spree_core 5.4.1 → 5.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3bed2ace5a7bcb6bc6b8c598cfb3ec19cb3dc0ea02854744543ae228ed9c636b
-  data.tar.gz: 81642ee18f7e01079090ec1c5d162dc25186aa5bd72ac2e799a5a3457ebd1a1a
+  metadata.gz: 23692bda70e0c85ecff286d989063498e74adc2e2422ae21719da5c6b6e97c98
+  data.tar.gz: 132486aca06d2912f82a54593d57eb9c400768b1a45b5412af77b61f2c822ac5
 SHA512:
-  metadata.gz: 5a68e9d3b365c52c811c9a81fa7e2b3968de8f52ddfd7ef829ee47232c809b43715297b09d60f7a0d765b4c30fde3b9a0dfe181d4cff6bd50cb7ddd8c724f590
-  data.tar.gz: 122681c279ef487105deb809c4701c318c9cf7e767e3b4e7c86b630b59246f46093e921ea51fb15f82cb72a888f07ae962420b79fd0521c0440253337e50f940
+  metadata.gz: 0dc0c862bb8c7313e53ac13b80fe2ce6dd697bfad36ed0841562220b12c5253e473ac5f2623e95ac038da6d8903b3a329a47a4dee813f47a37e498bde6a66bc4
+  data.tar.gz: facf65e2c8067fbd2cbba0c04ff49daadf53901b137a2a80ada8ae95e646f0ba2ae3df1a7def6651fc81c9aaf52d8d2268e9c86e42c982f4074b3560c7595d91

data/app/jobs/spree/imports/process_group_job.rb

@@ -0,0 +1,45 @@
+module Spree
+  module Imports
+    class ProcessGroupJob < Spree::BaseJob
+      queue_as Spree.queues.imports
+
+      def perform(import_id, row_ids)
+        import = Spree::Import.find(import_id)
+        Spree::Current.store = import.store
+
+        mappings = import.mappings.mapped.to_a
+        schema_fields = import.schema_fields
+        large = import.large_import?
+        rows = import.rows.where(id: row_ids).order(:row_number)
+
+        if large
+          Spree::Events.disable do
+            rows.each { |row| row.bulk_process!(mappings: mappings, schema_fields: schema_fields) }
+          end
+        else
+          rows.each do |row|
+            row.process!(mappings: mappings, schema_fields: schema_fields)
+          end
+        end
+
+        check_import_completion(import, large)
+      end
+
+      private
+
+      def check_import_completion(import, large)
+        Spree::Import.where(id: import.id).update_all(
+          'completed_groups_count = COALESCE(completed_groups_count, 0) + 1'
+        )
+        import.reload
+
+        if import.completed_groups_count >= import.processing_groups_count
+          # Guard against concurrent workers both reaching this point
+          import.complete! if import.status == 'processing'
+        elsif large && (import.completed_groups_count % 10).zero?
+          import.publish_event('import.progress')
+        end
+      end
+    end
+  end
+end

data/app/jobs/spree/imports/process_rows_job.rb

@@ -3,16 +3,62 @@ module Spree
     class ProcessRowsJob < Spree::BaseJob
       queue_as Spree.queues.imports
 
+      BATCH_SIZE = 100
+
       def perform(import_id)
         import = Spree::Import.find(import_id)
+        dispatch_groups(import)
+      end
+
+      private
+
+      def dispatch_groups(import)
+        group_field = import.group_column
+        group_mapping = group_field && import.mappings.mapped.find_by(schema_field: group_field)
+        file_column = group_mapping&.file_column
 
-        # process all rows in sequential order
-        import.rows.pending_and_failed.find_each(batch_size: 100) do |row|
-          row.process!
+        if file_column
+          dispatch_grouped(import, file_column)
+        else
+          dispatch_batched(import)
         end
+      end
+
+      def dispatch_grouped(import, file_column)
+        groups = Hash.new { |h, k| h[k] = [] }
+
+        import.rows.pending_and_failed.order(:row_number).pluck(:id, :data).each do |id, data|
+          parsed = JSON.parse(data)
+          key = parsed[file_column].to_s.strip.downcase.presence || '__ungrouped__'
+          groups[key] << id
+        rescue JSON::ParserError
+          groups['__ungrouped__'] << id
+        end
+
+        # Set count before enqueuing so workers can't complete prematurely
+        import.update_columns(
+          processing_groups_count: groups.size,
+          completed_groups_count: 0,
+          updated_at: Time.current
+        )
+
+        groups.each_value { |row_ids| ProcessGroupJob.perform_later(import.id, row_ids) }
+      end
+
+      def dispatch_batched(import)
+        # Count first, then enqueue — prevents premature completion
+        row_id_batches = import.rows.pending_and_failed.order(:row_number)
+                              .pluck(:id)
+                              .each_slice(BATCH_SIZE)
+                              .to_a
+
+        import.update_columns(
+          processing_groups_count: row_id_batches.size,
+          completed_groups_count: 0,
+          updated_at: Time.current
+        )
 
-        # mark as complete
-        import.complete!
+        row_id_batches.each { |row_ids| ProcessGroupJob.perform_later(import.id, row_ids) }
       end
     end
   end

data/app/models/concerns/spree/payment_source_concern.rb

@@ -2,6 +2,10 @@ module Spree
   module PaymentSourceConcern
     extend ActiveSupport::Concern
 
