From 77eec6e6f3c48e2139ca1c5e3cf4cce4a457f06f Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Bellet <jb.bellet@gmail.com>
Date: Tue, 9 Aug 2022 10:32:57 +0200
Subject: [PATCH] Check `step` params and redirect if step is inconsistent to
 order state

---
 app/controllers/split_checkout_controller.rb  | 10 +++++++
 .../split_checkout_controller_spec.rb         | 28 +++++++++++++++++++
 .../split_checkout_tax_not_incl_spec.rb       |  1 -
 3 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/app/controllers/split_checkout_controller.rb b/app/controllers/split_checkout_controller.rb
index 7a9e9f0442..79a1acbcb6 100644
--- a/app/controllers/split_checkout_controller.rb
+++ b/app/controllers/split_checkout_controller.rb
@@ -21,6 +21,7 @@ class SplitCheckoutController < ::BaseController
 
   def edit
     redirect_to_step_based_on_order unless params[:step]
+    check_step if params[:step]
   end
 
   def update
@@ -145,4 +146,13 @@ class SplitCheckoutController < ::BaseController
     end
     redirect_to_step_based_on_order
   end
+
+  def check_step
+    case @order.state
+    when "cart", "address", "delivery"
+      redirect_to checkout_step_path(:details) unless params[:step] == "details"
+    when "payment"
+      redirect_to checkout_step_path(:payment) if params[:step] == "summary"
+    end
+  end
 end
diff --git a/spec/controllers/split_checkout_controller_spec.rb b/spec/controllers/split_checkout_controller_spec.rb
index 353a7abd38..f05ec76563 100644
--- a/spec/controllers/split_checkout_controller_spec.rb
+++ b/spec/controllers/split_checkout_controller_spec.rb
@@ -43,6 +43,34 @@ describe SplitCheckoutController, type: :controller do
         expect(response).to redirect_to cart_path
       end
     end
+
+    context "when the given `step` params is inconsistent with the current order state" do
+      context "when order state is `cart`" do
+        before do
+          order.update!(state: "cart")
+        end
+
+        it "redirects to the valid step if params is `payment`" do
+          get :edit, params: { step: "payment" }
+          expect(response).to redirect_to checkout_step_path(:details)
+        end
+        it "redirects to the valid step if params is `summary`" do
+          get :edit, params: { step: "summary" }
+          expect(response).to redirect_to checkout_step_path(:details)
+        end
+      end
+
+      context "when order state is `payment`" do
+        before do
+          order.update!(state: "payment")
+        end
+
+        it "redirects to the valid step if params is `summary`" do
+          get :edit, params: { step: "summary" }
+          expect(response).to redirect_to checkout_step_path(:payment)
+        end
+      end
+    end
   end
 
   describe "#update" do
diff --git a/spec/system/consumer/split_checkout_tax_not_incl_spec.rb b/spec/system/consumer/split_checkout_tax_not_incl_spec.rb
index fc98b6454e..217f18b359 100644
--- a/spec/system/consumer/split_checkout_tax_not_incl_spec.rb
+++ b/spec/system/consumer/split_checkout_tax_not_incl_spec.rb
@@ -220,7 +220,6 @@ describe "As a consumer, I want to see adjustment breakdown" do
         # reproducing bug #9131
         context "redirection to /summary page with no shipping method selected" do
           it "fails to render the /summary page" do
-            pending("#9131")
             visit checkout_step_path(:summary)
           end
         end