raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-01 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
34,599 Commits 18 Branches 452 Tags
700be792e534d4ef8fe797a137c355ce3dac8a2a
Commit Graph

12597 Commits

Author SHA1 Message Date
Maikel
dcb48272f5 Merge pull request #13746 from rioug/security-255-code-injection 
[Security]  Fix potential code injection
 2025-11-24 12:01:44 +11:00
Gaetan Craig-Riou
74d2a94181 Add input validation to prevent code injection 
Plus spec
 2025-11-23 13:46:36 +11:00
Filipe
dddc945c42 Merge pull request #13679 from deivid-rodriguez/customer-edition 
Improve `/admin/customers` form handling
 2025-11-21 10:51:55 +00:00
Filipe
12c0363b7e Merge pull request #13716 from chahmedejaz/bugfix/13554-sorting-on-demand-products 
"On hand" value influences sorting of "on demand" products/variants
 2025-11-21 10:05:44 +00:00
Ahmed Ejaz
64df7cc9bc Refactor backorderable_name tests for clarity and consistency in product sorting 2025-11-20 06:06:56 +05:00
Ahmed Ejaz
b23fec268e fix lint issues 2025-11-20 05:08:07 +05:00
Ahmed Ejaz
7b7a7d3418 Add backorderable_name sorting and enhance combined sorting tests 2025-11-20 05:01:08 +05:00
Maikel
0aa4993a4d Merge pull request #13686 from mkllnk/litefarm-market-organic 
Allow Litefarm and Market.Organic to access DFC API
 2025-11-19 15:11:51 +11:00
Filipe
a1ee1eac4c Merge pull request #13680 from rioug/13674-enable-variant-tag-new-enterprise 
[Variant tags] Enable variant tag for enterprise created after 11th of August and super admins
 2025-11-17 23:05:11 +00:00
Maikel
e194ebf0f3 Merge pull request #13552 from openfoodfoundation/dependabot/npm_and_yarn/jest-30.2.0 
Bump jest from 27.5.1 to 30.2.0
 2025-11-17 15:21:57 +11:00
Ahmed Ejaz
c638e2e65e Update specs to prioritize name order in case of on-demand products 2025-11-16 17:02:47 +05:00
Filipe
d9e3076a3b Merge pull request #13654 from pacodelaluna/check-enterprise-image-logic 
Improve enterprise images-related logic
 2025-11-14 18:15:50 +00:00
Filipe
3e02a03312 Merge pull request #13650 from rioug/13539-update-variant-multi-producer 
Fix update multi producer products
 2025-11-14 16:56:16 +00:00
Maikel Linke
aaad1bc0b3 Accept short client ids in tokens 2025-11-14 10:00:16 +11:00
David Rodríguez
3d7207d8c5 Properly track changes in code attribute 
If the code was initially nil, some value is added, and then removed, we
would not detect that the code has not actually changed.
 2025-11-13 08:37:52 +01:00
David Rodríguez
4b31352e4f Wait for page before checking DB 2025-11-13 08:37:51 +01:00
David Rodríguez
278a8b1ec2 Let save-bar properly track form state 
* Keep save bar visible as long as there's a customer form displayed.
* Only display "You have unsaved changes" when there's any difference
  from the original values. If form changes are reverted, hide that
  note.
* Similarly, only let the button be enabled if there are any actual
  changes to be saved.
 2025-11-13 08:37:51 +01:00
Gaetan Craig-Riou
4e62e20fa8 Fix test to work with new jsdom restriction 
since jsdom 21, it's no longer possible to mock window.location
See : https://github.com/jsdom/jsdom/issues/3492
 2025-11-11 14:58:48 +11:00
David Cook
ad5a22a69b Merge pull request #13691 from rioug/fix-order-cycle-flaky-spec 
Fix flaky spec
 2025-11-11 13:47:41 +11:00
David Cook
72327a352e Merge pull request #13685 from deivid-rodriguez/no-raw-credit-card-data 
Change CreditCardRemover specs to not send raw credit card data
 2025-11-11 13:46:45 +11:00
Gaetan Craig-Riou
460d109bd2 Update product ability 
A user has product permission if it is a supplier of at least one of the
product's variants
 2025-11-11 11:35:19 +11:00
Maikel
b6e393eabb Merge pull request #13662 from filipefurtad0/spec_deprecation_nil_in_sum 
Catches exceptions on final_weight_volume inputs
 2025-11-10 15:25:49 +11:00
Gaetan Craig-Riou
6596afc562 Fix flaky spec, contain_exactly doesn't care about the order 2025-11-10 13:29:30 +11:00
Gaetan Craig-Riou
0745028c06 Fix checking if variant tag is enabled 
variant_tag feature check should happen per enterprise basis, but we
still want super admin to so see variant tag. To do so we check if the
user is amdin or if any of the current user enterprise has variant tag
enable.
 2025-11-10 11:14:56 +11:00
Rachel Arnould
94bda6d0f8 Merge pull request #13592 from rioug/13266-tag-variant-tag-rule 
[Variant tags] Add tag rules for variant
 2025-11-07 14:14:50 +01:00
David Rodríguez
915d03a66a Change CreditCardRemover specs to not send raw credit card data 
If I re-record cassettes for these specs using my test API key, I get
the following errors:

```
1) Stripe::CreditCardRemover#remove Stripe customer exists and is not deleted deletes the credit card clone and the customer
   Failure/Error:
     Stripe::PaymentMethod.create(
       {
         type: 'card',
         card: {
           number: '4242424242424242',
           exp_month: 8,
           exp_year: Time.zone.now.year.next,
           cvc: '314',
         },
       },

   Stripe::CardError:
     Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing. To enable testing raw card data APIs, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis.
   # ./spec/lib/stripe/credit_card_remover_spec.rb:16:in `block (3 levels) in <main>'
   # ./spec/lib/stripe/credit_card_remover_spec.rb:44:in `block (4 levels) in <main>'
   # ./spec/lib/stripe/credit_card_remover_spec.rb:56:in `block (4 levels) in <main>'
   # ./spec/base_spec_helper.rb:208:in `block (2 levels) in <main>'
   # ./spec/base_spec_helper.rb:155:in `block (3 levels) in <main>'
   # ./spec/base_spec_helper.rb:155:in `block (2 levels) in <main>'
   # -e:1:in `<main>'
```

