322d5cdc0ea550c4fe7e9ca9de25095fba0371b6c1fb1e93
 SHA512:
-  metadata.gz: 1d27ab08a797c2f5419f36bd3ad368f1cecaf6610d1ca9289e9b5dea81f62a4856b8b767b23129b1dd20e0e0fd0c02f619581e58b7b347642cc801a2808de453
-  data.tar.gz: d551a808c3d989cf88e02c18b00bd9582b7672459b59e9c0ea281b6797cf5b0b95b698e32f98adc7a180723ab98e84aae99bc163ac5ee7de7a3d6745abc97e80
+  metadata.gz: c9ce63a0797b37332944d4d1df8e60f132c27af526e970fd290f993d03b0d9fbf1fcbb1c2c3b55d37184cc10f72b884c79ec68b42398928cbc490a5b55a982c5
+  data.tar.gz: 14e3357af8ce8cdb75764e15b14759fe4ff37f132a32242b87c269d3137c6f41d11071415be24975c71e4086df5a45b5853840a68dca91ea9541857bd7b18d78

data/app/mailers/spree/webhook_mailer.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Spree
+  class WebhookMailer < BaseMailer
+    def endpoint_disabled(webhook_endpoint)
+      @endpoint = webhook_endpoint
+      @current_store = webhook_endpoint.store
+
+      mail(
+        to: @current_store.new_order_notifications_email.presence || @current_store.mail_from_address,
+        from: from_address,
+        subject: Spree.t('webhook_mailer.endpoint_disabled.subject', endpoint_name: @endpoint.name || @endpoint.url),
+        store_url: @current_store.formatted_url
+      )
+    end
+  end
+end

data/app/models/concerns/spree/product_scopes.rb

@@ -3,6 +3,16 @@ module Spree
     extend ActiveSupport::Concern
 
     included do
+      cattr_accessor :search_scopes do
+        []
+      end
+
+      def self.add_search_scope(name, &block)
+        Spree::Deprecation.warn("add_search_scope is deprecated and will be removed in Spree 6.0. Use scope :#{name}, &block instead or use method instead")
+        singleton_class.send(:define_method, name.to_sym, &block)
+        search_scopes << name.to_sym
+      end
+
       scope :ascend_by_updated_at, -> { order("#{Product.quoted_table_name}.updated_at ASC") }
       scope :descend_by_updated_at, -> { order("#{Product.quoted_table_name}.updated_at DESC") }
       scope :ascend_by_name, -> { order("#{Product.quoted_table_name}.name ASC") }
@@ -137,8 +147,32 @@ module Spree
           where("#{Classification.table_name}.taxon_id" => taxon.cached_self_and_descendants_ids).distinct
       }
 
-      # Alias for in_taxon — public API name
-      scope :in_category, ->(category) { in_taxon(category) }
+      # Products in a category AND all its descendants.
+      # Accepts a Category record or a prefixed ID string (e.g. 'ctg_xxx').
+      def self.in_category(category_or_id)
+        category = category_or_id.is_a?(String) ? Spree::Taxon.find_by_prefix_id(category_or_id) : category_or_id
+        return none unless category
+
+        in_taxon(category)
+      end
+
+      # Products in ANY of the given categories (OR logic), each including descendants.
+      # Accepts an array of Category records, prefixed ID strings, or a mix.
+      def self.in_categories(*categories_or_ids)
+        categories_or_ids = categories_or_ids.flatten.compact
+        return none if categories_or_ids.empty?
+
+        ids, records = categories_or_ids.partition { |c| c.is_a?(String) }
+        if ids.any?
+          decoded = ids.filter_map { |id| Spree::Taxon.decode_prefixed_id(id) }
+          records += Spree::Taxon.where(id: decoded).to_a if decoded.any?
+        end
+        return none if records.empty?
+
+        taxon_ids = records.flat_map(&:cached_self_and_descendants_ids).uniq
+
+        joins(:classifications).where(Classification.table_name => { taxon_id: taxon_ids }).distinct
+      end
 
       # Deprecated — remove in 6.0. Use in_taxon instead.
       def self.in_taxons(*taxons)
@@ -190,21 +224,31 @@ module Spree
           where(Spree::OptionValue.table_name => { name: value, option_type_id: option_type_id })
       }
 
-      # Filters products by option value IDs (prefix IDs like 'optval_xxx')
-      # Accepts an array of option value IDs
-      scope :with_option_value_ids, ->(*ids) {
+      # Filters products by option value IDs (prefix IDs like 'optval_xxx').
+      # Groups values by option type automatically:
+      #   - Within the same option type: OR (Blue OR Red)
+      #   - Across different option types: AND ((Blue OR Red) AND (S OR M))
+      def self.with_option_value_ids(*ids)
         ids = ids.flatten.compact
-        next none if ids.empty?
-
-        # Handle prefixed IDs (optval_xxx) by decoding to actual IDs
-        actual_ids = ids.map do |id|
-          id.to_s.include?('_') ? OptionValue.decode_prefixed_id(id) : id
-        end.compact
-
-        next none if actual_ids.empty?
-
-        joins(variants: :option_values).where(Spree::OptionValue.table_name => { id: actual_ids })
-      }
+        return none if ids.empty?
+
+        actual_ids = ids.map { |id| id.to_s.include?('_') ? OptionValue.decode_prefixed_id(id) : id }.compact
+        return none if actual_ids.empty?
+
+        grouped = OptionValue.where(id: actual_ids).group_by(&:option_type_id)
+        return none if grouped.empty?
+
+        scope = all
+        grouped.each_value do |option_values|
+          ov_ids = option_values.map(&:id)
+          matching_product_ids = Variant.where(deleted_at: nil)
+                                       .joins(:option_value_variants)
+                                       .where(OptionValueVariant.table_name => { option_value_id: ov_ids })
+                                       .select(:product_id)
+          scope = scope.where(id: matching_product_ids)
+        end
+        scope
+      end
 
