Appland v2.10.2

.circleci/config.yml

@@ -127,7 +127,7 @@ workflows:
       - persist_version:
           filters:
             branches:
-              only: /master|v\d\.\d/
+              only: /master|v\d\.\d+/
       - postgres
       - mysql
       - postgres_rails52

.travis.yml

@@ -0,0 +1,50 @@
+# Turn on validation, so we can use import:
+version: ~> 1.0
+
+import:
+- land-of-apps/land-of-apps:travis/ruby-imports.yml
+
+addons:
+  apt:
+    packages:
+    - parallel
+
+# script: |
+#   run_tests() (
+#     cd $1
+#     # Use -f doc so we get regular output and keep Travis happy
+#     APPMAP=true bundle exec rspec -f doc || true
+#   )
+#   export -f run_tests
+#   echo 'api backend core frontend' | parallel -j3 --will-cite --line-buffer -d ' ' run_tests
+
+env:
+  global:
+  - EXTRA_APPMAPS="*/tmp/appmap/rspec"
+
+jobs:
+  include:
+  - stage: test
+    workspaces:
+      create:
+        name: appmaps
+        paths:
+        - "$EXTRA_APPMAPS"
+    script: |
+      run_tests() (
+        cd $1
+        # Use -f doc so we get regular output and keep Travis happy
+        APPMAP=true bundle exec rspec -f doc || true
+      )
+      export -f run_tests
+      echo 'api backend core frontend' | parallel --will-cite --line-buffer -d ' ' run_tests
+    after_script:
+    - true
+  - stage: upload
+    workspaces:
+      use:
+      - appmaps
+    install:
+    - true
+    script:
+    - true

Gemfile

@@ -5,6 +5,8 @@ source 'https://rubygems.org'
 group :backend, :frontend, :core, :api do
   gemspec require: false
 
+  gem 'appmap', github: 'applandinc/appmap-ruby', branch: 'master'
+
   rails_version = ENV['RAILS_VERSION'] || '~> 6.0.0'
   gem 'rails', rails_version, require: false
 

api/app/controllers/spree/api/checkouts_controller.rb

@@ -76,11 +76,24 @@ def user_id
       end
 
       def update_params
-        if update_params = massaged_params[:order]
-          update_params.permit(permitted_checkout_attributes)
+        state = @order.state
+        case state.to_sym
+        when :cart, :address
+          massaged_params.fetch(:order, {}).permit(
+            permitted_checkout_address_attributes
+          )
+        when :delivery
+          massaged_params.require(:order).permit(
+            permitted_checkout_delivery_attributes
+          )
+        when :payment
+          massaged_params.require(:order).permit(
+            permitted_checkout_payment_attributes
+          )
         else
-          # We current allow update requests without any parameters in them.
-          {}
+          massaged_params.fetch(:order, {}).permit(
+            permitted_checkout_confirm_attributes
+          )
         end
       end
 

api/app/controllers/spree/api/orders_controller.rb

@@ -130,7 +130,13 @@ def order_params
       end
 
       def normalize_params
-        params[:order][:payments_attributes] = params[:order].delete(:payments) if params[:order][:payments]
+        if params[:order][:payments]
+          payments_params = params[:order].delete(:payments)
+          params[:order][:payments_attributes] = payments_params.map do |payment_params|
+            payment_params[:source_attributes] = payment_params.delete(:source) if payment_params[:source].present?
+            payment_params
+          end
+        end
         params[:order][:shipments_attributes] = params[:order].delete(:shipments) if params[:order][:shipments]
         params[:order][:line_items_attributes] = params[:order].delete(:line_items) if params[:order][:line_items]
         params[:order][:ship_address_attributes] = params[:order].delete(:ship_address) if params[:order][:ship_address].present?

api/appmap.yml

@@ -0,0 +1 @@
+../appmap.yml

api/openapi/api.oas2.yml

@@ -545,7 +545,7 @@ paths:
         - Variants
       security:
         - api-key: []
-    post:
+    put:
       responses:
         '200':
           description: ''
@@ -4264,7 +4264,7 @@ paths:
         type: string
         required: true
   '/shipments/{shipment_number}/select_shipping_method':
-    get:
+    put:
       responses:
         '200':
           description: ''
@@ -4553,10 +4553,13 @@ paths:
         - Products
       parameters:
         - in: query
-          name: taxon_id
+          name: id
           type: integer
         - $ref: '#/parameters/page'
         - $ref: '#/parameters/per_page'
+        - type: boolean
+          in: query
+          name: simple
       security:
         - api-key: []
 schemes:

api/spec/requests/spree/api/checkouts_controller_spec.rb

@@ -172,6 +172,7 @@ module Spree
       end
 
       describe 'setting the payment amount' do
+        let(:order) { create(:order_with_line_items, state: :payment) }
         let(:params) do
           {
             order_token: order.guest_token,
@@ -322,17 +323,44 @@ module Spree
         end
       end
 
+      it "cannot update attributes of another step" do
+        order.update_column(:state, "payment")
+
+        params = {
+          order_token: order.guest_token,
+          order: {
+            payments_attributes: [
+              {
+                payment_method_id: @payment_method.id.to_s,
+                source_attributes: attributes_for(:credit_card)
+              }
+            ],
+            ship_address_attributes: {
+              zipcode: 'MALICIOUS ZIPCODE'
+            }
+          }
+        }
+        expect do
+          put spree.api_checkout_path(order), params: params
+        end.not_to change { order.reload.ship_address.zipcode }
+        expect(response.status).to eq(200)
+      end
+
       it "returns the order if the order is already complete" do
         order.update_columns(completed_at: Time.current, state: 'complete')
         put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token }
         assert_unauthorized!
       end
 