+    included do
+      before_destroy :cleanup_payments_on_incomplete_orders
+    end
+
     # Available actions for the payment source.
     # @return [Array<String>]
     def actions
@@ -35,5 +39,22 @@ module Spree
     def has_payment_profile?
       gateway_customer_profile_id.present? || gateway_payment_profile_id.present?
     end
+
+    private
+
+    # Cleans up payments on incomplete orders before the source is destroyed.
+    # Invalidates checkout-state payments and voids non-checkout payments.
+    # Skips payments whose payment_method was already nullified (e.g. when
+    # the payment method itself is being destroyed).
+    def cleanup_payments_on_incomplete_orders
+      incomplete_payments = Spree::Payment.valid
+                                          .where(source: self)
+                                          .where.not(payment_method_id: nil)
+                                          .joins(:order)
+                                          .merge(Spree::Order.incomplete)
+
+      incomplete_payments.checkout.each(&:invalidate!)
+      incomplete_payments.where.not(state: :checkout).each(&:void!)
+    end
   end
 end

data/app/models/spree/address.rb

@@ -79,7 +79,7 @@ module Spree
       end
     end
 
-    delegate :name, :iso3, :iso, :iso_name, to: :country, prefix: true
+    delegate :name, :iso3, :iso, :iso_name, to: :country, prefix: true, allow_nil: true
     delegate :abbr, to: :state, prefix: true, allow_nil: true
 
     alias_attribute :postal_code, :zipcode

data/app/models/spree/gateway/bogus.rb

@@ -32,7 +32,7 @@ module Spree
     def authorize(_money, credit_card, _options = {})
       profile_id = credit_card.gateway_customer_profile_id
       if VALID_CCS.include?(credit_card.number) || (profile_id&.starts_with?('BGS-'))
-        Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: '12345', avs_result: { code: 'D' })
+        Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: generate_authorization, avs_result: { code: 'D' })
       else
         Spree::PaymentResponse.new(false, 'Bogus Gateway: Forced failure', { message: 'Bogus Gateway: Forced failure' }, test: true)
       end
@@ -41,18 +41,18 @@ module Spree
     def purchase(_money, credit_card, _options = {})
       profile_id = credit_card.gateway_customer_profile_id
       if VALID_CCS.include?(credit_card.number) || (profile_id&.starts_with?('BGS-'))
-        Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: '12345', avs_result: { code: 'M' })
+        Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: generate_authorization, avs_result: { code: 'M' })
       else
         Spree::PaymentResponse.new(false, 'Bogus Gateway: Forced failure', message: 'Bogus Gateway: Forced failure', test: true)
       end
     end
 
     def credit(_money, _credit_card, _response_code, _options = {})
-      Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: '12345')
+      Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: generate_authorization)
     end
 
     def capture(_money, authorization, _gateway_options)
-      if authorization == '12345'
+      if authorization&.start_with?('BGS-')
         Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true)
       else
         Spree::PaymentResponse.new(false, 'Bogus Gateway: Forced failure', error: 'Bogus Gateway: Forced failure', test: true)
@@ -60,11 +60,11 @@ module Spree
     end
 
     def void(_response_code, _credit_card, _options = {})
-      Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: 'void-12345')
+      Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: "void-#{generate_authorization}")
     end
 
     def cancel(_response_code, _payment = nil)
-      Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: '12345')
+      Spree::PaymentResponse.new(true, 'Bogus Gateway: Forced success', {}, test: true, authorization: generate_authorization)
     end
 
     def test?
@@ -150,6 +150,10 @@ module Spree
 
     private
 
+    def generate_authorization
+      "BGS-#{SecureRandom.hex(6)}"
+    end
+
     def generate_profile_id(success)
       record = true
       prefix = success ? 'BGS' : 'FAIL'

data/app/models/spree/import.rb

@@ -76,6 +76,21 @@ module Spree
     #
     preference :delimiter, :string, default: ','
 
+    # Returns true if the import has more rows than the large import threshold.
+    # Large imports skip per-row UI broadcasts and use bulk processing.
+    # @return [Boolean]
+    def large_import?
+      rows_count >= Spree::Config[:large_import_threshold]
+    end
+
+    # Returns the schema field name used to group rows for parallel processing.
+    # Rows sharing the same value in this field are processed together in one job.
+    # Returns nil for imports where rows are independent (default — batched in chunks).
+    # @return [String, nil]
+    def group_column
+      nil
+    end
+
     # Returns true if the import is in mapping state
     # @return [Boolean]
     def mapping?

data/app/models/spree/import_row.rb

@@ -77,9 +77,9 @@ module Spree
       data_json[mapping.file_column]
     end
 
-    def process!
+    def process!(mappings: nil, schema_fields: nil)
       start_processing!
-      self.item = import.row_processor_class.new(self).process!
+      self.item = import.row_processor_class.new(self, mappings: mappings, schema_fields: schema_fields).process!
       complete!
     rescue StandardError => e
       Rails.error.report(e, handled: true, context: { import_row_id: id }, source: 'spree.core')
@@ -87,6 +87,18 @@ module Spree
       fail!
     end
 
+    # Bulk processing mode for large imports.
+    # Uses update_columns to skip callbacks, validations, and event publishing.
+    def bulk_process!(mappings:, schema_fields:)
+      update_columns(status: 'processing', updated_at: Time.current)
+      processor = import.row_processor_class.new(self, mappings: mappings, schema_fields: schema_fields)
+      self.item = processor.process!
+      update_columns(status: 'completed', item_type: item.class.name, item_id: item.id, updated_at: Time.current)
+    rescue StandardError => e
+      Rails.error.report(e, handled: true, context: { import_row_id: id }, source: 'spree.core')
+      update_columns(status: 'failed', validation_errors: e.message, updated_at: Time.current)
+    end
+
     def publish_import_row_completed_event
       publish_event('import_row.completed')
     end

data/app/models/spree/imports/product_translations.rb

@@ -5,6 +5,10 @@ module Spree
         Spree::Imports::RowProcessors::ProductTranslation
       end
 
