Update all locales with the latest Transifex translations

Merge pull request #6703 from openfoodfoundation/fix-datadog-init
Revert "Enable request queuing tracking in Datadog"
2026-01-21 20:06:54 +00:00 · 2021-01-19 19:07:37 -08:00 · 2021-01-19 18:39:21 -08:00 · 2021-01-19 17:23:33 -08:00 · 2021-01-19 16:02:04 +01:00 · 2021-01-19 15:52:47 +01:00
210 changed files with 3338 additions and 1096 deletions
--- a/.haml-lint.yml
+++ b/.haml-lint.yml
@@ -0,0 +1,70 @@
+# Whether to ignore frontmatter at the beginning of HAML documents for
+# frameworks such as Jekyll/Middleman
+skip_frontmatter: false
+
+linters:
+  AltText:
+    enabled: false
+
+  ClassAttributeWithStaticValue:
+    enabled: true
+
+  ClassesBeforeIds:
+    enabled: true
+
+  ConsecutiveComments:
+    enabled: true
+
+  ConsecutiveSilentScripts:
+    enabled: true
+    max_consecutive: 2
+
+  EmptyScript:
+    enabled: true
+
+  HtmlAttributes:
+    enabled: true
+
+  ImplicitDiv:
+    enabled: true
+
+  LeadingCommentSpace:
+    enabled: true
+
+  LineLength:
+    enabled: true
+    max: 80
+
+  MultilinePipe:
+    enabled: true
+
+  MultilineScript:
+    enabled: true
+
+  ObjectReferenceAttributes:
+    enabled: true
+
+  RuboCop:
+    enabled: false
+
+  RubyComments:
+    enabled: true
+
+  SpaceBeforeScript:
+    enabled: true
+
+  SpaceInsideHashAttributes:
+    enabled: true
+    style: no_space
+
+  TagName:
+    enabled: true
+
+  TrailingWhitespace:
+    enabled: true
+
+  UnnecessaryInterpolation:
+    enabled: true
+
+  UnnecessaryStringOutput:
+    enabled: true
--- a/.hound.yml
+++ b/.hound.yml
@@ -2,3 +2,5 @@ rubocop:
  config_file: .rubocop_styleguide.yml
 scss:
  config_file: .scss-lint.yml
+haml:
+  config_file: .haml-lint.yml
--- a/.rubocop_manual_todo.yml
+++ b/.rubocop_manual_todo.yml
@@ -102,6 +102,7 @@ Layout/LineLength:
  - lib/open_food_network/scope_variants_for_search.rb
  - lib/open_food_network/xero_invoices_report.rb
  - lib/spree/localized_number.rb
+  - lib/stripe/credit_card_clone_finder.rb
  - lib/tasks/data.rake
  - lib/tasks/enterprises.rake
  - spec/controllers/admin/bulk_line_items_controller_spec.rb
@@ -433,6 +434,7 @@ Metrics/AbcSize:
  - lib/open_food_network/order_cycle_form_applicator.rb
  - lib/open_food_network/order_cycle_management_report.rb
  - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/orders_and_fulfillments_report/supplier_totals_report.rb
  - lib/open_food_network/packing_report.rb
  - lib/open_food_network/payments_report.rb
  - lib/open_food_network/permissions.rb
@@ -695,6 +697,7 @@ Metrics/MethodLength:
  - lib/spree/core/s3_support.rb
  - lib/spree/localized_number.rb
  - lib/spree/responder.rb
+  - lib/stripe/credit_card_clone_finder.rb
  - lib/stripe/profile_storer.rb
  - lib/tasks/sample_data/group_factory.rb
  - lib/tasks/sample_data/order_factory.rb
@@ -728,6 +731,7 @@ Metrics/ClassLength:
  - app/models/spree/ability.rb
  - app/models/spree/address.rb
  - app/models/spree/credit_card.rb
+  - app/models/spree/gateway/stripe_sca.rb
  - app/models/spree/line_item.rb
  - app/models/spree/order.rb
  - app/models/spree/payment.rb
--- a/.rubocop_styleguide.yml
+++ b/.rubocop_styleguide.yml
@@ -46,6 +46,9 @@ Lint/RaiseException:
 Lint/StructNewOverride:
  Enabled: true

+Bundler/DuplicatedGem:
+  Enabled: false
+
 ## TEMPORARY/CONTESTED SETTINGS
 #
 # These are still to be decided upon, but recommended for inclusion by
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 1400`
-# on 2020-11-05 11:27:59 +0000 using RuboCop version 0.81.0.
+# on 2020-12-23 22:07:55 +0000 using RuboCop version 0.81.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -11,21 +11,19 @@ Lint/DuplicateMethods:
  Exclude:
    - 'lib/discourse/single_sign_on.rb'

-# Offense count: 8
+# Offense count: 5
 Lint/IneffectiveAccessModifier:
  Exclude:
    - 'app/models/column_preference.rb'
    - 'app/models/spree/user.rb'
    - 'app/services/mail_configuration.rb'
-    - 'lib/open_food_network/feature_toggle.rb'

-# Offense count: 3
+# Offense count: 2
 # Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
 Lint/UselessAccessModifier:
  Exclude:
    - 'app/models/column_preference.rb'
    - 'app/services/mail_configuration.rb'
-    - 'lib/open_food_network/feature_toggle.rb'

 # Offense count: 10
 Naming/AccessorMethodName:
@@ -88,12 +86,13 @@ Naming/VariableNumber:
  Exclude:
    - 'spec/factories/stock_location_factory.rb'

-# Offense count: 7
+# Offense count: 8
 # Cop supports --auto-correct.
 Rails/ActiveRecordAliases:
  Exclude:
    - 'spec/controllers/line_items_controller_spec.rb'
    - 'spec/controllers/spree/orders_controller_spec.rb'
+    - 'spec/features/admin/subscriptions_spec.rb'
    - 'spec/features/consumer/shopping/orders_spec.rb'
    - 'spec/requests/api/orders_spec.rb'

@@ -267,7 +266,7 @@ Rails/ReflectionClassName:
    - 'app/models/spree/order.rb'
    - 'app/models/subscription.rb'

-# Offense count: 250
+# Offense count: 252
 # Configuration parameters: Blacklist, Whitelist.
 # Blacklist: decrement!, decrement_counter, increment!, increment_counter, toggle!, touch, update_all, update_attribute, update_column, update_columns, update_counters
 Rails/SkipsModelValidations:
@@ -276,6 +275,7 @@ Rails/SkipsModelValidations:
    - 'app/controllers/spree/admin/payment_methods_controller.rb'
    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
    - 'app/controllers/spree/admin/taxons_controller.rb'
+    - 'app/controllers/spree/credit_cards_controller.rb'
    - 'app/controllers/spree/orders_controller.rb'
    - 'app/jobs/subscription_confirm_job.rb'
    - 'app/jobs/subscription_placement_job.rb'
@@ -437,7 +437,7 @@ Style/FormatStringToken:
    - 'lib/open_food_network/sales_tax_report.rb'
    - 'spec/features/admin/bulk_order_management_spec.rb'

-# Offense count: 760
+# Offense count: 365
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
@@ -483,7 +483,6 @@ Style/FrozenStringLiteralComment:
    - 'app/controllers/api/taxonomies_controller.rb'
    - 'app/controllers/api/taxons_controller.rb'
    - 'app/controllers/api/variants_controller.rb'
-    - 'app/controllers/application_controller.rb'
    - 'app/controllers/base_controller.rb'
    - 'app/controllers/cart_controller.rb'
    - 'app/controllers/discourse_sso_controller.rb'
@@ -547,7 +546,6 @@ Style/FrozenStringLiteralComment:
    - 'app/helpers/enterprises_helper.rb'
    - 'app/helpers/footer_links_helper.rb'
    - 'app/helpers/groups_helper.rb'
-    - 'app/helpers/html_helper.rb'
    - 'app/helpers/i18n_helper.rb'
    - 'app/helpers/injection_helper.rb'
    - 'app/helpers/map_helper.rb'
@@ -566,14 +564,10 @@ Style/FrozenStringLiteralComment:
    - 'app/helpers/spree/orders_helper.rb'
    - 'app/helpers/spree/reports_helper.rb'
    - 'app/helpers/spree_currency_helper.rb'
-    - 'app/jobs/confirm_order_job.rb'
-    - 'app/jobs/confirm_signup_job.rb'
    - 'app/jobs/heartbeat_job.rb'
    - 'app/jobs/manager_invitation_job.rb'
-    - 'app/jobs/order_cycle_notification_job.rb'
    - 'app/jobs/subscription_confirm_job.rb'
    - 'app/jobs/subscription_placement_job.rb'
-    - 'app/jobs/welcome_enterprise_job.rb'
    - 'app/mailers/enterprise_mailer.rb'
    - 'app/mailers/spree/user_mailer.rb'
    - 'app/mailers/subscription_mailer.rb'
@@ -595,7 +589,6 @@ Style/FrozenStringLiteralComment:
    - 'app/models/distributor_shipping_method.rb'
    - 'app/models/enterprise_fee.rb'
    - 'app/models/enterprise_fee_set.rb'
-    - 'app/models/enterprise_group.rb'
    - 'app/models/enterprise_relationship_permission.rb'
    - 'app/models/enterprise_role.rb'
    - 'app/models/enterprise_set.rb'
@@ -756,7 +749,6 @@ Style/FrozenStringLiteralComment:
    - 'lib/open_food_network/group_buy_report.rb'
    - 'lib/open_food_network/i18n_config.rb'
    - 'lib/open_food_network/lettuce_share_report.rb'
-    - 'lib/open_food_network/locking.rb'
    - 'lib/open_food_network/order_and_distributor_report.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
    - 'lib/open_food_network/order_cycle_management_report.rb'
@@ -771,7 +763,6 @@ Style/FrozenStringLiteralComment:
    - 'lib/open_food_network/packing_report.rb'
    - 'lib/open_food_network/paperclippable.rb'
    - 'lib/open_food_network/payments_report.rb'
-    - 'lib/open_food_network/permalink_generator.rb'
    - 'lib/open_food_network/permissions.rb'
    - 'lib/open_food_network/products_and_inventory_report.rb'
    - 'lib/open_food_network/products_and_inventory_report_base.rb'
@@ -791,7 +782,6 @@ Style/FrozenStringLiteralComment:
    - 'lib/open_food_network/xero_invoices_report.rb'
    - 'lib/spree/api/controller_setup.rb'
    - 'lib/spree/authentication_helpers.rb'
-    - 'lib/spree/localized_number.rb'
    - 'lib/spree/money_decorator.rb'
    - 'lib/stripe/account_connector.rb'
    - 'lib/stripe/profile_storer.rb'
@@ -828,7 +818,6 @@ Style/GuardClause:
    - 'app/controllers/admin/product_import_controller.rb'
    - 'app/controllers/api/shipments_controller.rb'
    - 'app/controllers/application_controller.rb'
-    - 'app/controllers/checkout_controller.rb'
    - 'app/controllers/home_controller.rb'
    - 'app/controllers/spree/orders_controller.rb'
    - 'app/controllers/spree/paypal_controller_decorator.rb'
@@ -841,6 +830,7 @@ Style/GuardClause:
    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
    - 'lib/open_food_network/rack_request_blocker.rb'
+    - 'lib/spree/core/controller_helpers/respond_with.rb'
    - 'spec/support/delayed_job_helper.rb'
    - 'spec/support/request/distribution_helper.rb'
    - 'spec/support/request/shop_workflow.rb'
@@ -858,7 +848,7 @@ Style/MixinUsage:
    - 'lib/open_food_network/orders_and_fulfillments_report.rb'
    - 'spec/lib/open_food_network/packing_report_spec.rb'

-# Offense count: 43
+# Offense count: 42
 # Cop supports --auto-correct.
 # Configuration parameters: AutoCorrect, EnforcedStyle, IgnoredMethods.
 # SupportedStyles: predicate, comparison
@@ -889,7 +879,7 @@ Style/NumericPredicate:
    - 'lib/spree/money_decorator.rb'
    - 'lib/tasks/sample_data.rake'

-# Offense count: 241
+# Offense count: 243
 Style/Send:
  Exclude:
    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.3.7
+2.4.4
--- a/73
+++ b/73
@@ -1,17 +1,47 @@
 # frozen_string_literal: true

 source 'https://rubygems.org'
-ruby "2.3.7"
+ruby "2.4.4"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }

+plugin 'bootboot', '~> 0.1.1' unless Bundler.settings[:frozen]
+Plugin.__send__(:load_plugin, 'bootboot') if Plugin.installed?('bootboot')
+
+if ENV['DEPENDENCIES_NEXT']
+  enable_dual_booting if Plugin.installed?('bootboot')
+
+  # This will only be loaded when running
+  # bundler command prefixed with `DEPENDENCIES_NEXT=1
+  gem 'rails', '> 5.0', '< 5.1'
+
+  gem 'activemerchant', '>= 1.78.0'
+  gem 'angular-rails-templates', '>= 0.3.0'
+  gem 'awesome_nested_set'
+  gem 'ransack', '2.3.0'
+  gem 'responders'
+  gem 'sass', '<= 4.7.1'
+  gem 'sass-rails', '< 6.0.0'
+else
+  gem 'rails', '~> 4.2'
+
+  gem 'activemerchant', '~> 1.78.0'
+  gem 'angular-rails-templates', '~> 0.3.0'
+  gem 'awesome_nested_set', '~> 3.3.1'
+  gem 'ransack', '~> 1.8.10'
+  gem 'responders', '~> 2.0'
+  gem 'sass'
+  gem 'sass-rails'
+
+  gem 'db2fog'
+  gem 'unicorn'
+end
+
 gem 'i18n'
 gem 'i18n-js', '~> 3.8.0'
-gem 'rails', '~> 4.2'
 gem 'rails-i18n'
 gem 'rails_safe_tasks', '~> 1.0'

 gem "activerecord-import"
-gem 'responders', '~> 2.0'

 gem "catalog", path: "./engines/catalog"
 gem 'dfc_provider', path: './engines/dfc_provider'
@@ -22,29 +52,18 @@ gem 'activerecord-postgresql-adapter'
 gem 'pg', '~> 0.21.0'

 gem 'acts_as_list', '0.9.19'
-gem 'awesome_nested_set', '~> 3.2.1'
-gem 'cancan', '~> 1.6.10'
+gem 'cancancan', '~> 1.7.0'
 gem 'ffaker'
 gem 'highline', '2.0.3' # Necessary for the install generator
 gem 'json'
-gem 'money', '< 6.1.0'
-gem 'paranoia', '~> 2.0'
-gem 'ransack', '~> 1.8.10'
+gem 'monetize', '~> 1.10'
+gem 'paranoia', '~> 2.4'
 gem 'state_machines-activerecord'
 gem 'stringex', '~> 2.8.5'

-# Our branch contains the following changes:
-# - Pass customer email and phone number to PayPal (merged to upstream master)
-# - Change type of password from string to password to hide it in the form
-# - Skip CA cert file and use the ones provided by the OS
-gem 'spree_paypal_express', github: 'openfoodfoundation/better_spree_paypal_express', branch: '2-1-0-stable'
-
+gem 'paypal-sdk-merchant', '1.106.1'
 gem 'stripe'

-# We need at least this version to have Digicert's root certificate
-# which is needed for Pin Payments (and possibly others).
-gem 'activemerchant', '~> 1.78.0'
-
 gem 'devise'
 gem 'devise-encryptable'
 gem 'devise-token_authenticatable'
@@ -55,18 +74,14 @@ gem 'daemons'
 gem 'delayed_job_active_record'
 gem 'delayed_job_web'

-gem 'kaminari', '~> 0.17.0'
+gem 'kaminari', '~> 1.2.1'

 gem 'andand'
 gem 'angularjs-rails', '1.5.5'
 gem 'aws-sdk', '1.67.0'
 gem 'bugsnag'
-gem 'db2fog'
 gem 'haml'
 gem 'redcarpet'
-gem 'sass'
-gem 'sass-rails'
-gem 'unicorn'

 gem 'actionpack-action_caching'
 # AMS 0.9.x and 0.10.x are very different from 0.8.4 and the upgrade is not straight forward
@@ -80,8 +95,7 @@ gem 'dalli'
 gem 'figaro'
 gem 'geocoder'
 gem 'gmaps4rails'
-gem 'oj'
-gem 'paper_trail', '~> 7.1.3'
+gem 'paper_trail', '~> 10.3.1'
 gem 'paperclip', '~> 3.4.1'
 gem 'rack-rewrite'
 gem 'rack-ssl', require: 'rack/ssl'
@@ -105,7 +119,6 @@ gem 'mini_racer', '0.2.15'

 gem 'uglifier', '>= 1.0.3'

