diff --git a/app/controllers/checkout_controller.rb b/app/controllers/checkout_controller.rb index 83ecd4cc37..0b9de7a174 100644 --- a/app/controllers/checkout_controller.rb +++ b/app/controllers/checkout_controller.rb @@ -42,8 +42,8 @@ class CheckoutController < Spree::StoreController end def update - params_adapter = Checkout::FormDataAdapter.new(params, @order, spree_current_user) - return update_failed unless @order.update_attributes(order_params(params_adapter.params)) + params_adapter = Checkout::FormDataAdapter.new(permitted_params, @order, spree_current_user) + return update_failed unless @order.update_attributes(params_adapter.params[:order]) fire_event('spree.checkout.update') @@ -238,23 +238,28 @@ class CheckoutController < Spree::StoreController end end - def order_params(params) - return params[:order] if params[:order].empty? - - params.require(:order).permit( - :email, :special_instructions, - payments_attributes: - [ - :payment_method_id, :amount, - source_attributes: [ - :gateway_payment_profile_id, :cc_type, :last_digits, - :month, :year, :first_name, :last_name, - :number, :verification_value, - :save_requested_by_customer - ] + def permitted_params + params.permit( + order: [ + :email, :special_instructions, + :existing_card_id, :shipping_method_id, + payments_attributes: [ + :payment_method_id, + source_attributes: payment_source_attributes ], - bill_address_attributes: permitted_address_attributes, - ship_address_attributes: permitted_address_attributes + ship_address_attributes: permitted_address_attributes, + bill_address_attributes: permitted_address_attributes + ], + payment_source: payment_source_attributes ) end + + def payment_source_attributes + [ + :gateway_payment_profile_id, :cc_type, :last_digits, + :month, :year, :first_name, :last_name, + :number, :verification_value, + :save_requested_by_customer + ] + end end