+      def group_column
+        'slug'
+      end
+
       def model_class
         Spree::Product
       end

data/app/models/spree/imports/products.rb

@@ -4,6 +4,11 @@ module Spree
       def row_processor_class
         Spree::Imports::RowProcessors::ProductVariant
       end
+
+      # Group by slug: product row + its variant rows must be processed together
+      def group_column
+        'slug'
+      end
     end
   end
 end

data/app/models/spree/payment.rb

@@ -42,6 +42,7 @@ module Spree
 
     validates :payment_method, presence: true
     validates :source, presence: true, if: :source_required?
+    validates :response_code, uniqueness: { scope: [:order_id, :payment_method_id] }, allow_nil: true
     validate :payment_method_available_for_order, on: :create
 
     before_validation :validate_source

data/app/models/spree/payment_session.rb

@@ -92,6 +92,11 @@ module Spree
         p.amount = amount
         p.skip_source_requirement = true
       end
+    rescue ActiveRecord::RecordNotUnique
+      order.payments.find_by!(
+        payment_method: payment_method,
+        response_code: external_id
+      )
     end
 
     private

data/app/models/spree/product.rb

@@ -249,16 +249,11 @@ module Spree
 
       products_to_auto_match_ids = store.products.not_deleted.not_archived.where(id: product_ids).ids
 
-      # for ActiveJob 7.1+
-      if ActiveJob.respond_to?(:perform_all_later)
-        auto_match_taxons_jobs = products_to_auto_match_ids.map do |product_id|
-          Spree::Products::AutoMatchTaxonsJob.new(product_id)
-        end
-
-        ActiveJob.perform_all_later(auto_match_taxons_jobs)
-      else
-        products_to_auto_match_ids.each { |product_id| Spree::Products::AutoMatchTaxonsJob.perform_later(product_id) }
+      auto_match_taxons_jobs = products_to_auto_match_ids.map do |product_id|
+        Spree::Products::AutoMatchTaxonsJob.new(product_id).tap { |job| job.scheduled_at = 30.seconds.from_now }
       end
+
+      ActiveJob.perform_all_later(auto_match_taxons_jobs)
     end
 
     # Can't use short form block syntax due to https://github.com/Netflix/fast_jsonapi/issues/259
@@ -582,7 +577,7 @@ module Spree
       store = stores.find_by(default: true) || stores.first
       return if store.nil? || store.taxons.automatic.none?
 
-      Spree::Products::AutoMatchTaxonsJob.perform_later(id)
+      Spree::Products::AutoMatchTaxonsJob.set(wait: 30.seconds).perform_later(id)
     end
 
     def to_csv(store = nil)

data/app/models/spree/search_provider/base.rb

@@ -13,7 +13,7 @@ module Spree
         @store = store
       end
 
-      # Search, filter, and return facets in one call.
+      # Search and paginate products. Does NOT compute filter facets — use #filters for that.
       #
       # @param scope [ActiveRecord::Relation] base scope (store-scoped, visibility-filtered, authorized)
       # @param query [String, nil] text search query
@@ -26,6 +26,18 @@ module Spree
         raise NotImplementedError
       end
 
+      # Compute filter facets, sort options, and total count for the given scope.
+      # Called by the dedicated filters endpoint — kept separate from search_and_filter
+      # to avoid expensive facet queries on every product listing.
+      #
+      # @param scope [ActiveRecord::Relation] base scope
+      # @param query [String, nil] text search query
+      # @param filters [Hash] structured filters
+      # @return [FiltersResult]
+      def filters(scope:, query: nil, filters: {})
+        raise NotImplementedError
+      end
+
       # Index a product — called after product save. No-op for database provider.
       #
       # @param product [Spree::Product] the product to index

data/app/models/spree/search_provider/database.rb

@@ -8,35 +8,16 @@ module Spree
       }.freeze
 
       def search_and_filter(scope:, query: nil, filters: {}, sort: nil, page: 1, limit: 25)
-        # 1. Text search
-        scope = scope.search(query) if query.present?
-
-        # 2. Extract internal params before passing to Ransack
-        category = filters.is_a?(Hash) ? filters.delete('_category') || filters.delete(:_category) : nil
-
-        # 2b. Extract option value IDs — handled by scope (OR within type, AND across)
-        option_value_ids = filters.is_a?(Hash) ? filters.delete('with_option_value_ids') || filters.delete(:with_option_value_ids) : nil
-
-        # 3. Structured filtering via Ransack
-        ransack_filters = sanitize_filters(filters)
-        if ransack_filters.present?
-          search = scope.ransack(ransack_filters)
-          scope = search.result(distinct: true)
-        end
-
-        # Save scope before option filters for disjunctive facet counts
-        scope_before_options = scope
-        if option_value_ids.present?
-          scope = scope.with_option_value_ids(Array(option_value_ids))
-        end
+        filters = filters.is_a?(Hash) ? filters.dup : {}
+        option_value_ids = filters.delete('with_option_value_ids') || filters.delete(:with_option_value_ids)
 
-        # 4. Facets (before sorting to avoid computed column conflicts with count)
-        filter_facets = build_facets(scope, category: category, option_value_ids: Array(option_value_ids), scope_before_options: scope_before_options)
+        scope = apply_search_and_filters(scope, query: query, filters: filters)
+        scope = scope.with_option_value_ids(Array(option_value_ids)) if option_value_ids.present?
 
