From 5846593637d366be148a378af2aa1524880eaa4d Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 31 Jul 2019 15:14:15 +0100 Subject: [PATCH 01/26] Remove dependency to spree_api rabl responders, we should only use AMS from now on --- app/controllers/spree/api/base_controller.rb | 2 -- lib/spree/api/controller_setup.rb | 3 --- 2 files changed, 5 deletions(-) diff --git a/app/controllers/spree/api/base_controller.rb b/app/controllers/spree/api/base_controller.rb index 3f28596fec..700c8b1db3 100644 --- a/app/controllers/spree/api/base_controller.rb +++ b/app/controllers/spree/api/base_controller.rb @@ -7,8 +7,6 @@ module Spree include Spree::Core::ControllerHelpers::SSL include ::ActionController::Head - self.responder = Spree::Api::Responders::AppResponder - respond_to :json attr_accessor :current_api_user diff --git a/lib/spree/api/controller_setup.rb b/lib/spree/api/controller_setup.rb index e26c300342..9e722df878 100644 --- a/lib/spree/api/controller_setup.rb +++ b/lib/spree/api/controller_setup.rb @@ -1,5 +1,3 @@ -require 'spree/api/responders' - module Spree module Api module ControllerSetup @@ -24,7 +22,6 @@ module Spree prepend_view_path Rails.root + "app/views" append_view_path File.expand_path("../../../app/views", File.dirname(__FILE__)) - self.responder = Spree::Api::Responders::AppResponder respond_to :json end end From bf291ec318a146aea7f2dd103184b92ac1de7fd0 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 31 Jul 2019 21:25:03 +0100 Subject: [PATCH 02/26] Move spree/api/base_controller_spec to api/base_controller_spec --- spec/controllers/{spree => }/api/base_controller_spec.rb | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename spec/controllers/{spree => }/api/base_controller_spec.rb (100%) diff --git a/spec/controllers/spree/api/base_controller_spec.rb b/spec/controllers/api/base_controller_spec.rb similarity index 100% rename from spec/controllers/spree/api/base_controller_spec.rb rename to spec/controllers/api/base_controller_spec.rb From 91188c57245f34e99b174735a3da91c8ce57259f Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 31 Jul 2019 21:25:40 +0100 Subject: [PATCH 03/26] Adapt api/base_controller_spec from spree/api/base_controller_spec --- spec/controllers/api/base_controller_spec.rb | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/spec/controllers/api/base_controller_spec.rb b/spec/controllers/api/base_controller_spec.rb index cab638c74e..6d0c88f044 100644 --- a/spec/controllers/api/base_controller_spec.rb +++ b/spec/controllers/api/base_controller_spec.rb @@ -1,8 +1,10 @@ require 'spec_helper' -describe Spree::Api::BaseController do +describe Api::BaseController do render_views - controller(Spree::Api::BaseController) do + controller(Api::BaseController) do + skip_authorization_check only: :index + def index render text: { "products" => [] }.to_json end @@ -23,13 +25,15 @@ describe Spree::Api::BaseController do end end - context "cannot make a request to the API" do + context "can make an anonymous request to the API" do it "without an API key" do api_get :index - expect(json_response).to eq( "error" => "You must specify an API key." ) - expect(response.status).to eq(401) + expect(json_response["products"]).to eq [] + expect(response.status).to eq(200) end + end + context "cannot make a request to the API" do it "with an invalid API key" do request.env["X-Spree-Token"] = "fake_key" get :index, {} From b29983ac602d2e108df59bac8e19ad364942cfb4 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 31 Jul 2019 22:00:41 +0100 Subject: [PATCH 04/26] Add AMS versions of the error responses in api/base_controller and cover not_found case with a unit test --- app/controllers/api/base_controller.rb | 22 ++++++++++++++++++++ spec/controllers/api/base_controller_spec.rb | 10 ++++++++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 8a1b3e4b02..668bb6f065 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -30,5 +30,27 @@ module Api def requires_authentication? false end + + def invalid_resource!(resource) + @resource = resource + render(json: { error: I18n.t(:invalid_resource, scope: "spree.api"), + errors: @resource.errors }, + status: :unprocessable_entity) + end + + def invalid_api_key + render(json: { error: I18n.t(:invalid_api_key, key: api_key, scope: "spree.api") }, + status: :unauthorized) && return + end + + def unauthorized + render(json: { error: I18n.t(:unauthorized, scope: "spree.api") }, + status: :unauthorized) && return + end + + def not_found + render(json: { error: I18n.t(:resource_not_found, scope: "spree.api") }, + status: :not_found) && return + end end end diff --git a/spec/controllers/api/base_controller_spec.rb b/spec/controllers/api/base_controller_spec.rb index 6d0c88f044..df44fb5d8e 100644 --- a/spec/controllers/api/base_controller_spec.rb +++ b/spec/controllers/api/base_controller_spec.rb @@ -50,10 +50,18 @@ describe Api::BaseController do it 'handles exceptions' do expect(subject).to receive(:authenticate_user).and_return(true) expect(subject).to receive(:index).and_raise(Exception.new("no joy")) - get :index, token: "fake_key" + get :index expect(json_response).to eq( "exception" => "no joy" ) end + it 'handles record not found' do + expect(subject).to receive(:authenticate_user).and_return(true) + expect(subject).to receive(:index).and_raise(ActiveRecord::RecordNotFound.new) + get :index + expect(json_response).to eq( "error" => "The resource you were looking for could not be found." ) + expect(response.status).to eq(404) + end + it "maps symantec keys to nested_attributes keys" do klass = double(nested_attributes_options: { line_items: {}, bill_address: {} }) From f1138709aa92097118d52d13d9ae748cef3cd2d7 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 31 Jul 2019 22:09:56 +0100 Subject: [PATCH 05/26] Add spree_api translation keys, mostly from api standard errors and api fields in admin/users --- config/locales/en.