       # Deprecated — remove in 6.0. Not used internally.
       def self.with(value)

data/app/models/spree/order/gift_card.rb

@@ -34,11 +34,31 @@ module Spree
         Spree.gift_card_remove_service.call(order: self)
       end
 
+      # Recalculates the gift card payment amount based on the current order total.
+      # Updates the existing payment in place instead of remove + re-apply
+      # to avoid creating unnecessary invalid payment records.
       def recalculate_gift_card
-        applied_gift_card = gift_card
+        return unless gift_card.present?
+
+        payment = payments.checkout.store_credits.where(source: gift_card.store_credits).first
+        return unless payment
+
+        # with_lock acquires a row lock and wraps in a transaction.
+        # The entire read-compute-write must be inside the lock to prevent
+        # stale amount_remaining from concurrent requests.
+        gift_card.with_lock do
+          new_amount = [gift_card.amount_remaining + payment.amount, total].min
+          next if payment.amount == new_amount
 
-        remove_gift_card
-        apply_gift_card(applied_gift_card)
+          difference = new_amount - payment.amount
+          # Uses update_column to bypass Payment#max_amount validation which
+          # can fail during recalculation due to stale in-memory order state.
+          # Bounds are enforced via min() above.
+          payment.update_column(:amount, new_amount)
+          payment.source.update_column(:amount, new_amount)
+          gift_card.amount_used += difference
+          gift_card.save!
+        end
       end
 
       def redeem_gift_card

data/app/models/spree/order.rb

@@ -49,10 +49,27 @@ module Spree
                   :included_tax_total,  :additional_tax_total, :tax_total,
                   :shipment_total,      :promo_total,          :total,
                   :cart_promo_total,    :pre_tax_item_amount,  :pre_tax_total,
-                  :payment_total
+                  :payment_total,       :amount_due
 
     alias display_ship_total display_shipment_total
     alias_attribute :ship_total, :shipment_total
+    def amount_due
+      outstanding_balance
+    end
+
+    # Transient warnings populated by remove_out_of_stock_items!
+    attribute :warnings, default: -> { [] }
+
+    # Removes out-of-stock/discontinued items and populates warnings.
+    # Returns self (reloaded if items were removed) with warnings set.
+    def remove_out_of_stock_items!
+      result = Spree::Cart::RemoveOutOfStockItems.call(order: self)
+      return self unless result.success?
+
+      order, _messages, warnings = result.value
+      order.warnings = warnings || []
+      order
+    end
 
     # 5.5 API naming bridges (DB columns rename in 6.0)
     alias_attribute :discount_total, :promo_total

data/app/models/spree/price.rb

@@ -13,8 +13,11 @@ module Spree
     belongs_to :variant, -> { with_deleted }, class_name: 'Spree::Variant', inverse_of: :prices, touch: true
     belongs_to :price_list, class_name: 'Spree::PriceList', optional: true
 
+    has_many :price_histories, class_name: 'Spree::PriceHistory', dependent: :delete_all
+
     before_validation :ensure_currency
     before_save :remove_compare_at_amount_if_equals_amount
+    after_save :record_price_history, if: :should_record_price_history?
 
     # legacy behavior
     validates :amount, allow_nil: true, numericality: {
@@ -156,8 +159,34 @@ module Spree
       !zero?
     end
 
+    # Returns the price history record with the lowest amount in the last 30 days
+    # Used for EU Omnibus Directive compliance
+    #
+    # @return [Spree::PriceHistory, nil]
+    def prior_price
+      price_histories.where(recorded_at: 30.days.ago..).order(:amount).first
+    end
+
     private
 
+    def should_record_price_history?
+      price_list_id.nil? &&
+        amount.present? &&
+        saved_change_to_amount? &&
+        Spree::Config[:track_price_history]
+    end
+
+    def record_price_history
+      Spree::PriceHistory.create!(
+        price: self,
+        variant_id: variant_id,
+        amount: amount,
+        compare_at_amount: compare_at_amount,
+        currency: currency,
+        recorded_at: Time.current
+      )
+    end
+
     def ensure_currency
       self.currency ||= Spree::Store.default.default_currency
     end

data/app/models/spree/price_history.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Spree
+  class PriceHistory < Spree.base_class
+    belongs_to :price, class_name: 'Spree::Price'
+    belongs_to :variant, class_name: 'Spree::Variant'
+
+    validates :amount, presence: true, numericality: { greater_than_or_equal_to: 0 }
+    validates :currency, presence: true
+    validates :recorded_at, presence: true
+
+    scope :for_variant, ->(variant_id) { where(variant_id: variant_id) }
+    scope :for_currency, ->(currency) { where(currency: currency) }
+    scope :in_period, ->(from, to = Time.current) { where(recorded_at: from..to) }
+    scope :recent, ->(days = 30) { in_period(days.days.ago) }
+
+    def money
+      Spree::Money.new(amount || 0, currency: currency)
+    end
+
+    def display_amount
+      money.to_s
+    end
+
+    def amount_in_cents
+      money.amount_in_cents
+    end
+  end
+end

data/app/models/spree/product.rb

@@ -200,7 +200,7 @@ module Spree
     self.whitelisted_ransackable_attributes = %w[description name slug discontinue_on status available_on created_at updated_at]
     self.whitelisted_ransackable_associations = %w[taxons categories stores variants_including_master master variants tags labels
                                                    shipping_category classifications option_types]
-    self.whitelisted_ransackable_scopes = %w[not_discontinued search_by_name in_taxon price_between
+    self.whitelisted_ransackable_scopes = %w[not_discontinued search_by_name in_taxon in_category in_categories price_between
                                              price_lte price_gte
                                              search multi_search in_stock out_of_stock with_option_value_ids
 

data/app/models/spree/promotion_handler/coupon.rb

@@ -11,7 +11,7 @@ module Spree
       end
 
       def apply
-        if load_gift_card_code
+        if gift_cards_enabled? && load_gift_card_code
 
           if @gift_card.expired?
             set_error_code :gift_card_expired
@@ -47,7 +47,7 @@ module Spree
       end
 
       def remove(coupon_code)
-        if order.gift_card
+        if gift_cards_enabled? && order.gift_card
           result = order.remove_gift_card
 
           if result.success?
@@ -212,6 +212,13 @@ module Spree
         Spree::CouponCode.unused.find_by(promotion_id: discount.source.promotion_id, code: coupon_code)&.apply_order!(order)
       end
 