-      # Regression test for https://github.com/spree/spree/issues/3784
-      it "can update the special instructions for an order" do
-        instructions = "Don't drop it. (Please)"
-        put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { special_instructions: instructions } }
-        expect(json_response['special_instructions']).to eql(instructions)
+      context "in delivery state" do
+        let(:order) { create(:order_with_line_items, state: :delivery) }
+
+        # Regression test for https://github.com/spree/spree/issues/3784
+        it "can update the special instructions for an order" do
+          instructions = "Don't drop it. (Please)"
+          put spree.api_checkout_path(order.to_param), params: { order_token: order.guest_token, order: { special_instructions: instructions } }
+          expect(json_response['special_instructions']).to eql(instructions)
+        end
       end
 
       context "as an admin" do

api/spec/requests/spree/api/orders_controller_spec.rb

@@ -156,6 +156,7 @@ module Spree
         end
 
         context 'creating payment' do
+          let!(:order) { create(:order_with_line_items) }
           let(:order_params) { super().merge(payments_attributes: [{ payment_method_id: payment_method.id }]) }
 
           context "with allowed payment method" do
@@ -166,6 +167,28 @@ module Spree
                 subject
               }.to change { Spree::Payment.count }.by(1)
             end
+
+            context 'trying to change the address' do
+              let(:order_params) do
+                super().merge(
+                  ship_address_attributes: {
+                    zipcode: '90100'
+                  }
+                )
+              end
+
+              it 'changes the address' do
+                expect {
+                  subject
+                }.to change { order.reload.ship_address.zipcode }
+              end
+
+              it 'invalidates the shipments' do
+                expect {
+                  subject
+                }.to change { order.reload.shipments }.to([])
+              end
+            end
           end
 
           context "with disallowed payment method" do

api/spec/spec_helper.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'appmap/rspec'
+
 if ENV["COVERAGE"]
   require 'simplecov'
   SimpleCov.start('rails')

appmap.yml

@@ -0,0 +1,12 @@
+name: solidus
+
+packages:
+- path: app/controllers
+- path: app/helpers
+- path: app/jobs
+- path: app/mailers
+- path: app/models
+- path: app/subscribers
+- path: config
+- path: db
+- path: lib

backend/appmap.yml

@@ -0,0 +1 @@
+../appmap.yml

backend/spec/spec_helper.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'appmap/rspec'
+
 if ENV["COVERAGE"]
   require 'simplecov'
   SimpleCov.start('rails')

core/app/models/spree/product/scopes.rb

@@ -251,7 +251,7 @@ def get_taxons(*ids_or_records_or_names)
               ids_or_records_or_names.flatten.map { |taxon|
                 case taxon
                 when Integer then Spree::Taxon.find_by(id: taxon)
-                when ActiveRecord::Base then t
+                when ActiveRecord::Base then taxon
                 when String
                   Spree::Taxon.find_by(name: taxon) ||
                     Spree::Taxon.where("#{taxons}.permalink LIKE ? OR #{taxons}.permalink = ?", "%/#{taxon}/", "#{taxon}/").first

core/appmap.yml

@@ -0,0 +1 @@
+../appmap.yml

core/lib/spree/core/controller_helpers/strong_parameters.rb

@@ -31,16 +31,30 @@ def permitted_source_attributes
         end
 
         def permitted_checkout_attributes
-          permitted_attributes.checkout_attributes + [
-            bill_address_attributes: permitted_address_attributes,
-            ship_address_attributes: permitted_address_attributes,
-            payments_attributes: permitted_payment_attributes,
-            shipments_attributes: permitted_shipment_attributes
-          ]
+          permitted_attributes.checkout_attributes
+        end
+
+        def permitted_checkout_address_attributes
+          permitted_attributes.checkout_address_attributes
+        end
+
+        def permitted_checkout_delivery_attributes
+          permitted_attributes.checkout_delivery_attributes
+        end
+
+        def permitted_checkout_payment_attributes
+          permitted_attributes.checkout_payment_attributes
+        end
+
+        def permitted_checkout_confirm_attributes
+          permitted_attributes.checkout_confirm_attributes
         end
 
         def permitted_order_attributes
-          permitted_checkout_attributes + [
+          permitted_checkout_address_attributes +
+          permitted_checkout_delivery_attributes +
+          permitted_checkout_payment_attributes +
+          permitted_checkout_confirm_attributes + [
             line_items_attributes: permitted_line_item_attributes
           ]
         end

core/lib/spree/core/importer/order.rb

@@ -133,7 +133,8 @@ def self.create_payments_from_params(payments_hash, order)
             # spree_wombat serializes payment state as status so imported orders should fall back to status field.
             payment.state = target[:state] || target[:status] || 'completed'
             payment.payment_method = Spree::PaymentMethod.find_by!(name: target[:payment_method])
-            payment.source = create_source_payment_from_params(target[:source], payment) if target[:source]
+            source_attributes = target[:source] || target[:source_attributes]
+            payment.source = create_source_payment_from_params(source_attributes, payment) if source_attributes
             payment.save!
           end
         end

core/lib/spree/core/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Spree
-  VERSION = "2.10.0.beta1"
+  VERSION = "2.10.2"
 
   def self.solidus_version
     VERSION