In https://github.com/openfoodfoundation/openfoodnetwork/pull/3435, it was switched to the system tmp dir because it conventiently provided a method to generate a unique filename. However it didn't handle the case where the system provided a symlink (macOS).
I could have fixed that, but surely it's safer to use the Rails tmp directory.
So I changed back to that, using a tip from https://stackoverflow.com/questions/13787746/creating-a-thread-safe-temporary-file-name to generate a unique name. Perhaps we could use a larger string (eg uuid) or append a timestamp too, but I don't know that it's necessary. Instead, we can just check that the dir didn't exist first (as mentioned in the PR). Let's do that..
Due to moving the supplier to the variant, we had to add manual search
for producer properties instead of using ransack. So we need a way
for the frontend to diferenciate between product properties and producer
properties. This is the first step towards that
Most of the time this doesn't get called because source_required: false.
But sometimes it [does happen](https://app.bugsnag.com/yaycode/openfoodnetwork-uk/errors/66329690f4b6380007e8a4f8)
I have a feeling that source_required? could be moved to the superclass as payment_source_class.present?. But I don't know enough about this area of the system to try it...
We can see on the respective controller spec, that having a Stripe SCA payment, with no source does not trigger the error 400, observed on the legacy checkout.
This avoids a locale setting leaking from one spec to another. It also
means that we don't have to reset the locale in individual specs.
Also:
- `cookies` is reset automatically and we don't need to do that.
- Removed some unused code (German number format and helper methods).