+      # Whether the coupon handler should also handle gift card codes.
+      # Defaults to true for backwards compatibility. Pass enable_gift_cards: false
+      # when using the dedicated gift card endpoint.
+      def gift_cards_enabled?
+        options.fetch(:enable_gift_cards, true)
+      end
+
       def load_gift_card_code
         return unless order.coupon_code.present?
 

data/app/models/spree/search_provider/base.rb

@@ -17,7 +17,7 @@ module Spree
       #
       # @param scope [ActiveRecord::Relation] base scope (store-scoped, visibility-filtered, authorized)
       # @param query [String, nil] text search query
-      # @param filters [Hash] structured filters (price_gte, with_option_value_ids, categories_id_eq, etc.)
+      # @param filters [Hash] structured filters (price_gte, with_option_value_ids, in_category, in_categories, etc.)
       # @param sort [String, nil] sort param (e.g. 'price', '-price', 'best_selling')
       # @param page [Integer] page number
       # @param limit [Integer] results per page

data/app/models/spree/search_provider/database.rb

@@ -14,6 +14,9 @@ module Spree
         # 2. Extract internal params before passing to Ransack
         category = filters.is_a?(Hash) ? filters.delete('_category') || filters.delete(:_category) : nil
 
+        # 2b. Extract option value IDs — handled by scope (OR within type, AND across)
+        option_value_ids = filters.is_a?(Hash) ? filters.delete('with_option_value_ids') || filters.delete(:with_option_value_ids) : nil
+
         # 3. Structured filtering via Ransack
         ransack_filters = sanitize_filters(filters)
         if ransack_filters.present?
@@ -21,8 +24,14 @@ module Spree
           scope = search.result(distinct: true)
         end
 
+        # Save scope before option filters for disjunctive facet counts
+        scope_before_options = scope
+        if option_value_ids.present?
+          scope = scope.with_option_value_ids(Array(option_value_ids))
+        end
+
         # 4. Facets (before sorting to avoid computed column conflicts with count)
-        filter_facets = build_facets(scope, category: category)
+        filter_facets = build_facets(scope, category: category, option_value_ids: Array(option_value_ids), scope_before_options: scope_before_options)
 
         # 5. Total count (before sorting to avoid computed column conflicts with count)
         total = scope.distinct.count
@@ -49,13 +58,15 @@ module Spree
         Pagy::Offset.new(count: count, page: page, limit: limit)
       end
 
-      def build_facets(scope, category: nil)
+      def build_facets(scope, category: nil, option_value_ids: [], scope_before_options: nil)
         return { filters: [], sort_options: available_sort_options, default_sort: 'manual' } unless defined?(Spree::Api::V3::FiltersAggregator)
 
         Spree::Api::V3::FiltersAggregator.new(
           scope: scope,
           currency: currency,
-          category: category
+          category: category,
+          option_value_ids: option_value_ids,
+          scope_before_options: scope_before_options || scope
         ).call
       end
 

data/app/models/spree/search_provider/meilisearch.rb

@@ -20,9 +20,19 @@ module Spree
       def search_and_filter(scope:, query: nil, filters: {}, sort: nil, page: 1, limit: 25)
         page = [page.to_i, 1].max
         limit = limit.to_i.clamp(1, 100)
+        filters = filters.to_unsafe_h if filters.respond_to?(:to_unsafe_h)
+        filters = (filters || {}).stringify_keys
+
+        # Extract and group option values by option type for proper OR/AND semantics
+        option_value_ids = extract_and_delete(filters, 'with_option_value_ids')
+        grouped_options = group_option_values_by_type(Array(option_value_ids))
+
+        base_conditions = build_filters(filters)
+        option_conditions = build_grouped_option_conditions(grouped_options)
+        all_conditions = base_conditions + option_conditions
 
         search_params = {
-          filter: build_filters(filters),
+          filter: all_conditions,
           facets: facet_attributes,
           sort: build_sort(sort),
           offset: (page - 1) * limit,
@@ -32,7 +42,55 @@ module Spree
         Rails.logger.debug { "[Meilisearch] index=#{index_name} query=#{query.inspect} #{search_params.compact.inspect}" }
 