-gem 'angular-rails-templates', '~> 0.3.0'
 gem 'foundation-icons-sass-rails'

 gem 'foundation-rails', '= 5.5.2.1'
@@ -129,7 +142,7 @@ group :test, :development do
  gem 'capybara'
  gem 'database_cleaner', require: false
  gem "factory_bot_rails", '5.2.0', require: false
-  gem 'fuubar', '~> 2.5.0'
+  gem 'fuubar', '~> 2.5.1'
  gem 'json_spec', '~> 1.1.4'
  gem 'knapsack'
  gem 'letter_opener', '>= 1.4.1'
@@ -153,10 +166,10 @@ group :test do
 end

 group :development do
-  gem 'byebug', '~> 11.0.0' # 11.1 requires ruby 2.4
+  gem 'byebug'
  gem 'debugger-linecache'
-  gem "pry", "~> 0.12.0" # pry 0.13 is not compatible with pry-byebug 3.7
-  gem 'pry-byebug', '~> 3.7.0' # 3.8 requires ruby 2.4
+  gem 'pry'
+  gem 'pry-byebug'
  gem 'rubocop'
  gem 'rubocop-rails'
  gem 'spring'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -4,14 +4,6 @@ GIT
  specs:
    custom_error_message (1.1.1)

-GIT
-  remote: https://github.com/openfoodfoundation/better_spree_paypal_express.git
-  revision: 1a477e9f7763297944cc99b6f4dd3d962aa963e9
-  branch: 2-1-0-stable
-  specs:
-    spree_paypal_express (2.0.3)
-      paypal-sdk-merchant (= 1.106.1)
-
 GIT
  remote: https://github.com/openfoodfoundation/ofn-qz.git
  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
@@ -116,9 +108,9 @@ GEM
    angularjs-file-upload-rails (2.4.1)
    angularjs-rails (1.5.5)
    arel (6.0.4)
-    ast (2.4.0)
+    ast (2.4.1)
    atomic (1.1.101)
-    awesome_nested_set (3.2.1)
+    awesome_nested_set (3.3.1)
      activerecord (>= 4.0.0, < 7.0)
    awesome_print (1.8.0)
    aws-sdk (1.67.0)
@@ -127,18 +119,18 @@ GEM
      json (~> 1.4)
      nokogiri (~> 1)
    bcrypt (3.1.16)
-    bugsnag (6.18.0)
+    bugsnag (6.19.0)
      concurrent-ruby (~> 1.0)
    builder (3.2.4)
-    byebug (11.0.1)
-    cancan (1.6.10)
-    capybara (3.15.1)
+    byebug (11.1.3)
+    cancancan (1.7.1)
+    capybara (3.32.2)
      addressable
      mini_mime (>= 0.1.3)
      nokogiri (~> 1.8)
      rack (>= 1.6.0)
      rack-test (>= 0.6.3)
-      regexp_parser (~> 1.2)
+      regexp_parser (~> 1.5)
      xpath (~> 3.2)
    childprocess (3.0.0)
    chronic (0.10.2)
@@ -146,7 +138,7 @@ GEM
    climate_control (0.2.0)
    cocaine (0.5.8)
      climate_control (>= 0.0.3, < 1.0)
-    coderay (1.1.2)
+    coderay (1.1.3)
    coffee-rails (4.2.2)
      coffee-script (>= 2.2.0)
      railties (>= 4.0.0)
@@ -173,7 +165,8 @@ GEM
      sass-rails (< 5.1)
      sprockets (< 4.0)
    concurrent-ruby (1.1.7)
-    crack (0.4.4)
+    crack (0.4.5)
+      rexml
    crass (1.0.6)
    css_parser (1.7.1)
      addressable
@@ -184,7 +177,7 @@ GEM
      activerecord (>= 3.2.0, < 5.0)
      fog (~> 1.0)
      rails (>= 3.2.0, < 5.0)
-    ddtrace (0.43.0)
+    ddtrace (0.44.0)
      msgpack
    debugger-linecache (1.2.0)
    delayed_job (4.1.9)
@@ -208,7 +201,7 @@ GEM
    devise-token_authenticatable (1.1.0)
      devise (>= 4.0.0, < 5.0.0)
    diff-lcs (1.4.4)
-    docile (1.3.2)
+    docile (1.3.4)
    domain_name (0.5.20190701)
      unf (>= 0.0.5, < 1.0.0)
    dry-inflector (0.1.2)
@@ -223,7 +216,7 @@ GEM
      railties (>= 4.2.0)
    faraday (1.0.1)
      multipart-post (>= 1.2, < 3)
-    ffaker (2.11.0)
+    ffaker (2.16.0)
    ffi (1.13.1)
    figaro (1.2.0)
      thor (>= 0.14.0, < 2)
@@ -384,7 +377,7 @@ GEM
    foundation-rails (5.5.2.1)
      railties (>= 3.1.0)
      sass (>= 3.3.0, < 3.5)
-    fuubar (2.5.0)
+    fuubar (2.5.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
    geocoder (1.6.4)
@@ -409,7 +402,6 @@ GEM
    immigrant (0.3.6)
      activerecord (>= 3.0)
    ipaddress (0.8.3)
-    jaro_winkler (1.5.4)
    jquery-migrate-rails (1.2.1)
    jquery-rails (4.4.0)
      rails-dom-testing (>= 1, < 3)
@@ -424,9 +416,18 @@ GEM
      multi_json (~> 1.0)
      rspec (>= 2.0, < 4.0)
    jwt (2.2.2)
-    kaminari (0.17.0)
-      actionpack (>= 3.0.0)
-      activesupport (>= 3.0.0)
+    kaminari (1.2.1)
+      activesupport (>= 4.1.0)
+      kaminari-actionview (= 1.2.1)
+      kaminari-activerecord (= 1.2.1)
+      kaminari-core (= 1.2.1)
+    kaminari-actionview (1.2.1)
+      actionview
+      kaminari-core (= 1.2.1)
+    kaminari-activerecord (1.2.1)
+      activerecord
+      kaminari-core (= 1.2.1)
+    kaminari-core (1.2.1)
    kgio (2.11.3)
    knapsack (1.20.0)
      rake
@@ -440,7 +441,7 @@ GEM
      nokogiri (>= 1.5.9)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
-    method_source (0.9.2)
+    method_source (1.0.0)
    mime-types (3.3.1)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2020.0512)
@@ -448,10 +449,11 @@ GEM
    mini_portile2 (2.4.0)
    mini_racer (0.2.15)
      libv8 (> 7.3)
-    minitest (5.14.2)
-    money (5.0.0)
-      i18n (~> 0.4)
-      json
+    minitest (5.14.3)
+    monetize (1.10.0)
+      money (~> 6.12)
+    money (6.14.0)
+      i18n (>= 0.6.4, <= 2)
    msgpack (1.3.3)
    multi_json (1.15.0)
    multi_xml (0.6.0)
@@ -465,11 +467,10 @@ GEM
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
-    oj (3.10.8)
    optimist (3.0.1)
    orm_adapter (0.5.0)
-    paper_trail (7.1.3)
-      activerecord (>= 4.0, < 5.2)
+    paper_trail (10.3.1)
+      activerecord (>= 4.2)
      request_store (~> 1.1)
    paperclip (3.4.2)
      activemodel (>= 3.0.0)
@@ -477,11 +478,11 @@ GEM
      activesupport (>= 3.0.0)
      cocaine (~> 0.5.0)
      mime-types
-    parallel (1.19.1)
-    paranoia (2.4.2)
-      activerecord (>= 4.0, < 6.1)
-    parser (2.7.1.0)
-      ast (~> 2.4.0)
+    parallel (1.20.1)
+    paranoia (2.4.3)
+      activerecord (>= 4.0, < 6.2)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
    paypal-sdk-core (0.2.10)
      multi_json (~> 1.0)
      xml-simple
@@ -489,15 +490,15 @@ GEM
      paypal-sdk-core (~> 0.2.3)
    pg (0.21.0)
    power_assert (1.2.0)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    pry-byebug (3.7.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
      byebug (~> 11.0)
-      pry (~> 0.10)
+      pry (~> 0.13.0)
    public_suffix (4.0.6)
    rack (1.6.13)
-    rack-mini-profiler (2.0.2)
+    rack-mini-profiler (2.3.0)
      rack (>= 1.2.0)
    rack-protection (1.5.5)
      rack
@@ -536,7 +537,7 @@ GEM
      thor (>= 0.18.1, < 2.0)
    rainbow (3.0.0)
    raindrops (0.19.1)
-    rake (13.0.1)
+    rake (13.0.3)
    ransack (1.8.10)
      actionpack (>= 3.0, < 5.2)
      activerecord (>= 3.0, < 5.2)
@@ -550,7 +551,7 @@ GEM
      json (>= 1.8)
      nokogiri (~> 1.5)
      optimist (~> 3.0)
-    redcarpet (3.5.0)
+    redcarpet (3.5.1)
    regexp_parser (1.8.2)
    request_store (1.5.0)
      rack (>= 1.4)
@@ -576,25 +577,25 @@ GEM
      rspec-core (~> 3.10.0)
      rspec-expectations (~> 3.10.0)
      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.0)
+    rspec-core (3.10.1)
      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.0)
+    rspec-expectations (3.10.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
    rspec-mocks (3.10.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
-    rspec-rails (4.0.1)
+    rspec-rails (4.0.2)
      actionpack (>= 4.2)
      activesupport (>= 4.2)
      railties (>= 4.2)
-      rspec-core (~> 3.9)
-      rspec-expectations (~> 3.9)
-      rspec-mocks (~> 3.9)
-      rspec-support (~> 3.9)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
    rspec-retry (0.6.2)
      rspec-core (> 3.3)
-    rspec-support (3.10.0)
+    rspec-support (3.10.1)
    rswag (2.3.1)
      rswag-api (= 2.3.1)
      rswag-specs (= 2.3.1)
@@ -608,21 +609,24 @@ GEM
    rswag-ui (2.3.1)
      actionpack (>= 3.1, < 7.0)
      railties (>= 3.1, < 7.0)
-    rubocop (0.81.0)
-      jaro_winkler (~> 1.5.1)
+    rubocop (1.8.1)
      parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 3.0.0.0)
      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
      rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-rails (2.5.2)
-      activesupport
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.4.0)
+      parser (>= 2.7.1.5)
+    rubocop-rails (2.9.1)
+      activesupport (>= 4.2.0)
      rack (>= 1.1)
-      rubocop (>= 0.72.0)
-    ruby-progressbar (1.10.1)
+      rubocop (>= 0.90.0, < 2.0)
+    ruby-progressbar (1.11.0)
    ruby-rc4 (0.1.5)
-    rubyzip (1.3.0)
+    rubyzip (2.3.0)
    sass (3.4.25)
    sass-rails (5.0.7)
      railties (>= 4.0.0, < 6)
@@ -636,19 +640,17 @@ GEM
    selenium-webdriver (3.142.7)
      childprocess (>= 0.5, < 4.0)
      rubyzip (>= 1.2.2)
-    shoulda-matchers (4.0.1)
+    shoulda-matchers (4.5.0)
      activesupport (>= 4.2.0)
-    simplecov (0.17.1)
+    simplecov (0.18.5)
      docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.3)
    sinatra (1.4.8)
      rack (~> 1.5)
      rack-protection (~> 1.4)
      tilt (>= 1.3, < 3)
-    spring (2.0.2)
-      activesupport (>= 4.2)
+    spring (2.1.1)
    spring-commands-rspec (1.0.4)
      spring (>= 0.9.1)
    sprockets (2.12.5)
@@ -668,10 +670,10 @@ GEM
      activerecord (>= 4.1)
      state_machines-activemodel (>= 0.5.0)
    stringex (2.8.5)
-    stripe (5.28.0)
+    stripe (5.29.0)
    temple (0.8.2)
-    test-prof (0.7.5)
-    test-unit (3.3.7)
+    test-prof (0.11.3)
+    test-unit (3.3.9)
      power_assert
    test_after_commit (1.2.2)
      activerecord (>= 3.2, < 5.0)
@@ -679,15 +681,15 @@ GEM
    thread_safe (0.3.6)
    tilt (1.4.1)
    timecop (0.9.2)
-    tzinfo (1.2.8)
+    tzinfo (1.2.9)
      thread_safe (~> 0.1)
    uglifier (4.2.0)
      execjs (>= 0.3.0, < 3)
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.7.7)
-    unicode-display_width (1.7.0)
-    unicorn (5.7.0)
+    unicode-display_width (2.0.0)
+    unicorn (5.8.0)
      kgio (~> 2.6)
      raindrops (~> 0.7)
    unicorn-rails (2.2.1)
@@ -698,11 +700,11 @@ GEM
      unicorn (>= 4, < 6)
    warden (1.2.7)
      rack (>= 1.0)
-    webdrivers (4.2.0)
+    webdrivers (4.4.2)
      nokogiri (~> 1.6)
      rubyzip (>= 1.3.0)
      selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.10.0)
+    webmock (3.11.1)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
@@ -733,12 +735,12 @@ DEPENDENCIES
  angularjs-file-upload-rails (~> 2.4.1)
  angularjs-rails (= 1.5.5)
  atomic
-  awesome_nested_set (~> 3.2.1)
+  awesome_nested_set (~> 3.3.1)
  awesome_print
  aws-sdk (= 1.67.0)
  bugsnag
-  byebug (~> 11.0.0)
-  cancan (~> 1.6.10)
+  byebug
+  cancancan (~> 1.7.0)
  capybara
  catalog!
  coffee-rails (~> 4.2.2)
@@ -763,7 +765,7 @@ DEPENDENCIES
  figaro
  foundation-icons-sass-rails
  foundation-rails (= 5.5.2.1)
-  fuubar (~> 2.5.0)
+  fuubar (~> 2.5.1)
  geocoder
  gmaps4rails
  haml
@@ -777,21 +779,21 @@ DEPENDENCIES
  json
  json_spec (~> 1.1.4)
  jwt (~> 2.2)
-  kaminari (~> 0.17.0)
+  kaminari (~> 1.2.1)
  knapsack
  letter_opener (>= 1.4.1)
  mini_racer (= 0.2.15)
-  money (< 6.1.0)
+  monetize (~> 1.10)
  oauth2 (~> 1.4.4)
  ofn-qz!
-  oj
  order_management!
-  paper_trail (~> 7.1.3)
+  paper_trail (~> 10.3.1)
  paperclip (~> 3.4.1)
-  paranoia (~> 2.0)
+  paranoia (~> 2.4)
+  paypal-sdk-merchant (= 1.106.1)
  pg (~> 0.21.0)
-  pry (~> 0.12.0)
-  pry-byebug (~> 3.7.0)
+  pry
+  pry-byebug
  rack-mini-profiler (< 3.0.0)
  rack-rewrite
  rack-ssl
@@ -814,7 +816,6 @@ DEPENDENCIES
  selenium-webdriver
  shoulda-matchers
  simplecov
-  spree_paypal_express!
  spring
  spring-commands-rspec
  state_machines-activerecord
@@ -836,7 +837,7 @@ DEPENDENCIES
  wkhtmltopdf-binary

