Merge pull request #6676 from openfoodfoundation/transifex

Transifex
Merge pull request #6688 from coopdevs/remove-unneeded-deprecation-warning
2026-01-18 19:36:48 +00:00 · 2021-01-18 13:34:44 -08:00 · 2021-01-18 21:06:56 +01:00 · 2021-01-18 18:05:44 +01:00 · 2021-01-18 17:01:43 +01:00 · 2021-01-18 17:01:33 +01:00
651 changed files with 5996 additions and 2893 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,7 +7,7 @@ updates:
      interval: "daily"
    open-pull-requests-limit: 10

-  - package-ecosystem: "yarn"
+  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
--- a/.haml-lint.yml
+++ b/.haml-lint.yml
@@ -0,0 +1,70 @@
+# Whether to ignore frontmatter at the beginning of HAML documents for
+# frameworks such as Jekyll/Middleman
+skip_frontmatter: false
+
+linters:
+  AltText:
+    enabled: false
+
+  ClassAttributeWithStaticValue:
+    enabled: true
+
+  ClassesBeforeIds:
+    enabled: true
+
+  ConsecutiveComments:
+    enabled: true
+
+  ConsecutiveSilentScripts:
+    enabled: true
+    max_consecutive: 2
+
+  EmptyScript:
+    enabled: true
+
+  HtmlAttributes:
+    enabled: true
+
+  ImplicitDiv:
+    enabled: true
+
+  LeadingCommentSpace:
+    enabled: true
+
+  LineLength:
+    enabled: true
+    max: 80
+
+  MultilinePipe:
+    enabled: true
+
+  MultilineScript:
+    enabled: true
+
+  ObjectReferenceAttributes:
+    enabled: true
+
+  RuboCop:
+    enabled: false
+
+  RubyComments:
+    enabled: true
+
+  SpaceBeforeScript:
+    enabled: true
+
+  SpaceInsideHashAttributes:
+    enabled: true
+    style: no_space
+
+  TagName:
+    enabled: true
+
+  TrailingWhitespace:
+    enabled: true
+
+  UnnecessaryInterpolation:
+    enabled: true
+
+  UnnecessaryStringOutput:
+    enabled: true
--- a/.hound.yml
+++ b/.hound.yml
@@ -2,3 +2,5 @@ rubocop:
  config_file: .rubocop_styleguide.yml
 scss:
  config_file: .scss-lint.yml
+haml:
+  config_file: .haml-lint.yml
--- a/.rubocop_manual_todo.yml
+++ b/.rubocop_manual_todo.yml
@@ -66,8 +66,9 @@ Layout/LineLength:
  - app/models/spree/image.rb
  - app/models/spree/order.rb
  - app/models/spree/payment_method.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
  - app/models/spree/user.rb
+  - app/models/spree/variant.rb
  - app/models/subscription.rb
  - app/models/variant_override.rb
  - app/models/variant_override_set.rb
@@ -101,6 +102,7 @@ Layout/LineLength:
  - lib/open_food_network/scope_variants_for_search.rb
  - lib/open_food_network/xero_invoices_report.rb
  - lib/spree/localized_number.rb
+  - lib/stripe/credit_card_clone_finder.rb
  - lib/tasks/data.rake
  - lib/tasks/enterprises.rake
  - spec/controllers/admin/bulk_line_items_controller_spec.rb
@@ -336,6 +338,7 @@ Metrics/AbcSize:
  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/admin/order_cycles_controller.rb
  - app/controllers/admin/product_import_controller.rb
+  - app/controllers/admin/resource_controller.rb
  - app/controllers/admin/stripe_accounts_controller.rb
  - app/controllers/admin/subscription_line_items_controller.rb
  - app/controllers/admin/subscriptions_controller.rb
@@ -356,13 +359,13 @@ Metrics/AbcSize:
  - app/controllers/spree/admin/payments_controller.rb
  - app/controllers/spree/admin/products_controller.rb
  - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
  - app/controllers/spree/admin/search_controller.rb
  - app/controllers/spree/admin/taxons_controller.rb
  - app/controllers/spree/admin/users_controller.rb
  - app/controllers/spree/admin/variants_controller.rb
  - app/controllers/spree/credit_cards_controller.rb
  - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/paypal_controller_decorator.rb
  - app/controllers/spree/user_passwords_controller.rb
  - app/controllers/spree/user_registrations_controller.rb
  - app/controllers/spree/users_controller.rb
@@ -399,11 +402,12 @@ Metrics/AbcSize:
  - app/models/spree/preference.rb
  - app/models/spree/preferences/preferable_class_methods.rb
  - app/models/spree/preferences/preferable.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
  - app/models/spree/return_authorization.rb
  - app/models/spree/shipment.rb
  - app/models/spree/taxon.rb
  - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
  - app/models/spree/zone.rb
  - app/serializers/api/product_serializer.rb
  - app/serializers/api/variant_serializer.rb
@@ -430,6 +434,7 @@ Metrics/AbcSize:
  - lib/open_food_network/order_cycle_form_applicator.rb
  - lib/open_food_network/order_cycle_management_report.rb
  - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/orders_and_fulfillments_report/supplier_totals_report.rb
  - lib/open_food_network/packing_report.rb
  - lib/open_food_network/payments_report.rb
  - lib/open_food_network/permissions.rb
@@ -530,7 +535,7 @@ Metrics/CyclomaticComplexity:
  - app/models/spree/preference.rb
  - app/models/spree/preferences/preferable.rb
  - app/models/spree/preferences/preferable_class_methods.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/product.rb
  - app/models/spree/return_authorization.rb
  - app/models/spree/zone.rb
  - app/models/variant_override_set.rb
@@ -550,39 +555,6 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
  Max: 7
  Exclude:
-  - app/controllers/admin/enterprise_fees_controller.rb
-  - app/controllers/admin/enterprises_controller.rb
-  - app/controllers/spree/admin/taxons_controller.rb
-  - app/controllers/spree/orders_controller.rb
-  - app/helpers/checkout_helper.rb
-  - app/helpers/order_cycles_helper.rb
-  - app/helpers/spree/admin/base_helper.rb
-  - app/helpers/spree/admin/navigation_helper.rb
-  - app/models/enterprise.rb
-  - app/models/enterprise_relationship.rb
-  - app/models/spree/ability.rb
-  - app/models/spree/address.rb
-  - app/models/spree/order/checkout.rb
-  - app/models/spree/payment_method.rb
-  - app/models/spree/payment.rb
-  - app/models/spree/preferences/preferable.rb
-  - app/models/spree/preferences/preferable_class_methods.rb
-  - app/models/spree/product_decorator.rb
-  - app/models/spree/return_authorization.rb
-  - app/models/spree/zone.rb
-  - app/models/variant_override_set.rb
-  - app/services/cart_service.rb
-  - engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb
-  - engines/order_management/app/services/order_management/stock/estimator.rb
-  - lib/active_merchant/billing/gateways/stripe_payment_intents.rb
-  - lib/discourse/single_sign_on.rb
-  - lib/open_food_network/enterprise_issue_validator.rb
-  - lib/spree/core/calculated_adjustments.rb
-  - lib/spree/core/controller_helpers/order.rb
-  - lib/spree/core/controller_helpers/respond_with.rb
-  - lib/spree/core/controller_helpers/ssl.rb
-  - lib/spree/localized_number.rb
-  - spec/models/product_importer_spec.rb
  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/api/variants_controller.rb
  - app/controllers/spree/admin/taxons_controller.rb
@@ -595,7 +567,10 @@ Metrics/PerceivedComplexity:
  - app/models/spree/address.rb
  - app/models/spree/order/checkout.rb
  - app/models/spree/order.rb
-  - app/models/spree/product_decorator.rb
+  - app/models/spree/preferences/preferable_class_methods.rb
+  - app/models/spree/preferences/preferable.rb
+  - app/models/spree/product.rb
+  - app/models/spree/return_authorization.rb
  - app/models/spree/zone.rb
  - engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb
  - engines/order_management/app/services/order_management/stock/estimator.rb
@@ -618,6 +593,7 @@ Metrics/MethodLength:
  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/admin/manager_invitations_controller.rb
  - app/controllers/admin/order_cycles_controller.rb
+  - app/controllers/admin/resource_controller.rb
  - app/controllers/admin/stripe_accounts_controller.rb
  - app/controllers/admin/subscriptions_controller.rb
  - app/controllers/api/products_controller.rb
@@ -632,13 +608,13 @@ Metrics/MethodLength:
  - app/controllers/spree/admin/payments_controller.rb
  - app/controllers/spree/admin/products_controller.rb
  - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
  - app/controllers/spree/admin/tax_categories_controller.rb
  - app/controllers/spree/admin/taxons_controller.rb
  - app/controllers/spree/admin/users_controller.rb
  - app/controllers/spree/admin/variants_controller.rb
  - app/controllers/spree/credit_cards_controller.rb
  - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/paypal_controller_decorator.rb
  - app/controllers/spree/user_sessions_controller.rb
  - app/controllers/stripe/callbacks_controller.rb
  - app/controllers/user_confirmations_controller.rb
@@ -670,11 +646,13 @@ Metrics/MethodLength:
  - app/models/spree/preferences/preferable_class_methods.rb
  - app/models/spree/preferences/preferable.rb
  - app/models/spree/preferences/store.rb
+  - app/models/spree/product.rb
  - app/models/spree/product_decorator.rb
  - app/models/spree/return_authorization.rb
  - app/models/spree/shipment.rb
  - app/models/spree/taxon.rb
  - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
  - app/models/spree/zone.rb
  - app/serializers/api/admin/order_cycle_serializer.rb
  - app/serializers/api/cached_enterprise_serializer.rb
@@ -719,6 +697,7 @@ Metrics/MethodLength:
  - lib/spree/core/s3_support.rb
  - lib/spree/localized_number.rb
  - lib/spree/responder.rb
+  - lib/stripe/credit_card_clone_finder.rb
  - lib/stripe/profile_storer.rb
  - lib/tasks/sample_data/group_factory.rb
  - lib/tasks/sample_data/order_factory.rb
@@ -732,6 +711,7 @@ Metrics/ClassLength:
  Exclude:
  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/admin/order_cycles_controller.rb
+  - app/controllers/admin/resource_controller.rb
  - app/controllers/admin/schedules_controller.rb
  - app/controllers/admin/subscriptions_controller.rb
  - app/controllers/api/products_controller.rb
@@ -741,7 +721,6 @@ Metrics/ClassLength:
  - app/controllers/spree/admin/payment_methods_controller.rb
  - app/controllers/spree/admin/products_controller.rb
  - app/controllers/spree/admin/reports_controller.rb
-  - app/controllers/spree/admin/resource_controller.rb
  - app/controllers/spree/admin/users_controller.rb
  - app/controllers/spree/orders_controller.rb
  - app/models/enterprise.rb
@@ -752,11 +731,14 @@ Metrics/ClassLength:
  - app/models/spree/ability.rb
  - app/models/spree/address.rb
  - app/models/spree/credit_card.rb
+  - app/models/spree/gateway/stripe_sca.rb
  - app/models/spree/line_item.rb
  - app/models/spree/order.rb
  - app/models/spree/payment.rb
+  - app/models/spree/product.rb
  - app/models/spree/shipment.rb
  - app/models/spree/user.rb
+  - app/models/spree/variant.rb
  - app/models/spree/zone.rb
  - app/serializers/api/cached_enterprise_serializer.rb
  - app/serializers/api/enterprise_shopfront_serializer.rb
--- a/.rubocop_styleguide.yml
+++ b/.rubocop_styleguide.yml
@@ -46,6 +46,9 @@ Lint/RaiseException:
 Lint/StructNewOverride:
  Enabled: true

+Bundler/DuplicatedGem:
+  Enabled: false
+
 ## TEMPORARY/CONTESTED SETTINGS
 #
 # These are still to be decided upon, but recommended for inclusion by
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 1400`
-# on 2020-10-30 17:18:53 +0000 using RuboCop version 0.81.0.
+# on 2020-12-23 22:07:55 +0000 using RuboCop version 0.81.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -11,28 +11,19 @@ Lint/DuplicateMethods:
  Exclude:
    - 'lib/discourse/single_sign_on.rb'

-# Offense count: 8
+# Offense count: 5
 Lint/IneffectiveAccessModifier:
  Exclude:
    - 'app/models/column_preference.rb'
    - 'app/models/spree/user.rb'
    - 'app/services/mail_configuration.rb'
-    - 'lib/open_food_network/feature_toggle.rb'

-# Offense count: 3
+# Offense count: 2
 # Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
 Lint/UselessAccessModifier:
  Exclude:
    - 'app/models/column_preference.rb'
    - 'app/services/mail_configuration.rb'
-    - 'lib/open_food_network/feature_toggle.rb'
-
-# Offense count: 2
-Lint/UselessAssignment:
-  Exclude:
-    - 'spec/**/*'
-    - 'app/models/spree/taxon.rb'
-    - 'lib/spree/core/controller_helpers/common.rb'

 # Offense count: 10
 Naming/AccessorMethodName:
@@ -60,7 +51,7 @@ Naming/MemoizedInstanceVariableName:
    - 'app/mailers/producer_mailer.rb'
    - 'lib/open_food_network/address_finder.rb'

-# Offense count: 24
+# Offense count: 25
 # Configuration parameters: NamePrefix, ForbiddenPrefixes, AllowedMethods, MethodDefinitionMacros.
 # NamePrefix: is_, has_, have_
 # ForbiddenPrefixes: is_, has_, have_
@@ -72,6 +63,7 @@ Naming/PredicateName:
    - 'app/models/enterprise.rb'
    - 'app/models/enterprise_relationship.rb'
    - 'app/models/order_cycle.rb'
+    - 'app/models/spree/ability.rb'
    - 'app/models/spree/adjustment.rb'
    - 'app/models/spree/credit_card.rb'
    - 'app/models/spree/line_item.rb'
@@ -94,12 +86,13 @@ Naming/VariableNumber:
  Exclude:
    - 'spec/factories/stock_location_factory.rb'

-# Offense count: 7
+# Offense count: 8
 # Cop supports --auto-correct.
 Rails/ActiveRecordAliases:
  Exclude:
    - 'spec/controllers/line_items_controller_spec.rb'
    - 'spec/controllers/spree/orders_controller_spec.rb'
+    - 'spec/features/admin/subscriptions_spec.rb'
    - 'spec/features/consumer/shopping/orders_spec.rb'
    - 'spec/requests/api/orders_spec.rb'

@@ -125,7 +118,7 @@ Rails/Delegate:
    - 'app/models/spree/line_item.rb'
    - 'engines/order_management/app/services/order_management/reports/bulk_coop/renderers/html_renderer.rb'

-# Offense count: 16
+# Offense count: 15
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: slashes, arguments
 Rails/FilePath:
@@ -139,7 +132,6 @@ Rails/FilePath:
    - 'spec/factories/product_factory.rb'
    - 'spec/features/admin/enterprises/images_spec.rb'
    - 'spec/models/content_configuration_spec.rb'
-    - 'spec/models/spree/variant_spec.rb'
    - 'spec/serializers/api/admin/enterprise_serializer_spec.rb'
    - 'spec/support/downloads_helper.rb'

@@ -163,7 +155,7 @@ Rails/FindEach:
  Exclude:
    - 'app/models/spree/shipment.rb'

-# Offense count: 9
+# Offense count: 11
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
@@ -172,12 +164,14 @@ Rails/HasAndBelongsToMany:
    - 'app/models/enterprise.rb'
    - 'app/models/enterprise_group.rb'
    - 'app/models/spree/line_item.rb'
+    - 'app/models/spree/option_value.rb'
    - 'app/models/spree/role.rb'
    - 'app/models/spree/shipping_method.rb'
    - 'app/models/spree/user.rb'
+    - 'app/models/spree/variant.rb'
    - 'app/models/spree/zone.rb'

-# Offense count: 38
+# Offense count: 41
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
@@ -197,7 +191,7 @@ Rails/HasManyOrHasOneDependent:
    - 'app/models/spree/shipping_method.rb'
    - 'app/models/spree/taxonomy.rb'
    - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant_decorator.rb'
+    - 'app/models/spree/variant.rb'
    - 'app/models/subscription.rb'

 # Offense count: 84
@@ -272,15 +266,16 @@ Rails/ReflectionClassName:
    - 'app/models/spree/order.rb'
    - 'app/models/subscription.rb'

-# Offense count: 247
+# Offense count: 252
 # Configuration parameters: Blacklist, Whitelist.
 # Blacklist: decrement!, decrement_counter, increment!, increment_counter, toggle!, touch, update_all, update_attribute, update_column, update_columns, update_counters
 Rails/SkipsModelValidations:
  Exclude:
+    - 'app/controllers/admin/resource_controller.rb'
    - 'app/controllers/spree/admin/payment_methods_controller.rb'
-    - 'app/controllers/spree/admin/resource_controller.rb'
    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
    - 'app/controllers/spree/admin/taxons_controller.rb'
+    - 'app/controllers/spree/credit_cards_controller.rb'
    - 'app/controllers/spree/orders_controller.rb'
    - 'app/jobs/subscription_confirm_job.rb'
    - 'app/jobs/subscription_placement_job.rb'
@@ -294,10 +289,12 @@ Rails/SkipsModelValidations:
    - 'app/models/spree/inventory_unit.rb'
    - 'app/models/spree/order.rb'
    - 'app/models/spree/payment.rb'
+    - 'app/models/spree/product.rb'
    - 'app/models/spree/shipment.rb'
    - 'app/models/spree/shipping_method.rb'
    - 'app/models/spree/tax_category.rb'
    - 'app/models/spree/taxonomy.rb'
+    - 'app/models/spree/variant.rb'
    - 'app/models/spree/zone.rb'
    - 'app/models/subscription.rb'
    - 'app/models/variant_override.rb'
@@ -440,14 +437,12 @@ Style/FormatStringToken:
    - 'lib/open_food_network/sales_tax_report.rb'
    - 'spec/features/admin/bulk_order_management_spec.rb'