Use test payment methods instead as suggested by the error.
 2025-11-06 18:30:45 +01:00
Filipe
1422b440e4 Merge pull request #13493 from dacook/bump-stripe-v13 
Bump stripe to v13
 2025-11-06 13:48:52 +00:00
Filipe
95ad87d840 Merge pull request #13666 from chahmedejaz/bugfix/13519-order-disappear-from-orders-page 
Order lines are deleted when one tries to capture a payment after order cycle is closed
 2025-11-06 13:07:36 +00:00
François Turbelin
e07ebc21b9 Use instance_double when possible in enterprise model spec 2025-11-05 16:31:20 +01:00
filipefurtad0
8e5404a268 Replaces negative assertion with a positive assertion 
Adds test case on white spece

Refactors to have tests as shared_examples
 2025-11-05 11:12:55 +00:00
filipefurtad0
04fc729a5a Changes tests not to trigger error 
after https://github.com/openfoodfoundation/openfoodnetwork/pull/13571 was merged
 2025-11-05 10:34:52 +00:00
filipefurtad0
8818a98230 Catches exceptions on final_weight_volume inputs 2025-11-05 10:34:52 +00:00
David Cook
8e5fac9fb3 Merge pull request #13632 from rioug/security-247-code-injection 
[security] Fix potential code injection
 2025-11-05 16:34:37 +11:00
Ahmed Ejaz
913dded766 Refactor order cycle handling to simplify closed cycle checks and improve redirection messaging 2025-11-05 02:50:01 +05:00
filipefurtad0
a36b7ce01a deletes all old VCR cassettes 2025-11-04 15:40:45 +00:00
David Cook
e4be336630 Bump Stripe to v13 2025-11-04 15:36:53 +00:00
David Cook
cae13df2c7 Bump Stripe to v12 
re-recording cassettes with script/test-stripe-live
 2025-11-04 15:32:05 +00:00
David Cook
81796db6e5 Fix date-dependent spec 2025-11-04 15:17:45 +00:00
Gaetan Craig-Riou
bb8ecccc31 Fix variant tag rules endpoint 
It now returns tag rules filtered on the preferred variant tags and not
the prefered customer tags
 2025-11-03 15:50:12 +11:00
Gaetan Craig-Riou
ffd5817749 Add spec for variant_tag_rules 2025-11-03 14:25:48 +11:00
Gaetan Craig-Riou
aebb18da99 Per review, improve specs 2025-11-03 14:25:48 +11:00
Gaetan Craig-Riou
307acdd9d1 Per review, fixing specs descriptions 2025-11-03 14:25:48 +11:00
Gaetan Craig-Riou
d51e257904 Fix order cycle tag rule specs 
It works better when you actually save the changes to the tag_list...
 2025-11-03 14:25:48 +11:00
Gaetan Craig-Riou
07a3e83dc6 Fix enterprise specs 
Plus small refactor
 2025-11-03 14:25:48 +11:00
Gaetan Craig-Riou
38f58b168a Fix tag rules spec 
Make sure the autocomplete dropdown list is hidden by default
 2025-11-03 14:25:48 +11:00
Gaetan Craig-Riou
34abca5ff1 Add missing js unit test got TagListInput component 2025-11-03 14:25:48 +11:00
Gaetan Craig-Riou
9bbe573335 Fix test to match the improved controller 2025-11-03 14:25:05 +11:00
Gaetan Craig-Riou
3bb9eb9765 Add endpoint to provide autocomplete tag for variant 
It return a list of available tags and number of related rules, based on
the given enterprise and a partial match on the given tag
 2025-11-03 14:25:05 +11:00
Gaetan Craig-Riou
c38c8bcff2 Pass the variant_tag_enbabled options to relevant services 
Plus add integration testing for variant tag rule filtering.
 2025-11-03 14:25:05 +11:00
Gaetan Craig-Riou
7633af8ff2 Call VariantTagRulesFilterer when variant_tag feature is enabled 
We only support either inventory or variant_tag feature, with the later
taking precedence if both are turned on.
 2025-11-03 14:25:05 +11:00