-        # 5. Total count (before sorting to avoid computed column conflicts with count)
+        # Total count (before sorting to avoid computed column conflicts with count)
         total = scope.distinct.count
 
-        # 6. Sorting + pagination
+        # Sorting + pagination
         scope = apply_sort(scope, sort)
         page = [page.to_i, 1].max
         limit = limit.to_i.clamp(1, 100)
@@ -44,22 +25,56 @@ module Spree
 
         SearchResult.new(
           products: products,
+          total_count: total,
+          pagy: build_pagy(total, page, limit)
+        )
+      end
+
+      def filters(scope:, query: nil, filters: {})
+        filters = filters.is_a?(Hash) ? filters.dup : {}
+        category = filters.delete('_category') || filters.delete(:_category)
+        option_value_ids = Array(filters.delete('with_option_value_ids') || filters.delete(:with_option_value_ids))
+
+        # Apply text search + ransack filters (without option values)
+        scope_before_options = apply_search_and_filters(scope, query: query, filters: filters)
+
+        # Apply option value filters for the final scope
+        scope_with_options = if option_value_ids.present?
+                               scope_before_options.with_option_value_ids(option_value_ids)
+                             else
+                               scope_before_options
+                             end
+
+        filter_facets = build_facets(scope_with_options, category: category, option_value_ids: option_value_ids, scope_before_options: scope_before_options)
+
+        FiltersResult.new(
           filters: filter_facets[:filters],
           sort_options: filter_facets[:sort_options],
           default_sort: filter_facets[:default_sort],
-          total_count: total,
-          pagy: build_pagy(total, page, limit)
+          total_count: filter_facets[:total_count]
         )
       end
 
       private
 
+      def apply_search_and_filters(scope, query: nil, filters: {})
+        scope = scope.search(query) if query.present?
+
+        ransack_filters = sanitize_filters(filters)
+        if ransack_filters.present?
+          search = scope.ransack(ransack_filters)
+          scope = search.result(distinct: true)
+        end
+
+        scope
+      end
+
       def build_pagy(count, page, limit)
         Pagy::Offset.new(count: count, page: page, limit: limit)
       end
 
       def build_facets(scope, category: nil, option_value_ids: [], scope_before_options: nil)
-        return { filters: [], sort_options: available_sort_options, default_sort: 'manual' } unless defined?(Spree::Api::V3::FiltersAggregator)
+        return { filters: [], sort_options: available_sort_options, default_sort: 'manual', total_count: scope.distinct.count } unless defined?(Spree::Api::V3::FiltersAggregator)
 
         Spree::Api::V3::FiltersAggregator.new(
           scope: scope,
@@ -74,7 +89,7 @@ module Spree
         return {} if filters.blank?
 
         filters = filters.to_unsafe_h if filters.respond_to?(:to_unsafe_h)
-        filters.except('search', :search, '_category', :_category)
+        filters.except('search', :search, '_category', :_category, 'with_option_value_ids', :with_option_value_ids)
       end
 
       def apply_sort(scope, sort)

data/app/models/spree/search_provider/filters_result.rb

@@ -0,0 +1,5 @@
+module Spree
+  module SearchProvider
+    FiltersResult = Struct.new(:filters, :sort_options, :default_sort, :total_count, keyword_init: true)
+  end
+end

data/app/models/spree/search_provider/meilisearch.rb

@@ -20,84 +20,9 @@ module Spree
       def search_and_filter(scope:, query: nil, filters: {}, sort: nil, page: 1, limit: 25)
         page = [page.to_i, 1].max
         limit = limit.to_i.clamp(1, 100)
-        filters = filters.to_unsafe_h if filters.respond_to?(:to_unsafe_h)
-        filters = (filters || {}).stringify_keys
-
-        # Extract and group option values by option type for proper OR/AND semantics
-        option_value_ids = extract_and_delete(filters, 'with_option_value_ids')
-        grouped_options = group_option_values_by_type(Array(option_value_ids))
-
-        base_conditions = build_filters(filters)
-        option_conditions = build_grouped_option_conditions(grouped_options)
-        all_conditions = base_conditions + option_conditions
-
-        search_params = {
-          filter: all_conditions,
-          facets: facet_attributes,
-          sort: build_sort(sort),
-          offset: (page - 1) * limit,
-          limit: limit
-        }
-
-        Rails.logger.debug { "[Meilisearch] index=#{index_name} query=#{query.inspect} #{search_params.compact.inspect}" }
-
-        begin
-          if grouped_options.any?
-            # N+1 multi-search: 1 hit query + 1 disjunctive facet query per active option type
-            queries = [{ indexUid: index_name, q: query.to_s, **search_params }]
-            option_type_ids_ordered = grouped_options.keys
-            option_type_ids_ordered.each do |option_type_id|
-              without_this = build_grouped_option_conditions(grouped_options.except(option_type_id))
-              queries << { indexUid: index_name, q: query.to_s, filter: base_conditions + without_this, facets: ['option_value_ids'], limit: 0 }
-            end
-
-            results = client.multi_search(queries)
-            ms_result = results['results'][0]
-
-            # Merge disjunctive counts per option type.
-            # Each disjunctive query excluded one option type's filter.
-            # Use that query's full option_value_ids distribution for that option type's values,
-            # and the main query's distribution for everything else.
-            main_ov_dist = ms_result.dig('facetDistribution', 'option_value_ids') || {}
-
-            # Build a set of prefixed IDs per option type (including unselected values)
-            # by looking up which option type each option value belongs to.
-            all_ov_prefixed_ids = Set.new
-            disjunctive_dists = {}
-            results['results'][1..].each_with_index do |r, idx|
-              dist = r.dig('facetDistribution', 'option_value_ids') || {}
-              disjunctive_dists[option_type_ids_ordered[idx]] = dist
-              all_ov_prefixed_ids.merge(dist.keys)
-            end
 