-# Offense count: 765
+# Offense count: 365
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
  Exclude:
-    - 'Gemfile'
-    - 'Rakefile'
    - 'app/controllers/admin/bulk_line_items_controller.rb'
    - 'app/controllers/admin/column_preferences_controller.rb'
    - 'app/controllers/admin/contents_controller.rb'
@@ -488,7 +483,6 @@ Style/FrozenStringLiteralComment:
    - 'app/controllers/api/taxonomies_controller.rb'
    - 'app/controllers/api/taxons_controller.rb'
    - 'app/controllers/api/variants_controller.rb'
-    - 'app/controllers/application_controller.rb'
    - 'app/controllers/base_controller.rb'
    - 'app/controllers/cart_controller.rb'
    - 'app/controllers/discourse_sso_controller.rb'
@@ -518,7 +512,6 @@ Style/FrozenStringLiteralComment:
    - 'app/controllers/spree/admin/products_controller.rb'
    - 'app/controllers/spree/admin/properties_controller.rb'
    - 'app/controllers/spree/admin/reports_controller.rb'
-    - 'app/controllers/spree/admin/resource_controller.rb'
    - 'app/controllers/spree/admin/return_authorizations_controller.rb'
    - 'app/controllers/spree/admin/search_controller.rb'
    - 'app/controllers/spree/admin/shipping_categories_controller.rb'
@@ -553,7 +546,6 @@ Style/FrozenStringLiteralComment:
    - 'app/helpers/enterprises_helper.rb'
    - 'app/helpers/footer_links_helper.rb'
    - 'app/helpers/groups_helper.rb'
-    - 'app/helpers/html_helper.rb'
    - 'app/helpers/i18n_helper.rb'
    - 'app/helpers/injection_helper.rb'
    - 'app/helpers/map_helper.rb'
@@ -572,14 +564,10 @@ Style/FrozenStringLiteralComment:
    - 'app/helpers/spree/orders_helper.rb'
    - 'app/helpers/spree/reports_helper.rb'
    - 'app/helpers/spree_currency_helper.rb'
-    - 'app/jobs/confirm_order_job.rb'
-    - 'app/jobs/confirm_signup_job.rb'
    - 'app/jobs/heartbeat_job.rb'
    - 'app/jobs/manager_invitation_job.rb'
-    - 'app/jobs/order_cycle_notification_job.rb'
    - 'app/jobs/subscription_confirm_job.rb'
    - 'app/jobs/subscription_placement_job.rb'
-    - 'app/jobs/welcome_enterprise_job.rb'
    - 'app/mailers/enterprise_mailer.rb'
    - 'app/mailers/spree/user_mailer.rb'
    - 'app/mailers/subscription_mailer.rb'
@@ -601,7 +589,6 @@ Style/FrozenStringLiteralComment:
    - 'app/models/distributor_shipping_method.rb'
    - 'app/models/enterprise_fee.rb'
    - 'app/models/enterprise_fee_set.rb'
-    - 'app/models/enterprise_group.rb'
    - 'app/models/enterprise_relationship_permission.rb'
    - 'app/models/enterprise_role.rb'
    - 'app/models/enterprise_set.rb'
@@ -635,16 +622,10 @@ Style/FrozenStringLiteralComment:
    - 'app/models/spree/gateway/migs.rb'
    - 'app/models/spree/gateway/pin.rb'
    - 'app/models/spree/gateway/stripe_connect.rb'
-    - 'app/models/spree/option_type_decorator.rb'
    - 'app/models/spree/preferences/file_configuration.rb'
-    - 'app/models/spree/price_decorator.rb'
-    - 'app/models/spree/product_decorator.rb'
-    - 'app/models/spree/product_option_type_decorator.rb'
-    - 'app/models/spree/product_property_decorator.rb'
    - 'app/models/spree/product_set.rb'
    - 'app/models/spree/property.rb'
    - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant_decorator.rb'
    - 'app/models/stripe_account.rb'
    - 'app/models/subscription.rb'
    - 'app/models/subscription_line_item.rb'
@@ -725,7 +706,6 @@ Style/FrozenStringLiteralComment:
    - 'app/validators/date_time_string_validator.rb'
    - 'app/validators/distributors_validator.rb'
    - 'app/validators/integer_array_validator.rb'
-    - 'config.ru'
    - 'engines/order_management/app/controllers/order_management/application_controller.rb'
    - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/authorizer.rb'
    - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/data_representations/coordinator_fee.rb'
@@ -750,29 +730,11 @@ Style/FrozenStringLiteralComment:
    - 'engines/order_management/app/services/reports/permissions.rb'
    - 'engines/order_management/app/services/reports/renderers/base.rb'
    - 'engines/order_management/app/services/reports/report_data/base.rb'
-    - 'engines/order_management/config/routes.rb'
-    - 'engines/order_management/lib/order_management.rb'
-    - 'engines/order_management/lib/order_management/engine.rb'
-    - 'engines/order_management/lib/order_management/version.rb'
-    - 'engines/order_management/order_management.gemspec'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/authorizer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/parameters_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/permissions_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/renderers/csv_renderer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/renderers/html_renderer_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/report_data/enterprise_fee_type_total_spec.rb'
-    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/report_service_spec.rb'
    - 'engines/web/app/controllers/web/angular_templates_controller.rb'
    - 'engines/web/app/controllers/web/api/cookies_consent_controller.rb'
    - 'engines/web/app/controllers/web/application_controller.rb'
    - 'engines/web/app/helpers/web/cookies_policy_helper.rb'
-    - 'engines/web/config/routes.rb'
-    - 'engines/web/lib/web.rb'
    - 'engines/web/lib/web/cookies_consent.rb'
-    - 'engines/web/lib/web/engine.rb'
-    - 'engines/web/lib/web/version.rb'
-    - 'engines/web/spec/helpers/cookies_policy_helper_spec.rb'
-    - 'engines/web/web.gemspec'
    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/address_finder.rb'
    - 'lib/open_food_network/available_payment_method_filter.rb'
@@ -787,7 +749,6 @@ Style/FrozenStringLiteralComment:
    - 'lib/open_food_network/group_buy_report.rb'
    - 'lib/open_food_network/i18n_config.rb'
    - 'lib/open_food_network/lettuce_share_report.rb'
-    - 'lib/open_food_network/locking.rb'
    - 'lib/open_food_network/order_and_distributor_report.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
    - 'lib/open_food_network/order_cycle_management_report.rb'
@@ -802,7 +763,6 @@ Style/FrozenStringLiteralComment:
    - 'lib/open_food_network/packing_report.rb'
    - 'lib/open_food_network/paperclippable.rb'
    - 'lib/open_food_network/payments_report.rb'
-    - 'lib/open_food_network/permalink_generator.rb'
    - 'lib/open_food_network/permissions.rb'
    - 'lib/open_food_network/products_and_inventory_report.rb'
    - 'lib/open_food_network/products_and_inventory_report_base.rb'
@@ -822,7 +782,6 @@ Style/FrozenStringLiteralComment:
    - 'lib/open_food_network/xero_invoices_report.rb'
    - 'lib/spree/api/controller_setup.rb'
    - 'lib/spree/authentication_helpers.rb'
-    - 'lib/spree/localized_number.rb'
    - 'lib/spree/money_decorator.rb'
    - 'lib/stripe/account_connector.rb'
    - 'lib/stripe/profile_storer.rb'
@@ -849,370 +808,8 @@ Style/FrozenStringLiteralComment:
    - 'lib/tasks/sample_data/user_factory.rb'
    - 'lib/tasks/specs.rake'
    - 'lib/tasks/users.rake'
-    - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/column_preferences_controller_spec.rb'
-    - 'spec/controllers/admin/customers_controller_spec.rb'
-    - 'spec/controllers/admin/enterprises_controller_spec.rb'
-    - 'spec/controllers/admin/inventory_items_controller_spec.rb'
-    - 'spec/controllers/admin/manager_invitations_controller_spec.rb'
-    - 'spec/controllers/admin/order_cycles_controller_spec.rb'
-    - 'spec/controllers/admin/proxy_orders_controller_spec.rb'
-    - 'spec/controllers/admin/schedules_controller_spec.rb'
-    - 'spec/controllers/admin/stripe_accounts_controller_spec.rb'
-    - 'spec/controllers/admin/stripe_connect_settings_controller_spec.rb'
-    - 'spec/controllers/admin/subscription_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
-    - 'spec/controllers/admin/tag_rules_controller_spec.rb'
-    - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
-    - 'spec/controllers/api/base_controller_spec.rb'
-    - 'spec/controllers/api/customers_controller_spec.rb'
-    - 'spec/controllers/api/enterprise_fees_controller_spec.rb'
-    - 'spec/controllers/api/enterprises_controller_spec.rb'
-    - 'spec/controllers/api/logos_controller_spec.rb'
-    - 'spec/controllers/api/order_cycles_controller_spec.rb'
-    - 'spec/controllers/api/orders_controller_spec.rb'
-    - 'spec/controllers/api/product_images_controller_spec.rb'
-    - 'spec/controllers/api/products_controller_spec.rb'
-    - 'spec/controllers/api/promo_images_controller_spec.rb'
-    - 'spec/controllers/api/shipments_controller_spec.rb'
-    - 'spec/controllers/api/statuses_controller_spec.rb'
-    - 'spec/controllers/api/taxonomies_controller_spec.rb'
-    - 'spec/controllers/api/taxons_controller_spec.rb'
-    - 'spec/controllers/api/terms_and_conditions_controller_spec.rb'
-    - 'spec/controllers/api/variants_controller_spec.rb'
-    - 'spec/controllers/base_controller_spec.rb'
-    - 'spec/controllers/cart_controller_spec.rb'
-    - 'spec/controllers/checkout_controller_spec.rb'
-    - 'spec/controllers/enterprises_controller_spec.rb'
-    - 'spec/controllers/groups_controller_spec.rb'
-    - 'spec/controllers/line_items_controller_spec.rb'
-    - 'spec/controllers/registration_controller_spec.rb'
-    - 'spec/controllers/shop_controller_spec.rb'
-    - 'spec/controllers/shops_controller_spec.rb'
-    - 'spec/controllers/spree/admin/adjustments_controller_spec.rb'
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
-    - 'spec/controllers/spree/admin/general_settings_controller_spec.rb'
-    - 'spec/controllers/spree/admin/invoices_controller_spec.rb'
-    - 'spec/controllers/spree/admin/mail_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/orders/customer_details_controller_spec.rb'
-    - 'spec/controllers/spree/admin/orders_controller_spec.rb'
-    - 'spec/controllers/spree/admin/overview_controller_spec.rb'
-    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/products_controller_spec.rb'
-    - 'spec/controllers/spree/admin/reports_controller_spec.rb'
-    - 'spec/controllers/spree/admin/search_controller_spec.rb'
-    - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/users_controller_spec.rb'
-    - 'spec/controllers/spree/admin/variants_controller_spec.rb'
-    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
-    - 'spec/controllers/spree/orders_controller_spec.rb'
-    - 'spec/controllers/spree/user_sessions_controller_spec.rb'
-    - 'spec/controllers/spree/users_controller_spec.rb'
-    - 'spec/controllers/stripe/callbacks_controller_spec.rb'
-    - 'spec/controllers/stripe/webhooks_controller_spec.rb'
-    - 'spec/controllers/user_confirmations_controller_spec.rb'
-    - 'spec/controllers/user_passwords_controller_spec.rb'
-    - 'spec/controllers/user_registrations_controller_spec.rb'
-    - 'spec/factories.rb'
-    - 'spec/factories/address_factory.rb'
-    - 'spec/factories/calculated_adjustment_factory.rb'
-    - 'spec/factories/calculator_factory.rb'
-    - 'spec/factories/enterprise_factory.rb'
-    - 'spec/factories/order_cycle_factory.rb'
-    - 'spec/factories/order_factory.rb'
-    - 'spec/factories/product_factory.rb'
-    - 'spec/factories/return_authorization_factory.rb'
-    - 'spec/factories/shipment_factory.rb'
-    - 'spec/factories/shipping_method_factory.rb'
-    - 'spec/factories/state_factory.rb'
-    - 'spec/factories/stock_movement_factory.rb'
-    - 'spec/factories/subscription_factory.rb'
-    - 'spec/factories/tag_rule_factory.rb'
-    - 'spec/factories/user_factory.rb'
-    - 'spec/factories/variant_factory.rb'
-    - 'spec/features/admin/adjustments_spec.rb'
-    - 'spec/features/admin/authentication_spec.rb'
-    - 'spec/features/admin/bulk_order_management_spec.rb'
-    - 'spec/features/admin/bulk_product_update_spec.rb'
-    - 'spec/features/admin/configuration/content_spec.rb'
-    - 'spec/features/admin/configuration/general_settings_spec.rb'
-    - 'spec/features/admin/configuration/mail_methods_spec.rb'
-    - 'spec/features/admin/configuration/states_spec.rb'
-    - 'spec/features/admin/configuration/tax_categories_spec.rb'
-    - 'spec/features/admin/configuration/tax_rates_spec.rb'
-    - 'spec/features/admin/configuration/taxonomies_spec.rb'
-    - 'spec/features/admin/configuration/zones_spec.rb'
-    - 'spec/features/admin/customers_spec.rb'
-    - 'spec/features/admin/enterprise_fees_spec.rb'
-    - 'spec/features/admin/enterprise_groups_spec.rb'
-    - 'spec/features/admin/enterprise_relationships_spec.rb'
-    - 'spec/features/admin/enterprise_roles_spec.rb'
-    - 'spec/features/admin/enterprise_user_spec.rb'
-    - 'spec/features/admin/enterprises/index_spec.rb'
-    - 'spec/features/admin/enterprises_spec.rb'
-    - 'spec/features/admin/external_services_spec.rb'
-    - 'spec/features/admin/multilingual_spec.rb'
-    - 'spec/features/admin/overview_spec.rb'
-    - 'spec/features/admin/payment_method_spec.rb'
-    - 'spec/features/admin/payments_spec.rb'
-    - 'spec/features/admin/product_import_spec.rb'
-    - 'spec/features/admin/products_spec.rb'
-    - 'spec/features/admin/reports/packing_report_spec.rb'
-    - 'spec/features/admin/reports_spec.rb'
-    - 'spec/features/admin/schedules_spec.rb'
-    - 'spec/features/admin/shipping_methods_spec.rb'
-    - 'spec/features/admin/subscriptions_spec.rb'
-    - 'spec/features/admin/tag_rules_spec.rb'
-    - 'spec/features/admin/tax_settings_spec.rb'
-    - 'spec/features/admin/users_spec.rb'
-    - 'spec/features/admin/variant_overrides_spec.rb'
-    - 'spec/features/admin/variants_spec.rb'
-    - 'spec/features/consumer/account/cards_spec.rb'
-    - 'spec/features/consumer/account/settings_spec.rb'
-    - 'spec/features/consumer/account_spec.rb'
-    - 'spec/features/consumer/authentication_spec.rb'
-    - 'spec/features/consumer/confirm_invitation_spec.rb'
-    - 'spec/features/consumer/footer_links_spec.rb'
-    - 'spec/features/consumer/groups_spec.rb'
-    - 'spec/features/consumer/multilingual_spec.rb'
-    - 'spec/features/consumer/producers_spec.rb'
-    - 'spec/features/consumer/registration_spec.rb'
-    - 'spec/features/consumer/shopping/cart_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_auth_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_paypal_spec.rb'
-    - 'spec/features/consumer/shopping/checkout_spec.rb'
-    - 'spec/features/consumer/shopping/embedded_groups_spec.rb'
-    - 'spec/features/consumer/shopping/embedded_shopfronts_spec.rb'
-    - 'spec/features/consumer/shopping/orders_spec.rb'
-    - 'spec/features/consumer/shopping/products_spec.rb'
-    - 'spec/features/consumer/shopping/shopping_spec.rb'
-    - 'spec/features/consumer/shopping/variant_overrides_spec.rb'
-    - 'spec/features/consumer/shops_spec.rb'
-    - 'spec/features/consumer/sitemap_spec.rb'
-    - 'spec/helpers/admin/orders_helper_spec.rb'
-    - 'spec/helpers/admin/subscriptions_helper_spec.rb'
-    - 'spec/helpers/checkout_helper_spec.rb'
-    - 'spec/helpers/enterprises_helper_spec.rb'
-    - 'spec/helpers/groups_helper_spec.rb'
-    - 'spec/helpers/html_helper_spec.rb'
-    - 'spec/helpers/i18n_helper_spec.rb'
-    - 'spec/helpers/injection_helper_spec.rb'
-    - 'spec/helpers/navigation_helper_spec.rb'
-    - 'spec/helpers/order_cycles_helper_spec.rb'
-    - 'spec/helpers/serializer_helper_spec.rb'
-    - 'spec/helpers/shared_helper_spec.rb'
-    - 'spec/helpers/shop_helper_spec.rb'
-    - 'spec/helpers/spree/admin/base_helper_spec.rb'
-    - 'spec/helpers/spree/admin/orders_helper_spec.rb'
-    - 'spec/helpers/spree/orders_helper_spec.rb'
-    - 'spec/jobs/confirm_order_job_spec.rb'
-    - 'spec/jobs/confirm_signup_job_spec.rb'
-    - 'spec/jobs/heartbeat_job_spec.rb'
-    - 'spec/jobs/order_cycle_notification_job_spec.rb'
-    - 'spec/jobs/subscription_confirm_job_spec.rb'
-    - 'spec/jobs/subscription_placement_job_spec.rb'
-    - 'spec/jobs/welcome_enterprise_job_spec.rb'
-    - 'spec/lib/open_food_network/address_finder_spec.rb'
-    - 'spec/lib/open_food_network/customers_report_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_applicator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_issue_validator_spec.rb'
-    - 'spec/lib/open_food_network/error_logger_spec.rb'
-    - 'spec/lib/open_food_network/feature_toggle_spec.rb'
-    - 'spec/lib/open_food_network/group_buy_report_spec.rb'
-    - 'spec/lib/open_food_network/i18n_config_spec.rb'
-    - 'spec/lib/open_food_network/lettuce_share_report_spec.rb'
-    - 'spec/lib/open_food_network/order_and_distributor_report_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_management_report_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_permissions_spec.rb'
-    - 'spec/lib/open_food_network/order_grouper_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/customer_totals_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/distributor_totals_by_supplier_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/supplier_totals_by_distributor_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report/supplier_totals_report_spec.rb'
-    - 'spec/lib/open_food_network/orders_and_fulfillments_report_spec.rb'
-    - 'spec/lib/open_food_network/packing_report_spec.rb'
-    - 'spec/lib/open_food_network/permissions_spec.rb'
-    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
-    - 'spec/lib/open_food_network/property_merge_spec.rb'
-    - 'spec/lib/open_food_network/referer_parser_spec.rb'
-    - 'spec/lib/open_food_network/sales_tax_report_spec.rb'
-    - 'spec/lib/open_food_network/scope_variant_to_hub_spec.rb'
-    - 'spec/lib/open_food_network/scope_variants_to_search_spec.rb'
-    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
-    - 'spec/lib/open_food_network/user_balance_calculator_spec.rb'
-    - 'spec/lib/open_food_network/users_and_enterprises_report_spec.rb'
-    - 'spec/lib/open_food_network/xero_invoices_report_spec.rb'
-    - 'spec/lib/spree/localized_number_spec.rb'
-    - 'spec/lib/stripe/account_connector_spec.rb'
-    - 'spec/lib/stripe/webhook_handler_spec.rb'
-    - 'spec/lib/tasks/enterprises_rake_spec.rb'
-    - 'spec/lib/tasks/users_rake_spec.rb'
-    - 'spec/mailers/enterprise_mailer_spec.rb'
-    - 'spec/mailers/producer_mailer_spec.rb'
-    - 'spec/mailers/subscription_mailer_spec.rb'
-    - 'spec/mailers/user_mailer_spec.rb'
-    - 'spec/models/adjustment_metadata_spec.rb'
-    - 'spec/models/calculator/flat_percent_item_total_spec.rb'
-    - 'spec/models/calculator/flat_percent_per_item_spec.rb'
-    - 'spec/models/calculator/flat_rate_spec.rb'
-    - 'spec/models/calculator/flexi_rate_spec.rb'
-    - 'spec/models/calculator/per_item_spec.rb'
-    - 'spec/models/calculator/price_sack_spec.rb'
-    - 'spec/models/calculator/weight_spec.rb'
-    - 'spec/models/column_preference_spec.rb'
-    - 'spec/models/concerns/order_shipment_spec.rb'
-    - 'spec/models/concerns/product_stock_spec.rb'
-    - 'spec/models/concerns/variant_stock_spec.rb'
-    - 'spec/models/content_configuration_spec.rb'
-    - 'spec/models/customer_spec.rb'
-    - 'spec/models/enterprise_caching_spec.rb'
-    - 'spec/models/enterprise_fee_spec.rb'
-    - 'spec/models/enterprise_group_spec.rb'
-    - 'spec/models/enterprise_relationship_spec.rb'
-    - 'spec/models/enterprise_spec.rb'
-    - 'spec/models/exchange_spec.rb'
-    - 'spec/models/model_set_spec.rb'
-    - 'spec/models/order_cycle_spec.rb'
-    - 'spec/models/product_import/entry_processor_spec.rb'
-    - 'spec/models/product_import/inventory_reset_strategy_spec.rb'
-    - 'spec/models/product_import/reset_absent_spec.rb'
-    - 'spec/models/product_import/settings_spec.rb'
-    - 'spec/models/product_importer_spec.rb'
-    - 'spec/models/proxy_order_spec.rb'
-    - 'spec/models/spree/ability_spec.rb'
-    - 'spec/models/spree/addresses_spec.rb'
-    - 'spec/models/spree/adjustment_spec.rb'
-    - 'spec/models/spree/calculator_spec.rb'
-    - 'spec/models/spree/classification_spec.rb'
-    - 'spec/models/spree/credit_card_spec.rb'
-    - 'spec/models/spree/gateway/stripe_connect_spec.rb'
-    - 'spec/models/spree/line_item_spec.rb'
-    - 'spec/models/spree/order/checkout_spec.rb'
-    - 'spec/models/spree/order_spec.rb'
-    - 'spec/models/spree/payment_method_spec.rb'
-    - 'spec/models/spree/payment_spec.rb'
-    - 'spec/models/spree/preferences/file_configuration_spec.rb'
-    - 'spec/models/spree/price_spec.rb'
-    - 'spec/models/spree/product_set_spec.rb'
-    - 'spec/models/spree/product_spec.rb'
-    - 'spec/models/spree/shipping_method_spec.rb'
-    - 'spec/models/spree/stock/availability_validator_spec.rb'
-    - 'spec/models/spree/tax_rate_spec.rb'
-    - 'spec/models/spree/user_spec.rb'
-    - 'spec/models/spree/variant_spec.rb'
-    - 'spec/models/stripe_account_spec.rb'
-    - 'spec/models/subscription_line_item_spec.rb'
-    - 'spec/models/subscription_spec.rb'
-    - 'spec/models/tag_rule/discount_order_spec.rb'
-    - 'spec/models/tag_rule/filter_order_cycles_spec.rb'
-    - 'spec/models/tag_rule/filter_payment_methods_spec.rb'
-    - 'spec/models/tag_rule/filter_products_spec.rb'
-    - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
-    - 'spec/models/tag_rule_spec.rb'
-    - 'spec/models/variant_override_spec.rb'
-    - 'spec/performance/injection_helper_spec.rb'
-    - 'spec/performance/orders_controller_spec.rb'
-    - 'spec/performance/shop_controller_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
-    - 'spec/requests/checkout/paypal_spec.rb'
-    - 'spec/requests/checkout/stripe_connect_spec.rb'
-    - 'spec/requests/embedded_shopfronts_headers_spec.rb'
-    - 'spec/requests/large_request_spec.rb'
-    - 'spec/serializers/api/admin/customer_serializer_spec.rb'
-    - 'spec/serializers/api/admin/enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/admin/exchange_serializer_spec.rb'
-    - 'spec/serializers/api/admin/for_order_cycle/supplied_product_serializer_spec.rb'
-    - 'spec/serializers/api/admin/index_enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/admin/order_cycle_serializer_spec.rb'
-    - 'spec/serializers/api/admin/product_serializer_spec.rb'
-    - 'spec/serializers/api/admin/subscription_customer_serializer_spec.rb'
-    - 'spec/serializers/api/admin/subscription_line_item_serializer_spec.rb'
-    - 'spec/serializers/api/admin/variant_override_serializer_spec.rb'
-    - 'spec/serializers/api/admin/variant_serializer_spec.rb'
-    - 'spec/serializers/api/cached_enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/credit_card_serializer_spec.rb'
-    - 'spec/serializers/api/current_order_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_shopfront_list_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_shopfront_serializer_spec.rb'
-    - 'spec/serializers/api/group_list_serializer_spec.rb'
-    - 'spec/serializers/api/order_cycle_serializer_spec.rb'
-    - 'spec/serializers/api/order_serializer_spec.rb'
-    - 'spec/serializers/api/product_serializer_spec.rb'
-    - 'spec/serializers/api/shipping_method_serializer_spec.rb'
-    - 'spec/serializers/api/variant_serializer_spec.rb'
-    - 'spec/services/bulk_invoice_service_spec.rb'
-    - 'spec/services/cart_service_spec.rb'
-    - 'spec/services/default_shipping_category_spec.rb'
-    - 'spec/services/default_stock_location_spec.rb'
-    - 'spec/services/embedded_page_service_spec.rb'
-    - 'spec/services/exchange_products_renderer_spec.rb'
-    - 'spec/services/exchange_variant_bulk_updater_spec.rb'
-    - 'spec/services/invoice_renderer_spec.rb'
-    - 'spec/services/mail_configuration_spec.rb'
-    - 'spec/services/order_cycle_distributed_products_spec.rb'
-    - 'spec/services/order_cycle_distributed_variants_spec.rb'
-    - 'spec/services/order_cycle_form_spec.rb'
-    - 'spec/services/order_cycle_warning_spec.rb'
-    - 'spec/services/order_factory_spec.rb'
-    - 'spec/services/order_syncer_spec.rb'
-    - 'spec/services/order_workflow_spec.rb'
-    - 'spec/services/permissions/order_spec.rb'
-    - 'spec/services/product_tag_rules_filterer_spec.rb'
-    - 'spec/services/products_renderer_spec.rb'
-    - 'spec/services/search_orders_spec.rb'
-    - 'spec/services/tax_rate_finder_spec.rb'
-    - 'spec/services/upload_sanitizer_spec.rb'
-    - 'spec/services/variant_units/option_value_namer_spec.rb'
-    - 'spec/services/variants_stock_levels_spec.rb'
-    - 'spec/spec_helper.rb'
-    - 'spec/support/ability_helper.rb'
-    - 'spec/support/api_helper.rb'
-    - 'spec/support/cancan_helper.rb'
-    - 'spec/support/controller_helper.rb'
-    - 'spec/support/delayed_job_helper.rb'
-    - 'spec/support/downloads_helper.rb'
-    - 'spec/support/email_helper.rb'
-    - 'spec/support/embedded_pages_helper.rb'
-    - 'spec/support/enterprise_groups_helper.rb'
-    - 'spec/support/feature_toggle_helper.rb'
-    - 'spec/support/features/datepicker_helper.rb'
-    - 'spec/support/filters_helper.rb'
-    - 'spec/support/html_helper.rb'
-    - 'spec/support/i18n_error_raising.rb'
-    - 'spec/support/localized_number_helper.rb'
-    - 'spec/support/matchers/date_time_validator_matchers.rb'
-    - 'spec/support/matchers/delegate_matchers.rb'
-    - 'spec/support/matchers/email_confirmation_matchers.rb'
-    - 'spec/support/matchers/flash_message_matchers.rb'
-    - 'spec/support/matchers/integer_array_validator_matchers.rb'
-    - 'spec/support/matchers/select2_matchers.rb'
-    - 'spec/support/matchers/table_matchers.rb'
-    - 'spec/support/performance_helper.rb'
-    - 'spec/support/products_helper.rb'
-    - 'spec/support/request/admin_helper.rb'
-    - 'spec/support/request/authentication_helper.rb'
-    - 'spec/support/request/cookie_helper.rb'
-    - 'spec/support/request/distribution_helper.rb'
-    - 'spec/support/request/menu_helper.rb'
-    - 'spec/support/request/shop_workflow.rb'
-    - 'spec/support/request/ui_component_helper.rb'
-    - 'spec/support/request/web_helper.rb'
-    - 'spec/support/seeds.rb'
-    - 'spec/support/spree/checkout_helpers.rb'
-    - 'spec/support/spree/money_helper.rb'
-    - 'spec/support/spree/url_helpers.rb'
-    - 'spec/support/timecop.rb'
-    - 'spec/validators/date_time_string_validator_spec.rb'
-    - 'spec/validators/integer_array_validator_spec.rb'
-    - 'spec/views/spree/admin/orders/edit.html.haml_spec.rb'
-    - 'spec/views/spree/admin/orders/index.html.haml_spec.rb'
-    - 'spec/views/spree/admin/payment_methods/index.html.haml_spec.rb'
-    - 'spec/views/spree/admin/shared/_order_links.html.haml_spec.rb'