 RUBY VERSION
-   ruby 2.3.7p456
+   ruby 2.4.4p296

 BUNDLED WITH
   1.17.3
--- a/Gemfile_next.lock
+++ b/Gemfile_next.lock
@@ -0,0 +1,665 @@
+GIT
+  remote: https://github.com/jeremydurham/custom-err-msg.git
+  revision: 3a8ec9dddc7a5b0aab7c69a6060596de300c68f4
+  specs:
+    custom_error_message (1.1.1)
+
+GIT
+  remote: https://github.com/openfoodfoundation/ofn-qz.git
+  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
+  branch: ofn-rails-4
+  specs:
+    ofn-qz (0.1.0)
+
+PATH
+  remote: engines/catalog
+  specs:
+    catalog (0.0.1)
+
+PATH
+  remote: engines/dfc_provider
+  specs:
+    dfc_provider (0.0.1)
+      active_model_serializers (~> 0.8.4)
+      jwt (~> 2.2)
+      rspec (~> 3.9)
+
+PATH
+  remote: engines/order_management
+  specs:
+    order_management (0.0.1)
+
+PATH
+  remote: engines/web
+  specs:
+    web (0.0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      nio4r (>= 1.2, < 3.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.0.7.2)
+      actionview (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      rack (~> 2.0)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionpack-action_caching (1.2.1)
+      actionpack (>= 4.0.0)
+    actionview (5.0.7.2)
+      activesupport (= 5.0.7.2)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    active_model_serializers (0.8.4)
+      activemodel (>= 3.0)
+    activejob (5.0.7.2)
+      activesupport (= 5.0.7.2)
+      globalid (>= 0.3.6)
+    activemerchant (1.107.4)
+      activesupport (>= 4.2)
+      builder (>= 2.1.2, < 4.0.0)
+      i18n (>= 0.6.9)
+      nokogiri (~> 1.4)
+    activemodel (5.0.7.2)
+      activesupport (= 5.0.7.2)
+    activerecord (5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      arel (~> 7.0)
+    activerecord-import (1.0.7)
+      activerecord (>= 3.2)
+    activerecord-postgresql-adapter (0.0.1)
+      pg
+    activerecord-session_store (1.1.3)
+      actionpack (>= 4.0)
+      activerecord (>= 4.0)
+      multi_json (~> 1.11, >= 1.11.2)
+      rack (>= 1.5.2, < 3)
+      railties (>= 4.0)
+    activesupport (5.0.7.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    acts-as-taggable-on (4.0.0)
+      activerecord (>= 4.0)
+    acts_as_list (0.9.19)
+      activerecord (>= 3.0)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    andand (1.3.3)
+    angular-rails-templates (1.1.0)
+      railties (>= 4.2, < 7)
+      sprockets (>= 3.0, < 5)
+      tilt
+    angularjs-file-upload-rails (2.4.1)
+    angularjs-rails (1.5.5)
+    arel (7.1.4)
+    ast (2.4.1)
+    atomic (1.1.101)
+    awesome_nested_set (3.2.1)
+      activerecord (>= 4.0.0, < 7.0)
+    awesome_print (1.8.0)
+    aws-sdk (1.67.0)
+      aws-sdk-v1 (= 1.67.0)
+    aws-sdk-v1 (1.67.0)
+      json (~> 1.4)
+      nokogiri (~> 1)
+    bcrypt (3.1.16)
+    bugsnag (6.18.0)
+      concurrent-ruby (~> 1.0)
+    builder (3.2.4)
+    byebug (11.0.1)
+    cancancan (1.7.1)
+    capybara (3.15.0)
+      addressable
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.2)
+      xpath (~> 3.2)
+    childprocess (3.0.0)
+    chronic (0.10.2)
+    chunky_png (1.3.14)
+    climate_control (0.2.0)
+    cocaine (0.5.8)
+      climate_control (>= 0.0.3, < 1.0)
+    coderay (1.1.3)
+    coffee-rails (4.2.2)
+      coffee-script (>= 2.2.0)
+      railties (>= 4.0.0)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.12.2)
+    combine_pdf (1.0.19)
+      ruby-rc4 (>= 0.1.5)
+    compass (1.0.3)
+      chunky_png (~> 1.2)
+      compass-core (~> 1.0.2)
+      compass-import-once (~> 1.0.5)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+      sass (>= 3.3.13, < 3.5)
+    compass-core (1.0.3)
+      multi_json (~> 1.0)
+      sass (>= 3.3.0, < 3.5)
+    compass-import-once (1.0.5)
+      sass (>= 3.2, < 3.5)
+    compass-rails (2.0.1)
+      compass (~> 1.0.0)
+    concurrent-ruby (1.1.7)
+    crack (0.4.4)
+    crass (1.0.6)
+    css_parser (1.7.1)
+      addressable
+    daemons (1.3.1)
+    dalli (2.7.11)
+    database_cleaner (1.8.5)
+    ddtrace (0.43.0)
+      msgpack
+    debugger-linecache (1.2.0)
+    delayed_job (4.1.8)
+      activesupport (>= 3.0, < 6.1)
+    delayed_job_active_record (4.1.4)
+      activerecord (>= 3.0, < 6.1)
+      delayed_job (>= 3.0, < 5)
+    delayed_job_web (1.4.3)
+      activerecord (> 3.0.0)
+      delayed_job (> 2.0.3)
+      rack-protection (>= 1.5.5)
+      sinatra (>= 1.4.4)
+    devise (4.7.3)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
+    devise-encryptable (0.2.0)
+      devise (>= 2.1.0)
+    devise-token_authenticatable (1.1.0)
+      devise (>= 4.0.0, < 5.0.0)
+    diff-lcs (1.4.4)
+    docile (1.3.2)
+    erubis (2.7.0)
+    eventmachine (1.2.7)
+    execjs (2.7.0)
+    factory_bot (5.2.0)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.2.0)
+      factory_bot (~> 5.2.0)
+      railties (>= 4.2.0)
+    faraday (1.0.1)
+      multipart-post (>= 1.2, < 3)
+    ffaker (2.11.0)
+    ffi (1.13.1)
+    figaro (1.2.0)
+      thor (>= 0.14.0, < 2)
+    foundation-icons-sass-rails (3.0.0)
+      railties (>= 3.1.1)
+      sass-rails (>= 3.1.1)
+    foundation-rails (5.5.2.1)
+      railties (>= 3.1.0)
+      sass (>= 3.3.0, < 3.5)
+    fuubar (2.5.1)
+      rspec-core (~> 3.0)
+      ruby-progressbar (~> 1.4)
+    geocoder (1.6.4)
+    get_process_mem (0.2.7)
+      ffi (~> 1.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    gmaps4rails (2.1.2)
+    haml (5.2.0)
+      temple (>= 0.8.0)
+      tilt
+    hashdiff (1.0.1)
+    highline (2.0.3)
+    i18n (1.8.5)
+      concurrent-ruby (~> 1.0)
+    i18n-js (3.8.0)
+      i18n (>= 0.6.6)
+    immigrant (0.3.6)
+      activerecord (>= 3.0)
+    jaro_winkler (1.5.4)
+    jquery-migrate-rails (1.2.1)
+    jquery-rails (4.4.0)
+      rails-dom-testing (>= 1, < 3)
+      railties (>= 4.2.0)
+      thor (>= 0.14, < 2.0)
+    jquery-ui-rails (4.2.1)
+      railties (>= 3.2.16)
+    json (1.8.6)
+    json-schema (2.8.1)
+      addressable (>= 2.4)
+    json_spec (1.1.5)
+      multi_json (~> 1.0)
+      rspec (>= 2.0, < 4.0)
+    jwt (2.2.2)
+    kaminari (1.2.1)
+      activesupport (>= 4.1.0)
+      kaminari-actionview (= 1.2.1)
+      kaminari-activerecord (= 1.2.1)
+      kaminari-core (= 1.2.1)
+    kaminari-actionview (1.2.1)
+      actionview
+      kaminari-core (= 1.2.1)
+    kaminari-activerecord (1.2.1)
+      activerecord
+      kaminari-core (= 1.2.1)
+    kaminari-core (1.2.1)
+    kgio (2.11.3)
+    knapsack (1.20.0)
+      rake
+    launchy (2.4.3)
+      addressable (~> 2.3)
+    letter_opener (1.7.0)
+      launchy (~> 2.2)
+    libv8 (8.4.255.0)
+    loofah (2.7.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    method_source (1.0.0)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.1104)
+    mini_mime (1.0.2)
+    mini_portile2 (2.4.0)
+    mini_racer (0.2.15)
+      libv8 (> 7.3)
+    minitest (5.14.2)
+    monetize (1.9.4)
+      money (~> 6.12)
+    money (6.13.8)
+      i18n (>= 0.6.4, <= 2)
+    msgpack (1.3.3)
+    multi_json (1.15.0)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    nio4r (2.5.2)
+    nokogiri (1.10.10)
+      mini_portile2 (~> 2.4.0)
+    oauth2 (1.4.4)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
+    orm_adapter (0.5.0)
+    paper_trail (10.3.1)
+      activerecord (>= 4.2)
+      request_store (~> 1.1)
+    paperclip (3.4.2)
+      activemodel (>= 3.0.0)
+      activerecord (>= 3.0.0)
+      activesupport (>= 3.0.0)
+      cocaine (~> 0.5.0)
+      mime-types
+    parallel (1.19.2)
+    paranoia (2.4.2)
+      activerecord (>= 4.0, < 6.1)
+    parser (2.7.2.0)
+      ast (~> 2.4.1)
+    paypal-sdk-core (0.2.10)
+      multi_json (~> 1.0)
+      xml-simple
+    paypal-sdk-merchant (1.106.1)
+      paypal-sdk-core (~> 0.2.3)
+    pg (0.21.0)
+    polyamorous (2.3.0)
+      activerecord (>= 5.0)
+    power_assert (1.2.0)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.9.0)
+      byebug (~> 11.0)
+      pry (~> 0.13.0)
+    public_suffix (4.0.6)
+    rack (2.2.3)
+    rack-mini-profiler (2.0.2)
+      rack (>= 1.2.0)
+    rack-protection (2.1.0)
+      rack
+    rack-rewrite (1.5.1)
+    rack-ssl (1.4.1)
+      rack
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (5.0.7.2)
+      actioncable (= 5.0.7.2)
+      actionmailer (= 5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activerecord (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      bundler (>= 1.3.0)
+      railties (= 5.0.7.2)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    rails-i18n (5.1.3)
+      i18n (>= 0.7, < 2)
+      railties (>= 5.0, < 6)
+    rails_safe_tasks (1.0.0)
+    railties (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rainbow (3.0.0)
+    raindrops (0.19.1)
+    rake (13.0.1)
+    ransack (2.3.0)
+      actionpack (>= 5.0)
+      activerecord (>= 5.0)
+      activesupport (>= 5.0)
+      i18n
+      polyamorous (= 2.3.0)
+    rb-fsevent (0.10.4)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    redcarpet (3.5.0)
+    regexp_parser (1.8.2)
+    request_store (1.5.0)
+      rack (>= 1.4)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
+    rexml (3.2.4)
+    roadie (3.5.1)
+      css_parser (~> 1.4)
+      nokogiri (~> 1.8)
+    roadie-rails (1.3.0)
+      railties (>= 3.0, < 5.3)
+      roadie (~> 3.1)
+    roo (2.8.3)
+      nokogiri (~> 1)
+      rubyzip (>= 1.3.0, < 3.0.0)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.0)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-rails (4.0.1)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.9)
+      rspec-expectations (~> 3.9)
+      rspec-mocks (~> 3.9)
+      rspec-support (~> 3.9)
+    rspec-retry (0.6.2)
+      rspec-core (> 3.3)
+    rspec-support (3.10.0)
+    rswag (2.3.1)
+      rswag-api (= 2.3.1)
+      rswag-specs (= 2.3.1)
+      rswag-ui (= 2.3.1)
+    rswag-api (2.3.1)
+      railties (>= 3.1, < 7.0)
+    rswag-specs (2.3.1)
+      activesupport (>= 3.1, < 7.0)
+      json-schema (~> 2.2)
+      railties (>= 3.1, < 7.0)
+    rswag-ui (2.3.1)
+      actionpack (>= 3.1, < 7.0)
+      railties (>= 3.1, < 7.0)
+    rubocop (0.81.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.7.0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      rexml
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-rails (2.5.2)
+      activesupport
+      rack (>= 1.1)
+      rubocop (>= 0.72.0)
+    ruby-progressbar (1.10.1)
+    ruby-rc4 (0.1.5)
+    ruby2_keywords (0.0.2)
+    rubyzip (1.3.0)
+    sass (3.4.25)
+    sass-rails (5.0.7)
+      railties (>= 4.0.0, < 6)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
+    select2-rails (3.4.9)
+      sass-rails
+      thor (~> 0.14)
+    selenium-webdriver (3.142.7)
+      childprocess (>= 0.5, < 4.0)
+      rubyzip (>= 1.2.2)
+    shoulda-matchers (4.0.1)
+      activesupport (>= 4.2.0)
+    simplecov (0.17.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    sinatra (2.1.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
+      tilt (~> 2.0)
+    spring (2.0.2)
+      activesupport (>= 4.2)
+    spring-commands-rspec (1.0.4)
+      spring (>= 0.9.1)
+    sprockets (3.7.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.2)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    state_machines (0.5.0)
+    state_machines-activemodel (0.7.1)
+      activemodel (>= 4.1)
+      state_machines (>= 0.5.0)
+    state_machines-activerecord (0.6.0)
+      activerecord (>= 4.1)
+      state_machines-activemodel (>= 0.5.0)
+    stringex (2.8.5)
+    stripe (5.28.0)
+    temple (0.8.2)
+    test-prof (0.7.5)
+    test-unit (3.3.7)
+      power_assert
+    test_after_commit (1.1.0)
+      activerecord (>= 3.2)
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    tilt (2.0.10)
+    timecop (0.9.2)
+    tzinfo (1.2.8)
+      thread_safe (~> 0.1)
+    uglifier (4.2.0)
+      execjs (>= 0.3.0, < 3)
+    unicode-display_width (1.7.0)
+    unicorn (5.7.0)
+      kgio (~> 2.6)
+      raindrops (~> 0.7)
+    unicorn-rails (2.2.1)
+      rack
+      unicorn
+    unicorn-worker-killer (0.4.4)
+      get_process_mem (~> 0)
+      unicorn (>= 4, < 6)
+    warden (1.2.9)
+      rack (>= 2.0.9)
+    webdrivers (4.2.0)
+      nokogiri (~> 1.6)
+      rubyzip (>= 1.3.0)
+      selenium-webdriver (>= 3.0, < 4.0)
+    webmock (3.10.0)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+    websocket-driver (0.6.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    whenever (1.0.0)
+      chronic (>= 0.6.3)
+    wicked_pdf (2.1.0)
+      activesupport
+    wkhtmltopdf-binary (0.12.6.5)
+    xml-simple (1.1.5)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionpack-action_caching
+  active_model_serializers (= 0.8.4)
+  activemerchant (>= 1.78.0)
+  activerecord-import
+  activerecord-postgresql-adapter
+  activerecord-session_store
+  acts-as-taggable-on (~> 4.0)
+  acts_as_list (= 0.9.19)
+  andand
+  angular-rails-templates (>= 0.3.0)
+  angularjs-file-upload-rails (~> 2.4.1)
+  angularjs-rails (= 1.5.5)
+  atomic
+  awesome_nested_set
+  awesome_print
+  aws-sdk (= 1.67.0)
+  bugsnag
+  byebug
+  cancancan (~> 1.7.0)
+  capybara
+  catalog!
+  coffee-rails (~> 4.2.2)
+  combine_pdf
+  compass-rails
+  custom_error_message!
+  daemons
+  dalli
+  database_cleaner
+  ddtrace
+  debugger-linecache
+  delayed_job_active_record
+  delayed_job_web
+  devise
+  devise-encryptable
+  devise-token_authenticatable
+  dfc_provider!
+  eventmachine (>= 1.2.3)
+  factory_bot_rails (= 5.2.0)
+  ffaker
+  figaro
+  foundation-icons-sass-rails
+  foundation-rails (= 5.5.2.1)
+  fuubar (~> 2.5.1)
+  geocoder
+  gmaps4rails
+  haml
+  highline (= 2.0.3)
+  i18n
+  i18n-js (~> 3.8.0)
+  immigrant
+  jquery-migrate-rails
+  jquery-rails (= 4.4.0)
+  jquery-ui-rails (~> 4.2)
+  json
+  json_spec (~> 1.1.4)
+  jwt (~> 2.2)
+  kaminari (~> 1.2.1)
+  knapsack
+  letter_opener (>= 1.4.1)
+  mini_racer (= 0.2.15)
+  monetize (~> 1.1)
+  oauth2 (~> 1.4.4)
+  ofn-qz!
+  order_management!
+  paper_trail (~> 10.3.1)
+  paperclip (~> 3.4.1)
+  paranoia (~> 2.4)
+  paypal-sdk-merchant (= 1.106.1)
+  pg (~> 0.21.0)
+  pry
+  pry-byebug
+  rack-mini-profiler (< 3.0.0)
+  rack-rewrite
+  rack-ssl
+  rails (> 5.0, < 5.1)
+  rails-i18n
+  rails_safe_tasks (~> 1.0)
+  ransack (= 2.3.0)
+  redcarpet
+  responders
+  roadie-rails (~> 1.3.0)
+  roo (~> 2.8.3)
+  rspec-rails (>= 3.5.2)
+  rspec-retry
+  rswag
+  rubocop
+  rubocop-rails
+  sass (<= 4.7.1)
+  sass-rails (< 6.0.0)
+  select2-rails (~> 3.4.7)
+  selenium-webdriver
+  shoulda-matchers
+  simplecov
+  spring
+  spring-commands-rspec
+  state_machines-activerecord
+  stringex (~> 2.8.5)
+  stripe
+  test-prof
+  test-unit (~> 3.3)
+  test_after_commit
+  timecop
+  uglifier (>= 1.0.3)
+  unicorn-rails
+  unicorn-worker-killer
+  web!
+  webdrivers
+  webmock
+  whenever
+  wicked_pdf
+  wkhtmltopdf-binary
+
+RUBY VERSION
+   ruby 2.4.4p296
+
+BUNDLED WITH
+   1.17.3
--- a/app/assets/javascripts/admin/index_utils/services/paged_fetcher.js.coffee
+++ b/app/assets/javascripts/admin/index_utils/services/paged_fetcher.js.coffee
@@ -16,7 +16,7 @@ angular.module("admin.indexUtils").factory "PagedFetcher", (dataFetcher) ->
    fetchPages: (url, page, pageCallback) ->
      dataFetcher(@urlForPage(url, page)).then (data) =>
        @page++
-        @last_page = data.pages
+        @last_page = data.pagination.pages

        pageCallback(data) if pageCallback

--- a/app/assets/javascripts/admin/spree_paypal_express.js
+++ b/app/assets/javascripts/admin/spree_paypal_express.js
@@ -0,0 +1,17 @@
+//= require admin/spree_backend
+
+SpreePaypalExpress = {
+  hideSettings: function(paymentMethod) {
+    if (SpreePaypalExpress.paymentMethodID && paymentMethod.val() == SpreePaypalExpress.paymentMethodID) {
+      $('.payment-method-settings').children().hide();
+      $('#payment_amount').prop('disabled', 'disabled');
+      $('button[type="submit"]').prop('disabled', 'disabled');
+      $('#paypal-warning').show();
+    } else if (SpreePaypalExpress.paymentMethodID) {
+      $('.payment-method-settings').children().show();
+      $('button[type=submit]').prop('disabled', '');
+      $('#payment_amount').prop('disabled', '');
+      $('#paypal-warning').hide();
+    }
+  }
+}
--- a/app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee
@@ -1,21 +1,21 @@
 Darkswarm.factory 'OrderCycleResource', ($resource) ->
-  $resource('/api/order_cycles/:id', {}, {
+  $resource('/api/order_cycles/:id.json', {}, {
    'products':
      method: 'GET'
      isArray: true
-      url: '/api/order_cycles/:id/products'
+      url: '/api/order_cycles/:id/products.json'
      params:
        id: '@id'
    'taxons':
      method: 'GET'
      isArray: true
-      url: '/api/order_cycles/:id/taxons'
+      url: '/api/order_cycles/:id/taxons.json'
      params:
        id: '@id'
    'properties':
      method: 'GET'
      isArray: true
-      url: '/api/order_cycles/:id/properties'
+      url: '/api/order_cycles/:id/properties.json'
      params:
        id: '@id'
  })
--- a/app/assets/stylesheets/darkswarm/_shop-inputs.scss
+++ b/app/assets/stylesheets/darkswarm/_shop-inputs.scss
@@ -29,9 +29,12 @@ button.add-variant, button.variant-quantity {
  &:hover {
    background-color: $orange-600;
  }
+
  &[disabled] {
+    background-color: $grey-400;
+
    &:hover, &:focus {
-      background-color: $orange-500;
+      background-color: $grey-400;
    }
  }
  &:nth-of-type(1) {
@@ -84,14 +87,6 @@ button.bulk-buy.variant-quantity {

 button.bulk-buy-add.variant-quantity {
  width: 2.5rem;
-
-  &[disabled] {
-    background-color: $grey-400;
-
-    &:hover, &:focus {
-      background-color: $grey-400;
-    }
-  }
 }

 span.bulk-buy.variant-quantity {
--- a/app/assets/stylesheets/darkswarm/_shop-navigation.scss
+++ b/app/assets/stylesheets/darkswarm/_shop-navigation.scss
@@ -41,19 +41,21 @@ ordercycle {