-            # Resolve which prefixed IDs belong to which option type
-            all_raw_ids = all_ov_prefixed_ids.filter_map { |pid| Spree::OptionValue.decode_prefixed_id(pid) }
-            ov_to_type = Spree::OptionValue.where(id: all_raw_ids).pluck(:id, :option_type_id).to_h
-            prefixed_to_type = all_ov_prefixed_ids.each_with_object({}) do |pid, h|
-              raw = Spree::OptionValue.decode_prefixed_id(pid)
-              h[pid] = ov_to_type[raw] if raw
-            end
-
-            # Start with main query's distribution, overlay disjunctive counts for active option types
-            merged_ov_dist = main_ov_dist.dup
-            disjunctive_dists.each do |option_type_id, dist|
-              dist.each do |pid, count|
-                merged_ov_dist[pid] = count if prefixed_to_type[pid] == option_type_id
-              end
-            end
-
-            facet_distribution = (ms_result['facetDistribution'] || {}).merge('option_value_ids' => merged_ov_dist)
-          else
-            ms_result = client.index(index_name).search(query.to_s, search_params)
-            facet_distribution = ms_result['facetDistribution'] || {}
-          end
-        rescue ::Meilisearch::ApiError => e
-          Rails.logger.warn { "[Meilisearch] Search failed: #{e.message}. Run `rake spree:search:reindex` to initialize the index." }
-          Rails.error.report(e, handled: true, context: { index: index_name, query: query })
-          return empty_result(scope, page, limit)
-        end
-
-        Rails.logger.debug { "[Meilisearch] #{ms_result['estimatedTotalHits']} hits in #{ms_result['processingTimeMs']}ms" }
+        ms_result, _ = execute_search(query: query, filters: filters, sort: sort, page: page, limit: limit)
+        return empty_result(scope, page, limit) unless ms_result
 
         # Hits have composite prefixed_id (prod_abc_en_USD), extract product_id (prod_abc)
         product_prefixed_ids = ms_result['hits'].map { |h| h['product_id'] }.uniq
@@ -115,11 +40,28 @@ module Spree
 
         SearchResult.new(
           products: products,
+          total_count: ms_result['estimatedTotalHits'] || 0,
+          pagy: pagy
+        )
+      end
+
+      def filters(scope:, query: nil, filters: {})
+        ms_result, facet_distribution = execute_search(query: query, filters: filters, sort: nil, page: 1, limit: 0, return_facets: true)
+
+        unless ms_result
+          return FiltersResult.new(
+            filters: [],
+            sort_options: available_sort_options.map { |id| { id: id } },
+            default_sort: 'manual',
+            total_count: 0
+          )
+        end
+
+        FiltersResult.new(
           filters: build_facet_response(facet_distribution),
           sort_options: available_sort_options.map { |id| { id: id } },
           default_sort: 'manual',
-          total_count: ms_result['estimatedTotalHits'] || 0,
-          pagy: pagy
+          total_count: ms_result['estimatedTotalHits'] || 0
         )
       end
 
@@ -193,6 +135,84 @@ module Spree
 
       private
 
+      # Execute a Meilisearch query. Returns [ms_result, facet_distribution].
+      # facet_distribution is empty when return_facets is false. Returns nil on API error.
+      def execute_search(query:, filters:, sort:, page:, limit:, return_facets: false)
+        filters = filters.to_unsafe_h if filters.respond_to?(:to_unsafe_h)
+        filters = (filters || {}).stringify_keys
+
+        option_value_ids = extract_and_delete(filters, 'with_option_value_ids')
+        grouped_options = group_option_values_by_type(Array(option_value_ids))
+
+        base_conditions = build_filters(filters)
+        option_conditions = build_grouped_option_conditions(grouped_options)
+        all_conditions = base_conditions + option_conditions
+
+        search_params = {
+          filter: all_conditions,
+          facets: return_facets ? facet_attributes : nil,
+          sort: build_sort(sort),
+          offset: (page - 1) * limit,
+          limit: limit
+        }.compact
+
+        Rails.logger.debug { "[Meilisearch] index=#{index_name} query=#{query.inspect} #{search_params.compact.inspect}" }
+
+        begin
+          if return_facets && grouped_options.any?
+            queries = [{ indexUid: index_name, q: query.to_s, **search_params }]
+            option_type_ids_ordered = grouped_options.keys
+            option_type_ids_ordered.each do |option_type_id|
+              without_this = build_grouped_option_conditions(grouped_options.except(option_type_id))
+              queries << { indexUid: index_name, q: query.to_s, filter: base_conditions + without_this, facets: ['option_value_ids'], limit: 0 }
+            end
+
+            results = client.multi_search(queries)
+            ms_result = results['results'][0]
+            facet_distribution = merge_disjunctive_facets(ms_result, results['results'][1..], option_type_ids_ordered)
+          else
+            ms_result = client.index(index_name).search(query.to_s, search_params)
+            facet_distribution = ms_result['facetDistribution'] || {}
+          end
+        rescue ::Meilisearch::ApiError => e
+          Rails.logger.warn { "[Meilisearch] Search failed: #{e.message}. Run `rake spree:search:reindex` to initialize the index." }
+          Rails.error.report(e, handled: true, context: { index: index_name, query: query })
+          return nil
+        end
+
+        Rails.logger.debug { "[Meilisearch] #{ms_result['estimatedTotalHits']} hits in #{ms_result['processingTimeMs']}ms" }
+
+        [ms_result, facet_distribution]
+      end
+
+      def merge_disjunctive_facets(ms_result, disjunctive_results, option_type_ids_ordered)
+        main_ov_dist = ms_result.dig('facetDistribution', 'option_value_ids') || {}
+
+        all_ov_prefixed_ids = Set.new
+        disjunctive_dists = {}
+        disjunctive_results.each_with_index do |r, idx|
+          dist = r.dig('facetDistribution', 'option_value_ids') || {}
+          disjunctive_dists[option_type_ids_ordered[idx]] = dist
+          all_ov_prefixed_ids.merge(dist.keys)
+        end
+
+        all_raw_ids = all_ov_prefixed_ids.filter_map { |pid| Spree::OptionValue.decode_prefixed_id(pid) }
+        ov_to_type = Spree::OptionValue.where(id: all_raw_ids).pluck(:id, :option_type_id).to_h
+        prefixed_to_type = all_ov_prefixed_ids.each_with_object({}) do |pid, h|
+          raw = Spree::OptionValue.decode_prefixed_id(pid)
+          h[pid] = ov_to_type[raw] if raw
+        end
+
+        merged_ov_dist = main_ov_dist.dup
+        disjunctive_dists.each do |option_type_id, dist|
+          dist.each do |pid, count|
+            merged_ov_dist[pid] = count if prefixed_to_type[pid] == option_type_id
+          end
+        end
+
+        (ms_result['facetDistribution'] || {}).merge('option_value_ids' => merged_ov_dist)
+      end
+
       def presenter_class
         Spree::Dependencies.search_product_presenter_class
       end
@@ -436,9 +456,6 @@ module Spree
       def empty_result(scope, page, limit)
         SearchResult.new(
           products: scope.none,
-          filters: [],
-          sort_options: available_sort_options.map { |id| { id: id } },
-          default_sort: 'manual',
           total_count: 0,
           pagy: Pagy::Offset.new(count: 0, page: page, limit: limit)
         )