-# Offense count: 44
+# Offense count: 39
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
  Exclude:
@@ -1221,7 +818,6 @@ Style/GuardClause:
    - 'app/controllers/admin/product_import_controller.rb'
    - 'app/controllers/api/shipments_controller.rb'
    - 'app/controllers/application_controller.rb'
-    - 'app/controllers/checkout_controller.rb'
    - 'app/controllers/home_controller.rb'
    - 'app/controllers/spree/orders_controller.rb'
    - 'app/controllers/spree/paypal_controller_decorator.rb'
@@ -1229,13 +825,12 @@ Style/GuardClause:
    - 'app/models/enterprise_group.rb'
    - 'app/models/producer_property.rb'
    - 'app/models/spree/preferences/preferable_class_methods.rb'
-    - 'app/models/spree/price_decorator.rb'
-    - 'app/models/spree/product_decorator.rb'
    - 'app/services/order_syncer.rb'
    - 'app/services/variant_units/variant_and_line_item_naming.rb'
    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
    - 'lib/open_food_network/rack_request_blocker.rb'
+    - 'lib/spree/core/controller_helpers/respond_with.rb'
    - 'spec/support/delayed_job_helper.rb'
    - 'spec/support/request/distribution_helper.rb'
    - 'spec/support/request/shop_workflow.rb'
@@ -1253,7 +848,7 @@ Style/MixinUsage:
    - 'lib/open_food_network/orders_and_fulfillments_report.rb'
    - 'spec/lib/open_food_network/packing_report_spec.rb'

-# Offense count: 43
+# Offense count: 42
 # Cop supports --auto-correct.
 # Configuration parameters: AutoCorrect, EnforcedStyle, IgnoredMethods.
 # SupportedStyles: predicate, comparison
@@ -1284,7 +879,7 @@ Style/NumericPredicate:
    - 'lib/spree/money_decorator.rb'
    - 'lib/tasks/sample_data.rake'

-# Offense count: 241
+# Offense count: 243
 Style/Send:
  Exclude:
    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.3.7
+2.4.4
--- a/91
+++ b/91
@@ -1,15 +1,47 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
-ruby "2.3.7"
+ruby "2.4.4"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }

+plugin 'bootboot', '~> 0.1.1' unless Bundler.settings[:frozen]
+Plugin.__send__(:load_plugin, 'bootboot') if Plugin.installed?('bootboot')
+
+if ENV['DEPENDENCIES_NEXT']
+  enable_dual_booting if Plugin.installed?('bootboot')
+
+  # This will only be loaded when running
+  # bundler command prefixed with `DEPENDENCIES_NEXT=1
+  gem 'rails', '> 5.0', '< 5.1'
+
+  gem 'activemerchant', '>= 1.78.0'
+  gem 'angular-rails-templates', '>= 0.3.0'
+  gem 'awesome_nested_set'
+  gem 'ransack', '2.3.0'
+  gem 'responders'
+  gem 'sass', '<= 4.7.1'
+  gem 'sass-rails', '< 6.0.0'
+else
+  gem 'rails', '~> 4.2'
+
+  gem 'activemerchant', '~> 1.78.0'
+  gem 'angular-rails-templates', '~> 0.3.0'
+  gem 'awesome_nested_set', '~> 3.3.1'
+  gem 'ransack', '~> 1.8.10'
+  gem 'responders', '~> 2.0'
+  gem 'sass'
+  gem 'sass-rails'
+
+  gem 'db2fog'
+  gem 'unicorn'
+end
+
 gem 'i18n'
 gem 'i18n-js', '~> 3.8.0'
-gem 'rails', '~> 4.2'
 gem 'rails-i18n'
 gem 'rails_safe_tasks', '~> 1.0'

 gem "activerecord-import"
-gem 'responders', '~> 2.0'

 gem "catalog", path: "./engines/catalog"
 gem 'dfc_provider', path: './engines/dfc_provider'
@@ -19,35 +51,22 @@ gem 'web', path: './engines/web'
 gem 'activerecord-postgresql-adapter'
 gem 'pg', '~> 0.21.0'

-gem 'acts_as_list', '= 0.3.0'
-gem 'awesome_nested_set', '~> 3.2.1'
-gem 'cancan', '~> 1.6.10'
+gem 'acts_as_list', '0.9.19'
+gem 'cancancan', '~> 1.7.0'
 gem 'ffaker'
 gem 'highline', '2.0.3' # Necessary for the install generator
 gem 'json'
-gem 'money', '< 6.1.0'
-gem 'paranoia', '~> 2.0'
-gem 'ransack', '~> 1.8.10'
+gem 'monetize', '~> 1.1'
+gem 'paranoia', '~> 2.4'
 gem 'state_machines-activerecord'
 gem 'stringex', '~> 2.8.5'

-gem 'spree_i18n', github: 'openfoodfoundation/spree_i18n', branch: '1-3-stable'
-
-# Our branch contains the following changes:
-# - Pass customer email and phone number to PayPal (merged to upstream master)
-# - Change type of password from string to password to hide it in the form
-# - Skip CA cert file and use the ones provided by the OS
-gem 'spree_paypal_express', github: 'openfoodfoundation/better_spree_paypal_express', branch: '2-1-0-stable'
-
+gem 'paypal-sdk-merchant', '1.106.1'
 gem 'stripe'

-# We need at least this version to have Digicert's root certificate
-# which is needed for Pin Payments (and possibly others).
-gem 'activemerchant', '~> 1.78.0'
-
-gem 'devise', '~> 3.5.10' # v4.0.0 needs rails 4.1
+gem 'devise'
 gem 'devise-encryptable'
-gem 'devise-token_authenticatable', '~> 0.4.10' # v0.5.0 needs devise v4
+gem 'devise-token_authenticatable'
 gem 'jwt', '~> 2.2'
 gem 'oauth2', '~> 1.4.4' # Used for Stripe Connect

@@ -55,18 +74,14 @@ gem 'daemons'
 gem 'delayed_job_active_record'
 gem 'delayed_job_web'

-gem 'kaminari', '~> 0.17.0'
+gem 'kaminari', '~> 1.2.1'

 gem 'andand'
 gem 'angularjs-rails', '1.5.5'
 gem 'aws-sdk', '1.67.0'
 gem 'bugsnag'
-gem 'db2fog'
 gem 'haml'
 gem 'redcarpet'
-gem 'sass'
-gem 'sass-rails'
-gem 'unicorn'

 gem 'actionpack-action_caching'
 # AMS 0.9.x and 0.10.x are very different from 0.8.4 and the upgrade is not straight forward
@@ -80,8 +95,7 @@ gem 'dalli'
 gem 'figaro'
 gem 'geocoder'
 gem 'gmaps4rails'
-gem 'oj'
-gem 'paper_trail', '~> 7.1.3'
+gem 'paper_trail', '~> 10.3.1'
 gem 'paperclip', '~> 3.4.1'
 gem 'rack-rewrite'
 gem 'rack-ssl', require: 'rack/ssl'
@@ -105,13 +119,12 @@ gem 'mini_racer', '0.2.15'

 gem 'uglifier', '>= 1.0.3'

-gem 'angular-rails-templates', '~> 0.3.0'
 gem 'foundation-icons-sass-rails'

 gem 'foundation-rails', '= 5.5.2.1'

 gem 'jquery-migrate-rails'
-gem 'jquery-rails', '3.1.5'
+gem 'jquery-rails', '4.4.0'
 gem 'jquery-ui-rails', '~> 4.2'
 gem 'select2-rails', '~> 3.4.7'

@@ -126,10 +139,10 @@ group :test, :development do
  # Pretty printed test output
  gem 'atomic'
  gem 'awesome_print'
-  gem 'capybara', '>= 2.18.0' # 3.0 requires rack 1.6 that only works with Rails 4.2
+  gem 'capybara'
  gem 'database_cleaner', require: false
-  gem "factory_bot_rails", '4.10.0', require: false
-  gem 'fuubar', '~> 2.5.0'
+  gem "factory_bot_rails", '5.2.0', require: false
+  gem 'fuubar', '~> 2.5.1'
  gem 'json_spec', '~> 1.1.4'
  gem 'knapsack'
  gem 'letter_opener', '>= 1.4.1'
@@ -146,17 +159,17 @@ end
 group :test do
  gem 'simplecov', require: false
  gem 'test-prof'
+  gem 'test_after_commit' # needed to test Devise callbacks
  gem 'webmock'
  # See spec/spec_helper.rb for instructions
  # gem 'perftools.rb'
 end

 group :development do
-  gem 'byebug', '~> 11.0.0' # 11.1 requires ruby 2.4
+  gem 'byebug'
  gem 'debugger-linecache'
-  gem "newrelic_rpm", "~> 3.0"
-  gem "pry", "~> 0.12.0" # pry 0.13 is not compatible with pry-byebug 3.7
-  gem 'pry-byebug', '~> 3.7.0' # 3.8 requires ruby 2.4
+  gem 'pry'
+  gem 'pry-byebug'
  gem 'rubocop'
  gem 'rubocop-rails'
  gem 'spring'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -4,14 +4,6 @@ GIT
  specs:
    custom_error_message (1.1.1)

-GIT
-  remote: https://github.com/openfoodfoundation/better_spree_paypal_express.git
-  revision: 1a477e9f7763297944cc99b6f4dd3d962aa963e9
-  branch: 2-1-0-stable
-  specs:
-    spree_paypal_express (2.0.3)
-      paypal-sdk-merchant (= 1.106.1)
-
 GIT
  remote: https://github.com/openfoodfoundation/ofn-qz.git
  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
@@ -19,15 +11,6 @@ GIT
  specs:
    ofn-qz (0.1.0)

-GIT
-  remote: https://github.com/openfoodfoundation/spree_i18n.git
-  revision: 12f18312232f0ce70270d47859d2951d12f7791c
-  branch: 1-3-stable
-  specs:
-    spree_i18n (1.0.0)
-      i18n (~> 0.5)
-      rails-i18n
-
 PATH
  remote: engines/catalog
  specs:
@@ -110,7 +93,7 @@ GEM
      tzinfo (~> 1.1)
    acts-as-taggable-on (4.0.0)
      activerecord (>= 4.0)
-    acts_as_list (0.3.0)
+    acts_as_list (0.9.19)
      activerecord (>= 3.0)
    addressable (2.7.0)
      public_suffix (>= 2.0.2, < 5.0)
@@ -125,9 +108,9 @@ GEM
    angularjs-file-upload-rails (2.4.1)
    angularjs-rails (1.5.5)
    arel (6.0.4)
-    ast (2.4.0)
+    ast (2.4.1)
    atomic (1.1.101)
-    awesome_nested_set (3.2.1)
+    awesome_nested_set (3.3.1)
      activerecord (>= 4.0.0, < 7.0)
    awesome_print (1.8.0)
    aws-sdk (1.67.0)
@@ -136,25 +119,26 @@ GEM
      json (~> 1.4)
      nokogiri (~> 1)
    bcrypt (3.1.16)
-    bugsnag (6.18.0)
+    bugsnag (6.19.0)
      concurrent-ruby (~> 1.0)
    builder (3.2.4)
-    byebug (11.0.1)
-    cancan (1.6.10)
-    capybara (2.18.0)
+    byebug (11.1.3)
+    cancancan (1.7.1)
+    capybara (3.32.2)
      addressable
      mini_mime (>= 0.1.3)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (>= 2.0, < 4.0)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.5)
+      xpath (~> 3.2)
    childprocess (3.0.0)
    chronic (0.10.2)
    chunky_png (1.3.14)
    climate_control (0.2.0)
    cocaine (0.5.8)
      climate_control (>= 0.0.3, < 1.0)
-    coderay (1.1.2)
+    coderay (1.1.3)
    coffee-rails (4.2.2)
      coffee-script (>= 2.2.0)
      railties (>= 4.0.0)
@@ -162,7 +146,7 @@ GEM
      coffee-script-source
      execjs
    coffee-script-source (1.12.2)
-    combine_pdf (1.0.16)
+    combine_pdf (1.0.21)
      ruby-rc4 (>= 0.1.5)
    compass (1.0.3)
      chunky_png (~> 1.2)
@@ -181,7 +165,8 @@ GEM
      sass-rails (< 5.1)
      sprockets (< 4.0)
    concurrent-ruby (1.1.7)
-    crack (0.4.4)
+    crack (0.4.5)
+      rexml
    crass (1.0.6)
    css_parser (1.7.1)
      addressable
@@ -192,32 +177,31 @@ GEM
      activerecord (>= 3.2.0, < 5.0)
      fog (~> 1.0)
      rails (>= 3.2.0, < 5.0)
-    ddtrace (0.42.0)
+    ddtrace (0.44.0)
      msgpack
    debugger-linecache (1.2.0)
-    delayed_job (4.1.8)
-      activesupport (>= 3.0, < 6.1)
-    delayed_job_active_record (4.1.4)
-      activerecord (>= 3.0, < 6.1)
+    delayed_job (4.1.9)
+      activesupport (>= 3.0, < 6.2)
+    delayed_job_active_record (4.1.5)
+      activerecord (>= 3.0, < 6.2)
      delayed_job (>= 3.0, < 5)
    delayed_job_web (1.4.3)
      activerecord (> 3.0.0)
      delayed_job (> 2.0.3)
      rack-protection (>= 1.5.5)
      sinatra (>= 1.4.4)
-    devise (3.5.10)
+    devise (4.7.3)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
-      railties (>= 3.2.6, < 5)
+      railties (>= 4.1.0)
      responders
-      thread_safe (~> 0.1)
      warden (~> 1.2.3)
    devise-encryptable (0.2.0)
      devise (>= 2.1.0)
-    devise-token_authenticatable (0.4.10)
-      devise (>= 3.5.2, < 4.0.0)
+    devise-token_authenticatable (1.1.0)
+      devise (>= 4.0.0, < 5.0.0)
    diff-lcs (1.4.4)
-    docile (1.3.2)
+    docile (1.3.4)
    domain_name (0.5.20190701)
      unf (>= 0.0.5, < 1.0.0)
    dry-inflector (0.1.2)
@@ -225,14 +209,14 @@ GEM
    eventmachine (1.2.7)
    excon (0.78.0)
    execjs (2.7.0)
-    factory_bot (4.10.0)
-      activesupport (>= 3.0.0)
-    factory_bot_rails (4.10.0)
-      factory_bot (~> 4.10.0)
-      railties (>= 3.0.0)
+    factory_bot (5.2.0)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.2.0)
+      factory_bot (~> 5.2.0)
+      railties (>= 4.2.0)
    faraday (1.0.1)
      multipart-post (>= 1.2, < 3)
-    ffaker (2.11.0)
+    ffaker (2.16.0)
    ffi (1.13.1)
    figaro (1.2.0)
      thor (>= 0.14.0, < 2)
@@ -393,7 +377,7 @@ GEM
    foundation-rails (5.5.2.1)
      railties (>= 3.1.0)
      sass (>= 3.3.0, < 3.5)
-    fuubar (2.5.0)
+    fuubar (2.5.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
    geocoder (1.6.4)
@@ -402,7 +386,7 @@ GEM
    globalid (0.4.2)
      activesupport (>= 4.2.0)
    gmaps4rails (2.1.2)
-    haml (5.2.0)
+    haml (5.2.1)
      temple (>= 0.8.0)
      tilt
    hashdiff (1.0.1)
@@ -418,10 +402,10 @@ GEM
    immigrant (0.3.6)
      activerecord (>= 3.0)
    ipaddress (0.8.3)
-    jaro_winkler (1.5.4)
    jquery-migrate-rails (1.2.1)
-    jquery-rails (3.1.5)
-      railties (>= 3.0, < 5.0)
+    jquery-rails (4.4.0)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
    jquery-ui-rails (4.2.1)
      railties (>= 3.2.16)
@@ -432,23 +416,32 @@ GEM
      multi_json (~> 1.0)
      rspec (>= 2.0, < 4.0)
    jwt (2.2.2)
-    kaminari (0.17.0)
-      actionpack (>= 3.0.0)
-      activesupport (>= 3.0.0)
+    kaminari (1.2.1)
+      activesupport (>= 4.1.0)
+      kaminari-actionview (= 1.2.1)
+      kaminari-activerecord (= 1.2.1)
+      kaminari-core (= 1.2.1)
+    kaminari-actionview (1.2.1)
+      actionview
+      kaminari-core (= 1.2.1)
+    kaminari-activerecord (1.2.1)
+      activerecord
+      kaminari-core (= 1.2.1)
+    kaminari-core (1.2.1)
    kgio (2.11.3)
-    knapsack (1.19.0)
+    knapsack (1.20.0)
      rake
    launchy (2.4.3)
      addressable (~> 2.3)
    letter_opener (1.7.0)
      launchy (~> 2.2)
    libv8 (7.3.492.27.1)
-    loofah (2.7.0)
+    loofah (2.8.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
-    method_source (0.9.2)
+    method_source (1.0.0)
    mime-types (3.3.1)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2020.0512)
@@ -456,16 +449,16 @@ GEM
    mini_portile2 (2.4.0)
    mini_racer (0.2.15)
      libv8 (> 7.3)
-    minitest (5.14.2)
-    money (5.0.0)
-      i18n (~> 0.4)
-      json
+    minitest (5.14.3)
+    monetize (1.9.4)
+      money (~> 6.12)
+    money (6.13.8)
+      i18n (>= 0.6.4, <= 2)
    msgpack (1.3.3)
    multi_json (1.15.0)
    multi_xml (0.6.0)
    multipart-post (2.1.1)
    netrc (0.11.0)
-    newrelic_rpm (3.18.1.330)
    nokogiri (1.10.10)
      mini_portile2 (~> 2.4.0)
    oauth2 (1.4.4)
@@ -474,11 +467,10 @@ GEM
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
-    oj (3.10.8)
    optimist (3.0.1)
    orm_adapter (0.5.0)
-    paper_trail (7.1.3)
-      activerecord (>= 4.0, < 5.2)
+    paper_trail (10.3.1)
+      activerecord (>= 4.2)
      request_store (~> 1.1)
    paperclip (3.4.2)
      activemodel (>= 3.0.0)
@@ -486,11 +478,11 @@ GEM
      activesupport (>= 3.0.0)
      cocaine (~> 0.5.0)
      mime-types
-    parallel (1.19.1)
-    paranoia (2.4.2)
-      activerecord (>= 4.0, < 6.1)
-    parser (2.7.1.0)
-      ast (~> 2.4.0)
+    parallel (1.20.1)
+    paranoia (2.4.3)
+      activerecord (>= 4.0, < 6.2)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
    paypal-sdk-core (0.2.10)
      multi_json (~> 1.0)
      xml-simple
@@ -498,15 +490,15 @@ GEM
      paypal-sdk-core (~> 0.2.3)
    pg (0.21.0)
    power_assert (1.2.0)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    pry-byebug (3.7.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
      byebug (~> 11.0)
-      pry (~> 0.10)
+      pry (~> 0.13.0)
    public_suffix (4.0.6)
    rack (1.6.13)
-    rack-mini-profiler (2.0.2)
+    rack-mini-profiler (2.3.0)
      rack (>= 1.2.0)
    rack-protection (1.5.5)
      rack
@@ -545,7 +537,7 @@ GEM
      thor (>= 0.18.1, < 2.0)
    rainbow (3.0.0)
    raindrops (0.19.1)
-    rake (13.0.1)
+    rake (13.0.3)
    ransack (1.8.10)
      actionpack (>= 3.0, < 5.2)
      activerecord (>= 3.0, < 5.2)
@@ -559,7 +551,8 @@ GEM
      json (>= 1.8)
      nokogiri (~> 1.5)
      optimist (~> 3.0)
-    redcarpet (3.5.0)
+    redcarpet (3.5.1)
+    regexp_parser (1.8.2)
    request_store (1.5.0)
      rack (>= 1.4)
    responders (2.4.1)
@@ -584,25 +577,25 @@ GEM
      rspec-core (~> 3.10.0)
      rspec-expectations (~> 3.10.0)
      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.0)
+    rspec-core (3.10.1)
      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.0)
+    rspec-expectations (3.10.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
    rspec-mocks (3.10.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
-    rspec-rails (4.0.1)
+    rspec-rails (4.0.2)
      actionpack (>= 4.2)
      activesupport (>= 4.2)
      railties (>= 4.2)
-      rspec-core (~> 3.9)
-      rspec-expectations (~> 3.9)
-      rspec-mocks (~> 3.9)
-      rspec-support (~> 3.9)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
    rspec-retry (0.6.2)
      rspec-core (> 3.3)
-    rspec-support (3.10.0)
+    rspec-support (3.10.1)
    rswag (2.3.1)
      rswag-api (= 2.3.1)
      rswag-specs (= 2.3.1)
@@ -616,21 +609,24 @@ GEM
    rswag-ui (2.3.1)
      actionpack (>= 3.1, < 7.0)
      railties (>= 3.1, < 7.0)
-    rubocop (0.81.0)
-      jaro_winkler (~> 1.5.1)
+    rubocop (1.8.1)
      parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 3.0.0.0)
      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
      rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-rails (2.5.2)
-      activesupport
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.4.0)
+      parser (>= 2.7.1.5)
+    rubocop-rails (2.9.1)
+      activesupport (>= 4.2.0)
      rack (>= 1.1)
-      rubocop (>= 0.72.0)
-    ruby-progressbar (1.10.1)
+      rubocop (>= 0.90.0, < 2.0)
+    ruby-progressbar (1.11.0)
    ruby-rc4 (0.1.5)
-    rubyzip (1.3.0)
+    rubyzip (2.3.0)
    sass (3.4.25)
    sass-rails (5.0.7)
      railties (>= 4.0.0, < 6)
@@ -644,18 +640,17 @@ GEM
    selenium-webdriver (3.142.7)
      childprocess (>= 0.5, < 4.0)
      rubyzip (>= 1.2.2)
-    shoulda-matchers (4.0.1)
+    shoulda-matchers (4.5.0)
      activesupport (>= 4.2.0)
-    simplecov (0.17.1)
+    simplecov (0.18.5)
      docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.3)
    sinatra (1.4.8)
      rack (~> 1.5)
      rack-protection (~> 1.4)
      tilt (>= 1.3, < 3)
-    spring (1.7.2)
+    spring (2.1.1)
    spring-commands-rspec (1.0.4)
      spring (>= 0.9.1)
    sprockets (2.12.5)
@@ -675,24 +670,26 @@ GEM
      activerecord (>= 4.1)
      state_machines-activemodel (>= 0.5.0)
    stringex (2.8.5)
-    stripe (5.28.0)
+    stripe (5.29.0)
    temple (0.8.2)
-    test-prof (0.7.5)
-    test-unit (3.3.7)
+    test-prof (0.11.3)
+    test-unit (3.3.9)
      power_assert
+    test_after_commit (1.2.2)
+      activerecord (>= 3.2, < 5.0)
    thor (0.20.3)
    thread_safe (0.3.6)
    tilt (1.4.1)
    timecop (0.9.2)
-    tzinfo (1.2.8)
+    tzinfo (1.2.9)
      thread_safe (~> 0.1)
    uglifier (4.2.0)
      execjs (>= 0.3.0, < 3)
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.7.7)
-    unicode-display_width (1.7.0)
-    unicorn (5.7.0)
+    unicode-display_width (2.0.0)
+    unicorn (5.8.0)
      kgio (~> 2.6)
      raindrops (~> 0.7)
    unicorn-rails (2.2.1)
@@ -703,11 +700,11 @@ GEM
      unicorn (>= 4, < 6)
    warden (1.2.7)
      rack (>= 1.0)
-    webdrivers (4.2.0)
+    webdrivers (4.4.2)
      nokogiri (~> 1.6)
      rubyzip (>= 1.3.0)
      selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.10.0)
+    webmock (3.11.1)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
@@ -732,19 +729,19 @@ DEPENDENCIES
  activerecord-postgresql-adapter
  activerecord-session_store
  acts-as-taggable-on (~> 4.0)
-  acts_as_list (= 0.3.0)
+  acts_as_list (= 0.9.19)
  andand
  angular-rails-templates (~> 0.3.0)
  angularjs-file-upload-rails (~> 2.4.1)
  angularjs-rails (= 1.5.5)
  atomic
-  awesome_nested_set (~> 3.2.1)
+  awesome_nested_set (~> 3.3.1)
  awesome_print
  aws-sdk (= 1.67.0)
  bugsnag
-  byebug (~> 11.0.0)
-  cancan (~> 1.6.10)
-  capybara (>= 2.18.0)
+  byebug
+  cancancan (~> 1.7.0)
+  capybara
  catalog!
  coffee-rails (~> 4.2.2)
  combine_pdf
@@ -758,17 +755,17 @@ DEPENDENCIES
  debugger-linecache
  delayed_job_active_record
  delayed_job_web
-  devise (~> 3.5.10)
+  devise
  devise-encryptable
-  devise-token_authenticatable (~> 0.4.10)
+  devise-token_authenticatable
  dfc_provider!
  eventmachine (>= 1.2.3)
-  factory_bot_rails (= 4.10.0)
+  factory_bot_rails (= 5.2.0)
  ffaker
  figaro
  foundation-icons-sass-rails
  foundation-rails (= 5.5.2.1)
-  fuubar (~> 2.5.0)
+  fuubar (~> 2.5.1)
  geocoder
  gmaps4rails
  haml
@@ -777,27 +774,26 @@ DEPENDENCIES
  i18n-js (~> 3.8.0)
  immigrant
  jquery-migrate-rails
-  jquery-rails (= 3.1.5)
+  jquery-rails (= 4.4.0)
  jquery-ui-rails (~> 4.2)
  json
  json_spec (~> 1.1.4)
  jwt (~> 2.2)
-  kaminari (~> 0.17.0)
+  kaminari (~> 1.2.1)
  knapsack
  letter_opener (>= 1.4.1)
  mini_racer (= 0.2.15)
-  money (< 6.1.0)
-  newrelic_rpm (~> 3.0)
+  monetize (~> 1.1)
  oauth2 (~> 1.4.4)
  ofn-qz!
-  oj
  order_management!
-  paper_trail (~> 7.1.3)
+  paper_trail (~> 10.3.1)
  paperclip (~> 3.4.1)
-  paranoia (~> 2.0)
+  paranoia (~> 2.4)
+  paypal-sdk-merchant (= 1.106.1)
  pg (~> 0.21.0)
-  pry (~> 0.12.0)
-  pry-byebug (~> 3.7.0)
+  pry
+  pry-byebug
  rack-mini-profiler (< 3.0.0)
  rack-rewrite
  rack-ssl
@@ -820,8 +816,6 @@ DEPENDENCIES
  selenium-webdriver
  shoulda-matchers
  simplecov
-  spree_i18n!
-  spree_paypal_express!
  spring
  spring-commands-rspec
  state_machines-activerecord
@@ -829,6 +823,7 @@ DEPENDENCIES
  stripe
  test-prof
  test-unit (~> 3.3)
+  test_after_commit
  timecop
  uglifier (>= 1.0.3)
  unicorn
@@ -842,7 +837,7 @@ DEPENDENCIES
  wkhtmltopdf-binary

 RUBY VERSION
-   ruby 2.3.7p456
+   ruby 2.4.4p296

 BUNDLED WITH
   1.17.3
--- a/Gemfile_next.lock
+++ b/Gemfile_next.lock
@@ -0,0 +1,665 @@
+GIT
+  remote: https://github.com/jeremydurham/custom-err-msg.git
+  revision: 3a8ec9dddc7a5b0aab7c69a6060596de300c68f4
+  specs:
+    custom_error_message (1.1.1)
+
+GIT
+  remote: https://github.com/openfoodfoundation/ofn-qz.git
+  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
+  branch: ofn-rails-4
+  specs:
+    ofn-qz (0.1.0)
+
+PATH
+  remote: engines/catalog
+  specs:
+    catalog (0.0.1)
+
+PATH
+  remote: engines/dfc_provider
+  specs:
+    dfc_provider (0.0.1)
+      active_model_serializers (~> 0.8.4)
+      jwt (~> 2.2)
+      rspec (~> 3.9)
+
+PATH
+  remote: engines/order_management
+  specs:
+    order_management (0.0.1)
+
+PATH
+  remote: engines/web
+  specs:
+    web (0.0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      nio4r (>= 1.2, < 3.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.0.7.2)
+      actionview (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      rack (~> 2.0)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionpack-action_caching (1.2.1)
+      actionpack (>= 4.0.0)
+    actionview (5.0.7.2)
+      activesupport (= 5.0.7.2)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    active_model_serializers (0.8.4)
+      activemodel (>= 3.0)
+    activejob (5.0.7.2)
+      activesupport (= 5.0.7.2)
+      globalid (>= 0.3.6)
+    activemerchant (1.107.4)
+      activesupport (>= 4.2)
+      builder (>= 2.1.2, < 4.0.0)
+      i18n (>= 0.6.9)
+      nokogiri (~> 1.4)
+    activemodel (5.0.7.2)
+      activesupport (= 5.0.7.2)
+    activerecord (5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      arel (~> 7.0)
+    activerecord-import (1.0.7)
+      activerecord (>= 3.2)
+    activerecord-postgresql-adapter (0.0.1)
+      pg
+    activerecord-session_store (1.1.3)
+      actionpack (>= 4.0)
+      activerecord (>= 4.0)
+      multi_json (~> 1.11, >= 1.11.2)
+      rack (>= 1.5.2, < 3)
+      railties (>= 4.0)
+    activesupport (5.0.7.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    acts-as-taggable-on (4.0.0)
+      activerecord (>= 4.0)
+    acts_as_list (0.9.19)
+      activerecord (>= 3.0)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    andand (1.3.3)
+    angular-rails-templates (1.1.0)
+      railties (>= 4.2, < 7)
+      sprockets (>= 3.0, < 5)
+      tilt
+    angularjs-file-upload-rails (2.4.1)
+    angularjs-rails (1.5.5)
+    arel (7.1.4)
+    ast (2.4.1)
+    atomic (1.1.101)
+    awesome_nested_set (3.2.1)
+      activerecord (>= 4.0.0, < 7.0)
+    awesome_print (1.8.0)
+    aws-sdk (1.67.0)
+      aws-sdk-v1 (= 1.67.0)
+    aws-sdk-v1 (1.67.0)
+      json (~> 1.4)
+      nokogiri (~> 1)
+    bcrypt (3.1.16)
+    bugsnag (6.18.0)
+      concurrent-ruby (~> 1.0)
+    builder (3.2.4)
+    byebug (11.0.1)
+    cancancan (1.7.1)
+    capybara (3.15.0)
+      addressable
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.2)
+      xpath (~> 3.2)
+    childprocess (3.0.0)
+    chronic (0.10.2)
+    chunky_png (1.3.14)
+    climate_control (0.2.0)
+    cocaine (0.5.8)
+      climate_control (>= 0.0.3, < 1.0)
+    coderay (1.1.3)
+    coffee-rails (4.2.2)
+      coffee-script (>= 2.2.0)
+      railties (>= 4.0.0)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.12.2)
+    combine_pdf (1.0.19)
+      ruby-rc4 (>= 0.1.5)
+    compass (1.0.3)
+      chunky_png (~> 1.2)
+      compass-core (~> 1.0.2)
+      compass-import-once (~> 1.0.5)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+      sass (>= 3.3.13, < 3.5)
+    compass-core (1.0.3)
+      multi_json (~> 1.0)
+      sass (>= 3.3.0, < 3.5)
+    compass-import-once (1.0.5)
+      sass (>= 3.2, < 3.5)
+    compass-rails (2.0.1)
+      compass (~> 1.0.0)
+    concurrent-ruby (1.1.7)
+    crack (0.4.4)
+    crass (1.0.6)
+    css_parser (1.7.1)
+      addressable
+    daemons (1.3.1)
+    dalli (2.7.11)
+    database_cleaner (1.8.5)
+    ddtrace (0.43.0)
+      msgpack
+    debugger-linecache (1.2.0)
+    delayed_job (4.1.8)
+      activesupport (>= 3.0, < 6.1)
+    delayed_job_active_record (4.1.4)
+      activerecord (>= 3.0, < 6.1)
+      delayed_job (>= 3.0, < 5)
+    delayed_job_web (1.4.3)
+      activerecord (> 3.0.0)
+      delayed_job (> 2.0.3)
+      rack-protection (>= 1.5.5)
+      sinatra (>= 1.4.4)
+    devise (4.7.3)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
+    devise-encryptable (0.2.0)
+      devise (>= 2.1.0)
+    devise-token_authenticatable (1.1.0)
+      devise (>= 4.0.0, < 5.0.0)
+    diff-lcs (1.4.4)
+    docile (1.3.2)
+    erubis (2.7.0)
+    eventmachine (1.2.7)
+    execjs (2.7.0)
+    factory_bot (5.2.0)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.2.0)
+      factory_bot (~> 5.2.0)
+      railties (>= 4.2.0)
+    faraday (1.0.1)
+      multipart-post (>= 1.2, < 3)
+    ffaker (2.11.0)
+    ffi (1.13.1)
+    figaro (1.2.0)
+      thor (>= 0.14.0, < 2)
+    foundation-icons-sass-rails (3.0.0)
+      railties (>= 3.1.1)
+      sass-rails (>= 3.1.1)
+    foundation-rails (5.5.2.1)
+      railties (>= 3.1.0)
+      sass (>= 3.3.0, < 3.5)
+    fuubar (2.5.1)
+      rspec-core (~> 3.0)
+      ruby-progressbar (~> 1.4)
+    geocoder (1.6.4)
+    get_process_mem (0.2.7)
+      ffi (~> 1.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    gmaps4rails (2.1.2)
+    haml (5.2.0)
+      temple (>= 0.8.0)
+      tilt
+    hashdiff (1.0.1)
+    highline (2.0.3)
+    i18n (1.8.5)
+      concurrent-ruby (~> 1.0)
+    i18n-js (3.8.0)
+      i18n (>= 0.6.6)
+    immigrant (0.3.6)
+      activerecord (>= 3.0)
+    jaro_winkler (1.5.4)
+    jquery-migrate-rails (1.2.1)
+    jquery-rails (4.4.0)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
+      thor (>= 0.14, < 2.0)
+    jquery-ui-rails (4.2.1)
+      railties (>= 3.2.16)
+    json (1.8.6)
+    json-schema (2.8.1)
+      addressable (>= 2.4)
+    json_spec (1.1.5)
+      multi_json (~> 1.0)
+      rspec (>= 2.0, < 4.0)
+    jwt (2.2.2)
+    kaminari (1.2.1)
+      activesupport (>= 4.1.0)
+      kaminari-actionview (= 1.2.1)
+      kaminari-activerecord (= 1.2.1)
+      kaminari-core (= 1.2.1)
+    kaminari-actionview (1.2.1)
+      actionview
+      kaminari-core (= 1.2.1)
+    kaminari-activerecord (1.2.1)
+      activerecord
+      kaminari-core (= 1.2.1)
+    kaminari-core (1.2.1)
+    kgio (2.11.3)
+    knapsack (1.20.0)
+      rake
+    launchy (2.4.3)
+      addressable (~> 2.3)
+    letter_opener (1.7.0)
+      launchy (~> 2.2)
+    libv8 (8.4.255.0)
+    loofah (2.7.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    method_source (1.0.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.1104)
+    mini_mime (1.0.2)
+    mini_portile2 (2.4.0)
+    mini_racer (0.2.15)
+      libv8 (> 7.3)
+    minitest (5.14.2)
+    monetize (1.9.4)
+      money (~> 6.12)
+    money (6.13.8)
+      i18n (>= 0.6.4, <= 2)
+    msgpack (1.3.3)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    nio4r (2.5.2)
+    nokogiri (1.10.10)
+      mini_portile2 (~> 2.4.0)
+    oauth2 (1.4.4)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    orm_adapter (0.5.0)
+    paper_trail (10.3.1)
+      activerecord (>= 4.2)
+      request_store (~> 1.1)
+    paperclip (3.4.2)
+      activemodel (>= 3.0.0)
+      activerecord (>= 3.0.0)
+      activesupport (>= 3.0.0)
+      cocaine (~> 0.5.0)
+      mime-types
+    parallel (1.19.2)
+    paranoia (2.4.2)
+      activerecord (>= 4.0, < 6.1)
+    parser (2.7.2.0)
+      ast (~> 2.4.1)
+    paypal-sdk-core (0.2.10)
+      multi_json (~> 1.0)
+      xml-simple
+    paypal-sdk-merchant (1.106.1)
+      paypal-sdk-core (~> 0.2.3)
+    pg (0.21.0)
+    polyamorous (2.3.0)
+      activerecord (>= 5.0)
+    power_assert (1.2.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
+      byebug (~> 11.0)
+      pry (~> 0.13.0)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rack-mini-profiler (2.0.2)
+      rack (>= 1.2.0)
+    rack-protection (2.1.0)
+      rack
+    rack-rewrite (1.5.1)
+    rack-ssl (1.4.1)
+      rack
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (5.0.7.2)
+      actioncable (= 5.0.7.2)
+      actionmailer (= 5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activerecord (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      bundler (>= 1.3.0)
+      railties (= 5.0.7.2)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    rails-i18n (5.1.3)
+      i18n (>= 0.7, < 2)
+      railties (>= 5.0, < 6)
+    rails_safe_tasks (1.0.0)
+    railties (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rainbow (3.0.0)
+    raindrops (0.19.1)
+    rake (13.0.1)
+    ransack (2.3.0)
+      actionpack (>= 5.0)
+      activerecord (>= 5.0)
+      activesupport (>= 5.0)
+      i18n
+      polyamorous (= 2.3.0)
+    rb-fsevent (0.10.4)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    redcarpet (3.5.0)
+    regexp_parser (1.8.2)
+    request_store (1.5.0)
+      rack (>= 1.4)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
+    rexml (3.2.4)
+    roadie (3.5.1)
+      css_parser (~> 1.4)
+      nokogiri (~> 1.8)
+    roadie-rails (1.3.0)
+      railties (>= 3.0, < 5.3)
+      roadie (~> 3.1)
+    roo (2.8.3)
+      nokogiri (~> 1)
+      rubyzip (>= 1.3.0, < 3.0.0)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.0)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-rails (4.0.1)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.9)
+      rspec-expectations (~> 3.9)
+      rspec-mocks (~> 3.9)
+      rspec-support (~> 3.9)
+    rspec-retry (0.6.2)
+      rspec-core (> 3.3)
+    rspec-support (3.10.0)
+    rswag (2.3.1)
+      rswag-api (= 2.3.1)
+      rswag-specs (= 2.3.1)
+      rswag-ui (= 2.3.1)
+    rswag-api (2.3.1)
+      railties (>= 3.1, < 7.0)
+    rswag-specs (2.3.1)
+      activesupport (>= 3.1, < 7.0)
+      json-schema (~> 2.2)
+      railties (>= 3.1, < 7.0)
+    rswag-ui (2.3.1)
+      actionpack (>= 3.1, < 7.0)
+      railties (>= 3.1, < 7.0)
+    rubocop (0.81.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.7.0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      rexml
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-rails (2.5.2)
+      activesupport
+      rack (>= 1.1)
+      rubocop (>= 0.72.0)
+    ruby-progressbar (1.10.1)
+    ruby-rc4 (0.1.5)
+    ruby2_keywords (0.0.2)
+    rubyzip (1.3.0)
+    sass (3.4.25)
+    sass-rails (5.0.7)
+      railties (>= 4.0.0, < 6)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
+    select2-rails (3.4.9)
+      sass-rails
+      thor (~> 0.14)
+    selenium-webdriver (3.142.7)
+      childprocess (>= 0.5, < 4.0)
+      rubyzip (>= 1.2.2)
+    shoulda-matchers (4.0.1)
+      activesupport (>= 4.2.0)
+    simplecov (0.17.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    sinatra (2.1.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
+      tilt (~> 2.0)
+    spring (2.0.2)
+      activesupport (>= 4.2)
+    spring-commands-rspec (1.0.4)
+      spring (>= 0.9.1)
+    sprockets (3.7.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.2)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    state_machines (0.5.0)
+    state_machines-activemodel (0.7.1)
+      activemodel (>= 4.1)
+      state_machines (>= 0.5.0)
+    state_machines-activerecord (0.6.0)
+      activerecord (>= 4.1)
+      state_machines-activemodel (>= 0.5.0)
+    stringex (2.8.5)
+    stripe (5.28.0)
+    temple (0.8.2)
+    test-prof (0.7.5)
+    test-unit (3.3.7)
+      power_assert
+    test_after_commit (1.1.0)
+      activerecord (>= 3.2)
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    tilt (2.0.10)
+    timecop (0.9.2)
+    tzinfo (1.2.8)
+      thread_safe (~> 0.1)
+    uglifier (4.2.0)
+      execjs (>= 0.3.0, < 3)
+    unicode-display_width (1.7.0)
+    unicorn (5.7.0)
+      kgio (~> 2.6)
+      raindrops (~> 0.7)
+    unicorn-rails (2.2.1)
+      rack
+      unicorn
+    unicorn-worker-killer (0.4.4)
+      get_process_mem (~> 0)
+      unicorn (>= 4, < 6)
+    warden (1.2.9)
+      rack (>= 2.0.9)
+    webdrivers (4.2.0)
+      nokogiri (~> 1.6)
+      rubyzip (>= 1.3.0)
+      selenium-webdriver (>= 3.0, < 4.0)
+    webmock (3.10.0)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    websocket-driver (0.6.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    whenever (1.0.0)
+      chronic (>= 0.6.3)
+    wicked_pdf (2.1.0)
+      activesupport
+    wkhtmltopdf-binary (0.12.6.5)
+    xml-simple (1.1.5)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionpack-action_caching
+  active_model_serializers (= 0.8.4)
+  activemerchant (>= 1.78.0)
+  activerecord-import
+  activerecord-postgresql-adapter
+  activerecord-session_store
+  acts-as-taggable-on (~> 4.0)
+  acts_as_list (= 0.9.19)
+  andand
+  angular-rails-templates (>= 0.3.0)
+  angularjs-file-upload-rails (~> 2.4.1)
+  angularjs-rails (= 1.5.5)
+  atomic
+  awesome_nested_set
+  awesome_print
+  aws-sdk (= 1.67.0)
+  bugsnag
+  byebug
+  cancancan (~> 1.7.0)
+  capybara
+  catalog!
+  coffee-rails (~> 4.2.2)
+  combine_pdf
+  compass-rails
+  custom_error_message!
+  daemons
+  dalli
+  database_cleaner
+  ddtrace
+  debugger-linecache
+  delayed_job_active_record
+  delayed_job_web
+  devise
+  devise-encryptable
+  devise-token_authenticatable
+  dfc_provider!
+  eventmachine (>= 1.2.3)
+  factory_bot_rails (= 5.2.0)
+  ffaker
+  figaro
+  foundation-icons-sass-rails
+  foundation-rails (= 5.5.2.1)
+  fuubar (~> 2.5.1)
+  geocoder
+  gmaps4rails
+  haml
+  highline (= 2.0.3)
+  i18n
+  i18n-js (~> 3.8.0)
+  immigrant
+  jquery-migrate-rails
+  jquery-rails (= 4.4.0)
+  jquery-ui-rails (~> 4.2)
+  json
+  json_spec (~> 1.1.4)
+  jwt (~> 2.2)
+  kaminari (~> 1.2.1)
+  knapsack
+  letter_opener (>= 1.4.1)
+  mini_racer (= 0.2.15)
+  monetize (~> 1.1)
+  oauth2 (~> 1.4.4)
+  ofn-qz!
+  order_management!
+  paper_trail (~> 10.3.1)
+  paperclip (~> 3.4.1)
+  paranoia (~> 2.4)
+  paypal-sdk-merchant (= 1.106.1)
+  pg (~> 0.21.0)
+  pry
+  pry-byebug
+  rack-mini-profiler (< 3.0.0)
+  rack-rewrite
+  rack-ssl
+  rails (> 5.0, < 5.1)
+  rails-i18n
+  rails_safe_tasks (~> 1.0)
+  ransack (= 2.3.0)
+  redcarpet
+  responders
+  roadie-rails (~> 1.3.0)
+  roo (~> 2.8.3)
+  rspec-rails (>= 3.5.2)
+  rspec-retry
+  rswag
+  rubocop
+  rubocop-rails
+  sass (<= 4.7.1)
+  sass-rails (< 6.0.0)
+  select2-rails (~> 3.4.7)
+  selenium-webdriver
+  shoulda-matchers
+  simplecov
+  spring
+  spring-commands-rspec
+  state_machines-activerecord
+  stringex (~> 2.8.5)
+  stripe
+  test-prof
+  test-unit (~> 3.3)
+  test_after_commit
+  timecop
+  uglifier (>= 1.0.3)
+  unicorn-rails
+  unicorn-worker-killer
+  web!
+  webdrivers
+  webmock
+  whenever
+  wicked_pdf
+  wkhtmltopdf-binary
+
+RUBY VERSION
+   ruby 2.4.4p296
+
+BUNDLED WITH
+   1.17.3
--- a/2
+++ b/2
@@ -1,4 +1,6 @@
 #!/usr/bin/env rake
+# frozen_string_literal: true
+
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.

--- a/app/assets/javascripts/admin/index_utils/services/paged_fetcher.js.coffee
+++ b/app/assets/javascripts/admin/index_utils/services/paged_fetcher.js.coffee
@@ -16,7 +16,7 @@ angular.module("admin.indexUtils").factory "PagedFetcher", (dataFetcher) ->
    fetchPages: (url, page, pageCallback) ->
      dataFetcher(@urlForPage(url, page)).then (data) =>
        @page++
-        @last_page = data.pages
+        @last_page = data.pagination.pages

        pageCallback(data) if pageCallback

--- a/app/assets/javascripts/admin/spree/base.js.erb
+++ b/app/assets/javascripts/admin/spree/base.js.erb
@@ -127,7 +127,16 @@ $(document).ready(function() {
        nextText: Spree.translations.next,
        showOn: "focus"
      });
-
+      
+       $.datepicker.regional[I18n.locale] = {
+          prevText: Spree.translations.previous,
+          nextText: Spree.translations.next,
+          monthNames: Spree.translations.month_names,
+          dayNames: Spree.translations.abbr_day_names,
+          dayNamesMin: Spree.translations.abbr_day_names,
+          dateFormat: Spree.translations.date_picker
+      };
+      $.datepicker.setDefaults( $.datepicker.regional[I18n.locale]);
      // Correctly display range dates
      $('.date-range-filter .datepicker-from').datepicker('option', 'onSelect', function(selectedDate) {
        $(".date-range-filter .datepicker-to" ).datepicker( "option", "minDate", selectedDate );
--- a/app/assets/javascripts/admin/spree_paypal_express.js
+++ b/app/assets/javascripts/admin/spree_paypal_express.js
@@ -0,0 +1,17 @@
+//= require admin/spree_backend
+
+SpreePaypalExpress = {
+  hideSettings: function(paymentMethod) {
+    if (SpreePaypalExpress.paymentMethodID && paymentMethod.val() == SpreePaypalExpress.paymentMethodID) {
+      $('.payment-method-settings').children().hide();
+      $('#payment_amount').prop('disabled', 'disabled');
+      $('button[type="submit"]').prop('disabled', 'disabled');
+      $('#paypal-warning').show();
+    } else if (SpreePaypalExpress.paymentMethodID) {
+      $('.payment-method-settings').children().show();
+      $('button[type=submit]').prop('disabled', '');
+      $('#payment_amount').prop('disabled', '');
+      $('#paypal-warning').hide();
+    }
+  }
+}
--- a/app/assets/javascripts/darkswarm/controllers/credit_cards_controller.js.coffee
+++ b/app/assets/javascripts/darkswarm/controllers/credit_cards_controller.js.coffee
@@ -1,7 +1,7 @@
 Darkswarm.controller "CreditCardsCtrl", ($scope, CreditCard, CreditCards) ->
  angular.extend(this, new FieldsetMixin($scope))
  $scope.savedCreditCards = CreditCards.saved
-  $scope.setDefault = CreditCards.setDefault
+  $scope.confirmSetDefault = CreditCards.confirmSetDefault
  $scope.CreditCard = CreditCard
  $scope.secrets = CreditCard.secrets
  $scope.showForm = CreditCard.show
--- a/app/assets/javascripts/darkswarm/controllers/order_cycle_controller.js.coffee
+++ b/app/assets/javascripts/darkswarm/controllers/order_cycle_controller.js.coffee
@@ -25,3 +25,6 @@ Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $rootScope, $timeout, Orde
    Cart.reloadFinalisedLineItems()
    ChangeableOrdersAlert.reload()
    $rootScope.$broadcast 'orderCycleSelected'
+
+  $scope.closesInLessThan3Months = () ->
+    moment().diff(moment(OrderCycle.orders_close_at(),  "YYYY-MM-DD HH:mm:SS Z"), 'days') > -75
--- a/app/assets/javascripts/darkswarm/directives/tabset_ctrl.js.coffee
+++ b/app/assets/javascripts/darkswarm/directives/tabset_ctrl.js.coffee
@@ -5,15 +5,13 @@ Darkswarm.directive "tabsetCtrl", (Tabsets, $location) ->
    selected: "@"
    navigate: "="
    prefix: "@?"
-    alwaysopen: "="
  controller: ($scope, $element) ->
    if $scope.navigate
      path = $location.path()?.match(/^\/\w+$/)?[0]
      $scope.selected = path[1..] if path

    this.toggle = (name) ->
-      state = if $scope.alwaysopen then 'open' else null
-      Tabsets.toggle($scope.id, name, state)
+      Tabsets.toggle($scope.id, name)

    this.select = (selection) ->
      $scope.$broadcast("selection:changed", selection)
--- a/app/assets/javascripts/darkswarm/services/cart.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/cart.js.coffee
@@ -50,7 +50,7 @@ Darkswarm.factory 'Cart', (CurrentOrder, Variants, $timeout, $http, $modal, $roo
        @popQueue() if @update_enqueued

      .error (response, status)=>
-        Messages.flash({error: t('js.cart.add_to_cart_failed')})
+        Messages.flash({error: response.error})
        @update_running = false

    compareAndNotifyStockLevels: (stockLevels) =>
--- a/app/assets/javascripts/darkswarm/services/credit_cards.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/credit_cards.js.coffee
@@ -1,4 +1,4 @@
-Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages)->
+Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages, Customers)->
  new class CreditCard
    saved: $filter('orderBy')(savedCreditCards,'-is_default')

@@ -11,5 +11,13 @@ Darkswarm.factory 'CreditCards', ($http, $filter, savedCreditCards, Messages)->
        othercard.is_default = false
      $http.put("/credit_cards/#{card.id}", is_default: true).then (data) ->
        Messages.success(t('js.default_card_updated'))
+        Customers.clearAllAllowCharges()
      , (response) ->
        Messages.flash(response.data.flash)
+
+    confirmSetDefault: (card, event) =>
+      if confirm t("js.default_card_voids_auth")
+        @setDefault(card)
+      else
+        event.preventDefault()
+        return false
--- a/app/assets/javascripts/darkswarm/services/customer.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/customer.js.coffee
@@ -1,4 +1,4 @@
-angular.module("Darkswarm").factory 'Customer', ($resource, Messages) ->
+angular.module("Darkswarm").factory 'Customer', ($resource, $injector, Messages) ->
  Customer = $resource('/api/customers/:id/:action.json', {}, {
    'index':
      method: 'GET'
@@ -12,8 +12,21 @@ angular.module("Darkswarm").factory 'Customer', ($resource, Messages) ->
  })

  Customer.prototype.update = ->
+    if @allow_charges
+      Messages.loading(t('js.authorising'))
    @$update().then (response) =>
-      Messages.success(t('js.changes_saved'))
+      if response.gateway_recurring_payment_client_secret && $injector.has('stripePublishableKey')
+        Messages.clear()
+        stripe = Stripe($injector.get('stripePublishableKey'), { stripeAccount: response.gateway_shop_id })
+        stripe.confirmCardSetup(response.gateway_recurring_payment_client_secret).then (result) =>
+          if result.error
+            @allow_charges = false
+            @$update(allow_charges: false)
+            Messages.error(result.error.message)
+          else
+            Messages.success(t('js.changes_saved'))
+      else
+        Messages.success(t('js.changes_saved'))
    , (response) =>
      Messages.error(response.data.error)

--- a/app/assets/javascripts/darkswarm/services/customers.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/customers.js.coffee
@@ -12,3 +12,7 @@ angular.module("Darkswarm").factory 'Customers', (Customer) ->
      for customer in customers
        @all.push customer
        @byID[customer.id] = customer
+
+    clearAllAllowCharges: () ->
+      for customer in @index()
+        customer.allow_charges = false
--- a/app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee
@@ -1,21 +1,21 @@
 Darkswarm.factory 'OrderCycleResource', ($resource) ->
-  $resource('/api/order_cycles/:id', {}, {
+  $resource('/api/order_cycles/:id.json', {}, {
    'products':
      method: 'GET'
      isArray: true
-      url: '/api/order_cycles/:id/products'
+      url: '/api/order_cycles/:id/products.json'
      params:
        id: '@id'
    'taxons':
      method: 'GET'
      isArray: true
-      url: '/api/order_cycles/:id/taxons'
+      url: '/api/order_cycles/:id/taxons.json'
      params:
        id: '@id'
    'properties':
      method: 'GET'
      isArray: true
-      url: '/api/order_cycles/:id/properties'
+      url: '/api/order_cycles/:id/properties.json'
      params:
        id: '@id'
  })
--- a/app/assets/javascripts/darkswarm/services/tabsets.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/tabsets.js.coffee
@@ -7,12 +7,10 @@ Darkswarm.factory 'Tabsets', ->
        @tabsets.push { ctrl: ctrl, id: id, selected: selected }
        ctrl.select(selected) if selected?

-    toggle: (id, name, state=null) ->
+    toggle: (id, name) ->
      tabset = @findTabsetByObject(id)
-      if tabset.selected == name
-        @select(tabset, null) unless state == "open"
-      else
-        @select(tabset, name) unless state == "closed"
+      if tabset.selected != name
+        @select(tabset, name)

    select: (tabset, name) ->
      tabset.selected = name
--- a/app/assets/stylesheets/darkswarm/_shop-inputs.scss
+++ b/app/assets/stylesheets/darkswarm/_shop-inputs.scss
@@ -29,9 +29,12 @@ button.add-variant, button.variant-quantity {
  &:hover {
    background-color: $orange-600;
  }
+
  &[disabled] {
+    background-color: $grey-400;
+
    &:hover, &:focus {
-      background-color: $orange-500;
+      background-color: $grey-400;
    }
  }
  &:nth-of-type(1) {
@@ -84,14 +87,6 @@ button.bulk-buy.variant-quantity {

 button.bulk-buy-add.variant-quantity {
  width: 2.5rem;
-
-  &[disabled] {
-    background-color: $grey-400;
-
-    &:hover, &:focus {
-      background-color: $grey-400;
-    }
-  }
 }

 span.bulk-buy.variant-quantity {
--- a/app/assets/stylesheets/darkswarm/_shop-navigation.scss
+++ b/app/assets/stylesheets/darkswarm/_shop-navigation.scss
@@ -41,19 +41,21 @@ ordercycle {

  .order-cycle-select {
    border: 1px solid $teal-300;
-    display: inline-block;
+    display: flex;
    font-size: 1em;
    border-radius: $radius-small;
+    margin-right: 10px;
+    margin-left: 10px;

    .select-label {
      background-color: rgba($teal-300, 0.5);
-      display: inline-block;
+      display: flex;
+      align-items: center;
+      justify-content: center;
      border-radius: $radius-small 0 0 $radius-small;
-      float: left;
      font-size: 1em;
      line-height: 1.3em;
      padding: 0.5em 0.75em;
-      height: 2.35em;

      span {
        width: max-content;
@@ -65,6 +67,7 @@ ordercycle {
      background-image: image-url('white-caret.svg');
      background-size: 30px auto;
      background-position-x: 102%;
+      height: 2.35em;
    }

    p {
@@ -82,7 +85,6 @@ ordercycle {
      padding: 0.5em 1.25em 0.5em 0.75em;
      font-size: 1em;
      line-height: 1.3em;
-      height: 2.35em;
      min-width: 13em;
      width: 200px;

@@ -154,22 +156,24 @@ shop ordercycle {
    }
  }

+  .select-and-closing-container {
+    @include breakpoint(desktop) {
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      flex-wrap: wrap;
+    }
+  }
+
  closing {
    color: $white;
    padding: 0 0 12px;

    @include breakpoint(desktop) {
-      float: none;
-      display: inline-block;
-      padding: 0.2em 0 0;
+      padding: 0;
      font-size: 1.2em;
      margin-right: 1em;
    }
-
-    @include breakpoint(tablet) {
-      float: none;
-      padding: 0;
-    }
  }

  form.custom {
--- a/app/controllers/admin/bulk_line_items_controller.rb
+++ b/app/controllers/admin/bulk_line_items_controller.rb
@@ -1,5 +1,6 @@
 module Admin
  class BulkLineItemsController < Spree::Admin::BaseController
+    include PaginationData
    # GET /admin/bulk_line_items.json
    #
    def index
@@ -12,9 +13,12 @@ module Admin
        ransack(params[:q]).result.
        reorder('spree_line_items.order_id ASC, spree_line_items.id ASC')

-      @line_items = @line_items.page(page).per(params[:per_page]) if using_pagination?
+      @line_items = @line_items.page(page).per(params[:per_page]) if pagination_required?

-      render json: { line_items: serialized_line_items, pagination: pagination_data }
+      render json: {
+        line_items: serialized_line_items,
+        pagination: pagination_data(@line_items)
+      }
    end

    # PUT /admin/bulk_line_items/:id.json
@@ -87,21 +91,6 @@ module Admin
      ::Permissions::Order.new(spree_current_user)
    end

-    def using_pagination?
-      params[:per_page]
-    end
-
-    def pagination_data
-      return unless using_pagination?
-
-      {
-        results: @line_items.total_count,
-        pages: @line_items.num_pages,
-        page: page.to_i,
-        per_page: params[:per_page].to_i
-      }
-    end
-
    def page
      params[:page] || 1
    end
--- a/app/controllers/admin/column_preferences_controller.rb
+++ b/app/controllers/admin/column_preferences_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class ColumnPreferencesController < ResourceController
+  class ColumnPreferencesController < Admin::ResourceController
    before_action :load_collection, only: [:bulk_update]

    respond_to :json
--- a/app/controllers/admin/customers_controller.rb
+++ b/app/controllers/admin/customers_controller.rb
@@ -1,7 +1,7 @@
 require 'open_food_network/address_finder'

 module Admin
-  class CustomersController < ResourceController
+  class CustomersController < Admin::ResourceController
    before_action :load_managed_shops, only: :index, if: :html_request?
    respond_to :json

@@ -17,13 +17,22 @@ module Admin
      respond_to do |format|
        format.html
        format.json do
-          render_as_json @collection,
-                         tag_rule_mapping: tag_rule_mapping,
-                         customer_tags: customer_tags_by_id
+          render json: @collection,
+                 each_serializer: index_each_serializer,
+                 tag_rule_mapping: tag_rule_mapping,
+                 customer_tags: customer_tags_by_id
        end
      end
    end

+    def index_each_serializer
+      if OpenFoodNetwork::FeatureToggle.enabled?(:customer_balance, spree_current_user)
+        ::Api::Admin::CustomerWithBalanceSerializer
+      else
+        ::Api::Admin::CustomerWithCalculatedBalanceSerializer
+      end
+    end
+
    def show
      render_as_json @customer, ams_prefix: params[:ams_prefix]
    end
@@ -42,7 +51,7 @@ module Admin
      end
    end

-    # copy of Spree::Admin::ResourceController without flash notice
+    # copy of Admin::ResourceController without flash notice
    def destroy
      invoke_callbacks(:destroy, :before)
      if @object.destroy
@@ -63,10 +72,20 @@ module Admin
    private

    def collection
-      return Customer.where("1=0") unless json_request? && params[:enterprise_id].present?
+      if json_request? && params[:enterprise_id].present?
+        customers_relation.
+          includes(:bill_address, :ship_address, user: :credit_cards)
+      else
+        Customer.where('1=0')
+      end
+    end

-      Customer.of(managed_enterprise_id).
-        includes(:bill_address, :ship_address, user: :credit_cards)
+    def customers_relation
+      if OpenFoodNetwork::FeatureToggle.enabled?(:customer_balance, spree_current_user)
+        CustomersWithBalance.new(managed_enterprise_id).query
+      else
+        Customer.of(managed_enterprise_id)
+      end
    end

    def managed_enterprise_id
@@ -95,7 +114,7 @@ module Admin
      )
    end

-    # Used in ResourceController#update
+    # Used in Admin::ResourceController#update
    def permitted_resource_params
      customer_params
    end
--- a/app/controllers/admin/enterprise_fees_controller.rb
+++ b/app/controllers/admin/enterprise_fees_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseFeesController < ResourceController
+  class EnterpriseFeesController < Admin::ResourceController
    before_action :load_enterprise_fee_set, only: :index
    before_action :load_data

--- a/app/controllers/admin/enterprise_groups_controller.rb
+++ b/app/controllers/admin/enterprise_groups_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseGroupsController < ResourceController
+  class EnterpriseGroupsController < Admin::ResourceController
    before_action :load_data, except: :index
    before_action :load_object_data, only: [:new, :edit, :create, :update]

--- a/app/controllers/admin/enterprise_relationships_controller.rb
+++ b/app/controllers/admin/enterprise_relationships_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseRelationshipsController < ResourceController
+  class EnterpriseRelationshipsController < Admin::ResourceController
    def index
      @my_enterprises = Enterprise.
        includes(:shipping_methods, :payment_methods).
--- a/app/controllers/admin/enterprise_roles_controller.rb
+++ b/app/controllers/admin/enterprise_roles_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class EnterpriseRolesController < ResourceController
+  class EnterpriseRolesController < Admin::ResourceController
    def index
      @enterprise_roles = EnterpriseRole.by_user_email
      @users = Spree::User.order('spree_users.email')
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -3,7 +3,7 @@ require 'open_food_network/permissions'
 require 'open_food_network/order_cycle_permissions'

 module Admin
-  class EnterprisesController < ResourceController
+  class EnterprisesController < Admin::ResourceController
    # These need to run before #load_resource so that @object is initialised with sanitised values
    prepend_before_action :override_owner, only: :create
    prepend_before_action :override_sells, only: :create
@@ -326,7 +326,7 @@ module Admin
      )
    end

-    # Used in ResourceController#create
+    # Used in Admin::ResourceController#create
    def permitted_resource_params
      enterprise_params
    end
--- a/app/controllers/admin/inventory_items_controller.rb
+++ b/app/controllers/admin/inventory_items_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class InventoryItemsController < ResourceController
+  class InventoryItemsController < Admin::ResourceController
    respond_to :json

    respond_override update: { json: {
--- a/app/controllers/admin/manager_invitations_controller.rb
+++ b/app/controllers/admin/manager_invitations_controller.rb
@@ -35,7 +35,7 @@ module Admin
      new_user.save!

      @enterprise.users << new_user
-      Delayed::Job.enqueue ManagerInvitationJob.new(@enterprise.id, new_user.id)
+      EnterpriseMailer.manager_invitation(@enterprise, new_user).deliver_later

      new_user
    end
--- a/app/controllers/admin/order_cycles_controller.rb
+++ b/app/controllers/admin/order_cycles_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class OrderCyclesController < ResourceController
+  class OrderCyclesController < Admin::ResourceController
    include OrderCyclesHelper
    include PaperTrailLogging

--- a/app/controllers/admin/producer_properties_controller.rb
+++ b/app/controllers/admin/producer_properties_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class ProducerPropertiesController < ResourceController
+  class ProducerPropertiesController < Admin::ResourceController
    before_action :load_enterprise
    before_action :load_properties
    before_action :setup_property, only: [:index]
--- a/app/controllers/admin/proxy_orders_controller.rb
+++ b/app/controllers/admin/proxy_orders_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class ProxyOrdersController < ResourceController
+  class ProxyOrdersController < Admin::ResourceController
    respond_to :json

    def edit
--- a/app/controllers/admin/resource_controller.rb
+++ b/app/controllers/admin/resource_controller.rb
@@ -1,41 +1,303 @@
+require 'action_callbacks'
+
 module Admin
-  class ResourceController < Spree::Admin::ResourceController
+  class ResourceController < Spree::Admin::BaseController
+    helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
+    before_action :load_resource, except: [:update_positions]
+    rescue_from ActiveRecord::RecordNotFound, with: :resource_not_found
+    rescue_from CanCan::AccessDenied, with: :unauthorized
+
+    respond_to :html
+    respond_to :js, except: [:show, :index]
+
+    def new
+      invoke_callbacks(:new_action, :before)
+      respond_with(@object) do |format|
+        format.html { render layout: !request.xhr? }
+        format.js   { render layout: false }
+      end
+    end
+
+    def edit
+      respond_with(@object) do |format|
+        format.html { render layout: !request.xhr? }
+        format.js   { render layout: false }
+      end
+    end
+
+    def update
+      invoke_callbacks(:update, :before)
+      if @object.update(permitted_resource_params)
+        invoke_callbacks(:update, :after)
+        flash[:success] = flash_message_for(@object, :successfully_updated)
+        respond_with(@object) do |format|
+          format.html { redirect_to location_after_save }
+          format.js   { render layout: false }
+        end
+      else
+        invoke_callbacks(:update, :fails)
+        respond_with(@object)
+      end
+    end
+
+    def create
+      invoke_callbacks(:create, :before)
+      @object.attributes = permitted_resource_params
+      if @object.save
+        invoke_callbacks(:create, :after)
+        flash[:success] = flash_message_for(@object, :successfully_created)
+        respond_with(@object) do |format|
+          format.html { redirect_to location_after_save }
+          format.js   { render layout: false }
+        end
+      else
+        invoke_callbacks(:create, :fails)
+        respond_with(@object)
+      end
+    end
+
+    def update_positions
+      params[:positions].each do |id, index|
+        model_class.where(id: id).update_all(position: index)
+      end
+
+      respond_to do |format|
+        format.js { render text: 'Ok' }
+      end
+    end
+
+    def destroy
+      invoke_callbacks(:destroy, :before)
+      if @object.destroy
+        invoke_callbacks(:destroy, :after)
+        flash[:success] = flash_message_for(@object, :successfully_removed)
+        respond_with(@object) do |format|
+          format.html { redirect_to collection_url }
+          format.js   { render partial: "spree/admin/shared/destroy" }
+        end
+      else
+        invoke_callbacks(:destroy, :fails)
+        respond_with(@object) do |format|
+          format.html { redirect_to collection_url }
+        end
+      end
+    end
+
+    protected
+
+    def resource_not_found
+      flash[:error] = flash_message_for(model_class.new, :not_found)
+      redirect_to collection_url
+    end
+
+    class << self
+      attr_accessor :parent_data
+      attr_accessor :callbacks
+
+      def belongs_to(model_name, options = {})
+        @parent_data ||= {}
+        @parent_data[:model_name] = model_name
+        @parent_data[:model_class] = model_name.to_s.classify.constantize
+        @parent_data[:find_by] = options[:find_by] || :id
+      end
+
+      def new_action
+        @callbacks ||= {}
+        @callbacks[:new_action] ||= ActionCallbacks.new
+      end
+
+      def create
+        @callbacks ||= {}
+        @callbacks[:create] ||= ActionCallbacks.new
+      end
+
+      def update
+        @callbacks ||= {}
+        @callbacks[:update] ||= ActionCallbacks.new
+      end
+
+      def destroy
+        @callbacks ||= {}
+        @callbacks[:destroy] ||= ActionCallbacks.new
+      end
+    end
+
    def model_class
-      controller_name.classify.to_s.constantize
+      controller_class_name.constantize
+    end
+
+    def model_name
+      parent_data[:model_name].gsub('spree/', '')
+    end
+
+    def object_name
+      controller_name.singularize
+    end
+
+    def load_resource
+      if member_action?
+        @object ||= load_resource_instance
+
+        # call authorize! a third time (called twice already in Admin::BaseController)
+        # this time we pass the actual instance so fine-grained abilities can control
+        # access to individual records, not just entire models.
+        authorize! action, @object
+
+        instance_variable_set("@#{object_name}", @object)
+
+        # If we don't have access, clear the object
+        unless can? action, @object
+          instance_variable_set("@#{object_name}", nil)
+        end
+
+        authorize! action, @object
+      else
+        @collection ||= collection
+
+        # note: we don't call authorize here as the collection method should use
+        # CanCan's accessible_by method to restrict the actual records returned
+
+        instance_variable_set("@#{controller_name}", @collection)
+      end
+    end
+
+    def load_resource_instance
+      if new_actions.include?(action)
+        build_resource
+      elsif params[:id]
+        find_resource
+      end
+    end
+
+    def parent_data
+      self.class.parent_data
+    end
+
+    def parent
+      return nil if parent_data.blank?
+
+      @parent ||= parent_data[:model_class].
+        public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
+      instance_variable_set("@#{model_name}", @parent)
+    end
+
+    def find_resource
+      if parent_data.present?
+        parent.public_send(controller_name).find(params[:id])
+      else
+        model_class.find(params[:id])
+      end
+    end
+
+    def build_resource
+      if parent_data.present?
+        parent.public_send(controller_name).build
+      else
+        model_class.new
+      end
+    end
+
+    def collection
+      return parent.public_send(controller_name) if parent_data.present?
+
+      if model_class.respond_to?(:accessible_by) &&
+         !current_ability.has_block?(params[:action], model_class)
+        model_class.accessible_by(current_ability, action)
+      else
+        model_class.scoped
+      end
+    end
+
+    def location_after_save
+      collection_url
+    end
+
+    def invoke_callbacks(action, callback_type)
+      callbacks = self.class.callbacks || {}
+      return if callbacks[action].nil?
+
+      case callback_type.to_sym
+      when :before then callbacks[action].before_methods.each { |method| __send__ method }
+      when :after  then callbacks[action].after_methods.each  { |method| __send__ method }
+      when :fails  then callbacks[action].fails_methods.each  { |method| __send__ method }
+      end
    end

    # URL helpers
    def new_object_url(options = {})
      if parent_data.present?
-        main_app.new_polymorphic_url([:admin, parent, model_class], options)
+        url_helper.new_polymorphic_url([:admin, parent, model_class], options)
      else
-        main_app.new_polymorphic_url([:admin, model_class], options)
+        url_helper.new_polymorphic_url([:admin, model_class], options)
      end
    end

    def edit_object_url(object, options = {})
      if parent_data.present?
-        main_app.public_send "edit_admin_#{model_name}_#{object_name}_url", parent, object, options
+        url_helper.public_send "edit_admin_#{model_name}_#{object_name}_url",
+                               parent, object, options
      else
-        main_app.public_send "edit_admin_#{object_name}_url", object, options
+        url_helper.public_send "edit_admin_#{object_name}_url",
+                               object, options
      end
    end

    def object_url(object = nil, options = {})
      target = object || @object
      if parent_data.present?
-        main_app.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
+        url_helper.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
      else
-        main_app.public_send "admin_#{object_name}_url", target, options
+        url_helper.public_send "admin_#{object_name}_url", target, options
      end
    end

+    # Permit specific list of params
+    #
+    # Example: params.require(object_name).permit(:name)
+    def permitted_resource_params
+      raise "All extending controllers need to override the method permitted_resource_params"
+    end
+
    def collection_url(options = {})
      if parent_data.present?
-        main_app.polymorphic_url([:admin, parent, model_class], options)
+        url_helper.polymorphic_url([:admin, parent, model_class], options)
      else
-        main_app.polymorphic_url([:admin, model_class], options)
+        url_helper.polymorphic_url([:admin, model_class], options)
      end
    end
+
+    def collection_actions
+      [:index]
+    end
+
+    def member_action?
+      !collection_actions.include? action
+    end
+
+    def new_actions
+      [:new, :create]
+    end
+
+    private
+
+    def controller_class_name
+      if spree_controller?
+        "Spree::#{controller_name.classify}"
+      else
+        controller_name.classify.to_s
+      end
+    end
+
+    def url_helper
+      if spree_controller?
+        spree
+      else
+        main_app
+      end
+    end
+
+    def spree_controller?
+      controller_path.starts_with? "spree"
+    end
  end
 end
--- a/app/controllers/admin/schedules_controller.rb
+++ b/app/controllers/admin/schedules_controller.rb
@@ -2,7 +2,7 @@ require 'open_food_network/permissions'
 require 'order_management/subscriptions/proxy_order_syncer'

 module Admin
-  class SchedulesController < ResourceController
+  class SchedulesController < Admin::ResourceController
    include PaperTrailLogging

    before_action :adapt_params, only: [:update]
--- a/app/controllers/admin/subscription_line_items_controller.rb
+++ b/app/controllers/admin/subscription_line_items_controller.rb
@@ -3,7 +3,7 @@ require 'open_food_network/order_cycle_permissions'
 require 'open_food_network/scope_variant_to_hub'

 module Admin
-  class SubscriptionLineItemsController < ResourceController
+  class SubscriptionLineItemsController < Admin::ResourceController
    before_action :load_build_context, only: [:build]
    before_action :ensure_shop, only: [:build]
    before_action :ensure_variant, only: [:build]
--- a/app/controllers/admin/subscriptions_controller.rb
+++ b/app/controllers/admin/subscriptions_controller.rb
@@ -1,7 +1,7 @@
 require 'open_food_network/permissions'

 module Admin
-  class SubscriptionsController < ResourceController
+  class SubscriptionsController < Admin::ResourceController
    before_action :load_shops, only: [:index]
    before_action :load_form_data, only: [:new, :edit]
    before_action :strip_banned_attrs, only: [:update]
--- a/app/controllers/admin/tag_rules_controller.rb
+++ b/app/controllers/admin/tag_rules_controller.rb
@@ -1,5 +1,5 @@
 module Admin
-  class TagRulesController < ResourceController
+  class TagRulesController < Admin::ResourceController
    respond_to :json

    respond_override destroy: { json: {
--- a/app/controllers/admin/variant_overrides_controller.rb
+++ b/app/controllers/admin/variant_overrides_controller.rb
@@ -1,7 +1,7 @@
 require 'open_food_network/spree_api_key_loader'

 module Admin
-  class VariantOverridesController < ResourceController
+  class VariantOverridesController < Admin::ResourceController
    include OpenFoodNetwork::SpreeApiKeyLoader
    include EnterprisesHelper

--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -10,12 +10,14 @@ module Api
    include Spree::Core::ControllerHelpers::SSL
    include ::ActionController::Head
    include ::ActionController::ConditionalGet
+    include ActionView::Layouts
+
+    layout false

    attr_accessor :current_api_user

    before_action :set_content_type
    before_action :authenticate_user
-    after_action  :set_jsonp_format

    rescue_from Exception, with: :error_during_processing
    rescue_from CanCan::AccessDenied, with: :unauthorized
@@ -34,13 +36,6 @@ module Api
    use_renderers :json
    check_authorization

-    def set_jsonp_format
-      return unless params[:callback] && request.get?
-
-      self.response_body = "#{params[:callback]}(#{response_body})"
-      headers["Content-Type"] = 'application/javascript'
-    end
-
    def respond_with_conflict(json_hash)
      render json: json_hash, status: :conflict
    end
@@ -63,16 +58,12 @@ module Api
    end

    def set_content_type
-      content_type = case params[:format]
-                     when "json"
-                       "application/json"
-                     when "xml"
-                       "text/xml"
-                     end
-      headers["Content-Type"] = content_type
+      headers["Content-Type"] = "application/json"
    end

    def error_during_processing(exception)
+      Bugsnag.notify(exception)
+
      render(json: { exception: exception.message },
             status: :unprocessable_entity) && return
    end
--- a/app/controllers/api/customers_controller.rb
+++ b/app/controllers/api/customers_controller.rb
@@ -11,13 +11,25 @@ module Api
      @customer = Customer.find(params[:id])
      authorize! :update, @customer

+      client_secret = RecurringPayments.setup_for(@customer) if params[:customer][:allow_charges]
+
      if @customer.update(customer_params)
+        add_recurring_payment_info(client_secret)
        render json: @customer, serializer: CustomerSerializer, status: :ok
      else
        invalid_resource!(@customer)
      end
    end

+    private
+
+    def add_recurring_payment_info(client_secret)
+      return unless client_secret
+
+      @customer.gateway_recurring_payment_client_secret = client_secret
+      @customer.gateway_shop_id = @customer.enterprise.stripe_account&.stripe_user_id
+    end
+
    def customer_params
      params.require(:customer).permit(:code, :email, :enterprise_id, :allow_charges)
    end
--- a/app/controllers/api/exchange_products_controller.rb
+++ b/app/controllers/api/exchange_products_controller.rb
@@ -5,6 +5,7 @@
 # Pagination is optional and can be required by using param[:page]
 module Api
  class ExchangeProductsController < Api::BaseController
+    include PaginationData
    DEFAULT_PER_PAGE = 100

    skip_authorization_check only: [:index]
@@ -77,29 +78,16 @@ module Api
    end

    def render_paginated_products(paginated_products)
-      serializer = ActiveModel::ArraySerializer.new(
+      serialized_products = ActiveModel::ArraySerializer.new(
        paginated_products,
        each_serializer: Api::Admin::ForOrderCycle::SuppliedProductSerializer,
        order_cycle: @order_cycle
      )

-      result = { products: serializer }
-      result = result.merge(pagination: pagination_data(paginated_products)) if pagination_required?
-
-      render text: result.to_json
-    end
-
-    def pagination_data(paginated_products)
-      {
-        results: paginated_products.total_count,
-        pages: paginated_products.num_pages,
-        page: params[:page].to_i,
-        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
+      render json: {
+        products: serialized_products,
+        pagination: pagination_data(paginated_products)
      }
    end
-
-    def pagination_required?
-      params[:page].present?
-    end
  end
 end
--- a/app/controllers/api/order_cycles_controller.rb
+++ b/app/controllers/api/order_cycles_controller.rb
@@ -20,7 +20,7 @@ module Api
        search_params
      ).products_json

-      render plain: products, content_type: "application/json"
+      render plain: products
    rescue ProductsRenderer::NoProducts
      render_no_products
    end
@@ -33,19 +33,19 @@ module Api

      render plain: ActiveModel::ArraySerializer.new(
        taxons, each_serializer: Api::TaxonSerializer
-      ).to_json, content_type: "application/json"
+      ).to_json
    end

    def properties
      render plain: ActiveModel::ArraySerializer.new(
        product_properties | producer_properties, each_serializer: Api::PropertySerializer
-      ).to_json, content_type: "application/json"
+      ).to_json
    end

    private

    def render_no_products
-      render status: :not_found, json: ''
+      render status: :not_found, json: {}
    end

    def product_properties
--- a/app/controllers/api/orders_controller.rb
+++ b/app/controllers/api/orders_controller.rb
@@ -1,5 +1,7 @@
 module Api
  class OrdersController < Api::BaseController
+    include PaginationData
+
    def show
      authorize! :read, order
      render json: order, serializer: Api::OrderDetailedSerializer, current_order: order
@@ -8,11 +10,11 @@ module Api
    def index
      authorize! :admin, Spree::Order

-      search_results = SearchOrders.new(params, current_api_user)
+      orders = SearchOrders.new(params, current_api_user).orders

      render json: {
-        orders: serialized_orders(search_results.orders),
-        pagination: search_results.pagination_data
+        orders: serialized_orders(orders),
+        pagination: pagination_data(orders)
      }
    end

--- a/app/controllers/api/products_controller.rb
+++ b/app/controllers/api/products_controller.rb
@@ -3,8 +3,8 @@ require 'spree/core/product_duplicator'

 module Api
  class ProductsController < Api::BaseController
+    include PaginationData
    respond_to :json
-    DEFAULT_PAGE = 1
    DEFAULT_PER_PAGE = 15

    skip_authorization_check only: [:show, :bulk_products, :overridable]
@@ -63,7 +63,7 @@ module Api
      @products = product_query.
        ransack(query_params_with_defaults).
        result.
-        page(params[:page] || DEFAULT_PAGE).
+        page(params[:page] || 1).
        per(params[:per_page] || DEFAULT_PER_PAGE)

      render_paged_products @products
@@ -130,33 +130,21 @@ module Api
    end

    def render_paged_products(products, product_serializer = ::Api::Admin::ProductSerializer)
-      serializer = ActiveModel::ArraySerializer.new(
+      serialized_products = ActiveModel::ArraySerializer.new(
        products,
        each_serializer: product_serializer
      )

-      render text: {
-        products: serializer,
-        # This line is used by the PagedFetcher JS service (inventory).
-        pages: products.num_pages,
-        # This hash is used by the BulkProducts JS service.
+      render json: {
+        products: serialized_products,
        pagination: pagination_data(products)
-      }.to_json
+      }
    end

    def query_params_with_defaults
      (params[:q] || {}).reverse_merge(s: 'created_at desc')
    end

-    def pagination_data(results)
-      {
-        results: results.total_count,
-        pages: results.num_pages,
-        page: (params[:page] || DEFAULT_PAGE).to_i,
-        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
-      }
-    end
-
    def product_params
      params.require(:product).permit PermittedAttributes::Product.attributes
    end
--- a/app/controllers/cart_controller.rb
+++ b/app/controllers/cart_controller.rb
@@ -11,7 +11,8 @@ class CartController < BaseController
    Spree::Adjustment.without_callbacks do
      cart_service = CartService.new(order)

-      if cart_service.populate(params.slice(:products, :variants, :quantity), true)
+      cart_service.populate(params.slice(:products, :variants, :quantity), true)
+      if cart_service.valid?
        order.update_distribution_charge!
        order.cap_quantity_at_stock!
        order.update!
@@ -22,7 +23,8 @@ class CartController < BaseController
                       stock_levels: VariantsStockLevels.new.call(order, variant_ids) },
               status: :ok
      else
-        render json: { error: true }, status: :precondition_failed
+        render json: { error: cart_service.errors.full_messages.join(",") },
+               status: :precondition_failed
      end
    end
    populate_variant_attributes
--- a/app/controllers/concerns/api_action_caching.rb
+++ b/app/controllers/concerns/api_action_caching.rb
--- a/app/controllers/concerns/pagination_data.rb
+++ b/app/controllers/concerns/pagination_data.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module PaginationData
+  extend ActiveSupport::Concern
+
+  def pagination_data(objects)
+    return unless objects.respond_to? :total_count
+
+    {
+      results: objects.total_count,
+      pages: objects.total_pages,
+      page: (params[:page] || 1).to_i,
+      per_page: (params[:per_page] || default_per_page).to_i
+    }
+  end
+
+  def pagination_required?
+    params[:page].present? || params[:per_page].present?
+  end
+
+  def default_per_page
+    return unless defined? self.class::DEFAULT_PER_PAGE
+
+    self.class::DEFAULT_PER_PAGE
+  end
+end
--- a/app/controllers/spree/admin/adjustments_controller.rb
+++ b/app/controllers/spree/admin/adjustments_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class AdjustmentsController < ResourceController
+    class AdjustmentsController < ::Admin::ResourceController
      belongs_to 'spree/order', find_by: :number
      destroy.after :reload_order

--- a/app/controllers/spree/admin/countries_controller.rb
+++ b/app/controllers/spree/admin/countries_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class CountriesController < ResourceController
+    class CountriesController < ::Admin::ResourceController
      protected

      def permitted_resource_params
--- a/app/controllers/spree/admin/images_controller.rb
+++ b/app/controllers/spree/admin/images_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class ImagesController < ResourceController
+    class ImagesController < ::Admin::ResourceController
      # This will make resource controller redirect correctly after deleting product images.
      # This can be removed after upgrading to Spree 2.1.
      # See here https://github.com/spree/spree/commit/334a011d2b8e16355e4ae77ae07cd93f7cbc8fd1
--- a/app/controllers/spree/admin/mail_methods_controller.rb
+++ b/app/controllers/spree/admin/mail_methods_controller.rb
@@ -15,7 +15,7 @@ module Spree
      end

      def testmail
-        if TestMailer.test_email(spree_current_user).deliver
+        if TestMailer.test_email(spree_current_user).deliver_now
          flash[:success] = Spree.t('admin.mail_methods.testmail.delivery_success')
        else
          flash[:error] = Spree.t('admin.mail_methods.testmail.delivery_error')
--- a/app/controllers/spree/admin/orders_controller.rb
+++ b/app/controllers/spree/admin/orders_controller.rb
@@ -78,7 +78,7 @@ module Spree
      end

      def resend
-        Spree::OrderMailer.confirm_email_for_customer(@order.id, true).deliver
+        Spree::OrderMailer.confirm_email_for_customer(@order.id, true).deliver_later
        flash[:success] = t('admin.orders.order_email_resent')

        respond_with(@order) { |format| format.html { redirect_to :back } }
@@ -87,7 +87,7 @@ module Spree
      def invoice
        pdf = InvoiceRenderer.new.render_to_string(@order)

-        Spree::OrderMailer.invoice_email(@order.id, pdf).deliver
+        Spree::OrderMailer.invoice_email(@order.id, pdf).deliver_later
        flash[:success] = t('admin.orders.invoice_email_sent')

        respond_with(@order) { |format|
--- a/app/controllers/spree/admin/payment_methods_controller.rb
+++ b/app/controllers/spree/admin/payment_methods_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class PaymentMethodsController < ResourceController
+    class PaymentMethodsController < ::Admin::ResourceController
      skip_before_action :load_resource, only: [:create, :show_provider_preferences]
      before_action :load_data
      before_action :validate_payment_method_provider, only: [:create]
@@ -51,7 +51,7 @@ module Spree
      end

      # Only show payment methods that user has access to and sort by distributor name
-      # ! Redundant code copied from Spree::Admin::ResourceController with modifications marked
+      # ! Redundant code copied from Admin::ResourceController with modifications marked
      def collection
        return parent.public_send(controller_name) if parent_data.present?

--- a/app/controllers/spree/admin/payments_controller.rb
+++ b/app/controllers/spree/admin/payments_controller.rb
@@ -67,6 +67,25 @@ module Spree
        redirect_to request.referer
      end

+      def paypal_refund
+        if request.get?
+          if @payment.source.state == 'refunded'
+            flash[:error] = Spree.t(:already_refunded, scope: 'paypal')
+            redirect_to admin_order_payment_path(@order, @payment)
+          end
+        elsif request.post?
+          response = @payment.payment_method.refund(@payment, params[:refund_amount])
+          if response.success?
+            flash[:success] = Spree.t(:refund_successful, scope: 'paypal')
+            redirect_to admin_order_payments_path(@order)
+          else
+            flash.now[:error] = Spree.t(:refund_unsuccessful, scope: 'paypal') +
+                                " (#{response.errors.first.long_message})"
+            render
+          end
+        end
+      end
+
      private

      def load_payment_source
@@ -135,7 +154,9 @@ module Spree
        return unless @payment.payment_method.class == Spree::Gateway::StripeSCA

        @payment.authorize!
-        raise Spree::Core::GatewayError, I18n.t('authorization_failure') unless @payment.pending?
+        return if @payment.pending? && @payment.cvv_response_message.nil?
+
+        raise Spree::Core::GatewayError, I18n.t('authorization_failure')
      end
    end
  end
--- a/app/controllers/spree/admin/paypal_payments_controller.rb
+++ b/app/controllers/spree/admin/paypal_payments_controller.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Spree
+  module Admin
+    class PaypalPaymentsController < Spree::Admin::BaseController
+      before_action :load_order
+
+      def index
+        @payments = @order.payments.includes(:payment_method).
+          where(spree_payment_methods: { type: "Spree::Gateway::PayPalExpress" })
+      end
+
+      private
+
+      def load_order
+        @order = Spree::Order.where(number: params[:order_id]).first
+      end
+    end
+  end
+end
--- a/app/controllers/spree/admin/product_properties_controller.rb
+++ b/app/controllers/spree/admin/product_properties_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class ProductPropertiesController < ResourceController
+    class ProductPropertiesController < ::Admin::ResourceController
      belongs_to 'spree/product', find_by: :permalink
      before_action :find_properties
      before_action :setup_property, only: [:index]
--- a/app/controllers/spree/admin/products_controller.rb
+++ b/app/controllers/spree/admin/products_controller.rb
@@ -4,7 +4,7 @@ require 'open_food_network/permissions'

 module Spree
  module Admin
-    class ProductsController < ResourceController
+    class ProductsController < ::Admin::ResourceController
      helper 'spree/products'
      include OpenFoodNetwork::SpreeApiKeyLoader
      include OrderCyclesHelper
--- a/app/controllers/spree/admin/properties_controller.rb
+++ b/app/controllers/spree/admin/properties_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class PropertiesController < ResourceController
+    class PropertiesController < ::Admin::ResourceController
      def permitted_resource_params
        params.require(:property).permit(:name, :presentation)
      end
--- a/app/controllers/spree/admin/resource_controller.rb
+++ b/app/controllers/spree/admin/resource_controller.rb
@@ -1,282 +0,0 @@
-require 'action_callbacks'
-
-module Spree
-  module Admin
-    class ResourceController < Spree::Admin::BaseController
-      helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
-      before_action :load_resource, except: [:update_positions]
-      rescue_from ActiveRecord::RecordNotFound, with: :resource_not_found
-      rescue_from CanCan::AccessDenied, with: :unauthorized
-
-      respond_to :html
-      respond_to :js, except: [:show, :index]
-
-      def new
-        invoke_callbacks(:new_action, :before)
-        respond_with(@object) do |format|
-          format.html { render layout: !request.xhr? }
-          format.js   { render layout: false }
-        end
-      end
-
-      def edit
-        respond_with(@object) do |format|
-          format.html { render layout: !request.xhr? }
-          format.js   { render layout: false }
-        end
-      end
-
-      def update
-        invoke_callbacks(:update, :before)
-        if @object.update(permitted_resource_params)
-          invoke_callbacks(:update, :after)
-          flash[:success] = flash_message_for(@object, :successfully_updated)
-          respond_with(@object) do |format|
-            format.html { redirect_to location_after_save }
-            format.js   { render layout: false }
-          end
-        else
-          invoke_callbacks(:update, :fails)
-          respond_with(@object)
-        end
-      end
-
-      def create
-        invoke_callbacks(:create, :before)
-        @object.attributes = permitted_resource_params
-        if @object.save
-          invoke_callbacks(:create, :after)
-          flash[:success] = flash_message_for(@object, :successfully_created)
-          respond_with(@object) do |format|
-            format.html { redirect_to location_after_save }
-            format.js   { render layout: false }
-          end
-        else
-          invoke_callbacks(:create, :fails)
-          respond_with(@object)
-        end
-      end
-
-      def update_positions
-        params[:positions].each do |id, index|
-          model_class.where(id: id).update_all(position: index)
-        end
-
-        respond_to do |format|
-          format.js { render text: 'Ok' }
-        end
-      end
-
-      def destroy
-        invoke_callbacks(:destroy, :before)
-        if @object.destroy
-          invoke_callbacks(:destroy, :after)
-          flash[:success] = flash_message_for(@object, :successfully_removed)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-            format.js   { render partial: "spree/admin/shared/destroy" }
-          end
-        else
-          invoke_callbacks(:destroy, :fails)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-          end
-        end
-      end
-
-      protected
-
-      def resource_not_found
-        flash[:error] = flash_message_for(model_class.new, :not_found)
-        redirect_to collection_url
-      end
-
-      class << self
-        attr_accessor :parent_data
-        attr_accessor :callbacks
-
-        def belongs_to(model_name, options = {})
-          @parent_data ||= {}
-          @parent_data[:model_name] = model_name
-          @parent_data[:model_class] = model_name.to_s.classify.constantize
-          @parent_data[:find_by] = options[:find_by] || :id
-        end
-
-        def new_action
-          @callbacks ||= {}
-          @callbacks[:new_action] ||= ActionCallbacks.new
-        end
-
-        def create
-          @callbacks ||= {}
-          @callbacks[:create] ||= ActionCallbacks.new
-        end
-
-        def update
-          @callbacks ||= {}
-          @callbacks[:update] ||= ActionCallbacks.new
-        end
-
-        def destroy
-          @callbacks ||= {}
-          @callbacks[:destroy] ||= ActionCallbacks.new
-        end
-      end
-
-      def model_class
-        "Spree::#{controller_name.classify}".constantize
-      end
-
-      def model_name
-        parent_data[:model_name].gsub('spree/', '')
-      end
-
-      def object_name
-        controller_name.singularize
-      end
-
-      def load_resource
-        if member_action?
-          @object ||= load_resource_instance
-
-          # call authorize! a third time (called twice already in Admin::BaseController)
-          # this time we pass the actual instance so fine-grained abilities can control
-          # access to individual records, not just entire models.
-          authorize! action, @object
-
-          instance_variable_set("@#{object_name}", @object)
-
-          # If we don't have access, clear the object
-          unless can? action, @object
-            instance_variable_set("@#{object_name}", nil)
-          end
-
-          authorize! action, @object
-        else
-          @collection ||= collection
-
-          # note: we don't call authorize here as the collection method should use
-          # CanCan's accessible_by method to restrict the actual records returned
-
-          instance_variable_set("@#{controller_name}", @collection)
-        end
-      end
-
-      def load_resource_instance
-        if new_actions.include?(action)
-          build_resource
-        elsif params[:id]
-          find_resource
-        end
-      end
-
-      def parent_data
-        self.class.parent_data
-      end
-
-      def parent
-        return nil if parent_data.blank?
-
-        @parent ||= parent_data[:model_class].
-          public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
-        instance_variable_set("@#{model_name}", @parent)
-      end
-
-      def find_resource
-        if parent_data.present?
-          parent.public_send(controller_name).find(params[:id])
-        else
-          model_class.find(params[:id])
-        end
-      end
-
-      def build_resource
-        if parent_data.present?
-          parent.public_send(controller_name).build
-        else
-          model_class.new
-        end
-      end
-
-      def collection
-        return parent.public_send(controller_name) if parent_data.present?
-
-        if model_class.respond_to?(:accessible_by) &&
-           !current_ability.has_block?(params[:action], model_class)
-          model_class.accessible_by(current_ability, action)
-        else
-          model_class.scoped
-        end
-      end
-
-      def location_after_save
-        collection_url
-      end
-
-      def invoke_callbacks(action, callback_type)
-        callbacks = self.class.callbacks || {}
-        return if callbacks[action].nil?
-
-        case callback_type.to_sym
-        when :before then callbacks[action].before_methods.each { |method| __send__ method }
-        when :after  then callbacks[action].after_methods.each  { |method| __send__ method }
-        when :fails  then callbacks[action].fails_methods.each  { |method| __send__ method }
-        end
-      end
-
-      # URL helpers
-
-      def new_object_url(options = {})
-        if parent_data.present?
-          spree.new_polymorphic_url([:admin, parent, model_class], options)
-        else
-          spree.new_polymorphic_url([:admin, model_class], options)
-        end
-      end
-
-      def edit_object_url(object, options = {})
-        if parent_data.present?
-          spree.public_send "edit_admin_#{model_name}_#{object_name}_url", parent, object, options
-        else
-          spree.public_send "edit_admin_#{object_name}_url", object, options
-        end
-      end
-
-      def object_url(object = nil, options = {})
-        target = object || @object
-        if parent_data.present?
-          spree.public_send "admin_#{model_name}_#{object_name}_url", parent, target, options
-        else
-          spree.public_send "admin_#{object_name}_url", target, options
-        end
-      end
-
-      # Permit specific list of params
-      #
-      # Example: params.require(object_name).permit(:name)
-      def permitted_resource_params
-        raise "All extending controllers need to override the method permitted_resource_params"
-      end
-
-      def collection_url(options = {})
-        if parent_data.present?
-          spree.polymorphic_url([:admin, parent, model_class], options)
-        else
-          spree.polymorphic_url([:admin, model_class], options)
-        end
-      end
-
-      def collection_actions
-        [:index]
-      end
-
-      def member_action?
-        !collection_actions.include? action
-      end
-
-      def new_actions
-        [:new, :create]
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/return_authorizations_controller.rb
+++ b/app/controllers/spree/admin/return_authorizations_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class ReturnAuthorizationsController < ResourceController
+    class ReturnAuthorizationsController < ::Admin::ResourceController
      belongs_to 'spree/order', find_by: :number

      update.after :associate_inventory_units
--- a/app/controllers/spree/admin/shipping_categories_controller.rb
+++ b/app/controllers/spree/admin/shipping_categories_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class ShippingCategoriesController < ResourceController
+    class ShippingCategoriesController < ::Admin::ResourceController
      protected

      def permitted_resource_params
--- a/app/controllers/spree/admin/shipping_methods_controller.rb
+++ b/app/controllers/spree/admin/shipping_methods_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class ShippingMethodsController < ResourceController
+    class ShippingMethodsController < ::Admin::ResourceController
      before_action :load_data, except: [:index]
      before_action :set_shipping_category, only: [:create, :update]
      before_action :set_zones, only: [:create, :update]
--- a/app/controllers/spree/admin/states_controller.rb
+++ b/app/controllers/spree/admin/states_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class StatesController < ResourceController
+    class StatesController < ::Admin::ResourceController
      belongs_to 'spree/country'
      before_action :load_data

--- a/app/controllers/spree/admin/tax_categories_controller.rb
+++ b/app/controllers/spree/admin/tax_categories_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class TaxCategoriesController < ResourceController
+    class TaxCategoriesController < ::Admin::ResourceController
      def destroy
        if @object.destroy
          flash[:success] = flash_message_for(@object, :successfully_removed)
--- a/app/controllers/spree/admin/tax_rates_controller.rb
+++ b/app/controllers/spree/admin/tax_rates_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class TaxRatesController < ResourceController
+    class TaxRatesController < ::Admin::ResourceController
      before_action :load_data

      private
--- a/app/controllers/spree/admin/taxonomies_controller.rb
+++ b/app/controllers/spree/admin/taxonomies_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class TaxonomiesController < ResourceController
+    class TaxonomiesController < ::Admin::ResourceController
      respond_to :json, only: [:get_children]

      def get_children
--- a/app/controllers/spree/admin/users_controller.rb
+++ b/app/controllers/spree/admin/users_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class UsersController < ResourceController
+    class UsersController < ::Admin::ResourceController
      rescue_from Spree::User::DestroyWithOrdersError, with: :user_destroy_with_orders_error

      after_action :sign_in_if_change_own_password, only: :update
@@ -100,7 +100,7 @@ module Spree

      private

-      # handling raise from Spree::Admin::ResourceController#destroy
+      # handling raise from Admin::ResourceController#destroy
      def user_destroy_with_orders_error
        invoke_callbacks(:destroy, :fails)
        render status: :forbidden, text: Spree.t(:error_user_destroy_with_orders)
--- a/app/controllers/spree/admin/variants_controller.rb
+++ b/app/controllers/spree/admin/variants_controller.rb
@@ -2,7 +2,7 @@ require 'open_food_network/scope_variants_for_search'

 module Spree
  module Admin
-    class VariantsController < ResourceController
+    class VariantsController < ::Admin::ResourceController
      helper 'spree/products'

      belongs_to 'spree/product', find_by: :permalink
@@ -23,7 +23,9 @@ module Spree
          flash[:success] = flash_message_for(@object, :successfully_updated)
          redirect_to spree.admin_product_variants_url(params[:product_id], @url_filters)
        else
-          redirect_to spree.edit_admin_product_variant_url(params[:product_id], @object, @url_filters)
+          redirect_to spree.edit_admin_product_variant_url(params[:product_id],
+                                                           @object,
+                                                           @url_filters)
        end
      end

--- a/app/controllers/spree/admin/zones_controller.rb
+++ b/app/controllers/spree/admin/zones_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class ZonesController < ResourceController
+    class ZonesController < ::Admin::ResourceController
      before_action :load_data, except: [:index]

      def new
--- a/app/controllers/spree/credit_cards_controller.rb
+++ b/app/controllers/spree/credit_cards_controller.rb
@@ -1,3 +1,7 @@
+# frozen_string_literal: true
+
+require 'stripe/credit_card_remover'
+
 module Spree
  class CreditCardsController < BaseController
    def new_from_token
@@ -27,6 +31,7 @@ module Spree
      authorize! :update, @credit_card

      if @credit_card.update(credit_card_params)
+        remove_shop_authorizations if credit_card_params["is_default"]
        render json: @credit_card, serializer: ::Api::CreditCardSerializer, status: :ok
      else
        update_failed
@@ -39,11 +44,12 @@ module Spree
      @credit_card = Spree::CreditCard.find_by(id: params[:id])
      if @credit_card
        authorize! :destroy, @credit_card
-        destroy_at_stripe
+        Stripe::CreditCardRemover.new(@credit_card).call
      end

      # Using try because we may not have a card here
      if @credit_card.try(:destroy)
+        remove_shop_authorizations if @credit_card.is_default
        flash[:success] = I18n.t(:card_has_been_removed, number: "x-#{@credit_card.last_digits}")
      else
        flash[:error] = I18n.t(:card_could_not_be_removed)
@@ -56,18 +62,8 @@ module Spree

    private

-    # It destroys the whole customer object
-    def destroy_at_stripe
-      stripe_customer = Stripe::Customer.retrieve(@credit_card.gateway_customer_profile_id, {})
-
-      stripe_customer&.delete
-    end
-
-    def stripe_account_id
-      StripeAccount.
-        find_by(enterprise_id: @credit_card.payment_method.preferred_enterprise_id).
-        andand.
-        stripe_user_id
+    def remove_shop_authorizations
+      @credit_card.user.customers.update_all(allow_charges: false)
    end

    def create_customer(token)
--- a/app/controllers/spree/orders_controller.rb
+++ b/app/controllers/spree/orders_controller.rb
@@ -1,6 +1,8 @@
 module Spree
  class OrdersController < Spree::StoreController
    include OrderCyclesHelper
+    include Rails.application.routes.url_helpers
+
    layout 'darkswarm'

    ssl_required :show
--- a/app/controllers/spree/paypal_controller.rb
+++ b/app/controllers/spree/paypal_controller.rb
@@ -0,0 +1,244 @@
+# frozen_string_literal: true
+
+module Spree
+  class PaypalController < StoreController
+    ssl_allowed
+
+    include OrderStockCheck
+
+    before_action :enable_embedded_shopfront
+    before_action :destroy_orphaned_paypal_payments, only: :confirm
+    after_action :reset_order_when_complete, only: :confirm
+    before_action :permit_parameters!
+
+    def express
+      order = current_order || raise(ActiveRecord::RecordNotFound)
+      items = order.line_items.map(&method(:line_item))
+
+      tax_adjustments = order.adjustments.tax
+      # TODO: Remove in Spree 2.2
+      tax_adjustments = tax_adjustments.additional if tax_adjustments.respond_to?(:additional)
+      shipping_adjustments = order.adjustments.shipping
+
+      order.adjustments.eligible.each do |adjustment|
+        next if (tax_adjustments + shipping_adjustments).include?(adjustment)
+
+        items << {
+          Name: adjustment.label,
+          Quantity: 1,
+          Amount: {
+            currencyID: order.currency,
+            value: adjustment.amount
+          }
+        }
+      end
+
+      # Because PayPal doesn't accept $0 items at all.
+      # See https://github.com/spree-contrib/better_spree_paypal_express/issues/10
+      # "It can be a positive or negative value but not zero."
+      items.reject! do |item|
+        item[:Amount][:value].zero?
+      end
+
+      pp_request = provider.build_set_express_checkout(
+        express_checkout_request_details(order, items)
+      )
+
+      begin
+        pp_response = provider.set_express_checkout(pp_request)
+        if pp_response.success?
+          # At this point Paypal has *provisionally* accepted that the payment can now be placed,
+          # and the user will be redirected to a Paypal payment page. On completion, the user is
+          # sent back and the response is handled in the #confirm action in this controller.
+          redirect_to provider.express_checkout_url(pp_response, useraction: 'commit')
+        else
+          flash[:error] = Spree.t('flash.generic_error', scope: 'paypal', reasons: pp_response.errors.map(&:long_message).join(" "))
+          redirect_to spree.checkout_state_path(:payment)
+        end
+      rescue SocketError
+        flash[:error] = Spree.t('flash.connection_failed', scope: 'paypal')
+        redirect_to spree.checkout_state_path(:payment)
+      end
+    end
+
+    def confirm
+      @order = current_order || raise(ActiveRecord::RecordNotFound)
+
+      # At this point the user has come back from the Paypal form, and we get one
+      # last chance to interact with the payment process before the money moves...
+      return reset_to_cart unless sufficient_stock?
+
+      @order.payments.create!(
+        source: Spree::PaypalExpressCheckout.create(
+          token: params[:token],
+          payer_id: params[:PayerID]
+        ),
+        amount: @order.total,
+        payment_method: payment_method
+      )
+      @order.next
+      if @order.complete?
+        flash.notice = Spree.t(:order_processed_successfully)
+        flash[:commerce_tracking] = "nothing special"
+        session[:order_id] = nil
+        redirect_to completion_route(@order)
+      else
+        redirect_to checkout_state_path(@order.state)
+      end
+    end
+
+    def cancel
+      flash[:notice] = Spree.t('flash.cancel', scope: 'paypal')
+      redirect_to main_app.checkout_path
+    end
+
+    # Clears the cached order. Required for #current_order to return a new order to serve as cart.
+    def expire_current_order
+      session[:order_id] = nil
+      @current_order = nil
+    end
+
+    private
+
+    def line_item(item)
+      {
+        Name: item.product.name,
+        Number: item.variant.sku,
+        Quantity: item.quantity,
+        Amount: {
+          currencyID: item.order.currency,
+          value: item.price
+        },
+        ItemCategory: "Physical"
+      }
+    end
+
+    def express_checkout_request_details(order, items)
+      {
+        SetExpressCheckoutRequestDetails: {
+          InvoiceID: order.number,
+          BuyerEmail: order.email,
+          ReturnURL: spree.confirm_paypal_url(
+            payment_method_id: params[:payment_method_id], utm_nooverride: 1
+          ),
+          CancelURL: spree.cancel_paypal_url,
+          SolutionType: payment_method.preferred_solution.presence || "Mark",
+          LandingPage: payment_method.preferred_landing_page.presence || "Billing",
+          cppheaderimage: payment_method.preferred_logourl.presence || "",
+          NoShipping: 1,
+          PaymentDetails: [payment_details(items)]
+        }
+      }
+    end
+
+    def payment_method
+      @payment_method ||= Spree::PaymentMethod.find(params[:payment_method_id])
+    end
+
+    def permit_parameters!
+      params.permit(:token, :payment_method_id, :PayerID)
+    end
+
+    def reset_order_when_complete
+      return unless current_order.complete?
+
+      flash[:notice] = t(:order_processed_successfully)
+      OrderCompletionReset.new(self, current_order).call
+      session[:access_token] = current_order.token
+    end
+
+    def reset_to_cart
+      OrderCheckoutRestart.new(@order).call
+      handle_insufficient_stock
+    end
+
+    # See #1074 and #1837 for more detail on why we need this
+    # An 'orphaned' Spree::Payment is created for every call to CheckoutController#update
+    # for orders that are processed using a Spree::Gateway::PayPalExpress payment method
+    # These payments are 'orphaned' because they are never used by the spree_paypal_express gem
+    # which creates a brand new Spree::Payment from scratch in PayPalController#confirm
+    # However, the 'orphaned' payments are useful when applying a transaction fee, because the fees
+    # need to be calculated before the order details are sent to PayPal for confirmation
+    # This is our best hook for removing the orphaned payments at an appropriate time. ie. after
+    # the payment details have been confirmed, but before any payments have been processed
+    def destroy_orphaned_paypal_payments
+      return unless payment_method.is_a?(Spree::Gateway::PayPalExpress)
+
+      orphaned_payments = current_order.payments.
+        where(payment_method_id: payment_method.id, source_id: nil)
+      orphaned_payments.each(&:destroy)
+    end
+
+    def provider
+      payment_method.provider
+    end
+
+    def payment_details(items)
+      item_sum = items.sum { |i| i[:Quantity] * i[:Amount][:value] }
+      # Would use tax_total here, but it can include "included" taxes as well.
+      # For instance, tax_total would include the 10% GST in Australian stores.
+      # A quick sum will get us around that little problem.
+      # TODO: Remove additional check in 2.2
+      tax_adjustments = current_order.adjustments.tax
+      tax_adjustments = tax_adjustments.additional if tax_adjustments.respond_to?(:additional)
+      tax_adjustments_total = tax_adjustments.sum(:amount)
+
+      if item_sum.zero?
+        # Paypal does not support no items or a zero dollar ItemTotal
+        # This results in the order summary being simply "Current purchase"
+        {
+          OrderTotal: {
+            currencyID: current_order.currency,
+            value: current_order.total
+          }
+        }
+      else
+        {
+          OrderTotal: {
+            currencyID: current_order.currency,
+            value: current_order.total
+          },
+          ItemTotal: {
+            currencyID: current_order.currency,
+            value: item_sum
+          },
+          ShippingTotal: {
+            currencyID: current_order.currency,
+            value: current_order.ship_total
+          },
+          TaxTotal: {
+            currencyID: current_order.currency,
+            value: tax_adjustments_total,
+          },
+          ShipToAddress: address_options,
+          PaymentDetailsItem: items,
+          ShippingMethod: "Shipping Method Name Goes Here",
+          PaymentAction: "Sale"
+        }
+      end
+    end
+
+    def address_options
+      return {} unless address_required?
+
+      {
+        Name: current_order.bill_address.try(:full_name),
+        Street1: current_order.bill_address.address1,
+        Street2: current_order.bill_address.address2,
+        CityName: current_order.bill_address.city,
+        Phone: current_order.bill_address.phone,
+        StateOrProvince: current_order.bill_address.state_text,
+        Country: current_order.bill_address.country.iso,
+        PostalCode: current_order.bill_address.zipcode
+      }
+    end
+
+    def completion_route(order)
+      spree.order_path(order, token: order.token)
+    end
+
+    def address_required?
+      payment_method.preferred_solution.eql?('Sole')
+    end
+  end
+end
--- a/app/controllers/spree/paypal_controller_decorator.rb
+++ b/app/controllers/spree/paypal_controller_decorator.rb
@@ -1,157 +0,0 @@
-# frozen_string_literal: true
-
-Spree::PaypalController.class_eval do
-  include OrderStockCheck
-
-  before_action :enable_embedded_shopfront
-  before_action :destroy_orphaned_paypal_payments, only: :confirm
-  after_action :reset_order_when_complete, only: :confirm
-  before_action :permit_parameters!
-
-  def express
-    order = current_order || raise(ActiveRecord::RecordNotFound)
-    items = order.line_items.map(&method(:line_item))
-
-    tax_adjustments = order.adjustments.tax
-    # TODO: Remove in Spree 2.2
-    tax_adjustments = tax_adjustments.additional if tax_adjustments.respond_to?(:additional)
-    shipping_adjustments = order.adjustments.shipping
-
-    order.adjustments.eligible.each do |adjustment|
-      next if (tax_adjustments + shipping_adjustments).include?(adjustment)
-
-      items << {
-        Name: adjustment.label,
-        Quantity: 1,
-        Amount: {
-          currencyID: order.currency,
-          value: adjustment.amount
-        }
-      }
-    end
-
-    # Because PayPal doesn't accept $0 items at all.
-    # See #10
-    # https://cms.paypal.com/uk/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_ECCustomizing
-    # "It can be a positive or negative value but not zero."
-    items.reject! do |item|
-      item[:Amount][:value].zero?
-    end
-    pp_request = provider.build_set_express_checkout(express_checkout_request_details(order, items))
-
-    begin
-      pp_response = provider.set_express_checkout(pp_request)
-      if pp_response.success?
-        # At this point Paypal has *provisionally* accepted that the payment can now be placed,
-        # and the user will be redirected to a Paypal payment page. On completion, the user is
-        # sent back and the response is handled in the #confirm action in this controller.
-        redirect_to provider.express_checkout_url(pp_response, useraction: 'commit')
-      else
-        flash[:error] = Spree.t('flash.generic_error', scope: 'paypal', reasons: pp_response.errors.map(&:long_message).join(" "))
-        redirect_to spree.checkout_state_path(:payment)
-      end
-    rescue SocketError
-      flash[:error] = Spree.t('flash.connection_failed', scope: 'paypal')
-      redirect_to spree.checkout_state_path(:payment)
-    end
-  end
-
-  def confirm
-    @order = current_order || raise(ActiveRecord::RecordNotFound)
-
-    # At this point the user has come back from the Paypal form, and we get one
-    # last chance to interact with the payment process before the money moves...
-    return reset_to_cart unless sufficient_stock?
-
-    @order.payments.create!({
-      source: Spree::PaypalExpressCheckout.create({
-        token: params[:token],
-        payer_id: params[:PayerID]
-      }),
-      amount: @order.total,
-      payment_method: payment_method
-    })
-    @order.next
-    if @order.complete?
-      flash.notice = Spree.t(:order_processed_successfully)
-      flash[:commerce_tracking] = "nothing special"
-      session[:order_id] = nil
-      redirect_to completion_route(@order)
-    else
-      redirect_to checkout_state_path(@order.state)
-    end
-  end
-
-  def cancel
-    flash[:notice] = Spree.t('flash.cancel', scope: 'paypal')
-    redirect_to main_app.checkout_path
-  end
-
-  # Clears the cached order. Required for #current_order to return a new order
-  # to serve as cart. See https://github.com/spree/spree/blob/1-3-stable/core/lib/spree/core/controller_helpers/order.rb#L14
-  # for details.
-  def expire_current_order
-    session[:order_id] = nil
-    @current_order = nil
-  end
-
-  private
-
-  def payment_method
-    @payment_method ||= Spree::PaymentMethod.find(params[:payment_method_id])
-  end
-
-  def permit_parameters!
-    params.permit(:token, :payment_method_id, :PayerID)
-  end
-
-  def reset_order_when_complete
-    if current_order.complete?
-      flash[:notice] = t(:order_processed_successfully)
-
-      OrderCompletionReset.new(self, current_order).call
-      session[:access_token] = current_order.token
-    end
-  end
-
-  def reset_to_cart
-    OrderCheckoutRestart.new(@order).call
-    handle_insufficient_stock
-  end
-
-  # See #1074 and #1837 for more detail on why we need this
-  # An 'orphaned' Spree::Payment is created for every call to CheckoutController#update
-  # for orders that are processed using a Spree::Gateway::PayPalExpress payment method
-  # These payments are 'orphaned' because they are never used by the spree_paypal_express gem
-  # which creates a brand new Spree::Payment from scratch in PayPalController#confirm
-  # However, the 'orphaned' payments are useful when applying a transaction fee, because the fees
-  # need to be calculated before the order details are sent to PayPal for confirmation
-  # This is our best hook for removing the orphaned payments at an appropriate time. ie. after
-  # the payment details have been confirmed, but before any payments have been processed
-  def destroy_orphaned_paypal_payments
-    return unless payment_method.is_a?(Spree::Gateway::PayPalExpress)
-
-    orphaned_payments = current_order.payments.where(payment_method_id: payment_method.id, source_id: nil)
-    orphaned_payments.each(&:destroy)
-  end
-
-  def completion_route(order)
-    spree.order_path(order, token: order.token)
-  end
-
-  def express_checkout_request_details(order, items)
-    {
-      SetExpressCheckoutRequestDetails: {
-        InvoiceID: order.number,
-        BuyerEmail: order.email,
-        ReturnURL: spree.confirm_paypal_url(payment_method_id: params[:payment_method_id], utm_nooverride: 1),
-        CancelURL: spree.cancel_paypal_url,
-        SolutionType: payment_method.preferred_solution.presence || "Mark",
-        LandingPage: payment_method.preferred_landing_page.presence || "Billing",
-        cppheaderimage: payment_method.preferred_logourl.presence || "",
-        NoShipping: 1,
-        PaymentDetails: [payment_details(items)]
-      }
-    }
-  end
-end
--- a/app/controllers/spree/user_registrations_controller.rb
+++ b/app/controllers/spree/user_registrations_controller.rb
@@ -18,26 +18,6 @@ module Spree
    before_action :check_permissions, only: [:edit, :update]
    skip_before_action :require_no_authentication

-    # GET /resource/sign_up
-    def new
-      super
-      @user = resource
-    end
-
-    # POST /resource/sign_up
-    def create
-      @user = build_resource(params[:spree_user])
-      if resource.save
-        set_flash_message(:notice, :signed_up)
-        sign_in(:spree_user, @user)
-        associate_user
-        respond_with resource, location: after_sign_up_path_for(resource)
-      else
-        clean_up_passwords(resource)
-        render :new
-      end
-    end
-
    # GET /resource/edit
    def edit
      super
--- a/app/helpers/admin/injection_helper.rb
+++ b/app/helpers/admin/injection_helper.rb
@@ -130,10 +130,6 @@ module Admin
                                                            json: @hub_permissions.to_json }
    end

-    def admin_inject_products
-      admin_inject_json_ams_array "ofn.admin", "products", @products, Api::Admin::ProductSerializer
-    end
-
    def admin_inject_tax_categories(opts = { module: 'ofn.admin' })
      admin_inject_json_ams_array opts[:module],
                                  "tax_categories",
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,6 +1,6 @@
 module ApplicationHelper
-  def feature?(feature)
-    OpenFoodNetwork::FeatureToggle.enabled? feature
+  def feature?(feature, user = nil)
+    OpenFoodNetwork::FeatureToggle.enabled?(feature, user)
  end

  def ng_form_for(name, *args, &block)
--- a/app/helpers/spree/reports_helper.rb
+++ b/app/helpers/spree/reports_helper.rb
@@ -1,4 +1,4 @@
-require 'spree/money_decorator'
+require 'spree/money'

 module Spree
  module ReportsHelper
--- a/app/jobs/confirm_order_job.rb
+++ b/app/jobs/confirm_order_job.rb
@@ -2,7 +2,7 @@

 class ConfirmOrderJob < ActiveJob::Base
  def perform(order_id)
-    Spree::OrderMailer.confirm_email_for_customer(order_id).deliver
-    Spree::OrderMailer.confirm_email_for_shop(order_id).deliver
+    Spree::OrderMailer.confirm_email_for_customer(order_id).deliver_now
+    Spree::OrderMailer.confirm_email_for_shop(order_id).deliver_now
  end
 end
--- a/app/jobs/confirm_signup_job.rb
+++ b/app/jobs/confirm_signup_job.rb
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-class ConfirmSignupJob < ActiveJob::Base
-  def perform(user_id)
-    user = Spree::User.find user_id
-    Spree::UserMailer.signup_confirmation(user).deliver
-  end
-end
--- a/app/jobs/heartbeat_job.rb
+++ b/app/jobs/heartbeat_job.rb
@@ -1,4 +1,6 @@
-class HeartbeatJob
+# frozen_string_literal: true
+
+class HeartbeatJob < ActiveJob::Base
  def perform
    Spree::Config.last_job_queue_heartbeat_at = Time.now.in_time_zone
  end
--- a/app/jobs/manager_invitation_job.rb
+++ b/app/jobs/manager_invitation_job.rb
@@ -1,7 +0,0 @@
-ManagerInvitationJob = Struct.new(:enterprise_id, :user_id) do
-  def perform
-    enterprise = Enterprise.find enterprise_id
-    user = Spree::User.find user_id
-    EnterpriseMailer.manager_invitation(enterprise, user).deliver
-  end
-end
--- a/app/jobs/order_cycle_notification_job.rb
+++ b/app/jobs/order_cycle_notification_job.rb
@@ -5,7 +5,7 @@ class OrderCycleNotificationJob < ActiveJob::Base
  def perform(order_cycle_id)
    order_cycle = OrderCycle.find(order_cycle_id)
    order_cycle.suppliers.each do |supplier|
-      ProducerMailer.order_cycle_report(supplier, order_cycle).deliver
+      ProducerMailer.order_cycle_report(supplier, order_cycle).deliver_now
    end
  end
 end
--- a/app/jobs/subscription_confirm_job.rb
+++ b/app/jobs/subscription_confirm_job.rb
@@ -1,7 +1,7 @@
 require 'order_management/subscriptions/summarizer'

 # Confirms orders of unconfirmed proxy orders in recently closed Order Cycles
-class SubscriptionConfirmJob
+class SubscriptionConfirmJob < ActiveJob::Base
  def perform
    confirm_proxy_orders!
  end
@@ -62,7 +62,7 @@ class SubscriptionConfirmJob
    return unless order.payment_required?

    prepare_for_payment!(order)
-    order.process_payments!
+    order.process_payments_offline!
    raise if order.errors.any?
  end

@@ -90,13 +90,13 @@ class SubscriptionConfirmJob
  def send_confirmation_email(order)
    order.update!
    record_success(order)
-    SubscriptionMailer.confirmation_email(order).deliver
+    SubscriptionMailer.confirmation_email(order).deliver_now
  end

  def send_failed_payment_email(order, error_message = nil)
    order.update!
    record_and_log_error(:failed_payment, order, error_message)
-    SubscriptionMailer.failed_payment_email(order).deliver
+    SubscriptionMailer.failed_payment_email(order).deliver_now
  rescue StandardError => e
    Bugsnag.notify(e, order: order, error_message: error_message)
  end
--- a/app/jobs/subscription_placement_job.rb
+++ b/app/jobs/subscription_placement_job.rb
@@ -1,6 +1,6 @@
 require 'order_management/subscriptions/summarizer'

-class SubscriptionPlacementJob
+class SubscriptionPlacementJob < ActiveJob::Base
  def perform
    ids = proxy_orders.pluck(:id)
    proxy_orders.update_all(placed_at: Time.zone.now)
@@ -87,11 +87,11 @@ class SubscriptionPlacementJob
  def send_placement_email(order, changes)
    record_issue(:changes, order) if changes.present?
    record_success(order) if changes.blank?
-    SubscriptionMailer.placement_email(order, changes).deliver
+    SubscriptionMailer.placement_email(order, changes).deliver_now
  end

  def send_empty_email(order, changes)
    record_issue(:empty, order)
-    SubscriptionMailer.empty_email(order, changes).deliver
+    SubscriptionMailer.empty_email(order, changes).deliver_now
  end
 end
--- a/app/jobs/welcome_enterprise_job.rb
+++ b/app/jobs/welcome_enterprise_job.rb
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-class WelcomeEnterpriseJob < ActiveJob::Base
-  def perform(enterprise_id)
-    enterprise = Enterprise.find enterprise_id
-    EnterpriseMailer.welcome(enterprise).deliver
-  end
-end
--- a/app/models/customer.rb
+++ b/app/models/customer.rb
@@ -25,6 +25,9 @@ class Customer < ActiveRecord::Base

  before_create :associate_user

+  attr_accessor :gateway_recurring_payment_client_secret
+  attr_accessor :gateway_shop_id
+
  private

  def downcase_email
--- a/app/models/enterprise.rb
+++ b/app/models/enterprise.rb
@@ -400,7 +400,7 @@ class Enterprise < ActiveRecord::Base
  end

  def send_welcome_email
-    WelcomeEnterpriseJob.perform_later(id)
+    EnterpriseMailer.welcome(self).deliver_later
  end

  def strip_url(url)
--- a/app/models/enterprise_group.rb
+++ b/app/models/enterprise_group.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'open_food_network/locking'
 require 'open_food_network/permalink_generator'
 require 'spree/core/s3_support'
@@ -66,10 +68,10 @@ class EnterpriseGroup < ActiveRecord::Base
  def unset_undefined_address_fields
    return if address.blank?

-    address.phone.sub!(/^#{I18n.t(:undefined)}$/, '')
-    address.address1.sub!(/^#{I18n.t(:undefined)}$/, '')
-    address.city.sub!(/^#{I18n.t(:undefined)}$/, '')
-    address.zipcode.sub!(/^#{I18n.t(:undefined)}$/, '')
+    address.phone = address.phone.sub(/^#{I18n.t(:undefined)}$/, '')
+    address.address1 = address.address1.sub(/^#{I18n.t(:undefined)}$/, '')
+    address.city = address.city.sub(/^#{I18n.t(:undefined)}$/, '')
+    address.zipcode = address.zipcode.sub(/^#{I18n.t(:undefined)}$/, '')
  end

  def to_param
--- a/app/models/spree/adjustment.rb
+++ b/app/models/spree/adjustment.rb
@@ -86,18 +86,10 @@ module Spree
    # Update the boolean _eligible_ attribute which determines which adjustments
    # count towards the order's adjustment_total.
    def set_eligibility
-      result = mandatory || (amount != 0 && eligible_for_originator?)
+      result = mandatory || amount != 0
      update_column(:eligible, result)
    end

-    # Allow originator of the adjustment to perform an additional eligibility of the adjustment
-    # Should return _true_ if originator is absent or doesn't implement _eligible?_
-    def eligible_for_originator?
-      return true if originator.nil?
-
-      !originator.respond_to?(:eligible?) || originator.eligible?(source)
-    end
-
    # Update both the eligibility and amount of the adjustment. Adjustments
    # delegate updating of amount to their Originator when present, but only if
    # +locked+ is false. Adjustments that are +locked+ will never change their amount.
--- a/app/models/spree/gateway/pay_pal_express.rb
+++ b/app/models/spree/gateway/pay_pal_express.rb
@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require 'paypal-sdk-merchant'
+
+module Spree
+  class Gateway
+    class PayPalExpress < Gateway
+      preference :login, :string
+      preference :password, :password
+      preference :signature, :string
+      preference :server, :string, default: 'sandbox'
+      preference :solution, :string, default: 'Mark'
+      preference :landing_page, :string, default: 'Billing'
+      preference :logourl, :string, default: ''
+
+      def supports?(_source)
+        true
+      end
+
+      def provider_class
+        ::PayPal::SDK::Merchant::API
+      end
+
+      def provider
+        ::PayPal::SDK.configure(
+          mode: preferred_server.presence || "sandbox",
+          username: preferred_login,
+          password: preferred_password,
+          signature: preferred_signature
+        )
+        provider_class.new
+      end
+
+      def auto_capture?
+        true
+      end
+
+      def method_type
+        'paypal'
+      end
+
+      def purchase(_amount, express_checkout, _gateway_options = {})
+        pp_details_request = provider.build_get_express_checkout_details(
+          Token: express_checkout.token
+        )
+        pp_details_response = provider.get_express_checkout_details(pp_details_request)
+
+        pp_request = provider.build_do_express_checkout_payment(
+          DoExpressCheckoutPaymentRequestDetails: {
+            PaymentAction: "Sale",
+            Token: express_checkout.token,
+            PayerID: express_checkout.payer_id,
+            PaymentDetails: pp_details_response.
+              get_express_checkout_details_response_details.PaymentDetails
+          }
+        )
+
+        pp_response = provider.do_express_checkout_payment(pp_request)
+        if pp_response.success?
+          # We need to store the transaction id for the future.
+          # This is mainly so we can use it later on to refund the payment if the user wishes.
+          transaction_id = pp_response.do_express_checkout_payment_response_details.
+            payment_info.first.transaction_id
+          express_checkout.update_column(:transaction_id, transaction_id)
+          # This is rather hackish, required for payment/processing handle_response code.
+          Class.new do
+            def success?; true; end
+
+            def authorization; nil; end
+          end.new
+        else
+          class << pp_response
+            def to_s
+              errors.map(&:long_message).join(" ")
+            end
+          end
+          pp_response
+        end
+      end
+
+      def refund(payment, amount)
+        refund_type = payment.amount == amount.to_f ? "Full" : "Partial"
+        refund_transaction = provider.build_refund_transaction(
+          TransactionID: payment.source.transaction_id,
+          RefundType: refund_type,
+          Amount: {
+            currencyID: payment.currency,
+            value: amount
+          },
+          RefundSource: "any"
+        )
+        refund_transaction_response = provider.refund_transaction(refund_transaction)
+        if refund_transaction_response.success?
+          payment.source.update_attributes(
+            refunded_at: Time.now,
+            refund_transaction_id: refund_transaction_response.RefundTransactionID,
+            state: "refunded",
+            refund_type: refund_type
+          )
+
+          payment.class.create!(
+            order: payment.order,
+            source: payment,
+            payment_method: payment.payment_method,
+            amount: amount.to_f.abs * -1,
+            response_code: refund_transaction_response.RefundTransactionID,
+            state: 'completed'
+          )
+        end
+        refund_transaction_response
+      end
+    end
+  end
+end
--- a/app/models/spree/gateway/stripe_connect.rb
+++ b/app/models/spree/gateway/stripe_connect.rb
@@ -31,6 +31,10 @@ module Spree
        failed_activemerchant_billing_response(e.message)
      end

+      def charge_offline(money, creditcard, gateway_options)
+        purchase(money, creditcard, gateway_options)
+      end
+
      # NOTE: the name of this method is determined by Spree::Payment::Processing
      def void(response_code, _creditcard, gateway_options)
        gateway_options[:stripe_account] = stripe_account_id
--- a/app/models/spree/gateway/stripe_sca.rb
+++ b/app/models/spree/gateway/stripe_sca.rb
@@ -45,11 +45,21 @@ module Spree
        failed_activemerchant_billing_response(e.message)
      end

+      # NOTE: the name of this method is determined by Spree::Payment::Processing
+      def charge_offline(money, creditcard, gateway_options)
+        customer, payment_method =
+          Stripe::CreditCardCloner.new(creditcard, stripe_account_id).find_or_clone
+
+        options = basic_options(gateway_options).merge(customer: customer, off_session: true)
+        provider.purchase(money, payment_method, options)
+      rescue Stripe::StripeError => e
+        failed_activemerchant_billing_response(e.message)
+      end
+
      # NOTE: the name of this method is determined by Spree::Payment::Processing
      def authorize(money, creditcard, gateway_options)
-        authorize_response = provider.authorize(*options_for_authorize(money,
-                                                                       creditcard,
-                                                                       gateway_options))
+        authorize_response =
+          provider.authorize(*options_for_authorize(money, creditcard, gateway_options))
        Stripe::AuthorizeResponsePatcher.new(authorize_response).call!
      rescue Stripe::StripeError => e
        failed_activemerchant_billing_response(e.message)
@@ -61,7 +71,7 @@ module Spree
        payment_intent_response = Stripe::PaymentIntent.retrieve(payment_intent_id,
                                                                 stripe_account: stripe_account_id)
        gateway_options[:stripe_account] = stripe_account_id
-        provider.refund(payment_intent_response.amount_received, response_code, gateway_options)
+        provider.refund(refundable_amount(payment_intent_response), response_code, gateway_options)
      end

      # NOTE: the name of this method is determined by Spree::Payment::Processing
@@ -79,6 +89,11 @@ module Spree

      private

+      def refundable_amount(payment_intent_response)
+        payment_intent_response.amount_received -
+          payment_intent_response.charges.data.map(&:amount_refunded).sum
+      end
+
      # In this gateway, what we call 'secret_key' is the 'login'
      def options
        options = super
@@ -97,8 +112,8 @@ module Spree
        options = basic_options(gateway_options)
        options[:return_url] = full_checkout_path

-        customer_id, payment_method_id = Stripe::CreditCardCloner.new.clone(creditcard,
-                                                                            stripe_account_id)
+        customer_id, payment_method_id =
+          Stripe::CreditCardCloner.new(creditcard, stripe_account_id).find_or_clone
        options[:customer] = customer_id
        [money, payment_method_id, options]
      end
--- a/app/models/spree/image.rb
+++ b/app/models/spree/image.rb
@@ -34,14 +34,24 @@ module Spree
    end

    def find_dimensions
-      temporary = attachment.queued_for_write[:original]
-      filename = temporary.path unless temporary.nil?
-      filename = attachment.path if filename.blank?
-      geometry = Paperclip::Geometry.from_file(filename)
+      return if attachment.errors.present?
+
+      geometry = Paperclip::Geometry.from_file(local_filename_of_original)
+
      self.attachment_width  = geometry.width
      self.attachment_height = geometry.height
    end

+    def local_filename_of_original
+      temporary = attachment.queued_for_write[:original]
+
+      if temporary&.path.present?
+        temporary.path
+      else
+        attachment.path
+      end
+    end
+
    # if there are errors from the plugin, then add a more meaningful message
    def no_attachment_errors
      return if attachment.errors.empty?
--- a/app/models/spree/inventory_unit.rb
+++ b/app/models/spree/inventory_unit.rb
@@ -5,7 +5,8 @@ module Spree
    belongs_to :variant, class_name: "Spree::Variant"
    belongs_to :order, class_name: "Spree::Order"
    belongs_to :shipment, class_name: "Spree::Shipment"
-    belongs_to :return_authorization, class_name: "Spree::ReturnAuthorization"
+    belongs_to :return_authorization, class_name: "Spree::ReturnAuthorization",
+                                      inverse_of: :inventory_units

    scope :backordered, -> { where state: 'backordered' }
    scope :shipped, -> { where state: 'shipped' }
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.7
 .4.4