In this particular case, the user confirmations controller is redirecting to the reset password page but it doesnt know what is the raw reset_password_token
So we regenerate the reset password token so that it can know what's the raw value for the redirect
The method User#regenerate_reset_password_token is a proxy to the protected method in Devise::Recoverable
The original payment may not be valid because its credit card may be
expired. Stripe gives this as a valid scenario returning a success and
we should do too.
When creating the credit payment we end up validating all sources in
a chain as follows.
```
Payment being persisted -> source payment -> original credit card.
```
The source payment was valid when created (It would not be persisted
otherwise) but its source card may now be expired, and that's legit.
There was also an issue with the `#invalidate_old_payments` callback. It
was causing the original payment to be validated again and thus the
credit payment failed to be persisted due to the original credit card
being expired. Switching this callback to use `#update_column` skips
validations and so we don't validate the source payment. We only care
about the state there, so it should be fine.
Given the importance of this code, it doesn't bring me much confidence.
Apparently, this specs where using a non-existent state by mistake and
this went unnoticed because the payment creation was failing silently in
payment/processing.rb.
This unearthed the fact that our `#ensure_correct_adjustment` needs the
order to be persisted to succeed.
* master: (91 commits)
Bump ddtrace from 0.37.0 to 0.38.0
Add spec to cover SQL query issue with OCs where the only products from the coordinator inventory are renderer
Remove unnecessary order statement, the relation will only be used for counting products
Move select out of scope visible_for because it is breaking exchange_product queries and it's just not needed there. The only other use of this product's scope visible_for is the enterprise serializer so we add the select to it.
Make OC advanced settings work by permitting the extra parameter
Remove conflicting and duplicate route
Bump bugsnag from 6.13.1 to 6.14.0
Make charges update method update the first pending payment
Move require_login_then_redirect_to to the only place where it is called
Make broken spec fail reliably and set it pending
Updating translations for config/locales/en_GB.yml
Update all locales with the latest Transifex translations
Doc defensive coding needed by pin payments
Make method a little simple by extracting method
Simplify spec, the 2 minutes wait is not necessary anylonger
Make unauthorized in ControllerHelpers::Auth the same as in Spree::Admin::BaseController
Move unauthorized view to HomeController only, all other calls to unauthorized will go through Auth which will redirect to the home controller IF the user is logged in or to login if user is not logged in
Adapt specs to the move of unauthorized route from the spree routes to the main app routes
Delete spree_user_signup which is from spree promotions code that we dont use
Remove try_spree_current_user
...
This spec has been broken for a long time, at least eight months. But it
regularly passed because the search filter is applied with a delay and
in that time the content matches. And once the filter is applied, no
products are shown and the negative matchers pass.
It adapts the method in ControllerHelpers::Auth to also use the after_login mechanism.
Ideally we would remove one of the two after_login mechanisms after_login and spree_user_return_to but they might still be in use.
Spree replaced the Ruby code providing the credit card brand with a
jquery plugin providing it on the checkout screen.
I re-added Ruby code because it's easier and more robust than updating
the user interface with new Javascript.
The exact error is
```
ActiveRecord::RecordNotSaved:
You cannot call create unless the parent is saved
```
raised from app/models/spree/payment_decorator.rb:29:in `ensure_correct_adjustment'