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/config/locales/en.yml b/config/locales/en.yml index a763703196..e50d993cb5 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -3303,3 +3303,19 @@ See the %{link} to find out more about %{sitename}'s features and to start using allow_charges?: "Allow Charges?" localized_number: invalid_format: has an invalid format. Please enter a number. + api: + invalid_api_key: "Invalid API key (%{key}) specified." + unauthorized: "You are not authorized to perform that action." + invalid_resource: "Invalid resource. Please fix errors and try again." + resource_not_found: "The resource you were looking for could not be found." + access: "API Access" + key: "Key" + clear_key: "Clear key" + regenerate_key: "Regenerate Key" + no_key: "No key" + generate_key: "Generate API key" + key_generated: "Key generated" + key_cleared: "Key cleared" + shipment: + cannot_ready: "Cannot ready shipment." + invalid_taxonomy_id: "Invalid taxonomy id." From c98b4b276badabac49bf30221983e496d79f23b8 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Thu, 1 Aug 2019 20:47:15 +0100 Subject: [PATCH 06/26] Adapt spree/admin/shared/_routes.html.erb to new location of the api/taxons routes AND move spree/api/orders route to ofn api/orders route --- app/views/spree/admin/shared/_routes.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/spree/admin/shared/_routes.html.erb b/app/views/spree/admin/shared/_routes.html.erb index b84c691ea9..a9c1e55655 100644 --- a/app/views/spree/admin/shared/_routes.html.erb +++ b/app/views/spree/admin/shared/_routes.html.erb @@ -3,6 +3,6 @@ :variants_search => spree.admin_search_variants_path(:format => 'json'), :taxons_search => main_app.api_taxons_path(:format => 'json'), :user_search => spree.admin_search_users_path(:format => 'json'), - :orders_api => spree.api_orders_path(:format => 'json') + :orders_api => main_app.api_orders_path(:format => 'json') }.to_json %>; From 7c64777a50ece2c534c74ad017e84f3778324a8e Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Thu, 1 Aug 2019 21:18:34 +0100 Subject: [PATCH 07/26] Remove requires_authentication check from api/base_controller. OFN api does not require auth, it always generates an anonymous user for public endpoints --- app/controllers/api/base_controller.rb | 8 ----- app/controllers/spree/api/base_controller.rb | 36 +++----------------- 2 files changed, 5 insertions(+), 39 deletions(-) diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 668bb6f065..91f3e3657f 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -23,14 +23,6 @@ module Api super end - # Allows API access without authentication, but only for OFN controllers which inherit - # from Api::BaseController. @current_api_user will now initialize an empty Spree::User - # unless one is present. We now also apply devise's `check_authorization`. See here for - # details: https://github.com/CanCanCommunity/cancancan/wiki/Ensure-Authorization - def requires_authentication? - false - end - def invalid_resource!(resource) @resource = resource render(json: { error: I18n.t(:invalid_resource, scope: "spree.api"), diff --git a/app/controllers/spree/api/base_controller.rb b/app/controllers/spree/api/base_controller.rb index 700c8b1db3..776fa118dc 100644 --- a/app/controllers/spree/api/base_controller.rb +++ b/app/controllers/spree/api/base_controller.rb @@ -12,7 +12,6 @@ module Spree attr_accessor :current_api_user before_filter :set_content_type - before_filter :check_for_user_or_api_key, :if => :requires_authentication? before_filter :authenticate_user after_filter :set_jsonp_format @@ -52,30 +51,18 @@ module Spree headers["Content-Type"] = content_type end - def check_for_user_or_api_key - # User is already authenticated with Spree, make request this way instead. - return true if @current_api_user = try_spree_current_user || - !requires_authentication? - - return if api_key.present? - render("spree/api/errors/must_specify_api_key", status: :unauthorized) && return - end - def authenticate_user return if @current_api_user - if requires_authentication? || api_key.present? - unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s) - render("spree/api/errors/invalid_api_key", status: :unauthorized) && return - end - else + if api_key.blank? # An anonymous user @current_api_user = Spree.user_class.new + return end - end - def unauthorized - render("spree/api/errors/unauthorized", status: :unauthorized) && return + unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s) + invalid_api_key + end end def error_during_processing(exception) @@ -83,23 +70,10 @@ module Spree status: :unprocessable_entity) && return end - def requires_authentication? - true - end - - def not_found - render("spree/api/errors/not_found", status: :not_found) && return - end - def current_ability Spree::Ability.new(current_api_user) end - def invalid_resource!