Merge pull request #6676 from openfoodfoundation/transifex

Transifex

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,44 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+# This section configures the trigger for the workflow. Feel free to customize depending on your convention
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

.haml-lint.yml

@@ -0,0 +1,70 @@
+# Whether to ignore frontmatter at the beginning of HAML documents for
+# frameworks such as Jekyll/Middleman
+skip_frontmatter: false
+
+linters:
+  AltText:
+    enabled: false
+
+  ClassAttributeWithStaticValue:
+    enabled: true
+
+  ClassesBeforeIds:
+    enabled: true
+
+  ConsecutiveComments:
+    enabled: true
+
+  ConsecutiveSilentScripts:
+    enabled: true
+    max_consecutive: 2
+
+  EmptyScript:
+    enabled: true
+
+  HtmlAttributes:
+    enabled: true
+
+  ImplicitDiv:
+    enabled: true
+
+  LeadingCommentSpace:
+    enabled: true
+
+  LineLength:
+    enabled: true
+    max: 80
+
+  MultilinePipe:
+    enabled: true
+
+  MultilineScript:
+    enabled: true
+
+  ObjectReferenceAttributes:
+    enabled: true
+
+  RuboCop:
+    enabled: false
+
+  RubyComments:
+    enabled: true
+
+  SpaceBeforeScript:
+    enabled: true
+
+  SpaceInsideHashAttributes:
+    enabled: true
+    style: no_space
+
+  TagName:
+    enabled: true
+
+  TrailingWhitespace:
+    enabled: true
+
+  UnnecessaryInterpolation:
+    enabled: true
+
+  UnnecessaryStringOutput:
+    enabled: true

.hound.yml

@@ -2,3 +2,5 @@ rubocop:
   config_file: .rubocop_styleguide.yml
 scss:
   config_file: .scss-lint.yml
+haml:
+  config_file: .haml-lint.yml

.rubocop_manual_todo.yml

@@ -66,8 +66,9 @@ Layout/LineLength:
   - app/models/spree/image.rb
   - app/models/spree/order.rb
   - app/models/spree/payment_method.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
   - app/models/spree/user.rb
+  - app/models/spree/variant.rb
   - app/models/subscription.rb
   - app/models/variant_override.rb
   - app/models/variant_override_set.rb
@@ -101,6 +102,7 @@ Layout/LineLength:
   - lib/open_food_network/scope_variants_for_search.rb
   - lib/open_food_network/xero_invoices_report.rb
   - lib/spree/localized_number.rb
+  - lib/stripe/credit_card_clone_finder.rb
   - lib/tasks/data.rake
   - lib/tasks/enterprises.rake
   - spec/controllers/admin/bulk_line_items_controller_spec.rb
@@ -336,6 +338,7 @@ Metrics/AbcSize:
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
   - app/controllers/admin/product_import_controller.rb
+  - app/controllers/admin/resource_controller.rb
   - app/controllers/admin/stripe_accounts_controller.rb
   - app/controllers/admin/subscription_line_items_controller.rb
   - app/controllers/admin/subscriptions_controller.rb
@@ -356,13 +359,13 @@ Metrics/AbcSize:
   - app/controllers/spree/admin/payments_controller.rb
   - app/controllers/spree/admin/products_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
   - app/controllers/spree/admin/search_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/admin/variants_controller.rb
   - app/controllers/spree/credit_cards_controller.rb
   - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/paypal_controller_decorator.rb
   - app/controllers/spree/user_passwords_controller.rb
   - app/controllers/spree/user_registrations_controller.rb
   - app/controllers/spree/users_controller.rb
@@ -399,11 +402,12 @@ Metrics/AbcSize:
   - app/models/spree/preference.rb
   - app/models/spree/preferences/preferable_class_methods.rb
   - app/models/spree/preferences/preferable.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
   - app/models/spree/return_authorization.rb
   - app/models/spree/shipment.rb
   - app/models/spree/taxon.rb
   - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
   - app/models/spree/zone.rb
   - app/serializers/api/product_serializer.rb
   - app/serializers/api/variant_serializer.rb
@@ -430,6 +434,7 @@ Metrics/AbcSize:
   - lib/open_food_network/order_cycle_form_applicator.rb
   - lib/open_food_network/order_cycle_management_report.rb
   - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/orders_and_fulfillments_report/supplier_totals_report.rb
   - lib/open_food_network/packing_report.rb
   - lib/open_food_network/payments_report.rb
   - lib/open_food_network/permissions.rb
@@ -530,7 +535,7 @@ Metrics/CyclomaticComplexity:
   - app/models/spree/preference.rb
   - app/models/spree/preferences/preferable.rb
   - app/models/spree/preferences/preferable_class_methods.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
   - app/models/spree/return_authorization.rb
   - app/models/spree/zone.rb
   - app/models/variant_override_set.rb
@@ -550,39 +555,6 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Max: 7
   Exclude:
-  - app/controllers/admin/enterprise_fees_controller.rb
-  - app/controllers/admin/enterprises_controller.rb
-  - app/controllers/spree/admin/taxons_controller.rb
-  - app/controllers/spree/orders_controller.rb
-  - app/helpers/checkout_helper.rb
-  - app/helpers/order_cycles_helper.rb
-  - app/helpers/spree/admin/base_helper.rb
-  - app/helpers/spree/admin/navigation_helper.rb
-  - app/models/enterprise.rb
-  - app/models/enterprise_relationship.rb
-  - app/models/spree/ability.rb
-  - app/models/spree/address.rb
-  - app/models/spree/order/checkout.rb
-  - app/models/spree/payment_method.rb
-  - app/models/spree/payment.rb
-  - app/models/spree/preferences/preferable.rb
-  - app/models/spree/preferences/preferable_class_methods.rb
-  - app/models/spree/product_decorator.rb
-  - app/models/spree/return_authorization.rb
-  - app/models/spree/zone.rb
-  - app/models/variant_override_set.rb
-  - app/services/cart_service.rb
-  - engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb
-  - engines/order_management/app/services/order_management/stock/estimator.rb
-  - lib/active_merchant/billing/gateways/stripe_payment_intents.rb
-  - lib/discourse/single_sign_on.rb
-  - lib/open_food_network/enterprise_issue_validator.rb
-  - lib/spree/core/calculated_adjustments.rb
-  - lib/spree/core/controller_helpers/order.rb
-  - lib/spree/core/controller_helpers/respond_with.rb
-  - lib/spree/core/controller_helpers/ssl.rb
-  - lib/spree/localized_number.rb
-  - spec/models/product_importer_spec.rb
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/api/variants_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
@@ -595,7 +567,10 @@ Metrics/PerceivedComplexity:
   - app/models/spree/address.rb
   - app/models/spree/order/checkout.rb
   - app/models/spree/order.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/preferences/preferable_class_methods.rb
+  - app/models/spree/preferences/preferable.rb
+  - app/models/spree/product.rb
+  - app/models/spree/return_authorization.rb
   - app/models/spree/zone.rb
   - engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb
   - engines/order_management/app/services/order_management/stock/estimator.rb
@@ -618,6 +593,7 @@ Metrics/MethodLength:
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/manager_invitations_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
+  - app/controllers/admin/resource_controller.rb
   - app/controllers/admin/stripe_accounts_controller.rb
   - app/controllers/admin/subscriptions_controller.rb
   - app/controllers/api/products_controller.rb
@@ -632,13 +608,13 @@ Metrics/MethodLength:
   - app/controllers/spree/admin/payments_controller.rb
   - app/controllers/spree/admin/products_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
   - app/controllers/spree/admin/tax_categories_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/admin/variants_controller.rb
   - app/controllers/spree/credit_cards_controller.rb
   - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/paypal_controller_decorator.rb
   - app/controllers/spree/user_sessions_controller.rb
   - app/controllers/stripe/callbacks_controller.rb
   - app/controllers/user_confirmations_controller.rb
@@ -670,11 +646,13 @@ Metrics/MethodLength:
   - app/models/spree/preferences/preferable_class_methods.rb
   - app/models/spree/preferences/preferable.rb
   - app/models/spree/preferences/store.rb
+  - app/models/spree/product.rb
   - app/models/spree/product_decorator.rb
   - app/models/spree/return_authorization.rb
   - app/models/spree/shipment.rb
   - app/models/spree/taxon.rb
   - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
   - app/models/spree/zone.rb
   - app/serializers/api/admin/order_cycle_serializer.rb
   - app/serializers/api/cached_enterprise_serializer.rb
@@ -719,6 +697,7 @@ Metrics/MethodLength:
   - lib/spree/core/s3_support.rb
   - lib/spree/localized_number.rb
   - lib/spree/responder.rb
+  - lib/stripe/credit_card_clone_finder.rb
   - lib/stripe/profile_storer.rb
   - lib/tasks/sample_data/group_factory.rb
   - lib/tasks/sample_data/order_factory.rb
@@ -732,6 +711,7 @@ Metrics/ClassLength:
   Exclude:
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
+  - app/controllers/admin/resource_controller.rb
   - app/controllers/admin/schedules_controller.rb
   - app/controllers/admin/subscriptions_controller.rb
   - app/controllers/api/products_controller.rb
@@ -741,7 +721,6 @@ Metrics/ClassLength:
   - app/controllers/spree/admin/payment_methods_controller.rb
   - app/controllers/spree/admin/products_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/orders_controller.rb
   - app/models/enterprise.rb
@@ -752,11 +731,14 @@ Metrics/ClassLength:
   - app/models/spree/ability.rb
   - app/models/spree/address.rb
   - app/models/spree/credit_card.rb
+  - app/models/spree/gateway/stripe_sca.rb
   - app/models/spree/line_item.rb
   - app/models/spree/order.rb
   - app/models/spree/payment.rb
+  - app/models/spree/product.rb
   - app/models/spree/shipment.rb
   - app/models/spree/user.rb
+  - app/models/spree/variant.rb
   - app/models/spree/zone.rb
   - app/serializers/api/cached_enterprise_serializer.rb
   - app/serializers/api/enterprise_shopfront_serializer.rb

.rubocop_styleguide.yml

@@ -46,6 +46,9 @@ Lint/RaiseException:
 Lint/StructNewOverride:
   Enabled: true
 
+Bundler/DuplicatedGem:
+  Enabled: false
+
 ## TEMPORARY/CONTESTED SETTINGS
 #
 # These are still to be decided upon, but recommended for inclusion by

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 1400`
-# on 2020-10-30 17:18:53 +0000 using RuboCop version 0.81.0.
+# on 2020-12-23 22:07:55 +0000 using RuboCop version 0.81.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -11,28 +11,19 @@ Lint/DuplicateMethods:
   Exclude:
     - 'lib/discourse/single_sign_on.rb'
 
-# Offense count: 8
+# Offense count: 5
 Lint/IneffectiveAccessModifier:
   Exclude:
     - 'app/models/column_preference.rb'
     - 'app/models/spree/user.rb'
     - 'app/services/mail_configuration.rb'
-    - 'lib/open_food_network/feature_toggle.rb'
 
-# Offense count: 3
+# Offense count: 2
 # Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
 Lint/UselessAccessModifier:
   Exclude:
     - 'app/models/column_preference.rb'
     - 'app/services/mail_configuration.rb'
-    - 'lib/open_food_network/feature_toggle.rb'
-
-# Offense count: 2
-Lint/UselessAssignment:
-  Exclude:
-    - 'spec/**/*'
-    - 'app/models/spree/taxon.rb'
-    - 'lib/spree/core/controller_helpers/common.rb'
 
 # Offense count: 10
 Naming/AccessorMethodName:
@@ -60,7 +51,7 @@ Naming/MemoizedInstanceVariableName:
     - 'app/mailers/producer_mailer.rb'
     - 'lib/open_food_network/address_finder.rb'
 
-# Offense count: 24
+# Offense count: 25
 # Configuration parameters: NamePrefix, ForbiddenPrefixes, AllowedMethods, MethodDefinitionMacros.
 # NamePrefix: is_, has_, have_
 # ForbiddenPrefixes: is_, has_, have_
@@ -72,6 +63,7 @@ Naming/PredicateName:
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_relationship.rb'
     - 'app/models/order_cycle.rb'
+    - 'app/models/spree/ability.rb'
     - 'app/models/spree/adjustment.rb'
     - 'app/models/spree/credit_card.rb'
     - 'app/models/spree/line_item.rb'
@@ -94,12 +86,13 @@ Naming/VariableNumber:
   Exclude:
     - 'spec/factories/stock_location_factory.rb'
 
-# Offense count: 7
+# Offense count: 8
 # Cop supports --auto-correct.
 Rails/ActiveRecordAliases:
   Exclude:
     - 'spec/controllers/line_items_controller_spec.rb'
     - 'spec/controllers/spree/orders_controller_spec.rb'
+    - 'spec/features/admin/subscriptions_spec.rb'
     - 'spec/features/consumer/shopping/orders_spec.rb'
     - 'spec/requests/api/orders_spec.rb'
 
@@ -125,7 +118,7 @@ Rails/Delegate:
     - 'app/models/spree/line_item.rb'
     - 'engines/order_management/app/services/order_management/reports/bulk_coop/renderers/html_renderer.rb'
 
-# Offense count: 16
+# Offense count: 15
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: slashes, arguments
 Rails/FilePath:
@@ -139,7 +132,6 @@ Rails/FilePath:
     - 'spec/factories/product_factory.rb'
     - 'spec/features/admin/enterprises/images_spec.rb'
     - 'spec/models/content_configuration_spec.rb'
-    - 'spec/models/spree/variant_spec.rb'
     - 'spec/serializers/api/admin/enterprise_serializer_spec.rb'
     - 'spec/support/downloads_helper.rb'
 
@@ -163,7 +155,7 @@ Rails/FindEach:
   Exclude:
     - 'app/models/spree/shipment.rb'
 
-# Offense count: 9
+# Offense count: 11
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
@@ -172,12 +164,14 @@ Rails/HasAndBelongsToMany:
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_group.rb'
     - 'app/models/spree/line_item.rb'
+    - 'app/models/spree/option_value.rb'
     - 'app/models/spree/role.rb'
     - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/user.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/spree/zone.rb'
 
-# Offense count: 38
+# Offense count: 41
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
@@ -197,7 +191,7 @@ Rails/HasManyOrHasOneDependent:
     - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/taxonomy.rb'
     - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant_decorator.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/subscription.rb'
 
 # Offense count: 84
@@ -272,15 +266,16 @@ Rails/ReflectionClassName:
     - 'app/models/spree/order.rb'
     - 'app/models/subscription.rb'
 
-# Offense count: 247
+# Offense count: 252
 # Configuration parameters: Blacklist, Whitelist.
 # Blacklist: decrement!, decrement_counter, increment!, increment_counter, toggle!, touch, update_all, update_attribute, update_column, update_columns, update_counters
 Rails/SkipsModelValidations:
   Exclude:
+    - 'app/controllers/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/payment_methods_controller.rb'
-    - 'app/controllers/spree/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/shipping_methods_controller.rb'
     - 'app/controllers/spree/admin/taxons_controller.rb'
+    - 'app/controllers/spree/credit_cards_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/jobs/subscription_confirm_job.rb'
     - 'app/jobs/subscription_placement_job.rb'
@@ -294,10 +289,12 @@ Rails/SkipsModelValidations:
     - 'app/models/spree/inventory_unit.rb'
     - 'app/models/spree/order.rb'
     - 'app/models/spree/payment.rb'
+    - 'app/models/spree/product.rb'
     - 'app/models/spree/shipment.rb'
     - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/tax_category.rb'
     - 'app/models/spree/taxonomy.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/spree/zone.rb'
     - 'app/models/subscription.rb'
     - 'app/models/variant_override.rb'
@@ -440,14 +437,12 @@ Style/FormatStringToken:
     - 'lib/open_food_network/sales_tax_report.rb'
     - 'spec/features/admin/bulk_order_management_spec.rb'
 
