From 11631c3a33837d72db64f53ad76dd34798b76631 Mon Sep 17 00:00:00 2001
From: luisramos0 <luisramos0@gmail.com>
Date: Wed, 27 Nov 2019 21:46:24 +0000
Subject: [PATCH 1/8] Add base_controller from spree_backend so that we can now
 merge it with the OFN's decorator

---
 .../spree/admin/base_controller.rb            | 92 +++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100644 app/controllers/spree/admin/base_controller.rb

diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb
new file mode 100644
index 0000000000..19702cc9e2
--- /dev/null
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -0,0 +1,92 @@
+module Spree
+  module Admin
+    class BaseController < Spree::BaseController
+      ssl_required
+
+      helper 'spree/admin/navigation'
+      helper 'spree/admin/tables'
+      layout '/spree/layouts/admin'
+
+      before_filter :check_alerts
+      before_filter :authorize_admin
+
+      protected
+        def action
+          params[:action].to_sym
+        end
+
+        def authorize_admin
+          if respond_to?(:model_class, true) && model_class
+            record = model_class
+          else
+            record = Object
+          end
+          authorize! :admin, record
+          authorize! action, record
+        end
+
+        # Need to generate an API key for a user due to some backend actions
+        # requiring authentication to the Spree API
+        def generate_admin_api_key
+          if user = try_spree_current_user
+            if user.spree_api_key.blank?
+              user.generate_spree_api_key!
+            end
+          end
+        end
+
+        def check_alerts
+          return unless should_check_alerts?
+
+          unless session.has_key? :alerts
+            begin
+              session[:alerts] = Spree::Alert.current(request.host)
+              filter_dismissed_alerts
+              Spree::Config.set :last_check_for_spree_alerts => DateTime.now.to_s
+            rescue
+              session[:alerts] = nil
+            end
+          end
+        end
+
+        def should_check_alerts?
+          return false if !Rails.env.production? || !Spree::Config[:check_for_spree_alerts]
+
+          last_check = Spree::Config[:last_check_for_spree_alerts]
+          return true if last_check.blank?
+
+          DateTime.parse(last_check) < 12.hours.ago
+        end
+
+        def flash_message_for(object, event_sym)
+          resource_desc  = object.class.model_name.human
+          resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
+          Spree.t(event_sym, :resource => resource_desc)
+        end
+
+        def render_js_for_destroy
+          render :partial => '/spree/admin/shared/destroy'
+        end
+
+        # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
+        def check_json_authenticity
+          return unless request.format.js? or request.format.json?
+          return unless protect_against_forgery?
+          auth_token = params[request_forgery_protection_token]
+          unless (auth_token and form_authenticity_token == URI.unescape(auth_token))
+            raise(ActionController::InvalidAuthenticityToken)
+          end
+        end
+
+        def filter_dismissed_alerts
+          return unless session[:alerts]
+          dismissed = (Spree::Config[:dismissed_spree_alerts] || '').split(',')
+          session[:alerts].reject! { |a| dismissed.include? a["id"].to_s }
+        end
+
+        def config_locale
+          Spree::Backend::Config[:locale]
+        end
+    end
+  end
+end

From 4ab7b78cb85133a207079b1d5b23cca996bbe56c Mon Sep 17 00:00:00 2001
From: luisramos0 <luisramos0@gmail.com>
Date: Mon, 11 Nov 2019 15:58:55 +0000
Subject: [PATCH 2/8] Merge base_controller with its decorator

---
 .../spree/admin/base_controller.rb            | 200 +++++++++++++-----
 .../spree/admin/base_controller_decorator.rb  | 105 ---------
 2 files changed, 143 insertions(+), 162 deletions(-)
 delete mode 100644 app/controllers/spree/admin/base_controller_decorator.rb

diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb
index 19702cc9e2..e390b01f82 100644
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -7,86 +7,172 @@ module Spree
       helper 'spree/admin/tables'
       layout '/spree/layouts/admin'
 