(resource) - @resource = resource - render "spree/api/errors/invalid_resource", status: :unprocessable_entity - end - def api_key request.headers["X-Spree-Token"] || params[:token] end From b5a521476be040d5904a698bb5e4dc083f016f09 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Thu, 1 Aug 2019 21:19:41 +0100 Subject: [PATCH 08/26] Remove unused method from api/base_controller --- app/controllers/spree/api/base_controller.rb | 9 --------- spec/controllers/api/base_controller_spec.rb | 12 ------------ 2 files changed, 21 deletions(-) diff --git a/app/controllers/spree/api/base_controller.rb b/app/controllers/spree/api/base_controller.rb index 776fa118dc..c201128bf2 100644 --- a/app/controllers/spree/api/base_controller.rb +++ b/app/controllers/spree/api/base_controller.rb @@ -30,15 +30,6 @@ module Spree end end - def map_nested_attributes_keys(klass, attributes) - nested_keys = klass.nested_attributes_options.keys - attributes.inject({}) do |h, (k, v)| - key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k - h[key] = v - h - end.with_indifferent_access - end - private def set_content_type diff --git a/spec/controllers/api/base_controller_spec.rb b/spec/controllers/api/base_controller_spec.rb index df44fb5d8e..9e31fc138e 100644 --- a/spec/controllers/api/base_controller_spec.rb +++ b/spec/controllers/api/base_controller_spec.rb @@ -61,16 +61,4 @@ describe Api::BaseController do expect(json_response).to eq( "error" => "The resource you were looking for could not be found." ) expect(response.status).to eq(404) end - - it "maps symantec keys to nested_attributes keys" do - klass = double(nested_attributes_options: { line_items: {}, - bill_address: {} }) - attributes = { 'line_items' => { id: 1 }, - 'bill_address' => { id: 2 }, - 'name' => 'test order' } - - mapped = subject.map_nested_attributes_keys(klass, attributes) - expect(mapped.key?('line_items_attributes')).to be_truthy - expect(mapped.key?('name')).to be_truthy - end end From f8401795738c0ce30f7ead5efb66ddbe37991de6 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Thu, 1 Aug 2019 22:55:22 +0100 Subject: [PATCH 09/26] Remove .json from Spree.routes.orders_api. This path is only used to compose the order shipments path and thus cannot have the .json --- app/views/spree/admin/shared/_routes.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/spree/admin/shared/_routes.html.erb b/app/views/spree/admin/shared/_routes.html.erb index a9c1e55655..ca522a7869 100644 --- a/app/views/spree/admin/shared/_routes.html.erb +++ b/app/views/spree/admin/shared/_routes.html.erb @@ -3,6 +3,6 @@ :variants_search => spree.admin_search_variants_path(:format => 'json'), :taxons_search => main_app.api_taxons_path(:format => 'json'), :user_search => spree.admin_search_users_path(:format => 'json'), - :orders_api => main_app.api_orders_path(:format => 'json') + :orders_api => main_app.api_orders_path }.to_json %>; From 0d34b607c335406a41a467e752f0a8d58ec79e6c Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Thu, 1 Aug 2019 23:04:07 +0100 Subject: [PATCH 10/26] Move spree/api/base_controller#find_product to api/product_controller where it is used exclusively Also, product_scope stops being an override --- app/controllers/api/products_controller.rb | 9 ++++++--- app/controllers/spree/api/base_controller.rb | 19 ------------------- 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/app/controllers/api/products_controller.rb b/app/controllers/api/products_controller.rb index 13abb37ff5..fa41d186e4 100644 --- a/app/controllers/api/products_controller.rb +++ b/app/controllers/api/products_controller.rb @@ -94,10 +94,13 @@ module Api private - # Copied and modified from SpreeApi::BaseController to allow - # enterprise users to access inactive products + def find_product(id) + product_scope.find_by_permalink!(id.to_s) + rescue ActiveRecord::RecordNotFound + product_scope.find(id) + end + def product_scope - # This line modified if current_api_user.has_spree_role?("admin") || current_api_user.enterprises.present? scope = Spree::Product if params[:show_deleted] diff --git a/app/controllers/spree/api/base_controller.rb b/app/controllers/spree/api/base_controller.rb index c201128bf2..7d6e84d67b 100644 --- a/app/controllers/spree/api/base_controller.rb +++ b/app/controllers/spree/api/base_controller.rb @@ -69,25 +69,6 @@ module Spree request.headers["X-Spree-Token"] || params[:token] end helper_method :api_key - - def find_product(id) - product_scope.find_by_permalink!(id.to_s) - rescue ActiveRecord::RecordNotFound - product_scope.find(id) - end - - def product_scope - if current_api_user.has_spree_role?("admin") - scope = Product - if params[:show_deleted] - scope = scope.with_deleted - end - else - scope = Product.active - end - - scope.includes(:master) - end end end end From abcc22c34b4d2fd8483d2a80e7da8bb43cc4737a Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Thu, 1 Aug 2019 23:16:05 +0100 Subject: [PATCH 11/26] Merge Spree::Api::BaseController with Api::BaseController. All api controllers inherit from Api::BaseController now. We can probably simplify this controller even more now --- app/controllers/api/base_controller.rb | 75 ++++++++++++++++++-- app/controllers/spree/api/base_controller.rb | 74 ------------------- 2 files changed, 68 insertions(+), 81 deletions(-) delete mode 100644 app/controllers/spree/api/base_controller.rb diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 91f3e3657f..19b2158b2a 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -1,16 +1,44 @@ # Base controller for OFN's API -# Includes the minimum machinery required by ActiveModelSerializers +require_dependency 'spree/api/controller_setup' + module Api - class BaseController < Spree::Api::BaseController - # Need to include these because Spree::Api::BaseContoller inherits - # from ActionController::Metal rather than ActionController::Base - # and they are required by ActiveModelSerializers + class BaseController < ActionController::Metal + include Spree::Api::ControllerSetup + include Spree::Core::ControllerHelpers::SSL + include ::ActionController::Head + + respond_to :json + + attr_accessor :current_api_user + + before_filter :set_content_type + before_filter :authenticate_user + after_filter :set_jsonp_format + + rescue_from Exception, :with => :error_during_processing + rescue_from CanCan::AccessDenied, :with => :unauthorized + rescue_from ActiveRecord::RecordNotFound, :with => :not_found + + helper Spree::Api::ApiHelpers + + ssl_allowed + + # Include these because we inherit from ActionController::Metal + # rather than ActionController::Base and these are required for AMS include ActionController::Serialization include ActionController::UrlFor include Rails.application.routes.url_helpers + use_renderers :json check_authorization + def set_jsonp_format + if params[:callback] && request.get? + self.response_body = "#{params[:callback]}(#{response_body})" + headers["Content-Type"] = 'application/javascript' + end + end + def respond_with_conflict(json_hash) render json: json_hash, status: :conflict end @@ -19,10 +47,43 @@ module Api # Use logged in user (spree_current_user) for API authentication (current_api_user) def authenticate_user - @current_api_user = try_spree_current_user - super + return if @current_api_user = try_spree_current_user + if api_key.blank? + # An anonymous user + @current_api_user = Spree.user_class.new + return + end + + unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s) + invalid_api_key + end end + def set_content_type + content_type = case params[:format] + when "json" + "application/json" + when "xml" + "text/xml" + end + headers["Content-Type"] = content_type + end + + def error_during_processing(exception) + render(text: { exception: exception.message }.to_json, + status: :unprocessable_entity) && return + end + + def current_ability + Spree::Ability.new(current_api_user) + end + + def api_key + request.headers["X-Spree-Token"] || params[:token] + end + helper_method :api_key + + def invalid_resource!(resource) @resource = resource render(json: { error: I18n.t(:invalid_resource, scope: "spree.api"), diff --git a/app/controllers/spree/api/base_controller.rb b/app/controllers/spree/api/base_controller.rb deleted file mode 100644 index 7d6e84d67b..0000000000 --- a/app/controllers/spree/api/base_controller.rb +++ /dev/null @@ -1,74 +0,0 @@ -require_dependency 'spree/api/controller_setup' - -module Spree - module Api - class BaseController < ActionController::Metal - include Spree::Api::ControllerSetup - include Spree::Core::ControllerHelpers::SSL - include ::ActionController::Head - - respond_to :json - - attr_accessor :current_api_user - - before_filter :set_content_type - before_filter :authenticate_user - after_filter :set_jsonp_format - - rescue_from Exception, :with => :error_during_processing - rescue_from CanCan::AccessDenied, :with => :unauthorized - rescue_from ActiveRecord::RecordNotFound, :with => :not_found - - helper Spree::Api::ApiHelpers - - ssl_allowed - - def set_jsonp_format - if params[:callback] && request.get? - self.response_body = "#{params[:callback]}(#{response_body})" - headers["Content-Type"] = 'application/javascript' - end - end - - private - - def set_content_type - content_type = case params[:format] - when "json" - "application/json" - when "xml" - "text/xml" - end - headers["Content-Type"] = content_type - end - - def authenticate_user - return if @current_api_user - - if api_key.blank? - # An anonymous user - @current_api_user = Spree.user_class.new - return - end - - unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s) - invalid_api_key - end - end - - def error_during_processing(exception) - render(text: { exception: exception.message }.to_json, - status: :unprocessable_entity) && return - end - - def current_ability - Spree::Ability.new(current_api_user) - end - - def api_key - request.headers["X-Spree-Token"] || params[:token] - end - helper_method :api_key - end - end -end From 66fdbe4379539d52861e00edbce52d3990b85b1c Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Sat, 20 Jul 2019 11:06:14 +0100 Subject: [PATCH 12/26] Remove spree_api dependency. Spree_api will keep being a dependency until we remove spree_backend as a dependency but now ofn works without spree_api --- Gemfile | 1 - Gemfile.lock | 1 - 2 files changed, 2 deletions(-) diff --git a/Gemfile b/Gemfile index b7b981c573..42a1c17536 100644 --- a/Gemfile +++ b/Gemfile @@ -20,7 +20,6 @@ gem 'pg' # OFN-maintained and patched version of Spree v2.0.4. See # https://github.com/openfoodfoundation/openfoodnetwork/wiki/Spree-2.0-upgrade # for details. -gem 'spree_api', github: 'openfoodfoundation/spree', branch: '2-0-4-stable' gem 'spree_backend', github: 'openfoodfoundation/spree', branch: '2-0-4-stable' gem 'spree_core', github: 'openfoodfoundation/spree', branch: '2-0-4-stable' diff --git a/Gemfile.lock b/Gemfile.lock index 354319734f..1a0edd7e1c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -806,7 +806,6 @@ DEPENDENCIES simple_form! simplecov spinjs-rails - spree_api! spree_backend! spree_core! spree_i18n! From 8aab9bacbe440ffaed056e6032ca0e489e229b95 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 31 Jul 2019 22:25:40 +0100 Subject: [PATCH 13/26] Delete now irrelevant authorize_api endpoint and logic OFN API is now authenticating all users, if no session and no key is provided an anonymous user will be created so that user can access public endpoints, authorization is then done at each individual endpoint. This makes this spree api auth call irrelevant --- .../admin/bulk_product_update.js.coffee | 9 ++------- .../services/spree_api_auth.js.coffee | 16 ---------------- .../variant_overrides_controller.js.coffee | 10 ++-------- app/controllers/spree/api/users_controller.rb | 7 ------- .../admin/products/index/_indicators.html.haml | 3 --- config/routes/spree.rb | 6 ------ .../admin/bulk_product_update_spec.js.coffee | 4 ---- 7 files changed, 4 insertions(+), 51 deletions(-) delete mode 100644 app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee delete mode 100644 app/controllers/spree/api/users_controller.rb diff --git a/app/assets/javascripts/admin/bulk_product_update.js.coffee b/app/assets/javascripts/admin/bulk_product_update.js.coffee index e220f2bb41..1b82a0e0f7 100644 --- a/app/assets/javascripts/admin/bulk_product_update.js.coffee +++ b/app/assets/javascripts/admin/bulk_product_update.js.coffee @@ -1,4 +1,4 @@ -angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, SpreeApiAuth, Columns, tax_categories, RequestMonitor) -> +angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, Columns, tax_categories, RequestMonitor) -> $scope.StatusMessage = StatusMessage $scope.columns = Columns.columns @@ -39,12 +39,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout $scope.DisplayProperties = DisplayProperties $scope.initialise = -> - SpreeApiAuth.authorise() - .then -> - $scope.spree_api_key_ok = true - $scope.fetchProducts() - .catch (message) -> - $scope.api_error_msg = message + $scope.fetchProducts() $scope.$watchCollection '[query, producerFilter, categoryFilter, importDateFilter, per_page]', -> $scope.page = 1 # Reset page when changing filters for new search diff --git a/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee b/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee deleted file mode 100644 index a74f05ed15..0000000000 --- a/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee +++ /dev/null @@ -1,16 +0,0 @@ -angular.module("admin.indexUtils").factory "SpreeApiAuth", ($q, $http, SpreeApiKey) -> - new class SpreeApiAuth - authorise: -> - deferred = $q.defer() - - $http.get("/api/users/authorise_api?token=" + SpreeApiKey) - .success (response) -> - if response?.success == "Use of API Authorised" - $http.defaults.headers.common["X-Spree-Token"] = SpreeApiKey - deferred.resolve() - - .error (response) -> - error = response?.error || t('js.unauthorized') - deferred.reject(error) - - deferred.promise diff --git a/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee b/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee index 6b7cea8243..c37ba72071 100644 --- a/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee +++ b/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee @@ -1,4 +1,4 @@ -angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, SpreeApiAuth, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) -> +angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) -> $scope.hubs = Indexer.index hubs $scope.hub_id = if hubs.length == 1 then hubs[0].id else null $scope.products = [] @@ -39,13 +39,7 @@ angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", $scope.producerFilter != 0 || $scope.query != '' $scope.initialise = -> - SpreeApiAuth.authorise() - .then -> - $scope.spree_api_key_ok = true - $scope.fetchProducts() - .catch (message) -> - $scope.api_error_msg = message - + $scope.fetchProducts() $scope.fetchProducts = -> url = "/api/products/overridable?page=::page::;per_page=100" diff --git a/app/controllers/spree/api/users_controller.rb b/app/controllers/spree/api/users_controller.rb deleted file mode 100644 index 74f83f6709..0000000000 --- a/app/controllers/spree/api/users_controller.rb +++ /dev/null @@ -1,7 +0,0 @@ -module Spree - module Api - class UsersController < Spree::Api::BaseController - respond_to :json - end - end -end diff --git a/app/views/spree/admin/products/index/_indicators.html.haml b/app/views/spree/admin/products/index/_indicators.html.haml index b4b605a34b..4c39f9a5d9 100644 --- a/app/views/spree/admin/products/index/_indicators.html.haml +++ b/app/views/spree/admin/products/index/_indicators.html.haml @@ -1,6 +1,3 @@ -%div{ 'ng-show' => '!spree_api_key_ok' } - {{ api_error_msg }} - %div.sixteen.columns.alpha#loading{ 'ng-if' => 'RequestMonitor.loading' } %br %img.spinner{ src: "/assets/spinning-circles.svg" } diff --git a/config/routes/spree.rb b/config/routes/spree.rb index 77a954081e..72d43d90ec 100644 --- a/config/routes/spree.rb +++ b/config/routes/spree.rb @@ -51,12 +51,6 @@ Spree::Core::Engine.routes.prepend do resources :credit_cards - namespace :api, :defaults => { :format => 'json' } do - resources :users do - get :authorise_api, on: :collection - end - end - namespace :admin do get '/search/known_users' => "search#known_users", :as => :search_known_users get '/search/customers' => 'search#customers', :as => :search_customers diff --git a/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee b/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee index bc07c70cdf..c2db1cc403 100644 --- a/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee +++ b/spec/javascripts/unit/admin/bulk_product_update_spec.js.coffee @@ -272,13 +272,9 @@ describe "AdminProductEditCtrl", -> describe "loading data upon initialisation", -> it "gets a list of producers and then resets products with a list of data", -> - $httpBackend.expectGET("/api/users/authorise_api?token=API_KEY").respond success: "Use of API Authorised" spyOn($scope, "fetchProducts").and.returnValue "nothing" $scope.initialise() - $httpBackend.flush() expect($scope.fetchProducts.calls.count()).toBe 1 - expect($scope.spree_api_key_ok).toEqual true - describe "fetching products", -> $q = null From 5b6efaf687e679cc174ab28d7758a16d3c48638a Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Thu, 1 Aug 2019 18:54:49 +0100 Subject: [PATCH 14/26] Delete now unused rabl template authorise_api --- app/views/spree/api/users/authorise_api.v1.rabl | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 app/views/spree/api/users/authorise_api.v1.rabl diff --git a/app/views/spree/api/users/authorise_api.v1.rabl b/app/views/spree/api/users/authorise_api.v1.rabl deleted file mode 100644 index cef3d960f1..0000000000 --- a/app/views/spree/api/users/authorise_api.v1.rabl +++ /dev/null @@ -1,2 +0,0 @@ -object false -node(:success) { "Use of API Authorised" } From d7b9dc1190c5c8986515a8ab317cda4ffb893f3f Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Mon, 9 Sep 2019 23:21:16 +0100 Subject: [PATCH 15/26] Fix some rubocop issues --- app/controllers/api/base_controller.rb | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/app/controllers/api/base_controller.rb b/app/controllers/api/base_controller.rb index 19b2158b2a..d0ab8ddb72 100644 --- a/app/controllers/api/base_controller.rb +++ b/app/controllers/api/base_controller.rb @@ -15,9 +15,9 @@ module Api before_filter :authenticate_user after_filter :set_jsonp_format - rescue_from Exception, :with => :error_during_processing - rescue_from CanCan::AccessDenied, :with => :unauthorized - rescue_from ActiveRecord::RecordNotFound, :with => :not_found + rescue_from Exception, with: :error_during_processing + rescue_from CanCan::AccessDenied, with: :unauthorized + rescue_from ActiveRecord::RecordNotFound, with: :not_found helper Spree::Api::ApiHelpers @@ -33,10 +33,10 @@ module Api check_authorization def set_jsonp_format - if params[:callback] && request.get? - self.response_body = "#{params[:callback]}(#{response_body})" - headers["Content-Type"] = 'application/javascript' - end + return unless params[:callback] && request.get? + + self.response_body = "#{params[:callback]}(#{response_body})" + headers["Content-Type"] = 'application/javascript' end def respond_with_conflict(json_hash) @@ -54,9 +54,9 @@ module Api return end - unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s) - invalid_api_key - end + return if @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s) + + invalid_api_key end def set_content_type @@ -83,7 +83,6 @@ module Api end helper_method :api_key - def invalid_resource!(resource) @resource = resource render(json: { error: I18n.t(:invalid_resource, scope: "spree.api"), From dd66df6379c8e8ed4d2bbd6f4d2733967d3f02ac Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Tue, 10 Sep 2019 10:30:13 +0100 Subject: [PATCH 16/26] Remove dead routes api/order_cycles, these endpoints were removed in PR 4059 because they were unused, implemented in rabl and not correctly named for the future --- config/routes/api.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/config/routes/api.rb b/config/routes/api.rb index 19496c4e17..cc6b6e02ed 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -42,9 +42,6 @@ Openfoodnetwork::Application.routes.draw do end resources :order_cycles do - get :managed, on: :collection - get :accessible, on: :collection - get :products, on: :member get :taxons, on: :member get :properties, on: :member From f46e0a2a316eba17d3c204da3b3392562fff6af2 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Tue, 10 Sep 2019 13:05:00 +0100 Subject: [PATCH 17/26] Remove outdated comment, action managed has already been removed --- app/controllers/api/products_controller.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/controllers/api/products_controller.rb b/app/controllers/api/products_controller.rb index fa41d186e4..337c6158ef 100644 --- a/app/controllers/api/products_controller.rb +++ b/app/controllers/api/products_controller.rb @@ -47,7 +47,6 @@ module Api render json: @product, serializer: Api::Admin::ProductSerializer, status: 204 end - # TODO: This should be named 'managed'. Is the action above used? Maybe we should remove it. def bulk_products product_query = OpenFoodNetwork::Permissions.new(current_api_user). editable_products.merge(product_scope) From b2e5ff46a81531cdc73dc4d6a9692c7470b5f4b9 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Tue, 10 Sep 2019 14:52:49 +0100 Subject: [PATCH 18/26] Bring missing admin user edit form api_fields partial from spree_api and insert into the form (there was a deface override in spree_api injecting it before) --- .../spree/admin/users/_api_fields.html.erb | 31 +++++++++++++++++++ app/views/spree/admin/users/edit.html.haml | 2 ++ 2 files changed, 33 insertions(+) create mode 100644 app/views/spree/admin/users/_api_fields.html.erb diff --git a/app/views/spree/admin/users/_api_fields.html.erb b/app/views/spree/admin/users/_api_fields.html.erb new file mode 100644 index 0000000000..dd3ac7791f --- /dev/null +++ b/app/views/spree/admin/users/_api_fields.html.erb @@ -0,0 +1,31 @@ +
+ <%= Spree.t('access', :scope => 'api') %> + + <% if @user.spree_api_key.present? %> +
+ <%= label_tag Spree.t('key', :scope => 'api') %>: + <%= @user.spree_api_key %> +
+
+ <%= form_tag spree.clear_api_key_admin_user_path(@user), :method => :put do %> + <%= button Spree.t('clear_key', :scope => 'api'), 'icon-trash' %> + <% end %> + + <%= Spree.t(:or)%> + + <%= form_tag spree.generate_api_key_admin_user_path(@user), :method => :put do %> + <%= button Spree.t('regenerate_key', :scope => 'api'), 'icon-refresh' %> + <% end %> +
+ + <% else %> + +
<%= Spree.t('no_key', :scope => 'api') %>
+ +
+ <%= form_tag spree.generate_api_key_admin_user_path(@user), :method => :put do %> + <%= button Spree.t('generate_key', :scope => 'api'), 'icon-key' %> + <% end %> +
+ <% end %> +
