Do not allow successful checkout when order has only a void payment

When a payment has been marked for some reason as `void`, the customer should not be able to complete the checkout process successfully. The customer is now redirected to the payment page, where they can add another payment to the order in order to complete it successfully.
solidusio · Feb 26, 2019 · 5eb0bdd · 5eb0bdd
1 parent d7b101e
commit 5eb0bdd
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/core/app/models/spree/payment.rb b/core/app/models/spree/payment.rb
@@ -58,7 +58,7 @@ class Payment < Spree::Base
     scope :failed, -> { with_state('failed') }
 
     scope :risky, -> { where("avs_response IN (?) OR (cvv_response_code IS NOT NULL and cvv_response_code != 'M') OR state = 'failed'", RISKY_AVS_CODES) }
-    scope :valid, -> { where.not(state: %w(failed invalid)) }
+    scope :valid, -> { where.not(state: %w(failed invalid void)) }
 
     scope :store_credits, -> { where(source_type: Spree::StoreCredit.to_s) }
     scope :not_store_credits, -> { where(arel_table[:source_type].not_eq(Spree::StoreCredit.to_s).or(arel_table[:source_type].eq(nil))) }

diff --git a/core/spec/models/spree/payment_spec.rb b/core/spec/models/spree/payment_spec.rb
@@ -1255,4 +1255,16 @@
       end
     end
   end
+
+  describe '::valid scope' do
+    before do
+      create :payment, state: :void
+      create :payment, state: :failed
+      create :payment, state: :invalid
+    end
+
+    it 'does not include void, failed and invalid payments' do
+      expect(described_class.valid).to be_empty
+    end
+  end
 end
diff --git a/frontend/spec/features/checkout_spec.rb b/frontend/spec/features/checkout_spec.rb
@@ -211,6 +211,26 @@
     end
   end
 
+  context "when order has only a void payment" do
+    let(:order) { Spree::TestingSupport::OrderWalkthrough.up_to(:payment) }
+
+    before do
+      user = create(:user)
+      order.user = user
+      order.recalculate
+
+      allow_any_instance_of(Spree::CheckoutController).to receive_messages(current_order: order)
+      allow_any_instance_of(Spree::CheckoutController).to receive_messages(try_spree_current_user: user)
+    end
+
+    it "does not allow successful order submission" do
+      visit spree.checkout_path
+      order.payments.first.update state: :void
+      click_button 'Place Order'
+      expect(page).to have_current_path spree.checkout_state_path(:payment)
+    end
+  end
+
   # Regression test for https://github.com/spree/spree/issues/2694 and https://github.com/spree/spree/issues/4117
   context "doesn't allow bad credit card numbers" do
     let!(:payment_method) { create(:credit_card_payment_method) }