         begin
-          ms_result = client.index(index_name).search(query.to_s, search_params)
+          if grouped_options.any?
+            # N+1 multi-search: 1 hit query + 1 disjunctive facet query per active option type
+            queries = [{ indexUid: index_name, q: query.to_s, **search_params }]
+            option_type_ids_ordered = grouped_options.keys
+            option_type_ids_ordered.each do |option_type_id|
+              without_this = build_grouped_option_conditions(grouped_options.except(option_type_id))
+              queries << { indexUid: index_name, q: query.to_s, filter: base_conditions + without_this, facets: ['option_value_ids'], limit: 0 }
+            end
+
+            results = client.multi_search(queries)
+            ms_result = results['results'][0]
+
+            # Merge disjunctive counts per option type.
+            # Each disjunctive query excluded one option type's filter.
+            # Use that query's full option_value_ids distribution for that option type's values,
+            # and the main query's distribution for everything else.
+            main_ov_dist = ms_result.dig('facetDistribution', 'option_value_ids') || {}
+
+            # Build a set of prefixed IDs per option type (including unselected values)
+            # by looking up which option type each option value belongs to.
+            all_ov_prefixed_ids = Set.new
+            disjunctive_dists = {}
+            results['results'][1..].each_with_index do |r, idx|
+              dist = r.dig('facetDistribution', 'option_value_ids') || {}
+              disjunctive_dists[option_type_ids_ordered[idx]] = dist
+              all_ov_prefixed_ids.merge(dist.keys)
+            end
+
+            # Resolve which prefixed IDs belong to which option type
+            all_raw_ids = all_ov_prefixed_ids.filter_map { |pid| Spree::OptionValue.decode_prefixed_id(pid) }
+            ov_to_type = Spree::OptionValue.where(id: all_raw_ids).pluck(:id, :option_type_id).to_h
+            prefixed_to_type = all_ov_prefixed_ids.each_with_object({}) do |pid, h|
+              raw = Spree::OptionValue.decode_prefixed_id(pid)
+              h[pid] = ov_to_type[raw] if raw
+            end
+
+            # Start with main query's distribution, overlay disjunctive counts for active option types
+            merged_ov_dist = main_ov_dist.dup
+            disjunctive_dists.each do |option_type_id, dist|
+              dist.each do |pid, count|
+                merged_ov_dist[pid] = count if prefixed_to_type[pid] == option_type_id
+              end
+            end
+
+            facet_distribution = (ms_result['facetDistribution'] || {}).merge('option_value_ids' => merged_ov_dist)
+          else
+            ms_result = client.index(index_name).search(query.to_s, search_params)
+            facet_distribution = ms_result['facetDistribution'] || {}
+          end
         rescue ::Meilisearch::ApiError => e
           Rails.logger.warn { "[Meilisearch] Search failed: #{e.message}. Run `rake spree:search:reindex` to initialize the index." }
           Rails.error.report(e, handled: true, context: { index: index_name, query: query })
@@ -46,20 +104,17 @@ module Spree
         raw_ids = product_prefixed_ids.filter_map { |pid| Spree::Product.decode_prefixed_id(pid) }
 
         # Intersect with AR scope for security/visibility.
-        # Since we filter by store/status/currency/discontinue_on in Meilisearch,
-        # the AR scope is a safety net — it should not filter anything out.
         products = if raw_ids.any?
                      scope.where(id: raw_ids).reorder(nil)
                    else
                      scope.none
                    end
 
-        # Build Pagy object from Meilisearch response (passive mode)
         pagy = build_pagy(ms_result, page, limit)
 
         SearchResult.new(
           products: products,
-          filters: build_facet_response(ms_result['facetDistribution'] || {}),
+          filters: build_facet_response(facet_distribution),
           sort_options: available_sort_options.map { |id| { id: id } },
           default_sort: 'manual',
           total_count: ms_result['estimatedTotalHits'] || 0,
@@ -198,11 +253,42 @@ module Spree
           'in_stock = true' if value.to_s != '0'
         when 'out_of_stock'
           'in_stock = false' if value.to_s != '0'
-        when 'categories_id_eq'
+        when 'in_category'
           "category_ids = '#{sanitize_prefixed_id(value)}'" if valid_prefixed_id?(value)
+        when 'in_categories'
+          parts = Array(value).filter_map { |id| "category_ids = '#{sanitize_prefixed_id(id)}'" if valid_prefixed_id?(id) }
+          parts.length > 1 ? "(#{parts.join(' OR ')})" : parts.first
         when 'with_option_value_ids'
-          Array(value).filter_map { |ov| "option_value_ids = '#{sanitize_prefixed_id(ov)}'" if valid_prefixed_id?(ov) }
+          # Handled by grouped option conditions in search_and_filter — skip here
+          nil
+        end
+      end
+
+      # Group prefixed option value IDs by option type (single DB query).
+      # Returns { option_type_id => ['optval_abc', 'optval_def'], ... }
+      def group_option_values_by_type(prefixed_ids)
+        prefixed_ids = prefixed_ids.flatten.compact.select { |id| valid_prefixed_id?(id) }
+        return {} if prefixed_ids.empty?
+
+        raw_ids = prefixed_ids.filter_map { |id| Spree::OptionValue.decode_prefixed_id(id) }
+        Spree::OptionValue.where(id: raw_ids).group_by(&:option_type_id).transform_values { |ovs| ovs.map(&:prefixed_id) }
+      end
+
+      # Build Meilisearch filter conditions from grouped option values.
+      # OR within each option type, AND across option types.
+      def build_grouped_option_conditions(grouped)
+        grouped.map do |_, prefixed_ids|
+          parts = prefixed_ids.map { |id| "option_value_ids = '#{sanitize_prefixed_id(id)}'" }
+          parts.length > 1 ? "(#{parts.join(' OR ')})" : parts.first
+        end
+      end
+
+      def extract_and_delete(hash, *keys)
+        keys.each do |key|
+          value = hash.delete(key) || hash.delete(key.to_sym)
+          return value if value.present?
         end
+        nil
       end
 