+      include I18nHelper
+
       before_filter :check_alerts
       before_filter :authorize_admin
+      before_filter :set_locale
+      before_filter :warn_invalid_order_cycles, if: :html_request?
+
+      # Warn the user when they have an active order cycle with hubs that are not ready
+      # for checkout (ie. does not have valid shipping and payment methods).
+      def warn_invalid_order_cycles
+        distributors = active_distributors_not_ready_for_checkout
+
+        if distributors.any? && flash[:notice].nil?
+          flash[:notice] = active_distributors_not_ready_for_checkout_message(distributors)
+        end
+      end
+
+      # This is in Spree::Core::ControllerHelpers::Auth
+      # But you can't easily reopen modules in Ruby
+      def unauthorized
+        if try_spree_current_user
+          flash[:error] = t(:authorization_failure)
+          redirect_to '/unauthorized'
+        else
+          store_location
+          redirect_to root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
+        end
+      end
 
       protected
-        def action
-          params[:action].to_sym
-        end
 
-        def authorize_admin
-          if respond_to?(:model_class, true) && model_class
-            record = model_class
-          else
-            record = Object
-          end
-          authorize! :admin, record
-          authorize! action, record
+      def model_class
+        const_name = controller_name.classify
+        if Spree.const_defined?(const_name)
+          return "Spree::#{const_name}".constantize
         end
+        nil
+      end
 
-        # Need to generate an API key for a user due to some backend actions
-        # requiring authentication to the Spree API
-        def generate_admin_api_key
-          if user = try_spree_current_user
-            if user.spree_api_key.blank?
-              user.generate_spree_api_key!
-            end
+      def action
+        params[:action].to_sym
+      end
+
+      def authorize_admin
+        if respond_to?(:model_class, true) && model_class
+          record = model_class
+        else
+          # This allows specificity for each non-resource controller
+          #   (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146)
+          record = self.class.to_s.sub("Controller", "").underscore.split('/').last.singularize.to_sym
+        end
+        authorize! :admin, record
+        authorize! resource_authorize_action, record
+      end
+
+      def resource_authorize_action
+        action
+      end
+
+      # Need to generate an API key for a user due to some backend actions
+      # requiring authentication to the Spree API
+      def generate_admin_api_key
+        if user = try_spree_current_user
+          if user.spree_api_key.blank?
+            user.generate_spree_api_key!
           end
         end
+      end
 
-        def check_alerts
-          return unless should_check_alerts?
+      def check_alerts
+        return unless should_check_alerts?
 
-          unless session.has_key? :alerts
-            begin
-              session[:alerts] = Spree::Alert.current(request.host)
-              filter_dismissed_alerts
-              Spree::Config.set :last_check_for_spree_alerts => DateTime.now.to_s
-            rescue
-              session[:alerts] = nil
-            end
+        unless session.has_key? :alerts
+          begin
+            session[:alerts] = Spree::Alert.current(request.host)
+            filter_dismissed_alerts
+            Spree::Config.set :last_check_for_spree_alerts => DateTime.now.to_s
+          rescue
+            session[:alerts] = nil
           end
         end
+      end
 
-        def should_check_alerts?
-          return false if !Rails.env.production? || !Spree::Config[:check_for_spree_alerts]
+      def should_check_alerts?
+        return false if !Rails.env.production? || !Spree::Config[:check_for_spree_alerts]
 
-          last_check = Spree::Config[:last_check_for_spree_alerts]
-          return true if last_check.blank?
+        last_check = Spree::Config[:last_check_for_spree_alerts]
+        return true if last_check.blank?
 