  .order-cycle-select {
    border: 1px solid $teal-300;
-    display: inline-block;
+    display: flex;
    font-size: 1em;
    border-radius: $radius-small;
+    margin-right: 10px;
+    margin-left: 10px;

    .select-label {
      background-color: rgba($teal-300, 0.5);
-      display: inline-block;
+      display: flex;
+      align-items: center;
+      justify-content: center;
      border-radius: $radius-small 0 0 $radius-small;
-      float: left;
      font-size: 1em;
      line-height: 1.3em;
      padding: 0.5em 0.75em;
-      height: 2.35em;

      span {
        width: max-content;
@@ -65,6 +67,7 @@ ordercycle {
      background-image: image-url('white-caret.svg');
      background-size: 30px auto;
      background-position-x: 102%;
+      height: 2.35em;
    }

    p {
@@ -82,7 +85,6 @@ ordercycle {
      padding: 0.5em 1.25em 0.5em 0.75em;
      font-size: 1em;
      line-height: 1.3em;
-      height: 2.35em;
      min-width: 13em;
      width: 200px;

@@ -154,22 +156,24 @@ shop ordercycle {
    }
  }

+  .select-and-closing-container {
+    @include breakpoint(desktop) {
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      flex-wrap: wrap;
+    }
+  }
+
  closing {
    color: $white;
    padding: 0 0 12px;

    @include breakpoint(desktop) {
-      float: none;
-      display: inline-block;
-      padding: 0.2em 0 0;
+      padding: 0;
      font-size: 1.2em;
      margin-right: 1em;
    }
-
-    @include breakpoint(tablet) {
-      float: none;
-      padding: 0;
-    }
  }

  form.custom {
--- a/app/controllers/admin/bulk_line_items_controller.rb
+++ b/app/controllers/admin/bulk_line_items_controller.rb
@@ -1,5 +1,6 @@
 module Admin
  class BulkLineItemsController < Spree::Admin::BaseController
+    include PaginationData
    # GET /admin/bulk_line_items.json
    #
    def index
@@ -12,9 +13,12 @@ module Admin
        ransack(params[:q]).result.
        reorder('spree_line_items.order_id ASC, spree_line_items.id ASC')

-      @line_items = @line_items.page(page).per(params[:per_page]) if using_pagination?
+      @line_items = @line_items.page(page).per(params[:per_page]) if pagination_required?

-      render json: { line_items: serialized_line_items, pagination: pagination_data }
+      render json: {
+        line_items: serialized_line_items,
+        pagination: pagination_data(@line_items)
+      }
    end

    # PUT /admin/bulk_line_items/:id.json
@@ -87,21 +91,6 @@ module Admin
      ::Permissions::Order.new(spree_current_user)
    end

-    def using_pagination?
-      params[:per_page]
-    end
-
-    def pagination_data
-      return unless using_pagination?
-
-      {
-        results: @line_items.total_count,
-        pages: @line_items.num_pages,
-        page: page.to_i,
-        per_page: params[:per_page].to_i
-      }
-    end
-
    def page
      params[:page] || 1
    end
--- a/app/controllers/admin/customers_controller.rb
+++ b/app/controllers/admin/customers_controller.rb
@@ -17,13 +17,22 @@ module Admin
      respond_to do |format|
        format.html
        format.json do
-          render_as_json @collection,
-                         tag_rule_mapping: tag_rule_mapping,
-                         customer_tags: customer_tags_by_id
+          render json: @collection,
+                 each_serializer: index_each_serializer,
+                 tag_rule_mapping: tag_rule_mapping,
+                 customer_tags: customer_tags_by_id
        end
      end
    end

+    def index_each_serializer
+      if OpenFoodNetwork::FeatureToggle.enabled?(:customer_balance, spree_current_user)
+        ::Api::Admin::CustomerWithBalanceSerializer
+      else
+        ::Api::Admin::CustomerWithCalculatedBalanceSerializer
+      end
+    end
+
    def show
      render_as_json @customer, ams_prefix: params[:ams_prefix]
    end
@@ -63,10 +72,20 @@ module Admin
    private

    def collection
-      return Customer.where("1=0") unless json_request? && params[:enterprise_id].present?
+      if json_request? && params[:enterprise_id].present?
+        customers_relation.
+          includes(:bill_address, :ship_address, user: :credit_cards)
+      else
+        Customer.where('1=0')
+      end
+    end

-      Customer.of(managed_enterprise_id).
-        includes(:bill_address, :ship_address, user: :credit_cards)
+    def customers_relation
+      if OpenFoodNetwork::FeatureToggle.enabled?(:customer_balance, spree_current_user)
+        CustomersWithBalance.new(managed_enterprise_id).query
+      else
+        Customer.of(managed_enterprise_id)
+      end
    end

    def managed_enterprise_id
--- a/app/controllers/admin/manager_invitations_controller.rb
+++ b/app/controllers/admin/manager_invitations_controller.rb
@@ -35,7 +35,7 @@ module Admin
      new_user.save!

      @enterprise.users << new_user
-      Delayed::Job.enqueue ManagerInvitationJob.new(@enterprise.id, new_user.id)
+      EnterpriseMailer.manager_invitation(@enterprise, new_user).deliver_later

      new_user
    end
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -10,12 +10,14 @@ module Api
    include Spree::Core::ControllerHelpers::SSL
    include ::ActionController::Head
    include ::ActionController::ConditionalGet
+    include ActionView::Layouts
+
+    layout false

    attr_accessor :current_api_user

    before_action :set_content_type
    before_action :authenticate_user
-    after_action  :set_jsonp_format

    rescue_from Exception, with: :error_during_processing
    rescue_from CanCan::AccessDenied, with: :unauthorized
@@ -34,13 +36,6 @@ module Api
    use_renderers :json
    check_authorization

-    def set_jsonp_format
-      return unless params[:callback] && request.get?
-
-      self.response_body = "#{params[:callback]}(#{response_body})"
-      headers["Content-Type"] = 'application/javascript'
-    end
-
    def respond_with_conflict(json_hash)
      render json: json_hash, status: :conflict
    end
@@ -63,16 +58,12 @@ module Api
    end

    def set_content_type
-      content_type = case params[:format]
-                     when "json"
-                       "application/json"
-                     when "xml"
-                       "text/xml"
-                     end
-      headers["Content-Type"] = content_type
+      headers["Content-Type"] = "application/json"
    end

    def error_during_processing(exception)
+      Bugsnag.notify(exception)
+
      render(json: { exception: exception.message },
             status: :unprocessable_entity) && return
    end
--- a/app/controllers/api/exchange_products_controller.rb
+++ b/app/controllers/api/exchange_products_controller.rb
@@ -5,6 +5,7 @@
 # Pagination is optional and can be required by using param[:page]
 module Api
  class ExchangeProductsController < Api::BaseController
+    include PaginationData
    DEFAULT_PER_PAGE = 100

    skip_authorization_check only: [:index]
@@ -77,29 +78,16 @@ module Api
    end

    def render_paginated_products(paginated_products)
-      serializer = ActiveModel::ArraySerializer.new(
+      serialized_products = ActiveModel::ArraySerializer.new(
        paginated_products,
        each_serializer: Api::Admin::ForOrderCycle::SuppliedProductSerializer,
        order_cycle: @order_cycle
      )

-      result = { products: serializer }
-      result = result.merge(pagination: pagination_data(paginated_products)) if pagination_required?
-
-      render text: result.to_json
-    end
-
-    def pagination_data(paginated_products)
-      {
-        results: paginated_products.total_count,
-        pages: paginated_products.num_pages,
-        page: params[:page].to_i,
-        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
+      render json: {
+        products: serialized_products,
+        pagination: pagination_data(paginated_products)
      }
    end
-
-    def pagination_required?
-      params[:page].present?
-    end
  end
 end
--- a/app/controllers/api/order_cycles_controller.rb
+++ b/app/controllers/api/order_cycles_controller.rb
@@ -20,7 +20,7 @@ module Api
        search_params
      ).products_json

-      render plain: products, content_type: "application/json"
+      render plain: products
    rescue ProductsRenderer::NoProducts
      render_no_products
    end
@@ -33,19 +33,19 @@ module Api

      render plain: ActiveModel::ArraySerializer.new(
        taxons, each_serializer: Api::TaxonSerializer
-      ).to_json, content_type: "application/json"
+      ).to_json
    end

    def properties
      render plain: ActiveModel::ArraySerializer.new(
        product_properties | producer_properties, each_serializer: Api::PropertySerializer
-      ).to_json, content_type: "application/json"
+      ).to_json
    end

    private

    def render_no_products
-      render status: :not_found, json: ''
+      render status: :not_found, json: {}
    end

    def product_properties
--- a/app/controllers/api/orders_controller.rb
+++ b/app/controllers/api/orders_controller.rb
@@ -1,5 +1,7 @@
 module Api
  class OrdersController < Api::BaseController
+    include PaginationData
+
    def show
      authorize! :read, order
      render json: order, serializer: Api::OrderDetailedSerializer, current_order: order
@@ -8,11 +10,11 @@ module Api
    def index
      authorize! :admin, Spree::Order

-      search_results = SearchOrders.new(params, current_api_user)
+      orders = SearchOrders.new(params, current_api_user).orders

      render json: {
-        orders: serialized_orders(search_results.orders),
-        pagination: search_results.pagination_data
+        orders: serialized_orders(orders),
+        pagination: pagination_data(orders)
      }
    end

--- a/app/controllers/api/products_controller.rb
+++ b/app/controllers/api/products_controller.rb
@@ -3,8 +3,8 @@ require 'spree/core/product_duplicator'

 module Api
  class ProductsController < Api::BaseController
+    include PaginationData
    respond_to :json
-    DEFAULT_PAGE = 1
    DEFAULT_PER_PAGE = 15

    skip_authorization_check only: [:show, :bulk_products, :overridable]
@@ -63,7 +63,7 @@ module Api
      @products = product_query.
        ransack(query_params_with_defaults).
        result.
-        page(params[:page] || DEFAULT_PAGE).
+        page(params[:page] || 1).
        per(params[:per_page] || DEFAULT_PER_PAGE)

      render_paged_products @products
@@ -130,33 +130,21 @@ module Api
    end

    def render_paged_products(products, product_serializer = ::Api::Admin::ProductSerializer)
-      serializer = ActiveModel::ArraySerializer.new(
+      serialized_products = ActiveModel::ArraySerializer.new(
        products,
        each_serializer: product_serializer
      )

-      render text: {
-        products: serializer,
-        # This line is used by the PagedFetcher JS service (inventory).
-        pages: products.num_pages,
-        # This hash is used by the BulkProducts JS service.
+      render json: {
+        products: serialized_products,
        pagination: pagination_data(products)
-      }.to_json
+      }
    end

    def query_params_with_defaults
      (params[:q] || {}).reverse_merge(s: 'created_at desc')
    end

-    def pagination_data(results)
-      {
-        results: results.total_count,
-        pages: results.num_pages,
-        page: (params[:page] || DEFAULT_PAGE).to_i,
-        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
-      }
-    end
-
    def product_params
      params.require(:product).permit PermittedAttributes::Product.attributes
    end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,8 +1,13 @@
 # frozen_string_literal: true

-require "application_responder"
-require 'open_food_network/referer_parser'
 require_dependency 'spree/authentication_helpers'
+require "application_responder"
+require 'cancan'
+require 'spree/core/controller_helpers/auth'
+require 'spree/core/controller_helpers/respond_with'
+require 'spree/core/controller_helpers/ssl'
+require 'spree/core/controller_helpers/common'
+require 'open_food_network/referer_parser'

 class ApplicationController < ActionController::Base
  self.responder = ApplicationResponder
@@ -10,6 +15,11 @@ class ApplicationController < ActionController::Base

  protect_from_forgery

+  include Spree::Core::ControllerHelpers::Auth
+  include Spree::Core::ControllerHelpers::RespondWith
+  include Spree::Core::ControllerHelpers::SSL
+  include Spree::Core::ControllerHelpers::Common
+
  prepend_before_action :restrict_iframes
  before_action :set_cache_headers # prevent cart emptying via cache when using back button #1213

@@ -22,6 +32,8 @@ class ApplicationController < ActionController::Base
    raise ActiveModel::ForbiddenAttributesError, params.to_s
  end

+  respond_to :html
+
  def redirect_to(options = {}, response_status = {})
    ::Rails.logger.error("Redirected by #{begin
                                            caller(1).first
@@ -150,3 +162,5 @@ class ApplicationController < ActionController::Base
    response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
  end
 end
+
+require 'spree/i18n/initializer'
--- a/app/controllers/base_controller.rb
+++ b/app/controllers/base_controller.rb
@@ -1,17 +1,14 @@
-require 'spree/core/controller_helpers/auth'
-require 'spree/core/controller_helpers/common'
+# frozen_string_literal: true
+
 require 'spree/core/controller_helpers/order'
-require 'spree/core/controller_helpers/respond_with'
 require 'open_food_network/tag_rule_applicator'

 class BaseController < ApplicationController
-  include Spree::Core::ControllerHelpers::Auth
-  include Spree::Core::ControllerHelpers::Common
+  layout 'darkswarm'
+
  include Spree::Core::ControllerHelpers::Order
-  include Spree::Core::ControllerHelpers::RespondWith

  include I18nHelper
-  include EnterprisesHelper
  include OrderCyclesHelper

  helper 'spree/base'
--- a/app/controllers/checkout_controller.rb
+++ b/app/controllers/checkout_controller.rb
@@ -2,7 +2,7 @@

 require 'open_food_network/address_finder'

-class CheckoutController < Spree::StoreController
+class CheckoutController < ::BaseController
  layout 'darkswarm'

  include OrderStockCheck
--- a/app/controllers/concerns/api_action_caching.rb
+++ b/app/controllers/concerns/api_action_caching.rb
--- a/app/controllers/concerns/pagination_data.rb
+++ b/app/controllers/concerns/pagination_data.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module PaginationData
+  extend ActiveSupport::Concern
+
+  def pagination_data(objects)
+    return unless objects.respond_to? :total_count
+
+    {
+      results: objects.total_count,
+      pages: objects.total_pages,
+      page: (params[:page] || 1).to_i,
+      per_page: (params[:per_page] || default_per_page).to_i
+    }
+  end
+
+  def pagination_required?
+    params[:page].present? || params[:per_page].present?
+  end
+
+  def default_per_page
+    return unless defined? self.class::DEFAULT_PER_PAGE
+
+    self.class::DEFAULT_PER_PAGE
+  end
+end
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -1,6 +1,6 @@
 module Spree
  module Admin
-    class BaseController < Spree::BaseController
+    class BaseController < ApplicationController
      ssl_required

      helper 'spree/admin/navigation'
--- a/app/controllers/spree/admin/mail_methods_controller.rb
+++ b/app/controllers/spree/admin/mail_methods_controller.rb
@@ -15,7 +15,7 @@ module Spree
      end

      def testmail
-        if TestMailer.test_email(spree_current_user).deliver
+        if TestMailer.test_email(spree_current_user).deliver_now
          flash[:success] = Spree.t('admin.mail_methods.testmail.delivery_success')
        else
          flash[:error] = Spree.t('admin.mail_methods.testmail.delivery_error')
--- a/app/controllers/spree/admin/orders_controller.rb
+++ b/app/controllers/spree/admin/orders_controller.rb
@@ -78,7 +78,7 @@ module Spree
      end

      def resend
-        Spree::OrderMailer.confirm_email_for_customer(@order.id, true).deliver
+        Spree::OrderMailer.confirm_email_for_customer(@order.id, true).deliver_later
        flash[:success] = t('admin.orders.order_email_resent')

        respond_with(@order) { |format| format.html { redirect_to :back } }
@@ -87,7 +87,7 @@ module Spree
      def invoice
        pdf = InvoiceRenderer.new.render_to_string(@order)

-        Spree::OrderMailer.invoice_email(@order.id, pdf).deliver
+        Spree::OrderMailer.invoice_email(@order.id, pdf).deliver_later
        flash[:success] = t('admin.orders.invoice_email_sent')

        respond_with(@order) { |format|
--- a/app/controllers/spree/admin/payments_controller.rb
+++ b/app/controllers/spree/admin/payments_controller.rb
@@ -67,6 +67,25 @@ module Spree
        redirect_to request.referer
      end

+      def paypal_refund
+        if request.get?
+          if @payment.source.state == 'refunded'
+            flash[:error] = Spree.t(:already_refunded, scope: 'paypal')
+            redirect_to admin_order_payment_path(@order, @payment)
+          end
+        elsif request.post?
+          response = @payment.payment_method.refund(@payment, params[:refund_amount])
+          if response.success?
+            flash[:success] = Spree.t(:refund_successful, scope: 'paypal')
+            redirect_to admin_order_payments_path(@order)
+          else
+            flash.now[:error] = Spree.t(:refund_unsuccessful, scope: 'paypal') +
+                                " (#{response.errors.first.long_message})"
+            render
+          end
+        end
+      end
+
      private

      def load_payment_source
--- a/app/controllers/spree/admin/paypal_payments_controller.rb
+++ b/app/controllers/spree/admin/paypal_payments_controller.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Spree
+  module Admin
+    class PaypalPaymentsController < Spree::Admin::BaseController
+      before_action :load_order
+
+      def index
+        @payments = @order.payments.includes(:payment_method).
+          where(spree_payment_methods: { type: "Spree::Gateway::PayPalExpress" })
+      end
+
+      private
+
+      def load_order
+        @order = Spree::Order.where(number: params[:order_id]).first
+      end
+    end
+  end
+end
--- a/app/controllers/spree/base_controller.rb
+++ b/app/controllers/spree/base_controller.rb
@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-require 'cancan'
-require 'spree/core/controller_helpers/auth'
-require 'spree/core/controller_helpers/respond_with'
-require 'spree/core/controller_helpers/ssl'
-require 'spree/core/controller_helpers/common'
-
-module Spree
-  class BaseController < ApplicationController
-    include Spree::Core::ControllerHelpers::Auth
-    include Spree::Core::ControllerHelpers::RespondWith
-    include Spree::Core::ControllerHelpers::SSL
-    include Spree::Core::ControllerHelpers::Common
-
-    respond_to :html
-  end
-end
-
-require 'spree/i18n/initializer'
--- a/app/controllers/spree/checkout_controller.rb
+++ b/app/controllers/spree/checkout_controller.rb
@@ -7,7 +7,7 @@
 #   to CheckoutController directly in the routes
 #   with a slash like "to: '/checkout#edit'", but it does not work in this case.
 module Spree
-  class CheckoutController < Spree::StoreController
+  class CheckoutController < ::BaseController
    def edit
      flash.keep
      redirect_to main_app.checkout_path
--- a/app/controllers/spree/credit_cards_controller.rb
+++ b/app/controllers/spree/credit_cards_controller.rb
@@ -1,4 +1,6 @@
-require 'stripe/credit_card_clone_destroyer'
+# frozen_string_literal: true
+
+require 'stripe/credit_card_remover'

 module Spree
  class CreditCardsController < BaseController
@@ -42,7 +44,7 @@ module Spree
      @credit_card = Spree::CreditCard.find_by(id: params[:id])
      if @credit_card
        authorize! :destroy, @credit_card
-        destroy_at_stripe
+        Stripe::CreditCardRemover.new(@credit_card).call
      end

      # Using try because we may not have a card here
@@ -64,14 +66,6 @@ module Spree
      @credit_card.user.customers.update_all(allow_charges: false)
    end

-    # It destroys the whole customer object
-    def destroy_at_stripe
-      Stripe::CreditCardCloneDestroyer.new.destroy_clones(@credit_card)
-
-      stripe_customer = Stripe::Customer.retrieve(@credit_card.gateway_customer_profile_id, {})
-      stripe_customer&.delete unless stripe_customer.deleted?
-    end
-
    def create_customer(token)
      Stripe::Customer.create(email: spree_current_user.email, source: token)
    end
--- a/app/controllers/spree/orders_controller.rb
+++ b/app/controllers/spree/orders_controller.rb
@@ -1,6 +1,8 @@
 module Spree
-  class OrdersController < Spree::StoreController
+  class OrdersController < ::BaseController
    include OrderCyclesHelper
+    include Rails.application.routes.url_helpers
+
    layout 'darkswarm'

    ssl_required :show
--- a/app/controllers/spree/paypal_controller.rb
+++ b/app/controllers/spree/paypal_controller.rb
@@ -0,0 +1,244 @@
+# frozen_string_literal: true
+
+module Spree
+  class PaypalController < ::BaseController
+    ssl_allowed
+
+    include OrderStockCheck
+
+    before_action :enable_embedded_shopfront
+    before_action :destroy_orphaned_paypal_payments, only: :confirm
+    after_action :reset_order_when_complete, only: :confirm
+    before_action :permit_parameters!
+
+    def express
+      order = current_order || raise(ActiveRecord::RecordNotFound)
+      items = order.line_items.map(&method(:line_item))
+
+      tax_adjustments = order.adjustments.tax
+      # TODO: Remove in Spree 2.2
+      tax_adjustments = tax_adjustments.additional if tax_adjustments.respond_to?(:additional)
+      shipping_adjustments = order.adjustments.shipping
+
+      order.adjustments.eligible.each do |adjustment|
+        next if (tax_adjustments + shipping_adjustments).include?(adjustment)
+
+        items << {
+          Name: adjustment.label,
+          Quantity: 1,
+          Amount: {
+            currencyID: order.currency,
+            value: adjustment.amount
+          }
+        }
+      end
+
+      # Because PayPal doesn't accept $0 items at all.
+      # See https://github.com/spree-contrib/better_spree_paypal_express/issues/10
+      # "It can be a positive or negative value but not zero."
+      items.reject! do |item|
+        item[:Amount][:value].zero?
+      end
+
+      pp_request = provider.build_set_express_checkout(
+        express_checkout_request_details(order, items)
+      )
+
+      begin
+        pp_response = provider.set_express_checkout(pp_request)
+        if pp_response.success?
+          # At this point Paypal has *provisionally* accepted that the payment can now be placed,
+          # and the user will be redirected to a Paypal payment page. On completion, the user is
+          # sent back and the response is handled in the #confirm action in this controller.
+          redirect_to provider.express_checkout_url(pp_response, useraction: 'commit')
+        else
+          flash[:error] = Spree.t('flash.generic_error', scope: 'paypal', reasons: pp_response.errors.map(&:long_message).join(" "))
+          redirect_to spree.checkout_state_path(:payment)
+        end
+      rescue SocketError
+        flash[:error] = Spree.t('flash.connection_failed', scope: 'paypal')
+        redirect_to spree.checkout_state_path(:payment)
+      end
+    end
+
+    def confirm
+      @order = current_order || raise(ActiveRecord::RecordNotFound)
+
+      # At this point the user has come back from the Paypal form, and we get one
+      # last chance to interact with the payment process before the money moves...
+      return reset_to_cart unless sufficient_stock?
+
+      @order.payments.create!(
+        source: Spree::PaypalExpressCheckout.create(
+          token: params[:token],
+          payer_id: params[:PayerID]
+        ),
+        amount: @order.total,
+        payment_method: payment_method
+      )
+      @order.next
+      if @order.complete?
+        flash.notice = Spree.t(:order_processed_successfully)
+        flash[:commerce_tracking] = "nothing special"
+        session[:order_id] = nil
+        redirect_to completion_route(@order)
+      else
+        redirect_to checkout_state_path(@order.state)
+      end
+    end
+
+    def cancel
+      flash[:notice] = Spree.t('flash.cancel', scope: 'paypal')
+      redirect_to main_app.checkout_path
+    end
+
+    # Clears the cached order. Required for #current_order to return a new order to serve as cart.
+    def expire_current_order
+      session[:order_id] = nil
+      @current_order = nil
+    end
+
+    private
+
+    def line_item(item)
+      {
+        Name: item.product.name,
+        Number: item.variant.sku,
+        Quantity: item.quantity,
+        Amount: {
+          currencyID: item.order.currency,
+          value: item.price
+        },
+        ItemCategory: "Physical"
+      }
+    end
+
+    def express_checkout_request_details(order, items)
+      {
+        SetExpressCheckoutRequestDetails: {
+          InvoiceID: order.number,
+          BuyerEmail: order.email,
+          ReturnURL: spree.confirm_paypal_url(
+            payment_method_id: params[:payment_method_id], utm_nooverride: 1
+          ),
+          CancelURL: spree.cancel_paypal_url,
+          SolutionType: payment_method.preferred_solution.presence || "Mark",
+          LandingPage: payment_method.preferred_landing_page.presence || "Billing",
+          cppheaderimage: payment_method.preferred_logourl.presence || "",
+          NoShipping: 1,
+          PaymentDetails: [payment_details(items)]
+        }
+      }
+    end
+
+    def payment_method
+      @payment_method ||= Spree::PaymentMethod.find(params[:payment_method_id])
+    end
+
+    def permit_parameters!
+      params.permit(:token, :payment_method_id, :PayerID)
+    end
+
+    def reset_order_when_complete
+      return unless current_order.complete?
+
+      flash[:notice] = t(:order_processed_successfully)
+      OrderCompletionReset.new(self, current_order).call
+      session[:access_token] = current_order.token
+    end
+
+    def reset_to_cart
+      OrderCheckoutRestart.new(@order).call
+      handle_insufficient_stock
+    end
+
+    # See #1074 and #1837 for more detail on why we need this
+    # An 'orphaned' Spree::Payment is created for every call to CheckoutController#update
+    # for orders that are processed using a Spree::Gateway::PayPalExpress payment method
+    # These payments are 'orphaned' because they are never used by the spree_paypal_express gem
+    # which creates a brand new Spree::Payment from scratch in PayPalController#confirm
+    # However, the 'orphaned' payments are useful when applying a transaction fee, because the fees
+    # need to be calculated before the order details are sent to PayPal for confirmation
+    # This is our best hook for removing the orphaned payments at an appropriate time. ie. after
+    # the payment details have been confirmed, but before any payments have been processed
+    def destroy_orphaned_paypal_payments
+      return unless payment_method.is_a?(Spree::Gateway::PayPalExpress)
+
+      orphaned_payments = current_order.payments.
+        where(payment_method_id: payment_method.id, source_id: nil)
+      orphaned_payments.each(&:destroy)
+    end
+
+    def provider
+      payment_method.provider
+    end
+
+    def payment_details(items)
+      item_sum = items.sum { |i| i[:Quantity] * i[:Amount][:value] }
+      # Would use tax_total here, but it can include "included" taxes as well.
+      # For instance, tax_total would include the 10% GST in Australian stores.
+      # A quick sum will get us around that little problem.
+      # TODO: Remove additional check in 2.2
+      tax_adjustments = current_order.adjustments.tax
+      tax_adjustments = tax_adjustments.additional if tax_adjustments.respond_to?(:additional)
+      tax_adjustments_total = tax_adjustments.sum(:amount)
+
+      if item_sum.zero?
+        # Paypal does not support no items or a zero dollar ItemTotal
+        # This results in the order summary being simply "Current purchase"
+        {
+          OrderTotal: {
+            currencyID: current_order.currency,
+            value: current_order.total
+          }
+        }
+      else
+        {
+          OrderTotal: {
+            currencyID: current_order.currency,
+            value: current_order.total
+          },
+          ItemTotal: {
+            currencyID: current_order.currency,
+            value: item_sum
+          },
+          ShippingTotal: {
+            currencyID: current_order.currency,
+            value: current_order.ship_total
+          },
+          TaxTotal: {
+            currencyID: current_order.currency,
+            value: tax_adjustments_total,
+          },
+          ShipToAddress: address_options,
+          PaymentDetailsItem: items,
+          ShippingMethod: "Shipping Method Name Goes Here",
+          PaymentAction: "Sale"
+        }
+      end
+    end
+
+    def address_options
+      return {} unless address_required?
+
+      {
+        Name: current_order.bill_address.try(:full_name),
+        Street1: current_order.bill_address.address1,
+        Street2: current_order.bill_address.address2,
+        CityName: current_order.bill_address.city,
+        Phone: current_order.bill_address.phone,
+        StateOrProvince: current_order.bill_address.state_text,
+        Country: current_order.bill_address.country.iso,
+        PostalCode: current_order.bill_address.zipcode
+      }
+    end
+
+    def completion_route(order)
+      spree.order_path(order, token: order.token)
+    end
+
+    def address_required?
+      payment_method.preferred_solution.eql?('Sole')
+    end
+  end
+end
--- a/app/controllers/spree/paypal_controller_decorator.rb
+++ b/app/controllers/spree/paypal_controller_decorator.rb
@@ -1,157 +0,0 @@
-# frozen_string_literal: true
-
-Spree::PaypalController.class_eval do
-  include OrderStockCheck
-
-  before_action :enable_embedded_shopfront
-  before_action :destroy_orphaned_paypal_payments, only: :confirm
-  after_action :reset_order_when_complete, only: :confirm
-  before_action :permit_parameters!
-
-  def express
-    order = current_order || raise(ActiveRecord::RecordNotFound)
-    items = order.line_items.map(&method(:line_item))
-
-    tax_adjustments = order.adjustments.tax
-    # TODO: Remove in Spree 2.2
-    tax_adjustments = tax_adjustments.additional if tax_adjustments.respond_to?(:additional)
-    shipping_adjustments = order.adjustments.shipping
-
-    order.adjustments.eligible.each do |adjustment|
-      next if (tax_adjustments + shipping_adjustments).include?(adjustment)
-
-      items << {
-        Name: adjustment.label,
-        Quantity: 1,
-        Amount: {
-          currencyID: order.currency,
-          value: adjustment.amount
-        }
-      }
-    end
-
-    # Because PayPal doesn't accept $0 items at all.
-    # See #10
-    # https://cms.paypal.com/uk/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_ECCustomizing
-    # "It can be a positive or negative value but not zero."
-    items.reject! do |item|
-      item[:Amount][:value].zero?
-    end
-    pp_request = provider.build_set_express_checkout(express_checkout_request_details(order, items))
-
-    begin
-      pp_response = provider.set_express_checkout(pp_request)
-      if pp_response.success?
-        # At this point Paypal has *provisionally* accepted that the payment can now be placed,
-        # and the user will be redirected to a Paypal payment page. On completion, the user is
-        # sent back and the response is handled in the #confirm action in this controller.
-        redirect_to provider.express_checkout_url(pp_response, useraction: 'commit')
-      else
-        flash[:error] = Spree.t('flash.generic_error', scope: 'paypal', reasons: pp_response.errors.map(&:long_message).join(" "))
-        redirect_to spree.checkout_state_path(:payment)
-      end
-    rescue SocketError
-      flash[:error] = Spree.t('flash.connection_failed', scope: 'paypal')
-      redirect_to spree.checkout_state_path(:payment)
-    end
-  end
-
-  def confirm
-    @order = current_order || raise(ActiveRecord::RecordNotFound)
-
-    # At this point the user has come back from the Paypal form, and we get one
-    # last chance to interact with the payment process before the money moves...
-    return reset_to_cart unless sufficient_stock?
-
-    @order.payments.create!({
-      source: Spree::PaypalExpressCheckout.create({
-        token: params[:token],
-        payer_id: params[:PayerID]
-      }),
-      amount: @order.total,
-      payment_method: payment_method
-    })
-    @order.next
-    if @order.complete?
-      flash.notice = Spree.t(:order_processed_successfully)
-      flash[:commerce_tracking] = "nothing special"
-      session[:order_id] = nil
-      redirect_to completion_route(@order)
-    else
-      redirect_to checkout_state_path(@order.state)
-    end
-  end
-
-  def cancel
-    flash[:notice] = Spree.t('flash.cancel', scope: 'paypal')
-    redirect_to main_app.checkout_path
-  end
-
-  # Clears the cached order. Required for #current_order to return a new order
-  # to serve as cart. See https://github.com/spree/spree/blob/1-3-stable/core/lib/spree/core/controller_helpers/order.rb#L14
-  # for details.
-  def expire_current_order
-    session[:order_id] = nil
-    @current_order = nil
-  end
-
-  private
-
-  def payment_method
-    @payment_method ||= Spree::PaymentMethod.find(params[:payment_method_id])
-  end
-
-  def permit_parameters!
-    params.permit(:token, :payment_method_id, :PayerID)
-  end
-
-  def reset_order_when_complete
-    if current_order.complete?
-      flash[:notice] = t(:order_processed_successfully)
-
-      OrderCompletionReset.new(self, current_order).call
-      session[:access_token] = current_order.token
-    end
-  end
-
-  def reset_to_cart
-    OrderCheckoutRestart.new(@order).call
-    handle_insufficient_stock
-  end
-
-  # See #1074 and #1837 for more detail on why we need this
-  # An 'orphaned' Spree::Payment is created for every call to CheckoutController#update
-  # for orders that are processed using a Spree::Gateway::PayPalExpress payment method
-  # These payments are 'orphaned' because they are never used by the spree_paypal_express gem
-  # which creates a brand new Spree::Payment from scratch in PayPalController#confirm
-  # However, the 'orphaned' payments are useful when applying a transaction fee, because the fees
-  # need to be calculated before the order details are sent to PayPal for confirmation
-  # This is our best hook for removing the orphaned payments at an appropriate time. ie. after
-  # the payment details have been confirmed, but before any payments have been processed
-  def destroy_orphaned_paypal_payments
-    return unless payment_method.is_a?(Spree::Gateway::PayPalExpress)
-
-    orphaned_payments = current_order.payments.where(payment_method_id: payment_method.id, source_id: nil)
-    orphaned_payments.each(&:destroy)
-  end
-
-  def completion_route(order)
-    spree.order_path(order, token: order.token)
-  end
-
-  def express_checkout_request_details(order, items)
-    {
-      SetExpressCheckoutRequestDetails: {
-        InvoiceID: order.number,
-        BuyerEmail: order.email,
-        ReturnURL: spree.confirm_paypal_url(payment_method_id: params[:payment_method_id], utm_nooverride: 1),
-        CancelURL: spree.cancel_paypal_url,
-        SolutionType: payment_method.preferred_solution.presence || "Mark",
-        LandingPage: payment_method.preferred_landing_page.presence || "Billing",
-        cppheaderimage: payment_method.preferred_logourl.presence || "",
-        NoShipping: 1,
-        PaymentDetails: [payment_details(items)]
-      }
-    }
-  end
-end
--- a/app/controllers/spree/store_controller.rb
+++ b/app/controllers/spree/store_controller.rb
@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-require 'spree/core/controller_helpers/order'
-
-module Spree
-  class StoreController < Spree::BaseController
-    layout 'darkswarm'
-
-    include Spree::Core::ControllerHelpers::Order
-
-    include I18nHelper
-    before_action :set_locale
-  end
-end
--- a/app/controllers/spree/users_controller.rb
+++ b/app/controllers/spree/users_controller.rb
@@ -1,5 +1,5 @@
 module Spree
-  class UsersController < Spree::StoreController
+  class UsersController < ::BaseController
    layout 'darkswarm'
    ssl_required
    skip_before_action :set_current_order, only: :show
--- a/app/helpers/admin/injection_helper.rb
+++ b/app/helpers/admin/injection_helper.rb
@@ -130,10 +130,6 @@ module Admin
                                                            json: @hub_permissions.to_json }
    end

-    def admin_inject_products
-      admin_inject_json_ams_array "ofn.admin", "products", @products, Api::Admin::ProductSerializer
-    end
-
    def admin_inject_tax_categories(opts = { module: 'ofn.admin' })
      admin_inject_json_ams_array opts[:module],
                                  "tax_categories",
--- a/app/helpers/spree/reports_helper.rb
+++ b/app/helpers/spree/reports_helper.rb
@@ -1,4 +1,4 @@
-require 'spree/money_decorator'
+require 'spree/money'

 module Spree
  module ReportsHelper
--- a/app/jobs/confirm_order_job.rb
+++ b/app/jobs/confirm_order_job.rb
@@ -2,7 +2,7 @@

 class ConfirmOrderJob < ActiveJob::Base
  def perform(order_id)
-    Spree::OrderMailer.confirm_email_for_customer(order_id).deliver
-    Spree::OrderMailer.confirm_email_for_shop(order_id).deliver
+    Spree::OrderMailer.confirm_email_for_customer(order_id).deliver_now
+    Spree::OrderMailer.confirm_email_for_shop(order_id).deliver_now
  end
 end
--- a/app/jobs/confirm_signup_job.rb
+++ b/app/jobs/confirm_signup_job.rb
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-class ConfirmSignupJob < ActiveJob::Base
-  def perform(user_id)
-    user = Spree::User.find user_id
-    Spree::UserMailer.signup_confirmation(user).deliver
-  end
-end
--- a/app/jobs/heartbeat_job.rb
+++ b/app/jobs/heartbeat_job.rb
@@ -1,4 +1,6 @@
-class HeartbeatJob
+# frozen_string_literal: true
+
+class HeartbeatJob < ActiveJob::Base
  def perform
    Spree::Config.last_job_queue_heartbeat_at = Time.now.in_time_zone
  end
--- a/app/jobs/manager_invitation_job.rb
+++ b/app/jobs/manager_invitation_job.rb
@@ -1,7 +0,0 @@
-ManagerInvitationJob = Struct.new(:enterprise_id, :user_id) do
-  def perform
-    enterprise = Enterprise.find enterprise_id
-    user = Spree::User.find user_id
-    EnterpriseMailer.manager_invitation(enterprise, user).deliver
-  end
-end
--- a/app/jobs/order_cycle_notification_job.rb
+++ b/app/jobs/order_cycle_notification_job.rb
@@ -5,7 +5,7 @@ class OrderCycleNotificationJob < ActiveJob::Base
  def perform(order_cycle_id)
    order_cycle = OrderCycle.find(order_cycle_id)
    order_cycle.suppliers.each do |supplier|
-      ProducerMailer.order_cycle_report(supplier, order_cycle).deliver
+      ProducerMailer.order_cycle_report(supplier, order_cycle).deliver_now
    end
  end
 end
--- a/app/jobs/subscription_confirm_job.rb
+++ b/app/jobs/subscription_confirm_job.rb
@@ -1,7 +1,7 @@
 require 'order_management/subscriptions/summarizer'

 # Confirms orders of unconfirmed proxy orders in recently closed Order Cycles
-class SubscriptionConfirmJob
+class SubscriptionConfirmJob < ActiveJob::Base
  def perform
    confirm_proxy_orders!
  end
@@ -90,13 +90,13 @@ class SubscriptionConfirmJob
  def send_confirmation_email(order)
    order.update!
    record_success(order)
-    SubscriptionMailer.confirmation_email(order).deliver
+    SubscriptionMailer.confirmation_email(order).deliver_now
  end

  def send_failed_payment_email(order, error_message = nil)
    order.update!
    record_and_log_error(:failed_payment, order, error_message)
-    SubscriptionMailer.failed_payment_email(order).deliver
+    SubscriptionMailer.failed_payment_email(order).deliver_now
  rescue StandardError => e
    Bugsnag.notify(e, order: order, error_message: error_message)
  end
--- a/app/jobs/subscription_placement_job.rb
+++ b/app/jobs/subscription_placement_job.rb
@@ -1,6 +1,6 @@
 require 'order_management/subscriptions/summarizer'

-class SubscriptionPlacementJob
+class SubscriptionPlacementJob < ActiveJob::Base
  def perform
    ids = proxy_orders.pluck(:id)
    proxy_orders.update_all(placed_at: Time.zone.now)
@@ -87,11 +87,11 @@ class SubscriptionPlacementJob
  def send_placement_email(order, changes)
    record_issue(:changes, order) if changes.present?
    record_success(order) if changes.blank?
-    SubscriptionMailer.placement_email(order, changes).deliver
+    SubscriptionMailer.placement_email(order, changes).deliver_now
  end

  def send_empty_email(order, changes)
    record_issue(:empty, order)
-    SubscriptionMailer.empty_email(order, changes).deliver
+    SubscriptionMailer.empty_email(order, changes).deliver_now
  end
 end
--- a/app/jobs/welcome_enterprise_job.rb
+++ b/app/jobs/welcome_enterprise_job.rb
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-class WelcomeEnterpriseJob < ActiveJob::Base
-  def perform(enterprise_id)
-    enterprise = Enterprise.find enterprise_id
-    EnterpriseMailer.welcome(enterprise).deliver
-  end
-end
--- a/app/models/enterprise.rb
+++ b/app/models/enterprise.rb
@@ -400,7 +400,7 @@ class Enterprise < ActiveRecord::Base
  end

  def send_welcome_email
-    WelcomeEnterpriseJob.perform_later(id)
+    EnterpriseMailer.welcome(self).deliver_later
  end

  def strip_url(url)
--- a/app/models/spree/adjustment.rb
+++ b/app/models/spree/adjustment.rb
@@ -39,6 +39,8 @@ module Spree
    belongs_to :adjustable, polymorphic: true
    belongs_to :source, polymorphic: true
    belongs_to :originator, polymorphic: true
+    belongs_to :order, class_name: "Spree::Order"
+
    belongs_to :tax_rate, -> { where spree_adjustments: { originator_type: 'Spree::TaxRate' } },
               foreign_key: 'originator_id'

@@ -86,18 +88,10 @@ module Spree
    # Update the boolean _eligible_ attribute which determines which adjustments
    # count towards the order's adjustment_total.
    def set_eligibility
-      result = mandatory || (amount != 0 && eligible_for_originator?)
+      result = mandatory || amount != 0
      update_column(:eligible, result)
    end

-    # Allow originator of the adjustment to perform an additional eligibility of the adjustment
-    # Should return _true_ if originator is absent or doesn't implement _eligible?_
-    def eligible_for_originator?
-      return true if originator.nil?
-
-      !originator.respond_to?(:eligible?) || originator.eligible?(source)
-    end
-
    # Update both the eligibility and amount of the adjustment. Adjustments
    # delegate updating of amount to their Originator when present, but only if
    # +locked+ is false. Adjustments that are +locked+ will never change their amount.
--- a/app/models/spree/gateway/pay_pal_express.rb
+++ b/app/models/spree/gateway/pay_pal_express.rb
@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require 'paypal-sdk-merchant'
+
+module Spree
+  class Gateway
+    class PayPalExpress < Gateway
+      preference :login, :string
+      preference :password, :password
+      preference :signature, :string
+      preference :server, :string, default: 'sandbox'
+      preference :solution, :string, default: 'Mark'
+      preference :landing_page, :string, default: 'Billing'
+      preference :logourl, :string, default: ''
+
+      def supports?(_source)
+        true
+      end
+
+      def provider_class
+        ::PayPal::SDK::Merchant::API
+      end
+
+      def provider
+        ::PayPal::SDK.configure(
+          mode: preferred_server.presence || "sandbox",
+          username: preferred_login,
+          password: preferred_password,
+          signature: preferred_signature
+        )
+        provider_class.new
+      end
+
+      def auto_capture?
+        true
+      end
+
+      def method_type
+        'paypal'
+      end
+
+      def purchase(_amount, express_checkout, _gateway_options = {})
+        pp_details_request = provider.build_get_express_checkout_details(
+          Token: express_checkout.token
+        )
+        pp_details_response = provider.get_express_checkout_details(pp_details_request)
+
+        pp_request = provider.build_do_express_checkout_payment(
+          DoExpressCheckoutPaymentRequestDetails: {
+            PaymentAction: "Sale",
+            Token: express_checkout.token,
+            PayerID: express_checkout.payer_id,
+            PaymentDetails: pp_details_response.
+              get_express_checkout_details_response_details.PaymentDetails
+          }
+        )
+
+        pp_response = provider.do_express_checkout_payment(pp_request)
+        if pp_response.success?
+          # We need to store the transaction id for the future.
+          # This is mainly so we can use it later on to refund the payment if the user wishes.
+          transaction_id = pp_response.do_express_checkout_payment_response_details.
+            payment_info.first.transaction_id
+          express_checkout.update_column(:transaction_id, transaction_id)
+          # This is rather hackish, required for payment/processing handle_response code.
+          Class.new do
+            def success?; true; end
+
+            def authorization; nil; end
+          end.new
+        else
+          class << pp_response
+            def to_s
+              errors.map(&:long_message).join(" ")
+            end
+          end
+          pp_response
+        end
+      end
+
+      def refund(payment, amount)
+        refund_type = payment.amount == amount.to_f ? "Full" : "Partial"
+        refund_transaction = provider.build_refund_transaction(
+          TransactionID: payment.source.transaction_id,
+          RefundType: refund_type,
+          Amount: {
+            currencyID: payment.currency,
+            value: amount
+          },
+          RefundSource: "any"
+        )
+        refund_transaction_response = provider.refund_transaction(refund_transaction)
+        if refund_transaction_response.success?
+          payment.source.update_attributes(
+            refunded_at: Time.now,
+            refund_transaction_id: refund_transaction_response.RefundTransactionID,
+            state: "refunded",
+            refund_type: refund_type
+          )
+
+          payment.class.create!(
+            order: payment.order,
+            source: payment,
+            payment_method: payment.payment_method,
+            amount: amount.to_f.abs * -1,
+            response_code: refund_transaction_response.RefundTransactionID,
+            state: 'completed'
+          )
+        end
+        refund_transaction_response
+      end
+    end
+  end
+end
--- a/app/models/spree/inventory_unit.rb
+++ b/app/models/spree/inventory_unit.rb
@@ -5,7 +5,8 @@ module Spree
    belongs_to :variant, class_name: "Spree::Variant"
    belongs_to :order, class_name: "Spree::Order"
    belongs_to :shipment, class_name: "Spree::Shipment"
-    belongs_to :return_authorization, class_name: "Spree::ReturnAuthorization"
+    belongs_to :return_authorization, class_name: "Spree::ReturnAuthorization",
+                                      inverse_of: :inventory_units

    scope :backordered, -> { where state: 'backordered' }
    scope :shipped, -> { where state: 'shipped' }
--- a/app/models/spree/order.rb
+++ b/app/models/spree/order.rb
@@ -41,7 +41,7 @@ module Spree
    has_many :state_changes, as: :stateful
    has_many :line_items, -> { order('created_at ASC') }, dependent: :destroy
    has_many :payments, dependent: :destroy
-    has_many :return_authorizations, dependent: :destroy
+    has_many :return_authorizations, dependent: :destroy, inverse_of: :order
    has_many :adjustments, -> { order "#{Spree::Adjustment.table_name}.created_at ASC" },
             as: :adjustable,
             dependent: :destroy
@@ -87,7 +87,6 @@ module Spree
    after_create :create_tax_charge!

    validate :has_available_shipment
-    validate :has_available_payment
    validates :email, presence: true,
                      format: /\A([\w\.%\+\-']+)@([\w\-]+\.)+([\w]{2,})\z/i,
                      if: :require_email
@@ -97,9 +96,6 @@ module Spree
    before_save :update_shipping_fees!, if: :complete?
    before_save :update_payment_fees!, if: :complete?

-    class_attribute :update_hooks
-    self.update_hooks = Set.new
-
    # -- Scopes
    scope :managed_by, lambda { |user|
      if user.has_spree_role?('admin')
@@ -158,12 +154,6 @@ module Spree
      where(completed_at: nil)
    end

-    # Use this method in other gems that wish to register their own custom logic
-    # that should be called after Order#update
-    def self.register_update_hook(hook)
-      update_hooks.add(hook)
-    end
-
    # For compatiblity with Calculator::PriceSack
    def amount
      line_items.inject(0.0) { |sum, li| sum + li.amount }
@@ -451,7 +441,6 @@ module Spree
      updater.update_shipment_state
      updater.before_save_hook
      save
-      updater.run_hooks

      deliver_order_confirmation_email

@@ -766,13 +755,6 @@ module Spree
      address
    end

-    # Update attributes of a record in the database without callbacks, validations etc.
-    #   This was originally an extension to ActiveRecord in Spree but only used for Spree::Order
-    def update_attributes_without_callbacks(attributes)
-      assign_attributes(attributes)
-      Spree::Order.where(id: id).update_all(attributes)
-    end
-
    private

    def process_each_payment
@@ -816,15 +798,10 @@ module Spree
      errors.add(:base, Spree.t(:items_cannot_be_shipped)) && (return false)
    end

-    def has_available_payment
-      return unless delivery?
-      # errors.add(:base, :no_payment_methods_available) if available_payment_methods.empty?
-    end
-
    def after_cancel
      shipments.each(&:cancel!)

-      OrderMailer.cancel_email(id).deliver
+      OrderMailer.cancel_email(id).deliver_later
      self.payment_state = 'credit_owed' unless shipped?
    end

--- a/app/models/spree/payment.rb
+++ b/app/models/spree/payment.rb
@@ -23,7 +23,7 @@ module Spree
    has_one :adjustment, as: :source, dependent: :destroy

    validate :validate_source
-    before_save :set_unique_identifier
+    before_create :set_unique_identifier

    after_save :create_payment_profile, if: :profiles_supported?

--- a/app/models/spree/payment_method.rb
+++ b/app/models/spree/payment_method.rb
@@ -110,23 +110,8 @@ module Spree
    end

    def self.clean_name
-      case name
-      when "Spree::PaymentMethod::Check"
-        "Cash/EFT/etc. (payments for which automatic validation is not required)"
-      when "Spree::Gateway::Migs"
-        "MasterCard Internet Gateway Service (MIGS)"
-      when "Spree::Gateway::Pin"
-        "Pin Payments"
-      when "Spree::Gateway::StripeConnect"
-        "Stripe"
-      when "Spree::Gateway::StripeSCA"
-        "Stripe SCA"
-      when "Spree::Gateway::PayPalExpress"
-        "PayPal Express"
-      else
-        i = name.rindex('::') + 2
-        name[i..-1]
-      end
+      i18n_key = "spree.admin.payment_methods.providers." + name.demodulize.downcase
+      I18n.t(i18n_key)
    end

    private
--- a/app/models/spree/paypal_express_checkout.rb
+++ b/app/models/spree/paypal_express_checkout.rb
@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Spree
+  class PaypalExpressCheckout < ActiveRecord::Base
+  end
+end
--- a/app/models/spree/preferences/preferable.rb
+++ b/app/models/spree/preferences/preferable.rb
@@ -115,6 +115,7 @@ module Spree
        when :password
          value.to_s
        when :decimal
+          value = 0 if value.blank?
          BigDecimal(value.to_s).round(2, BigDecimal::ROUND_HALF_UP)
        when :integer
          value.to_i
--- a/app/models/spree/product.rb
+++ b/app/models/spree/product.rb
@@ -274,10 +274,6 @@ module Spree
      !!deleted_at
    end

-    def available?
-      !(available_on.nil? || available_on.future?)
-    end
-
    # split variants list into hash which shows mapping of opt value onto matching variants
    # eg categorise_variants_from_option(color) => {"red" -> [...], "blue" -> [...]}
    def categorise_variants_from_option(opt_type)
--- a/app/models/spree/return_authorization.rb
+++ b/app/models/spree/return_authorization.rb
@@ -2,9 +2,9 @@

 module Spree
  class ReturnAuthorization < ActiveRecord::Base
-    belongs_to :order, class_name: 'Spree::Order'
+    belongs_to :order, class_name: 'Spree::Order', inverse_of: :return_authorizations

-    has_many :inventory_units
+    has_many :inventory_units, inverse_of: :return_authorization
    has_one :stock_location
    before_create :generate_number
    before_save :force_positive_amount
--- a/app/models/spree/shipment.rb
+++ b/app/models/spree/shipment.rb
@@ -319,7 +319,7 @@ module Spree
    end

    def send_shipped_email
-      ShipmentMailer.shipped_email(id).deliver
+      ShipmentMailer.shipped_email(id).deliver_later
    end

    def update_adjustment_included_tax
--- a/app/models/spree/shipping_category.rb
+++ b/app/models/spree/shipping_category.rb
@@ -4,7 +4,7 @@ module Spree
  class ShippingCategory < ActiveRecord::Base
    validates :name, presence: true
    has_many :products
-    has_many :shipping_method_categories
+    has_many :shipping_method_categories, inverse_of: :shipping_method
    has_many :shipping_methods, through: :shipping_method_categories
  end
 end
--- a/app/models/spree/shipping_method.rb
+++ b/app/models/spree/shipping_method.rb
@@ -5,6 +5,7 @@ module Spree
    include Spree::Core::CalculatedAdjustments
    DISPLAY = [:both, :front_end, :back_end].freeze

+    acts_as_paranoid
    acts_as_taggable

    default_scope -> { where(deleted_at: nil) }
@@ -12,7 +13,7 @@ module Spree
    has_many :shipments
    has_many :shipping_method_categories
    has_many :shipping_categories, through: :shipping_method_categories
-    has_many :shipping_rates
+    has_many :shipping_rates, inverse_of: :shipping_method
    has_many :distributor_shipping_methods
    has_many :distributors, through: :distributor_shipping_methods,
                            class_name: 'Enterprise',
--- a/app/models/spree/shipping_method_category.rb
+++ b/app/models/spree/shipping_method_category.rb
@@ -3,6 +3,7 @@
 module Spree
  class ShippingMethodCategory < ActiveRecord::Base
    belongs_to :shipping_method, class_name: 'Spree::ShippingMethod'
-    belongs_to :shipping_category, class_name: 'Spree::ShippingCategory'
+    belongs_to :shipping_category, class_name: 'Spree::ShippingCategory',
+                                   inverse_of: :shipping_method_categories
  end
 end
--- a/app/models/spree/shipping_rate.rb
+++ b/app/models/spree/shipping_rate.rb
@@ -3,7 +3,7 @@
 module Spree
  class ShippingRate < ActiveRecord::Base
    belongs_to :shipment, class_name: 'Spree::Shipment'
-    belongs_to :shipping_method, class_name: 'Spree::ShippingMethod'
+    belongs_to :shipping_method, class_name: 'Spree::ShippingMethod', inverse_of: :shipping_rates

    scope :frontend,
          -> {
--- a/app/models/spree/stock_item.rb
+++ b/app/models/spree/stock_item.rb
@@ -4,9 +4,9 @@ module Spree
  class StockItem < ActiveRecord::Base
    acts_as_paranoid

-    belongs_to :stock_location, class_name: 'Spree::StockLocation'
+    belongs_to :stock_location, class_name: 'Spree::StockLocation', inverse_of: :stock_items
    belongs_to :variant, class_name: 'Spree::Variant'
-    has_many :stock_movements, dependent: :destroy
+    has_many :stock_movements

    validates :stock_location, :variant, presence: true
    validates :variant_id, uniqueness: { scope: [:stock_location_id, :deleted_at] }
--- a/app/models/spree/stock_location.rb
+++ b/app/models/spree/stock_location.rb
@@ -2,7 +2,7 @@

 module Spree
  class StockLocation < ActiveRecord::Base
-    has_many :stock_items, dependent: :delete_all
+    has_many :stock_items, dependent: :delete_all, inverse_of: :stock_location
    has_many :stock_movements, through: :stock_items

    belongs_to :state, class_name: 'Spree::State'
--- a/app/models/spree/tax_category.rb
+++ b/app/models/spree/tax_category.rb
@@ -5,7 +5,7 @@ module Spree
    acts_as_paranoid
    validates :name, presence: true, uniqueness: { scope: :deleted_at }

-    has_many :tax_rates, dependent: :destroy
+    has_many :tax_rates, dependent: :destroy, inverse_of: :tax_category

    before_save :set_default_category

--- a/app/models/spree/tax_rate.rb
+++ b/app/models/spree/tax_rate.rb
@@ -7,7 +7,7 @@ module Spree

      return if Zone.default_tax

-      record.errors.add(:included_in_price, Spree.t(:included_price_validation))
+      record.errors.add(:included_in_price, Spree.t("errors.messages.included_price_validation"))
    end
  end
 end
@@ -16,8 +16,8 @@ module Spree
  class TaxRate < ActiveRecord::Base
    acts_as_paranoid
    include Spree::Core::CalculatedAdjustments
-    belongs_to :zone, class_name: "Spree::Zone"
-    belongs_to :tax_category, class_name: "Spree::TaxCategory"
+    belongs_to :zone, class_name: "Spree::Zone", inverse_of: :tax_rates
+    belongs_to :tax_category, class_name: "Spree::TaxCategory", inverse_of: :tax_rates

    validates :amount, presence: true, numericality: true
    validates :tax_category_id, presence: true
@@ -71,6 +71,7 @@ module Spree
            amount: amount,
            source: order,
            originator: self,
+            order: order,
            state: "closed",
            label: label
          )
--- a/app/models/spree/user.rb
+++ b/app/models/spree/user.rb
@@ -101,7 +101,7 @@ module Spree
    end

    def send_signup_confirmation
-      ConfirmSignupJob.perform_later(id)
+      Spree::UserMailer.signup_confirmation(self).deliver_later
    end

    def associate_customers
--- a/app/models/spree/variant.rb
+++ b/app/models/spree/variant.rb
@@ -18,10 +18,10 @@ module Spree
                        :tax_category_id, :shipping_category_id, :meta_description,
                        :meta_keywords, :tax_category, :shipping_category

-    has_many :inventory_units
-    has_many :line_items
+    has_many :inventory_units, inverse_of: :variant
+    has_many :line_items, inverse_of: :variant

-    has_many :stock_items, dependent: :destroy
+    has_many :stock_items, dependent: :destroy, inverse_of: :variant
    has_many :stock_locations, through: :stock_items
    has_many :stock_movements

@@ -65,6 +65,7 @@ module Spree

    before_validation :set_cost_currency
    before_validation :update_weight_from_unit_value, if: ->(v) { v.product.present? }
+    before_validation :ensure_unit_value

    after_save :save_default_price
    after_save :update_units
@@ -297,5 +298,11 @@ module Spree
      exchange_variants(:reload).destroy_all
      yield
    end
+
+    def ensure_unit_value
+      return unless product&.variant_unit == "items" && unit_value.nil?
+
+      self.unit_value = 1.0
+    end
  end
 end
--- a/app/models/spree/zone.rb
+++ b/app/models/spree/zone.rb
@@ -2,8 +2,8 @@

 module Spree
  class Zone < ActiveRecord::Base
-    has_many :zone_members, dependent: :destroy, class_name: "Spree::ZoneMember"
-    has_many :tax_rates, dependent: :destroy
+    has_many :zone_members, dependent: :destroy, class_name: "Spree::ZoneMember", inverse_of: :zone
+    has_many :tax_rates, dependent: :destroy, inverse_of: :zone
    has_and_belongs_to_many :shipping_methods, join_table: 'spree_shipping_methods_zones'

    validates :name, presence: true, uniqueness: true
--- a/app/models/spree/zone_member.rb
+++ b/app/models/spree/zone_member.rb
@@ -2,7 +2,7 @@

 module Spree
  class ZoneMember < ActiveRecord::Base
-    belongs_to :zone, class_name: 'Spree::Zone', counter_cache: true
+    belongs_to :zone, class_name: 'Spree::Zone', counter_cache: true, inverse_of: :zone_members
    belongs_to :zoneable, polymorphic: true

    def name
--- a/app/serializers/api/admin/customer_serializer.rb
+++ b/app/serializers/api/admin/customer_serializer.rb
@@ -4,7 +4,7 @@ module Api
  module Admin
    class CustomerSerializer < ActiveModel::Serializer
      attributes :id, :email, :enterprise_id, :user_id, :code, :tags, :tag_list, :name,
-                 :allow_charges, :default_card_present?, :balance, :balance_status
+                 :allow_charges, :default_card_present?

      has_one :ship_address, serializer: Api::AddressSerializer
      has_one :bill_address, serializer: Api::AddressSerializer
@@ -17,20 +17,6 @@ module Api
        customer_tag_list.join(",")
      end

-      def balance
-        Spree::Money.new(balance_value, currency: Spree::Config[:currency]).to_s
-      end
-
-      def balance_status
-        if balance_value.positive?
-          "credit_owed"
-        elsif balance_value.negative?
-          "balance_due"
-        else
-          ""
-        end
-      end
-
      def tags
        customer_tag_list.map do |tag|
          tag_rule_map = options[:tag_rule_mapping].andand[tag]
@@ -51,11 +37,6 @@ module Api

        options[:customer_tags].andand[object.id] || []
      end
-
-      def balance_value
-        @balance_value ||=
-          OpenFoodNetwork::UserBalanceCalculator.new(object.email, object.enterprise).balance
-      end
    end
  end
 end
--- a/app/serializers/api/admin/customer_with_balance_serializer.rb
+++ b/app/serializers/api/admin/customer_with_balance_serializer.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Api
+  module Admin
+    # This serializer relies on `object` to respond to `#balance_value`. That's done in
+    # `CustomersWithBalance` due to the fact that ActiveRecord maps the DB result set's columns to
+    # instance methods. This way, the `balance_value` alias on that class ends up being
+    # `object.balance_value` here.
+    class CustomerWithBalanceSerializer < CustomerSerializer
+      attributes :balance, :balance_status
+
+      delegate :balance_value, to: :object
+
+      def balance
+        Spree::Money.new(balance_value, currency: Spree::Config[:currency]).to_s
+      end
+
+      def balance_status
+        if balance_value.positive?
+          "credit_owed"
+        elsif balance_value.negative?
+          "balance_due"
+        else
+          ""
+        end
+      end
+    end
+  end
+end
--- a/app/serializers/api/admin/customer_with_calculated_balance_serializer.rb
+++ b/app/serializers/api/admin/customer_with_calculated_balance_serializer.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Api
+  module Admin
+    class CustomerWithCalculatedBalanceSerializer < CustomerSerializer
+      attributes :balance, :balance_status
+
+      def balance
+        Spree::Money.new(balance_value, currency: Spree::Config[:currency]).to_s
+      end
+
+      def balance_status
+        if balance_value.positive?
+          "credit_owed"
+        elsif balance_value.negative?
+          "balance_due"
+        else
+          ""
+        end
+      end
+
+      def balance_value
+        @balance_value ||=
+          OpenFoodNetwork::UserBalanceCalculator.new(object.email, object.enterprise).balance
+      end
+    end
+  end
+end
--- a/app/serializers/api/admin/variant_serializer.rb
+++ b/app/serializers/api/admin/variant_serializer.rb
@@ -5,11 +5,9 @@ module Api
    class VariantSerializer < ActiveModel::Serializer
      attributes :id, :name, :producer_name, :image, :sku, :import_date,
                 :options_text, :unit_value, :unit_description, :unit_to_display,
-                 :display_as, :display_name, :name_to_display,
+                 :display_as, :display_name, :name_to_display, :variant_overrides_count,
                 :price, :on_demand, :on_hand, :in_stock, :stock_location_id, :stock_location_name

-      has_many :variant_overrides
-
      def name
        if object.full_name.present?
          "#{object.name} - #{object.full_name}"
@@ -55,6 +53,10 @@ module Api

        object.stock_items.first.stock_location.name
      end
+
+      def variant_overrides_count
+        object.variant_overrides.count
+      end
    end
  end
 end
--- a/app/serializers/api/product_serializer.rb
+++ b/app/serializers/api/product_serializer.rb
@@ -1,8 +1,6 @@
 require "open_food_network/scope_variant_to_hub"

 class Api::ProductSerializer < ActiveModel::Serializer
-  include ActionView::Helpers::SanitizeHelper
-
  attributes :id, :name, :permalink, :meta_keywords
  attributes :group_buy, :notes, :description, :description_html
  attributes :properties_with_values, :price
@@ -18,14 +16,12 @@ class Api::ProductSerializer < ActiveModel::Serializer

  # return an unformatted descripton
  def description
-    strip_tags object.description&.strip
+    sanitizer.strip_content(object.description)
  end

  # return a sanitized html description
  def description_html
-    d = sanitize(object.description, tags: ["p", "b", "strong", "em", "i", "a", "u"],
-                                     attributes: ["href", "target"])
-    d.to_s.html_safe
+    sanitizer.sanitize_content(object.description)&.html_safe
  end

  def properties_with_values
@@ -47,4 +43,10 @@ class Api::ProductSerializer < ActiveModel::Serializer
      object.master.price_with_fees(options[:current_distributor], options[:current_order_cycle])
    end
  end
+
+  private
+
+  def sanitizer
+    @sanitizer ||= ContentSanitizer.new
+  end
 end
--- a/app/services/content_sanitizer.rb
+++ b/app/services/content_sanitizer.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+# Sanitizes and cleans up user-provided content that may contain tags, special characters, etc.
+
+class ContentSanitizer
+  include ActionView::Helpers::SanitizeHelper
+
+  ALLOWED_TAGS = ["p", "b", "strong", "em", "i", "a", "u"].freeze
+  ALLOWED_ATTRIBUTES = ["href", "target"].freeze
+  FILTERED_CHARACTERS = {
+    "&amp;amp;" => "&",
+    "&amp;" => "&",
+    "&nbsp;" => " "
+  }.freeze
+
+  def strip_content(content)
+    return unless content.present?
+
+    content = strip_tags(content.to_s.strip)
+
+    filter_characters(content)
+  end
+
+  def sanitize_content(content)
+    return unless content.present?
+
+    content = sanitize(content.to_s, tags: ALLOWED_TAGS, attributes: ALLOWED_ATTRIBUTES)
+
+    filter_characters(content)
+  end
+
+  private
+
+  def filter_characters(content)
+    FILTERED_CHARACTERS.each do |character, sub|
+      content = content.gsub(character, sub)
+    end
+    content
+  end
+end
--- a/app/services/customers_with_balance.rb
+++ b/app/services/customers_with_balance.rb
@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+class CustomersWithBalance
+  def initialize(enterprise)
+    @enterprise = enterprise
+  end
+
+  def query
+    Customer.of(enterprise).
+      joins(left_join_complete_orders).
+      group("customers.id").
+      select("customers.*").
+      select(outstanding_balance)
+  end
+
+  private
+
+  attr_reader :enterprise
+
+  # Arel doesn't support CASE statements until v7.1.0 so we'll have to wait with SQL literals
+  # a little longer. See https://github.com/rails/arel/pull/400 for details.
+  def outstanding_balance
+    <<-SQL.strip_heredoc
+       SUM(
+         CASE WHEN state IN #{non_fulfilled_states_group.to_sql} THEN payment_total
+              WHEN state IS NOT NULL THEN payment_total - total
+         ELSE 0 END
+       ) AS balance_value
+    SQL
+  end
+
+  # The resulting orders are in states that belong after the checkout. Only these can be considered
+  # for a customer's balance.
+  def left_join_complete_orders
+    <<-SQL.strip_heredoc
+      LEFT JOIN spree_orders ON spree_orders.customer_id = customers.id
+        AND #{complete_orders.to_sql}
+    SQL
+  end
+
+  def complete_orders
+    states_group = prior_to_completion_states.map { |state| Arel::Nodes.build_quoted(state) }
+    Arel::Nodes::NotIn.new(Spree::Order.arel_table[:state], states_group)
+  end
+
+  def non_fulfilled_states_group
+    states_group = non_fulfilled_states.map { |state| Arel::Nodes.build_quoted(state) }
+    Arel::Nodes::Grouping.new(states_group)
+  end
+
+  # All the states an order can be in before completing the checkout
+  def prior_to_completion_states
+    %w(cart address delivery payment)
+  end
+
+  # All the states of a complete order but that shouldn't count towards the balance. Those that the
+  # customer won't enjoy.
+  def non_fulfilled_states
+    %w(canceled returned)
+  end
+end
--- a/app/services/products_renderer.rb
+++ b/app/services/products_renderer.rb
@@ -2,7 +2,6 @@ require 'open_food_network/scope_product_to_hub'

 class ProductsRenderer
  class NoProducts < RuntimeError; end
-  DEFAULT_PAGE = 1
  DEFAULT_PER_PAGE = 10

  def initialize(distributor, order_cycle, customer, args = {})
@@ -51,7 +50,7 @@ class ProductsRenderer
    query.
      ransack(args[:q]).
      result.
-      page(args[:page] || DEFAULT_PAGE).
+      page(args[:page] || 1).
      per(args[:per_page] || DEFAULT_PER_PAGE)
  end

--- a/app/services/search_orders.rb
+++ b/app/services/search_orders.rb
@@ -8,17 +8,6 @@ class SearchOrders
    @orders = fetch_orders
  end

-  def pagination_data
-    return unless using_pagination?
-
-    {
-      results: @orders.total_count,
-      pages: @orders.num_pages,
-      page: params[:page].to_i,
-      per_page: params[:per_page].to_i
-    }
-  end
-
  private

  attr_reader :params, :current_user
@@ -50,6 +39,6 @@ class SearchOrders
  end

  def using_pagination?
-    params[:per_page]
+    params[:page]
  end
 end
--- a/app/views/enterprises/_change_order_cycle.html.haml
+++ b/app/views/enterprises/_change_order_cycle.html.haml
@@ -1,27 +1,28 @@
 %div{"ng-controller" => "OrderCycleChangeCtrl", "ng-cloak" => true}
-  %closing
-    %div{"ng-if" => "OrderCycle.selected()"}
-      %div{"ng-if" => "closesInLessThan3Months()"}
-        = t :enterprises_next_closing
-        %strong {{ OrderCycle.orders_close_at() | date_in_words }}
-      %div{"ng-if" => "!closesInLessThan3Months()"}
-        = t :enterprises_currently_open
-    %div{"ng-if" => "!OrderCycle.selected()"}
-      = t :enterprises_choose
+  .select-and-closing-container
+    %closing
+      %div{"ng-if" => "OrderCycle.selected()"}
+        %div{"ng-if" => "closesInLessThan3Months()"}
+          = t :enterprises_next_closing
+          %strong {{ OrderCycle.orders_close_at() | date_in_words }}
+        %div{"ng-if" => "!closesInLessThan3Months()"}
+          = t :enterprises_currently_open
+      %div{"ng-if" => "!OrderCycle.selected()"}
+        = t :enterprises_choose

-  .order-cycle-select
-    .select-label
-      %span= t :enterprises_ready_for
+    .order-cycle-select
+      .select-label
+        %span= t :enterprises_ready_for

-    - if oc_select_options.count == 1
-      %p
-        = oc_select_options.first[:time]
+      - if oc_select_options.count == 1
+        %p
+          = oc_select_options.first[:time]

-    - else
-      %select.select2.avenir#order_cycle_id{"ng-model" => "order_cycle.order_cycle_id",
-        "ofn-change-order-cycle" => true,
-        "disabled" => require_customer?,
-        "ng-options" => "oc.id as oc.time for oc in #{oc_select_options.to_json}"}
+      - else
+        %select.select2.avenir#order_cycle_id{"ng-model" => "order_cycle.order_cycle_id",
+          "ofn-change-order-cycle" => true,
+          "disabled" => require_customer?,
+          "ng-options" => "oc.id as oc.time for oc in #{oc_select_options.to_json}"}

-        - if oc_select_options.count > 1
-          %option{value: "", disabled: "", selected: ""}= t :shopping_oc_select
+          - if oc_select_options.count > 1
+            %option{value: "", disabled: "", selected: ""}= t :shopping_oc_select
--- a/app/views/spree/admin/general_settings/edit.html.haml
+++ b/app/views/spree/admin/general_settings/edit.html.haml
@@ -59,10 +59,6 @@
                = label_tag(key, Spree.t(key) + ': ') + tag(:br) if type != :boolean
                = preference_field_tag(key, Spree::Config[key], :type => type)
                = label_tag(key, Spree.t(key)) + tag(:br) if type == :boolean
-            .field
-              = label_tag :currency, Spree.t(:choose_currency)
-              %br/
-              = select_tag :currency, currency_options, :class => 'fullwidth'
            .field
              = label_tag Spree.t(:currency_symbol_position)
              %br/
--- a/app/views/spree/admin/orders/_shipment_manifest.html.haml
+++ b/app/views/spree/admin/orders/_shipment_manifest.html.haml
@@ -14,7 +14,7 @@
          = "#{count} x #{t(state.humanize.downcase, scope: [:spree, :shipment_states], default: [:missing, "none"])}"
      - unless shipment.shipped?
        %td.item-qty-edit.hidden
-          = number_field_tag :quantity, item.quantity, :min => 0, :class => "line_item_quantity", :size => 5
+          = number_field_tag :quantity, item.quantity, :min => 0, :class => "line_item_quantity", :size => 5, :max => item.variant.on_hand
      %td.item-total.align-center
        = line_item_shipment_price(line_item, item.quantity)

--- a/app/views/spree/admin/payments/_paypal_complete.html.haml
+++ b/app/views/spree/admin/payments/_paypal_complete.html.haml
@@ -0,0 +1,18 @@
+= form_tag paypal_refund_admin_order_payment_path(@order, @payment) do
+  .label-block.left.five.columns.alpha
+    %div
+      %fieldset
+        %legend= Spree.t('refund', :scope => :paypal)
+        .field
+          = label_tag 'refund_amount', Spree.t(:refund_amount, :scope => 'paypal')
+          %small
+            %em= Spree.t(:original_amount, :scope => 'paypal', :amount => @payment.display_amount)
+          %br/
+          - symbol = ::Money.new(1, Spree::Config[:currency]).symbol
+          - if Spree::Config[:currency_symbol_position] == "before"
+            = symbol
+            = text_field_tag 'refund_amount', @payment.amount
+          - else
+            = text_field_tag 'refund_amount', @payment.amount
+            = symbol
+        = button Spree.t(:refund, :scope => 'paypal'), 'icon-dollar'
--- a/app/views/spree/admin/payments/paypal_refund.html.haml
+++ b/app/views/spree/admin/payments/paypal_refund.html.haml
@@ -0,0 +1,28 @@
+= render partial: 'spree/admin/shared/order_tabs', locals: { current: 'Payments' }
+
+- content_for :page_title do
+  %i.icon-arrow-right
+  = link_to Spree.t(:payments), admin_order_payments_path(@order)
+  %i.icon-arrow-right
+  = payment_method_name(@payment)
+  %i.icon-arrow-right
+  = Spree.t('refund', scope: :paypal)
+
+= form_tag paypal_refund_admin_order_payment_path(@order, @payment) do
+  .label-block.left.five.columns.alpha
+    %div
+      %fieldset
+        %legend= Spree.t('refund', scope: :paypal)
+        .field
+          = label_tag 'refund_amount', Spree.t(:refund_amount, scope: 'paypal')
+          %small
+            %em= Spree.t(:original_amount, scope: 'paypal', amount: @payment.display_amount)
+          %br/
+          - symbol = ::Money.new(1, Spree::Config[:currency]).symbol
+          - if Spree::Config[:currency_symbol_position] == "before"
+            = symbol
+            = text_field_tag 'refund_amount', @payment.amount
+          - else
+            = text_field_tag 'refund_amount', @payment.amount
+            = symbol
+        = button Spree.t(:refund, scope: 'paypal'), 'icon-dollar'
--- a/app/views/spree/admin/payments/source_forms/_paypal.html.haml
+++ b/app/views/spree/admin/payments/source_forms/_paypal.html.haml
@@ -1,8 +1,2 @@
-# We can remove this file as soon as we have a version of better_spree_paypal_express that includes:
-# https://github.com/spree-contrib/better_spree_paypal_express/commit/4360a1fb82d30d7601bc6a98e7b74819f0b377f0
-
-# The selectors in app/assets/javascripts/spree/backend/paypal_express.js don't work with the version
-# of the views we are using, so the warning below wasn't displaying without this override.
-
 #paypal-warning
  %strong= t('.no_payment_via_admin_backend', :scope => 'paypal')
--- a/app/views/spree/admin/payments/source_views/_paypal.html.haml
+++ b/app/views/spree/admin/payments/source_views/_paypal.html.haml
@@ -0,0 +1,36 @@
+%fieldset
+  %legend{align: "center"}= Spree.t(:transaction, scope: :paypal)
+  .row
+    .alpha.six.columns
+      %dl
+        %dt
+          = Spree.t(:payer_id, scope: :paypal)
+          \:
+        %dd= payment.source.payer_id
+        %dt
+          = Spree.t(:token, scope: :paypal)
+          \:
+        %dd= payment.source.token
+        %dt
+          = Spree.t(:transaction_id)
+          \:
+        %dd= payment.source.transaction_id
+    - if payment.source.state != 'refunded'
+      = button_link_to Spree.t('actions.refund', scope: :paypal),
+        spree.paypal_refund_admin_order_payment_path(@order, payment),
+        icon: 'icon-dollar'
+    - else
+      .alpha.six.columns
+        %dl
+          %dt
+            = Spree.t(:state, scope: :paypal)
+            \:
+          %dd= payment.source.state.titleize
+          %dt
+            = Spree.t(:refunded_at, scope: :paypal)
+            \:
+          %dd= pretty_time(payment.source.refunded_at)
+          %dt
+            = Spree.t(:refund_transaction_id, scope: :paypal)
+            \:
+          %dd= payment.source.refund_transaction_id
--- a/app/views/spree/admin/products/_display_as.html.haml
+++ b/app/views/spree/admin/products/_display_as.html.haml
@@ -1,5 +1,4 @@
 .three.columns.omega{ "ng-if" => "product.variant_unit_with_scale != 'items'" }
  = f.field_container :display_as do
    = f.label :product_display_as, t('.display_as')
-    %span.required *
    %input#product_display_as.fullwidth{name: "product[display_as]", placeholder: "{{ placeholder_text }}", type: "text"}
--- a/app/views/spree/admin/products/index/_products_variant.html.haml
+++ b/app/views/spree/admin/products/index/_products_variant.html.haml
@@ -29,6 +29,6 @@
  %td.actions
    %a{ 'ng-click' => 'editWarn(product,variant)', :class => "edit-variant icon-edit no-text", 'ng-show' => "variantSaved(variant)", 'ofn-with-tip' => t(:edit)  }
  %td.actions
-    %span.icon-warning-sign{ 'ng-if' => 'variant.variant_overrides', 'ofn-with-tip' => "{{ 'spree.admin.products.index.products_variant.variant_has_n_overrides' | t:{n: variant.variant_overrides.length} }}" }
+    %span.icon-warning-sign{ 'ng-if' => 'variant.variant_overrides_count > 0', 'ofn-with-tip' => "{{ 'spree.admin.products.index.products_variant.variant_has_n_overrides' | t:{n: variant.variant_overrides_count} }}" }
  %td.actions
    %a{ 'ng-click' => 'deleteVariant(product,variant)', "ng-class" => '{disabled: product.variants.length < 2}', :class => "delete-variant icon-trash no-text", 'ofn-with-tip' => t(:remove)  }
--- a/config/application.rb
+++ b/config/application.rb
@@ -129,6 +129,7 @@ module Openfoodnetwork
      app.config.spree.payment_methods << Spree::Gateway::Pin
      app.config.spree.payment_methods << Spree::Gateway::StripeConnect
      app.config.spree.payment_methods << Spree::Gateway::StripeSCA
+      app.config.spree.payment_methods << Spree::Gateway::PayPalExpress
    end

    # Settings in config/environments/* take precedence over those specified here.
--- a/config/application.yml.example
+++ b/config/application.yml.example
@@ -60,4 +60,11 @@ SMTP_PASSWORD: 'f00d'
 # STRIPE_CLIENT_ID: "ca_xxxx" # This can be a development ID or a production ID
 # STRIPE_ENDPOINT_SECRET: "whsec_xxxx"

+# Feature toggles
+#
+# Adding user emails separated by commas will enable them the use of certain features. See
+# config/initializers/feature_toggles.rb for details.
+#
+# BETA_TESTERS: ofn@example.com,superadmin@example.com
+
 MEMCACHED_VALUE_MAX_MEGABYTES: '4'
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -11,7 +11,7 @@ Openfoodnetwork::Application.configure do
  config.action_controller.perform_caching = true

  # Disable Rails's static asset server (Apache or nginx will already do this)
-  config.serve_static_assets = false
+  config.serve_static_files = false

  # Compress JavaScripts and CSS
  config.assets.compress = true
--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@@ -11,7 +11,7 @@ Openfoodnetwork::Application.configure do
  config.action_controller.perform_caching = true

  # Disable Rails's static asset server (Apache or nginx will already do this)
-  config.serve_static_assets = false
+  config.serve_static_files = false

  # Compress JavaScripts and CSS
  config.assets.compress = true
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -10,7 +10,7 @@ Openfoodnetwork::Application.configure do
  config.eager_load = false

  # Configure static asset server for tests with Cache-Control for performance
-  config.serve_static_assets = true
+  config.serve_static_files = true
  config.static_cache_control = "public, max-age=3600"

  # Separate cache stores when running in parallel
--- a/config/initializers/action_dispatch_request_deep_munge_patch.rb
+++ b/config/initializers/action_dispatch_request_deep_munge_patch.rb
@@ -1 +1 @@
-require "action_dispatch/request"
+require "action_dispatch/request" unless ENV['DEPENDENCIES_NEXT']
--- a/config/initializers/cache_store.rb
+++ b/config/initializers/cache_store.rb
@@ -1,7 +1,4 @@
 unless Rails.env.production?
-  # Enable cache instrumentation, which is disabled by default
-  ActiveSupport::Cache::Store.instrument = true
-
  # Log message in the same default logger
  ActiveSupport::Cache::Store.logger = Rails.logger
 end
--- a/config/initializers/db2fog.rb
+++ b/config/initializers/db2fog.rb
@@ -1,15 +1,17 @@
-require_relative 'spree'
+unless ENV['DEPENDENCIES_NEXT']
+  require_relative 'spree'

-# See: https://github.com/itbeaver/db2fog
-DB2Fog.config = {
-    :aws_access_key_id     => Spree::Config[:s3_access_key],
-    :aws_secret_access_key => Spree::Config[:s3_secret],
-    :directory             => ENV['S3_BACKUPS_BUCKET'],
-    :provider              => 'AWS'
-}
+  # See: https://github.com/itbeaver/db2fog
+  DB2Fog.config = {
+      :aws_access_key_id     => Spree::Config[:s3_access_key],
+      :aws_secret_access_key => Spree::Config[:s3_secret],
+      :directory             => ENV['S3_BACKUPS_BUCKET'],
+      :provider              => 'AWS'
+  }

-region = ENV['S3_BACKUPS_REGION'] || ENV['S3_REGION']
+  region = ENV['S3_BACKUPS_REGION'] || ENV['S3_REGION']

-# If no region is defined we leave this config key undefined (instead of nil),
-# so that db2fog correctly applies it's default
-DB2Fog.config[:region] = region if region
+  # If no region is defined we leave this config key undefined (instead of nil),
+  # so that db2fog correctly applies it's default
+  DB2Fog.config[:region] = region if region
+end
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.7
 .4.4