data/app/models/spree/search_provider/search_result.rb

@@ -1,5 +1,5 @@
 module Spree
   module SearchProvider
-    SearchResult = Struct.new(:products, :filters, :sort_options, :default_sort, :total_count, :pagy, keyword_init: true)
+    SearchResult = Struct.new(:products, :total_count, :pagy, keyword_init: true)
   end
 end

data/app/services/spree/credit_cards/destroy.rb

@@ -1,41 +1,25 @@
 module Spree
   module CreditCards
+    # @deprecated Use card.destroy directly instead. Payment cleanup is now
+    #   handled by the before_destroy callback in Spree::PaymentSourceConcern.
+    #   This service will be removed in Spree 6.0.
     class Destroy
       prepend Spree::ServiceModule::Base
 
       def call(card:)
-        ApplicationRecord.transaction do
-          run :invalidate_payments
-          run :void_payments
-          run :destroy
-        end
-      end
-
-      protected
-
-      def invalidate_payments(card:)
-        payment_scope(card).checkout.each(&:invalidate!)
-
-        success(card: card)
-      end
+        Spree::Deprecation.warn(
+          "#{self.class.name} is deprecated and will be removed in Spree 6.0. " \
+          'Use card.destroy directly instead. Payment cleanup is now handled ' \
+          'automatically by the before_destroy callback in PaymentSourceConcern.',
+          caller
+        )
 
-      def void_payments(card:)
-        payment_scope(card).where.not(state: :checkout).each(&:void!)
-
-        success(card: card)
-      end
-
-      def destroy(card:)
         if card.destroy
           success(card: card)
         else
-          failure(card.errors.full_messages.to_sentance)
+          failure(card.errors.full_messages.to_sentence)
         end
       end
-
-      def payment_scope(card)
-        card.payments.valid.joins(:order).merge(Spree::Order.incomplete)
-      end
     end
   end
 end

data/app/services/spree/gift_cards/apply.rb

@@ -68,7 +68,11 @@ module Spree
         )
         payment_method.name ||= Spree.t(:store_credit_name)
         payment_method.active = true
-        payment_method.save! if payment_method.new_record?
+
+        if payment_method.new_record?
+          payment_method.stores << store unless payment_method.stores.include?(store)
+          payment_method.save!
+        end
 
         payment_method
       end

data/app/services/spree/imports/row_processors/base.rb

@@ -2,10 +2,14 @@ module Spree
   module Imports
     module RowProcessors
       class Base
-        def initialize(row)
+        def initialize(row, mappings: nil, schema_fields: nil)
           @row = row
           @import = row.import
-          @attributes = row.to_schema_hash
+          @attributes = if mappings && schema_fields
+                          build_schema_hash(row, mappings, schema_fields)
+                        else
+                          row.to_schema_hash
+                        end
         end
 
         attr_reader :row, :import, :attributes
@@ -13,6 +17,19 @@ module Spree
         def process!
           raise NotImplementedError, 'Subclasses must implement the process! method'
         end
+
+        private
+
+        def build_schema_hash(row, mappings, schema_fields)
+          attributes = {}
+          schema_fields.each do |field|
+            mapping = mappings.find { |m| m.schema_field == field[:name] }
+            next unless mapping&.mapped?
+
+            attributes[field[:name]] = row.data_json[mapping.file_column]
+          end
+          attributes
+        end
       end
     end
   end

data/app/services/spree/imports/row_processors/product_translation.rb

@@ -4,7 +4,7 @@ module Spree
       class ProductTranslation < Base
         TRANSLATABLE_FIELDS = %w[name description meta_title meta_description].freeze
 
-        def initialize(row)
+        def initialize(row, **)
           super
           @store = row.store
         end

data/app/services/spree/imports/row_processors/product_variant.rb

@@ -4,7 +4,7 @@ module Spree
       class ProductVariant < Base
         OPTION_TYPES_COUNT = 3
 
-        def initialize(row)
+        def initialize(row, **)
           super
           @store = row.store
           @product = ensure_product_exists

data/app/services/spree/payments/handle_webhook.rb

@@ -30,6 +30,12 @@ module Spree
 
       def handle_success(payment_session, order, metadata)
         order.with_lock do
+          # Idempotency: if the session was already completed (by the API
+          # endpoint or a previous webhook), skip duplicate processing.
+          if payment_session.reload.completed?
+            return success(payment_session)
+          end
+
           # Ensure payment record exists
           payment = payment_session.find_or_create_payment!(metadata)
 

data/app/subscribers/spree/event_log_subscriber.rb

@@ -16,25 +16,27 @@ module Spree
 
     class << self
       def attach_to_notifications
-        # Always detach first to ensure clean state after code reload
+        # Always detach first to ensure clean state after code reload.
+        # The subscription reference is stored on Spree::Events (in lib/, not
+        # reloaded by Zeitwerk) so repeated reloads in development do not leak
+        # stale AS::N subscriptions when this class is reloaded.
         detach_from_notifications
 