-          DateTime.parse(last_check) < 12.hours.ago
+        DateTime.parse(last_check) < 12.hours.ago
+      end
+
+      def flash_message_for(object, event_sym)
+        resource_desc  = object.class.model_name.human
+        resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
+        Spree.t(event_sym, :resource => resource_desc)
+      end
+
+      def render_js_for_destroy
+        render :partial => '/spree/admin/shared/destroy'
+      end
+
+      # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
+      def check_json_authenticity
+        return unless request.format.js? or request.format.json?
+        return unless protect_against_forgery?
+        auth_token = params[request_forgery_protection_token]
+        unless (auth_token and form_authenticity_token == URI.unescape(auth_token))
+          raise(ActionController::InvalidAuthenticityToken)
         end
+      end
 
-        def flash_message_for(object, event_sym)
-          resource_desc  = object.class.model_name.human
-          resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
-          Spree.t(event_sym, :resource => resource_desc)
-        end
+      def filter_dismissed_alerts
+        return unless session[:alerts]
+        dismissed = (Spree::Config[:dismissed_spree_alerts] || '').split(',')
+        session[:alerts].reject! { |a| dismissed.include? a["id"].to_s }
+      end
 
-        def render_js_for_destroy
-          render :partial => '/spree/admin/shared/destroy'
-        end
+      def config_locale
+        Spree::Backend::Config[:locale]
+      end
 
-        # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
-        def check_json_authenticity
-          return unless request.format.js? or request.format.json?
-          return unless protect_against_forgery?
-          auth_token = params[request_forgery_protection_token]
-          unless (auth_token and form_authenticity_token == URI.unescape(auth_token))
-            raise(ActionController::InvalidAuthenticityToken)
-          end
-        end
+      private
 
-        def filter_dismissed_alerts
-          return unless session[:alerts]
-          dismissed = (Spree::Config[:dismissed_spree_alerts] || '').split(',')
-          session[:alerts].reject! { |a| dismissed.include? a["id"].to_s }
-        end
+      def active_distributors_not_ready_for_checkout
+        ocs = OrderCycle.managed_by(spree_current_user).active
+        distributors = ocs.includes(:distributors).map(&:distributors).flatten.uniq
+        Enterprise.where('enterprises.id IN (?)', distributors).not_ready_for_checkout
+      end
 