diff --git a/app/views/spree/admin/users/edit.html.haml b/app/views/spree/admin/users/edit.html.haml index b192342306..78304b663c 100644 --- a/app/views/spree/admin/users/edit.html.haml +++ b/app/views/spree/admin/users/edit.html.haml @@ -13,3 +13,5 @@ = render partial: "form", locals: { f: f } %div{"data-hook" => "admin_user_edit_form_button"} = render partial: "spree/admin/shared/edit_resource_links" + += render partial: 'spree/admin/users/api_fields' From d006ded439c420658ac11a7c03bfba15a8fb3cdc Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Tue, 10 Sep 2019 14:56:14 +0100 Subject: [PATCH 19/26] Convert spree admin users api fields partial from erb to haml --- .../spree/admin/users/_api_fields.html.erb | 31 ------------------- .../spree/admin/users/_api_fields.html.haml | 18 +++++++++++ 2 files changed, 18 insertions(+), 31 deletions(-) delete mode 100644 app/views/spree/admin/users/_api_fields.html.erb create mode 100644 app/views/spree/admin/users/_api_fields.html.haml diff --git a/app/views/spree/admin/users/_api_fields.html.erb b/app/views/spree/admin/users/_api_fields.html.erb deleted file mode 100644 index dd3ac7791f..0000000000 --- a/app/views/spree/admin/users/_api_fields.html.erb +++ /dev/null @@ -1,31 +0,0 @@ -
- <%= Spree.t('access', :scope => 'api') %> - - <% if @user.spree_api_key.present? %> -
- <%= label_tag Spree.t('key', :scope => 'api') %>: - <%= @user.spree_api_key %> -
-
- <%= form_tag spree.clear_api_key_admin_user_path(@user), :method => :put do %> - <%= button Spree.t('clear_key', :scope => 'api'), 'icon-trash' %> - <% end %> - - <%= Spree.t(:or)%> - - <%= form_tag spree.generate_api_key_admin_user_path(@user), :method => :put do %> - <%= button Spree.t('regenerate_key', :scope => 'api'), 'icon-refresh' %> - <% end %> -
- - <% else %> - -
<%= Spree.t('no_key', :scope => 'api') %>
- -
- <%= form_tag spree.generate_api_key_admin_user_path(@user), :method => :put do %> - <%= button Spree.t('generate_key', :scope => 'api'), 'icon-key' %> - <% end %> -
- <% end %> -
diff --git a/app/views/spree/admin/users/_api_fields.html.haml b/app/views/spree/admin/users/_api_fields.html.haml new file mode 100644 index 0000000000..056f576f7e --- /dev/null +++ b/app/views/spree/admin/users/_api_fields.html.haml @@ -0,0 +1,18 @@ +%fieldset.omega.six.columns + %legend= Spree.t('access', :scope => 'api') + - if @user.spree_api_key.present? + .field + = label_tag Spree.t('key', :scope => 'api') + = ":" + = @user.spree_api_key + .filter-actions.actions + = form_tag spree.clear_api_key_admin_user_path(@user), method: :put do + = button Spree.t('clear_key', :scope => 'api'), 'icon-trash' + %span.or= Spree.t(:or) + = form_tag spree.generate_api_key_admin_user_path(@user), method: :put do + = button Spree.t('regenerate_key', :scope => 'api'), 'icon-refresh' + - else + .no-objects-found= Spree.t('no_key', :scope => 'api') + .filter-actions.actions + = form_tag spree.generate_api_key_admin_user_path(@user), method: :put do + = button Spree.t('generate_key', :scope => 'api'), 'icon-key' From 9cffe48c70260e7890f437793d64b20f0da91543 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Tue, 10 Sep 2019 15:22:39 +0100 Subject: [PATCH 20/26] Do not use Spree.t in spree admin users --- app/controllers/spree/admin/users_controller.rb | 4 ++-- app/views/spree/admin/users/_api_fields.html.haml | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/app/controllers/spree/admin/users_controller.rb b/app/controllers/spree/admin/users_controller.rb index d941785f01..7d87e1499d 100644 --- a/app/controllers/spree/admin/users_controller.rb +++ b/app/controllers/spree/admin/users_controller.rb @@ -58,14 +58,14 @@ module Spree def generate_api_key if @user.generate_spree_api_key! - flash[:success] = Spree.t('api.key_generated') + flash[:success] = t('spree.api.key_generated') end redirect_to edit_admin_user_path(@user) end def clear_api_key if @user.clear_spree_api_key! - flash[:success] = Spree.t('api.key_cleared') + flash[:success] = t('spree.api.key_cleared') end redirect_to edit_admin_user_path(@user) end diff --git a/app/views/spree/admin/users/_api_fields.html.haml b/app/views/spree/admin/users/_api_fields.html.haml index 056f576f7e..9f27251cca 100644 --- a/app/views/spree/admin/users/_api_fields.html.haml +++ b/app/views/spree/admin/users/_api_fields.html.haml @@ -1,18 +1,18 @@ %fieldset.omega.six.columns - %legend= Spree.t('access', :scope => 'api') + %legend= t('spree.api.access') - if @user.spree_api_key.present? .field - = label_tag Spree.t('key', :scope => 'api') + = label_tag t('spree.api.key') = ":" = @user.spree_api_key .filter-actions.actions = form_tag spree.clear_api_key_admin_user_path(@user), method: :put do - = button Spree.t('clear_key', :scope => 'api'), 'icon-trash' - %span.or= Spree.t(:or) + = button t('spree.api.clear_key'), 'icon-trash' + %span.or= t(:or) = form_tag spree.generate_api_key_admin_user_path(@user), method: :put do - = button Spree.t('regenerate_key', :scope => 'api'), 'icon-refresh' + = button t('spree.api.regenerate_key'), 'icon-refresh' - else - .no-objects-found= Spree.t('no_key', :scope => 'api') + .no-objects-found= t('spree.api.no_key') .filter-actions.actions = form_tag spree.generate_api_key_admin_user_path(@user), method: :put do - = button Spree.t('generate_key', :scope => 'api'), 'icon-key' + = button t('spree.api.generate_key'), 'icon-key' From ad5202292786b0d18f7f3e0887ba5ab7f4079fab Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Tue, 10 Sep 2019 16:04:57 +0100 Subject: [PATCH 21/26] Add feature spec to cover api api generation in admin user edit form --- spec/features/admin/users_spec.rb | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/spec/features/admin/users_spec.rb b/spec/features/admin/users_spec.rb index 4ab504c5a4..3e4ea4c609 100644 --- a/spec/features/admin/users_spec.rb +++ b/spec/features/admin/users_spec.rb @@ -24,7 +24,7 @@ feature "Managing users" do click_link "users_email_title" end - it "should be able to list users with order email asc" do + it "should list users with order email asc" do expect(page).to have_css('table#listing_users') within("table#listing_users") do expect(page).to have_content("a@example.com") @@ -32,7 +32,7 @@ feature "Managing users" do end end - it "should be able to list users with order email desc" do + it "should list users with order email desc" do click_link "users_email_title" within("table#listing_users") do expect(page).to have_content("a@example.com") @@ -57,7 +57,7 @@ feature "Managing users" do click_link("a@example.com") end - it "should let me edit the user password" do + it "should allow editing the user password" do fill_in "user_password", :with => "welcome" fill_in "user_password_confirmation", :with => "welcome" click_button "Update" @@ -71,6 +71,23 @@ feature "Managing users" do expect(page).to have_content("The account will be updated once the new email is confirmed.") end + + it "should allow to generate, regenarate and clear the user api key", js: true do + user = Spree::User.find_by_email("a@example.com") + expect(page).to have_content "NO KEY" + + click_button "Generate API key" + first_user_api_key = user.reload.spree_api_key + expect(page).to have_content first_user_api_key + + click_button "Regenerate Key" + second_user_api_key = user.reload.spree_api_key + expect(page).to have_content second_user_api_key + expect(second_user_api_key).not_to eq first_user_api_key + + click_button "Clear key" + expect(page).to have_content "NO KEY" + end end end From 92f1fa3b52da2d9c4e832ea0fef51dc551eac4a2 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 11 Sep 2019 11:37:35 +0100 Subject: [PATCH 22/26] Remove dead route api/orders/managed --- config/routes/api.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/routes/api.rb b/config/routes/api.rb index cc6b6e02ed..ee6c1eb13f 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -16,8 +16,6 @@ Openfoodnetwork::Application.routes.draw do resources :variants, :only => [:index] resources :orders, only: [:index, :show] do - get :managed, on: :collection - resources :shipments, :only => [:create, :update] do member do put :ready From 11fea650d63eb32449b8db74370cd7b0aa8b977a Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Thu, 12 Sep 2019 13:27:44 +0100 Subject: [PATCH 23/26] Remove inexistent routes api/enterprises/managed and api/enterprises/acessible The :managed endpoint was delete here https://github.com/openfoodfoundation/openfoodnetwork/commit/1d92d6cc33dbe3bd1d0d343deca63f1ed2b1e810 --- config/routes/api.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/routes/api.rb b/config/routes/api.rb index ee6c1eb13f..34f80b7b13 100644 --- a/config/routes/api.rb +++ b/config/routes/api.rb @@ -28,8 +28,6 @@ Openfoodnetwork::Application.routes.draw do resources :enterprises do post :update_image, on: :member - get :managed, on: :collection - get :accessible, on: :collection resource :logo, only: [:destroy] resource :promo_image, only: [:destroy] From c60261a847c054bc3e6a12388be1f1adcb7b9983 Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Thu, 12 Sep 2019 18:00:29 +0100 Subject: [PATCH 24/26] Make taxonomies edit page use api route instead of spree_api route that is now gone. --- app/views/spree/admin/taxonomies/edit.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/spree/admin/taxonomies/edit.haml b/app/views/spree/admin/taxonomies/edit.haml index 3deb328999..eb43b8fa84 100755 --- a/app/views/spree/admin/taxonomies/edit.haml +++ b/app/views/spree/admin/taxonomies/edit.haml @@ -17,7 +17,7 @@ = label_tag nil, t("spree.tree") %br/ :javascript - Spree.routes.taxonomy_taxons_path = "#{spree.api_taxonomy_taxons_path(@taxonomy)}"; + Spree.routes.taxonomy_taxons_path = "#{main_app.api_taxonomy_taxons_path(@taxonomy)}"; Spree.routes.admin_taxonomy_taxons_path = "#{spree.admin_taxonomy_taxons_path(@taxonomy)}"; #taxonomy_tree.tree #progress{style: "display:none;"} From f45eb35eb1acf9f8531175f0a0050046f819884e Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 30 Oct 2019 10:43:24 +0000 Subject: [PATCH 25/26] Make user_registrations_controller_spec keep I18n.locale as it was before the spec, so that other specs wont fail --- spec/controllers/user_registrations_controller_spec.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/spec/controllers/user_registrations_controller_spec.rb b/spec/controllers/user_registrations_controller_spec.rb index a1c75d83e1..8eac9fc200 100644 --- a/spec/controllers/user_registrations_controller_spec.rb +++ b/spec/controllers/user_registrations_controller_spec.rb @@ -49,12 +49,14 @@ describe UserRegistrationsController, type: :controller do end it "sets user.locale from cookie on create" do + original_i18n_locale = I18n.locale original_locale_cookie = cookies[:locale] + cookies[:locale] = "pt" - xhr :post, :create, spree_user: user_params, use_route: :spree - expect(assigns[:user].locale).to eq("pt") + + I18n.locale = original_i18n_locale cookies[:locale] = original_locale_cookie end end From 0fe4edfbf5e1ed2ca9d6f795252333918249e27b Mon Sep 17 00:00:00 2001 From: luisramos0 Date: Wed, 30 Oct 2019 11:06:18 +0000 Subject: [PATCH 26/26] Make product_tag_rules_filterer_spec a bit more flexible and not test for the order of the elements --- spec/services/product_tag_rules_filterer_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/services/product_tag_rules_filterer_spec.rb b/spec/services/product_tag_rules_filterer_spec.rb index 026e0ec03b..458ca55820 100644 --- a/spec/services/product_tag_rules_filterer_spec.rb +++ b/spec/services/product_tag_rules_filterer_spec.rb @@ -79,7 +79,7 @@ describe ProductTagRulesFilterer do variant_hidden_for_another_customer.update_attribute(:tag_list, non_applicable_rule.preferred_variant_tags) overrides_to_hide = filterer.__send__(:overrides_to_hide) - expect(overrides_to_hide).to eq [variant_hidden_by_default.id, variant_hidden_by_rule.id] + expect(overrides_to_hide).to include variant_hidden_by_default.id, variant_hidden_by_rule.id end end