       # Sort param to Meilisearch sort syntax.

data/app/models/spree/webhook_delivery.rb

@@ -42,21 +42,47 @@ module Spree
       delivered_at.nil?
     end
 
-    # Mark delivery as completed with HTTP response
+    # Mark delivery as completed with HTTP response.
+    # Triggers auto-disable check on the endpoint after failures.
     #
     # @param response_code [Integer] HTTP response code
     # @param execution_time [Integer] time in milliseconds
     # @param response_body [String] response body from the webhook endpoint
     def complete!(response_code: nil, execution_time:, error_type: nil, request_errors: nil, response_body: nil)
+      is_success = response_code.present? && response_code.to_s.start_with?('2')
+
       update!(
         response_code: response_code,
         execution_time: execution_time,
         error_type: error_type,
         request_errors: request_errors,
         response_body: response_body,
-        success: response_code.present? && response_code.to_s.start_with?('2'),
+        success: is_success,
         delivered_at: Time.current
       )
+
+      webhook_endpoint.check_auto_disable! unless is_success
+    end
+
+    # Create a new delivery with the same payload and queue it.
+    # Used to retry failed deliveries manually.
+    #
+    # @return [Spree::WebhookDelivery] the new delivery
+    def redeliver!
+      new_delivery = webhook_endpoint.webhook_deliveries.create!(
+        event_name: event_name,
+        event_id: nil, # new delivery, not a duplicate
+        payload: payload
+      )
+
+      new_delivery.queue_for_delivery!
+      new_delivery
+    end
+
+    # Queue this delivery for processing.
+    # Resolves the job class dynamically since it lives in the api gem.
+    def queue_for_delivery!
+      'Spree::WebhookDeliveryJob'.constantize.perform_later(id)
     end
   end
 end

data/app/models/spree/webhook_endpoint.rb

@@ -19,12 +19,18 @@ module Spree
     validates :store, :url, presence: true
     validates :url, format: { with: URI::DEFAULT_PARSER.make_regexp(%w[http https]), message: :invalid_url }
     validates :active, inclusion: { in: [true, false] }
-    validate :url_must_not_resolve_to_private_ip, if: -> { url.present? && url_changed? }
+    validate :url_must_not_resolve_to_private_ip, if: -> { !Rails.env.development? && url.present? && url_changed? }
 
     before_create :generate_secret_key
 
+    self.whitelisted_ransackable_attributes = %w[name url active]
+
     scope :active, -> { where(active: true) }
     scope :inactive, -> { where(active: false) }
+    scope :enabled, -> { active.where(disabled_at: nil) }
+
+    # Number of consecutive failed deliveries before auto-disabling
+    AUTO_DISABLE_THRESHOLD = 15
 
     # Check if this endpoint is subscribed to a specific event
     #
@@ -52,6 +58,70 @@ module Spree
       subscriptions
     end
 
+    # Send a test/ping webhook to verify the endpoint is reachable.
+    # Creates a delivery record and queues it for delivery.
+    #
+    # @return [Spree::WebhookDelivery]
+    def send_test!
+      delivery = webhook_deliveries.create!(
+        event_name: 'webhook.test',
+        payload: {
+          id: SecureRandom.uuid,
+          name: 'webhook.test',
+          created_at: Time.current.iso8601,
+          data: { message: 'This is a test webhook from Spree.' },
+          metadata: { spree_version: Spree.version }
+        }
+      )
+
+      delivery.queue_for_delivery!
+      delivery
+    end
+
+    # Disable this endpoint due to repeated failures.
+    # Sends a notification email to the store staff.
+    #
+    # @param reason [String]
+    # @param notify [Boolean] whether to send an email notification (default: true)
+    def disable!(reason: 'Automatically disabled after repeated delivery failures', notify: true)
+      update!(active: false, disabled_reason: reason, disabled_at: Time.current)
+      Spree::WebhookMailer.endpoint_disabled(self).deliver_later if notify
+    end
+
+    # Re-enable a previously disabled endpoint.
+    def enable!
+      update!(active: true, disabled_reason: nil, disabled_at: nil)
+    end
+
+    # Check if the endpoint was auto-disabled
+    #
+    # @return [Boolean]
+    def auto_disabled?
+      disabled_at.present?
+    end
+
+    # Check if auto-disable threshold has been reached
+    # and disable if so.
+    def check_auto_disable!
+      return if auto_disabled?
+
+      consecutive_failures = webhook_deliveries
+        .where(success: false)
+        .where.not(delivered_at: nil)
+        .order(delivered_at: :desc)
+        .limit(AUTO_DISABLE_THRESHOLD)
+
+      return if consecutive_failures.count < AUTO_DISABLE_THRESHOLD
+
+      # Verify they're all failures (no successes interspersed)
+      last_success = webhook_deliveries.successful.order(delivered_at: :desc).pick(:delivered_at)
+      oldest_failure = consecutive_failures.last&.delivered_at
+
+      if last_success.nil? || (oldest_failure && oldest_failure > last_success)
+        disable!
+      end
+    end
+
     private
 
     def generate_secret_key

data/app/presenters/spree/search_provider/product_presenter.rb

@@ -55,7 +55,7 @@ module Spree
           in_stock: product.in_stock?,
           store_ids: cached_store_ids,
           discontinue_on: product.discontinue_on&.to_i || 0,
-          category_ids: product.taxons.map(&:prefixed_id),
+          category_ids: category_ids_with_ancestors,
           category_names: product.taxons.map { |t| translated(t, :name, fallback_locale) },
           option_type_ids: product.option_types.map(&:prefixed_id),
           option_type_names: product.option_types.map { |ot| translated(ot, :presentation, fallback_locale) },
@@ -103,6 +103,14 @@ module Spree
         @compare_at_cache[currency]
       end
 
+      # Include ancestor category IDs so filtering by a parent category
+      # matches products classified under its descendants.
+      def category_ids_with_ancestors
+        @category_ids_with_ancestors ||= product.taxons.flat_map { |t|
+          t.self_and_ancestors.map(&:prefixed_id)
+        }.uniq
+      end
+
       # Memoized — avoids N+1 when called per document
       def cached_store_ids
         @cached_store_ids ||= product.store_ids.map(&:to_s)

data/app/services/spree/cart/remove_out_of_stock_items.rb

@@ -5,8 +5,9 @@ module Spree
 
       def call(order:)
         @messages = []
+        @warnings = []
 
-        return success([order, @messages]) if order.item_count.zero? || order.line_items.none?
+        return success([order, @messages, @warnings]) if order.item_count.zero? || order.line_items.none?
 
         line_items = order.line_items.includes(variant: [:product, :stock_items, :stock_locations, { stock_items: :stock_location }])
 
@@ -17,9 +18,9 @@ module Spree
         end
 
         if @messages.any? # If any line item was removed, reload the order
-          success([order.reload, @messages])
+          success([order.reload, @messages, @warnings])
         else
-          success([order, @messages])
+          success([order, @messages, @warnings])
         end
       end
 
@@ -28,7 +29,14 @@ module Spree
       def valid_status?(line_item)
         product = line_item.product
         if !product.active? || product.deleted? || product.discontinued? || line_item.variant.discontinued?
-          @messages << Spree.t('cart_line_item.discontinued', li_name: line_item.name)
+          message = Spree.t('cart_line_item.discontinued', li_name: line_item.name)
+          @messages << message
+          @warnings << {
+            code: 'line_item_removed',
+            message: message,
+            line_item_id: line_item.prefixed_id,
+            variant_id: line_item.variant.prefixed_id
+          }
           return false
         end
         true
@@ -36,7 +44,14 @@ module Spree
 
       def stock_available?(line_item)
         if line_item.insufficient_stock?
-          @messages << Spree.t('cart_line_item.out_of_stock', li_name: line_item.name)
+          message = Spree.t('cart_line_item.out_of_stock', li_name: line_item.name)
+          @messages << message
+          @warnings << {
+            code: 'line_item_removed',
+            message: message,
+            line_item_id: line_item.prefixed_id,
+            variant_id: line_item.variant.prefixed_id
+          }
           return false
         end
         true

data/app/services/spree/carts/update.rb

@@ -89,18 +89,20 @@ module Spree
         cart.state = 'address'
       end
 
-      # Auto-advance as far as the checkout state machine allows.
-      # Loops cart.next until the cart can't progress further (e.g. missing
-      # payment) or reaches confirm/complete. Stops at the first step whose
-      # before_transition guard fails — the `requirements` array in the
-      # serialized response tells the frontend what's still missing.
-      # Failure is swallowed — the update itself already succeeded.
+      # Auto-advance as far as the checkout state machine allows, but never
+      # to complete. The complete transition must always be explicit via
+      # the /carts/:id/complete endpoint — otherwise gift cards or store
+      # credits that fully cover the order total would auto-complete the
+      # cart during address/delivery updates.
       def try_advance
         return if cart.complete? || cart.canceled?
 
+        steps = cart.checkout_steps
         loop do
+          current_index = steps.index(cart.state).to_i
+          next_step = steps[current_index + 1]
+          break if next_step.nil? || next_step == 'complete'
           break unless cart.next
-          break if cart.confirm? || cart.complete?
         end
       rescue StandardError => e
         Rails.error.report(e, context: { order_id: cart.id, state: cart.state }, source: 'spree.checkout')

data/app/services/spree/checkout/add_store_credit.rb

@@ -12,9 +12,13 @@ module Spree
         return failure(nil, Spree.t(:error_user_does_not_have_any_store_credits)) unless @order.user&.store_credits&.any?
 
         ApplicationRecord.transaction do
-          @order.payments.store_credits.where(state: :checkout).map(&:invalidate!)
+          existing = @order.payments.store_credits.where(state: :checkout)
 
-          apply_store_credits(remaining_total)
+          if existing.any?
+            update_existing_payments(existing, remaining_total)
+          else
+            apply_store_credits(remaining_total)
+          end
         end
 
         if @order.reload.payments.store_credits.valid.any?
@@ -27,6 +31,26 @@ module Spree
 
       private
 
+      # Update existing checkout store credit payments in place to avoid
+      # creating unnecessary invalid payment records on every recalculation.
+      def update_existing_payments(payments, remaining_total)
+        payments.each do |payment|
+          credit = payment.source
+          available = credit.amount_remaining + payment.amount
+          new_amount = [available, remaining_total].min
+
+          if new_amount.positive?
+            payment.update_column(:amount, new_amount)
+            remaining_total -= new_amount
+          else
+            payment.invalidate!
+          end
+        end
+
+        # If there's still remaining total, apply from additional store credits
+        apply_store_credits(remaining_total) if remaining_total.positive?
+      end
+
       def apply_store_credits(remaining_total)
         payment_method = Spree::PaymentMethod::StoreCredit.available.first
         raise 'Store credit payment method could not be found' unless payment_method

data/app/views/spree/webhook_mailer/endpoint_disabled.html.erb

@@ -0,0 +1,26 @@
+<h1><%= Spree.t('webhook_mailer.endpoint_disabled.heading') %></h1>
+
+<p><%= Spree.t('webhook_mailer.endpoint_disabled.message', endpoint_name: @endpoint.name || @endpoint.url) %></p>
+
+<table role="presentation" style="width: 100%; border-collapse: collapse; margin: 20px 0;">
+  <tr>
+    <td style="padding: 8px 0; color: #6b7280;"><strong><%= Spree.t('webhook_mailer.endpoint_disabled.url_label') %></strong></td>
+    <td style="padding: 8px 0;"><%= @endpoint.url %></td>
+  </tr>
+  <% if @endpoint.name.present? %>
+  <tr>
+    <td style="padding: 8px 0; color: #6b7280;"><strong><%= Spree.t('webhook_mailer.endpoint_disabled.name_label') %></strong></td>
+    <td style="padding: 8px 0;"><%= @endpoint.name %></td>
+  </tr>
+  <% end %>
+  <tr>
+    <td style="padding: 8px 0; color: #6b7280;"><strong><%= Spree.t('webhook_mailer.endpoint_disabled.reason_label') %></strong></td>
+    <td style="padding: 8px 0;"><%= @endpoint.disabled_reason %></td>
+  </tr>
+  <tr>
+    <td style="padding: 8px 0; color: #6b7280;"><strong><%= Spree.t('webhook_mailer.endpoint_disabled.disabled_at_label') %></strong></td>
+    <td style="padding: 8px 0;"><%= @endpoint.disabled_at&.strftime('%Y-%m-%d %H:%M %Z') %></td>
+  </tr>
+</table>
+
+<p><%= Spree.t('webhook_mailer.endpoint_disabled.instructions') %></p>