-# Offense count: 765
+# Offense count: 365
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
   Exclude:
-    - 'Gemfile'
-    - 'Rakefile'
     - 'app/controllers/admin/bulk_line_items_controller.rb'
     - 'app/controllers/admin/column_preferences_controller.rb'
     - 'app/controllers/admin/contents_controller.rb'
@@ -488,7 +483,6 @@ Style/FrozenStringLiteralComment:
     - 'app/controllers/api/taxonomies_controller.rb'
     - 'app/controllers/api/taxons_controller.rb'
     - 'app/controllers/api/variants_controller.rb'
-    - 'app/controllers/application_controller.rb'
     - 'app/controllers/base_controller.rb'
     - 'app/controllers/cart_controller.rb'
     - 'app/controllers/discourse_sso_controller.rb'
@@ -518,7 +512,6 @@ Style/FrozenStringLiteralComment:
     - 'app/controllers/spree/admin/products_controller.rb'
     - 'app/controllers/spree/admin/properties_controller.rb'
     - 'app/controllers/spree/admin/reports_controller.rb'
-    - 'app/controllers/spree/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/return_authorizations_controller.rb'
     - 'app/controllers/spree/admin/search_controller.rb'
     - 'app/controllers/spree/admin/shipping_categories_controller.rb'
@@ -553,7 +546,6 @@ Style/FrozenStringLiteralComment:
     - 'app/helpers/enterprises_helper.rb'
     - 'app/helpers/footer_links_helper.rb'
     - 'app/helpers/groups_helper.rb'
-    - 'app/helpers/html_helper.rb'
     - 'app/helpers/i18n_helper.rb'
     - 'app/helpers/injection_helper.rb'
     - 'app/helpers/map_helper.rb'
@@ -572,14 +564,10 @@ Style/FrozenStringLiteralComment:
     - 'app/helpers/spree/orders_helper.rb'
     - 'app/helpers/spree/reports_helper.rb'
     - 'app/helpers/spree_currency_helper.rb'
-    - 'app/jobs/confirm_order_job.rb'
-    - 'app/jobs/confirm_signup_job.rb'
     - 'app/jobs/heartbeat_job.rb'
     - 'app/jobs/manager_invitation_job.rb'
-    - 'app/jobs/order_cycle_notification_job.rb'
     - 'app/jobs/subscription_confirm_job.rb'
     - 'app/jobs/subscription_placement_job.rb'
-    - 'app/jobs/welcome_enterprise_job.rb'
     - 'app/mailers/enterprise_mailer.rb'
     - 'app/mailers/spree/user_mailer.rb'
     - 'app/mailers/subscription_mailer.rb'
@@ -601,7 +589,6 @@ Style/FrozenStringLiteralComment:
     - 'app/models/distributor_shipping_method.rb'
     - 'app/models/enterprise_fee.rb'
     - 'app/models/enterprise_fee_set.rb'
-    - 'app/models/enterprise_group.rb'
     - 'app/models/enterprise_relationship_permission.rb'
     - 'app/models/enterprise_role.rb'
     - 'app/models/enterprise_set.rb'
@@ -635,16 +622,10 @@ Style/FrozenStringLiteralComment:
     - 'app/models/spree/gateway/migs.rb'
     - 'app/models/spree/gateway/pin.rb'
     - 'app/models/spree/gateway/stripe_connect.rb'
-    - 'app/models/spree/option_type_decorator.rb'
     - 'app/models/spree/preferences/file_configuration.rb'
-    - 'app/models/spree/price_decorator.rb'
-    - 'app/models/spree/product_decorator.rb'
-    - 'app/models/spree/product_option_type_decorator.rb'
-    - 'app/models/spree/product_property_decorator.rb'
     - 'app/models/spree/product_set.rb'
     - 'app/models/spree/property.rb'
     - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant_decorator.rb'
     - 'app/models/stripe_account.rb'
     - 'app/models/subscription.rb'
     - 'app/models/subscription_line_item.rb'
@@ -725,7 +706,6 @@ Style/FrozenStringLiteralComment:
     - 'app/validators/date_time_string_validator.rb'
     - 'app/validators/distributors_validator.rb'
     - 'app/validators/integer_array_validator.rb'
-    - 'config.ru'
     - 'engines/order_management/app/controllers/order_management/application_controller.rb'
     - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/authorizer.rb'
     - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/data_representations/coordinator_fee.rb'
@@ -750,29 +730,11 @@ Style/FrozenStringLiteralComment:
     - 'engines/order_management/app/services/reports/permissions.rb'
     - 'engines/order_management/app/services/reports/renderers/base.rb'
     - 'engines/order_management/app/services/reports/report_data/base.rb'
-    - 'engines/order_management/config/routes.rb'
-    - 'engines/order_management/lib/order_management.rb'
-    - 'engines/order_management/lib/order_management/engine.rb'
-    - 'engines/order_management/lib/order_management/version.rb'
-    - 'engines/order_management/order_management.gemspec'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/authorizer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/parameters_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/permissions_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/renderers/csv_renderer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/renderers/html_renderer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/report_data/enterprise_fee_type_total_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/report_service_spec.rb'
     - 'engines/web/app/controllers/web/angular_templates_controller.rb'
     - 'engines/web/app/controllers/web/api/cookies_consent_controller.rb'
     - 'engines/web/app/controllers/web/application_controller.rb'
     - 'engines/web/app/helpers/web/cookies_policy_helper.rb'
-    - 'engines/web/config/routes.rb'
-    - 'engines/web/lib/web.rb'
     - 'engines/web/lib/web/cookies_consent.rb'
-    - 'engines/web/lib/web/engine.rb'
-    - 'engines/web/lib/web/version.rb'
-    - 'engines/web/spec/helpers/cookies_policy_helper_spec.rb'
-    - 'engines/web/web.gemspec'
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/address_finder.rb'
     - 'lib/open_food_network/available_payment_method_filter.rb'
@@ -787,7 +749,6 @@ Style/FrozenStringLiteralComment:
     - 'lib/open_food_network/group_buy_report.rb'
     - 'lib/open_food_network/i18n_config.rb'
     - 'lib/open_food_network/lettuce_share_report.rb'
-    - 'lib/open_food_network/locking.rb'
     - 'lib/open_food_network/order_and_distributor_report.rb'
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
     - 'lib/open_food_network/order_cycle_management_report.rb'
@@ -802,7 +763,6 @@ Style/FrozenStringLiteralComment:
     - 'lib/open_food_network/packing_report.rb'
     - 'lib/open_food_network/paperclippable.rb'
     - 'lib/open_food_network/payments_report.rb'
-    - 'lib/open_food_network/permalink_generator.rb'
     - 'lib/open_food_network/permissions.rb'
     - 'lib/open_food_network/products_and_inventory_report.rb'
     - 'lib/open_food_network/products_and_inventory_report_base.rb'
@@ -822,7 +782,6 @@ Style/FrozenStringLiteralComment:
     - 'lib/open_food_network/xero_invoices_report.rb'
     - 'lib/spree/api/controller_setup.rb'
     - 'lib/spree/authentication_helpers.rb'
-    - 'lib/spree/localized_number.rb'
     - 'lib/spree/money_decorator.rb'
     - 'lib/stripe/account_connector.rb'
     - 'lib/stripe/profile_storer.rb'
@@ -849,370 +808,8 @@ Style/FrozenStringLiteralComment:
     - 'lib/tasks/sample_data/user_factory.rb'
     - 'lib/tasks/specs.rake'
     - 'lib/tasks/users.rake'
-    - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/column_preferences_controller_spec.rb'
-    - 'spec/controllers/admin/customers_controller_spec.rb'
-    - 'spec/controllers/admin/enterprises_controller_spec.rb'
-    - 'spec/controllers/admin/inventory_items_controller_spec.rb'
-    - 'spec/controllers/admin/manager_invitations_controller_spec.rb'
-    - 'spec/controllers/admin/order_cycles_controller_spec.rb'
-    - 'spec/controllers/admin/proxy_orders_controller_spec.rb'
-    - 'spec/controllers/admin/schedules_controller_spec.rb'
-    - 'spec/controllers/admin/stripe_accounts_controller_spec.rb'
-    - 'spec/controllers/admin/stripe_connect_settings_controller_spec.rb'
-    - 'spec/controllers/admin/subscription_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
-    - 'spec/controllers/admin/tag_rules_controller_spec.rb'
-    - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
-    - 'spec/controllers/api/base_controller_spec.rb'
-    - 'spec/controllers/api/customers_controller_spec.rb'
-    - 'spec/controllers/api/enterprise_fees_controller_spec.rb'
-    - 'spec/controllers/api/enterprises_controller_spec.rb'
-    - 'spec/controllers/api/logos_controller_spec.rb'
-    - 'spec/controllers/api/order_cycles_controller_spec.rb'
-    - 'spec/controllers/api/orders_controller_spec.rb'
-    - 'spec/controllers/api/product_images_controller_spec.rb'
-    - 'spec/controllers/api/products_controller_spec.rb'
-    - 'spec/controllers/api/promo_images_controller_spec.rb'
-    - 'spec/controllers/api/shipments_controller_spec.rb'
-    - 'spec/controllers/api/statuses_controller_spec.rb'
-    - 'spec/controllers/api/taxonomies_controller_spec.rb'
-    - 'spec/controllers/api/taxons_controller_spec.rb'
-    - 'spec/controllers/api/terms_and_conditions_controller_spec.rb'
-    - 'spec/controllers/api/variants_controller_spec.rb'
-    - 'spec/controllers/base_controller_spec.rb'
-    - 'spec/controllers/cart_controller_spec.rb'
-    - 'spec/controllers/checkout_controller_spec.rb'
-    - 'spec/controllers/enterprises_controller_spec.rb'
-    - 'spec/controllers/groups_controller_spec.rb'
-    - 'spec/controllers/line_items_controller_spec.rb'
-    - 'spec/controllers/registration_controller_spec.rb'
-    - 'spec/controllers/shop_controller_spec.rb'
-    - 'spec/controllers/shops_controller_spec.rb'
-    - 'spec/controllers/spree/admin/adjustments_controller_spec.rb'
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
-    - 'spec/controllers/spree/admin/general_settings_controller_spec.rb'
-    - 'spec/controllers/spree/admin/invoices_controller_spec.rb'
-    - 'spec/controllers/spree/admin/mail_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/orders/customer_details_controller_spec.rb'
-    - 'spec/controllers/spree/admin/orders_controller_spec.rb'
-    - 'spec/controllers/spree/admin/overview_controller_spec.rb'
-    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/products_controller_spec.rb'
-    - 'spec/controllers/spree/admin/reports_controller_spec.rb'
-    - 'spec/controllers/spree/admin/search_controller_spec.rb'
-    - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/users_controller_spec.rb'
-    - 'spec/controllers/spree/admin/variants_controller_spec.rb'
-    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
-    - 'spec/controllers/spree/orders_controller_spec.rb'
-    - 'spec/controllers/spree/user_sessions_controller_spec.rb'
-    - 'spec/controllers/spree/users_controller_spec.rb'
-    - 'spec/controllers/stripe/callbacks_controller_spec.rb'
-    - 'spec/controllers/stripe/webhooks_controller_spec.rb'
-    - 'spec/controllers/user_confirmations_controller_spec.rb'
-    - 'spec/controllers/user_passwords_controller_spec.rb'
-    - 'spec/controllers/user_registrations_controller_spec.rb'
-    - 'spec/factories.rb'
-    - 'spec/factories/address_factory.rb'
-    - 'spec/factories/calculated_adjustment_factory.rb'
-    - 'spec/factories/calculator_factory.rb'
-    - 'spec/factories/enterprise_factory.rb'
-    - 'spec/factories/order_cycle_factory.rb'
-    - 'spec/factories/order_factory.rb'
-    - 'spec/factories/product_factory.rb'
-    - 'spec/factories/return_authorization_factory.rb'
-    - 'spec/factories/shipment_factory.rb'
-    - 'spec/factories/shipping_method_factory.rb'
-    - 'spec/factories/state_factory.rb'
-    - 'spec/factories/stock_movement_factory.rb'
-    - 'spec/factories/subscription_factory.rb'
-    - 'spec/factories/tag_rule_factory.rb'
-    - 'spec/factories/user_factory.rb'
-    - 'spec/factories/variant_factory.rb'
-    - 'spec/features/admin/adjustments_spec.rb'
-    - 'spec/features/admin/authentication_spec.rb'
-    - 'spec/features/admin/bulk_order_management_spec.rb'
-    - 'spec/features/admin/bulk_product_update_spec.rb'
-    - 'spec/features/admin/configuration/content_spec.rb'
-    - 'spec/features/admin/configuration/general_settings_spec.rb'
-    - 'spec/features/admin/configuration/mail_methods_spec.rb'
-    - 'spec/features/admin/configuration/states_spec.rb'
-    - 'spec/features/admin/configuration/tax_categories_spec.rb'
-    - 'spec/features/admin/configuration/tax_rates_spec.rb'
-    - 'spec/features/admin/configuration/taxonomies_spec.rb'
-    - 'spec/features/admin/configuration/zones_spec.rb'
-    - 'spec/features/admin/customers_spec.rb'
-    - 'spec/features/admin/enterprise_fees_spec.rb'
-    - 'spec/features/admin/enterprise_groups_spec.rb'
-    - 'spec/features/admin/enterprise_relationships_spec.rb'
-    - 'spec/features/admin/enterprise_roles_spec.rb'
-    - 'spec/features/admin/enterprise_user_spec.rb'
-    - 'spec/features/admin/enterprises/index_spec.rb'
-    - 'spec/features/admin/enterprises_spec.rb'
-    - 'spec/features/admin/external_services_spec.rb'
-    - 'spec/features/admin/multilingual_spec.rb'
-    - 'spec/features/admin/overview_spec.rb'
-    - 'spec/features/admin/payment_method_spec.rb'
-    - 'spec/features/admin/payments_spec.rb'
-    - 'spec/features/admin/product_import_spec.rb'
-    - 'spec/features/admin/products_spec.rb'
-    - 'spec/features/admin/reports/packing_report_spec.rb'
-    - 'spec/features/admin/reports_spec.rb'
-    - 'spec/features/admin/schedules_spec.rb'
-    - 'spec/features/admin/shipping_methods_spec.rb'
-    - 'spec/features/admin/subscriptions_spec.rb'
-    - 'spec/features/admin/tag_rules_spec.rb'
-    - 'spec/features/admin/tax_settings_spec.rb'
-    - 'spec/features/admin/users_spec.rb'
-    - 'spec/features/admin/variant_overrides_spec.rb'
-    - 'spec/features/admin/variants_spec.rb'
-    - 'spec/features/consumer/account/cards_spec.rb'
-    - 'spec/features/consumer/account/settings_spec.rb'
-    - 'spec/features/consumer/account_spec.rb'
-    - 'spec/features/consumer/authentication_spec.rb'
-    - 'spec/features/consumer/confirm_invitation_spec.rb'
-    - 'spec/features/consumer/footer_links_spec.rb'
-    - 'spec/features/consumer/groups_spec.rb'
-    - 'spec/features/consumer/multilingual_spec.rb'
-    - 'spec/features/consumer/producers_spec.rb'
-    - 'spec/features/consumer/registration_spec.rb'
-    - 'spec/features/consumer/shopping/cart_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_auth_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_paypal_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_spec.rb'
-    - 'spec/features/consumer/shopping/embedded_groups_spec.rb'
-    - 'spec/features/consumer/shopping/embedded_shopfronts_spec.rb'
-    - 'spec/features/consumer/shopping/orders_spec.rb'
-    - 'spec/features/consumer/shopping/products_spec.rb'
-    - 'spec/features/consumer/shopping/shopping_spec.rb'
-    - 'spec/features/consumer/shopping/variant_overrides_spec.rb'
-    - 'spec/features/consumer/shops_spec.rb'
-    - 'spec/features/consumer/sitemap_spec.rb'
-    - 'spec/helpers/admin/orders_helper_spec.rb'
-    - 'spec/helpers/admin/subscriptions_helper_spec.rb'
-    - 'spec/helpers/checkout_helper_spec.rb'
-    - 'spec/helpers/enterprises_helper_spec.rb'
-    - 'spec/helpers/groups_helper_spec.rb'
-    - 'spec/helpers/html_helper_spec.rb'
-    - 'spec/helpers/i18n_helper_spec.rb'
-    - 'spec/helpers/injection_helper_spec.rb'
-    - 'spec/helpers/navigation_helper_spec.rb'
-    - 'spec/helpers/order_cycles_helper_spec.rb'
-    - 'spec/helpers/serializer_helper_spec.rb'
-    - 'spec/helpers/shared_helper_spec.rb'
-    - 'spec/helpers/shop_helper_spec.rb'
-    - 'spec/helpers/spree/admin/base_helper_spec.rb'
-    - 'spec/helpers/spree/admin/orders_helper_spec.rb'
-    - 'spec/helpers/spree/orders_helper_spec.rb'
-    - 'spec/jobs/confirm_order_job_spec.rb'
-    - 'spec/jobs/confirm_signup_job_spec.rb'
-    - 'spec/jobs/heartbeat_job_spec.rb'
-    - 'spec/jobs/order_cycle_notification_job_spec.rb'
-    - 'spec/jobs/subscription_confirm_job_spec.rb'
-    - 'spec/jobs/subscription_placement_job_spec.rb'
-    - 'spec/jobs/welcome_enterprise_job_spec.rb'
-    - 'spec/lib/open_food_network/address_finder_spec.rb'
-    - 'spec/lib/open_food_network/customers_report_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_applicator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_issue_validator_spec.rb'
-    - 'spec/lib/open_food_network/error_logger_spec.rb'
-    - 'spec/lib/open_food_network/feature_toggle_spec.rb'
-    - 'spec/lib/open_food_network/group_buy_report_spec.rb'
-    - 'spec/lib/open_food_network/i18n_config_spec.rb'
-    - 'spec/lib/open_food_network/lettuce_share_report_spec.rb'
-    - 'spec/lib/open_food_network/order_and_distributor_report_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_management_report_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_permissions_spec.rb'
-    - 'spec/lib/open_food_network/order_grouper_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/customer_totals_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/distributor_totals_by_supplier_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/supplier_totals_by_distributor_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/supplier_totals_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report_spec.rb'
-    - 'spec/lib/open_food_network/packing_report_spec.rb'
-    - 'spec/lib/open_food_network/permissions_spec.rb'
-    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
-    - 'spec/lib/open_food_network/property_merge_spec.rb'
-    - 'spec/lib/open_food_network/referer_parser_spec.rb'
-    - 'spec/lib/open_food_network/sales_tax_report_spec.rb'
-    - 'spec/lib/open_food_network/scope_variant_to_hub_spec.rb'
-    - 'spec/lib/open_food_network/scope_variants_to_search_spec.rb'
-    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
-    - 'spec/lib/open_food_network/user_balance_calculator_spec.rb'
-    - 'spec/lib/open_food_network/users_and_enterprises_report_spec.rb'
-    - 'spec/lib/open_food_network/xero_invoices_report_spec.rb'
-    - 'spec/lib/spree/localized_number_spec.rb'
-    - 'spec/lib/stripe/account_connector_spec.rb'
-    - 'spec/lib/stripe/webhook_handler_spec.rb'
-    - 'spec/lib/tasks/enterprises_rake_spec.rb'
-    - 'spec/lib/tasks/users_rake_spec.rb'
-    - 'spec/mailers/enterprise_mailer_spec.rb'
-    - 'spec/mailers/producer_mailer_spec.rb'
-    - 'spec/mailers/subscription_mailer_spec.rb'
-    - 'spec/mailers/user_mailer_spec.rb'
-    - 'spec/models/adjustment_metadata_spec.rb'
-    - 'spec/models/calculator/flat_percent_item_total_spec.rb'
-    - 'spec/models/calculator/flat_percent_per_item_spec.rb'
-    - 'spec/models/calculator/flat_rate_spec.rb'
-    - 'spec/models/calculator/flexi_rate_spec.rb'
-    - 'spec/models/calculator/per_item_spec.rb'
-    - 'spec/models/calculator/price_sack_spec.rb'
-    - 'spec/models/calculator/weight_spec.rb'
-    - 'spec/models/column_preference_spec.rb'
-    - 'spec/models/concerns/order_shipment_spec.rb'
-    - 'spec/models/concerns/product_stock_spec.rb'
-    - 'spec/models/concerns/variant_stock_spec.rb'
-    - 'spec/models/content_configuration_spec.rb'
-    - 'spec/models/customer_spec.rb'
-    - 'spec/models/enterprise_caching_spec.rb'
-    - 'spec/models/enterprise_fee_spec.rb'
-    - 'spec/models/enterprise_group_spec.rb'
-    - 'spec/models/enterprise_relationship_spec.rb'
-    - 'spec/models/enterprise_spec.rb'
-    - 'spec/models/exchange_spec.rb'
-    - 'spec/models/model_set_spec.rb'
-    - 'spec/models/order_cycle_spec.rb'
-    - 'spec/models/product_import/entry_processor_spec.rb'
-    - 'spec/models/product_import/inventory_reset_strategy_spec.rb'
-    - 'spec/models/product_import/reset_absent_spec.rb'
-    - 'spec/models/product_import/settings_spec.rb'
-    - 'spec/models/product_importer_spec.rb'
-    - 'spec/models/proxy_order_spec.rb'
-    - 'spec/models/spree/ability_spec.rb'
-    - 'spec/models/spree/addresses_spec.rb'
-    - 'spec/models/spree/adjustment_spec.rb'
-    - 'spec/models/spree/calculator_spec.rb'
-    - 'spec/models/spree/classification_spec.rb'
-    - 'spec/models/spree/credit_card_spec.rb'
-    - 'spec/models/spree/gateway/stripe_connect_spec.rb'
-    - 'spec/models/spree/line_item_spec.rb'
-    - 'spec/models/spree/order/checkout_spec.rb'
-    - 'spec/models/spree/order_spec.rb'
-    - 'spec/models/spree/payment_method_spec.rb'
-    - 'spec/models/spree/payment_spec.rb'
-    - 'spec/models/spree/preferences/file_configuration_spec.rb'
-    - 'spec/models/spree/price_spec.rb'
-    - 'spec/models/spree/product_set_spec.rb'
-    - 'spec/models/spree/product_spec.rb'
-    - 'spec/models/spree/shipping_method_spec.rb'
-    - 'spec/models/spree/stock/availability_validator_spec.rb'
-    - 'spec/models/spree/tax_rate_spec.rb'
-    - 'spec/models/spree/user_spec.rb'
-    - 'spec/models/spree/variant_spec.rb'
-    - 'spec/models/stripe_account_spec.rb'
-    - 'spec/models/subscription_line_item_spec.rb'
-    - 'spec/models/subscription_spec.rb'
-    - 'spec/models/tag_rule/discount_order_spec.rb'
-    - 'spec/models/tag_rule/filter_order_cycles_spec.rb'
-    - 'spec/models/tag_rule/filter_payment_methods_spec.rb'
-    - 'spec/models/tag_rule/filter_products_spec.rb'
-    - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
-    - 'spec/models/tag_rule_spec.rb'
-    - 'spec/models/variant_override_spec.rb'
-    - 'spec/performance/injection_helper_spec.rb'
-    - 'spec/performance/orders_controller_spec.rb'
-    - 'spec/performance/shop_controller_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
-    - 'spec/requests/checkout/paypal_spec.rb'
-    - 'spec/requests/checkout/stripe_connect_spec.rb'
-    - 'spec/requests/embedded_shopfronts_headers_spec.rb'
-    - 'spec/requests/large_request_spec.rb'
-    - 'spec/serializers/api/admin/customer_serializer_spec.rb'
-    - 'spec/serializers/api/admin/enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/admin/exchange_serializer_spec.rb'
-    - 'spec/serializers/api/admin/for_order_cycle/supplied_product_serializer_spec.rb'
-    - 'spec/serializers/api/admin/index_enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/admin/order_cycle_serializer_spec.rb'
-    - 'spec/serializers/api/admin/product_serializer_spec.rb'
-    - 'spec/serializers/api/admin/subscription_customer_serializer_spec.rb'
-    - 'spec/serializers/api/admin/subscription_line_item_serializer_spec.rb'
-    - 'spec/serializers/api/admin/variant_override_serializer_spec.rb'
-    - 'spec/serializers/api/admin/variant_serializer_spec.rb'
-    - 'spec/serializers/api/cached_enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/credit_card_serializer_spec.rb'
-    - 'spec/serializers/api/current_order_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_shopfront_list_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_shopfront_serializer_spec.rb'
-    - 'spec/serializers/api/group_list_serializer_spec.rb'
-    - 'spec/serializers/api/order_cycle_serializer_spec.rb'
-    - 'spec/serializers/api/order_serializer_spec.rb'
-    - 'spec/serializers/api/product_serializer_spec.rb'
-    - 'spec/serializers/api/shipping_method_serializer_spec.rb'
-    - 'spec/serializers/api/variant_serializer_spec.rb'
-    - 'spec/services/bulk_invoice_service_spec.rb'
-    - 'spec/services/cart_service_spec.rb'
-    - 'spec/services/default_shipping_category_spec.rb'
-    - 'spec/services/default_stock_location_spec.rb'
-    - 'spec/services/embedded_page_service_spec.rb'
-    - 'spec/services/exchange_products_renderer_spec.rb'
-    - 'spec/services/exchange_variant_bulk_updater_spec.rb'
-    - 'spec/services/invoice_renderer_spec.rb'
-    - 'spec/services/mail_configuration_spec.rb'
-    - 'spec/services/order_cycle_distributed_products_spec.rb'
-    - 'spec/services/order_cycle_distributed_variants_spec.rb'
-    - 'spec/services/order_cycle_form_spec.rb'
-    - 'spec/services/order_cycle_warning_spec.rb'
-    - 'spec/services/order_factory_spec.rb'
-    - 'spec/services/order_syncer_spec.rb'
-    - 'spec/services/order_workflow_spec.rb'
-    - 'spec/services/permissions/order_spec.rb'
-    - 'spec/services/product_tag_rules_filterer_spec.rb'
-    - 'spec/services/products_renderer_spec.rb'
-    - 'spec/services/search_orders_spec.rb'
-    - 'spec/services/tax_rate_finder_spec.rb'
-    - 'spec/services/upload_sanitizer_spec.rb'
-    - 'spec/services/variant_units/option_value_namer_spec.rb'
-    - 'spec/services/variants_stock_levels_spec.rb'
-    - 'spec/spec_helper.rb'
-    - 'spec/support/ability_helper.rb'
-    - 'spec/support/api_helper.rb'
-    - 'spec/support/cancan_helper.rb'
-    - 'spec/support/controller_helper.rb'
-    - 'spec/support/delayed_job_helper.rb'
-    - 'spec/support/downloads_helper.rb'
-    - 'spec/support/email_helper.rb'
-    - 'spec/support/embedded_pages_helper.rb'
-    - 'spec/support/enterprise_groups_helper.rb'
-    - 'spec/support/feature_toggle_helper.rb'
-    - 'spec/support/features/datepicker_helper.rb'
-    - 'spec/support/filters_helper.rb'
-    - 'spec/support/html_helper.rb'
-    - 'spec/support/i18n_error_raising.rb'
-    - 'spec/support/localized_number_helper.rb'
-    - 'spec/support/matchers/date_time_validator_matchers.rb'
-    - 'spec/support/matchers/delegate_matchers.rb'
-    - 'spec/support/matchers/email_confirmation_matchers.rb'
-    - 'spec/support/matchers/flash_message_matchers.rb'
-    - 'spec/support/matchers/integer_array_validator_matchers.rb'
-    - 'spec/support/matchers/select2_matchers.rb'
-    - 'spec/support/matchers/table_matchers.rb'
-    - 'spec/support/performance_helper.rb'
-    - 'spec/support/products_helper.rb'
-    - 'spec/support/request/admin_helper.rb'
-    - 'spec/support/request/authentication_helper.rb'
-    - 'spec/support/request/cookie_helper.rb'
-    - 'spec/support/request/distribution_helper.rb'
-    - 'spec/support/request/menu_helper.rb'
-    - 'spec/support/request/shop_workflow.rb'
-    - 'spec/support/request/ui_component_helper.rb'
-    - 'spec/support/request/web_helper.rb'
-    - 'spec/support/seeds.rb'
-    - 'spec/support/spree/checkout_helpers.rb'
-    - 'spec/support/spree/money_helper.rb'
-    - 'spec/support/spree/url_helpers.rb'
-    - 'spec/support/timecop.rb'
-    - 'spec/validators/date_time_string_validator_spec.rb'
-    - 'spec/validators/integer_array_validator_spec.rb'
-    - 'spec/views/spree/admin/orders/edit.html.haml_spec.rb'
-    - 'spec/views/spree/admin/orders/index.html.haml_spec.rb'
-    - 'spec/views/spree/admin/payment_methods/index.html.haml_spec.rb'
-    - 'spec/views/spree/admin/shared/_order_links.html.haml_spec.rb'
 
-# Offense count: 44
+# Offense count: 39
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
   Exclude:
@@ -1221,7 +818,6 @@ Style/GuardClause:
     - 'app/controllers/admin/product_import_controller.rb'
     - 'app/controllers/api/shipments_controller.rb'
     - 'app/controllers/application_controller.rb'
-    - 'app/controllers/checkout_controller.rb'
     - 'app/controllers/home_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/controllers/spree/paypal_controller_decorator.rb'
@@ -1229,13 +825,12 @@ Style/GuardClause:
     - 'app/models/enterprise_group.rb'
     - 'app/models/producer_property.rb'
     - 'app/models/spree/preferences/preferable_class_methods.rb'
-    - 'app/models/spree/price_decorator.rb'
-    - 'app/models/spree/product_decorator.rb'
     - 'app/services/order_syncer.rb'
     - 'app/services/variant_units/variant_and_line_item_naming.rb'
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
     - 'lib/open_food_network/rack_request_blocker.rb'
+    - 'lib/spree/core/controller_helpers/respond_with.rb'
     - 'spec/support/delayed_job_helper.rb'
     - 'spec/support/request/distribution_helper.rb'
     - 'spec/support/request/shop_workflow.rb'
@@ -1253,7 +848,7 @@ Style/MixinUsage:
     - 'lib/open_food_network/orders_and_fulfillments_report.rb'
     - 'spec/lib/open_food_network/packing_report_spec.rb'
 
-# Offense count: 43
+# Offense count: 42
 # Cop supports --auto-correct.
 # Configuration parameters: AutoCorrect, EnforcedStyle, IgnoredMethods.
 # SupportedStyles: predicate, comparison
@@ -1284,7 +879,7 @@ Style/NumericPredicate:
     - 'lib/spree/money_decorator.rb'
     - 'lib/tasks/sample_data.rake'
 
-# Offense count: 241
+# Offense count: 243
 Style/Send:
   Exclude:
     - 'spec/controllers/admin/subscriptions_controller_spec.rb'

.ruby-version

@@ -1 +1 @@
-2.3.7
+2.4.4

Gemfile

@@ -1,11 +1,44 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
-ruby "2.3.7"
+ruby "2.4.4"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
-gem 'i18n', '~> 0.6.11'
+plugin 'bootboot', '~> 0.1.1' unless Bundler.settings[:frozen]
+Plugin.__send__(:load_plugin, 'bootboot') if Plugin.installed?('bootboot')
+
+if ENV['DEPENDENCIES_NEXT']
+  enable_dual_booting if Plugin.installed?('bootboot')
+
+  # This will only be loaded when running
+  # bundler command prefixed with `DEPENDENCIES_NEXT=1
+  gem 'rails', '> 5.0', '< 5.1'
+
+  gem 'activemerchant', '>= 1.78.0'
+  gem 'angular-rails-templates', '>= 0.3.0'
+  gem 'awesome_nested_set'
+  gem 'ransack', '2.3.0'
+  gem 'responders'
+  gem 'sass', '<= 4.7.1'
+  gem 'sass-rails', '< 6.0.0'
+else
+  gem 'rails', '~> 4.2'
+
+  gem 'activemerchant', '~> 1.78.0'
+  gem 'angular-rails-templates', '~> 0.3.0'
+  gem 'awesome_nested_set', '~> 3.3.1'
+  gem 'ransack', '~> 1.8.10'
+  gem 'responders', '~> 2.0'
+  gem 'sass'
+  gem 'sass-rails'
+
+  gem 'db2fog'
+  gem 'unicorn'
+end
+
+gem 'i18n'
 gem 'i18n-js', '~> 3.8.0'
-gem 'rails', '~> 4.0.13'
-gem 'rails-i18n', '~> 4.0'
+gem 'rails-i18n'
 gem 'rails_safe_tasks', '~> 1.0'
 
 gem "activerecord-import"
@@ -18,35 +51,22 @@ gem 'web', path: './engines/web'
 gem 'activerecord-postgresql-adapter'
 gem 'pg', '~> 0.21.0'
 
-gem 'acts_as_list', '= 0.3.0'
-gem 'awesome_nested_set', '~> 3.2.1'
-gem 'cancan', '~> 1.6.10'
-gem 'ffaker', '~> 1.16'
+gem 'acts_as_list', '0.9.19'
+gem 'cancancan', '~> 1.7.0'
+gem 'ffaker'
 gem 'highline', '2.0.3' # Necessary for the install generator
-gem 'json', '>= 1.7.7'
-gem 'money', '5.1.1'
-gem 'paranoia', '~> 2.0'
-gem 'ransack', '~> 1.8.10'
-gem 'state_machine', '1.2.0'
-gem 'stringex', '~> 1.5.1'
-
-gem 'spree_i18n', github: 'openfoodfoundation/spree_i18n', branch: '1-3-stable'
-
-# Our branch contains the following changes:
-# - Pass customer email and phone number to PayPal (merged to upstream master)
-# - Change type of password from string to password to hide it in the form
-# - Skip CA cert file and use the ones provided by the OS
-gem 'spree_paypal_express', github: 'openfoodfoundation/better_spree_paypal_express', branch: '2-1-0-stable'
+gem 'json'
+gem 'monetize', '~> 1.1'
+gem 'paranoia', '~> 2.4'
+gem 'state_machines-activerecord'
+gem 'stringex', '~> 2.8.5'
 
+gem 'paypal-sdk-merchant', '1.106.1'
 gem 'stripe'
 
-# We need at least this version to have Digicert's root certificate
-# which is needed for Pin Payments (and possibly others).
-gem 'activemerchant', '~> 1.78.0'
-
-gem 'devise', '~> 3.5.10' # v4.0.0 needs rails 4.1
+gem 'devise'
 gem 'devise-encryptable'
-gem 'devise-token_authenticatable', '~> 0.4.10' # v0.5.0 needs devise v4
+gem 'devise-token_authenticatable'
 gem 'jwt', '~> 2.2'
 gem 'oauth2', '~> 1.4.4' # Used for Stripe Connect
 
@@ -54,19 +74,14 @@ gem 'daemons'
 gem 'delayed_job_active_record'
 gem 'delayed_job_web'
 
-gem 'kaminari', '~> 0.17.0'
+gem 'kaminari', '~> 1.2.1'
 
 gem 'andand'
 gem 'angularjs-rails', '1.5.5'
 gem 'aws-sdk', '1.67.0'
 gem 'bugsnag'
-gem 'db2fog'
 gem 'haml'
 gem 'redcarpet'
-gem 'sass'
-gem 'sass-rails'
-gem 'truncate_html', '0.9.2'
-gem 'unicorn'
 
 gem 'actionpack-action_caching'
 # AMS 0.9.x and 0.10.x are very different from 0.8.4 and the upgrade is not straight forward
@@ -80,8 +95,7 @@ gem 'dalli'
 gem 'figaro'
 gem 'geocoder'
 gem 'gmaps4rails'
-gem 'oj'
-gem 'paper_trail', '~> 7.1.3'
+gem 'paper_trail', '~> 10.3.1'
 gem 'paperclip', '~> 3.4.1'
 gem 'rack-rewrite'
 gem 'rack-ssl', require: 'rack/ssl'
@@ -91,7 +105,6 @@ gem 'combine_pdf'
 gem 'wicked_pdf'
 gem 'wkhtmltopdf-binary'
 
-gem 'foreigner'
 gem 'immigrant'
 gem 'roo', '~> 2.8.3'
 
@@ -106,13 +119,12 @@ gem 'mini_racer', '0.2.15'
 
 gem 'uglifier', '>= 1.0.3'
 
-gem 'angular-rails-templates', '~> 0.3.0'
 gem 'foundation-icons-sass-rails'
 
 gem 'foundation-rails', '= 5.5.2.1'
 
 gem 'jquery-migrate-rails'
-gem 'jquery-rails', '3.1.5'
+gem 'jquery-rails', '4.4.0'
 gem 'jquery-ui-rails', '~> 4.2'
 gem 'select2-rails', '~> 3.4.7'
 
@@ -127,10 +139,10 @@ group :test, :development do
   # Pretty printed test output
   gem 'atomic'
   gem 'awesome_print'
-  gem 'capybara', '>= 2.18.0' # 3.0 requires rack 1.6 that only works with Rails 4.2
+  gem 'capybara'
   gem 'database_cleaner', require: false
-  gem "factory_bot_rails", '4.10.0', require: false
-  gem 'fuubar', '~> 2.5.0'
+  gem "factory_bot_rails", '5.2.0', require: false
+  gem 'fuubar', '~> 2.5.1'
   gem 'json_spec', '~> 1.1.4'
   gem 'knapsack'
   gem 'letter_opener', '>= 1.4.1'
@@ -147,17 +159,17 @@ end
 group :test do
   gem 'simplecov', require: false
   gem 'test-prof'
+  gem 'test_after_commit' # needed to test Devise callbacks
   gem 'webmock'
   # See spec/spec_helper.rb for instructions
   # gem 'perftools.rb'
 end
 
 group :development do
-  gem 'byebug', '~> 11.0.0' # 11.1 requires ruby 2.4
+  gem 'byebug'
   gem 'debugger-linecache'
-  gem "newrelic_rpm", "~> 3.0"
-  gem "pry", "~> 0.12.0" # pry 0.13 is not compatible with pry-byebug 3.7
-  gem 'pry-byebug', '~> 3.7.0' # 3.8 requires ruby 2.4
+  gem 'pry'
+  gem 'pry-byebug'
   gem 'rubocop'
   gem 'rubocop-rails'
   gem 'spring'

Gemfile.lock

@@ -4,14 +4,6 @@ GIT
   specs:
     custom_error_message (1.1.1)
 
-GIT
-  remote: https://github.com/openfoodfoundation/better_spree_paypal_express.git
-  revision: 1a477e9f7763297944cc99b6f4dd3d962aa963e9
-  branch: 2-1-0-stable
-  specs:
-    spree_paypal_express (2.0.3)
-      paypal-sdk-merchant (= 1.106.1)
-
 GIT
   remote: https://github.com/openfoodfoundation/ofn-qz.git
   revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
@@ -19,15 +11,6 @@ GIT
   specs:
     ofn-qz (0.1.0)
 
-GIT
-  remote: https://github.com/openfoodfoundation/spree_i18n.git
-  revision: 12f18312232f0ce70270d47859d2951d12f7791c
-  branch: 1-3-stable
-  specs:
-    spree_i18n (1.0.0)
-      i18n (~> 0.5)
-      rails-i18n
-
 PATH
   remote: engines/catalog
   specs:
@@ -55,33 +38,44 @@ GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.6)
-    actionmailer (4.0.13)
-      actionpack (= 4.0.13)
+    actionmailer (4.2.11.3)
+      actionpack (= 4.2.11.3)
+      actionview (= 4.2.11.3)
+      activejob (= 4.2.11.3)
       mail (~> 2.5, >= 2.5.4)
-    actionpack (4.0.13)
-      activesupport (= 4.0.13)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
-      rack (~> 1.5.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.11.3)
+      actionview (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
+      rack (~> 1.6)
       rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
     actionpack-action_caching (1.2.1)
       actionpack (>= 4.0.0)
+    actionview (4.2.11.3)
+      activesupport (= 4.2.11.3)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
     active_model_serializers (0.8.4)
       activemodel (>= 3.0)
+    activejob (4.2.11.3)
+      activesupport (= 4.2.11.3)
+      globalid (>= 0.3.0)
     activemerchant (1.78.0)
       activesupport (>= 3.2.14, < 6.x)
       builder (>= 2.1.2, < 4.0.0)
       i18n (>= 0.6.9)
       nokogiri (~> 1.4)
-    activemodel (4.0.13)
-      activesupport (= 4.0.13)
-      builder (~> 3.1.0)
-    activerecord (4.0.13)
-      activemodel (= 4.0.13)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.13)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.4)
+    activemodel (4.2.11.3)
+      activesupport (= 4.2.11.3)
+      builder (~> 3.1)
+    activerecord (4.2.11.3)
+      activemodel (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
+      arel (~> 6.0)
     activerecord-import (1.0.7)
       activerecord (>= 3.2)
     activerecord-postgresql-adapter (0.0.1)
@@ -92,18 +86,20 @@ GEM
       multi_json (~> 1.11, >= 1.11.2)
       rack (>= 1.5.2, < 3)
       railties (>= 4.0)
-    activesupport (4.0.13)
-      i18n (~> 0.6, >= 0.6.9)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
-      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
+    activesupport (4.2.11.3)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
     acts-as-taggable-on (4.0.0)
       activerecord (>= 4.0)
-    acts_as_list (0.3.0)
+    acts_as_list (0.9.19)
       activerecord (>= 3.0)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
+    aliyun-sdk (0.8.0)
+      nokogiri (~> 1.6)
+      rest-client (~> 2.0)
     andand (1.3.3)
     angular-rails-templates (0.3.0)
       railties (>= 3.1)
@@ -111,10 +107,10 @@ GEM
       tilt
     angularjs-file-upload-rails (2.4.1)
     angularjs-rails (1.5.5)
-    arel (4.0.2)
-    ast (2.4.0)
+    arel (6.0.4)
+    ast (2.4.1)
     atomic (1.1.101)
-    awesome_nested_set (3.2.1)
+    awesome_nested_set (3.3.1)
       activerecord (>= 4.0.0, < 7.0)
     awesome_print (1.8.0)
     aws-sdk (1.67.0)
@@ -122,26 +118,27 @@ GEM
     aws-sdk-v1 (1.67.0)
       json (~> 1.4)
       nokogiri (~> 1)
-    bcrypt (3.1.13)
-    bugsnag (6.18.0)
+    bcrypt (3.1.16)
+    bugsnag (6.19.0)
       concurrent-ruby (~> 1.0)
-    builder (3.1.4)
-    byebug (11.0.1)
-    cancan (1.6.10)
-    capybara (2.18.0)
+    builder (3.2.4)
+    byebug (11.1.3)
+    cancancan (1.7.1)
+    capybara (3.32.2)
       addressable
       mini_mime (>= 0.1.3)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (>= 2.0, < 4.0)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.5)
+      xpath (~> 3.2)
     childprocess (3.0.0)
     chronic (0.10.2)
-    chunky_png (1.3.11)
+    chunky_png (1.3.14)
     climate_control (0.2.0)
     cocaine (0.5.8)
       climate_control (>= 0.0.3, < 1.0)
-    coderay (1.1.2)
+    coderay (1.1.3)
     coffee-rails (4.2.2)
       coffee-script (>= 2.2.0)
       railties (>= 4.0.0)
@@ -149,7 +146,7 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    combine_pdf (1.0.16)
+    combine_pdf (1.0.21)
       ruby-rc4 (>= 0.1.5)
     compass (1.0.3)
       chunky_png (~> 1.2)
@@ -168,7 +165,9 @@ GEM
       sass-rails (< 5.1)
       sprockets (< 4.0)
     concurrent-ruby (1.1.7)
-    crack (0.4.4)
+    crack (0.4.5)
+      rexml
+    crass (1.0.6)
     css_parser (1.7.1)
       addressable
     daemons (1.3.1)
@@ -178,48 +177,49 @@ GEM
       activerecord (>= 3.2.0, < 5.0)
       fog (~> 1.0)
       rails (>= 3.2.0, < 5.0)
-    ddtrace (0.42.0)
+    ddtrace (0.44.0)
       msgpack
     debugger-linecache (1.2.0)
-    delayed_job (4.1.8)
-      activesupport (>= 3.0, < 6.1)
-    delayed_job_active_record (4.1.4)
-      activerecord (>= 3.0, < 6.1)
+    delayed_job (4.1.9)
+      activesupport (>= 3.0, < 6.2)
+    delayed_job_active_record (4.1.5)
+      activerecord (>= 3.0, < 6.2)
       delayed_job (>= 3.0, < 5)
     delayed_job_web (1.4.3)
       activerecord (> 3.0.0)
       delayed_job (> 2.0.3)
       rack-protection (>= 1.5.5)
       sinatra (>= 1.4.4)
-    devise (3.5.10)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
+      railties (>= 4.1.0)
       responders
-      thread_safe (~> 0.1)
       warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
-    devise-token_authenticatable (0.4.10)
-      devise (>= 3.5.2, < 4.0.0)
-    diff-lcs (1.3)
-    docile (1.3.2)
+    devise-token_authenticatable (1.1.0)
+      devise (>= 4.0.0, < 5.0.0)
+    diff-lcs (1.4.4)
+    docile (1.3.4)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
     dry-inflector (0.1.2)
     erubis (2.7.0)
     eventmachine (1.2.7)
-    excon (0.71.1)
+    excon (0.78.0)
     execjs (2.7.0)
-    factory_bot (4.10.0)
-      activesupport (>= 3.0.0)
-    factory_bot_rails (4.10.0)
-      factory_bot (~> 4.10.0)
-      railties (>= 3.0.0)
-    faraday (1.0.0)
+    factory_bot (5.2.0)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.2.0)
+      factory_bot (~> 5.2.0)
+      railties (>= 4.2.0)
+    faraday (1.0.1)
       multipart-post (>= 1.2, < 3)
-    ffaker (1.32.1)
-    ffi (1.12.2)
-    figaro (1.1.1)
-      thor (~> 0.14)
+    ffaker (2.16.0)
+    ffi (1.13.1)
+    figaro (1.2.0)
+      thor (>= 0.14.0, < 2)
     fission (0.5.0)
       CFPropertyList (~> 2.2)
     fog (1.41.0)
@@ -256,7 +256,8 @@ GEM
       fog-xml (~> 0.1.1)
       ipaddress (~> 0.5)
       json (>= 1.8, < 2.0)
-    fog-aliyun (0.3.5)
+    fog-aliyun (0.3.19)
+      aliyun-sdk (~> 0.8.0)
       fog-core
       fog-json
       ipaddress (~> 0.8)
@@ -302,7 +303,7 @@ GEM
       fog-core
       fog-json
       fog-xml
-    fog-internet-archive (0.0.1)
+    fog-internet-archive (0.0.2)
       fog-core
       fog-json
       fog-xml
@@ -359,7 +360,7 @@ GEM
     fog-voxel (0.1.0)
       fog-core
       fog-xml
-    fog-vsphere (3.2.1)
+    fog-vsphere (3.4.0)
       fog-core
       rbvmomi (>= 1.9, < 3)
     fog-xenserver (1.0.0)
@@ -369,8 +370,6 @@ GEM
     fog-xml (0.1.3)
       fog-core
       nokogiri (>= 1.5.11, < 2.0.0)
-    foreigner (1.7.4)
-      activerecord (>= 3.0.0)
     formatador (0.2.5)
     foundation-icons-sass-rails (3.0.0)
       railties (>= 3.1.1)
@@ -378,29 +377,35 @@ GEM
     foundation-rails (5.5.2.1)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
-    fuubar (2.5.0)
+    fuubar (2.5.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
     geocoder (1.6.4)
-    get_process_mem (0.2.5)
+    get_process_mem (0.2.7)
       ffi (~> 1.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
     gmaps4rails (2.1.2)
-    haml (5.2.0)
+    haml (5.2.1)
       temple (>= 0.8.0)
       tilt
     hashdiff (1.0.1)
     highline (2.0.3)
     hike (1.2.3)
-    i18n (0.6.11)
+    http-accept (1.7.0)
+    http-cookie (1.0.3)
+      domain_name (~> 0.5)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
     i18n-js (3.8.0)
       i18n (>= 0.6.6)
     immigrant (0.3.6)
       activerecord (>= 3.0)
     ipaddress (0.8.3)
-    jaro_winkler (1.5.4)
     jquery-migrate-rails (1.2.1)
-    jquery-rails (3.1.5)
-      railties (>= 3.0, < 5.0)
+    jquery-rails (4.4.0)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (4.2.1)
       railties (>= 3.2.16)
@@ -411,20 +416,32 @@ GEM
       multi_json (~> 1.0)
       rspec (>= 2.0, < 4.0)
     jwt (2.2.2)
-    kaminari (0.17.0)
-      actionpack (>= 3.0.0)
-      activesupport (>= 3.0.0)
+    kaminari (1.2.1)
+      activesupport (>= 4.1.0)
+      kaminari-actionview (= 1.2.1)
+      kaminari-activerecord (= 1.2.1)
+      kaminari-core (= 1.2.1)
+    kaminari-actionview (1.2.1)
+      actionview
+      kaminari-core (= 1.2.1)
+    kaminari-activerecord (1.2.1)
+      activerecord
+      kaminari-core (= 1.2.1)
+    kaminari-core (1.2.1)
     kgio (2.11.3)
-    knapsack (1.19.0)
+    knapsack (1.20.0)
       rake
     launchy (2.4.3)
       addressable (~> 2.3)
     letter_opener (1.7.0)
       launchy (~> 2.2)
     libv8 (7.3.492.27.1)
+    loofah (2.8.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    method_source (0.9.2)
+    method_source (1.0.0)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2020.0512)
@@ -432,15 +449,17 @@ GEM
     mini_portile2 (2.4.0)
     mini_racer (0.2.15)
       libv8 (> 7.3)
-    minitest (4.7.5)
-    money (5.1.1)
-      i18n (~> 0.6.0)
+    minitest (5.14.3)
+    monetize (1.9.4)
+      money (~> 6.12)
+    money (6.13.8)
+      i18n (>= 0.6.4, <= 2)
     msgpack (1.3.3)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    newrelic_rpm (3.18.1.330)
-    nokogiri (1.10.9)
+    netrc (0.11.0)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
@@ -448,11 +467,10 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    oj (3.10.8)
-    optimist (3.0.0)
+    optimist (3.0.1)
     orm_adapter (0.5.0)
-    paper_trail (7.1.3)
-      activerecord (>= 4.0, < 5.2)
+    paper_trail (10.3.1)
+      activerecord (>= 4.2)
       request_store (~> 1.1)
     paperclip (3.4.2)
       activemodel (>= 3.0.0)
@@ -460,11 +478,11 @@ GEM
       activesupport (>= 3.0.0)
       cocaine (~> 0.5.0)
       mime-types
-    parallel (1.19.1)
-    paranoia (2.4.2)
-      activerecord (>= 4.0, < 6.1)
-    parser (2.7.1.0)
-      ast (~> 2.4.0)
+    parallel (1.20.1)
+    paranoia (2.4.3)
+      activerecord (>= 4.0, < 6.2)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
     paypal-sdk-core (0.2.10)
       multi_json (~> 1.0)
       xml-simple
@@ -472,15 +490,15 @@ GEM
       paypal-sdk-core (~> 0.2.3)
     pg (0.21.0)
     power_assert (1.2.0)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    pry-byebug (3.7.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
       byebug (~> 11.0)
-      pry (~> 0.10)
+      pry (~> 0.13.0)
     public_suffix (4.0.6)
-    rack (1.5.5)
-    rack-mini-profiler (2.0.2)
+    rack (1.6.13)
+    rack-mini-profiler (2.3.0)
       rack (>= 1.2.0)
     rack-protection (1.5.5)
       rack
@@ -489,77 +507,95 @@ GEM
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.0.13)
-      actionmailer (= 4.0.13)
-      actionpack (= 4.0.13)
-      activerecord (= 4.0.13)
-      activesupport (= 4.0.13)
+    rails (4.2.11.3)
+      actionmailer (= 4.2.11.3)
+      actionpack (= 4.2.11.3)
+      actionview (= 4.2.11.3)
+      activejob (= 4.2.11.3)
+      activemodel (= 4.2.11.3)
+      activerecord (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.13)
-      sprockets-rails (~> 2.0)
-    rails-i18n (4.0.5)
-      i18n (~> 0.6)
+      railties (= 4.2.11.3)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.9)
+      activesupport (>= 4.2.0, < 5.0)
+      nokogiri (~> 1.6)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    rails-i18n (4.0.9)
+      i18n (~> 0.7)
       railties (~> 4.0)
     rails_safe_tasks (1.0.0)
-    railties (4.0.13)
-      actionpack (= 4.0.13)
-      activesupport (= 4.0.13)
+    railties (4.2.11.3)
+      actionpack (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.1)
-    rake (13.0.1)
+    rake (13.0.3)
     ransack (1.8.10)
       actionpack (>= 3.0, < 5.2)
       activerecord (>= 3.0, < 5.2)
       activesupport (>= 3.0, < 5.2)
       i18n
-    rb-fsevent (0.10.3)
+    rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rbvmomi (2.2.0)
+    rbvmomi (2.4.1)
       builder (~> 3.0)
       json (>= 1.8)
       nokogiri (~> 1.5)
       optimist (~> 3.0)
-    redcarpet (3.5.0)
+    redcarpet (3.5.1)
+    regexp_parser (1.8.2)
     request_store (1.5.0)
       rack (>= 1.4)
-    responders (1.1.2)
-      railties (>= 3.2, < 4.2)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
     rexml (3.2.4)
-    roadie (3.4.0)
+    roadie (3.5.1)
       css_parser (~> 1.4)
-      nokogiri (~> 1.5)
+      nokogiri (~> 1.8)
     roadie-rails (1.3.0)
       railties (>= 3.0, < 5.3)
       roadie (~> 3.1)
     roo (2.8.3)
       nokogiri (~> 1)
       rubyzip (>= 1.3.0, < 3.0.0)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.1)
-      rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.0)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-rails (3.9.1)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-      rspec-support (~> 3.9.0)
+      rspec-support (~> 3.10.0)
+    rspec-rails (4.0.2)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
-    rspec-support (3.9.2)
+    rspec-support (3.10.1)
     rswag (2.3.1)
       rswag-api (= 2.3.1)
       rswag-specs (= 2.3.1)
@@ -573,21 +609,24 @@ GEM
     rswag-ui (2.3.1)
       actionpack (>= 3.1, < 7.0)
       railties (>= 3.1, < 7.0)
-    rubocop (0.81.0)
-      jaro_winkler (~> 1.5.1)
+    rubocop (1.8.1)
       parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
       rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-rails (2.5.2)
-      activesupport
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.4.0)
+      parser (>= 2.7.1.5)
+    rubocop-rails (2.9.1)
+      activesupport (>= 4.2.0)
       rack (>= 1.1)
-      rubocop (>= 0.72.0)
-    ruby-progressbar (1.10.1)
+      rubocop (>= 0.90.0, < 2.0)
+    ruby-progressbar (1.11.0)
     ruby-rc4 (0.1.5)
-    rubyzip (1.3.0)
+    rubyzip (2.3.0)
     sass (3.4.25)
     sass-rails (5.0.7)
       railties (>= 4.0.0, < 6)
@@ -601,18 +640,17 @@ GEM
     selenium-webdriver (3.142.7)
       childprocess (>= 0.5, < 4.0)
       rubyzip (>= 1.2.2)
-    shoulda-matchers (3.1.3)
-      activesupport (>= 4.0.0)
-    simplecov (0.17.1)
+    shoulda-matchers (4.5.0)
+      activesupport (>= 4.2.0)
+    simplecov (0.18.5)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.3)
     sinatra (1.4.8)
       rack (~> 1.5)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
-    spring (1.7.2)
+    spring (2.1.1)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
     sprockets (2.12.5)
@@ -624,23 +662,34 @@ GEM
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
-    state_machine (1.2.0)
-    stringex (1.5.1)
-    stripe (5.25.0)
+    state_machines (0.5.0)
+    state_machines-activemodel (0.7.1)
+      activemodel (>= 4.1)
+      state_machines (>= 0.5.0)
+    state_machines-activerecord (0.6.0)
+      activerecord (>= 4.1)
+      state_machines-activemodel (>= 0.5.0)
+    stringex (2.8.5)
+    stripe (5.29.0)
     temple (0.8.2)
-    test-prof (0.7.5)
-    test-unit (3.3.6)
+    test-prof (0.11.3)
+    test-unit (3.3.9)
       power_assert
+    test_after_commit (1.2.2)
+      activerecord (>= 3.2, < 5.0)
     thor (0.20.3)
     thread_safe (0.3.6)
     tilt (1.4.1)
     timecop (0.9.2)
-    truncate_html (0.9.2)
-    tzinfo (0.3.57)
+    tzinfo (1.2.9)
+      thread_safe (~> 0.1)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
-    unicode-display_width (1.7.0)
-    unicorn (5.7.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.7)
+    unicode-display_width (2.0.0)
+    unicorn (5.8.0)
       kgio (~> 2.6)
       raindrops (~> 0.7)
     unicorn-rails (2.2.1)
@@ -651,11 +700,11 @@ GEM
       unicorn (>= 4, < 6)
     warden (1.2.7)
       rack (>= 1.0)
-    webdrivers (4.2.0)
+    webdrivers (4.4.2)
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.9.5)
+    webmock (3.11.1)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -666,8 +715,8 @@ GEM
     wkhtmltopdf-binary (0.12.5)
     xml-simple (1.1.5)
     xmlrpc (0.3.0)
-    xpath (2.1.0)
-      nokogiri (~> 1.3)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
 
 PLATFORMS
   ruby
@@ -680,19 +729,19 @@ DEPENDENCIES
   activerecord-postgresql-adapter
   activerecord-session_store
   acts-as-taggable-on (~> 4.0)
-  acts_as_list (= 0.3.0)
+  acts_as_list (= 0.9.19)
   andand
   angular-rails-templates (~> 0.3.0)
   angularjs-file-upload-rails (~> 2.4.1)
   angularjs-rails (= 1.5.5)
   atomic
-  awesome_nested_set (~> 3.2.1)
+  awesome_nested_set (~> 3.3.1)
   awesome_print
   aws-sdk (= 1.67.0)
   bugsnag
-  byebug (~> 11.0.0)
-  cancan (~> 1.6.10)
-  capybara (>= 2.18.0)
+  byebug
+  cancancan (~> 1.7.0)
+  capybara
   catalog!
   coffee-rails (~> 4.2.2)
   combine_pdf
@@ -706,55 +755,54 @@ DEPENDENCIES
   debugger-linecache
   delayed_job_active_record
   delayed_job_web
-  devise (~> 3.5.10)
+  devise
   devise-encryptable
-  devise-token_authenticatable (~> 0.4.10)
+  devise-token_authenticatable
   dfc_provider!
   eventmachine (>= 1.2.3)
-  factory_bot_rails (= 4.10.0)
-  ffaker (~> 1.16)
+  factory_bot_rails (= 5.2.0)
+  ffaker
   figaro
-  foreigner
   foundation-icons-sass-rails
   foundation-rails (= 5.5.2.1)
-  fuubar (~> 2.5.0)
+  fuubar (~> 2.5.1)
   geocoder
   gmaps4rails
   haml
   highline (= 2.0.3)
-  i18n (~> 0.6.11)
+  i18n
   i18n-js (~> 3.8.0)
   immigrant
   jquery-migrate-rails
-  jquery-rails (= 3.1.5)
+  jquery-rails (= 4.4.0)
   jquery-ui-rails (~> 4.2)
-  json (>= 1.7.7)
+  json
   json_spec (~> 1.1.4)
   jwt (~> 2.2)
-  kaminari (~> 0.17.0)
+  kaminari (~> 1.2.1)
   knapsack
   letter_opener (>= 1.4.1)
   mini_racer (= 0.2.15)
-  money (= 5.1.1)
-  newrelic_rpm (~> 3.0)
+  monetize (~> 1.1)
   oauth2 (~> 1.4.4)
   ofn-qz!
-  oj
   order_management!
-  paper_trail (~> 7.1.3)
+  paper_trail (~> 10.3.1)
   paperclip (~> 3.4.1)
-  paranoia (~> 2.0)
+  paranoia (~> 2.4)
+  paypal-sdk-merchant (= 1.106.1)
   pg (~> 0.21.0)
-  pry (~> 0.12.0)
-  pry-byebug (~> 3.7.0)
+  pry
+  pry-byebug
   rack-mini-profiler (< 3.0.0)
   rack-rewrite
   rack-ssl
-  rails (~> 4.0.13)
-  rails-i18n (~> 4.0)
+  rails (~> 4.2)
+  rails-i18n
   rails_safe_tasks (~> 1.0)
   ransack (~> 1.8.10)
   redcarpet
+  responders (~> 2.0)
   roadie-rails (~> 1.3.0)
   roo (~> 2.8.3)
   rspec-rails (>= 3.5.2)
@@ -768,17 +816,15 @@ DEPENDENCIES
   selenium-webdriver
   shoulda-matchers
   simplecov
-  spree_i18n!
-  spree_paypal_express!
   spring
   spring-commands-rspec
-  state_machine (= 1.2.0)
-  stringex (~> 1.5.1)
+  state_machines-activerecord
+  stringex (~> 2.8.5)
   stripe
   test-prof
   test-unit (~> 3.3)
+  test_after_commit
   timecop
-  truncate_html (= 0.9.2)
   uglifier (>= 1.0.3)
   unicorn
   unicorn-rails
@@ -791,7 +837,7 @@ DEPENDENCIES
   wkhtmltopdf-binary
 
 RUBY VERSION
-   ruby 2.3.7p456
+   ruby 2.4.4p296
 
 BUNDLED WITH
    1.17.3

Gemfile_next.lock

@@ -0,0 +1,665 @@
+GIT
+  remote: https://github.com/jeremydurham/custom-err-msg.git
+  revision: 3a8ec9dddc7a5b0aab7c69a6060596de300c68f4
+  specs:
+    custom_error_message (1.1.1)
+
+GIT
+  remote: https://github.com/openfoodfoundation/ofn-qz.git
+  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
+  branch: ofn-rails-4
+  specs:
+    ofn-qz (0.1.0)
+
+PATH
+  remote: engines/catalog
+  specs:
+    catalog (0.0.1)
+
+PATH
+  remote: engines/dfc_provider
+  specs:
+    dfc_provider (0.0.1)
+      active_model_serializers (~> 0.8.4)
+      jwt (~> 2.2)
+      rspec (~> 3.9)
+
+PATH
+  remote: engines/order_management
+  specs:
+    order_management (0.0.1)
+
+PATH
+  remote: engines/web
+  specs:
+    web (0.0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      nio4r (>= 1.2, < 3.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.0.7.2)
+      actionview (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      rack (~> 2.0)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionpack-action_caching (1.2.1)
+      actionpack (>= 4.0.0)
+    actionview (5.0.7.2)
+      activesupport (= 5.0.7.2)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    active_model_serializers (0.8.4)
+      activemodel (>= 3.0)
+    activejob (5.0.7.2)
+      activesupport (= 5.0.7.2)
+      globalid (>= 0.3.6)
+    activemerchant (1.107.4)
+      activesupport (>= 4.2)
+      builder (>= 2.1.2, < 4.0.0)
+      i18n (>= 0.6.9)
+      nokogiri (~> 1.4)
+    activemodel (5.0.7.2)
+      activesupport (= 5.0.7.2)
+    activerecord (5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      arel (~> 7.0)
+    activerecord-import (1.0.7)
+      activerecord (>= 3.2)
+    activerecord-postgresql-adapter (0.0.1)
+      pg
+    activerecord-session_store (1.1.3)
+      actionpack (>= 4.0)
+      activerecord (>= 4.0)
+      multi_json (~> 1.11, >= 1.11.2)
+      rack (>= 1.5.2, < 3)
+      railties (>= 4.0)
+    activesupport (5.0.7.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    acts-as-taggable-on (4.0.0)
+      activerecord (>= 4.0)
+    acts_as_list (0.9.19)
+      activerecord (>= 3.0)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    andand (1.3.3)
+    angular-rails-templates (1.1.0)
+      railties (>= 4.2, < 7)
+      sprockets (>= 3.0, < 5)
+      tilt
+    angularjs-file-upload-rails (2.4.1)
+    angularjs-rails (1.5.5)
+    arel (7.1.4)
+    ast (2.4.1)
+    atomic (1.1.101)
+    awesome_nested_set (3.2.1)
+      activerecord (>= 4.0.0, < 7.0)
+    awesome_print (1.8.0)
+    aws-sdk (1.67.0)
+      aws-sdk-v1 (= 1.67.0)
+    aws-sdk-v1 (1.67.0)
+      json (~> 1.4)
+      nokogiri (~> 1)
+    bcrypt (3.1.16)
+    bugsnag (6.18.0)
+      concurrent-ruby (~> 1.0)
+    builder (3.2.4)
+    byebug (11.0.1)
+    cancancan (1.7.1)
+    capybara (3.15.0)
+      addressable
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.2)
+      xpath (~> 3.2)
+    childprocess (3.0.0)
+    chronic (0.10.2)
+    chunky_png (1.3.14)
+    climate_control (0.2.0)
+    cocaine (0.5.8)
+      climate_control (>= 0.0.3, < 1.0)
+    coderay (1.1.3)
+    coffee-rails (4.2.2)
+      coffee-script (>= 2.2.0)
+      railties (>= 4.0.0)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.12.2)
+    combine_pdf (1.0.19)
+      ruby-rc4 (>= 0.1.5)
+    compass (1.0.3)
+      chunky_png (~> 1.2)
+      compass-core (~> 1.0.2)
+      compass-import-once (~> 1.0.5)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+      sass (>= 3.3.13, < 3.5)
+    compass-core (1.0.3)
+      multi_json (~> 1.0)
+      sass (>= 3.3.0, < 3.5)
+    compass-import-once (1.0.5)
+      sass (>= 3.2, < 3.5)
+    compass-rails (2.0.1)
+      compass (~> 1.0.0)
+    concurrent-ruby (1.1.7)
+    crack (0.4.4)
+    crass (1.0.6)
+    css_parser (1.7.1)
+      addressable
+    daemons (1.3.1)
+    dalli (2.7.11)
+    database_cleaner (1.8.5)
+    ddtrace (0.43.0)
+      msgpack
+    debugger-linecache (1.2.0)
+    delayed_job (4.1.8)
+      activesupport (>= 3.0, < 6.1)
+    delayed_job_active_record (4.1.4)
+      activerecord (>= 3.0, < 6.1)
+      delayed_job (>= 3.0, < 5)
+    delayed_job_web (1.4.3)
+      activerecord (> 3.0.0)
+      delayed_job (> 2.0.3)
+      rack-protection (>= 1.5.5)
+      sinatra (>= 1.4.4)
+    devise (4.7.3)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
+    devise-encryptable (0.2.0)
+      devise (>= 2.1.0)
+    devise-token_authenticatable (1.1.0)
+      devise (>= 4.0.0, < 5.0.0)
+    diff-lcs (1.4.4)
+    docile (1.3.2)
+    erubis (2.7.0)
+    eventmachine (1.2.7)
+    execjs (2.7.0)
+    factory_bot (5.2.0)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.2.0)
+      factory_bot (~> 5.2.0)
+      railties (>= 4.2.0)
+    faraday (1.0.1)
+      multipart-post (>= 1.2, < 3)
+    ffaker (2.11.0)
+    ffi (1.13.1)
+    figaro (1.2.0)
+      thor (>= 0.14.0, < 2)
+    foundation-icons-sass-rails (3.0.0)
+      railties (>= 3.1.1)
+      sass-rails (>= 3.1.1)
+    foundation-rails (5.5.2.1)
+      railties (>= 3.1.0)
+      sass (>= 3.3.0, < 3.5)
+    fuubar (2.5.1)
+      rspec-core (~> 3.0)
+      ruby-progressbar (~> 1.4)
+    geocoder (1.6.4)
+    get_process_mem (0.2.7)
+      ffi (~> 1.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    gmaps4rails (2.1.2)
+    haml (5.2.0)
+      temple (>= 0.8.0)
+      tilt
+    hashdiff (1.0.1)
+    highline (2.0.3)
+    i18n (1.8.5)
+      concurrent-ruby (~> 1.0)
+    i18n-js (3.8.0)
+      i18n (>= 0.6.6)
+    immigrant (0.3.6)
+      activerecord (>= 3.0)
+    jaro_winkler (1.5.4)
+    jquery-migrate-rails (1.2.1)
+    jquery-rails (4.4.0)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
+      thor (>= 0.14, < 2.0)
+    jquery-ui-rails (4.2.1)
+      railties (>= 3.2.16)
+    json (1.8.6)
+    json-schema (2.8.1)
+      addressable (>= 2.4)
+    json_spec (1.1.5)
+      multi_json (~> 1.0)
+      rspec (>= 2.0, < 4.0)
+    jwt (2.2.2)
+    kaminari (1.2.1)
+      activesupport (>= 4.1.0)
+      kaminari-actionview (= 1.2.1)
+      kaminari-activerecord (= 1.2.1)
+      kaminari-core (= 1.2.1)
+    kaminari-actionview (1.2.1)
+      actionview
+      kaminari-core (= 1.2.1)
+    kaminari-activerecord (1.2.1)
+      activerecord
+      kaminari-core (= 1.2.1)
+    kaminari-core (1.2.1)
+    kgio (2.11.3)
+    knapsack (1.20.0)
+      rake
+    launchy (2.4.3)
+      addressable (~> 2.3)
+    letter_opener (1.7.0)
+      launchy (~> 2.2)
+    libv8 (8.4.255.0)
+    loofah (2.7.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    method_source (1.0.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.1104)
+    mini_mime (1.0.2)
+    mini_portile2 (2.4.0)
+    mini_racer (0.2.15)
+      libv8 (> 7.3)
+    minitest (5.14.2)
+    monetize (1.9.4)
+      money (~> 6.12)
+    money (6.13.8)
+      i18n (>= 0.6.4, <= 2)
+    msgpack (1.3.3)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    nio4r (2.5.2)
+    nokogiri (1.10.10)
+      mini_portile2 (~> 2.4.0)
+    oauth2 (1.4.4)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    orm_adapter (0.5.0)
+    paper_trail (10.3.1)
+      activerecord (>= 4.2)
+      request_store (~> 1.1)
+    paperclip (3.4.2)
+      activemodel (>= 3.0.0)
+      activerecord (>= 3.0.0)
+      activesupport (>= 3.0.0)
+      cocaine (~> 0.5.0)
+      mime-types
+    parallel (1.19.2)
+    paranoia (2.4.2)
+      activerecord (>= 4.0, < 6.1)
+    parser (2.7.2.0)
+      ast (~> 2.4.1)
+    paypal-sdk-core (0.2.10)
+      multi_json (~> 1.0)
+      xml-simple
+    paypal-sdk-merchant (1.106.1)
+      paypal-sdk-core (~> 0.2.3)
+    pg (0.21.0)
+    polyamorous (2.3.0)
+      activerecord (>= 5.0)
+    power_assert (1.2.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
+      byebug (~> 11.0)
+      pry (~> 0.13.0)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rack-mini-profiler (2.0.2)
+      rack (>= 1.2.0)
+    rack-protection (2.1.0)
+      rack
+    rack-rewrite (1.5.1)
+    rack-ssl (1.4.1)
+      rack
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (5.0.7.2)
+      actioncable (= 5.0.7.2)
+      actionmailer (= 5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activerecord (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      bundler (>= 1.3.0)
+      railties (= 5.0.7.2)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    rails-i18n (5.1.3)
+      i18n (>= 0.7, < 2)
+      railties (>= 5.0, < 6)
+    rails_safe_tasks (1.0.0)
+    railties (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rainbow (3.0.0)
+    raindrops (0.19.1)
+    rake (13.0.1)
+    ransack (2.3.0)
+      actionpack (>= 5.0)
+      activerecord (>= 5.0)
+      activesupport (>= 5.0)
+      i18n
+      polyamorous (= 2.3.0)
+    rb-fsevent (0.10.4)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    redcarpet (3.5.0)
+    regexp_parser (1.8.2)
+    request_store (1.5.0)
+      rack (>= 1.4)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
+    rexml (3.2.4)
+    roadie (3.5.1)
+      css_parser (~> 1.4)
+      nokogiri (~> 1.8)
+    roadie-rails (1.3.0)
+      railties (>= 3.0, < 5.3)
+      roadie (~> 3.1)
+    roo (2.8.3)
+      nokogiri (~> 1)
+      rubyzip (>= 1.3.0, < 3.0.0)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.0)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-rails (4.0.1)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.9)
+      rspec-expectations (~> 3.9)
+      rspec-mocks (~> 3.9)
+      rspec-support (~> 3.9)
+    rspec-retry (0.6.2)
+      rspec-core (> 3.3)
+    rspec-support (3.10.0)
+    rswag (2.3.1)
+      rswag-api (= 2.3.1)
+      rswag-specs (= 2.3.1)
+      rswag-ui (= 2.3.1)
+    rswag-api (2.3.1)
+      railties (>= 3.1, < 7.0)
+    rswag-specs (2.3.1)
+      activesupport (>= 3.1, < 7.0)
+      json-schema (~> 2.2)
+      railties (>= 3.1, < 7.0)
+    rswag-ui (2.3.1)
+      actionpack (>= 3.1, < 7.0)
+      railties (>= 3.1, < 7.0)
+    rubocop (0.81.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.7.0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      rexml
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-rails (2.5.2)
+      activesupport
+      rack (>= 1.1)
+      rubocop (>= 0.72.0)
+    ruby-progressbar (1.10.1)
+    ruby-rc4 (0.1.5)
+    ruby2_keywords (0.0.2)
+    rubyzip (1.3.0)
+    sass (3.4.25)
+    sass-rails (5.0.7)
+      railties (>= 4.0.0, < 6)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
+    select2-rails (3.4.9)
+      sass-rails
+      thor (~> 0.14)
+    selenium-webdriver (3.142.7)
+      childprocess (>= 0.5, < 4.0)
+      rubyzip (>= 1.2.2)
+    shoulda-matchers (4.0.1)
+      activesupport (>= 4.2.0)
+    simplecov (0.17.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    sinatra (2.1.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
+      tilt (~> 2.0)
+    spring (2.0.2)
+      activesupport (>= 4.2)
+    spring-commands-rspec (1.0.4)
+      spring (>= 0.9.1)
+    sprockets (3.7.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.2)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    state_machines (0.5.0)
+    state_machines-activemodel (0.7.1)
+      activemodel (>= 4.1)
+      state_machines (>= 0.5.0)
+    state_machines-activerecord (0.6.0)
+      activerecord (>= 4.1)
+      state_machines-activemodel (>= 0.5.0)
+    stringex (2.8.5)
+    stripe (5.28.0)
+    temple (0.8.2)
+    test-prof (0.7.5)
+    test-unit (3.3.7)
+      power_assert
+    test_after_commit (1.1.0)
+      activerecord (>= 3.2)
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    tilt (2.0.10)
+    timecop (0.9.2)
+    tzinfo (1.2.8)
+      thread_safe (~> 0.1)
+    uglifier (4.2.0)
+      execjs (>= 0.3.0, < 3)
+    unicode-display_width (1.7.0)
+    unicorn (5.7.0)
+      kgio (~> 2.6)
+      raindrops (~> 0.7)
+    unicorn-rails (2.2.1)
+      rack
+      unicorn
+    unicorn-worker-killer (0.4.4)
+      get_process_mem (~> 0)
+      unicorn (>= 4, < 6)
+    warden (1.2.9)
+      rack (>= 2.0.9)
+    webdrivers (4.2.0)
+      nokogiri (~> 1.6)
+      rubyzip (>= 1.3.0)
+      selenium-webdriver (>= 3.0, < 4.0)
+    webmock (3.10.0)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    websocket-driver (0.6.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    whenever (1.0.0)
+      chronic (>= 0.6.3)
+    wicked_pdf (2.1.0)
+      activesupport
+    wkhtmltopdf-binary (0.12.6.5)
+    xml-simple (1.1.5)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionpack-action_caching
+  active_model_serializers (= 0.8.4)
+  activemerchant (>= 1.78.0)
+  activerecord-import
+  activerecord-postgresql-adapter
+  activerecord-session_store
+  acts-as-taggable-on (~> 4.0)
+  acts_as_list (= 0.9.19)
+  andand
+  angular-rails-templates (>= 0.3.0)
+  angularjs-file-upload-rails (~> 2.4.1)
+  angularjs-rails (= 1.5.5)
+  atomic
+  awesome_nested_set
+  awesome_print
+  aws-sdk (= 1.67.0)
+  bugsnag
+  byebug
+  cancancan (~> 1.7.0)
+  capybara
+  catalog!
+  coffee-rails (~> 4.2.2)
+  combine_pdf
+  compass-rails
+  custom_error_message!
+  daemons
+  dalli
+  database_cleaner
+  ddtrace
+  debugger-linecache
+  delayed_job_active_record
+  delayed_job_web
+  devise
+  devise-encryptable
+  devise-token_authenticatable
+  dfc_provider!
+  eventmachine (>= 1.2.3)
+  factory_bot_rails (= 5.2.0)
+  ffaker
+  figaro
+  foundation-icons-sass-rails
+  foundation-rails (= 5.5.2.1)
+  fuubar (~> 2.5.1)
+  geocoder
+  gmaps4rails
+  haml
+  highline (= 2.0.3)
+  i18n
+  i18n-js (~> 3.8.0)
+  immigrant
+  jquery-migrate-rails
+  jquery-rails (= 4.4.0)
+  jquery-ui-rails (~> 4.2)
+  json
+  json_spec (~> 1.1.4)
+  jwt (~> 2.2)
+  kaminari (~> 1.2.1)
+  knapsack
+  letter_opener (>= 1.4.1)
+  mini_racer (= 0.2.15)
+  monetize (~> 1.1)
+  oauth2 (~> 1.4.4)
+  ofn-qz!
+  order_management!
+  paper_trail (~> 10.3.1)
+  paperclip (~> 3.4.1)
+  paranoia (~> 2.4)
+  paypal-sdk-merchant (= 1.106.1)
+  pg (~> 0.21.0)
+  pry
+  pry-byebug
+  rack-mini-profiler (< 3.0.0)
+  rack-rewrite
+  rack-ssl
+  rails (> 5.0, < 5.1)
+  rails-i18n
+  rails_safe_tasks (~> 1.0)
+  ransack (= 2.3.0)
+  redcarpet
+  responders
+  roadie-rails (~> 1.3.0)
+  roo (~> 2.8.3)
+  rspec-rails (>= 3.5.2)
+  rspec-retry
+  rswag
+  rubocop
+  rubocop-rails
+  sass (<= 4.7.1)
+  sass-rails (< 6.0.0)
+  select2-rails (~> 3.4.7)
+  selenium-webdriver
+  shoulda-matchers
+  simplecov
+  spring
+  spring-commands-rspec
+  state_machines-activerecord
+  stringex (~> 2.8.5)
+  stripe
+  test-prof
+  test-unit (~> 3.3)
+  test_after_commit
+  timecop
+  uglifier (>= 1.0.3)
+  unicorn-rails
+  unicorn-worker-killer
+  web!
+  webdrivers
+  webmock
+  whenever
+  wicked_pdf
+  wkhtmltopdf-binary
+
+RUBY VERSION
+   ruby 2.4.4p296
+
+BUNDLED WITH
+   1.17.3

README.md

@@ -33,7 +33,9 @@ We also have a [Super Admin Guide][super-admin-guide] to help with configuration
 
 ## Testing
 
-We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. BrowserStack provides open source projects with unlimited and free of charge accounts. A big thanks to them!
+If you'd like to help out with testing, please introduce yourself on the #testing channel on [Slack][slack-invite] and download the [ZenHub browser extension][zenhub] to view the development pipeline.
+
+We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. BrowserStack provides open source projects with unlimited and free of charge accounts. A big thanks to them! 
 
 ## Licence
 
@@ -45,3 +47,4 @@ Copyright (c) 2012 - 2020 Open Food Foundation, released under the AGPL licence.
 [ofn-install]: https://github.com/openfoodfoundation/ofn-install
 [super-admin-guide]: https://ofn-user-guide.gitbook.io/ofn-super-admin-guide
 [welcome-dev]: https://github.com/openfoodfoundation/openfoodnetwork/projects/27
+[zenhub]: https://www.zenhub.com/extension

Rakefile

@@ -1,4 +1,6 @@
 #!/usr/bin/env rake
+# frozen_string_literal: true
+
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 

app/assets/javascripts/admin/index_utils/services/paged_fetcher.js.coffee

@@ -16,7 +16,7 @@ angular.module("admin.indexUtils").factory "PagedFetcher", (dataFetcher) ->
     fetchPages: (url, page, pageCallback) ->
       dataFetcher(@urlForPage(url, page)).then (data) =>
         @page++
-        @last_page = data.pages
+        @last_page = data.pagination.pages
 
         pageCallback(data) if pageCallback
 

app/assets/javascripts/admin/spree/base.js.erb

@@ -127,7 +127,16 @@ $(document).ready(function() {
         nextText: Spree.translations.next,
         showOn: "focus"
       });
-
+      
+       $.datepicker.regional[I18n.locale] = {
+          prevText: Spree.translations.previous,
+          nextText: Spree.translations.next,
+          monthNames: Spree.translations.month_names,
+          dayNames: Spree.translations.abbr_day_names,
+          dayNamesMin: Spree.translations.abbr_day_names,
+          dateFormat: Spree.translations.date_picker
+      };
+      $.datepicker.setDefaults( $.datepicker.regional[I18n.locale]);
       // Correctly display range dates
       $('.date-range-filter .datepicker-from').datepicker('option', 'onSelect', function(selectedDate) {
         $(".date-range-filter .datepicker-to" ).datepicker( "option", "minDate", selectedDate );

app/assets/javascripts/admin/spree_paypal_express.js

@@ -0,0 +1,17 @@
+//= require admin/spree_backend
+
+SpreePaypalExpress = {
+  hideSettings: function(paymentMethod) {
+    if (SpreePaypalExpress.paymentMethodID && paymentMethod.val() == SpreePaypalExpress.paymentMethodID) {
+      $('.payment-method-settings').children().hide();
+      $('#payment_amount').prop('disabled', 'disabled');
+      $('button[type="submit"]').prop('disabled', 'disabled');
+      $('#paypal-warning').show();
+    } else if (SpreePaypalExpress.paymentMethodID) {
+      $('.payment-method-settings').children().show();
+      $('button[type=submit]').prop('disabled', '');
+      $('#payment_amount').prop('disabled', '');
+      $('#paypal-warning').hide();
+    }
+  }
+}

app/assets/javascripts/darkswarm/controllers/credit_cards_controller.js.coffee

@@ -1,7 +1,7 @@
 Darkswarm.controller "CreditCardsCtrl", ($scope, CreditCard, CreditCards) ->
   angular.extend(this, new FieldsetMixin($scope))
   $scope.savedCreditCards = CreditCards.saved
-  $scope.setDefault = CreditCards.setDefault
+  $scope.confirmSetDefault = CreditCards.confirmSetDefault
   $scope.CreditCard = CreditCard
   $scope.secrets = CreditCard.secrets
   $scope.showForm = CreditCard.show

app/assets/javascripts/darkswarm/controllers/order_cycle_controller.js.coffee

@@ -25,3 +25,6 @@ Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $rootScope, $timeout, Orde
     Cart.reloadFinalisedLineItems()
     ChangeableOrdersAlert.reload()
     $rootScope.$broadcast 'orderCycleSelected'
+
+  $scope.closesInLessThan3Months = () ->
+    moment().diff(moment(OrderCycle.orders_close_at(),  "YYYY-MM-DD HH:mm:SS Z"), 'days') > -75

app/assets/javascripts/darkswarm/directives/tabset_ctrl.js.coffee

@@ -5,15 +5,13 @@ Darkswarm.directive "tabsetCtrl", (Tabsets, $location) ->
     selected: "@"
     navigate: "="
     prefix: "@?"
-    alwaysopen: "="
   controller: ($scope, $element) ->
     if $scope.navigate
       path = $location.path()?.match(/^\/\w+$/)?[0]
       $scope.selected = path[1..] if path
 
     this.toggle = (name) ->
-      state = if $scope.alwaysopen then 'open' else null
-      Tabsets.toggle($scope.id, name, state)
+      Tabsets.toggle($scope.id, name)
 
     this.select = (selection) ->
       $scope.$broadcast("selection:changed", selection)

app/assets/javascripts/darkswarm/filters/localize_currency.js.coffee

@@ -6,7 +6,7 @@ Darkswarm.filter "localizeCurrency", (currencyConfig)->
     # Set decimal points, 2 or 0 if hide_cents.
     decimals = if currencyConfig.hide_cents == "true" then 0 else 2
     # Set format if the currency symbol should come after the number, otherwise (default) use the locale setting.
-    format = if currencyConfig.symbol_position == "after" then "%n %u" else undefined
+    format = if currencyConfig.symbol_position == "after" then "%n%u" else undefined
     # We need to use parseFloat as the amount should come in as a string.
     amount = parseFloat(amount)
 

app/assets/javascripts/darkswarm/services/cart.js.coffee

@@ -50,7 +50,7 @@ Darkswarm.factory 'Cart', (CurrentOrder, Variants, $timeout, $http, $modal, $roo
         @popQueue() if @update_enqueued
 
       .error (response, status)=>
-        Messages.flash({error: t('js.cart.add_to_cart_failed')})
+        Messages.flash({error: response.error})
         @update_running = false
 
     compareAndNotifyStockLevels: (stockLevels) =>

app/assets/javascripts/darkswarm/services/credit_cards.js.coffee

@@ -1,4 +1,4 @@
-Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages)->
+Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages, Customers)->
   new class CreditCard
     saved: $filter('orderBy')(savedCreditCards,'-is_default')
 
@@ -11,5 +11,13 @@ Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages)->
         othercard.is_default = false
       $http.put("/credit_cards/#{card.id}", is_default: true).then (data) ->
         Messages.success(t('js.default_card_updated'))
+        Customers.clearAllAllowCharges()
       , (response) ->
         Messages.flash(response.data.flash)
+
+    confirmSetDefault: (card, event) =>
+      if confirm t("js.default_card_voids_auth")
+        @setDefault(card)
+      else
+        event.preventDefault()
+        return false

app/assets/javascripts/darkswarm/services/customer.js.coffee

@@ -1,4 +1,4 @@
-angular.module("Darkswarm").factory 'Customer', ($resource, Messages) ->
+angular.module("Darkswarm").factory 'Customer', ($resource, $injector, Messages) ->
   Customer = $resource('/api/customers/:id/:action.json', {}, {
     'index':
       method: 'GET'
@@ -12,8 +12,21 @@ angular.module("Darkswarm").factory 'Customer', ($resource, Messages) ->
   })
 
   Customer.prototype.update = ->
+    if @allow_charges
+      Messages.loading(t('js.authorising'))
     @$update().then (response) =>
-      Messages.success(t('js.changes_saved'))
+      if response.gateway_recurring_payment_client_secret && $injector.has('stripePublishableKey')
+        Messages.clear()
+        stripe = Stripe($injector.get('stripePublishableKey'), { stripeAccount: response.gateway_shop_id })
+        stripe.confirmCardSetup(response.gateway_recurring_payment_client_secret).then (result) =>
+          if result.error
+            @allow_charges = false
+            @$update(allow_charges: false)
+            Messages.error(result.error.message)
+          else
+            Messages.success(t('js.changes_saved'))
+      else
+        Messages.success(t('js.changes_saved'))
     , (response) =>
       Messages.error(response.data.error)
 

app/assets/javascripts/darkswarm/services/customers.js.coffee

@@ -12,3 +12,7 @@ angular.module("Darkswarm").factory 'Customers', (Customer) ->
       for customer in customers
         @all.push customer
         @byID[customer.id] = customer
+
+    clearAllAllowCharges: () ->
+      for customer in @index()
+        customer.allow_charges = false

app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee

@@ -1,21 +1,21 @@
 Darkswarm.factory 'OrderCycleResource', ($resource) ->
-  $resource('/api/order_cycles/:id', {}, {
+  $resource('/api/order_cycles/:id.json', {}, {
     'products':
       method: 'GET'
       isArray: true
-      url: '/api/order_cycles/:id/products'
+      url: '/api/order_cycles/:id/products.json'
       params:
         id: '@id'
     'taxons':
       method: 'GET'
       isArray: true
-      url: '/api/order_cycles/:id/taxons'
+      url: '/api/order_cycles/:id/taxons.json'
       params:
         id: '@id'
     'properties':
       method: 'GET'
       isArray: true
-      url: '/api/order_cycles/:id/properties'
+      url: '/api/order_cycles/:id/properties.json'
       params:
         id: '@id'
   })

app/assets/javascripts/darkswarm/services/tabsets.js.coffee

@@ -7,12 +7,10 @@ Darkswarm.factory 'Tabsets', ->
         @tabsets.push { ctrl: ctrl, id: id, selected: selected }
         ctrl.select(selected) if selected?
 
-    toggle: (id, name, state=null) ->
+    toggle: (id, name) ->
       tabset = @findTabsetByObject(id)
-      if tabset.selected == name
-        @select(tabset, null) unless state == "open"
-      else
-        @select(tabset, name) unless state == "closed"
+      if tabset.selected != name
+        @select(tabset, name)
 
     select: (tabset, name) ->
       tabset.selected = name

app/assets/javascripts/templates/partials/hub_details.html.haml

@@ -14,8 +14,9 @@
             {{'hubs_delivery' | t}}
     .row
       .columns.small-12
-        %a.cta-hub{"ng-href" => "{{::enterprise.path}}", "ng-attr-target" => "{{ embedded_layout ? '_blank' : undefined}}",
+        %a.cta-hub{"ng-href" => "{{::enterprise.path}}#/shop", "ng-attr-target" => "{{ embedded_layout ? '_blank' : undefined}}",
         "ng-class" => "{primary: enterprise.active, secondary: !enterprise.active}",
+        "ng-click" => "$close()",
         "ofn-change-hub" => "enterprise"}
           .hub-name{"ng-bind" => "::enterprise.name"}
           %span{"ng-if" => "::enterprise.active"} ({{'maps_open' | t}})

app/assets/javascripts/templates/partials/producer_details.html.haml

@@ -12,8 +12,9 @@
     .row
       .columns.small-12
         %a.cta-hub{"ng-repeat" => "hub in enterprise.hubs | filter:{id: '!'+enterprise.id} | orderBy:'-active'",
-        "ng-href" => "{{::hub.path}}", "ofn-empties-cart" => "hub",
-        "ng-class" => "::{primary: hub.active, secondary: !hub.active}"}
+        "ng-href" => "{{::hub.path}}#/shop", "ofn-empties-cart" => "hub",
+        "ng-class" => "::{primary: hub.active, secondary: !hub.active}",
+        "ng-click" => "$close()"}
           .hub-name{"ng-bind" => "::hub.name"}
           %span{"ng-if" => "::hub.active"} ({{'maps_open' | t}})
           %span{"ng-if" => "::!hub.active"} ({{'maps_closed' | t}})

app/assets/stylesheets/darkswarm/_shop-inputs.scss

@@ -29,9 +29,12 @@ button.add-variant, button.variant-quantity {
   &:hover {
     background-color: $orange-600;
   }
+
   &[disabled] {
+    background-color: $grey-400;
+
     &:hover, &:focus {
-      background-color: $orange-500;
+      background-color: $grey-400;
     }
   }
   &:nth-of-type(1) {
@@ -84,14 +87,6 @@ button.bulk-buy.variant-quantity {
 
 button.bulk-buy-add.variant-quantity {
   width: 2.5rem;
-
-  &[disabled] {
-    background-color: $grey-400;
-
-    &:hover, &:focus {
-      background-color: $grey-400;
-    }
-  }
 }
 
 span.bulk-buy.variant-quantity {

app/assets/stylesheets/darkswarm/_shop-navigation.scss

@@ -41,19 +41,21 @@ ordercycle {
 
   .order-cycle-select {
     border: 1px solid $teal-300;
-    display: inline-block;
+    display: flex;
     font-size: 1em;
     border-radius: $radius-small;
+    margin-right: 10px;
+    margin-left: 10px;
 
     .select-label {
       background-color: rgba($teal-300, 0.5);
-      display: inline-block;
+      display: flex;
+      align-items: center;
+      justify-content: center;
       border-radius: $radius-small 0 0 $radius-small;
-      float: left;
       font-size: 1em;
       line-height: 1.3em;
       padding: 0.5em 0.75em;
-      height: 2.35em;
 
       span {
         width: max-content;
@@ -65,6 +67,7 @@ ordercycle {
       background-image: image-url('white-caret.svg');
       background-size: 30px auto;
       background-position-x: 102%;
+      height: 2.35em;
     }
 
     p {
@@ -82,7 +85,6 @@ ordercycle {
       padding: 0.5em 1.25em 0.5em 0.75em;
       font-size: 1em;
       line-height: 1.3em;
-      height: 2.35em;
       min-width: 13em;
       width: 200px;
 
@@ -154,22 +156,24 @@ shop ordercycle {
     }
   }
 
+  .select-and-closing-container {
+    @include breakpoint(desktop) {
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      flex-wrap: wrap;
+    }
+  }
+
   closing {
     color: $white;
     padding: 0 0 12px;
 
     @include breakpoint(desktop) {
-      float: none;
-      display: inline-block;
-      padding: 0.2em 0 0;
+      padding: 0;
       font-size: 1.2em;
       margin-right: 1em;
     }
-
-    @include breakpoint(tablet) {
-      float: none;
-      padding: 0;
-    }
   }
 
   form.custom {

app/assets/stylesheets/darkswarm/_shop-product-rows.scss

@@ -59,6 +59,7 @@
 
         // Variant price
         .variant-price {
+          white-space: nowrap;
           @include breakpoint(phablet) {
             padding-left: 1rem;
           }

app/controllers/admin/bulk_line_items_controller.rb

@@ -1,5 +1,6 @@
 module Admin
   class BulkLineItemsController < Spree::Admin::BaseController
+    include PaginationData
     # GET /admin/bulk_line_items.json
     #
     def index
@@ -12,9 +13,12 @@ module Admin
         ransack(params[:q]).result.
         reorder('spree_line_items.order_id ASC, spree_line_items.id ASC')
 
-      @line_items = @line_items.page(page).per(params[:per_page]) if using_pagination?
+      @line_items = @line_items.page(page).per(params[:per_page]) if pagination_required?
 
-      render json: { line_items: serialized_line_items, pagination: pagination_data }
+      render json: {
+        line_items: serialized_line_items,
+        pagination: pagination_data(@line_items)
+      }
     end
 
     # PUT /admin/bulk_line_items/:id.json
@@ -87,21 +91,6 @@ module Admin
       ::Permissions::Order.new(spree_current_user)
     end
 
-    def using_pagination?
-      params[:per_page]
-    end
-
-    def pagination_data
-      return unless using_pagination?
-
-      {
-        results: @line_items.total_count,
-        pages: @line_items.num_pages,
-        page: page.to_i,
-        per_page: params[:per_page].to_i
-      }
-    end
-
     def page
       params[:page] || 1
     end

app/controllers/admin/column_preferences_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class ColumnPreferencesController < ResourceController
+  class ColumnPreferencesController < Admin::ResourceController
     before_action :load_collection, only: [:bulk_update]
 
     respond_to :json

app/controllers/admin/customers_controller.rb

@@ -1,7 +1,7 @@
 require 'open_food_network/address_finder'
 
 module Admin
-  class CustomersController < ResourceController
+  class CustomersController < Admin::ResourceController
     before_action :load_managed_shops, only: :index, if: :html_request?
     respond_to :json
 
@@ -17,13 +17,22 @@ module Admin
       respond_to do |format|
         format.html
         format.json do
-          render_as_json @collection,
-                         tag_rule_mapping: tag_rule_mapping,
-                         customer_tags: customer_tags_by_id
+          render json: @collection,
+                 each_serializer: index_each_serializer,
+                 tag_rule_mapping: tag_rule_mapping,
+                 customer_tags: customer_tags_by_id
         end
       end
     end
 
+    def index_each_serializer
+      if OpenFoodNetwork::FeatureToggle.enabled?(:customer_balance, spree_current_user)
+        ::Api::Admin::CustomerWithBalanceSerializer
+      else
+        ::Api::Admin::CustomerWithCalculatedBalanceSerializer
+      end
+    end
+
     def show
       render_as_json @customer, ams_prefix: params[:ams_prefix]
     end
@@ -42,7 +51,7 @@ module Admin
       end
     end
 
-    # copy of Spree::Admin::ResourceController without flash notice
+    # copy of Admin::ResourceController without flash notice
     def destroy
       invoke_callbacks(:destroy, :before)
       if @object.destroy
@@ -63,10 +72,20 @@ module Admin
     private
 
     def collection
-      return Customer.where("1=0") unless json_request? && params[:enterprise_id].present?
+      if json_request? && params[:enterprise_id].present?
+        customers_relation.
+          includes(:bill_address, :ship_address, user: :credit_cards)
+      else
+        Customer.where('1=0')
+      end
+    end
 
-      Customer.of(managed_enterprise_id).
-        includes(:bill_address, :ship_address, user: :credit_cards)
+    def customers_relation
+      if OpenFoodNetwork::FeatureToggle.enabled?(:customer_balance, spree_current_user)
+        CustomersWithBalance.new(managed_enterprise_id).query
+      else
+        Customer.of(managed_enterprise_id)
+      end
     end
 
     def managed_enterprise_id
@@ -95,7 +114,7 @@ module Admin
       )
     end
 
-    # Used in ResourceController#update
+    # Used in Admin::ResourceController#update
     def permitted_resource_params
       customer_params
     end

app/controllers/admin/enterprise_fees_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseFeesController < ResourceController
+  class EnterpriseFeesController < Admin::ResourceController
     before_action :load_enterprise_fee_set, only: :index
     before_action :load_data
 

app/controllers/admin/enterprise_groups_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseGroupsController < ResourceController
+  class EnterpriseGroupsController < Admin::ResourceController
     before_action :load_data, except: :index
     before_action :load_object_data, only: [:new, :edit, :create, :update]
 

app/controllers/admin/enterprise_relationships_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseRelationshipsController < ResourceController
+  class EnterpriseRelationshipsController < Admin::ResourceController
     def index
       @my_enterprises = Enterprise.
         includes(:shipping_methods, :payment_methods).

app/controllers/admin/enterprise_roles_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseRolesController < ResourceController
+  class EnterpriseRolesController < Admin::ResourceController
     def index
       @enterprise_roles = EnterpriseRole.by_user_email
       @users = Spree::User.order('spree_users.email')

app/controllers/admin/enterprises_controller.rb

@@ -3,7 +3,7 @@ require 'open_food_network/permissions'
 require 'open_food_network/order_cycle_permissions'
 
 module Admin
-  class EnterprisesController < ResourceController
+  class EnterprisesController < Admin::ResourceController
     # These need to run before #load_resource so that @object is initialised with sanitised values
     prepend_before_action :override_owner, only: :create
     prepend_before_action :override_sells, only: :create
@@ -81,14 +81,14 @@ module Admin
     end
 
     def bulk_update
-      @enterprise_set = EnterpriseSet.new(collection, params[:enterprise_set])
+      @enterprise_set = EnterpriseSet.new(collection, bulk_params)
       if @enterprise_set.save
         flash[:success] = I18n.t(:enterprise_bulk_update_success_notice)
 
         redirect_to main_app.admin_enterprises_path
       else
         touched_enterprises = @enterprise_set.collection.select(&:changed?)
-        @enterprise_set.collection.select! { |e| touched_enterprises.include? e }
+        @enterprise_set.collection.to_a.select! { |e| touched_enterprises.include? e }
         flash[:error] = I18n.t(:enterprise_bulk_update_error)
         render :index
       end
@@ -214,7 +214,8 @@ module Admin
           rule = @object.tag_rules.find_by(id: attrs.delete(:id)) ||
                  attrs[:type].constantize.new(enterprise: @object)
           create_calculator_for(rule, attrs) if rule.type == "TagRule::DiscountOrder" && rule.calculator.nil?
-          rule.update(attrs)
+
+          rule.update(attrs.permit(PermittedAttributes::TagRules.attributes))
         end
       end
     end
@@ -319,7 +320,13 @@ module Admin
       PermittedAttributes::Enterprise.new(params).call
     end
 
-    # Used in ResourceController#create
+    def bulk_params
+      params.require(:enterprise_set).permit(
+        collection_attributes: PermittedAttributes::Enterprise.attributes
+      )
+    end
+
+    # Used in Admin::ResourceController#create
     def permitted_resource_params
       enterprise_params
     end

app/controllers/admin/inventory_items_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class InventoryItemsController < ResourceController
+  class InventoryItemsController < Admin::ResourceController
     respond_to :json
 
     respond_override update: { json: {

app/controllers/admin/manager_invitations_controller.rb

@@ -35,7 +35,7 @@ module Admin
       new_user.save!
 
       @enterprise.users << new_user
-      Delayed::Job.enqueue ManagerInvitationJob.new(@enterprise.id, new_user.id)
+      EnterpriseMailer.manager_invitation(@enterprise, new_user).deliver_later
 
       new_user
     end

app/controllers/admin/order_cycles_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class OrderCyclesController < ResourceController
+  class OrderCyclesController < Admin::ResourceController
     include OrderCyclesHelper
     include PaperTrailLogging
 
@@ -91,7 +91,7 @@ module Admin
 
     # Send notifications to all producers who are part of the order cycle
     def notify_producers
-      Delayed::Job.enqueue OrderCycleNotificationJob.new(params[:id].to_i)
+      OrderCycleNotificationJob.perform_later params[:id].to_i
 
       redirect_to main_app.admin_order_cycles_path,
                   notice: I18n.t(:order_cycles_email_to_producers_notice)

app/controllers/admin/producer_properties_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class ProducerPropertiesController < ResourceController
+  class ProducerPropertiesController < Admin::ResourceController
     before_action :load_enterprise
     before_action :load_properties
     before_action :setup_property, only: [:index]

app/controllers/admin/proxy_orders_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class ProxyOrdersController < ResourceController
+  class ProxyOrdersController < Admin::ResourceController
     respond_to :json
 
     def edit

app/controllers/admin/resource_controller.rb

@@ -1,41 +1,303 @@
+require 'action_callbacks'
+
 module Admin
-  class ResourceController < Spree::Admin::ResourceController
+  class ResourceController < Spree::Admin::BaseController
+    helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
+    before_action :load_resource, except: [:update_positions]
+    rescue_from ActiveRecord::RecordNotFound, with: :resource_not_found
+    rescue_from CanCan::AccessDenied, with: :unauthorized
+
+    respond_to :html
+    respond_to :js, except: [:show, :index]
+
+    def new
+      invoke_callbacks(:new_action, :before)
+      respond_with(@object) do |format|
+        format.html { render layout: !request.xhr? }
+        format.js   { render layout: false }
+      end
+    end
+
+    def edit
+      respond_with(@object) do |format|
+        format.html { render layout: !request.xhr? }
+        format.js   { render layout: false }
+      end
+    end
+
+    def update
+      invoke_callbacks(:update, :before)
+      if @object.update(permitted_resource_params)
+        invoke_callbacks(:update, :after)
+        flash[:success] = flash_message_for(@object, :successfully_updated)
+        respond_with(@object) do |format|
+          format.html { redirect_to location_after_save }
+          format.js   { render layout: false }
+        end
+      else
+        invoke_callbacks(:update, :fails)
+        respond_with(@object)
+      end
+    end
+
+    def create
+      invoke_callbacks(:create, :before)
+      @object.attributes = permitted_resource_params
+      if @object.save
+        invoke_callbacks(:create, :after)
+        flash[:success] = flash_message_for(@object, :successfully_created)
+        respond_with(@object) do |format|
+          format.html { redirect_to location_after_save }
+          format.js   { render layout: false }
+        end
+      else
+        invoke_callbacks(:create, :fails)
+        respond_with(@object)
+      end
+    end
+
+    def update_positions
+      params[:positions].each do |id, index|
+        model_class.where(id: id).update_all(position: index)
+      end
+
+      respond_to do |format|
+        format.js { render text: 'Ok' }
+      end
+    end
+
+    def destroy
+      invoke_callbacks(:destroy, :before)
+      if @object.destroy
+        invoke_callbacks(:destroy, :after)
+        flash[:success] = flash_message_for(@object, :successfully_removed)
+        respond_with(@object) do |format|
+          format.html { redirect_to collection_url }
+          format.js   { render partial: "spree/admin/shared/destroy" }
+        end
+      else
+        invoke_callbacks(:destroy, :fails)
+        respond_with(@object) do |format|
+          format.html { redirect_to collection_url }
+        end
+      end
+    end
+
+    protected
+
+    def resource_not_found
+      flash[:error] = flash_message_for(model_class.new, :not_found)
+      redirect_to collection_url
+    end
+
+    class << self
+      attr_accessor :parent_data
+      attr_accessor :callbacks
+
+      def belongs_to(model_name, options = {})
+        @parent_data ||= {}
+        @parent_data[:model_name] = model_name
+        @parent_data[:model_class] = model_name.to_s.classify.constantize
+        @parent_data[:find_by] = options[:find_by] || :id
+      end
+
+      def new_action
+        @callbacks ||= {}
+        @callbacks[:new_action] ||= ActionCallbacks.new
+      end
+
+      def create
+        @callbacks ||= {}
+        @callbacks[:create] ||= ActionCallbacks.new
+      end
+
+      def update
+        @callbacks ||= {}
+        @callbacks[:update] ||= ActionCallbacks.new
+      end
+
+      def destroy
+        @callbacks ||= {}
+        @callbacks[:destroy] ||= ActionCallbacks.new
+      end
+    end
+
     def model_class
-      controller_name.classify.to_s.constantize
+      controller_class_name.constantize
+    end
+
+    def model_name
+      parent_data[:model_name].gsub('spree/', '')
+    end
+
+    def object_name
+      controller_name.singularize
+    end
+
+    def load_resource
+      if member_action?
+        @object ||= load_resource_instance
+
+        # call authorize! a third time (called twice already in Admin::BaseController)
+        # this time we pass the actual instance so fine-grained abilities can control
+        # access to individual records, not just entire models.
+        authorize! action, @object
+
+        instance_variable_set("@#{object_name}", @object)
+
+        # If we don't have access, clear the object
+        unless can? action, @object
+          instance_variable_set("@#{object_name}", nil)
+        end
+
+        authorize! action, @object
+      else
+        @collection ||= collection
+
+        # note: we don't call authorize here as the collection method should use
+        # CanCan's accessible_by method to restrict the actual records returned
+
+        instance_variable_set("@#{controller_name}", @collection)
+      end
+    end
+
+    def load_resource_instance
+      if new_actions.include?(action)
+        build_resource
+      elsif params[:id]
+        find_resource
+      end
+    end
+
+    def parent_data
+      self.class.parent_data
+    end
+
+    def parent
+      return nil if parent_data.blank?
+
+      @parent ||= parent_data[:model_class].
+        public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
+      instance_variable_set("@#{model_name}", @parent)
+    end
+
+    def find_resource
+      if parent_data.present?
+        parent.public_send(controller_name).find(params[:id])
+      else
+        model_class.find(params[:id])
+      end
+    end
+
+    def build_resource
+      if parent_data.present?
+        parent.public_send(controller_name).build
+      else
+        model_class.new
+      end
+    end
+
+    def collection
+      return parent.public_send(controller_name) if parent_data.present?
+
+      if model_class.respond_to?(:accessible_by) &&
+         !current_ability.has_block?(params[:action], model_class)
+        model_class.accessible_by(current_ability, action)
+      else
+        model_class.scoped
+      end
+    end
+
+    def location_after_save
+      collection_url
+    end
+
+    def invoke_callbacks(action, callback_type)
+      callbacks = self.class.callbacks || {}
+      return if callbacks[action].nil?
+
+      case callback_type.to_sym
+      when :before then callbacks[action].before_methods.each { |method| __send__ method }
+      when :after  then callbacks[action].after_methods.each  { |method| __send__ method }
+      when :fails  then callbacks[action].fails_methods.each  { |method| __send__ method }
+      end
     end
 
     # URL helpers
     def new_object_url(options = {})
       if parent_data.present?
-        main_app.new_polymorphic_url([:admin, parent, model_class], options)
+        url_helper.new_polymorphic_url([:admin, parent, model_class], options)
       else
-        main_app.new_polymorphic_url([:admin, model_class], options)
+        url_helper.new_polymorphic_url([:admin, model_class], options)
       end
     end
 
     def edit_object_url(object, options = {})
       if parent_data.present?
-        main_app.public_send "edit_admin_#{model_name}_#{object_name}_url", parent, object, options
+        url_helper.public_send "edit_admin_#{model_name}_#{object_name}_url",
+                               parent, object, options
       else
-        main_app.public_send "edit_admin_#{object_name}_url", object, options
+        url_helper.public_send "edit_admin_#{object_name}_url",
+                               object, options
       end
     end
 
     def object_url(object = nil, options = {})
       target = object || @object
       if parent_data.present?
-        main_app.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
+        url_helper.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
       else
-        main_app.public_send "admin_#{object_name}_url", target, options
+        url_helper.public_send "admin_#{object_name}_url", target, options
       end
     end
 
+    # Permit specific list of params
+    #
+    # Example: params.require(object_name).permit(:name)
+    def permitted_resource_params
+      raise "All extending controllers need to override the method permitted_resource_params"
+    end
+
     def collection_url(options = {})
       if parent_data.present?
-        main_app.polymorphic_url([:admin, parent, model_class], options)
+        url_helper.polymorphic_url([:admin, parent, model_class], options)
       else
-        main_app.polymorphic_url([:admin, model_class], options)
+        url_helper.polymorphic_url([:admin, model_class], options)
       end
     end
+
+    def collection_actions
+      [:index]
+    end
+
+    def member_action?
+      !collection_actions.include? action
+    end
+
+    def new_actions
+      [:new, :create]
+    end
+
+    private
+
+    def controller_class_name
+      if spree_controller?
+        "Spree::#{controller_name.classify}"
+      else
+        controller_name.classify.to_s
+      end
+    end
+
+    def url_helper
+      if spree_controller?
+        spree
+      else
+        main_app
+      end
+    end
+
+    def spree_controller?
+      controller_path.starts_with? "spree"
+    end
   end
 end

app/controllers/admin/schedules_controller.rb

@@ -2,7 +2,7 @@ require 'open_food_network/permissions'
 require 'order_management/subscriptions/proxy_order_syncer'
 
 module Admin
-  class SchedulesController < ResourceController
+  class SchedulesController < Admin::ResourceController
     include PaperTrailLogging
 
     before_action :adapt_params, only: [:update]

app/controllers/admin/subscription_line_items_controller.rb

@@ -3,7 +3,7 @@ require 'open_food_network/order_cycle_permissions'
 require 'open_food_network/scope_variant_to_hub'
 
 module Admin
-  class SubscriptionLineItemsController < ResourceController
+  class SubscriptionLineItemsController < Admin::ResourceController
     before_action :load_build_context, only: [:build]
     before_action :ensure_shop, only: [:build]
     before_action :ensure_variant, only: [:build]

app/controllers/admin/subscriptions_controller.rb

@@ -1,7 +1,7 @@
 require 'open_food_network/permissions'
 
 module Admin
-  class SubscriptionsController < ResourceController
+  class SubscriptionsController < Admin::ResourceController
     before_action :load_shops, only: [:index]
     before_action :load_form_data, only: [:new, :edit]
     before_action :strip_banned_attrs, only: [:update]

app/controllers/admin/tag_rules_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class TagRulesController < ResourceController
+  class TagRulesController < Admin::ResourceController
     respond_to :json
 
     respond_override destroy: { json: {

app/controllers/admin/variant_overrides_controller.rb

@@ -1,7 +1,7 @@
 require 'open_food_network/spree_api_key_loader'
 
 module Admin
-  class VariantOverridesController < ResourceController
+  class VariantOverridesController < Admin::ResourceController
     include OpenFoodNetwork::SpreeApiKeyLoader
     include EnterprisesHelper
 

app/controllers/api/base_controller.rb

@@ -5,17 +5,19 @@ require "spree/core/controller_helpers/ssl"
 module Api
   class BaseController < ActionController::Metal
     include ActionController::StrongParameters
+    include ActionController::RespondWith
     include Spree::Api::ControllerSetup
     include Spree::Core::ControllerHelpers::SSL
     include ::ActionController::Head
+    include ::ActionController::ConditionalGet
+    include ActionView::Layouts
 
-    respond_to :json
+    layout false
 
     attr_accessor :current_api_user
 
     before_action :set_content_type
     before_action :authenticate_user
-    after_action  :set_jsonp_format
 
     rescue_from Exception, with: :error_during_processing
     rescue_from CanCan::AccessDenied, with: :unauthorized
@@ -34,13 +36,6 @@ module Api
     use_renderers :json
     check_authorization
 
-    def set_jsonp_format
-      return unless params[:callback] && request.get?
-
-      self.response_body = "#{params[:callback]}(#{response_body})"
-      headers["Content-Type"] = 'application/javascript'
-    end
-
     def respond_with_conflict(json_hash)
       render json: json_hash, status: :conflict
     end
@@ -63,17 +58,13 @@ module Api
     end
 
     def set_content_type
-      content_type = case params[:format]
-                     when "json"
-                       "application/json"
-                     when "xml"
-                       "text/xml"
-                     end
-      headers["Content-Type"] = content_type
+      headers["Content-Type"] = "application/json"
     end
 
     def error_during_processing(exception)
-      render(text: { exception: exception.message }.to_json,
+      Bugsnag.notify(exception)
+
+      render(json: { exception: exception.message },
              status: :unprocessable_entity) && return
     end
 

app/controllers/api/customers_controller.rb

@@ -11,13 +11,25 @@ module Api
       @customer = Customer.find(params[:id])
       authorize! :update, @customer
 
+      client_secret = RecurringPayments.setup_for(@customer) if params[:customer][:allow_charges]
+
       if @customer.update(customer_params)
+        add_recurring_payment_info(client_secret)
         render json: @customer, serializer: CustomerSerializer, status: :ok
       else
         invalid_resource!(@customer)
       end
     end
 
+    private
+
+    def add_recurring_payment_info(client_secret)
+      return unless client_secret
+
+      @customer.gateway_recurring_payment_client_secret = client_secret
+      @customer.gateway_shop_id = @customer.enterprise.stripe_account&.stripe_user_id
+    end
+
     def customer_params
       params.require(:customer).permit(:code, :email, :enterprise_id, :allow_charges)
     end

app/controllers/api/enterprises_controller.rb

@@ -15,7 +15,7 @@ module Api
       @enterprise = Enterprise.new(enterprise_params)
       if @enterprise.save
         @enterprise.user_ids = user_ids
-        render text: @enterprise.id, status: :created
+        render json: @enterprise.id, status: :created
       else
         invalid_resource!(@enterprise)
       end
@@ -26,7 +26,7 @@ module Api
       authorize! :update, @enterprise
 
       if @enterprise.update(enterprise_params)
-        render text: @enterprise.id, status: :ok
+        render json: @enterprise.id, status: :ok
       else
         invalid_resource!(@enterprise)
       end

app/controllers/api/exchange_products_controller.rb

@@ -5,6 +5,7 @@
 # Pagination is optional and can be required by using param[:page]
 module Api
   class ExchangeProductsController < Api::BaseController
+    include PaginationData
     DEFAULT_PER_PAGE = 100
 
     skip_authorization_check only: [:index]
@@ -77,29 +78,16 @@ module Api
     end
 
     def render_paginated_products(paginated_products)
-      serializer = ActiveModel::ArraySerializer.new(
+      serialized_products = ActiveModel::ArraySerializer.new(
         paginated_products,
         each_serializer: Api::Admin::ForOrderCycle::SuppliedProductSerializer,
         order_cycle: @order_cycle
       )
 
-      result = { products: serializer }
-      result = result.merge(pagination: pagination_data(paginated_products)) if pagination_required?
-
-      render text: result.to_json
-    end
-
-    def pagination_data(paginated_products)
-      {
-        results: paginated_products.total_count,
-        pages: paginated_products.num_pages,
-        page: params[:page].to_i,
-        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
+      render json: {
+        products: serialized_products,
+        pagination: pagination_data(paginated_products)
       }
     end
-
-    def pagination_required?
-      params[:page].present?
-    end
   end
 end

app/controllers/api/order_cycles_controller.rb

@@ -20,7 +20,7 @@ module Api
         search_params
       ).products_json
 
-      render json: products
+      render plain: products
     rescue ProductsRenderer::NoProducts
       render_no_products
     end
@@ -31,19 +31,21 @@ module Api
         where(spree_products: { id: distributed_products }).
         select('DISTINCT spree_taxons.*')
 
-      render json: ActiveModel::ArraySerializer.new(taxons, each_serializer: Api::TaxonSerializer)
+      render plain: ActiveModel::ArraySerializer.new(
+        taxons, each_serializer: Api::TaxonSerializer
+      ).to_json
     end
 
     def properties
-      render json: ActiveModel::ArraySerializer.new(
+      render plain: ActiveModel::ArraySerializer.new(
         product_properties | producer_properties, each_serializer: Api::PropertySerializer
-      )
+      ).to_json
     end
 
     private
 
     def render_no_products
-      render status: :not_found, json: ''
+      render status: :not_found, json: {}
     end
 
     def product_properties

app/controllers/api/orders_controller.rb

@@ -1,5 +1,7 @@
 module Api
   class OrdersController < Api::BaseController
+    include PaginationData
+
     def show
       authorize! :read, order
       render json: order, serializer: Api::OrderDetailedSerializer, current_order: order
@@ -8,11 +10,11 @@ module Api
     def index
       authorize! :admin, Spree::Order
 
-      search_results = SearchOrders.new(params, current_api_user)
+      orders = SearchOrders.new(params, current_api_user).orders
 
       render json: {
-        orders: serialized_orders(search_results.orders),
-        pagination: search_results.pagination_data
+        orders: serialized_orders(orders),
+        pagination: pagination_data(orders)
       }
     end
 

app/controllers/api/products_controller.rb

@@ -3,8 +3,8 @@ require 'spree/core/product_duplicator'
 
 module Api
   class ProductsController < Api::BaseController
+    include PaginationData
     respond_to :json
-    DEFAULT_PAGE = 1
     DEFAULT_PER_PAGE = 15
 
     skip_authorization_check only: [:show, :bulk_products, :overridable]
@@ -63,7 +63,7 @@ module Api
       @products = product_query.
         ransack(query_params_with_defaults).
         result.
-        page(params[:page] || DEFAULT_PAGE).
+        page(params[:page] || 1).
         per(params[:per_page] || DEFAULT_PER_PAGE)
 
       render_paged_products @products
@@ -130,31 +130,19 @@ module Api
     end
 
     def render_paged_products(products, product_serializer = ::Api::Admin::ProductSerializer)
-      serializer = ActiveModel::ArraySerializer.new(
+      serialized_products = ActiveModel::ArraySerializer.new(
         products,
         each_serializer: product_serializer
       )
 
-      render text: {
-        products: serializer,
-        # This line is used by the PagedFetcher JS service (inventory).
-        pages: products.num_pages,
-        # This hash is used by the BulkProducts JS service.
+      render json: {
+        products: serialized_products,
         pagination: pagination_data(products)
-      }.to_json
+      }
     end
 
     def query_params_with_defaults
-      params[:q].to_h.reverse_merge(s: 'created_at desc')
-    end
-
-    def pagination_data(results)
-      {
-        results: results.total_count,
-        pages: results.num_pages,
-        page: (params[:page] || DEFAULT_PAGE).to_i,
-        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
-      }
+      (params[:q] || {}).reverse_merge(s: 'created_at desc')
     end
 
     def product_params

app/controllers/application_controller.rb

@@ -1,7 +1,13 @@
+# frozen_string_literal: true
+
+require "application_responder"
 require 'open_food_network/referer_parser'
 require_dependency 'spree/authentication_helpers'
 
 class ApplicationController < ActionController::Base
+  self.responder = ApplicationResponder
+  respond_to :html
+
   protect_from_forgery
 
   prepend_before_action :restrict_iframes
@@ -10,6 +16,12 @@ class ApplicationController < ActionController::Base
   include EnterprisesHelper
   include Spree::AuthenticationHelpers
 
+  # Helper for debugging strong_parameters
+  rescue_from ActiveModel::ForbiddenAttributesError, with: :print_params
+  def print_params
+    raise ActiveModel::ForbiddenAttributesError, params.to_s
+  end
+
   def redirect_to(options = {}, response_status = {})
     ::Rails.logger.error("Redirected by #{begin
                                             caller(1).first

app/controllers/cart_controller.rb

@@ -1,5 +1,3 @@
-require 'spree/core/controller_helpers/order'
-
 class CartController < BaseController
   before_action :check_authorization
 
@@ -13,7 +11,8 @@ class CartController < BaseController
     Spree::Adjustment.without_callbacks do
       cart_service = CartService.new(order)
 
-      if cart_service.populate(params.slice(:products, :variants, :quantity), true)
+      cart_service.populate(params.slice(:products, :variants, :quantity), true)
+      if cart_service.valid?
         order.update_distribution_charge!
         order.cap_quantity_at_stock!
         order.update!
@@ -24,7 +23,8 @@ class CartController < BaseController
                        stock_levels: VariantsStockLevels.new.call(order, variant_ids) },
                status: :ok
       else
-        render json: { error: true }, status: :precondition_failed
+        render json: { error: cart_service.errors.full_messages.join(",") },
+               status: :precondition_failed
       end
     end
     populate_variant_attributes

app/controllers/checkout_controller.rb

@@ -5,6 +5,7 @@ require 'open_food_network/address_finder'
 class CheckoutController < Spree::StoreController
   layout 'darkswarm'
 
+  include OrderStockCheck
   include CheckoutHelper
   include OrderCyclesHelper
   include EnterprisesHelper
@@ -24,7 +25,7 @@ class CheckoutController < Spree::StoreController
 
   before_action :ensure_order_not_completed
   before_action :ensure_checkout_allowed
-  before_action :ensure_sufficient_stock_lines
+  before_action :handle_insufficient_stock
 
   before_action :associate_user
   before_action :check_authorization
@@ -77,13 +78,6 @@ class CheckoutController < Spree::StoreController
     redirect_to main_app.cart_path if @order.completed?
   end
 
-  def ensure_sufficient_stock_lines
-    if @order.insufficient_stock_lines.present?
-      flash[:error] = Spree.t(:inventory_error_flash_for_insufficient_quantity)
-      redirect_to main_app.cart_path
-    end
-  end
-
   def load_order
     @order = current_order
 

app/controllers/concerns/api_action_caching.rb

@@ -9,7 +9,7 @@ module ApiActionCaching
   included do
     include ActionController::Caching
     include ActionController::Caching::Actions
-    include AbstractController::Layouts
+    include ActionView::Layouts
 
     # These configs are not assigned to the controller automatically with ActionController::Metal
     self.cache_store = Rails.configuration.cache_store

app/controllers/concerns/order_stock_check.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module OrderStockCheck
+  extend ActiveSupport::Concern
+
+  def handle_insufficient_stock
+    return if sufficient_stock?
+
+    flash[:error] = Spree.t(:inventory_error_flash_for_insufficient_quantity)
+    redirect_to main_app.cart_path
+  end
+
+  private
+
+  def sufficient_stock?
+    @sufficient_stock ||= @order.insufficient_stock_lines.blank?
+  end
+end

app/controllers/concerns/pagination_data.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module PaginationData
+  extend ActiveSupport::Concern
+
+  def pagination_data(objects)
+    return unless objects.respond_to? :total_count
+
+    {
+      results: objects.total_count,
+      pages: objects.total_pages,
+      page: (params[:page] || 1).to_i,
+      per_page: (params[:per_page] || default_per_page).to_i
+    }
+  end
+
+  def pagination_required?
+    params[:page].present? || params[:per_page].present?
+  end
+
+  def default_per_page
+    return unless defined? self.class::DEFAULT_PER_PAGE
+
+    self.class::DEFAULT_PER_PAGE
+  end
+end

app/controllers/enterprises_controller.rb

@@ -6,6 +6,8 @@ class EnterprisesController < BaseController
   include OrderCyclesHelper
   include SerializerHelper
 
+  protect_from_forgery except: :check_permalink
+
   # These prepended filters are in the reverse order of execution
   prepend_before_action :set_order_cycles, :require_distributor_chosen, :reset_order, only: :shop
 

app/controllers/spree/admin/adjustments_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class AdjustmentsController < ResourceController
+    class AdjustmentsController < ::Admin::ResourceController
       belongs_to 'spree/order', find_by: :number
       destroy.after :reload_order
 

app/controllers/spree/admin/countries_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class CountriesController < ResourceController
+    class CountriesController < ::Admin::ResourceController
       protected
 
       def permitted_resource_params

app/controllers/spree/admin/images_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ImagesController < ResourceController
+    class ImagesController < ::Admin::ResourceController
       # This will make resource controller redirect correctly after deleting product images.
       # This can be removed after upgrading to Spree 2.1.
       # See here https://github.com/spree/spree/commit/334a011d2b8e16355e4ae77ae07cd93f7cbc8fd1

app/controllers/spree/admin/mail_methods_controller.rb

@@ -15,7 +15,7 @@ module Spree
       end
 
       def testmail
-        if TestMailer.test_email(spree_current_user).deliver
+        if TestMailer.test_email(spree_current_user).deliver_now
           flash[:success] = Spree.t('admin.mail_methods.testmail.delivery_success')
         else
           flash[:error] = Spree.t('admin.mail_methods.testmail.delivery_error')

app/controllers/spree/admin/orders_controller.rb

@@ -43,7 +43,7 @@ module Spree
       end
 
       def update
-        unless @order.update(order_params) && @order.line_items.present?
+        unless order_params.present? && @order.update(order_params) && @order.line_items.present?
           if @order.line_items.empty?
             @order.errors.add(:line_items, Spree.t('errors.messages.blank'))
           end
@@ -78,7 +78,7 @@ module Spree
       end
 
       def resend
-        Spree::OrderMailer.confirm_email_for_customer(@order.id, true).deliver
+        Spree::OrderMailer.confirm_email_for_customer(@order.id, true).deliver_later
         flash[:success] = t('admin.orders.order_email_resent')
 
         respond_with(@order) { |format| format.html { redirect_to :back } }
@@ -87,7 +87,7 @@ module Spree
       def invoice
         pdf = InvoiceRenderer.new.render_to_string(@order)
 
-        Spree::OrderMailer.invoice_email(@order.id, pdf).deliver
+        Spree::OrderMailer.invoice_email(@order.id, pdf).deliver_later
         flash[:success] = t('admin.orders.invoice_email_sent')
 
         respond_with(@order) { |format|

app/controllers/spree/admin/payment_methods_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class PaymentMethodsController < ResourceController
+    class PaymentMethodsController < ::Admin::ResourceController
       skip_before_action :load_resource, only: [:create, :show_provider_preferences]
       before_action :load_data
       before_action :validate_payment_method_provider, only: [:create]
@@ -51,7 +51,7 @@ module Spree
       end
 
       # Only show payment methods that user has access to and sort by distributor name
-      # ! Redundant code copied from Spree::Admin::ResourceController with modifications marked
+      # ! Redundant code copied from Admin::ResourceController with modifications marked
       def collection
         return parent.public_send(controller_name) if parent_data.present?
 

app/controllers/spree/admin/payments_controller.rb

@@ -67,6 +67,25 @@ module Spree
         redirect_to request.referer
       end
 
+      def paypal_refund
+        if request.get?
+          if @payment.source.state == 'refunded'
+            flash[:error] = Spree.t(:already_refunded, scope: 'paypal')
+            redirect_to admin_order_payment_path(@order, @payment)
+          end
+        elsif request.post?
+          response = @payment.payment_method.refund(@payment, params[:refund_amount])
+          if response.success?
+            flash[:success] = Spree.t(:refund_successful, scope: 'paypal')
+            redirect_to admin_order_payments_path(@order)
+          else
+            flash.now[:error] = Spree.t(:refund_unsuccessful, scope: 'paypal') +
+                                " (#{response.errors.first.long_message})"
+            render
+          end
+        end
+      end
+
       private
 
       def load_payment_source
@@ -135,7 +154,9 @@ module Spree
         return unless @payment.payment_method.class == Spree::Gateway::StripeSCA
 
         @payment.authorize!
-        raise Spree::Core::GatewayError, I18n.t('authorization_failure') unless @payment.pending?
+        return if @payment.pending? && @payment.cvv_response_message.nil?
+
+        raise Spree::Core::GatewayError, I18n.t('authorization_failure')
       end
     end
   end

app/controllers/spree/admin/paypal_payments_controller.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Spree
+  module Admin
+    class PaypalPaymentsController < Spree::Admin::BaseController
+      before_action :load_order
+
+      def index
+        @payments = @order.payments.includes(:payment_method).
+          where(spree_payment_methods: { type: "Spree::Gateway::PayPalExpress" })
+      end
+
+      private
+
+      def load_order
+        @order = Spree::Order.where(number: params[:order_id]).first
+      end
+    end
+  end
+end

app/controllers/spree/admin/product_properties_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ProductPropertiesController < ResourceController
+    class ProductPropertiesController < ::Admin::ResourceController
       belongs_to 'spree/product', find_by: :permalink
       before_action :find_properties
       before_action :setup_property, only: [:index]

app/controllers/spree/admin/products_controller.rb

@@ -4,7 +4,7 @@ require 'open_food_network/permissions'
 
 module Spree
   module Admin
-    class ProductsController < ResourceController
+    class ProductsController < ::Admin::ResourceController
       helper 'spree/products'
       include OpenFoodNetwork::SpreeApiKeyLoader
       include OrderCyclesHelper
@@ -179,7 +179,7 @@ module Spree
       end
 
       def bulk_index_query(params)
-        params[:filters].to_h.merge(page: params[:page], per_page: params[:per_page])
+        (params[:filters] || {}).merge(page: params[:page], per_page: params[:per_page])
       end
 
       def load_form_data

app/controllers/spree/admin/properties_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class PropertiesController < ResourceController
+    class PropertiesController < ::Admin::ResourceController
       def permitted_resource_params
         params.require(:property).permit(:name, :presentation)
       end

app/controllers/spree/admin/resource_controller.rb

@@ -1,282 +0,0 @@
-require 'action_callbacks'
-
-module Spree
-  module Admin
-    class ResourceController < Spree::Admin::BaseController
-      helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
-      before_action :load_resource, except: [:update_positions]
-      rescue_from ActiveRecord::RecordNotFound, with: :resource_not_found
-      rescue_from CanCan::AccessDenied, with: :unauthorized
-
-      respond_to :html
-      respond_to :js, except: [:show, :index]
-
-      def new
-        invoke_callbacks(:new_action, :before)
-        respond_with(@object) do |format|
-          format.html { render layout: !request.xhr? }
-          format.js   { render layout: false }
-        end
-      end
-
-      def edit
-        respond_with(@object) do |format|
-          format.html { render layout: !request.xhr? }
-          format.js   { render layout: false }
-        end
-      end
-
-      def update
-        invoke_callbacks(:update, :before)
-        if @object.update(permitted_resource_params)
-          invoke_callbacks(:update, :after)
-          flash[:success] = flash_message_for(@object, :successfully_updated)
-          respond_with(@object) do |format|
-            format.html { redirect_to location_after_save }
-            format.js   { render layout: false }
-          end
-        else
-          invoke_callbacks(:update, :fails)
-          respond_with(@object)
-        end
-      end
-
-      def create
-        invoke_callbacks(:create, :before)
-        @object.attributes = permitted_resource_params
-        if @object.save
-          invoke_callbacks(:create, :after)
-          flash[:success] = flash_message_for(@object, :successfully_created)
-          respond_with(@object) do |format|
-            format.html { redirect_to location_after_save }
-            format.js   { render layout: false }
-          end
-        else
-          invoke_callbacks(:create, :fails)
-          respond_with(@object)
-        end
-      end
-
-      def update_positions
-        params[:positions].each do |id, index|
-          model_class.where(id: id).update_all(position: index)
-        end
-
-        respond_to do |format|
-          format.js { render text: 'Ok' }
-        end
-      end
-
-      def destroy
-        invoke_callbacks(:destroy, :before)
-        if @object.destroy
-          invoke_callbacks(:destroy, :after)
-          flash[:success] = flash_message_for(@object, :successfully_removed)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-            format.js   { render partial: "spree/admin/shared/destroy" }
-          end
-        else
-          invoke_callbacks(:destroy, :fails)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-          end
-        end
-      end
-
-      protected
-
-      def resource_not_found
-        flash[:error] = flash_message_for(model_class.new, :not_found)
-        redirect_to collection_url
-      end
-
-      class << self
-        attr_accessor :parent_data
-        attr_accessor :callbacks
-
-        def belongs_to(model_name, options = {})
-          @parent_data ||= {}
-          @parent_data[:model_name] = model_name
-          @parent_data[:model_class] = model_name.to_s.classify.constantize
-          @parent_data[:find_by] = options[:find_by] || :id
-        end
-
-        def new_action
-          @callbacks ||= {}
-          @callbacks[:new_action] ||= ActionCallbacks.new
-        end
-
-        def create
-          @callbacks ||= {}
-          @callbacks[:create] ||= ActionCallbacks.new
-        end
-
-        def update
-          @callbacks ||= {}
-          @callbacks[:update] ||= ActionCallbacks.new
-        end
-
-        def destroy
-          @callbacks ||= {}
-          @callbacks[:destroy] ||= ActionCallbacks.new
-        end
-      end
-
-      def model_class
-        "Spree::#{controller_name.classify}".constantize
-      end
-
-      def model_name
-        parent_data[:model_name].gsub('spree/', '')
-      end
-
-      def object_name
-        controller_name.singularize
-      end
-
-      def load_resource
-        if member_action?
-          @object ||= load_resource_instance
-
-          # call authorize! a third time (called twice already in Admin::BaseController)
-          # this time we pass the actual instance so fine-grained abilities can control
-          # access to individual records, not just entire models.
-          authorize! action, @object
-
-          instance_variable_set("@#{object_name}", @object)
-
-          # If we don't have access, clear the object
-          unless can? action, @object
-            instance_variable_set("@#{object_name}", nil)
-          end
-
-          authorize! action, @object
-        else
-          @collection ||= collection
-
-          # note: we don't call authorize here as the collection method should use
-          # CanCan's accessible_by method to restrict the actual records returned
-
-          instance_variable_set("@#{controller_name}", @collection)
-        end
-      end
-
-      def load_resource_instance
-        if new_actions.include?(action)
-          build_resource
-        elsif params[:id]
-          find_resource
-        end
-      end
-
-      def parent_data
-        self.class.parent_data
-      end
-
-      def parent
-        return nil if parent_data.blank?
-
-        @parent ||= parent_data[:model_class].
-          public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
-        instance_variable_set("@#{model_name}", @parent)
-      end
-
-      def find_resource
-        if parent_data.present?
-          parent.public_send(controller_name).find(params[:id])
-        else
-          model_class.find(params[:id])
-        end
-      end
-
-      def build_resource
-        if parent_data.present?
-          parent.public_send(controller_name).build
-        else
-          model_class.new
-        end
-      end
-
-      def collection
-        return parent.public_send(controller_name) if parent_data.present?
-
-        if model_class.respond_to?(:accessible_by) &&
-           !current_ability.has_block?(params[:action], model_class)
-          model_class.accessible_by(current_ability, action)
-        else
-          model_class.scoped
-        end
-      end
-
-      def location_after_save
-        collection_url
-      end
-
-      def invoke_callbacks(action, callback_type)
-        callbacks = self.class.callbacks || {}
-        return if callbacks[action].nil?
-
-        case callback_type.to_sym
-        when :before then callbacks[action].before_methods.each { |method| __send__ method }
-        when :after  then callbacks[action].after_methods.each  { |method| __send__ method }
-        when :fails  then callbacks[action].fails_methods.each  { |method| __send__ method }
-        end
-      end
-
-      # URL helpers
-
-      def new_object_url(options = {})
-        if parent_data.present?
-          spree.new_polymorphic_url([:admin, parent, model_class], options)
-        else
-          spree.new_polymorphic_url([:admin, model_class], options)
-        end
-      end
-
-      def edit_object_url(object, options = {})
-        if parent_data.present?
-          spree.public_send "edit_admin_#{model_name}_#{object_name}_url", parent, object, options
-        else
-          spree.public_send "edit_admin_#{object_name}_url", object, options
-        end
-      end
-
-      def object_url(object = nil, options = {})
-        target = object || @object
-        if parent_data.present?
-          spree.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
-        else
-          spree.public_send "admin_#{object_name}_url", target, options
-        end
-      end
-
-      # Permit specific list of params
-      #
-      # Example: params.require(object_name).permit(:name)
-      def permitted_resource_params
-        raise "All extending controllers need to override the method permitted_resource_params"
-      end
-
-      def collection_url(options = {})
-        if parent_data.present?
-          spree.polymorphic_url([:admin, parent, model_class], options)
-        else
-          spree.polymorphic_url([:admin, model_class], options)
-        end
-      end
-
-      def collection_actions
-        [:index]
-      end
-
-      def member_action?
-        !collection_actions.include? action
-      end
-
-      def new_actions
-        [:new, :create]
-      end
-    end
-  end
-end

app/controllers/spree/admin/return_authorizations_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ReturnAuthorizationsController < ResourceController
+    class ReturnAuthorizationsController < ::Admin::ResourceController
       belongs_to 'spree/order', find_by: :number
 
       update.after :associate_inventory_units

app/controllers/spree/admin/shipping_categories_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ShippingCategoriesController < ResourceController
+    class ShippingCategoriesController < ::Admin::ResourceController
       protected
 
       def permitted_resource_params

app/controllers/spree/admin/shipping_methods_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ShippingMethodsController < ResourceController
+    class ShippingMethodsController < ::Admin::ResourceController
       before_action :load_data, except: [:index]
       before_action :set_shipping_category, only: [:create, :update]
       before_action :set_zones, only: [:create, :update]

app/controllers/spree/admin/states_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class StatesController < ResourceController
+    class StatesController < ::Admin::ResourceController
       belongs_to 'spree/country'
       before_action :load_data
 

app/controllers/spree/admin/tax_categories_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class TaxCategoriesController < ResourceController
+    class TaxCategoriesController < ::Admin::ResourceController
       def destroy
         if @object.destroy
           flash[:success] = flash_message_for(@object, :successfully_removed)

app/controllers/spree/admin/tax_rates_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class TaxRatesController < ResourceController
+    class TaxRatesController < ::Admin::ResourceController
       before_action :load_data
 
       private

app/controllers/spree/admin/taxonomies_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class TaxonomiesController < ResourceController
+    class TaxonomiesController < ::Admin::ResourceController
       respond_to :json, only: [:get_children]
 
       def get_children

app/controllers/spree/admin/users_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class UsersController < ResourceController
+    class UsersController < ::Admin::ResourceController
       rescue_from Spree::User::DestroyWithOrdersError, with: :user_destroy_with_orders_error
 
       after_action :sign_in_if_change_own_password, only: :update
@@ -100,7 +100,7 @@ module Spree
 
       private
 
-      # handling raise from Spree::Admin::ResourceController#destroy
+      # handling raise from Admin::ResourceController#destroy
       def user_destroy_with_orders_error
         invoke_callbacks(:destroy, :fails)
         render status: :forbidden, text: Spree.t(:error_user_destroy_with_orders)

app/controllers/spree/admin/variants_controller.rb

@@ -2,7 +2,7 @@ require 'open_food_network/scope_variants_for_search'
 
 module Spree
   module Admin
-    class VariantsController < ResourceController
+    class VariantsController < ::Admin::ResourceController
       helper 'spree/products'
 
       belongs_to 'spree/product', find_by: :permalink
@@ -23,7 +23,9 @@ module Spree
           flash[:success] = flash_message_for(@object, :successfully_updated)
           redirect_to spree.admin_product_variants_url(params[:product_id], @url_filters)
         else
-          redirect_to spree.edit_admin_product_variant_url(params[:product_id], @object, @url_filters)
+          redirect_to spree.edit_admin_product_variant_url(params[:product_id],
+                                                           @object,
+                                                           @url_filters)
         end
       end
 

app/controllers/spree/admin/zones_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ZonesController < ResourceController
+    class ZonesController < ::Admin::ResourceController
       before_action :load_data, except: [:index]
 
       def new

app/controllers/spree/credit_cards_controller.rb

@@ -1,3 +1,7 @@
+# frozen_string_literal: true
+
+require 'stripe/credit_card_remover'
+
 module Spree
   class CreditCardsController < BaseController
     def new_from_token
@@ -27,6 +31,7 @@ module Spree
       authorize! :update, @credit_card
 
       if @credit_card.update(credit_card_params)
+        remove_shop_authorizations if credit_card_params["is_default"]
         render json: @credit_card, serializer: ::Api::CreditCardSerializer, status: :ok
       else
         update_failed
@@ -39,11 +44,12 @@ module Spree
       @credit_card = Spree::CreditCard.find_by(id: params[:id])
       if @credit_card
         authorize! :destroy, @credit_card
-        destroy_at_stripe
+        Stripe::CreditCardRemover.new(@credit_card).call
       end
 
       # Using try because we may not have a card here
       if @credit_card.try(:destroy)
+        remove_shop_authorizations if @credit_card.is_default
         flash[:success] = I18n.t(:card_has_been_removed, number: "x-#{@credit_card.last_digits}")
       else
         flash[:error] = I18n.t(:card_could_not_be_removed)
@@ -56,18 +62,8 @@ module Spree
 
     private
 
-    # It destroys the whole customer object
-    def destroy_at_stripe
-      stripe_customer = Stripe::Customer.retrieve(@credit_card.gateway_customer_profile_id, {})
-
-      stripe_customer&.delete
-    end
-
-    def stripe_account_id
-      StripeAccount.
-        find_by(enterprise_id: @credit_card.payment_method.preferred_enterprise_id).
-        andand.
-        stripe_user_id
+    def remove_shop_authorizations
+      @credit_card.user.customers.update_all(allow_charges: false)
     end
 
     def create_customer(token)

app/controllers/spree/orders_controller.rb

@@ -1,9 +1,8 @@
-require 'spree/core/controller_helpers/order'
-require 'spree/core/controller_helpers/auth'
-
 module Spree
   class OrdersController < Spree::StoreController
     include OrderCyclesHelper
+    include Rails.application.routes.url_helpers
+
     layout 'darkswarm'
 
     ssl_required :show

app/controllers/spree/paypal_controller.rb

@@ -0,0 +1,244 @@
+# frozen_string_literal: true
+
+module Spree
+  class PaypalController < StoreController
+    ssl_allowed
+
+    include OrderStockCheck
+
+    before_action :enable_embedded_shopfront
+    before_action :destroy_orphaned_paypal_payments, only: :confirm
+    after_action :reset_order_when_complete, only: :confirm
+    before_action :permit_parameters!
+
+    def express
+      order = current_order || raise(ActiveRecord::RecordNotFound)
+      items = order.line_items.map(&method(:line_item))
+
+      tax_adjustments = order.adjustments.tax
+      # TODO: Remove in Spree 2.2
+      tax_adjustments = tax_adjustments.additional if tax_adjustments.respond_to?(:additional)
+      shipping_adjustments = order.adjustments.shipping
+
+      order.adjustments.eligible.each do |adjustment|
+        next if (tax_adjustments + shipping_adjustments).include?(adjustment)
+
+        items << {
+          Name: adjustment.label,
+          Quantity: 1,
+          Amount: {
+            currencyID: order.currency,
+            value: adjustment.amount
+          }
+        }
+      end
+
+      # Because PayPal doesn't accept $0 items at all.
+      # See https://github.com/spree-contrib/better_spree_paypal_express/issues/10
+      # "It can be a positive or negative value but not zero."
+      items.reject! do |item|
+        item[:Amount][:value].zero?
+      end
+
+      pp_request = provider.build_set_express_checkout(
+        express_checkout_request_details(order, items)
+      )
+
+      begin
+        pp_response = provider.set_express_checkout(pp_request)
+        if pp_response.success?
+          # At this point Paypal has *provisionally* accepted that the payment can now be placed,
+          # and the user will be redirected to a Paypal payment page. On completion, the user is
+          # sent back and the response is handled in the #confirm action in this controller.
+          redirect_to provider.express_checkout_url(pp_response, useraction: 'commit')
+        else
+          flash[:error] = Spree.t('flash.generic_error', scope: 'paypal', reasons: pp_response.errors.map(&:long_message).join(" "))
+          redirect_to spree.checkout_state_path(:payment)
+        end
+      rescue SocketError
+        flash[:error] = Spree.t('flash.connection_failed', scope: 'paypal')
+        redirect_to spree.checkout_state_path(:payment)
+      end
+    end
+
+    def confirm
+      @order = current_order || raise(ActiveRecord::RecordNotFound)
+
+      # At this point the user has come back from the Paypal form, and we get one
+      # last chance to interact with the payment process before the money moves...
+      return reset_to_cart unless sufficient_stock?
+
+      @order.payments.create!(
+        source: Spree::PaypalExpressCheckout.create(
+          token: params[:token],
+          payer_id: params[:PayerID]
+        ),
+        amount: @order.total,
+        payment_method: payment_method
+      )
+      @order.next
+      if @order.complete?
+        flash.notice = Spree.t(:order_processed_successfully)
+        flash[:commerce_tracking] = "nothing special"
+        session[:order_id] = nil
+        redirect_to completion_route(@order)
+      else
+        redirect_to checkout_state_path(@order.state)
+      end
+    end
+
+    def cancel
+      flash[:notice] = Spree.t('flash.cancel', scope: 'paypal')
+      redirect_to main_app.checkout_path
+    end
+
+    # Clears the cached order. Required for #current_order to return a new order to serve as cart.
+    def expire_current_order
+      session[:order_id] = nil
+      @current_order = nil
+    end
+
+    private
+
+    def line_item(item)
+      {
+        Name: item.product.name,
+        Number: item.variant.sku,
+        Quantity: item.quantity,
+        Amount: {
+          currencyID: item.order.currency,
+          value: item.price
+        },
+        ItemCategory: "Physical"
+      }
+    end
+
+    def express_checkout_request_details(order, items)
+      {
+        SetExpressCheckoutRequestDetails: {
+          InvoiceID: order.number,
+          BuyerEmail: order.email,
+          ReturnURL: spree.confirm_paypal_url(
+            payment_method_id: params[:payment_method_id], utm_nooverride: 1
+          ),
+          CancelURL: spree.cancel_paypal_url,
+          SolutionType: payment_method.preferred_solution.presence || "Mark",
+          LandingPage: payment_method.preferred_landing_page.presence || "Billing",
+          cppheaderimage: payment_method.preferred_logourl.presence || "",
+          NoShipping: 1,
+          PaymentDetails: [payment_details(items)]
+        }
+      }
+    end
+
+    def payment_method
+      @payment_method ||= Spree::PaymentMethod.find(params[:payment_method_id])
+    end
+
+    def permit_parameters!
+      params.permit(:token, :payment_method_id, :PayerID)
+    end
+
+    def reset_order_when_complete
+      return unless current_order.complete?
+
+      flash[:notice] = t(:order_processed_successfully)
+      OrderCompletionReset.new(self, current_order).call
+      session[:access_token] = current_order.token
+    end
+
+    def reset_to_cart
+      OrderCheckoutRestart.new(@order).call
+      handle_insufficient_stock
+    end
+
+    # See #1074 and #1837 for more detail on why we need this
+    # An 'orphaned' Spree::Payment is created for every call to CheckoutController#update
+    # for orders that are processed using a Spree::Gateway::PayPalExpress payment method
+    # These payments are 'orphaned' because they are never used by the spree_paypal_express gem
+    # which creates a brand new Spree::Payment from scratch in PayPalController#confirm
+    # However, the 'orphaned' payments are useful when applying a transaction fee, because the fees
+    # need to be calculated before the order details are sent to PayPal for confirmation
+    # This is our best hook for removing the orphaned payments at an appropriate time. ie. after
+    # the payment details have been confirmed, but before any payments have been processed
+    def destroy_orphaned_paypal_payments
+      return unless payment_method.is_a?(Spree::Gateway::PayPalExpress)
+
+      orphaned_payments = current_order.payments.
+        where(payment_method_id: payment_method.id, source_id: nil)
+      orphaned_payments.each(&:destroy)
+    end
+
+    def provider
+      payment_method.provider
+    end
+
+    def payment_details(items)
+      item_sum = items.sum { |i| i[:Quantity] * i[:Amount][:value] }
+      # Would use tax_total here, but it can include "included" taxes as well.
+      # For instance, tax_total would include the 10% GST in Australian stores.
+      # A quick sum will get us around that little problem.
+      # TODO: Remove additional check in 2.2
+      tax_adjustments = current_order.adjustments.tax
+      tax_adjustments = tax_adjustments.additional if tax_adjustments.respond_to?(:additional)
+      tax_adjustments_total = tax_adjustments.sum(:amount)
+
+      if item_sum.zero?
+        # Paypal does not support no items or a zero dollar ItemTotal
+        # This results in the order summary being simply "Current purchase"
+        {
+          OrderTotal: {
+            currencyID: current_order.currency,
+            value: current_order.total
+          }
+        }
+      else
+        {
+          OrderTotal: {
+            currencyID: current_order.currency,
+            value: current_order.total
+          },
+          ItemTotal: {
+            currencyID: current_order.currency,
+            value: item_sum
+          },
+          ShippingTotal: {
+            currencyID: current_order.currency,
+            value: current_order.ship_total
+          },
+          TaxTotal: {
+            currencyID: current_order.currency,
+            value: tax_adjustments_total,
+          },
+          ShipToAddress: address_options,
+          PaymentDetailsItem: items,
+          ShippingMethod: "Shipping Method Name Goes Here",
+          PaymentAction: "Sale"
+        }
+      end
+    end
+
+    def address_options
+      return {} unless address_required?
+
+      {
+        Name: current_order.bill_address.try(:full_name),
+        Street1: current_order.bill_address.address1,
+        Street2: current_order.bill_address.address2,
+        CityName: current_order.bill_address.city,
+        Phone: current_order.bill_address.phone,
+        StateOrProvince: current_order.bill_address.state_text,
+        Country: current_order.bill_address.country.iso,
+        PostalCode: current_order.bill_address.zipcode
+      }
+    end
+
+    def completion_route(order)
+      spree.order_path(order, token: order.token)
+    end
+
+    def address_required?
+      payment_method.preferred_solution.eql?('Sole')
+    end
+  end
+end

app/controllers/spree/paypal_controller_decorator.rb

@@ -1,117 +0,0 @@
-# frozen_string_literal: true
-
-Spree::PaypalController.class_eval do
-  before_action :enable_embedded_shopfront
-  before_action :destroy_orphaned_paypal_payments, only: :confirm
-  after_action :reset_order_when_complete, only: :confirm
-  before_action :permit_parameters!
-
-  def express
-    order = current_order || raise(ActiveRecord::RecordNotFound)
-    items = order.line_items.map(&method(:line_item))
-
-    tax_adjustments = order.adjustments.tax
-    # TODO: Remove in Spree 2.2
-    tax_adjustments = tax_adjustments.additional if tax_adjustments.respond_to?(:additional)
-    shipping_adjustments = order.adjustments.shipping
-
-    order.adjustments.eligible.each do |adjustment|
-      next if (tax_adjustments + shipping_adjustments).include?(adjustment)
-
-      items << {
-        Name: adjustment.label,
-        Quantity: 1,
-        Amount: {
-          currencyID: order.currency,
-          value: adjustment.amount
-        }
-      }
-    end
-
-    # Because PayPal doesn't accept $0 items at all.
-    # See #10
-    # https://cms.paypal.com/uk/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_ECCustomizing
-    # "It can be a positive or negative value but not zero."
-    items.reject! do |item|
-      item[:Amount][:value].zero?
-    end
-    pp_request = provider.build_set_express_checkout(express_checkout_request_details(order, items))
-
-    begin
-      pp_response = provider.set_express_checkout(pp_request)
-      if pp_response.success?
-        redirect_to provider.express_checkout_url(pp_response, useraction: 'commit')
-      else
-        flash[:error] = Spree.t('flash.generic_error', scope: 'paypal', reasons: pp_response.errors.map(&:long_message).join(" "))
-        redirect_to spree.checkout_state_path(:payment)
-      end
-    rescue SocketError
-      flash[:error] = Spree.t('flash.connection_failed', scope: 'paypal')
-      redirect_to spree.checkout_state_path(:payment)
-    end
-  end
-
-  def cancel
-    flash[:notice] = Spree.t('flash.cancel', scope: 'paypal')
-    redirect_to main_app.checkout_path
-  end
-
-  # Clears the cached order. Required for #current_order to return a new order
-  # to serve as cart. See https://github.com/spree/spree/blob/1-3-stable/core/lib/spree/core/controller_helpers/order.rb#L14
-  # for details.
-  def expire_current_order
-    session[:order_id] = nil
-    @current_order = nil
-  end
-
-  private
-
-  def permit_parameters!
-    params.permit(:token, :payment_method_id, :PayerID)
-  end
-
-  def reset_order_when_complete
-    if current_order.complete?
-      flash[:notice] = t(:order_processed_successfully)
-
-      OrderCompletionReset.new(self, current_order).call
-      session[:access_token] = current_order.token
-    end
-  end
-
-  # See #1074 and #1837 for more detail on why we need this
-  # An 'orphaned' Spree::Payment is created for every call to CheckoutController#update
-  # for orders that are processed using a Spree::Gateway::PayPalExpress payment method
-  # These payments are 'orphaned' because they are never used by the spree_paypal_express gem
-  # which creates a brand new Spree::Payment from scratch in PayPalController#confirm
-  # However, the 'orphaned' payments are useful when applying a transaction fee, because the fees
-  # need to be calculated before the order details are sent to PayPal for confirmation
-  # This is our best hook for removing the orphaned payments at an appropriate time. ie. after
-  # the payment details have been confirmed, but before any payments have been processed
-  def destroy_orphaned_paypal_payments
-    return unless payment_method.is_a?(Spree::Gateway::PayPalExpress)
-
-    orphaned_payments = current_order.payments.where(payment_method_id: payment_method.id, source_id: nil)
-    orphaned_payments.each(&:destroy)
-  end
-
-  def completion_route(order)
-    spree.order_path(order, token: order.token)
-  end
-
-  def express_checkout_request_details(order, items)
-    {
-      SetExpressCheckoutRequestDetails: {
-        InvoiceID: order.number,
-        BuyerEmail: order.email,
-        ReturnURL: spree.confirm_paypal_url(payment_method_id: params[:payment_method_id], utm_nooverride: 1),
-        CancelURL: spree.cancel_paypal_url,
-        SolutionType: payment_method.preferred_solution.presence || "Mark",
-        LandingPage: payment_method.preferred_landing_page.presence || "Billing",
-        cppheaderimage: payment_method.preferred_logourl.presence || "",
-        NoShipping: 1,
-        PaymentDetails: [payment_details(items)]
-      }
-    }
-  end
-end

app/controllers/spree/user_registrations_controller.rb

@@ -18,26 +18,6 @@ module Spree
     before_action :check_permissions, only: [:edit, :update]
     skip_before_action :require_no_authentication
 
-    # GET /resource/sign_up
-    def new
-      super
-      @user = resource
-    end
-
-    # POST /resource/sign_up
-    def create
-      @user = build_resource(params[:spree_user])
-      if resource.save
-        set_flash_message(:notice, :signed_up)
-        sign_in(:spree_user, @user)
-        associate_user
-        respond_with resource, location: after_sign_up_path_for(resource)
-      else
-        clean_up_passwords(resource)
-        render :new
-      end
-    end
-
     # GET /resource/edit
     def edit
       super

app/helpers/admin/injection_helper.rb

@@ -130,10 +130,6 @@ module Admin
                                                             json: @hub_permissions.to_json }
     end
 
-    def admin_inject_products
-      admin_inject_json_ams_array "ofn.admin", "products", @products, Api::Admin::ProductSerializer
-    end
-
     def admin_inject_tax_categories(opts = { module: 'ofn.admin' })
       admin_inject_json_ams_array opts[:module],
                                   "tax_categories",

app/helpers/application_helper.rb

@@ -1,6 +1,6 @@
 module ApplicationHelper
-  def feature?(feature)
-    OpenFoodNetwork::FeatureToggle.enabled? feature
+  def feature?(feature, user = nil)
+    OpenFoodNetwork::FeatureToggle.enabled?(feature, user)
   end
 
   def ng_form_for(name, *args, &block)

app/helpers/checkout_helper.rb

@@ -18,7 +18,9 @@ module CheckoutHelper
     enterprise_fee_adjustments = adjustments.select { |a| a.originator_type == 'EnterpriseFee' && a.source_type != 'Spree::LineItem' }
     adjustments.reject! { |a| a.originator_type == 'EnterpriseFee' && a.source_type != 'Spree::LineItem' }
     unless exclude.include? :admin_and_handling
-      adjustments << Spree::Adjustment.new(label: I18n.t(:orders_form_admin), amount: enterprise_fee_adjustments.sum(&:amount))
+      adjustments << Spree::Adjustment.new(
+        label: I18n.t(:orders_form_admin), amount: enterprise_fee_adjustments.map(&:amount).sum
+      )
     end
 
     adjustments
@@ -26,7 +28,7 @@ module CheckoutHelper
 
   def display_checkout_admin_and_handling_adjustments_total_for(order)
     adjustments = order.adjustments.eligible.where('originator_type = ? AND source_type != ? ', 'EnterpriseFee', 'Spree::LineItem')
-    Spree::Money.new adjustments.sum(&:amount), currency: order.currency
+    Spree::Money.new adjustments.map(&:amount).sum, currency: order.currency
   end
 
   def checkout_line_item_adjustments(order)
@@ -34,7 +36,7 @@ module CheckoutHelper
   end
 
   def checkout_subtotal(order)
-    order.item_total + checkout_line_item_adjustments(order).sum(&:amount)
+    order.item_total + checkout_line_item_adjustments(order).map(&:amount).sum
   end
 
   def display_checkout_subtotal(order)

app/helpers/html_helper.rb

@@ -1,21 +0,0 @@
-module HtmlHelper
-  def strip_html(html)
-    strip_surrounding_whitespace substitute_entities strip_tags add_linebreaks html
-  end
-
-  def substitute_entities(html)
-    html.andand.gsub(/ /i, ' ').andand.gsub(/&/i, '&')
-  end
-
-  def add_linebreaks(html)
-    # I know Cthulu is coming for me. Forgive me.
-    # http://stackoverflow.com/a/1732454/2720566
-    html.
-      andand.gsub(%r{</h[^>]>|</p>|</div>}, "\\1\n\n").
-      andand.gsub(/<br[^>]*>/, "\\1\n")
-  end
-
-  def strip_surrounding_whitespace(html)
-    html.andand.strip
-  end
-end

app/helpers/spree/reports_helper.rb

@@ -1,4 +1,4 @@
-require 'spree/money_decorator'
+require 'spree/money'
 
 module Spree
   module ReportsHelper

app/jobs/bulk_invoice_job.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class BulkInvoiceJob < ActiveJob::Base
+  def perform(order_ids, filepath)
+    pdf = CombinePDF.new
+
+    orders_from(order_ids).each do |order|
+      invoice = renderer.render_to_string(order)
+
+      pdf << CombinePDF.parse(invoice)
+    end
+
+    pdf.save filepath
+  end
+
+  private
+
+  def orders_from(order_ids)
+    Spree::Order.where(id: order_ids).order("completed_at DESC")
+  end
+
+  def renderer
+    @renderer ||= InvoiceRenderer.new
+  end
+end

app/jobs/confirm_order_job.rb

@@ -1,6 +1,8 @@
-ConfirmOrderJob = Struct.new(:order_id) do
-  def perform
-    Spree::OrderMailer.confirm_email_for_customer(order_id).deliver
-    Spree::OrderMailer.confirm_email_for_shop(order_id).deliver
+# frozen_string_literal: true
+
+class ConfirmOrderJob < ActiveJob::Base
+  def perform(order_id)
+    Spree::OrderMailer.confirm_email_for_customer(order_id).deliver_now
+    Spree::OrderMailer.confirm_email_for_shop(order_id).deliver_now
   end
 end

app/jobs/confirm_signup_job.rb

@@ -1,6 +0,0 @@
-ConfirmSignupJob = Struct.new(:user_id) do
-  def perform
-    user = Spree::User.find user_id
-    Spree::UserMailer.signup_confirmation(user).deliver
-  end
-end

app/jobs/heartbeat_job.rb

@@ -1,4 +1,6 @@
-class HeartbeatJob
+# frozen_string_literal: true
+
+class HeartbeatJob < ActiveJob::Base
   def perform
     Spree::Config.last_job_queue_heartbeat_at = Time.now.in_time_zone
   end