In this particular case, the user confirmations controller is redirecting to the reset password page but it doesnt know what is the raw reset_password_token
So we regenerate the reset password token so that it can know what's the raw value for the redirect
The method User#regenerate_reset_password_token is a proxy to the protected method in Devise::Recoverable
Switching from `#invalidate` to `#update_column` skipped both
validations and callbacks and thus, `#ensure_correct_adjustments` was no
longer called for older payments.
The original payment may not be valid because its credit card may be
expired. Stripe gives this as a valid scenario returning a success and
we should do too.
When creating the credit payment we end up validating all sources in
a chain as follows.
```
Payment being persisted -> source payment -> original credit card.
```
The source payment was valid when created (It would not be persisted
otherwise) but its source card may now be expired, and that's legit.
There was also an issue with the `#invalidate_old_payments` callback. It
was causing the original payment to be validated again and thus the
credit payment failed to be persisted due to the original credit card
being expired. Switching this callback to use `#update_column` skips
validations and so we don't validate the source payment. We only care
about the state there, so it should be fine.
* master: (91 commits)
Bump ddtrace from 0.37.0 to 0.38.0
Add spec to cover SQL query issue with OCs where the only products from the coordinator inventory are renderer
Remove unnecessary order statement, the relation will only be used for counting products
Move select out of scope visible_for because it is breaking exchange_product queries and it's just not needed there. The only other use of this product's scope visible_for is the enterprise serializer so we add the select to it.
Make OC advanced settings work by permitting the extra parameter
Remove conflicting and duplicate route
Bump bugsnag from 6.13.1 to 6.14.0
Make charges update method update the first pending payment
Move require_login_then_redirect_to to the only place where it is called
Make broken spec fail reliably and set it pending
Updating translations for config/locales/en_GB.yml
Update all locales with the latest Transifex translations
Doc defensive coding needed by pin payments
Make method a little simple by extracting method
Simplify spec, the 2 minutes wait is not necessary anylonger
Make unauthorized in ControllerHelpers::Auth the same as in Spree::Admin::BaseController
Move unauthorized view to HomeController only, all other calls to unauthorized will go through Auth which will redirect to the home controller IF the user is logged in or to login if user is not logged in
Adapt specs to the move of unauthorized route from the spree routes to the main app routes
Delete spree_user_signup which is from spree promotions code that we dont use
Remove try_spree_current_user
...