data/app/views/spree/webhook_mailer/endpoint_disabled.text.erb

@@ -0,0 +1,10 @@
+<%= Spree.t('webhook_mailer.endpoint_disabled.heading') %>
+
+<%= Spree.t('webhook_mailer.endpoint_disabled.message', endpoint_name: @endpoint.name || @endpoint.url) %>
+
+URL: <%= @endpoint.url %>
+<% if @endpoint.name.present? %>Name: <%= @endpoint.name %><% end %>
+Reason: <%= @endpoint.disabled_reason %>
+Disabled at: <%= @endpoint.disabled_at&.strftime('%Y-%m-%d %H:%M %Z') %>
+
+<%= Spree.t('webhook_mailer.endpoint_disabled.instructions') %>

data/config/locales/en.yml

@@ -1222,6 +1222,7 @@ en:
     gift_card_expired: The Gift Card has expired.
     gift_card_mismatched_currency: Gift Card cannot be applied with current currency.
     gift_card_mismatched_customer: This gift card is associated with another user.
+    gift_card_not_found: The Gift Card was not found.
     gift_card_removed: The Gift Card was successfully removed from your order
     gift_card_using_store_credit_error: You can't apply the Gift Card after you applied the store credit.
     gift_cards: Gift Cards
@@ -2479,6 +2480,16 @@ en:
     we_are_busy_updating_page: We're busy updating this page.
     we_will_be_back: We will be back.
     webhook_endpoints: Webhook Endpoints
+    webhook_mailer:
+      endpoint_disabled:
+        disabled_at_label: Disabled at
+        heading: Webhook Endpoint Disabled
+        instructions: Please check the endpoint URL and service, then re-enable it in Settings → Developers → Webhooks.
+        message: The webhook endpoint "%{endpoint_name}" has been automatically disabled after repeated delivery failures.
+        name_label: Name
+        reason_label: Reason
+        subject: 'Webhook endpoint disabled: %{endpoint_name}'
+        url_label: URL
     webhooks: Webhooks
     weight: Weight
     weight_unit: Weight unit

data/db/migrate/20260323000000_create_spree_price_histories.rb

@@ -0,0 +1,20 @@
+class CreateSpreePriceHistories < ActiveRecord::Migration[7.2]
+  def change
+    create_table :spree_price_histories do |t|
+      t.references :price, null: false, index: false
+      t.references :variant, null: false, index: false
+      t.decimal :amount, precision: 10, scale: 2, null: false
+      t.decimal :compare_at_amount, precision: 10, scale: 2
+      t.string :currency, null: false
+      t.datetime :recorded_at, null: false
+      t.datetime :created_at, null: false
+    end
+
+    add_index :spree_price_histories, [:variant_id, :currency, :recorded_at],
+              name: 'idx_price_histories_variant_currency_recorded'
+    add_index :spree_price_histories, [:price_id, :recorded_at],
+              name: 'idx_price_histories_price_recorded'
+    add_index :spree_price_histories, :recorded_at,
+              name: 'idx_price_histories_recorded_at'
+  end
+end

data/db/migrate/20260326000001_improve_spree_webhooks.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class ImproveSpreeWebhooks < ActiveRecord::Migration[7.2]
+  def change
+    # Endpoint name + auto-disable tracking
+    add_column :spree_webhook_endpoints, :name, :string
+    add_column :spree_webhook_endpoints, :disabled_reason, :string
+    add_column :spree_webhook_endpoints, :disabled_at, :datetime
+
+    # Event ID for delivery deduplication
+    add_column :spree_webhook_deliveries, :event_id, :string
+    add_index :spree_webhook_deliveries, [:webhook_endpoint_id, :event_id],
+              unique: true,
+              where: 'event_id IS NOT NULL',
+              name: 'index_spree_webhook_deliveries_on_endpoint_and_event'
+  end
+end

data/lib/spree/core/configuration.rb

@@ -96,6 +96,8 @@ module Spree
       preference :tax_using_ship_address, :boolean, default: true
       preference :title_site_name_separator, :string, deprecated: true
       preference :track_inventory_levels, :boolean, default: true # Determines whether to track on_hand values for variants / products.
+      preference :track_price_history, :boolean, default: true # Records price changes for Omnibus Directive compliance. Disable for non-EU stores.
+      preference :price_history_retention_days, :integer, default: 30 # Days to retain price history records. Used by spree:price_history:prune rake task.
       preference :use_user_locale, :boolean, default: true
 
       # Sets the path used for products, taxons and pages.

data/lib/spree/core/version.rb

@@ -1,5 +1,5 @@
 module Spree
-  VERSION = '5.4.0.rc2'.freeze
+  VERSION = '5.4.0.rc4'.freeze
 
   def self.version
     VERSION

data/lib/spree/permitted_attributes.rb

@@ -319,7 +319,7 @@ module Spree
       }
     ]
 
-    @@webhook_endpoint_attributes = [:url, :secret, :active, subscriptions: []]
+    @@webhook_endpoint_attributes = [:name, :url, :secret, :active, subscriptions: []]
 