-        @subscription = ActiveSupport::Notifications.subscribe(/\.#{NAMESPACE}$/) do |name, start, finish, _id, payload|
+        Spree::Events.log_subscription = ActiveSupport::Notifications.subscribe(/\.#{NAMESPACE}$/) do |name, start, finish, _id, payload|
           log_event(name, start, finish, payload)
         end
 
-        @attached = true
         Rails.logger.info "[Spree Events] Event logging enabled"
       end
 
       def detach_from_notifications
-        ActiveSupport::Notifications.unsubscribe(@subscription) if @subscription
-        @subscription = nil
-        @attached = false
+        subscription = Spree::Events.log_subscription
+        ActiveSupport::Notifications.unsubscribe(subscription) if subscription
+        Spree::Events.log_subscription = nil
       end
 
       def attached?
-        @attached || false
+        !Spree::Events.log_subscription.nil?
       end
 
       private

data/config/initializers/carmen.rb

@@ -0,0 +1,23 @@
+# Patches Carmen::Querying#normalise_name to avoid the deprecated
+# ActiveSupport::Multibyte::Chars API (mb_chars), which will be removed in
+# Rails 8.2.
+#
+# In Ruby 2.4+, String#downcase is already Unicode-aware, making the mb_chars
+# call redundant. Since Spree requires Ruby >= 3.2, we can drop it safely.
+#
+# This patch can be removed once the upstream gem is fixed.
+#
+# See: https://github.com/carmen-ruby/carmen/issues/304
+require 'carmen'
+
+module Spree
+  module CarmenQueryingPatch
+    private
+
+    def normalise_name(name)
+      name.downcase.unicode_normalize(:nfkc)
+    end
+  end
+end
+
+Carmen::Querying.prepend(Spree::CarmenQueryingPatch)

data/config/locales/en.yml

@@ -1342,7 +1342,6 @@ en:
     items_in_rmas: Items in Return Authorizations
     items_reimbursed: Items reimbursed
     items_to_be_reimbursed: Items to be reimbursed
-    join_slack: Join Slack
     key: Key
     kind: Kind
     label: Label

data/db/migrate/20260424000001_add_unique_index_to_spree_payments_response_code.rb

@@ -0,0 +1,51 @@
+class AddUniqueIndexToSpreePaymentsResponseCode < ActiveRecord::Migration[7.2]
+  def up
+    # Remove duplicate payments per (order, payment_method, response_code),
+    # preferring to keep completed payments over incomplete ones.
+    # Among same-state duplicates, keeps the most recent (highest id).
+    # Uses derived table for MySQL compatibility.
+    execute <<~SQL
+      DELETE FROM spree_payments
+      WHERE response_code IS NOT NULL
+        AND id NOT IN (
+          SELECT keeper_id FROM (
+            SELECT (
+              SELECT id FROM spree_payments p2
+              WHERE p2.order_id = p1.order_id
+                AND p2.payment_method_id = p1.payment_method_id
+                AND p2.response_code = p1.response_code
+              ORDER BY
+                CASE p2.state
+                  WHEN 'completed' THEN 0
+                  WHEN 'pending'   THEN 1
+                  WHEN 'processing' THEN 2
+                  ELSE 3
+                END,
+                p2.id DESC
+              LIMIT 1
+            ) AS keeper_id
+            FROM spree_payments p1
+            WHERE p1.response_code IS NOT NULL
+            GROUP BY p1.order_id, p1.payment_method_id, p1.response_code
+          ) AS keeper_ids
+        )
+    SQL
+
+    if ActiveRecord::Base.connection.adapter_name == 'Mysql2'
+      # MySQL doesn't support partial indexes, but treats NULL as distinct
+      # in unique indexes so multiple payments with NULL response_code are allowed
+      add_index :spree_payments, [:order_id, :payment_method_id, :response_code],
+                unique: true,
+                name: 'idx_payments_order_method_response_code'
+    else
+      add_index :spree_payments, [:order_id, :payment_method_id, :response_code],
+                unique: true,
+                where: 'response_code IS NOT NULL',
+                name: 'idx_payments_order_method_response_code'
+    end
+  end
+
+  def down
+    remove_index :spree_payments, name: 'idx_payments_order_method_response_code'
+  end
+end

data/db/migrate/20260424100000_add_processing_groups_to_spree_imports.rb

@@ -0,0 +1,6 @@
+class AddProcessingGroupsToSpreeImports < ActiveRecord::Migration[7.2]
+  def change
+    add_column :spree_imports, :processing_groups_count, :integer, default: 0
+    add_column :spree_imports, :completed_groups_count, :integer, default: 0
+  end
+end

data/db/sample_data/orders.rb

@@ -122,7 +122,7 @@ if method
       source: credit_card.clone,
       payment_method: method
     ).first_or_create!
-    payment.update_columns(state: 'pending', response_code: '12345')
+    payment.update_columns(state: 'pending', response_code: "BGS-#{SecureRandom.hex(6)}")
   end
 end
 

data/lib/generators/spree/dummy/dummy_generator.rb

@@ -106,7 +106,7 @@ module Spree
     def inject_yaml_permitted_classes
       inside dummy_path do
         inject_into_file 'config/application.rb', %Q[
-    config.active_record.yaml_column_permitted_classes = [Symbol, BigDecimal, ActiveSupport::HashWithIndifferentAccess, ActiveSupport::TimeWithZone]
+    config.active_record.yaml_column_permitted_classes = [Symbol, BigDecimal, ActiveSupport::HashWithIndifferentAccess, ActiveSupport::TimeWithZone, ActiveSupport::TimeZone, Time]
         ], after: /config\.load_defaults.*$/, verbose: true
       end
     end

data/lib/spree/core/configuration.rb

@@ -117,6 +117,9 @@ module Spree
       preference :gift_card_batch_web_limit, :integer, default: 500 # number of gift card codes to be generated in the web process, more than this will be generated in a background job
       preference :gift_card_batch_limit, :integer, default: 50_000
 
