- Added redirect_auth_url column to spree_payments table
- Updated payment redirection logic to use redirect_auth_url instead of cvv_response_message
- Cleans up old monkeypatch usage and improves Stripe checkout reliability
There seemingly shouldn't be any case where this controller actually receives a token param. There's only one place that creates urls that direct to this controller (Stripe authorization emails), and they do not attach any kind of token to the URL.
If the user is not logged in here (or doesn't have an access_token in their session), they get asked to log in.
Note to future devs: see previous commit for additional context.