     @@wishlist_attributes = [:name, :is_default, :is_private]
 

data/lib/spree/testing_support/factories/price_history_factory.rb

@@ -0,0 +1,9 @@
+FactoryBot.define do
+  factory :price_history, class: Spree::PriceHistory do
+    price
+    variant { price.variant }
+    amount { price.amount }
+    currency { price.currency }
+    recorded_at { Time.current }
+  end
+end

data/lib/spree/testing_support/factories/webhook_endpoint_factory.rb

@@ -3,6 +3,7 @@
 FactoryBot.define do
   factory :webhook_endpoint, class: Spree::WebhookEndpoint do
     store
+    sequence(:name) { |n| "Endpoint #{n}" }
     sequence(:url) { |n| "https://example.com/webhooks/#{n}" }
     active { true }
     subscriptions { [] }
@@ -18,5 +19,11 @@ FactoryBot.define do
     trait :all_events do
       subscriptions { ['*'] }
     end
+
+    trait :auto_disabled do
+      active { false }
+      disabled_at { Time.current }
+      disabled_reason { 'Automatically disabled after repeated delivery failures' }
+    end
   end
 end

data/lib/tasks/price_history.rake

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+namespace :spree do
+  namespace :price_history do
+    desc 'Seed price history from existing base prices (run once after migration)'
+    task seed: :environment do
+      count = 0
+      Spree::Price.where(deleted_at: nil, price_list_id: nil).find_each do |price|
+        next if price.amount.nil?
+        next if Spree::PriceHistory.exists?(price_id: price.id)
+
+        Spree::PriceHistory.create!(
+          price: price,
+          variant_id: price.variant_id,
+          amount: price.amount,
+          compare_at_amount: price.compare_at_amount,
+          currency: price.currency,
+          recorded_at: price.updated_at || Time.current
+        )
+        count += 1
+      end
+
+      puts "Seeded #{count} price history records"
+    end
+
+    desc 'Prune price history older than retention period'
+    task prune: :environment do
+      retention_days = Spree::Config[:price_history_retention_days] || 30
+      deleted = Spree::PriceHistory
+                .where('recorded_at < ?', retention_days.days.ago)
+                .delete_all
+
+      puts "Pruned #{deleted} price history records older than #{retention_days} days"
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spree_core
 version: !ruby/object:Gem::Version
-  version: 5.4.0.rc2
+  version: 5.4.0.rc4
 platform: ruby
 authors:
 - Sean Schofield
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-03-23 00:00:00.000000000 Z
+date: 2026-03-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n-tasks
@@ -869,6 +869,7 @@ files:
 - app/mailers/spree/export_mailer.rb
 - app/mailers/spree/invitation_mailer.rb
 - app/mailers/spree/report_mailer.rb
+- app/mailers/spree/webhook_mailer.rb
 - app/models/acts_as_taggable_on/tag_decorator.rb
 - app/models/concerns/spree/adjustment_source.rb
 - app/models/concerns/spree/admin_user_methods.rb
@@ -1052,6 +1053,7 @@ files:
 - app/models/spree/policy.rb
 - app/models/spree/preference.rb
 - app/models/spree/price.rb
+- app/models/spree/price_history.rb
 - app/models/spree/price_list.rb
 - app/models/spree/price_rule.rb
 - app/models/spree/price_rules/customer_group_rule.rb
@@ -1335,6 +1337,8 @@ files:
 - app/views/spree/shared/_mailer_line_item.html.erb
 - app/views/spree/shared/_mailer_logo.html.erb
 - app/views/spree/shared/_payment.html.erb
+- app/views/spree/webhook_mailer/endpoint_disabled.html.erb
+- app/views/spree/webhook_mailer/endpoint_disabled.text.erb
 - config/brakeman.ignore
 - config/i18n-tasks.yml
 - config/importmap.rb
@@ -1472,6 +1476,8 @@ files:
 - db/migrate/20260315000000_create_spree_allowed_origins.rb
 - db/migrate/20260315100000_add_product_media_support.rb
 - db/migrate/20260317000000_create_spree_refresh_tokens.rb
+- db/migrate/20260323000000_create_spree_price_histories.rb
+- db/migrate/20260326000001_improve_spree_webhooks.rb
 - db/sample_data/customers.csv
 - db/sample_data/metafield_definitions.rb
 - db/sample_data/orders.rb
@@ -1599,6 +1605,7 @@ files:
 - lib/spree/testing_support/factories/payment_source_factory.rb
 - lib/spree/testing_support/factories/policy_factory.rb
 - lib/spree/testing_support/factories/price_factory.rb
+- lib/spree/testing_support/factories/price_history_factory.rb
 - lib/spree/testing_support/factories/price_list_factory.rb
 - lib/spree/testing_support/factories/price_rule_factory.rb
 - lib/spree/testing_support/factories/product_factory.rb
@@ -1670,6 +1677,7 @@ files:
 - lib/tasks/dependencies.rake
 - lib/tasks/images.rake
 - lib/tasks/markets.rake
+- lib/tasks/price_history.rake
 - lib/tasks/products.rake
 - lib/tasks/sample_data.rake
 - lib/tasks/search.rake
@@ -1695,9 +1703,9 @@ licenses:
 - BSD-3-Clause
 metadata:
   bug_tracker_uri: https://github.com/spree/spree/issues
-  changelog_uri: https://github.com/spree/spree/releases/tag/v5.4.0.rc2
+  changelog_uri: https://github.com/spree/spree/releases/tag/v5.4.0.rc4
   documentation_uri: https://docs.spreecommerce.org/
-  source_code_uri: https://github.com/spree/spree/tree/v5.4.0.rc2
+  source_code_uri: https://github.com/spree/spree/tree/v5.4.0.rc4
 post_install_message:
 rdoc_options: []
 require_paths: