Merge pull request #6546 from andrewpbrett/sca-backend

Fix #6543

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/brakeman-analysis.yml

@@ -13,7 +13,7 @@ on:
 jobs:
   brakeman-scan:
     name: Brakeman Scan
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
     # Checkout the repository to the GitHub Actions runner
     - name: Checkout
@@ -23,7 +23,7 @@ jobs:
     - name: Setup Ruby
       uses: actions/setup-ruby@v1
       with:
-        ruby-version: '2.4'
+        ruby-version: '2.7'
 
     - name: Setup Brakeman
       env:

.rubocop_manual_todo.yml

@@ -66,8 +66,9 @@ Layout/LineLength:
   - app/models/spree/image.rb
   - app/models/spree/order.rb
   - app/models/spree/payment_method.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
   - app/models/spree/user.rb
+  - app/models/spree/variant.rb
   - app/models/subscription.rb
   - app/models/variant_override.rb
   - app/models/variant_override_set.rb
@@ -336,6 +337,7 @@ Metrics/AbcSize:
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
   - app/controllers/admin/product_import_controller.rb
+  - app/controllers/admin/resource_controller.rb
   - app/controllers/admin/stripe_accounts_controller.rb
   - app/controllers/admin/subscription_line_items_controller.rb
   - app/controllers/admin/subscriptions_controller.rb
@@ -356,13 +358,13 @@ Metrics/AbcSize:
   - app/controllers/spree/admin/payments_controller.rb
   - app/controllers/spree/admin/products_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
   - app/controllers/spree/admin/search_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/admin/variants_controller.rb
   - app/controllers/spree/credit_cards_controller.rb
   - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/paypal_controller_decorator.rb
   - app/controllers/spree/user_passwords_controller.rb
   - app/controllers/spree/user_registrations_controller.rb
   - app/controllers/spree/users_controller.rb
@@ -399,11 +401,12 @@ Metrics/AbcSize:
   - app/models/spree/preference.rb
   - app/models/spree/preferences/preferable_class_methods.rb
   - app/models/spree/preferences/preferable.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
   - app/models/spree/return_authorization.rb
   - app/models/spree/shipment.rb
   - app/models/spree/taxon.rb
   - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
   - app/models/spree/zone.rb
   - app/serializers/api/product_serializer.rb
   - app/serializers/api/variant_serializer.rb
@@ -530,7 +533,7 @@ Metrics/CyclomaticComplexity:
   - app/models/spree/preference.rb
   - app/models/spree/preferences/preferable.rb
   - app/models/spree/preferences/preferable_class_methods.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
   - app/models/spree/return_authorization.rb
   - app/models/spree/zone.rb
   - app/models/variant_override_set.rb
@@ -550,39 +553,6 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Max: 7
   Exclude:
-  - app/controllers/admin/enterprise_fees_controller.rb
-  - app/controllers/admin/enterprises_controller.rb
-  - app/controllers/spree/admin/taxons_controller.rb
-  - app/controllers/spree/orders_controller.rb
-  - app/helpers/checkout_helper.rb
-  - app/helpers/order_cycles_helper.rb
-  - app/helpers/spree/admin/base_helper.rb
-  - app/helpers/spree/admin/navigation_helper.rb
-  - app/models/enterprise.rb
-  - app/models/enterprise_relationship.rb
-  - app/models/spree/ability.rb
-  - app/models/spree/address.rb
-  - app/models/spree/order/checkout.rb
-  - app/models/spree/payment_method.rb
-  - app/models/spree/payment.rb
-  - app/models/spree/preferences/preferable.rb
-  - app/models/spree/preferences/preferable_class_methods.rb
-  - app/models/spree/product_decorator.rb
-  - app/models/spree/return_authorization.rb
-  - app/models/spree/zone.rb
-  - app/models/variant_override_set.rb
-  - app/services/cart_service.rb
-  - engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb
-  - engines/order_management/app/services/order_management/stock/estimator.rb
-  - lib/active_merchant/billing/gateways/stripe_payment_intents.rb
-  - lib/discourse/single_sign_on.rb
-  - lib/open_food_network/enterprise_issue_validator.rb
-  - lib/spree/core/calculated_adjustments.rb
-  - lib/spree/core/controller_helpers/order.rb
-  - lib/spree/core/controller_helpers/respond_with.rb
-  - lib/spree/core/controller_helpers/ssl.rb
-  - lib/spree/localized_number.rb
-  - spec/models/product_importer_spec.rb
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/api/variants_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
@@ -595,7 +565,10 @@ Metrics/PerceivedComplexity:
   - app/models/spree/address.rb
   - app/models/spree/order/checkout.rb
   - app/models/spree/order.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/preferences/preferable_class_methods.rb
+  - app/models/spree/preferences/preferable.rb
+  - app/models/spree/product.rb
+  - app/models/spree/return_authorization.rb
   - app/models/spree/zone.rb
   - engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb
   - engines/order_management/app/services/order_management/stock/estimator.rb
@@ -618,6 +591,7 @@ Metrics/MethodLength:
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/manager_invitations_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
+  - app/controllers/admin/resource_controller.rb
   - app/controllers/admin/stripe_accounts_controller.rb
   - app/controllers/admin/subscriptions_controller.rb
   - app/controllers/api/products_controller.rb
@@ -632,13 +606,13 @@ Metrics/MethodLength:
   - app/controllers/spree/admin/payments_controller.rb
   - app/controllers/spree/admin/products_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
   - app/controllers/spree/admin/tax_categories_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/admin/variants_controller.rb
   - app/controllers/spree/credit_cards_controller.rb
   - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/paypal_controller_decorator.rb
   - app/controllers/spree/user_sessions_controller.rb
   - app/controllers/stripe/callbacks_controller.rb
   - app/controllers/user_confirmations_controller.rb
@@ -670,11 +644,13 @@ Metrics/MethodLength:
   - app/models/spree/preferences/preferable_class_methods.rb
   - app/models/spree/preferences/preferable.rb
   - app/models/spree/preferences/store.rb
+  - app/models/spree/product.rb
   - app/models/spree/product_decorator.rb
   - app/models/spree/return_authorization.rb
   - app/models/spree/shipment.rb
   - app/models/spree/taxon.rb
   - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
   - app/models/spree/zone.rb
   - app/serializers/api/admin/order_cycle_serializer.rb
   - app/serializers/api/cached_enterprise_serializer.rb
@@ -732,6 +708,7 @@ Metrics/ClassLength:
   Exclude:
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
+  - app/controllers/admin/resource_controller.rb
   - app/controllers/admin/schedules_controller.rb
   - app/controllers/admin/subscriptions_controller.rb
   - app/controllers/api/products_controller.rb
@@ -741,7 +718,6 @@ Metrics/ClassLength:
   - app/controllers/spree/admin/payment_methods_controller.rb
   - app/controllers/spree/admin/products_controller.rb
   - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
   - app/controllers/spree/admin/users_controller.rb
   - app/controllers/spree/orders_controller.rb
   - app/models/enterprise.rb
@@ -755,8 +731,10 @@ Metrics/ClassLength:
   - app/models/spree/line_item.rb
   - app/models/spree/order.rb
   - app/models/spree/payment.rb
+  - app/models/spree/product.rb
   - app/models/spree/shipment.rb
   - app/models/spree/user.rb
+  - app/models/spree/variant.rb
   - app/models/spree/zone.rb
   - app/serializers/api/cached_enterprise_serializer.rb
   - app/serializers/api/enterprise_shopfront_serializer.rb

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 1400`
-# on 2020-10-30 17:18:53 +0000 using RuboCop version 0.81.0.
+# on 2020-11-05 11:27:59 +0000 using RuboCop version 0.81.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -27,13 +27,6 @@ Lint/UselessAccessModifier:
     - 'app/services/mail_configuration.rb'
     - 'lib/open_food_network/feature_toggle.rb'
 
-# Offense count: 2
-Lint/UselessAssignment:
-  Exclude:
-    - 'spec/**/*'
-    - 'app/models/spree/taxon.rb'
-    - 'lib/spree/core/controller_helpers/common.rb'
-
 # Offense count: 10
 Naming/AccessorMethodName:
   Exclude:
@@ -60,7 +53,7 @@ Naming/MemoizedInstanceVariableName:
     - 'app/mailers/producer_mailer.rb'
     - 'lib/open_food_network/address_finder.rb'
 
-# Offense count: 24
+# Offense count: 25
 # Configuration parameters: NamePrefix, ForbiddenPrefixes, AllowedMethods, MethodDefinitionMacros.
 # NamePrefix: is_, has_, have_
 # ForbiddenPrefixes: is_, has_, have_
@@ -72,6 +65,7 @@ Naming/PredicateName:
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_relationship.rb'
     - 'app/models/order_cycle.rb'
+    - 'app/models/spree/ability.rb'
     - 'app/models/spree/adjustment.rb'
     - 'app/models/spree/credit_card.rb'
     - 'app/models/spree/line_item.rb'
@@ -125,7 +119,7 @@ Rails/Delegate:
     - 'app/models/spree/line_item.rb'
     - 'engines/order_management/app/services/order_management/reports/bulk_coop/renderers/html_renderer.rb'
 
-# Offense count: 16
+# Offense count: 15
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: slashes, arguments
 Rails/FilePath:
@@ -139,7 +133,6 @@ Rails/FilePath:
     - 'spec/factories/product_factory.rb'
     - 'spec/features/admin/enterprises/images_spec.rb'
     - 'spec/models/content_configuration_spec.rb'
-    - 'spec/models/spree/variant_spec.rb'
     - 'spec/serializers/api/admin/enterprise_serializer_spec.rb'
     - 'spec/support/downloads_helper.rb'
 
@@ -163,7 +156,7 @@ Rails/FindEach:
   Exclude:
     - 'app/models/spree/shipment.rb'
 
-# Offense count: 9
+# Offense count: 11
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
@@ -172,12 +165,14 @@ Rails/HasAndBelongsToMany:
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_group.rb'
     - 'app/models/spree/line_item.rb'
+    - 'app/models/spree/option_value.rb'
     - 'app/models/spree/role.rb'
     - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/user.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/spree/zone.rb'
 
-# Offense count: 38
+# Offense count: 41
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
@@ -197,7 +192,7 @@ Rails/HasManyOrHasOneDependent:
     - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/taxonomy.rb'
     - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant_decorator.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/subscription.rb'
 
 # Offense count: 84
@@ -272,13 +267,13 @@ Rails/ReflectionClassName:
     - 'app/models/spree/order.rb'
     - 'app/models/subscription.rb'
 
-# Offense count: 247
+# Offense count: 250
 # Configuration parameters: Blacklist, Whitelist.
 # Blacklist: decrement!, decrement_counter, increment!, increment_counter, toggle!, touch, update_all, update_attribute, update_column, update_columns, update_counters
 Rails/SkipsModelValidations:
   Exclude:
+    - 'app/controllers/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/payment_methods_controller.rb'
-    - 'app/controllers/spree/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/shipping_methods_controller.rb'
     - 'app/controllers/spree/admin/taxons_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
@@ -294,10 +289,12 @@ Rails/SkipsModelValidations:
     - 'app/models/spree/inventory_unit.rb'
     - 'app/models/spree/order.rb'
     - 'app/models/spree/payment.rb'
+    - 'app/models/spree/product.rb'
     - 'app/models/spree/shipment.rb'
     - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/tax_category.rb'
     - 'app/models/spree/taxonomy.rb'
+    - 'app/models/spree/variant.rb'
     - 'app/models/spree/zone.rb'
     - 'app/models/subscription.rb'
     - 'app/models/variant_override.rb'
@@ -440,14 +437,12 @@ Style/FormatStringToken:
     - 'lib/open_food_network/sales_tax_report.rb'
     - 'spec/features/admin/bulk_order_management_spec.rb'
 
-# Offense count: 765
+# Offense count: 760
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
   Exclude:
-    - 'Gemfile'
-    - 'Rakefile'
     - 'app/controllers/admin/bulk_line_items_controller.rb'
     - 'app/controllers/admin/column_preferences_controller.rb'
     - 'app/controllers/admin/contents_controller.rb'
@@ -518,7 +513,6 @@ Style/FrozenStringLiteralComment:
     - 'app/controllers/spree/admin/products_controller.rb'
     - 'app/controllers/spree/admin/properties_controller.rb'
     - 'app/controllers/spree/admin/reports_controller.rb'
-    - 'app/controllers/spree/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/return_authorizations_controller.rb'
     - 'app/controllers/spree/admin/search_controller.rb'
     - 'app/controllers/spree/admin/shipping_categories_controller.rb'
@@ -635,16 +629,10 @@ Style/FrozenStringLiteralComment:
     - 'app/models/spree/gateway/migs.rb'
     - 'app/models/spree/gateway/pin.rb'
     - 'app/models/spree/gateway/stripe_connect.rb'
-    - 'app/models/spree/option_type_decorator.rb'
     - 'app/models/spree/preferences/file_configuration.rb'
-    - 'app/models/spree/price_decorator.rb'
-    - 'app/models/spree/product_decorator.rb'
-    - 'app/models/spree/product_option_type_decorator.rb'
-    - 'app/models/spree/product_property_decorator.rb'
     - 'app/models/spree/product_set.rb'
     - 'app/models/spree/property.rb'
     - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant_decorator.rb'
     - 'app/models/stripe_account.rb'
     - 'app/models/subscription.rb'
     - 'app/models/subscription_line_item.rb'
@@ -725,7 +713,6 @@ Style/FrozenStringLiteralComment:
     - 'app/validators/date_time_string_validator.rb'
     - 'app/validators/distributors_validator.rb'
     - 'app/validators/integer_array_validator.rb'
-    - 'config.ru'
     - 'engines/order_management/app/controllers/order_management/application_controller.rb'
     - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/authorizer.rb'
     - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/data_representations/coordinator_fee.rb'
@@ -750,29 +737,11 @@ Style/FrozenStringLiteralComment:
     - 'engines/order_management/app/services/reports/permissions.rb'
     - 'engines/order_management/app/services/reports/renderers/base.rb'
     - 'engines/order_management/app/services/reports/report_data/base.rb'
-    - 'engines/order_management/config/routes.rb'
-    - 'engines/order_management/lib/order_management.rb'
-    - 'engines/order_management/lib/order_management/engine.rb'
-    - 'engines/order_management/lib/order_management/version.rb'
-    - 'engines/order_management/order_management.gemspec'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/authorizer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/parameters_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/permissions_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/renderers/csv_renderer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/renderers/html_renderer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/report_data/enterprise_fee_type_total_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/report_service_spec.rb'
     - 'engines/web/app/controllers/web/angular_templates_controller.rb'
     - 'engines/web/app/controllers/web/api/cookies_consent_controller.rb'
     - 'engines/web/app/controllers/web/application_controller.rb'
     - 'engines/web/app/helpers/web/cookies_policy_helper.rb'
-    - 'engines/web/config/routes.rb'
-    - 'engines/web/lib/web.rb'
     - 'engines/web/lib/web/cookies_consent.rb'
-    - 'engines/web/lib/web/engine.rb'
-    - 'engines/web/lib/web/version.rb'
-    - 'engines/web/spec/helpers/cookies_policy_helper_spec.rb'
-    - 'engines/web/web.gemspec'
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/address_finder.rb'
     - 'lib/open_food_network/available_payment_method_filter.rb'
@@ -849,370 +818,8 @@ Style/FrozenStringLiteralComment:
     - 'lib/tasks/sample_data/user_factory.rb'
     - 'lib/tasks/specs.rake'
     - 'lib/tasks/users.rake'
-    - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/column_preferences_controller_spec.rb'
-    - 'spec/controllers/admin/customers_controller_spec.rb'
-    - 'spec/controllers/admin/enterprises_controller_spec.rb'
-    - 'spec/controllers/admin/inventory_items_controller_spec.rb'
-    - 'spec/controllers/admin/manager_invitations_controller_spec.rb'
-    - 'spec/controllers/admin/order_cycles_controller_spec.rb'
-    - 'spec/controllers/admin/proxy_orders_controller_spec.rb'
-    - 'spec/controllers/admin/schedules_controller_spec.rb'
-    - 'spec/controllers/admin/stripe_accounts_controller_spec.rb'
-    - 'spec/controllers/admin/stripe_connect_settings_controller_spec.rb'
-    - 'spec/controllers/admin/subscription_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
-    - 'spec/controllers/admin/tag_rules_controller_spec.rb'
-    - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
-    - 'spec/controllers/api/base_controller_spec.rb'
-    - 'spec/controllers/api/customers_controller_spec.rb'
-    - 'spec/controllers/api/enterprise_fees_controller_spec.rb'
-    - 'spec/controllers/api/enterprises_controller_spec.rb'
-    - 'spec/controllers/api/logos_controller_spec.rb'
-    - 'spec/controllers/api/order_cycles_controller_spec.rb'
-    - 'spec/controllers/api/orders_controller_spec.rb'
-    - 'spec/controllers/api/product_images_controller_spec.rb'
-    - 'spec/controllers/api/products_controller_spec.rb'
-    - 'spec/controllers/api/promo_images_controller_spec.rb'
-    - 'spec/controllers/api/shipments_controller_spec.rb'
-    - 'spec/controllers/api/statuses_controller_spec.rb'
-    - 'spec/controllers/api/taxonomies_controller_spec.rb'
-    - 'spec/controllers/api/taxons_controller_spec.rb'
-    - 'spec/controllers/api/terms_and_conditions_controller_spec.rb'
-    - 'spec/controllers/api/variants_controller_spec.rb'
-    - 'spec/controllers/base_controller_spec.rb'
-    - 'spec/controllers/cart_controller_spec.rb'
-    - 'spec/controllers/checkout_controller_spec.rb'
-    - 'spec/controllers/enterprises_controller_spec.rb'
-    - 'spec/controllers/groups_controller_spec.rb'
-    - 'spec/controllers/line_items_controller_spec.rb'
-    - 'spec/controllers/registration_controller_spec.rb'
-    - 'spec/controllers/shop_controller_spec.rb'
-    - 'spec/controllers/shops_controller_spec.rb'
-    - 'spec/controllers/spree/admin/adjustments_controller_spec.rb'
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
-    - 'spec/controllers/spree/admin/general_settings_controller_spec.rb'
-    - 'spec/controllers/spree/admin/invoices_controller_spec.rb'
-    - 'spec/controllers/spree/admin/mail_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/orders/customer_details_controller_spec.rb'
-    - 'spec/controllers/spree/admin/orders_controller_spec.rb'
-    - 'spec/controllers/spree/admin/overview_controller_spec.rb'
-    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/products_controller_spec.rb'
-    - 'spec/controllers/spree/admin/reports_controller_spec.rb'
-    - 'spec/controllers/spree/admin/search_controller_spec.rb'
-    - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/users_controller_spec.rb'
-    - 'spec/controllers/spree/admin/variants_controller_spec.rb'
-    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
-    - 'spec/controllers/spree/orders_controller_spec.rb'
-    - 'spec/controllers/spree/user_sessions_controller_spec.rb'
-    - 'spec/controllers/spree/users_controller_spec.rb'
-    - 'spec/controllers/stripe/callbacks_controller_spec.rb'
-    - 'spec/controllers/stripe/webhooks_controller_spec.rb'
-    - 'spec/controllers/user_confirmations_controller_spec.rb'
-    - 'spec/controllers/user_passwords_controller_spec.rb'
-    - 'spec/controllers/user_registrations_controller_spec.rb'
-    - 'spec/factories.rb'
-    - 'spec/factories/address_factory.rb'
-    - 'spec/factories/calculated_adjustment_factory.rb'
-    - 'spec/factories/calculator_factory.rb'
-    - 'spec/factories/enterprise_factory.rb'
-    - 'spec/factories/order_cycle_factory.rb'
-    - 'spec/factories/order_factory.rb'
-    - 'spec/factories/product_factory.rb'
-    - 'spec/factories/return_authorization_factory.rb'
-    - 'spec/factories/shipment_factory.rb'
-    - 'spec/factories/shipping_method_factory.rb'
-    - 'spec/factories/state_factory.rb'
-    - 'spec/factories/stock_movement_factory.rb'
-    - 'spec/factories/subscription_factory.rb'
-    - 'spec/factories/tag_rule_factory.rb'
-    - 'spec/factories/user_factory.rb'
-    - 'spec/factories/variant_factory.rb'
-    - 'spec/features/admin/adjustments_spec.rb'
-    - 'spec/features/admin/authentication_spec.rb'
-    - 'spec/features/admin/bulk_order_management_spec.rb'
-    - 'spec/features/admin/bulk_product_update_spec.rb'
-    - 'spec/features/admin/configuration/content_spec.rb'
-    - 'spec/features/admin/configuration/general_settings_spec.rb'
-    - 'spec/features/admin/configuration/mail_methods_spec.rb'
-    - 'spec/features/admin/configuration/states_spec.rb'
-    - 'spec/features/admin/configuration/tax_categories_spec.rb'
-    - 'spec/features/admin/configuration/tax_rates_spec.rb'
-    - 'spec/features/admin/configuration/taxonomies_spec.rb'
-    - 'spec/features/admin/configuration/zones_spec.rb'
-    - 'spec/features/admin/customers_spec.rb'
-    - 'spec/features/admin/enterprise_fees_spec.rb'
-    - 'spec/features/admin/enterprise_groups_spec.rb'
-    - 'spec/features/admin/enterprise_relationships_spec.rb'
-    - 'spec/features/admin/enterprise_roles_spec.rb'
-    - 'spec/features/admin/enterprise_user_spec.rb'
-    - 'spec/features/admin/enterprises/index_spec.rb'
-    - 'spec/features/admin/enterprises_spec.rb'
-    - 'spec/features/admin/external_services_spec.rb'
-    - 'spec/features/admin/multilingual_spec.rb'
-    - 'spec/features/admin/overview_spec.rb'
-    - 'spec/features/admin/payment_method_spec.rb'
-    - 'spec/features/admin/payments_spec.rb'
-    - 'spec/features/admin/product_import_spec.rb'
-    - 'spec/features/admin/products_spec.rb'
-    - 'spec/features/admin/reports/packing_report_spec.rb'
-    - 'spec/features/admin/reports_spec.rb'
-    - 'spec/features/admin/schedules_spec.rb'
-    - 'spec/features/admin/shipping_methods_spec.rb'
-    - 'spec/features/admin/subscriptions_spec.rb'
-    - 'spec/features/admin/tag_rules_spec.rb'
-    - 'spec/features/admin/tax_settings_spec.rb'
-    - 'spec/features/admin/users_spec.rb'
-    - 'spec/features/admin/variant_overrides_spec.rb'
-    - 'spec/features/admin/variants_spec.rb'
-    - 'spec/features/consumer/account/cards_spec.rb'
-    - 'spec/features/consumer/account/settings_spec.rb'
-    - 'spec/features/consumer/account_spec.rb'
-    - 'spec/features/consumer/authentication_spec.rb'
-    - 'spec/features/consumer/confirm_invitation_spec.rb'
-    - 'spec/features/consumer/footer_links_spec.rb'
-    - 'spec/features/consumer/groups_spec.rb'
-    - 'spec/features/consumer/multilingual_spec.rb'
-    - 'spec/features/consumer/producers_spec.rb'
-    - 'spec/features/consumer/registration_spec.rb'
-    - 'spec/features/consumer/shopping/cart_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_auth_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_paypal_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_spec.rb'
-    - 'spec/features/consumer/shopping/embedded_groups_spec.rb'
-    - 'spec/features/consumer/shopping/embedded_shopfronts_spec.rb'
-    - 'spec/features/consumer/shopping/orders_spec.rb'
-    - 'spec/features/consumer/shopping/products_spec.rb'
-    - 'spec/features/consumer/shopping/shopping_spec.rb'
-    - 'spec/features/consumer/shopping/variant_overrides_spec.rb'
-    - 'spec/features/consumer/shops_spec.rb'
-    - 'spec/features/consumer/sitemap_spec.rb'
-    - 'spec/helpers/admin/orders_helper_spec.rb'
-    - 'spec/helpers/admin/subscriptions_helper_spec.rb'
-    - 'spec/helpers/checkout_helper_spec.rb'
-    - 'spec/helpers/enterprises_helper_spec.rb'
-    - 'spec/helpers/groups_helper_spec.rb'
-    - 'spec/helpers/html_helper_spec.rb'
-    - 'spec/helpers/i18n_helper_spec.rb'
-    - 'spec/helpers/injection_helper_spec.rb'
-    - 'spec/helpers/navigation_helper_spec.rb'
-    - 'spec/helpers/order_cycles_helper_spec.rb'
-    - 'spec/helpers/serializer_helper_spec.rb'
-    - 'spec/helpers/shared_helper_spec.rb'
-    - 'spec/helpers/shop_helper_spec.rb'
-    - 'spec/helpers/spree/admin/base_helper_spec.rb'
-    - 'spec/helpers/spree/admin/orders_helper_spec.rb'
-    - 'spec/helpers/spree/orders_helper_spec.rb'
-    - 'spec/jobs/confirm_order_job_spec.rb'
-    - 'spec/jobs/confirm_signup_job_spec.rb'
-    - 'spec/jobs/heartbeat_job_spec.rb'
-    - 'spec/jobs/order_cycle_notification_job_spec.rb'
-    - 'spec/jobs/subscription_confirm_job_spec.rb'
-    - 'spec/jobs/subscription_placement_job_spec.rb'
-    - 'spec/jobs/welcome_enterprise_job_spec.rb'
-    - 'spec/lib/open_food_network/address_finder_spec.rb'
-    - 'spec/lib/open_food_network/customers_report_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_applicator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_issue_validator_spec.rb'
-    - 'spec/lib/open_food_network/error_logger_spec.rb'
-    - 'spec/lib/open_food_network/feature_toggle_spec.rb'
-    - 'spec/lib/open_food_network/group_buy_report_spec.rb'
-    - 'spec/lib/open_food_network/i18n_config_spec.rb'
-    - 'spec/lib/open_food_network/lettuce_share_report_spec.rb'
-    - 'spec/lib/open_food_network/order_and_distributor_report_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_management_report_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_permissions_spec.rb'
-    - 'spec/lib/open_food_network/order_grouper_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/customer_totals_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/distributor_totals_by_supplier_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/supplier_totals_by_distributor_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/supplier_totals_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report_spec.rb'
-    - 'spec/lib/open_food_network/packing_report_spec.rb'
-    - 'spec/lib/open_food_network/permissions_spec.rb'
-    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
-    - 'spec/lib/open_food_network/property_merge_spec.rb'
-    - 'spec/lib/open_food_network/referer_parser_spec.rb'
-    - 'spec/lib/open_food_network/sales_tax_report_spec.rb'
-    - 'spec/lib/open_food_network/scope_variant_to_hub_spec.rb'
-    - 'spec/lib/open_food_network/scope_variants_to_search_spec.rb'
-    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
-    - 'spec/lib/open_food_network/user_balance_calculator_spec.rb'
-    - 'spec/lib/open_food_network/users_and_enterprises_report_spec.rb'
-    - 'spec/lib/open_food_network/xero_invoices_report_spec.rb'
-    - 'spec/lib/spree/localized_number_spec.rb'
-    - 'spec/lib/stripe/account_connector_spec.rb'
-    - 'spec/lib/stripe/webhook_handler_spec.rb'
-    - 'spec/lib/tasks/enterprises_rake_spec.rb'
-    - 'spec/lib/tasks/users_rake_spec.rb'
-    - 'spec/mailers/enterprise_mailer_spec.rb'
-    - 'spec/mailers/producer_mailer_spec.rb'
-    - 'spec/mailers/subscription_mailer_spec.rb'
-    - 'spec/mailers/user_mailer_spec.rb'
-    - 'spec/models/adjustment_metadata_spec.rb'
-    - 'spec/models/calculator/flat_percent_item_total_spec.rb'
-    - 'spec/models/calculator/flat_percent_per_item_spec.rb'
-    - 'spec/models/calculator/flat_rate_spec.rb'
-    - 'spec/models/calculator/flexi_rate_spec.rb'
-    - 'spec/models/calculator/per_item_spec.rb'
-    - 'spec/models/calculator/price_sack_spec.rb'
-    - 'spec/models/calculator/weight_spec.rb'
-    - 'spec/models/column_preference_spec.rb'
-    - 'spec/models/concerns/order_shipment_spec.rb'
-    - 'spec/models/concerns/product_stock_spec.rb'
-    - 'spec/models/concerns/variant_stock_spec.rb'
-    - 'spec/models/content_configuration_spec.rb'
-    - 'spec/models/customer_spec.rb'
-    - 'spec/models/enterprise_caching_spec.rb'
-    - 'spec/models/enterprise_fee_spec.rb'
-    - 'spec/models/enterprise_group_spec.rb'
-    - 'spec/models/enterprise_relationship_spec.rb'
-    - 'spec/models/enterprise_spec.rb'
-    - 'spec/models/exchange_spec.rb'
-    - 'spec/models/model_set_spec.rb'
-    - 'spec/models/order_cycle_spec.rb'
-    - 'spec/models/product_import/entry_processor_spec.rb'
-    - 'spec/models/product_import/inventory_reset_strategy_spec.rb'
-    - 'spec/models/product_import/reset_absent_spec.rb'
-    - 'spec/models/product_import/settings_spec.rb'
-    - 'spec/models/product_importer_spec.rb'
-    - 'spec/models/proxy_order_spec.rb'
-    - 'spec/models/spree/ability_spec.rb'
-    - 'spec/models/spree/addresses_spec.rb'
-    - 'spec/models/spree/adjustment_spec.rb'
-    - 'spec/models/spree/calculator_spec.rb'
-    - 'spec/models/spree/classification_spec.rb'
-    - 'spec/models/spree/credit_card_spec.rb'
-    - 'spec/models/spree/gateway/stripe_connect_spec.rb'
-    - 'spec/models/spree/line_item_spec.rb'
-    - 'spec/models/spree/order/checkout_spec.rb'
-    - 'spec/models/spree/order_spec.rb'
-    - 'spec/models/spree/payment_method_spec.rb'
-    - 'spec/models/spree/payment_spec.rb'
-    - 'spec/models/spree/preferences/file_configuration_spec.rb'
-    - 'spec/models/spree/price_spec.rb'
-    - 'spec/models/spree/product_set_spec.rb'
-    - 'spec/models/spree/product_spec.rb'
-    - 'spec/models/spree/shipping_method_spec.rb'
-    - 'spec/models/spree/stock/availability_validator_spec.rb'
-    - 'spec/models/spree/tax_rate_spec.rb'
-    - 'spec/models/spree/user_spec.rb'
-    - 'spec/models/spree/variant_spec.rb'
-    - 'spec/models/stripe_account_spec.rb'
-    - 'spec/models/subscription_line_item_spec.rb'
-    - 'spec/models/subscription_spec.rb'
-    - 'spec/models/tag_rule/discount_order_spec.rb'
-    - 'spec/models/tag_rule/filter_order_cycles_spec.rb'
-    - 'spec/models/tag_rule/filter_payment_methods_spec.rb'
-    - 'spec/models/tag_rule/filter_products_spec.rb'
-    - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
-    - 'spec/models/tag_rule_spec.rb'
-    - 'spec/models/variant_override_spec.rb'
-    - 'spec/performance/injection_helper_spec.rb'
-    - 'spec/performance/orders_controller_spec.rb'
-    - 'spec/performance/shop_controller_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
-    - 'spec/requests/checkout/paypal_spec.rb'
-    - 'spec/requests/checkout/stripe_connect_spec.rb'
-    - 'spec/requests/embedded_shopfronts_headers_spec.rb'
-    - 'spec/requests/large_request_spec.rb'
-    - 'spec/serializers/api/admin/customer_serializer_spec.rb'
-    - 'spec/serializers/api/admin/enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/admin/exchange_serializer_spec.rb'
-    - 'spec/serializers/api/admin/for_order_cycle/supplied_product_serializer_spec.rb'
-    - 'spec/serializers/api/admin/index_enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/admin/order_cycle_serializer_spec.rb'
-    - 'spec/serializers/api/admin/product_serializer_spec.rb'
-    - 'spec/serializers/api/admin/subscription_customer_serializer_spec.rb'
-    - 'spec/serializers/api/admin/subscription_line_item_serializer_spec.rb'
-    - 'spec/serializers/api/admin/variant_override_serializer_spec.rb'
-    - 'spec/serializers/api/admin/variant_serializer_spec.rb'
-    - 'spec/serializers/api/cached_enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/credit_card_serializer_spec.rb'
-    - 'spec/serializers/api/current_order_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_shopfront_list_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_shopfront_serializer_spec.rb'
-    - 'spec/serializers/api/group_list_serializer_spec.rb'
-    - 'spec/serializers/api/order_cycle_serializer_spec.rb'
-    - 'spec/serializers/api/order_serializer_spec.rb'
-    - 'spec/serializers/api/product_serializer_spec.rb'
-    - 'spec/serializers/api/shipping_method_serializer_spec.rb'
-    - 'spec/serializers/api/variant_serializer_spec.rb'
-    - 'spec/services/bulk_invoice_service_spec.rb'
-    - 'spec/services/cart_service_spec.rb'
-    - 'spec/services/default_shipping_category_spec.rb'
-    - 'spec/services/default_stock_location_spec.rb'
-    - 'spec/services/embedded_page_service_spec.rb'
-    - 'spec/services/exchange_products_renderer_spec.rb'
-    - 'spec/services/exchange_variant_bulk_updater_spec.rb'
-    - 'spec/services/invoice_renderer_spec.rb'
-    - 'spec/services/mail_configuration_spec.rb'
-    - 'spec/services/order_cycle_distributed_products_spec.rb'
-    - 'spec/services/order_cycle_distributed_variants_spec.rb'
-    - 'spec/services/order_cycle_form_spec.rb'
-    - 'spec/services/order_cycle_warning_spec.rb'
-    - 'spec/services/order_factory_spec.rb'
-    - 'spec/services/order_syncer_spec.rb'
-    - 'spec/services/order_workflow_spec.rb'
-    - 'spec/services/permissions/order_spec.rb'
-    - 'spec/services/product_tag_rules_filterer_spec.rb'
-    - 'spec/services/products_renderer_spec.rb'
-    - 'spec/services/search_orders_spec.rb'
-    - 'spec/services/tax_rate_finder_spec.rb'
-    - 'spec/services/upload_sanitizer_spec.rb'
-    - 'spec/services/variant_units/option_value_namer_spec.rb'
-    - 'spec/services/variants_stock_levels_spec.rb'
-    - 'spec/spec_helper.rb'
-    - 'spec/support/ability_helper.rb'
-    - 'spec/support/api_helper.rb'
-    - 'spec/support/cancan_helper.rb'
-    - 'spec/support/controller_helper.rb'
-    - 'spec/support/delayed_job_helper.rb'
-    - 'spec/support/downloads_helper.rb'
-    - 'spec/support/email_helper.rb'
-    - 'spec/support/embedded_pages_helper.rb'
-    - 'spec/support/enterprise_groups_helper.rb'
-    - 'spec/support/feature_toggle_helper.rb'
-    - 'spec/support/features/datepicker_helper.rb'
-    - 'spec/support/filters_helper.rb'
-    - 'spec/support/html_helper.rb'
-    - 'spec/support/i18n_error_raising.rb'
-    - 'spec/support/localized_number_helper.rb'
-    - 'spec/support/matchers/date_time_validator_matchers.rb'
-    - 'spec/support/matchers/delegate_matchers.rb'
-    - 'spec/support/matchers/email_confirmation_matchers.rb'
-    - 'spec/support/matchers/flash_message_matchers.rb'
-    - 'spec/support/matchers/integer_array_validator_matchers.rb'
-    - 'spec/support/matchers/select2_matchers.rb'
-    - 'spec/support/matchers/table_matchers.rb'
-    - 'spec/support/performance_helper.rb'
-    - 'spec/support/products_helper.rb'
-    - 'spec/support/request/admin_helper.rb'
-    - 'spec/support/request/authentication_helper.rb'
-    - 'spec/support/request/cookie_helper.rb'
-    - 'spec/support/request/distribution_helper.rb'
-    - 'spec/support/request/menu_helper.rb'
-    - 'spec/support/request/shop_workflow.rb'
-    - 'spec/support/request/ui_component_helper.rb'
-    - 'spec/support/request/web_helper.rb'
-    - 'spec/support/seeds.rb'
-    - 'spec/support/spree/checkout_helpers.rb'
-    - 'spec/support/spree/money_helper.rb'
-    - 'spec/support/spree/url_helpers.rb'
-    - 'spec/support/timecop.rb'
-    - 'spec/validators/date_time_string_validator_spec.rb'
-    - 'spec/validators/integer_array_validator_spec.rb'
-    - 'spec/views/spree/admin/orders/edit.html.haml_spec.rb'
-    - 'spec/views/spree/admin/orders/index.html.haml_spec.rb'
-    - 'spec/views/spree/admin/payment_methods/index.html.haml_spec.rb'
-    - 'spec/views/spree/admin/shared/_order_links.html.haml_spec.rb'
 
-# Offense count: 44
+# Offense count: 39
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
   Exclude:
@@ -1229,8 +836,6 @@ Style/GuardClause:
     - 'app/models/enterprise_group.rb'
     - 'app/models/producer_property.rb'
     - 'app/models/spree/preferences/preferable_class_methods.rb'
-    - 'app/models/spree/price_decorator.rb'
-    - 'app/models/spree/product_decorator.rb'
     - 'app/services/order_syncer.rb'
     - 'app/services/variant_units/variant_and_line_item_naming.rb'
     - 'lib/discourse/single_sign_on.rb'

Gemfile

@@ -1,14 +1,17 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 ruby "2.3.7"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
-gem 'i18n', '~> 0.6.11'
+gem 'i18n'
 gem 'i18n-js', '~> 3.8.0'
-gem 'rails', '~> 4.0.13'
-gem 'rails-i18n', '~> 4.0'
+gem 'rails', '~> 4.2'
+gem 'rails-i18n'
 gem 'rails_safe_tasks', '~> 1.0'
 
 gem "activerecord-import"
+gem 'responders', '~> 2.0'
 
 gem "catalog", path: "./engines/catalog"
 gem 'dfc_provider', path: './engines/dfc_provider'
@@ -18,19 +21,17 @@ gem 'web', path: './engines/web'
 gem 'activerecord-postgresql-adapter'
 gem 'pg', '~> 0.21.0'
 
-gem 'acts_as_list', '= 0.3.0'
+gem 'acts_as_list', '0.9.19'
 gem 'awesome_nested_set', '~> 3.2.1'
 gem 'cancan', '~> 1.6.10'
-gem 'ffaker', '~> 1.16'
+gem 'ffaker'
 gem 'highline', '2.0.3' # Necessary for the install generator
-gem 'json', '>= 1.7.7'
-gem 'money', '5.1.1'
+gem 'json'
+gem 'money', '< 6.1.0'
 gem 'paranoia', '~> 2.0'
 gem 'ransack', '~> 1.8.10'
-gem 'state_machine', '1.2.0'
-gem 'stringex', '~> 1.5.1'
-
-gem 'spree_i18n', github: 'openfoodfoundation/spree_i18n', branch: '1-3-stable'
+gem 'state_machines-activerecord'
+gem 'stringex', '~> 2.8.5'
 
 # Our branch contains the following changes:
 # - Pass customer email and phone number to PayPal (merged to upstream master)
@@ -44,9 +45,9 @@ gem 'stripe'
 # which is needed for Pin Payments (and possibly others).
 gem 'activemerchant', '~> 1.78.0'
 
-gem 'devise', '~> 3.5.10' # v4.0.0 needs rails 4.1
+gem 'devise'
 gem 'devise-encryptable'
-gem 'devise-token_authenticatable', '~> 0.4.10' # v0.5.0 needs devise v4
+gem 'devise-token_authenticatable'
 gem 'jwt', '~> 2.2'
 gem 'oauth2', '~> 1.4.4' # Used for Stripe Connect
 
@@ -90,7 +91,6 @@ gem 'combine_pdf'
 gem 'wicked_pdf'
 gem 'wkhtmltopdf-binary'
 
-gem 'foreigner'
 gem 'immigrant'
 gem 'roo', '~> 2.8.3'
 
@@ -111,7 +111,7 @@ gem 'foundation-icons-sass-rails'
 gem 'foundation-rails', '= 5.5.2.1'
 
 gem 'jquery-migrate-rails'
-gem 'jquery-rails', '3.1.5'
+gem 'jquery-rails', '4.4.0'
 gem 'jquery-ui-rails', '~> 4.2'
 gem 'select2-rails', '~> 3.4.7'
 
@@ -126,9 +126,9 @@ group :test, :development do
   # Pretty printed test output
   gem 'atomic'
   gem 'awesome_print'
-  gem 'capybara', '>= 2.18.0' # 3.0 requires rack 1.6 that only works with Rails 4.2
+  gem 'capybara'
   gem 'database_cleaner', require: false
-  gem "factory_bot_rails", '4.10.0', require: false
+  gem "factory_bot_rails", '5.2.0', require: false
   gem 'fuubar', '~> 2.5.0'
   gem 'json_spec', '~> 1.1.4'
   gem 'knapsack'
@@ -146,6 +146,7 @@ end
 group :test do
   gem 'simplecov', require: false
   gem 'test-prof'
+  gem 'test_after_commit' # needed to test Devise callbacks
   gem 'webmock'
   # See spec/spec_helper.rb for instructions
   # gem 'perftools.rb'
@@ -154,7 +155,6 @@ end
 group :development do
   gem 'byebug', '~> 11.0.0' # 11.1 requires ruby 2.4
   gem 'debugger-linecache'
-  gem "newrelic_rpm", "~> 3.0"
   gem "pry", "~> 0.12.0" # pry 0.13 is not compatible with pry-byebug 3.7
   gem 'pry-byebug', '~> 3.7.0' # 3.8 requires ruby 2.4
   gem 'rubocop'

Gemfile.lock

@@ -19,15 +19,6 @@ GIT
   specs:
     ofn-qz (0.1.0)
 
-GIT
-  remote: https://github.com/openfoodfoundation/spree_i18n.git
-  revision: 12f18312232f0ce70270d47859d2951d12f7791c
-  branch: 1-3-stable
-  specs:
-    spree_i18n (1.0.0)
-      i18n (~> 0.5)
-      rails-i18n
-
 PATH
   remote: engines/catalog
   specs:
@@ -55,33 +46,44 @@ GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.6)
-    actionmailer (4.0.13)
-      actionpack (= 4.0.13)
+    actionmailer (4.2.11.3)
+      actionpack (= 4.2.11.3)
+      actionview (= 4.2.11.3)
+      activejob (= 4.2.11.3)
       mail (~> 2.5, >= 2.5.4)
-    actionpack (4.0.13)
-      activesupport (= 4.0.13)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
-      rack (~> 1.5.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.11.3)
+      actionview (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
+      rack (~> 1.6)
       rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
     actionpack-action_caching (1.2.1)
       actionpack (>= 4.0.0)
+    actionview (4.2.11.3)
+      activesupport (= 4.2.11.3)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
     active_model_serializers (0.8.4)
       activemodel (>= 3.0)
+    activejob (4.2.11.3)
+      activesupport (= 4.2.11.3)
+      globalid (>= 0.3.0)
     activemerchant (1.78.0)
       activesupport (>= 3.2.14, < 6.x)
       builder (>= 2.1.2, < 4.0.0)
       i18n (>= 0.6.9)
       nokogiri (~> 1.4)
-    activemodel (4.0.13)
-      activesupport (= 4.0.13)
-      builder (~> 3.1.0)
-    activerecord (4.0.13)
-      activemodel (= 4.0.13)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.13)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.4)
+    activemodel (4.2.11.3)
+      activesupport (= 4.2.11.3)
+      builder (~> 3.1)
+    activerecord (4.2.11.3)
+      activemodel (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
+      arel (~> 6.0)
     activerecord-import (1.0.7)
       activerecord (>= 3.2)
     activerecord-postgresql-adapter (0.0.1)
@@ -92,18 +94,20 @@ GEM
       multi_json (~> 1.11, >= 1.11.2)
       rack (>= 1.5.2, < 3)
       railties (>= 4.0)
-    activesupport (4.0.13)
-      i18n (~> 0.6, >= 0.6.9)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
-      thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
+    activesupport (4.2.11.3)
+      i18n (~> 0.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
     acts-as-taggable-on (4.0.0)
       activerecord (>= 4.0)
-    acts_as_list (0.3.0)
+    acts_as_list (0.9.19)
       activerecord (>= 3.0)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
+    aliyun-sdk (0.8.0)
+      nokogiri (~> 1.6)
+      rest-client (~> 2.0)
     andand (1.3.3)
     angular-rails-templates (0.3.0)
       railties (>= 3.1)
@@ -111,7 +115,7 @@ GEM
       tilt
     angularjs-file-upload-rails (2.4.1)
     angularjs-rails (1.5.5)
-    arel (4.0.2)
+    arel (6.0.4)
     ast (2.4.0)
     atomic (1.1.101)
     awesome_nested_set (3.2.1)
@@ -122,22 +126,23 @@ GEM
     aws-sdk-v1 (1.67.0)
       json (~> 1.4)
       nokogiri (~> 1)
-    bcrypt (3.1.13)
+    bcrypt (3.1.16)
     bugsnag (6.18.0)
       concurrent-ruby (~> 1.0)
-    builder (3.1.4)
+    builder (3.2.4)
     byebug (11.0.1)
     cancan (1.6.10)
-    capybara (2.18.0)
+    capybara (3.15.1)
       addressable
       mini_mime (>= 0.1.3)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (>= 2.0, < 4.0)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.2)
+      xpath (~> 3.2)
     childprocess (3.0.0)
     chronic (0.10.2)
-    chunky_png (1.3.11)
+    chunky_png (1.3.14)
     climate_control (0.2.0)
     cocaine (0.5.8)
       climate_control (>= 0.0.3, < 1.0)
@@ -149,7 +154,7 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    combine_pdf (1.0.16)
+    combine_pdf (1.0.21)
       ruby-rc4 (>= 0.1.5)
     compass (1.0.3)
       chunky_png (~> 1.2)
@@ -169,6 +174,7 @@ GEM
       sprockets (< 4.0)
     concurrent-ruby (1.1.7)
     crack (0.4.4)
+    crass (1.0.6)
     css_parser (1.7.1)
       addressable
     daemons (1.3.1)
@@ -178,48 +184,49 @@ GEM
       activerecord (>= 3.2.0, < 5.0)
       fog (~> 1.0)
       rails (>= 3.2.0, < 5.0)
-    ddtrace (0.42.0)
+    ddtrace (0.43.0)
       msgpack
     debugger-linecache (1.2.0)
-    delayed_job (4.1.8)
-      activesupport (>= 3.0, < 6.1)
-    delayed_job_active_record (4.1.4)
-      activerecord (>= 3.0, < 6.1)
+    delayed_job (4.1.9)
+      activesupport (>= 3.0, < 6.2)
+    delayed_job_active_record (4.1.5)
+      activerecord (>= 3.0, < 6.2)
       delayed_job (>= 3.0, < 5)
     delayed_job_web (1.4.3)
       activerecord (> 3.0.0)
       delayed_job (> 2.0.3)
       rack-protection (>= 1.5.5)
       sinatra (>= 1.4.4)
-    devise (3.5.10)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
+      railties (>= 4.1.0)
       responders
-      thread_safe (~> 0.1)
       warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
-    devise-token_authenticatable (0.4.10)
-      devise (>= 3.5.2, < 4.0.0)
-    diff-lcs (1.3)
+    devise-token_authenticatable (1.1.0)
+      devise (>= 4.0.0, < 5.0.0)
+    diff-lcs (1.4.4)
     docile (1.3.2)
+    domain_name (0.5.20190701)
+      unf (>= 0.0.5, < 1.0.0)
     dry-inflector (0.1.2)
     erubis (2.7.0)
     eventmachine (1.2.7)
-    excon (0.71.1)
+    excon (0.78.0)
     execjs (2.7.0)
-    factory_bot (4.10.0)
-      activesupport (>= 3.0.0)
-    factory_bot_rails (4.10.0)
-      factory_bot (~> 4.10.0)
-      railties (>= 3.0.0)
-    faraday (1.0.0)
+    factory_bot (5.2.0)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.2.0)
+      factory_bot (~> 5.2.0)
+      railties (>= 4.2.0)
+    faraday (1.0.1)
       multipart-post (>= 1.2, < 3)
-    ffaker (1.32.1)
-    ffi (1.12.2)
-    figaro (1.1.1)
-      thor (~> 0.14)
+    ffaker (2.11.0)
+    ffi (1.13.1)
+    figaro (1.2.0)
+      thor (>= 0.14.0, < 2)
     fission (0.5.0)
       CFPropertyList (~> 2.2)
     fog (1.41.0)
@@ -256,7 +263,8 @@ GEM
       fog-xml (~> 0.1.1)
       ipaddress (~> 0.5)
       json (>= 1.8, < 2.0)
-    fog-aliyun (0.3.5)
+    fog-aliyun (0.3.19)
+      aliyun-sdk (~> 0.8.0)
       fog-core
       fog-json
       ipaddress (~> 0.8)
@@ -302,7 +310,7 @@ GEM
       fog-core
       fog-json
       fog-xml
-    fog-internet-archive (0.0.1)
+    fog-internet-archive (0.0.2)
       fog-core
       fog-json
       fog-xml
@@ -359,7 +367,7 @@ GEM
     fog-voxel (0.1.0)
       fog-core
       fog-xml
-    fog-vsphere (3.2.1)
+    fog-vsphere (3.4.0)
       fog-core
       rbvmomi (>= 1.9, < 3)
     fog-xenserver (1.0.0)
@@ -369,8 +377,6 @@ GEM
     fog-xml (0.1.3)
       fog-core
       nokogiri (>= 1.5.11, < 2.0.0)
-    foreigner (1.7.4)
-      activerecord (>= 3.0.0)
     formatador (0.2.5)
     foundation-icons-sass-rails (3.0.0)
       railties (>= 3.1.1)
@@ -382,16 +388,22 @@ GEM
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
     geocoder (1.6.4)
-    get_process_mem (0.2.5)
+    get_process_mem (0.2.7)
       ffi (~> 1.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
     gmaps4rails (2.1.2)
-    haml (5.2.0)
+    haml (5.2.1)
       temple (>= 0.8.0)
       tilt
     hashdiff (1.0.1)
     highline (2.0.3)
     hike (1.2.3)
-    i18n (0.6.11)
+    http-accept (1.7.0)
+    http-cookie (1.0.3)
+      domain_name (~> 0.5)
+    i18n (0.9.5)
+      concurrent-ruby (~> 1.0)
     i18n-js (3.8.0)
       i18n (>= 0.6.6)
     immigrant (0.3.6)
@@ -399,8 +411,9 @@ GEM
     ipaddress (0.8.3)
     jaro_winkler (1.5.4)
     jquery-migrate-rails (1.2.1)
-    jquery-rails (3.1.5)
-      railties (>= 3.0, < 5.0)
+    jquery-rails (4.4.0)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (4.2.1)
       railties (>= 3.2.16)
@@ -415,13 +428,16 @@ GEM
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
     kgio (2.11.3)
-    knapsack (1.19.0)
+    knapsack (1.20.0)
       rake
     launchy (2.4.3)
       addressable (~> 2.3)
     letter_opener (1.7.0)
       launchy (~> 2.2)
     libv8 (7.3.492.27.1)
+    loofah (2.8.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     method_source (0.9.2)
@@ -432,15 +448,16 @@ GEM
     mini_portile2 (2.4.0)
     mini_racer (0.2.15)
       libv8 (> 7.3)
-    minitest (4.7.5)
-    money (5.1.1)
-      i18n (~> 0.6.0)
+    minitest (5.14.2)
+    money (5.0.0)
+      i18n (~> 0.4)
+      json
     msgpack (1.3.3)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    newrelic_rpm (3.18.1.330)
-    nokogiri (1.10.9)
+    netrc (0.11.0)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
@@ -449,7 +466,7 @@ GEM
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
     oj (3.10.8)
-    optimist (3.0.0)
+    optimist (3.0.1)
     orm_adapter (0.5.0)
     paper_trail (7.1.3)
       activerecord (>= 4.0, < 5.2)
@@ -479,7 +496,7 @@ GEM
       byebug (~> 11.0)
       pry (~> 0.10)
     public_suffix (4.0.6)
-    rack (1.5.5)
+    rack (1.6.13)
     rack-mini-profiler (2.0.2)
       rack (>= 1.2.0)
     rack-protection (1.5.5)
@@ -489,21 +506,32 @@ GEM
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.0.13)
-      actionmailer (= 4.0.13)
-      actionpack (= 4.0.13)
-      activerecord (= 4.0.13)
-      activesupport (= 4.0.13)
+    rails (4.2.11.3)
+      actionmailer (= 4.2.11.3)
+      actionpack (= 4.2.11.3)
+      actionview (= 4.2.11.3)
+      activejob (= 4.2.11.3)
+      activemodel (= 4.2.11.3)
+      activerecord (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.13)
-      sprockets-rails (~> 2.0)
-    rails-i18n (4.0.5)
-      i18n (~> 0.6)
+      railties (= 4.2.11.3)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.9)
+      activesupport (>= 4.2.0, < 5.0)
+      nokogiri (~> 1.6)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    rails-i18n (4.0.9)
+      i18n (~> 0.7)
       railties (~> 4.0)
     rails_safe_tasks (1.0.0)
-    railties (4.0.13)
-      actionpack (= 4.0.13)
-      activesupport (= 4.0.13)
+    railties (4.2.11.3)
+      actionpack (= 4.2.11.3)
+      activesupport (= 4.2.11.3)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (3.0.0)
@@ -514,52 +542,59 @@ GEM
       activerecord (>= 3.0, < 5.2)
       activesupport (>= 3.0, < 5.2)
       i18n
-    rb-fsevent (0.10.3)
+    rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rbvmomi (2.2.0)
+    rbvmomi (2.4.1)
       builder (~> 3.0)
       json (>= 1.8)
       nokogiri (~> 1.5)
       optimist (~> 3.0)
     redcarpet (3.5.0)
+    regexp_parser (1.8.2)
     request_store (1.5.0)
       rack (>= 1.4)
-    responders (1.1.2)
-      railties (>= 3.2, < 4.2)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
     rexml (3.2.4)
-    roadie (3.4.0)
+    roadie (3.5.1)
       css_parser (~> 1.4)
-      nokogiri (~> 1.5)
+      nokogiri (~> 1.8)
     roadie-rails (1.3.0)
       railties (>= 3.0, < 5.3)
       roadie (~> 3.1)
     roo (2.8.3)
       nokogiri (~> 1)
       rubyzip (>= 1.3.0, < 3.0.0)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.1)
-      rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.0)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.0)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-rails (3.9.1)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-      rspec-support (~> 3.9.0)
+      rspec-support (~> 3.10.0)
+    rspec-rails (4.0.1)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.9)
+      rspec-expectations (~> 3.9)
+      rspec-mocks (~> 3.9)
+      rspec-support (~> 3.9)
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
-    rspec-support (3.9.2)
+    rspec-support (3.10.0)
     rswag (2.3.1)
       rswag-api (= 2.3.1)
       rswag-specs (= 2.3.1)
@@ -601,8 +636,8 @@ GEM
     selenium-webdriver (3.142.7)
       childprocess (>= 0.5, < 4.0)
       rubyzip (>= 1.2.2)
-    shoulda-matchers (3.1.3)
-      activesupport (>= 4.0.0)
+    shoulda-matchers (4.0.1)
+      activesupport (>= 4.2.0)
     simplecov (0.17.1)
       docile (~> 1.1)
       json (>= 1.8, < 3)
@@ -612,7 +647,8 @@ GEM
       rack (~> 1.5)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
-    spring (1.7.2)
+    spring (2.0.2)
+      activesupport (>= 4.2)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
     sprockets (2.12.5)
@@ -624,20 +660,32 @@ GEM
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
-    state_machine (1.2.0)
-    stringex (1.5.1)
-    stripe (5.25.0)
+    state_machines (0.5.0)
+    state_machines-activemodel (0.7.1)
+      activemodel (>= 4.1)
+      state_machines (>= 0.5.0)
+    state_machines-activerecord (0.6.0)
+      activerecord (>= 4.1)
+      state_machines-activemodel (>= 0.5.0)
+    stringex (2.8.5)
+    stripe (5.28.0)
     temple (0.8.2)
     test-prof (0.7.5)
-    test-unit (3.3.6)
+    test-unit (3.3.7)
       power_assert
+    test_after_commit (1.2.2)
+      activerecord (>= 3.2, < 5.0)
     thor (0.20.3)
     thread_safe (0.3.6)
     tilt (1.4.1)
     timecop (0.9.2)
-    tzinfo (0.3.57)
+    tzinfo (1.2.8)
+      thread_safe (~> 0.1)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.7)
     unicode-display_width (1.7.0)
     unicorn (5.7.0)
       kgio (~> 2.6)
@@ -654,7 +702,7 @@ GEM
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.9.5)
+    webmock (3.10.0)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -665,8 +713,8 @@ GEM
     wkhtmltopdf-binary (0.12.5)
     xml-simple (1.1.5)
     xmlrpc (0.3.0)
-    xpath (2.1.0)
-      nokogiri (~> 1.3)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
 
 PLATFORMS
   ruby
@@ -679,7 +727,7 @@ DEPENDENCIES
   activerecord-postgresql-adapter
   activerecord-session_store
   acts-as-taggable-on (~> 4.0)
-  acts_as_list (= 0.3.0)
+  acts_as_list (= 0.9.19)
   andand
   angular-rails-templates (~> 0.3.0)
   angularjs-file-upload-rails (~> 2.4.1)
@@ -691,7 +739,7 @@ DEPENDENCIES
   bugsnag
   byebug (~> 11.0.0)
   cancan (~> 1.6.10)
-  capybara (>= 2.18.0)
+  capybara
   catalog!
   coffee-rails (~> 4.2.2)
   combine_pdf
@@ -705,15 +753,14 @@ DEPENDENCIES
   debugger-linecache
   delayed_job_active_record
   delayed_job_web
-  devise (~> 3.5.10)
+  devise
   devise-encryptable
-  devise-token_authenticatable (~> 0.4.10)
+  devise-token_authenticatable
   dfc_provider!
   eventmachine (>= 1.2.3)
-  factory_bot_rails (= 4.10.0)
-  ffaker (~> 1.16)
+  factory_bot_rails (= 5.2.0)
+  ffaker
   figaro
-  foreigner
   foundation-icons-sass-rails
   foundation-rails (= 5.5.2.1)
   fuubar (~> 2.5.0)
@@ -721,21 +768,20 @@ DEPENDENCIES
   gmaps4rails
   haml
   highline (= 2.0.3)
-  i18n (~> 0.6.11)
+  i18n
   i18n-js (~> 3.8.0)
   immigrant
   jquery-migrate-rails
-  jquery-rails (= 3.1.5)
+  jquery-rails (= 4.4.0)
   jquery-ui-rails (~> 4.2)
-  json (>= 1.7.7)
+  json
   json_spec (~> 1.1.4)
   jwt (~> 2.2)
   kaminari (~> 0.17.0)
   knapsack
   letter_opener (>= 1.4.1)
   mini_racer (= 0.2.15)
-  money (= 5.1.1)
-  newrelic_rpm (~> 3.0)
+  money (< 6.1.0)
   oauth2 (~> 1.4.4)
   ofn-qz!
   oj
@@ -749,11 +795,12 @@ DEPENDENCIES
   rack-mini-profiler (< 3.0.0)
   rack-rewrite
   rack-ssl
-  rails (~> 4.0.13)
-  rails-i18n (~> 4.0)
+  rails (~> 4.2)
+  rails-i18n
   rails_safe_tasks (~> 1.0)
   ransack (~> 1.8.10)
   redcarpet
+  responders (~> 2.0)
   roadie-rails (~> 1.3.0)
   roo (~> 2.8.3)
   rspec-rails (>= 3.5.2)
@@ -767,15 +814,15 @@ DEPENDENCIES
   selenium-webdriver
   shoulda-matchers
   simplecov
-  spree_i18n!
   spree_paypal_express!
   spring
   spring-commands-rspec
-  state_machine (= 1.2.0)
-  stringex (~> 1.5.1)
+  state_machines-activerecord
+  stringex (~> 2.8.5)
   stripe
   test-prof
   test-unit (~> 3.3)
+  test_after_commit
   timecop
   uglifier (>= 1.0.3)
   unicorn

Rakefile

@@ -1,4 +1,6 @@
 #!/usr/bin/env rake
+# frozen_string_literal: true
+
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 

app/assets/javascripts/admin/spree/base.js.erb

@@ -127,7 +127,16 @@ $(document).ready(function() {
         nextText: Spree.translations.next,
         showOn: "focus"
       });
-
+      
+       $.datepicker.regional[I18n.locale] = {
+          prevText: Spree.translations.previous,
+          nextText: Spree.translations.next,
+          monthNames: Spree.translations.month_names,
+          dayNames: Spree.translations.abbr_day_names,
+          dayNamesMin: Spree.translations.abbr_day_names,
+          dateFormat: Spree.translations.date_picker
+      };
+      $.datepicker.setDefaults( $.datepicker.regional[I18n.locale]);
       // Correctly display range dates
       $('.date-range-filter .datepicker-from').datepicker('option', 'onSelect', function(selectedDate) {
         $(".date-range-filter .datepicker-to" ).datepicker( "option", "minDate", selectedDate );

app/assets/javascripts/darkswarm/controllers/credit_cards_controller.js.coffee

@@ -1,7 +1,7 @@
 Darkswarm.controller "CreditCardsCtrl", ($scope, CreditCard, CreditCards) ->
   angular.extend(this, new FieldsetMixin($scope))
   $scope.savedCreditCards = CreditCards.saved
-  $scope.setDefault = CreditCards.setDefault
+  $scope.confirmSetDefault = CreditCards.confirmSetDefault
   $scope.CreditCard = CreditCard
   $scope.secrets = CreditCard.secrets
   $scope.showForm = CreditCard.show

app/assets/javascripts/darkswarm/controllers/order_cycle_controller.js.coffee

@@ -25,3 +25,6 @@ Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $rootScope, $timeout, Orde
     Cart.reloadFinalisedLineItems()
     ChangeableOrdersAlert.reload()
     $rootScope.$broadcast 'orderCycleSelected'
+
+  $scope.closesInLessThan3Months = () ->
+    moment().diff(moment(OrderCycle.orders_close_at(),  "YYYY-MM-DD HH:mm:SS Z"), 'days') > -75

app/assets/javascripts/darkswarm/directives/tabset_ctrl.js.coffee

@@ -5,15 +5,13 @@ Darkswarm.directive "tabsetCtrl", (Tabsets, $location) ->
     selected: "@"
     navigate: "="
     prefix: "@?"
-    alwaysopen: "="
   controller: ($scope, $element) ->
     if $scope.navigate
       path = $location.path()?.match(/^\/\w+$/)?[0]
       $scope.selected = path[1..] if path
 
     this.toggle = (name) ->
-      state = if $scope.alwaysopen then 'open' else null
-      Tabsets.toggle($scope.id, name, state)
+      Tabsets.toggle($scope.id, name)
 
     this.select = (selection) ->
       $scope.$broadcast("selection:changed", selection)

app/assets/javascripts/darkswarm/filters/localize_currency.js.coffee

@@ -6,7 +6,7 @@ Darkswarm.filter "localizeCurrency", (currencyConfig)->
     # Set decimal points, 2 or 0 if hide_cents.
     decimals = if currencyConfig.hide_cents == "true" then 0 else 2
     # Set format if the currency symbol should come after the number, otherwise (default) use the locale setting.
-    format = if currencyConfig.symbol_position == "after" then "%n %u" else undefined
+    format = if currencyConfig.symbol_position == "after" then "%n%u" else undefined
     # We need to use parseFloat as the amount should come in as a string.
     amount = parseFloat(amount)
 

app/assets/javascripts/darkswarm/services/cart.js.coffee

@@ -50,7 +50,7 @@ Darkswarm.factory 'Cart', (CurrentOrder, Variants, $timeout, $http, $modal, $roo
         @popQueue() if @update_enqueued
 
       .error (response, status)=>
-        Messages.flash({error: t('js.cart.add_to_cart_failed')})
+        Messages.flash({error: response.error})
         @update_running = false
 
     compareAndNotifyStockLevels: (stockLevels) =>

app/assets/javascripts/darkswarm/services/credit_cards.js.coffee

@@ -1,4 +1,4 @@
-Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages)->
+Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages, Customers)->
   new class CreditCard
     saved: $filter('orderBy')(savedCreditCards,'-is_default')
 
@@ -11,5 +11,13 @@ Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages)->
         othercard.is_default = false
       $http.put("/credit_cards/#{card.id}", is_default: true).then (data) ->
         Messages.success(t('js.default_card_updated'))
+        Customers.clearAllAllowCharges()
       , (response) ->
         Messages.flash(response.data.flash)
+
+    confirmSetDefault: (card, event) =>
+      if confirm t("js.default_card_voids_auth")
+        @setDefault(card)
+      else
+        event.preventDefault()
+        return false

app/assets/javascripts/darkswarm/services/customer.js.coffee

@@ -1,4 +1,4 @@
-angular.module("Darkswarm").factory 'Customer', ($resource, Messages) ->
+angular.module("Darkswarm").factory 'Customer', ($resource, $injector, Messages) ->
   Customer = $resource('/api/customers/:id/:action.json', {}, {
     'index':
       method: 'GET'
@@ -12,8 +12,21 @@ angular.module("Darkswarm").factory 'Customer', ($resource, Messages) ->
   })
 
   Customer.prototype.update = ->
+    if @allow_charges
+      Messages.loading(t('js.authorising'))
     @$update().then (response) =>
-      Messages.success(t('js.changes_saved'))
+      if response.gateway_recurring_payment_client_secret && $injector.has('stripePublishableKey')
+        Messages.clear()
+        stripe = Stripe($injector.get('stripePublishableKey'), { stripeAccount: response.gateway_shop_id })
+        stripe.confirmCardSetup(response.gateway_recurring_payment_client_secret).then (result) =>
+          if result.error
+            @allow_charges = false
+            @$update(allow_charges: false)
+            Messages.error(result.error.message)
+          else
+            Messages.success(t('js.changes_saved'))
+      else
+        Messages.success(t('js.changes_saved'))
     , (response) =>
       Messages.error(response.data.error)
 

app/assets/javascripts/darkswarm/services/customers.js.coffee

@@ -12,3 +12,7 @@ angular.module("Darkswarm").factory 'Customers', (Customer) ->
       for customer in customers
         @all.push customer
         @byID[customer.id] = customer
+
+    clearAllAllowCharges: () ->
+      for customer in @index()
+        customer.allow_charges = false

app/assets/javascripts/darkswarm/services/tabsets.js.coffee

@@ -7,12 +7,10 @@ Darkswarm.factory 'Tabsets', ->
         @tabsets.push { ctrl: ctrl, id: id, selected: selected }
         ctrl.select(selected) if selected?
 
-    toggle: (id, name, state=null) ->
+    toggle: (id, name) ->
       tabset = @findTabsetByObject(id)
-      if tabset.selected == name
-        @select(tabset, null) unless state == "open"
-      else
-        @select(tabset, name) unless state == "closed"
+      if tabset.selected != name
+        @select(tabset, name)
 
     select: (tabset, name) ->
       tabset.selected = name

app/assets/javascripts/templates/partials/hub_details.html.haml

@@ -14,8 +14,9 @@
             {{'hubs_delivery' | t}}
     .row
       .columns.small-12
-        %a.cta-hub{"ng-href" => "{{::enterprise.path}}", "ng-attr-target" => "{{ embedded_layout ? '_blank' : undefined}}",
+        %a.cta-hub{"ng-href" => "{{::enterprise.path}}#/shop", "ng-attr-target" => "{{ embedded_layout ? '_blank' : undefined}}",
         "ng-class" => "{primary: enterprise.active, secondary: !enterprise.active}",
+        "ng-click" => "$close()",
         "ofn-change-hub" => "enterprise"}
           .hub-name{"ng-bind" => "::enterprise.name"}
           %span{"ng-if" => "::enterprise.active"} ({{'maps_open' | t}})

app/assets/javascripts/templates/partials/producer_details.html.haml

@@ -12,8 +12,9 @@
     .row
       .columns.small-12
         %a.cta-hub{"ng-repeat" => "hub in enterprise.hubs | filter:{id: '!'+enterprise.id} | orderBy:'-active'",
-        "ng-href" => "{{::hub.path}}", "ofn-empties-cart" => "hub",
-        "ng-class" => "::{primary: hub.active, secondary: !hub.active}"}
+        "ng-href" => "{{::hub.path}}#/shop", "ofn-empties-cart" => "hub",
+        "ng-class" => "::{primary: hub.active, secondary: !hub.active}",
+        "ng-click" => "$close()"}
           .hub-name{"ng-bind" => "::hub.name"}
           %span{"ng-if" => "::hub.active"} ({{'maps_open' | t}})
           %span{"ng-if" => "::!hub.active"} ({{'maps_closed' | t}})

app/assets/stylesheets/darkswarm/_shop-product-rows.scss

@@ -59,6 +59,7 @@
 
         // Variant price
         .variant-price {
+          white-space: nowrap;
           @include breakpoint(phablet) {
             padding-left: 1rem;
           }

app/controllers/admin/column_preferences_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class ColumnPreferencesController < ResourceController
+  class ColumnPreferencesController < Admin::ResourceController
     before_action :load_collection, only: [:bulk_update]
 
     respond_to :json

app/controllers/admin/customers_controller.rb

@@ -1,7 +1,7 @@
 require 'open_food_network/address_finder'
 
 module Admin
-  class CustomersController < ResourceController
+  class CustomersController < Admin::ResourceController
     before_action :load_managed_shops, only: :index, if: :html_request?
     respond_to :json
 
@@ -42,7 +42,7 @@ module Admin
       end
     end
 
-    # copy of Spree::Admin::ResourceController without flash notice
+    # copy of Admin::ResourceController without flash notice
     def destroy
       invoke_callbacks(:destroy, :before)
       if @object.destroy
@@ -95,7 +95,7 @@ module Admin
       )
     end
 
-    # Used in ResourceController#update
+    # Used in Admin::ResourceController#update
     def permitted_resource_params
       customer_params
     end

app/controllers/admin/enterprise_fees_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseFeesController < ResourceController
+  class EnterpriseFeesController < Admin::ResourceController
     before_action :load_enterprise_fee_set, only: :index
     before_action :load_data
 

app/controllers/admin/enterprise_groups_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseGroupsController < ResourceController
+  class EnterpriseGroupsController < Admin::ResourceController
     before_action :load_data, except: :index
     before_action :load_object_data, only: [:new, :edit, :create, :update]
 

app/controllers/admin/enterprise_relationships_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseRelationshipsController < ResourceController
+  class EnterpriseRelationshipsController < Admin::ResourceController
     def index
       @my_enterprises = Enterprise.
         includes(:shipping_methods, :payment_methods).

app/controllers/admin/enterprise_roles_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseRolesController < ResourceController
+  class EnterpriseRolesController < Admin::ResourceController
     def index
       @enterprise_roles = EnterpriseRole.by_user_email
       @users = Spree::User.order('spree_users.email')

app/controllers/admin/enterprises_controller.rb

@@ -3,7 +3,7 @@ require 'open_food_network/permissions'
 require 'open_food_network/order_cycle_permissions'
 
 module Admin
-  class EnterprisesController < ResourceController
+  class EnterprisesController < Admin::ResourceController
     # These need to run before #load_resource so that @object is initialised with sanitised values
     prepend_before_action :override_owner, only: :create
     prepend_before_action :override_sells, only: :create
@@ -81,14 +81,14 @@ module Admin
     end
 
     def bulk_update
-      @enterprise_set = EnterpriseSet.new(collection, params[:enterprise_set])
+      @enterprise_set = EnterpriseSet.new(collection, bulk_params)
       if @enterprise_set.save
         flash[:success] = I18n.t(:enterprise_bulk_update_success_notice)
 
         redirect_to main_app.admin_enterprises_path
       else
         touched_enterprises = @enterprise_set.collection.select(&:changed?)
-        @enterprise_set.collection.select! { |e| touched_enterprises.include? e }
+        @enterprise_set.collection.to_a.select! { |e| touched_enterprises.include? e }
         flash[:error] = I18n.t(:enterprise_bulk_update_error)
         render :index
       end
@@ -214,7 +214,8 @@ module Admin
           rule = @object.tag_rules.find_by(id: attrs.delete(:id)) ||
                  attrs[:type].constantize.new(enterprise: @object)
           create_calculator_for(rule, attrs) if rule.type == "TagRule::DiscountOrder" && rule.calculator.nil?
-          rule.update(attrs)
+
+          rule.update(attrs.permit(PermittedAttributes::TagRules.attributes))
         end
       end
     end
@@ -319,7 +320,13 @@ module Admin
       PermittedAttributes::Enterprise.new(params).call
     end
 
-    # Used in ResourceController#create
+    def bulk_params
+      params.require(:enterprise_set).permit(
+        collection_attributes: PermittedAttributes::Enterprise.attributes
+      )
+    end
+
+    # Used in Admin::ResourceController#create
     def permitted_resource_params
       enterprise_params
     end

app/controllers/admin/inventory_items_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class InventoryItemsController < ResourceController
+  class InventoryItemsController < Admin::ResourceController
     respond_to :json
 
     respond_override update: { json: {

app/controllers/admin/order_cycles_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class OrderCyclesController < ResourceController
+  class OrderCyclesController < Admin::ResourceController
     include OrderCyclesHelper
     include PaperTrailLogging
 
@@ -91,7 +91,7 @@ module Admin
 
     # Send notifications to all producers who are part of the order cycle
     def notify_producers
-      Delayed::Job.enqueue OrderCycleNotificationJob.new(params[:id].to_i)
+      OrderCycleNotificationJob.perform_later params[:id].to_i
 
       redirect_to main_app.admin_order_cycles_path,
                   notice: I18n.t(:order_cycles_email_to_producers_notice)

app/controllers/admin/producer_properties_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class ProducerPropertiesController < ResourceController
+  class ProducerPropertiesController < Admin::ResourceController
     before_action :load_enterprise
     before_action :load_properties
     before_action :setup_property, only: [:index]

app/controllers/admin/proxy_orders_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class ProxyOrdersController < ResourceController
+  class ProxyOrdersController < Admin::ResourceController
     respond_to :json
 
     def edit

app/controllers/admin/resource_controller.rb

@@ -1,41 +1,303 @@
+require 'action_callbacks'
+
 module Admin
-  class ResourceController < Spree::Admin::ResourceController
+  class ResourceController < Spree::Admin::BaseController
+    helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
+    before_action :load_resource, except: [:update_positions]
+    rescue_from ActiveRecord::RecordNotFound, with: :resource_not_found
+    rescue_from CanCan::AccessDenied, with: :unauthorized
+
+    respond_to :html
+    respond_to :js, except: [:show, :index]
+
+    def new
+      invoke_callbacks(:new_action, :before)
+      respond_with(@object) do |format|
+        format.html { render layout: !request.xhr? }
+        format.js   { render layout: false }
+      end
+    end
+
+    def edit
+      respond_with(@object) do |format|
+        format.html { render layout: !request.xhr? }
+        format.js   { render layout: false }
+      end
+    end
+
+    def update
+      invoke_callbacks(:update, :before)
+      if @object.update(permitted_resource_params)
+        invoke_callbacks(:update, :after)
+        flash[:success] = flash_message_for(@object, :successfully_updated)
+        respond_with(@object) do |format|
+          format.html { redirect_to location_after_save }
+          format.js   { render layout: false }
+        end
+      else
+        invoke_callbacks(:update, :fails)
+        respond_with(@object)
+      end
+    end
+
+    def create
+      invoke_callbacks(:create, :before)
+      @object.attributes = permitted_resource_params
+      if @object.save
+        invoke_callbacks(:create, :after)
+        flash[:success] = flash_message_for(@object, :successfully_created)
+        respond_with(@object) do |format|
+          format.html { redirect_to location_after_save }
+          format.js   { render layout: false }
+        end
+      else
+        invoke_callbacks(:create, :fails)
+        respond_with(@object)
+      end
+    end
+
+    def update_positions
+      params[:positions].each do |id, index|
+        model_class.where(id: id).update_all(position: index)
+      end
+
+      respond_to do |format|
+        format.js { render text: 'Ok' }
+      end
+    end
+
+    def destroy
+      invoke_callbacks(:destroy, :before)
+      if @object.destroy
+        invoke_callbacks(:destroy, :after)
+        flash[:success] = flash_message_for(@object, :successfully_removed)
+        respond_with(@object) do |format|
+          format.html { redirect_to collection_url }
+          format.js   { render partial: "spree/admin/shared/destroy" }
+        end
+      else
+        invoke_callbacks(:destroy, :fails)
+        respond_with(@object) do |format|
+          format.html { redirect_to collection_url }
+        end
+      end
+    end
+
+    protected
+
+    def resource_not_found
+      flash[:error] = flash_message_for(model_class.new, :not_found)
+      redirect_to collection_url
+    end
+
+    class << self
+      attr_accessor :parent_data
+      attr_accessor :callbacks
+
+      def belongs_to(model_name, options = {})
+        @parent_data ||= {}
+        @parent_data[:model_name] = model_name
+        @parent_data[:model_class] = model_name.to_s.classify.constantize
+        @parent_data[:find_by] = options[:find_by] || :id
+      end
+
+      def new_action
+        @callbacks ||= {}
+        @callbacks[:new_action] ||= ActionCallbacks.new
+      end
+
+      def create
+        @callbacks ||= {}
+        @callbacks[:create] ||= ActionCallbacks.new
+      end
+
+      def update
+        @callbacks ||= {}
+        @callbacks[:update] ||= ActionCallbacks.new
+      end
+
+      def destroy
+        @callbacks ||= {}
+        @callbacks[:destroy] ||= ActionCallbacks.new
+      end
+    end
+
     def model_class
-      controller_name.classify.to_s.constantize
+      controller_class_name.constantize
+    end
+
+    def model_name
+      parent_data[:model_name].gsub('spree/', '')
+    end
+
+    def object_name
+      controller_name.singularize
+    end
+
+    def load_resource
+      if member_action?
+        @object ||= load_resource_instance
+
+        # call authorize! a third time (called twice already in Admin::BaseController)
+        # this time we pass the actual instance so fine-grained abilities can control
+        # access to individual records, not just entire models.
+        authorize! action, @object
+
+        instance_variable_set("@#{object_name}", @object)
+
+        # If we don't have access, clear the object
+        unless can? action, @object
+          instance_variable_set("@#{object_name}", nil)
+        end
+
+        authorize! action, @object
+      else
+        @collection ||= collection
+
+        # note: we don't call authorize here as the collection method should use
+        # CanCan's accessible_by method to restrict the actual records returned
+
+        instance_variable_set("@#{controller_name}", @collection)
+      end
+    end
+
+    def load_resource_instance
+      if new_actions.include?(action)
+        build_resource
+      elsif params[:id]
+        find_resource
+      end
+    end
+
+    def parent_data
+      self.class.parent_data
+    end
+
+    def parent
+      return nil if parent_data.blank?
+
+      @parent ||= parent_data[:model_class].
+        public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
+      instance_variable_set("@#{model_name}", @parent)
+    end
+
+    def find_resource
+      if parent_data.present?
+        parent.public_send(controller_name).find(params[:id])
+      else
+        model_class.find(params[:id])
+      end
+    end
+
+    def build_resource
+      if parent_data.present?
+        parent.public_send(controller_name).build
+      else
+        model_class.new
+      end
+    end
+
+    def collection
+      return parent.public_send(controller_name) if parent_data.present?
+
+      if model_class.respond_to?(:accessible_by) &&
+         !current_ability.has_block?(params[:action], model_class)
+        model_class.accessible_by(current_ability, action)
+      else
+        model_class.scoped
+      end
+    end
+
+    def location_after_save
+      collection_url
+    end
+
+    def invoke_callbacks(action, callback_type)
+      callbacks = self.class.callbacks || {}
+      return if callbacks[action].nil?
+
+      case callback_type.to_sym
+      when :before then callbacks[action].before_methods.each { |method| __send__ method }
+      when :after  then callbacks[action].after_methods.each  { |method| __send__ method }
+      when :fails  then callbacks[action].fails_methods.each  { |method| __send__ method }
+      end
     end
 
     # URL helpers
     def new_object_url(options = {})
       if parent_data.present?
-        main_app.new_polymorphic_url([:admin, parent, model_class], options)
+        url_helper.new_polymorphic_url([:admin, parent, model_class], options)
       else
-        main_app.new_polymorphic_url([:admin, model_class], options)
+        url_helper.new_polymorphic_url([:admin, model_class], options)
       end
     end
 
     def edit_object_url(object, options = {})
       if parent_data.present?
-        main_app.public_send "edit_admin_#{model_name}_#{object_name}_url", parent, object, options
+        url_helper.public_send "edit_admin_#{model_name}_#{object_name}_url",
+                               parent, object, options
       else
-        main_app.public_send "edit_admin_#{object_name}_url", object, options
+        url_helper.public_send "edit_admin_#{object_name}_url",
+                               object, options
       end
     end
 
     def object_url(object = nil, options = {})
       target = object || @object
       if parent_data.present?
-        main_app.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
+        url_helper.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
       else
-        main_app.public_send "admin_#{object_name}_url", target, options
+        url_helper.public_send "admin_#{object_name}_url", target, options
       end
     end
 
+    # Permit specific list of params
+    #
+    # Example: params.require(object_name).permit(:name)
+    def permitted_resource_params
+      raise "All extending controllers need to override the method permitted_resource_params"
+    end
+
     def collection_url(options = {})
       if parent_data.present?
-        main_app.polymorphic_url([:admin, parent, model_class], options)
+        url_helper.polymorphic_url([:admin, parent, model_class], options)
       else
-        main_app.polymorphic_url([:admin, model_class], options)
+        url_helper.polymorphic_url([:admin, model_class], options)
       end
     end
+
+    def collection_actions
+      [:index]
+    end
+
+    def member_action?
+      !collection_actions.include? action
+    end
+
+    def new_actions
+      [:new, :create]
+    end
+
+    private
+
+    def controller_class_name
+      if spree_controller?
+        "Spree::#{controller_name.classify}"
+      else
+        controller_name.classify.to_s
+      end
+    end
+
+    def url_helper
+      if spree_controller?
+        spree
+      else
+        main_app
+      end
+    end
+
+    def spree_controller?
+      controller_path.starts_with? "spree"
+    end
   end
 end

app/controllers/admin/schedules_controller.rb

@@ -2,7 +2,7 @@ require 'open_food_network/permissions'
 require 'order_management/subscriptions/proxy_order_syncer'
 
 module Admin
-  class SchedulesController < ResourceController
+  class SchedulesController < Admin::ResourceController
     include PaperTrailLogging
 
     before_action :adapt_params, only: [:update]

app/controllers/admin/subscription_line_items_controller.rb

@@ -3,7 +3,7 @@ require 'open_food_network/order_cycle_permissions'
 require 'open_food_network/scope_variant_to_hub'
 
 module Admin
-  class SubscriptionLineItemsController < ResourceController
+  class SubscriptionLineItemsController < Admin::ResourceController
     before_action :load_build_context, only: [:build]
     before_action :ensure_shop, only: [:build]
     before_action :ensure_variant, only: [:build]

app/controllers/admin/subscriptions_controller.rb

@@ -1,7 +1,7 @@
 require 'open_food_network/permissions'
 
 module Admin
-  class SubscriptionsController < ResourceController
+  class SubscriptionsController < Admin::ResourceController
     before_action :load_shops, only: [:index]
     before_action :load_form_data, only: [:new, :edit]
     before_action :strip_banned_attrs, only: [:update]

app/controllers/admin/tag_rules_controller.rb

@@ -1,5 +1,5 @@
 module Admin
-  class TagRulesController < ResourceController
+  class TagRulesController < Admin::ResourceController
     respond_to :json
 
     respond_override destroy: { json: {

app/controllers/admin/variant_overrides_controller.rb

@@ -1,7 +1,7 @@
 require 'open_food_network/spree_api_key_loader'
 
 module Admin
-  class VariantOverridesController < ResourceController
+  class VariantOverridesController < Admin::ResourceController
     include OpenFoodNetwork::SpreeApiKeyLoader
     include EnterprisesHelper
 

app/controllers/api/base_controller.rb

@@ -5,11 +5,11 @@ require "spree/core/controller_helpers/ssl"
 module Api
   class BaseController < ActionController::Metal
     include ActionController::StrongParameters
+    include ActionController::RespondWith
     include Spree::Api::ControllerSetup
     include Spree::Core::ControllerHelpers::SSL
     include ::ActionController::Head
-
-    respond_to :json
+    include ::ActionController::ConditionalGet
 
     attr_accessor :current_api_user
 
@@ -73,7 +73,7 @@ module Api
     end
 
     def error_during_processing(exception)
-      render(text: { exception: exception.message }.to_json,
+      render(json: { exception: exception.message },
              status: :unprocessable_entity) && return
     end
 

app/controllers/api/customers_controller.rb

@@ -11,13 +11,25 @@ module Api
       @customer = Customer.find(params[:id])
       authorize! :update, @customer
 
+      client_secret = RecurringPayments.setup_for(@customer) if params[:customer][:allow_charges]
+
       if @customer.update(customer_params)
+        add_recurring_payment_info(client_secret)
         render json: @customer, serializer: CustomerSerializer, status: :ok
       else
         invalid_resource!(@customer)
       end
     end
 
+    private
+
+    def add_recurring_payment_info(client_secret)
+      return unless client_secret
+
+      @customer.gateway_recurring_payment_client_secret = client_secret
+      @customer.gateway_shop_id = @customer.enterprise.stripe_account&.stripe_user_id
+    end
+
     def customer_params
       params.require(:customer).permit(:code, :email, :enterprise_id, :allow_charges)
     end

app/controllers/api/enterprises_controller.rb

@@ -15,7 +15,7 @@ module Api
       @enterprise = Enterprise.new(enterprise_params)
       if @enterprise.save
         @enterprise.user_ids = user_ids
-        render text: @enterprise.id, status: :created
+        render json: @enterprise.id, status: :created
       else
         invalid_resource!(@enterprise)
       end
@@ -26,7 +26,7 @@ module Api
       authorize! :update, @enterprise
 
       if @enterprise.update(enterprise_params)
-        render text: @enterprise.id, status: :ok
+        render json: @enterprise.id, status: :ok
       else
         invalid_resource!(@enterprise)
       end

app/controllers/api/order_cycles_controller.rb

@@ -20,7 +20,7 @@ module Api
         search_params
       ).products_json
 
-      render json: products
+      render plain: products, content_type: "application/json"
     rescue ProductsRenderer::NoProducts
       render_no_products
     end
@@ -31,13 +31,15 @@ module Api
         where(spree_products: { id: distributed_products }).
         select('DISTINCT spree_taxons.*')
 
-      render json: ActiveModel::ArraySerializer.new(taxons, each_serializer: Api::TaxonSerializer)
+      render plain: ActiveModel::ArraySerializer.new(
+        taxons, each_serializer: Api::TaxonSerializer
+      ).to_json, content_type: "application/json"
     end
 
     def properties
-      render json: ActiveModel::ArraySerializer.new(
+      render plain: ActiveModel::ArraySerializer.new(
         product_properties | producer_properties, each_serializer: Api::PropertySerializer
-      )
+      ).to_json, content_type: "application/json"
     end
 
     private

app/controllers/api/products_controller.rb

@@ -145,7 +145,7 @@ module Api
     end
 
     def query_params_with_defaults
-      params[:q].to_h.reverse_merge(s: 'created_at desc')
+      (params[:q] || {}).reverse_merge(s: 'created_at desc')
     end
 
     def pagination_data(results)

app/controllers/application_controller.rb

@@ -1,7 +1,13 @@
+# frozen_string_literal: true
+
+require "application_responder"
 require 'open_food_network/referer_parser'
 require_dependency 'spree/authentication_helpers'
 
 class ApplicationController < ActionController::Base
+  self.responder = ApplicationResponder
+  respond_to :html
+
   protect_from_forgery
 
   prepend_before_action :restrict_iframes
@@ -10,6 +16,12 @@ class ApplicationController < ActionController::Base
   include EnterprisesHelper
   include Spree::AuthenticationHelpers
 
+  # Helper for debugging strong_parameters
+  rescue_from ActiveModel::ForbiddenAttributesError, with: :print_params
+  def print_params
+    raise ActiveModel::ForbiddenAttributesError, params.to_s
+  end
+
   def redirect_to(options = {}, response_status = {})
     ::Rails.logger.error("Redirected by #{begin
                                             caller(1).first

app/controllers/cart_controller.rb

@@ -1,5 +1,3 @@
-require 'spree/core/controller_helpers/order'
-
 class CartController < BaseController
   before_action :check_authorization
 
@@ -13,7 +11,8 @@ class CartController < BaseController
     Spree::Adjustment.without_callbacks do
       cart_service = CartService.new(order)
 
-      if cart_service.populate(params.slice(:products, :variants, :quantity), true)
+      cart_service.populate(params.slice(:products, :variants, :quantity), true)
+      if cart_service.valid?
         order.update_distribution_charge!
         order.cap_quantity_at_stock!
         order.update!
@@ -24,7 +23,8 @@ class CartController < BaseController
                        stock_levels: VariantsStockLevels.new.call(order, variant_ids) },
                status: :ok
       else
-        render json: { error: true }, status: :precondition_failed
+        render json: { error: cart_service.errors.full_messages.join(",") },
+               status: :precondition_failed
       end
     end
     populate_variant_attributes

app/controllers/enterprises_controller.rb

@@ -6,6 +6,8 @@ class EnterprisesController < BaseController
   include OrderCyclesHelper
   include SerializerHelper
 
+  protect_from_forgery except: :check_permalink
+
   # These prepended filters are in the reverse order of execution
   prepend_before_action :set_order_cycles, :require_distributor_chosen, :reset_order, only: :shop
 

app/controllers/spree/admin/adjustments_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class AdjustmentsController < ResourceController
+    class AdjustmentsController < ::Admin::ResourceController
       belongs_to 'spree/order', find_by: :number
       destroy.after :reload_order
 

app/controllers/spree/admin/countries_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class CountriesController < ResourceController
+    class CountriesController < ::Admin::ResourceController
       protected
 
       def permitted_resource_params

app/controllers/spree/admin/images_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ImagesController < ResourceController
+    class ImagesController < ::Admin::ResourceController
       # This will make resource controller redirect correctly after deleting product images.
       # This can be removed after upgrading to Spree 2.1.
       # See here https://github.com/spree/spree/commit/334a011d2b8e16355e4ae77ae07cd93f7cbc8fd1

app/controllers/spree/admin/orders_controller.rb

@@ -43,7 +43,7 @@ module Spree
       end
 
       def update
-        unless @order.update(order_params) && @order.line_items.present?
+        unless order_params.present? && @order.update(order_params) && @order.line_items.present?
           if @order.line_items.empty?
             @order.errors.add(:line_items, Spree.t('errors.messages.blank'))
           end

app/controllers/spree/admin/payment_methods_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class PaymentMethodsController < ResourceController
+    class PaymentMethodsController < ::Admin::ResourceController
       skip_before_action :load_resource, only: [:create, :show_provider_preferences]
       before_action :load_data
       before_action :validate_payment_method_provider, only: [:create]
@@ -51,7 +51,7 @@ module Spree
       end
 
       # Only show payment methods that user has access to and sort by distributor name
-      # ! Redundant code copied from Spree::Admin::ResourceController with modifications marked
+      # ! Redundant code copied from Admin::ResourceController with modifications marked
       def collection
         return parent.public_send(controller_name) if parent_data.present?
 

app/controllers/spree/admin/payments_controller.rb

@@ -135,7 +135,9 @@ module Spree
         return unless @payment.payment_method.class == Spree::Gateway::StripeSCA
 
         @payment.authorize!
-        raise Spree::Core::GatewayError, I18n.t('authorization_failure') unless @payment.pending?
+        return if @payment.pending? && @payment.cvv_response_message.nil?
+
+        raise Spree::Core::GatewayError, I18n.t('authorization_failure')
       end
     end
   end

app/controllers/spree/admin/product_properties_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ProductPropertiesController < ResourceController
+    class ProductPropertiesController < ::Admin::ResourceController
       belongs_to 'spree/product', find_by: :permalink
       before_action :find_properties
       before_action :setup_property, only: [:index]

app/controllers/spree/admin/products_controller.rb

@@ -4,7 +4,7 @@ require 'open_food_network/permissions'
 
 module Spree
   module Admin
-    class ProductsController < ResourceController
+    class ProductsController < ::Admin::ResourceController
       helper 'spree/products'
       include OpenFoodNetwork::SpreeApiKeyLoader
       include OrderCyclesHelper
@@ -179,7 +179,7 @@ module Spree
       end
 
       def bulk_index_query(params)
-        params[:filters].to_h.merge(page: params[:page], per_page: params[:per_page])
+        (params[:filters] || {}).merge(page: params[:page], per_page: params[:per_page])
       end
 
       def load_form_data

app/controllers/spree/admin/properties_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class PropertiesController < ResourceController
+    class PropertiesController < ::Admin::ResourceController
       def permitted_resource_params
         params.require(:property).permit(:name, :presentation)
       end

app/controllers/spree/admin/resource_controller.rb

@@ -1,282 +0,0 @@
-require 'action_callbacks'
-
-module Spree
-  module Admin
-    class ResourceController < Spree::Admin::BaseController
-      helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
-      before_action :load_resource, except: [:update_positions]
-      rescue_from ActiveRecord::RecordNotFound, with: :resource_not_found
-      rescue_from CanCan::AccessDenied, with: :unauthorized
-
-      respond_to :html
-      respond_to :js, except: [:show, :index]
-
-      def new
-        invoke_callbacks(:new_action, :before)
-        respond_with(@object) do |format|
-          format.html { render layout: !request.xhr? }
-          format.js   { render layout: false }
-        end
-      end
-
-      def edit
-        respond_with(@object) do |format|
-          format.html { render layout: !request.xhr? }
-          format.js   { render layout: false }
-        end
-      end
-
-      def update
-        invoke_callbacks(:update, :before)
-        if @object.update(permitted_resource_params)
-          invoke_callbacks(:update, :after)
-          flash[:success] = flash_message_for(@object, :successfully_updated)
-          respond_with(@object) do |format|
-            format.html { redirect_to location_after_save }
-            format.js   { render layout: false }
-          end
-        else
-          invoke_callbacks(:update, :fails)
-          respond_with(@object)
-        end
-      end
-
-      def create
-        invoke_callbacks(:create, :before)
-        @object.attributes = permitted_resource_params
-        if @object.save
-          invoke_callbacks(:create, :after)
-          flash[:success] = flash_message_for(@object, :successfully_created)
-          respond_with(@object) do |format|
-            format.html { redirect_to location_after_save }
-            format.js   { render layout: false }
-          end
-        else
-          invoke_callbacks(:create, :fails)
-          respond_with(@object)
-        end
-      end
-
-      def update_positions
-        params[:positions].each do |id, index|
-          model_class.where(id: id).update_all(position: index)
-        end
-
-        respond_to do |format|
-          format.js { render text: 'Ok' }
-        end
-      end
-
-      def destroy
-        invoke_callbacks(:destroy, :before)
-        if @object.destroy
-          invoke_callbacks(:destroy, :after)
-          flash[:success] = flash_message_for(@object, :successfully_removed)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-            format.js   { render partial: "spree/admin/shared/destroy" }
-          end
-        else
-          invoke_callbacks(:destroy, :fails)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-          end
-        end
-      end
-
-      protected
-
-      def resource_not_found
-        flash[:error] = flash_message_for(model_class.new, :not_found)
-        redirect_to collection_url
-      end
-
-      class << self
-        attr_accessor :parent_data
-        attr_accessor :callbacks
-
-        def belongs_to(model_name, options = {})
-          @parent_data ||= {}
-          @parent_data[:model_name] = model_name
-          @parent_data[:model_class] = model_name.to_s.classify.constantize
-          @parent_data[:find_by] = options[:find_by] || :id
-        end
-
-        def new_action
-          @callbacks ||= {}
-          @callbacks[:new_action] ||= ActionCallbacks.new
-        end
-
-        def create
-          @callbacks ||= {}
-          @callbacks[:create] ||= ActionCallbacks.new
-        end
-
-        def update
-          @callbacks ||= {}
-          @callbacks[:update] ||= ActionCallbacks.new
-        end
-
-        def destroy
-          @callbacks ||= {}
-          @callbacks[:destroy] ||= ActionCallbacks.new
-        end
-      end
-
-      def model_class
-        "Spree::#{controller_name.classify}".constantize
-      end
-
-      def model_name
-        parent_data[:model_name].gsub('spree/', '')
-      end
-
-      def object_name
-        controller_name.singularize
-      end
-
-      def load_resource
-        if member_action?
-          @object ||= load_resource_instance
-
-          # call authorize! a third time (called twice already in Admin::BaseController)
-          # this time we pass the actual instance so fine-grained abilities can control
-          # access to individual records, not just entire models.
-          authorize! action, @object
-
-          instance_variable_set("@#{object_name}", @object)
-
-          # If we don't have access, clear the object
-          unless can? action, @object
-            instance_variable_set("@#{object_name}", nil)
-          end
-
-          authorize! action, @object
-        else
-          @collection ||= collection
-
-          # note: we don't call authorize here as the collection method should use
-          # CanCan's accessible_by method to restrict the actual records returned
-
-          instance_variable_set("@#{controller_name}", @collection)
-        end
-      end
-
-      def load_resource_instance
-        if new_actions.include?(action)
-          build_resource
-        elsif params[:id]
-          find_resource
-        end
-      end
-
-      def parent_data
-        self.class.parent_data
-      end
-
-      def parent
-        return nil if parent_data.blank?
-
-        @parent ||= parent_data[:model_class].
-          public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
-        instance_variable_set("@#{model_name}", @parent)
-      end
-
-      def find_resource
-        if parent_data.present?
-          parent.public_send(controller_name).find(params[:id])
-        else
-          model_class.find(params[:id])
-        end
-      end
-
-      def build_resource
-        if parent_data.present?
-          parent.public_send(controller_name).build
-        else
-          model_class.new
-        end
-      end
-
-      def collection
-        return parent.public_send(controller_name) if parent_data.present?
-
-        if model_class.respond_to?(:accessible_by) &&
-           !current_ability.has_block?(params[:action], model_class)
-          model_class.accessible_by(current_ability, action)
-        else
-          model_class.scoped
-        end
-      end
-
-      def location_after_save
-        collection_url
-      end
-
-      def invoke_callbacks(action, callback_type)
-        callbacks = self.class.callbacks || {}
-        return if callbacks[action].nil?
-
-        case callback_type.to_sym
-        when :before then callbacks[action].before_methods.each { |method| __send__ method }
-        when :after  then callbacks[action].after_methods.each  { |method| __send__ method }
-        when :fails  then callbacks[action].fails_methods.each  { |method| __send__ method }
-        end
-      end
-
-      # URL helpers
-
-      def new_object_url(options = {})
-        if parent_data.present?
-          spree.new_polymorphic_url([:admin, parent, model_class], options)
-        else
-          spree.new_polymorphic_url([:admin, model_class], options)
-        end
-      end
-
-      def edit_object_url(object, options = {})
-        if parent_data.present?
-          spree.public_send "edit_admin_#{model_name}_#{object_name}_url", parent, object, options
-        else
-          spree.public_send "edit_admin_#{object_name}_url", object, options
-        end
-      end
-
-      def object_url(object = nil, options = {})
-        target = object || @object
-        if parent_data.present?
-          spree.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
-        else
-          spree.public_send "admin_#{object_name}_url", target, options
-        end
-      end
-
-      # Permit specific list of params
-      #
-      # Example: params.require(object_name).permit(:name)
-      def permitted_resource_params
-        raise "All extending controllers need to override the method permitted_resource_params"
-      end
-
-      def collection_url(options = {})
-        if parent_data.present?
-          spree.polymorphic_url([:admin, parent, model_class], options)
-        else
-          spree.polymorphic_url([:admin, model_class], options)
-        end
-      end
-
-      def collection_actions
-        [:index]
-      end
-
-      def member_action?
-        !collection_actions.include? action
-      end
-
-      def new_actions
-        [:new, :create]
-      end
-    end
-  end
-end

app/controllers/spree/admin/return_authorizations_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ReturnAuthorizationsController < ResourceController
+    class ReturnAuthorizationsController < ::Admin::ResourceController
       belongs_to 'spree/order', find_by: :number
 
       update.after :associate_inventory_units

app/controllers/spree/admin/shipping_categories_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ShippingCategoriesController < ResourceController
+    class ShippingCategoriesController < ::Admin::ResourceController
       protected
 
       def permitted_resource_params

app/controllers/spree/admin/shipping_methods_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ShippingMethodsController < ResourceController
+    class ShippingMethodsController < ::Admin::ResourceController
       before_action :load_data, except: [:index]
       before_action :set_shipping_category, only: [:create, :update]
       before_action :set_zones, only: [:create, :update]

app/controllers/spree/admin/states_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class StatesController < ResourceController
+    class StatesController < ::Admin::ResourceController
       belongs_to 'spree/country'
       before_action :load_data
 

app/controllers/spree/admin/tax_categories_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class TaxCategoriesController < ResourceController
+    class TaxCategoriesController < ::Admin::ResourceController
       def destroy
         if @object.destroy
           flash[:success] = flash_message_for(@object, :successfully_removed)

app/controllers/spree/admin/tax_rates_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class TaxRatesController < ResourceController
+    class TaxRatesController < ::Admin::ResourceController
       before_action :load_data
 
       private

app/controllers/spree/admin/taxonomies_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class TaxonomiesController < ResourceController
+    class TaxonomiesController < ::Admin::ResourceController
       respond_to :json, only: [:get_children]
 
       def get_children

app/controllers/spree/admin/users_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class UsersController < ResourceController
+    class UsersController < ::Admin::ResourceController
       rescue_from Spree::User::DestroyWithOrdersError, with: :user_destroy_with_orders_error
 
       after_action :sign_in_if_change_own_password, only: :update
@@ -100,7 +100,7 @@ module Spree
 
       private
 
-      # handling raise from Spree::Admin::ResourceController#destroy
+      # handling raise from Admin::ResourceController#destroy
       def user_destroy_with_orders_error
         invoke_callbacks(:destroy, :fails)
         render status: :forbidden, text: Spree.t(:error_user_destroy_with_orders)

app/controllers/spree/admin/variants_controller.rb

@@ -2,7 +2,7 @@ require 'open_food_network/scope_variants_for_search'
 
 module Spree
   module Admin
-    class VariantsController < ResourceController
+    class VariantsController < ::Admin::ResourceController
       helper 'spree/products'
 
       belongs_to 'spree/product', find_by: :permalink
@@ -23,7 +23,9 @@ module Spree
           flash[:success] = flash_message_for(@object, :successfully_updated)
           redirect_to spree.admin_product_variants_url(params[:product_id], @url_filters)
         else
-          redirect_to spree.edit_admin_product_variant_url(params[:product_id], @object, @url_filters)
+          redirect_to spree.edit_admin_product_variant_url(params[:product_id],
+                                                           @object,
+                                                           @url_filters)
         end
       end
 

app/controllers/spree/admin/zones_controller.rb

@@ -1,6 +1,6 @@
 module Spree
   module Admin
-    class ZonesController < ResourceController
+    class ZonesController < ::Admin::ResourceController
       before_action :load_data, except: [:index]
 
       def new

app/controllers/spree/credit_cards_controller.rb

@@ -1,3 +1,5 @@
+require 'stripe/credit_card_clone_destroyer'
+
 module Spree
   class CreditCardsController < BaseController
     def new_from_token
@@ -27,6 +29,7 @@ module Spree
       authorize! :update, @credit_card
 
       if @credit_card.update(credit_card_params)
+        remove_shop_authorizations if credit_card_params["is_default"]
         render json: @credit_card, serializer: ::Api::CreditCardSerializer, status: :ok
       else
         update_failed
@@ -44,6 +47,7 @@ module Spree
 
       # Using try because we may not have a card here
       if @credit_card.try(:destroy)
+        remove_shop_authorizations if @credit_card.is_default
         flash[:success] = I18n.t(:card_has_been_removed, number: "x-#{@credit_card.last_digits}")
       else
         flash[:error] = I18n.t(:card_could_not_be_removed)
@@ -56,18 +60,16 @@ module Spree
 
     private
 
-    # It destroys the whole customer object
-    def destroy_at_stripe
-      stripe_customer = Stripe::Customer.retrieve(@credit_card.gateway_customer_profile_id, {})
-
-      stripe_customer&.delete
+    def remove_shop_authorizations
+      @credit_card.user.customers.update_all(allow_charges: false)
     end
 
-    def stripe_account_id
-      StripeAccount.
-        find_by(enterprise_id: @credit_card.payment_method.preferred_enterprise_id).
-        andand.
-        stripe_user_id
+    # It destroys the whole customer object
+    def destroy_at_stripe
+      Stripe::CreditCardCloneDestroyer.new.destroy_clones(@credit_card)
+
+      stripe_customer = Stripe::Customer.retrieve(@credit_card.gateway_customer_profile_id, {})
+      stripe_customer&.delete unless stripe_customer.deleted?
     end
 
     def create_customer(token)

app/controllers/spree/orders_controller.rb

@@ -1,6 +1,3 @@
-require 'spree/core/controller_helpers/order'
-require 'spree/core/controller_helpers/auth'
-
 module Spree
   class OrdersController < Spree::StoreController
     include OrderCyclesHelper

app/controllers/spree/user_registrations_controller.rb

@@ -18,26 +18,6 @@ module Spree
     before_action :check_permissions, only: [:edit, :update]
     skip_before_action :require_no_authentication
 
-    # GET /resource/sign_up
-    def new
-      super
-      @user = resource
-    end
-
-    # POST /resource/sign_up
-    def create
-      @user = build_resource(params[:spree_user])
-      if resource.save
-        set_flash_message(:notice, :signed_up)
-        sign_in(:spree_user, @user)
-        associate_user
-        respond_with resource, location: after_sign_up_path_for(resource)
-      else
-        clean_up_passwords(resource)
-        render :new
-      end
-    end
-
     # GET /resource/edit
     def edit
       super

app/helpers/application_helper.rb

@@ -1,6 +1,6 @@
 module ApplicationHelper
-  def feature?(feature)
-    OpenFoodNetwork::FeatureToggle.enabled? feature
+  def feature?(feature, user = nil)
+    OpenFoodNetwork::FeatureToggle.enabled?(feature, user)
   end
 
   def ng_form_for(name, *args, &block)

app/helpers/checkout_helper.rb

@@ -18,7 +18,9 @@ module CheckoutHelper
     enterprise_fee_adjustments = adjustments.select { |a| a.originator_type == 'EnterpriseFee' && a.source_type != 'Spree::LineItem' }
     adjustments.reject! { |a| a.originator_type == 'EnterpriseFee' && a.source_type != 'Spree::LineItem' }
     unless exclude.include? :admin_and_handling
-      adjustments << Spree::Adjustment.new(label: I18n.t(:orders_form_admin), amount: enterprise_fee_adjustments.sum(&:amount))
+      adjustments << Spree::Adjustment.new(
+        label: I18n.t(:orders_form_admin), amount: enterprise_fee_adjustments.map(&:amount).sum
+      )
     end
 
     adjustments
@@ -26,7 +28,7 @@ module CheckoutHelper
 
   def display_checkout_admin_and_handling_adjustments_total_for(order)
     adjustments = order.adjustments.eligible.where('originator_type = ? AND source_type != ? ', 'EnterpriseFee', 'Spree::LineItem')
-    Spree::Money.new adjustments.sum(&:amount), currency: order.currency
+    Spree::Money.new adjustments.map(&:amount).sum, currency: order.currency
   end
 
   def checkout_line_item_adjustments(order)
@@ -34,7 +36,7 @@ module CheckoutHelper
   end
 
   def checkout_subtotal(order)
-    order.item_total + checkout_line_item_adjustments(order).sum(&:amount)
+    order.item_total + checkout_line_item_adjustments(order).map(&:amount).sum
   end
 
   def display_checkout_subtotal(order)

app/helpers/html_helper.rb

@@ -1,21 +0,0 @@
-module HtmlHelper
-  def strip_html(html)
-    strip_surrounding_whitespace substitute_entities strip_tags add_linebreaks html
-  end
-
-  def substitute_entities(html)
-    html.andand.gsub(/ /i, ' ').andand.gsub(/&/i, '&')
-  end
-
-  def add_linebreaks(html)
-    # I know Cthulu is coming for me. Forgive me.
-    # http://stackoverflow.com/a/1732454/2720566
-    html.
-      andand.gsub(%r{</h[^>]>|</p>|</div>}, "\\1\n\n").
-      andand.gsub(/<br[^>]*>/, "\\1\n")
-  end
-
-  def strip_surrounding_whitespace(html)
-    html.andand.strip
-  end
-end

app/jobs/bulk_invoice_job.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+class BulkInvoiceJob < ActiveJob::Base
+  def perform(order_ids, filepath)
+    pdf = CombinePDF.new
+
+    orders_from(order_ids).each do |order|
+      invoice = renderer.render_to_string(order)
+
+      pdf << CombinePDF.parse(invoice)
+    end
+
+    pdf.save filepath
+  end
+
+  private
+
+  def orders_from(order_ids)
+    Spree::Order.where(id: order_ids).order("completed_at DESC")
+  end
+
+  def renderer
+    @renderer ||= InvoiceRenderer.new
+  end
+end

app/jobs/confirm_order_job.rb

@@ -1,5 +1,7 @@
-ConfirmOrderJob = Struct.new(:order_id) do
-  def perform
+# frozen_string_literal: true
+
+class ConfirmOrderJob < ActiveJob::Base
+  def perform(order_id)
     Spree::OrderMailer.confirm_email_for_customer(order_id).deliver
     Spree::OrderMailer.confirm_email_for_shop(order_id).deliver
   end

app/jobs/confirm_signup_job.rb

@@ -1,5 +1,7 @@
-ConfirmSignupJob = Struct.new(:user_id) do
-  def perform
+# frozen_string_literal: true
+
+class ConfirmSignupJob < ActiveJob::Base
+  def perform(user_id)
     user = Spree::User.find user_id
     Spree::UserMailer.signup_confirmation(user).deliver
   end

app/jobs/order_cycle_notification_job.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 # Delivers an email with a report of the order cycle to each of its suppliers
-OrderCycleNotificationJob = Struct.new(:order_cycle_id) do
-  def perform
+class OrderCycleNotificationJob < ActiveJob::Base
+  def perform(order_cycle_id)
     order_cycle = OrderCycle.find(order_cycle_id)
     order_cycle.suppliers.each do |supplier|
       ProducerMailer.order_cycle_report(supplier, order_cycle).deliver

app/jobs/subscription_confirm_job.rb

@@ -62,7 +62,7 @@ class SubscriptionConfirmJob
     return unless order.payment_required?
 
     prepare_for_payment!(order)
-    order.process_payments!
+    order.process_payments_offline!
     raise if order.errors.any?
   end
 

app/jobs/welcome_enterprise_job.rb

@@ -1,5 +1,7 @@
-WelcomeEnterpriseJob = Struct.new(:enterprise_id) do
-  def perform
+# frozen_string_literal: true
+
+class WelcomeEnterpriseJob < ActiveJob::Base
+  def perform(enterprise_id)
     enterprise = Enterprise.find enterprise_id
     EnterpriseMailer.welcome(enterprise).deliver
   end

app/mailers/spree/order_mailer.rb

@@ -2,7 +2,6 @@
 
 module Spree
   class OrderMailer < BaseMailer
-    helper HtmlHelper
     helper ::CheckoutHelper
     helper SpreeCurrencyHelper
     helper Spree::Admin::PaymentsHelper

app/models/concerns/api_action_caching.rb

@@ -9,7 +9,7 @@ module ApiActionCaching
   included do
     include ActionController::Caching
     include ActionController::Caching::Actions
-    include AbstractController::Layouts
+    include ActionView::Layouts
 
     # These configs are not assigned to the controller automatically with ActionController::Metal
     self.cache_store = Rails.configuration.cache_store

app/models/customer.rb

@@ -25,6 +25,9 @@ class Customer < ActiveRecord::Base
 
   before_create :associate_user
 
+  attr_accessor :gateway_recurring_payment_client_secret
+  attr_accessor :gateway_shop_id
+
   private
 
   def downcase_email

app/models/enterprise.rb

@@ -132,7 +132,7 @@ class Enterprise < ActiveRecord::Base
       where(nil)
     end
   }
-  scope :is_primary_producer, -> { where(is_primary_producer: true) }
+  scope :is_primary_producer, -> { where("enterprises.is_primary_producer IS TRUE") }
   scope :is_distributor, -> { where('sells != ?', 'none') }
   scope :is_hub, -> { where(sells: 'any') }
   scope :supplying_variant_in, lambda { |variants|
@@ -400,7 +400,7 @@ class Enterprise < ActiveRecord::Base
   end
 
   def send_welcome_email
-    Delayed::Job.enqueue WelcomeEnterpriseJob.new(id)
+    WelcomeEnterpriseJob.perform_later(id)
   end
 
   def strip_url(url)

app/models/enterprise_group.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'open_food_network/locking'
 require 'open_food_network/permalink_generator'
 require 'spree/core/s3_support'
@@ -66,10 +68,10 @@ class EnterpriseGroup < ActiveRecord::Base
   def unset_undefined_address_fields
     return if address.blank?
 
-    address.phone.sub!(/^#{I18n.t(:undefined)}$/, '')
-    address.address1.sub!(/^#{I18n.t(:undefined)}$/, '')
-    address.city.sub!(/^#{I18n.t(:undefined)}$/, '')
-    address.zipcode.sub!(/^#{I18n.t(:undefined)}$/, '')
+    address.phone = address.phone.sub(/^#{I18n.t(:undefined)}$/, '')
+    address.address1 = address.address1.sub(/^#{I18n.t(:undefined)}$/, '')
+    address.city = address.city.sub(/^#{I18n.t(:undefined)}$/, '')
+    address.zipcode = address.zipcode.sub(/^#{I18n.t(:undefined)}$/, '')
   end
 
   def to_param

app/models/spree/gateway/stripe_connect.rb

@@ -31,6 +31,10 @@ module Spree
         failed_activemerchant_billing_response(e.message)
       end
 
+      def charge_offline(money, creditcard, gateway_options)
+        purchase(money, creditcard, gateway_options)
+      end
+
       # NOTE: the name of this method is determined by Spree::Payment::Processing
       def void(response_code, _creditcard, gateway_options)
         gateway_options[:stripe_account] = stripe_account_id

app/models/spree/gateway/stripe_sca.rb

@@ -45,11 +45,21 @@ module Spree
         failed_activemerchant_billing_response(e.message)
       end
 
+      # NOTE: the name of this method is determined by Spree::Payment::Processing
+      def charge_offline(money, creditcard, gateway_options)
+        customer, payment_method =
+          Stripe::CreditCardCloner.new(creditcard, stripe_account_id).find_or_clone
+
+        options = basic_options(gateway_options).merge(customer: customer, off_session: true)
+        provider.purchase(money, payment_method, options)
+      rescue Stripe::StripeError => e
+        failed_activemerchant_billing_response(e.message)
+      end
+
       # NOTE: the name of this method is determined by Spree::Payment::Processing
       def authorize(money, creditcard, gateway_options)
-        authorize_response = provider.authorize(*options_for_authorize(money,
-                                                                       creditcard,
-                                                                       gateway_options))
+        authorize_response =
+          provider.authorize(*options_for_authorize(money, creditcard, gateway_options))
         Stripe::AuthorizeResponsePatcher.new(authorize_response).call!
       rescue Stripe::StripeError => e
         failed_activemerchant_billing_response(e.message)
@@ -61,7 +71,7 @@ module Spree
         payment_intent_response = Stripe::PaymentIntent.retrieve(payment_intent_id,
                                                                  stripe_account: stripe_account_id)
         gateway_options[:stripe_account] = stripe_account_id
-        provider.refund(payment_intent_response.amount_received, response_code, gateway_options)
+        provider.refund(refundable_amount(payment_intent_response), response_code, gateway_options)
       end
 
       # NOTE: the name of this method is determined by Spree::Payment::Processing
@@ -79,6 +89,11 @@ module Spree
 
       private
 
+      def refundable_amount(payment_intent_response)
+        payment_intent_response.amount_received -
+          payment_intent_response.charges.data.map(&:amount_refunded).sum
+      end
+
       # In this gateway, what we call 'secret_key' is the 'login'
       def options
         options = super
@@ -97,8 +112,8 @@ module Spree
         options = basic_options(gateway_options)
         options[:return_url] = full_checkout_path
 
-        customer_id, payment_method_id = Stripe::CreditCardCloner.new.clone(creditcard,
-                                                                            stripe_account_id)
+        customer_id, payment_method_id =
+          Stripe::CreditCardCloner.new(creditcard, stripe_account_id).find_or_clone
         options[:customer] = customer_id
         [money, payment_method_id, options]
       end

app/models/spree/image.rb

@@ -34,14 +34,24 @@ module Spree
     end
 
     def find_dimensions
-      temporary = attachment.queued_for_write[:original]
-      filename = temporary.path unless temporary.nil?
-      filename = attachment.path if filename.blank?
-      geometry = Paperclip::Geometry.from_file(filename)
+      return if attachment.errors.present?
+
+      geometry = Paperclip::Geometry.from_file(local_filename_of_original)
+
       self.attachment_width  = geometry.width
       self.attachment_height = geometry.height
     end
 
+    def local_filename_of_original
+      temporary = attachment.queued_for_write[:original]
+
+      if temporary&.path.present?
+        temporary.path
+      else
+        attachment.path
+      end
+    end
+
     # if there are errors from the plugin, then add a more meaningful message
     def no_attachment_errors
       return if attachment.errors.empty?

app/models/spree/line_item.rb

@@ -178,7 +178,7 @@ module Spree
     end
 
     def included_tax
-      adjustments.included_tax.sum(&:included_tax)
+      adjustments.included_tax.sum(:included_tax)
     end
 
     def tax_rates

app/models/spree/order.rb

@@ -466,7 +466,7 @@ module Spree
     def deliver_order_confirmation_email
       return if subscription.present?
 
-      Delayed::Job.enqueue ConfirmOrderJob.new(id)
+      ConfirmOrderJob.perform_later(id)
     end
 
     # Helper methods for checkout steps
@@ -500,22 +500,19 @@ module Spree
     #   :allow_checkout_on_gateway_error is set to false
     #
     def process_payments!
-      raise Core::GatewayError, Spree.t(:no_pending_payments) if pending_payments.empty?
-
-      pending_payments.each do |payment|
-        break if payment_total >= total
-
-        payment.process!
-
-        if payment.completed?
-          self.payment_total += payment.amount
-        end
-      end
+      process_each_payment(&:process!)
     rescue Core::GatewayError => e
       result = !!Spree::Config[:allow_checkout_on_gateway_error]
       errors.add(:base, e.message) && (return result)
     end
 
+    def process_payments_offline!
+      process_each_payment(&:process_offline!)
+    rescue Core::GatewayError => e
+      errors.add(:base, e.message)
+      false
+    end
+
     def billing_firstname
       bill_address.try(:firstname)
     end
@@ -729,15 +726,15 @@ module Spree
     end
 
     def shipping_tax
-      adjustments(:reload).shipping.sum(&:included_tax)
+      adjustments(:reload).shipping.sum(:included_tax)
     end
 
     def enterprise_fee_tax
-      adjustments(:reload).enterprise_fee.sum(&:included_tax)
+      adjustments(:reload).enterprise_fee.sum(:included_tax)
     end
 
     def total_tax
-      (adjustments + price_adjustments).sum(&:included_tax)
+      (adjustments.to_a + price_adjustments.to_a).sum(&:included_tax)
     end
 
     def price_adjustments
@@ -778,6 +775,20 @@ module Spree
 
     private
 
+    def process_each_payment
+      raise Core::GatewayError, Spree.t(:no_pending_payments) if pending_payments.empty?
+
+      pending_payments.each do |payment|
+        break if payment_total >= total
+
+        yield payment
+
+        if payment.completed?
+          self.payment_total += payment.amount
+        end
+      end
+    end
+
     def link_by_email
       self.email = user.email if user
     end

app/models/spree/order/checkout.rb

@@ -34,7 +34,7 @@ module Spree
             klass = self
 
             # To avoid a ton of warnings when the state machine is re-defined
-            StateMachine::Machine.ignore_method_conflicts = true
+            StateMachines::Machine.ignore_method_conflicts = true
             # To avoid multiple occurrences of the same transition being defined
             # On first definition, state_machines will not be defined
             state_machines.clear if respond_to?(:state_machines)

app/models/spree/payment/processing.rb

@@ -4,16 +4,7 @@ module Spree
   class Payment < ActiveRecord::Base
     module Processing
       def process!
-        return unless payment_method&.source_required?
-
-        raise Core::GatewayError, Spree.t(:payment_processing_failed) unless source
-
-        return if processing?
-
-        unless payment_method.supports?(source)
-          invalidate!
-          raise Core::GatewayError, Spree.t(:payment_method_not_supported)
-        end
+        return unless validate!
 
         if payment_method.auto_capture?
           purchase!
@@ -22,6 +13,16 @@ module Spree
         end
       end
 
+      def process_offline!
+        return unless validate!
+
+        if payment_method.auto_capture?
+          charge_offline!
+        else
+          authorize!
+        end
+      end
+
       def authorize!
         started_processing!
         gateway_action(source, :authorize, :pend)
@@ -32,6 +33,11 @@ module Spree
         gateway_action(source, :purchase, :complete)
       end
 
+      def charge_offline!
+        started_processing!
+        gateway_action(source, :charge_offline, :complete)
+      end
+
       def capture!
         return true if completed?
 
@@ -193,6 +199,20 @@ module Spree
 
       private
 
+      def validate!
+        return false unless payment_method&.source_required?
+
+        raise Core::GatewayError, Spree.t(:payment_processing_failed) unless source
+
+        return false if processing?
+
+        unless payment_method.supports?(source)
+          invalidate!
+          raise Core::GatewayError, Spree.t(:payment_method_not_supported)
+        end
+        true
+      end
+
       def calculate_refund_amount(refund_amount = nil)
         refund_amount ||= if credit_allowed >= order.outstanding_balance.abs
                             order.outstanding_balance.abs

app/models/spree/payment_method.rb

@@ -98,7 +98,7 @@ module Spree
     end
 
     def init
-      unless reflections.key?(:calculator)
+      unless _reflections.key?(:calculator)
         self.class.include Spree::Core::CalculatedAdjustments
       end
 

app/models/spree/preferences/store.rb

@@ -61,6 +61,8 @@ module Spree
       end
 
       def delete(key)
+        return if key.nil?
+
         @cache.delete(key)
         destroy(key)
       end

app/models/spree/price.rb

@@ -1,4 +1,4 @@
-# frozen_string_literal: true
+# frozen_string_literal: false
 
 module Spree
   class Price < ActiveRecord::Base

app/models/spree/product.rb

@@ -95,6 +95,7 @@ module Spree
     validates :tax_category_id, presence: true, if: "Spree::Config.products_require_tax_category"
 
     validates :variant_unit, presence: true
+    validates :unit_value, presence: { if: ->(p) { %w(weight volume).include? p.variant_unit } }
     validates :variant_unit_scale,
               presence: { if: ->(p) { %w(weight volume).include? p.variant_unit } }
     validates :variant_unit_name,

app/models/spree/stock/quantifier.rb

@@ -15,7 +15,7 @@ module Spree
         # may still be in an active cart after it's deleted, so this will mark it as out of stock.
         return 0 if @variant.deleted?
 
-        stock_items.sum(&:count_on_hand)
+        stock_items.sum(:count_on_hand)
       end
 
       def backorderable?

app/models/spree/user.rb

@@ -1,7 +1,8 @@
 module Spree
   class User < ActiveRecord::Base
     devise :database_authenticatable, :token_authenticatable, :registerable, :recoverable,
-           :rememberable, :trackable, :validatable, :encryptable, encryptor: 'authlogic_sha512'
+           :rememberable, :trackable, :validatable,
+           :encryptable, :confirmable, encryptor: 'authlogic_sha512', reconfirmable: true
 
     has_many :orders
     belongs_to :ship_address, foreign_key: 'ship_address_id', class_name: 'Spree::Address'
@@ -39,9 +40,6 @@ module Spree
 
     validate :limit_owned_enterprises
 
-    # We use the same options as Spree and add :confirmable
-    devise :confirmable, reconfirmable: true
-
     class DestroyWithOrdersError < StandardError; end
 
     def self.admin_created?
@@ -58,9 +56,11 @@ module Spree
       has_spree_role?('admin')
     end
 
-    # handle_asynchronously will define send_reset_password_instructions_with_delay.
-    # If handle_asynchronously is called twice, we get an infinite job loop.
-    handle_asynchronously :send_reset_password_instructions unless method_defined? :send_reset_password_instructions_with_delay
+    # Send devise-based user emails asyncronously via ActiveJob
+    # See: https://github.com/heartcombo/devise/tree/v3.5.10#activejob-integration
+    def send_devise_notification(notification, *args)
+      devise_mailer.public_send(notification, self, *args).deliver_later
+    end
 
     def regenerate_reset_password_token
       set_reset_password_token
@@ -72,6 +72,7 @@ module Spree
       else
         Spree::User
           .includes(:enterprises)
+          .references(:enterprises)
           .where("enterprises.id IN (SELECT enterprise_id FROM enterprise_roles WHERE user_id = ?)",
                  id)
       end
@@ -100,7 +101,7 @@ module Spree
     end
 
     def send_signup_confirmation
-      Delayed::Job.enqueue ConfirmSignupJob.new(id)
+      ConfirmSignupJob.perform_later(id)
     end
 
     def associate_customers

app/models/spree/variant.rb

@@ -136,7 +136,7 @@ module Spree
     end
 
     def self.indexed
-      scoped.index_by(&:id)
+      where(nil).index_by(&:id)
     end
 
     def self.active(currency = nil)

app/serializers/api/customer_serializer.rb

@@ -1,5 +1,14 @@
 module Api
   class CustomerSerializer < ActiveModel::Serializer
     attributes :id, :enterprise_id, :name, :code, :email, :allow_charges
+
+    def attributes
+      hash = super
+      if secret = object.gateway_recurring_payment_client_secret
+        hash.merge!(gateway_recurring_payment_client_secret: secret)
+      end
+      hash.merge!(gateway_shop_id: object.gateway_shop_id) if object.gateway_shop_id
+      hash
+    end
   end
 end

app/serializers/api/order_serializer.rb

@@ -16,7 +16,7 @@ module Api
     end
 
     def item_count
-      object.line_items.sum(&:quantity)
+      object.line_items.sum(:quantity)
     end
 
     def completed_at

app/services/bulk_invoice_service.rb

@@ -6,17 +6,8 @@ class BulkInvoiceService
   end
 
   def start_pdf_job(order_ids)
-    pdf = CombinePDF.new
-
-    orders_from(order_ids).each do |order|
-      invoice = renderer.render_to_string(order)
-
-      pdf << CombinePDF.parse(invoice)
-    end
-
-    pdf.save "#{file_directory}/#{@id}.pdf"
+    BulkInvoiceJob.perform_later order_ids, "#{file_directory}/#{@id}.pdf"
   end
-  handle_asynchronously :start_pdf_job
 
   def invoice_created?(invoice_id)
     File.exist? filepath(invoice_id)
@@ -28,10 +19,6 @@ class BulkInvoiceService
 
   private
 
-  def orders_from(order_ids)
-    Spree::Order.where(id: order_ids).order("completed_at DESC")
-  end
-
   def new_invoice_id
     Time.zone.now.to_i.to_s
   end
@@ -40,10 +27,6 @@ class BulkInvoiceService
     'tmp/invoices'
   end
 
-  def renderer
-    @renderer ||= InvoiceRenderer.new
-  end
-
   def file_directory
     Dir.mkdir(directory) unless File.exist?(directory)
     directory

app/services/cart_service.rb

@@ -22,6 +22,10 @@ class CartService
     valid?
   end
 
+  def valid?
+    errors.empty?
+  end
+
   private
 
   def attempt_cart_add_variants(variants_data)
@@ -109,10 +113,6 @@ class CartService
     end
   end
 
-  def valid?
-    errors.empty?
-  end
-
   def cart_remove(variant_id)
     variant = Spree::Variant.find(variant_id)
     @order.remove_variant(variant)
@@ -145,7 +145,7 @@ class CartService
 
   def check_order_cycle_provided
     order_cycle_provided = @order_cycle.present?
-    errors.add(:base, "Please choose an order cycle for this order.") unless order_cycle_provided
+    errors.add(:base, I18n.t(:spree_order_cycle_error)) unless order_cycle_provided
     order_cycle_provided
   end