-        def config_locale
-          Spree::Backend::Config[:locale]
+      def active_distributors_not_ready_for_checkout_message(distributors)
+        distributor_names = distributors.map(&:name).join ', '
+
+        if distributors.count > 1
+          I18n.t(:active_distributors_not_ready_for_checkout_message_plural, distributor_names: distributor_names)
+        else
+          I18n.t(:active_distributors_not_ready_for_checkout_message_singular, distributor_names: distributor_names)
         end
+      end
+
+      def html_request?
+        request.format.html?
+      end
+
+      def json_request?
+        request.format.json?
+      end
+
+      def render_as_json(data, options = {})
+        ams_prefix = options.delete :ams_prefix
+        if [Array, ActiveRecord::Relation].include? data.class
+          render options.merge(json: data, each_serializer: serializer(ams_prefix))
+        else
+          render options.merge(json: data, serializer: serializer(ams_prefix))
+        end
+      end
+
+      def serializer(ams_prefix)
+        if ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym)
+          prefix = ams_prefix.andand.classify || ""
+          name = controller_name.classify
+          "Api::Admin::#{prefix}#{name}Serializer".constantize
+        else
+          raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}."
+        end
+      end
     end
   end
 end
diff --git a/app/controllers/spree/admin/base_controller_decorator.rb b/app/controllers/spree/admin/base_controller_decorator.rb
deleted file mode 100644
index 34bde0028e..0000000000
--- a/app/controllers/spree/admin/base_controller_decorator.rb
+++ /dev/null
@@ -1,105 +0,0 @@
-require 'spree/core/controller_helpers/respond_with_decorator'
-
-Spree::Admin::BaseController.class_eval do
-  include I18nHelper
-
-  layout 'spree/layouts/admin'
-
-  before_filter :set_locale
-  before_filter :warn_invalid_order_cycles, if: :html_request?
-
-  # Warn the user when they have an active order cycle with hubs that are not ready
-  # for checkout (ie. does not have valid shipping and payment methods).
-  def warn_invalid_order_cycles
-    distributors = active_distributors_not_ready_for_checkout
-
-    if distributors.any? && flash[:notice].nil?
-      flash[:notice] = active_distributors_not_ready_for_checkout_message(distributors)
-    end
-  end
-
-  # Override Spree method
-  # It's a shame Spree doesn't just let CanCan handle this in it's own way
-  def authorize_admin
-    if respond_to?(:model_class, true) && model_class
-      record = model_class
-    else
-      # this line changed to allow specificity for each non-resource controller (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146)
-      record = self.class.to_s.sub("Controller", "").underscore.split('/').last.singularize.to_sym
-    end
-    authorize! :admin, record
-    authorize! resource_authorize_action, record
-  end
-
-  def resource_authorize_action
-    action
-  end
-
-  # This is in Spree::Core::ControllerHelpers::Auth
-  # But you can't easily reopen modules in Ruby
-  def unauthorized
-    if try_spree_current_user
-      flash[:error] = t(:authorization_failure)
-      redirect_to '/unauthorized'
-    else
-      store_location
-      redirect_to root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
-    end
-  end
-
-  protected
-
-  def model_class
-    const_name = controller_name.classify
-    if Spree.const_defined?(const_name)
-      return "Spree::#{const_name}".constantize
-    end
-
-    nil
-  end
-
-  private
-
-  def active_distributors_not_ready_for_checkout
-    ocs = OrderCycle.managed_by(spree_current_user).active
-    distributors = ocs.includes(:distributors).map(&:distributors).flatten.uniq
-    Enterprise.where('enterprises.id IN (?)', distributors).not_ready_for_checkout
-  end
-
-  def active_distributors_not_ready_for_checkout_message(distributors)
-    distributor_names = distributors.map(&:name).join ', '
-
-    if distributors.count > 1
-      I18n.t(:active_distributors_not_ready_for_checkout_message_plural, distributor_names: distributor_names)
-    else
-      I18n.t(:active_distributors_not_ready_for_checkout_message_singular, distributor_names: distributor_names)
-    end
-  end
-
-  def html_request?
-    request.format.html?
-  end
-
-  def json_request?
-    request.format.json?
-  end
-
-  def render_as_json(data, options = {})
-    ams_prefix = options.delete :ams_prefix
-    if [Array, ActiveRecord::Relation].include? data.class
-      render options.merge(json: data, each_serializer: serializer(ams_prefix))
-    else
-      render options.merge(json: data, serializer: serializer(ams_prefix))
-    end
-  end
-
-  def serializer(ams_prefix)
-    if ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym)
-      prefix = ams_prefix.andand.classify || ""
-      name = controller_name.classify
-      "Api::Admin::#{prefix}#{name}Serializer".constantize
-    else
-      raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}."
-    end
-  end
-end

From f1814f1b67acb789156274138b1f323b20636839 Mon Sep 17 00:00:00 2001
From: luisramos0 <luisramos0@gmail.com>
Date: Mon, 11 Nov 2019 16:06:07 +0000
Subject: [PATCH 3/8] Fix most rubocop issues in spree/admin/base_controller

---
 .../spree/admin/base_controller.rb            | 74 ++++++++++---------
 1 file changed, 40 insertions(+), 34 deletions(-)

diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb
index e390b01f82..e3c25cd5d4 100644
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -19,9 +19,9 @@ module Spree
       def warn_invalid_order_cycles
         distributors = active_distributors_not_ready_for_checkout
 
-        if distributors.any? && flash[:notice].nil?
-          flash[:notice] = active_distributors_not_ready_for_checkout_message(distributors)
-        end
+        return unless distributors.any? && flash[:notice].nil?
+
+        flash[:notice] = active_distributors_not_ready_for_checkout_message(distributors)
       end
 
       # This is in Spree::Core::ControllerHelpers::Auth
@@ -40,9 +40,8 @@ module Spree
 
       def model_class
         const_name = controller_name.classify
-        if Spree.const_defined?(const_name)
-          return "Spree::#{const_name}".constantize
-        end
+        return "Spree::#{const_name}".constantize if Spree.const_defined?(const_name)
+
         nil
       end
 
@@ -56,7 +55,9 @@ module Spree
         else
           # This allows specificity for each non-resource controller
           #   (to be consistent with "authorize_resource :class => false", see https://github.com/ryanb/cancan/blob/60cf6a67ef59c0c9b63bc27ea0101125c4193ea6/lib/cancan/controller_resource.rb#L146)
-          record = self.class.to_s.sub("Controller", "").underscore.split('/').last.singularize.to_sym
+          record = self.class.to_s.
+            sub("Controller", "").
+            underscore.split('/').last.singularize.to_sym
         end
         authorize! :admin, record
         authorize! resource_authorize_action, record
@@ -69,24 +70,24 @@ module Spree
       # Need to generate an API key for a user due to some backend actions
       # requiring authentication to the Spree API
       def generate_admin_api_key
-        if user = try_spree_current_user
-          if user.spree_api_key.blank?
-            user.generate_spree_api_key!
-          end
-        end
+        return unless user = try_spree_current_user
+
+        return if user.spree_api_key.present?
+
+        user.generate_spree_api_key!
       end
 
       def check_alerts
         return unless should_check_alerts?
 
-        unless session.has_key? :alerts
-          begin
-            session[:alerts] = Spree::Alert.current(request.host)
-            filter_dismissed_alerts
-            Spree::Config.set :last_check_for_spree_alerts => DateTime.now.to_s
-          rescue
-            session[:alerts] = nil
-          end
+        return if session.key? :alerts
+
+        begin
+          session[:alerts] = Spree::Alert.current(request.host)
+          filter_dismissed_alerts
+          Spree::Config.set last_check_for_spree_alerts: DateTime.now.in_time_zone.to_s
+        rescue
+          session[:alerts] = nil
         end
       end
 
@@ -96,31 +97,34 @@ module Spree
         last_check = Spree::Config[:last_check_for_spree_alerts]
         return true if last_check.blank?
 
-        DateTime.parse(last_check) < 12.hours.ago
+        DateTime.parse(last_check).in_time_zone < 12.hours.ago
       end
 
       def flash_message_for(object, event_sym)
         resource_desc  = object.class.model_name.human
         resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
-        Spree.t(event_sym, :resource => resource_desc)
+        Spree.t(event_sym, resource: resource_desc)
       end
 
       def render_js_for_destroy
-        render :partial => '/spree/admin/shared/destroy'
+        render partial: '/spree/admin/shared/destroy'
       end
 
       # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
       def check_json_authenticity
-        return unless request.format.js? or request.format.json?
+        return unless request.format.js? || request.format.json?
+
         return unless protect_against_forgery?
+
         auth_token = params[request_forgery_protection_token]
-        unless (auth_token and form_authenticity_token == URI.unescape(auth_token))
-          raise(ActionController::InvalidAuthenticityToken)
-        end
+        return if auth_token && form_authenticity_token == URI.unescape(auth_token)
+
+        raise(ActionController::InvalidAuthenticityToken)
       end
 
       def filter_dismissed_alerts
         return unless session[:alerts]
+
         dismissed = (Spree::Config[:dismissed_spree_alerts] || '').split(',')
         session[:alerts].reject! { |a| dismissed.include? a["id"].to_s }
       end
@@ -141,9 +145,11 @@ module Spree
         distributor_names = distributors.map(&:name).join ', '
 
         if distributors.count > 1
-          I18n.t(:active_distributors_not_ready_for_checkout_message_plural, distributor_names: distributor_names)
+          I18n.t(:active_distributors_not_ready_for_checkout_message_plural,
+                 distributor_names: distributor_names)
         else
-          I18n.t(:active_distributors_not_ready_for_checkout_message_singular, distributor_names: distributor_names)
+          I18n.t(:active_distributors_not_ready_for_checkout_message_singular,
+                 distributor_names: distributor_names)
         end
       end
 