+      # imports
+      preference :large_import_threshold, :integer, default: 500 # imports with more rows than this skip per-row UI broadcasts and use bulk processing
+
     end
   end
 end

data/lib/spree/core/engine.rb

@@ -47,7 +47,7 @@ module Spree
         app.config.spree = Environment.new(SpreeCalculators.new, SpreeValidators.new, Spree::Core::Configuration.new, Spree::Core::Dependencies.new)
 
         app.config.active_record.yaml_column_permitted_classes ||= []
-        app.config.active_record.yaml_column_permitted_classes.concat([Symbol, BigDecimal, ActiveSupport::HashWithIndifferentAccess, ActiveSupport::TimeWithZone])
+        app.config.active_record.yaml_column_permitted_classes.concat([Symbol, BigDecimal, ActiveSupport::HashWithIndifferentAccess, ActiveSupport::TimeWithZone, ActiveSupport::TimeZone, Time])
         Spree::Config = app.config.spree.preferences
         Spree::RuntimeConfig = app.config.spree.preferences # for compatibility
         Spree::Dependencies = app.config.spree.dependencies
@@ -289,13 +289,10 @@ module Spree
           Spree::Addresses::PhoneValidator
         ]
 
-        # Attach event log subscriber if enabled
-        if Spree::Config.events_log_enabled
-          Spree::EventLogSubscriber.attach_to_notifications
-        end
-
         # Add core event subscribers
         # Other engines add their subscribers in their own after_initialize blocks
+        # Note: Spree::EventLogSubscriber is attached in to_prepare (below) so it
+        # survives Zeitwerk code reloads in development.
         Spree.subscribers.concat [
           Spree::ExportSubscriber,
           Spree::ReportSubscriber,

data/lib/spree/core/version.rb

@@ -1,5 +1,5 @@
 module Spree
-  VERSION = '5.4.1'.freeze
+  VERSION = '5.4.2'.freeze
 
   def self.version
     VERSION

data/lib/spree/events.rb

@@ -28,6 +28,12 @@ module Spree
   #
   module Events
     class << self
+      # Reference to the AS::N subscription created by Spree::EventLogSubscriber.
+      # Stored here (on a module in lib/, not reloaded by Zeitwerk) so that code
+      # reloads in development don't orphan the subscription and cause events to
+      # be logged multiple times.
+      attr_accessor :log_subscription
+
       # Publish an event to all matching subscribers
       #
       # @param name [String] The event name (e.g., 'order.complete')

data/lib/spree/testing_support/factories/payment_factory.rb

@@ -3,7 +3,7 @@ FactoryBot.define do
     order         { create(:order, total: amount) }
     amount        { 45.75 }
     state         { 'checkout' }
-    response_code { '12345' }
+    response_code { "BGS-#{SecureRandom.hex(6)}" }
 
     payment_method { create(:credit_card_payment_method, stores: [order.store]) }
     association(:source, factory: :credit_card)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spree_core
 version: !ruby/object:Gem::Version
-  version: 5.4.1
+  version: 5.4.2
 platform: ruby
 authors:
 - Sean Schofield
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-04-14 00:00:00.000000000 Z
+date: 2026-04-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n-tasks
@@ -590,16 +590,16 @@ dependencies:
   name: pagy
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '43.0'
+        version: '43.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '43.0'
+        version: '43.3'
 description: Spree Models, Helpers, Services and core libraries
 email: hello@spreecommerce.org
 executables: []
@@ -865,6 +865,7 @@ files:
 - app/jobs/spree/gift_cards/bulk_generate_job.rb
 - app/jobs/spree/images/save_from_url_job.rb
 - app/jobs/spree/imports/create_rows_job.rb
+- app/jobs/spree/imports/process_group_job.rb
 - app/jobs/spree/imports/process_rows_job.rb
 - app/jobs/spree/payments/handle_webhook_job.rb
 - app/jobs/spree/products/auto_match_taxons_job.rb
@@ -1150,6 +1151,7 @@ files:
 - app/models/spree/role_user.rb
 - app/models/spree/search_provider/base.rb
 - app/models/spree/search_provider/database.rb
+- app/models/spree/search_provider/filters_result.rb
 - app/models/spree/search_provider/meilisearch.rb
 - app/models/spree/search_provider/search_result.rb
 - app/models/spree/shipment.rb
@@ -1365,6 +1367,7 @@ files:
 - config/importmap.rb
 - config/initializers/active_storage.rb
 - config/initializers/acts_as_taggable_on.rb
+- config/initializers/carmen.rb
 - config/initializers/friendly_id.rb
 - config/initializers/inflections.rb
 - config/initializers/mobility.rb
@@ -1509,6 +1512,8 @@ files:
 - db/migrate/20260402000002_add_color_code_to_spree_option_values.rb
 - db/migrate/20260403000000_add_market_to_spree_orders.rb
 - db/migrate/20260408000001_add_unique_index_to_spree_zone_members.rb
+- db/migrate/20260424000001_add_unique_index_to_spree_payments_response_code.rb
+- db/migrate/20260424100000_add_processing_groups_to_spree_imports.rb
 - db/sample_data/customers.csv
 - db/sample_data/markets.rb
 - db/sample_data/metafield_definitions.rb
@@ -1739,9 +1744,9 @@ licenses:
 - BSD-3-Clause
 metadata:
   bug_tracker_uri: https://github.com/spree/spree/issues
-  changelog_uri: https://github.com/spree/spree/releases/tag/v5.4.1
+  changelog_uri: https://github.com/spree/spree/releases/tag/v5.4.2
   documentation_uri: https://docs.spreecommerce.org/
-  source_code_uri: https://github.com/spree/spree/tree/v5.4.1
+  source_code_uri: https://github.com/spree/spree/tree/v5.4.2
 post_install_message:
 rdoc_options: []
 require_paths: