We are manually testing this while this is already covering the
connection of a Stripe account to an OFN instance. This makes it a bit
more comprehensive.
Every page load creates a cart order if none is present. So when a user
logs in, they always have an order stored in their session. And
therefore, we never got to recover an old order.
We could have fixed the code to restore old orders. But as far as I can
tell, order recovery hasn't been working for years and I couldn't find
any issue requesting this feature.
If we wanted to implement order recovery, it should probably be designed
more carefully and included in the `current_order` method.
We used to delete old cart orders so that they wouldn't re-appear after
a successful checkout of another order. Keeping them ensures that we
don't remove an order that is still used by another device. It also
makes sure that we keep references of failed payments.
When we imported and merged Spree's controller modules with our
decorators, Rails started using Spree's original code again.
This was first included in v3.2.0 and deployed on 28 July 2020.
In this particular case, the user confirmations controller is redirecting to the reset password page but it doesnt know what is the raw reset_password_token
So we regenerate the reset password token so that it can know what's the raw value for the redirect
The method User#regenerate_reset_password_token is a proxy to the protected method in Devise::Recoverable
The original payment may not be valid because its credit card may be
expired. Stripe gives this as a valid scenario returning a success and
we should do too.
When creating the credit payment we end up validating all sources in
a chain as follows.
```
Payment being persisted -> source payment -> original credit card.
```
The source payment was valid when created (It would not be persisted
otherwise) but its source card may now be expired, and that's legit.
There was also an issue with the `#invalidate_old_payments` callback. It
was causing the original payment to be validated again and thus the
credit payment failed to be persisted due to the original credit card
being expired. Switching this callback to use `#update_column` skips
validations and so we don't validate the source payment. We only care
about the state there, so it should be fine.
It adapts the method in ControllerHelpers::Auth to also use the after_login mechanism.
Ideally we would remove one of the two after_login mechanisms after_login and spree_user_return_to but they might still be in use.