@@ -165,13 +171,13 @@ module Spree
       end
 
       def serializer(ams_prefix)
-        if ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym)
-          prefix = ams_prefix.andand.classify || ""
-          name = controller_name.classify
-          "Api::Admin::#{prefix}#{name}Serializer".constantize
-        else
+        unless ams_prefix.nil? || ams_prefix_whitelist.include?(ams_prefix.to_sym)
           raise "Suffix '#{ams_prefix}' not found in ams_prefix_whitelist for #{self.class.name}."
         end
+
+        prefix = ams_prefix.andand.classify || ""
+        name = controller_name.classify
+        "::Api::Admin::#{prefix}#{name}Serializer".constantize
       end
     end
   end

From 795f13d73a6acec36d48007cc9ccedb419824ac0 Mon Sep 17 00:00:00 2001
From: luisramos0 <luisramos0@gmail.com>
Date: Mon, 2 Dec 2019 21:33:43 +0000
Subject: [PATCH 4/8] Remove spree alerts feature that would check spree
 website for security alerts

This is not something we need running such an old version of spree
---
 .rubocop_manual_todo.yml                      |  2 +-
 .../spree/admin/base_controller.rb            | 31 -------------------
 .../admin/general_settings_controller.rb      | 15 +--------
 app/views/spree/layouts/_admin_body.html.haml |  2 --
 app/views/spree/layouts/bare_admin.html.haml  |  1 -
 config/locales/en.yml                         |  1 -
 config/routes/spree.rb                        |  6 +---
 7 files changed, 3 insertions(+), 55 deletions(-)

diff --git a/.rubocop_manual_todo.yml b/.rubocop_manual_todo.yml
index 8bb0590127..4e0deb1060 100644
--- a/.rubocop_manual_todo.yml
+++ b/.rubocop_manual_todo.yml
@@ -42,7 +42,6 @@ Metrics/LineLength:
   - app/controllers/application_controller.rb
   - app/controllers/checkout_controller.rb
   - app/controllers/spree/admin/adjustments_controller_decorator.rb
-  - app/controllers/spree/admin/base_controller_decorator.rb
   - app/controllers/spree/admin/orders_controller_decorator.rb
   - app/controllers/spree/admin/payments_controller_decorator.rb
   - app/controllers/spree/credit_cards_controller.rb
@@ -644,6 +643,7 @@ Metrics/ClassLength:
   - app/controllers/admin/subscriptions_controller.rb
   - app/controllers/api/products_controller.rb
   - app/controllers/checkout_controller.rb
+  - app/controllers/spree/admin/base_controller.rb
   - app/controllers/spree/admin/payment_methods_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/orders_controller.rb
diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb
index e3c25cd5d4..f8868ad945 100644
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -9,7 +9,6 @@ module Spree
 
       include I18nHelper
 
-      before_filter :check_alerts
       before_filter :authorize_admin
       before_filter :set_locale
       before_filter :warn_invalid_order_cycles, if: :html_request?
@@ -77,29 +76,6 @@ module Spree
         user.generate_spree_api_key!
       end
 
-      def check_alerts
-        return unless should_check_alerts?
-
-        return if session.key? :alerts
-
-        begin
-          session[:alerts] = Spree::Alert.current(request.host)
-          filter_dismissed_alerts
-          Spree::Config.set last_check_for_spree_alerts: DateTime.now.in_time_zone.to_s
-        rescue
-          session[:alerts] = nil
-        end
-      end
-
-      def should_check_alerts?
-        return false if !Rails.env.production? || !Spree::Config[:check_for_spree_alerts]
-
-        last_check = Spree::Config[:last_check_for_spree_alerts]
-        return true if last_check.blank?
-
-        DateTime.parse(last_check).in_time_zone < 12.hours.ago
-      end
-
       def flash_message_for(object, event_sym)
         resource_desc  = object.class.model_name.human
         resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
@@ -122,13 +98,6 @@ module Spree
         raise(ActionController::InvalidAuthenticityToken)
       end
 
-      def filter_dismissed_alerts
-        return unless session[:alerts]
-
-        dismissed = (Spree::Config[:dismissed_spree_alerts] || '').split(',')
-        session[:alerts].reject! { |a| dismissed.include? a["id"].to_s }
-      end
-
       def config_locale
         Spree::Backend::Config[:locale]
       end
diff --git a/app/controllers/spree/admin/general_settings_controller.rb b/app/controllers/spree/admin/general_settings_controller.rb
index 853ad929a1..dcb360bcc9 100644
--- a/app/controllers/spree/admin/general_settings_controller.rb
+++ b/app/controllers/spree/admin/general_settings_controller.rb
@@ -5,8 +5,7 @@ module Spree
         @preferences_general = [:site_name, :default_seo_title, :default_meta_keywords,
                                 :default_meta_description, :site_url, :bugherd_api_key]
         @preferences_security = [:allow_ssl_in_production,
-                                 :allow_ssl_in_staging, :allow_ssl_in_development_and_test,
-                                 :check_for_spree_alerts]
+                                 :allow_ssl_in_staging, :allow_ssl_in_development_and_test]
         @preferences_currency = [:display_currency, :hide_cents]
       end
 
@@ -20,18 +19,6 @@ module Spree
 
         redirect_to edit_admin_general_settings_path
       end
-
-      def dismiss_alert
-        return unless request.xhr? && params[:alert_id]
-
-        dismissed = Spree::Config[:dismissed_spree_alerts] || ''
-        Spree::Config.set(dismissed_spree_alerts: dismissed.
-                                                    split(',').
-                                                    push(params[:alert_id]).
-                                                    join(','))
-        filter_dismissed_alerts
-        render nothing: true
-      end
     end
   end
 end
diff --git a/app/views/spree/layouts/_admin_body.html.haml b/app/views/spree/layouts/_admin_body.html.haml
index a51fc57755..bd479f462f 100644
--- a/app/views/spree/layouts/_admin_body.html.haml
+++ b/app/views/spree/layouts/_admin_body.html.haml
@@ -16,8 +16,6 @@
         = Spree.t(:loading)
         \...
 
-  = render :partial => 'spree/admin/shared/alert', :collection => session[:alerts]
-
   %header#header{"data-hook" => ""}
     .container
       %figure.columns.five{"data-hook" => "logo-wrapper"}
diff --git a/app/views/spree/layouts/bare_admin.html.haml b/app/views/spree/layouts/bare_admin.html.haml
index 9bec54bedd..39e87961f4 100644
--- a/app/views/spree/layouts/bare_admin.html.haml
+++ b/app/views/spree/layouts/bare_admin.html.haml
@@ -14,7 +14,6 @@
           .progress-message
             = t(:loading)
             \...
-      = render :partial => 'spree/admin/shared/alert', :collection => session[:alerts]
 
       %header#header{"data-hook" => ""}
         .container
diff --git a/config/locales/en.yml b/config/locales/en.yml
index f1945520a0..da7dc56514 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2851,7 +2851,6 @@ See the %{link} to find out more about %{sitename}'s features and to start using
     allow_ssl_in_development_and_test: "Allow SSL to be used when in development and test modes"
     allow_ssl_in_production: "Allow SSL to be used in production mode"
     allow_ssl_in_staging: "Allow SSL to be used in staging mode"
-    check_for_spree_alerts: "Check for Spree alerts"
     currency_decimal_mark: "Currency decimal mark"
     currency_settings: "Currency Settings"
     currency_symbol_position: Put "currency symbol before or after dollar amount?"
diff --git a/config/routes/spree.rb b/config/routes/spree.rb
index 72d43d90ec..478b4f0509 100644
--- a/config/routes/spree.rb
+++ b/config/routes/spree.rb
@@ -84,11 +84,7 @@ Spree::Core::Engine.routes.prepend do
     end
 
     # Configuration section
-    resource :general_settings do
-      collection do
-        post :dismiss_alert
-      end
-    end
+    resource :general_settings
     resource :mail_method, :only => [:edit, :update] do
       post :testmail, :on => :collection
     end

From 042162eda8b03ac371ab83928b1406f4c6422193 Mon Sep 17 00:00:00 2001
From: luisramos0 <luisramos0@gmail.com>
Date: Tue, 3 Dec 2019 23:53:10 +0000
Subject: [PATCH 5/8] Delete unused method

---
 app/controllers/spree/admin/base_controller.rb | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb
index f8868ad945..4028cf76ec 100644
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -66,16 +66,6 @@ module Spree
         action
       end
 
-      # Need to generate an API key for a user due to some backend actions
-      # requiring authentication to the Spree API
-      def generate_admin_api_key
-        return unless user = try_spree_current_user
-
-        return if user.spree_api_key.present?
-
-        user.generate_spree_api_key!
-      end
-
       def flash_message_for(object, event_sym)
         resource_desc  = object.class.model_name.human
         resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?

From 07e231736998f0a639d6b00aab3a87fb66377a98 Mon Sep 17 00:00:00 2001
From: luisramos0 <luisramos0@gmail.com>
Date: Fri, 6 Dec 2019 14:28:03 +0000
Subject: [PATCH 6/8] Replace deprecated URI.unescape with CGI.unescape

---
 app/controllers/spree/admin/base_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb
index 4028cf76ec..09ea88e90a 100644
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -83,7 +83,7 @@ module Spree
         return unless protect_against_forgery?
 
         auth_token = params[request_forgery_protection_token]
-        return if auth_token && form_authenticity_token == URI.unescape(auth_token)
+        return if auth_token && form_authenticity_token == CGI.unescape(auth_token)
 
         raise(ActionController::InvalidAuthenticityToken)
       end

From 2793693a7cbc520915c86f0a0c1e30c6363722c6 Mon Sep 17 00:00:00 2001
From: luisramos0 <luisramos0@gmail.com>
Date: Fri, 6 Dec 2019 14:34:33 +0000
Subject: [PATCH 7/8] Improve if clause readability

---
 app/controllers/spree/admin/base_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb
index 09ea88e90a..0b32f94edc 100644
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -18,7 +18,7 @@ module Spree
       def warn_invalid_order_cycles
         distributors = active_distributors_not_ready_for_checkout
 
-        return unless distributors.any? && flash[:notice].nil?
+        return if distributors.empty? || flash[:notice].present?
 
         flash[:notice] = active_distributors_not_ready_for_checkout_message(distributors)
       end

From f587bbb7d518b41c140f455c0921a92880b3083d Mon Sep 17 00:00:00 2001
From: luisramos0 <luisramos0@gmail.com>
Date: Sat, 14 Dec 2019 21:38:30 +0000
Subject: [PATCH 8/8] Remove unnecessary helper

---
 app/controllers/spree/admin/base_controller.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb
index 0b32f94edc..c1c0179133 100644
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -4,7 +4,6 @@ module Spree
       ssl_required
 
       helper 'spree/admin/navigation'
-      helper 'spree/admin/tables'
       layout '/spree/layouts/admin'
 
       include I18nHelper