Defend against nils in variant serializer

If unit_price.denominator ever returns nil, the serializer won't explode now.
Merge pull request #7222 from openfoodfoundation/transifex
2026-01-19 19:46:51 +00:00 · 2021-03-30 15:26:48 +01:00 · 2021-03-29 16:13:02 +02:00 · 2021-03-29 15:24:44 +02:00 · 2021-03-29 15:24:24 +02:00 · 2021-03-29 13:36:21 +02:00
531 changed files with 13775 additions and 9005 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -0,0 +1,301 @@
+name: Build
+
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+
+env:
+  DISABLE_KNAPSACK: true
+  TIMEZONE: UTC
+
+jobs:
+  test-controllers-and-serializers:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run controller tests
+        run: bundle exec rspec --profile -- spec/controllers spec/serializers
+
+  test-models:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run tests
+        run: bundle exec rspec --profile -- spec/models
+
+  test-admin-features-1:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run admin feature tests
+        run: bundle exec rspec --profile -- spec/features/admin/[a-o0-9]*_spec.rb
+
+  test-admin-features-2:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run admin feature tests
+        run: bundle exec rspec --profile -- spec/features/admin/[p-z]*_spec.rb
+
+  test-consumer-features:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run consumer feature tests
+        run: bundle exec rspec --profile -- spec/features/consumer
+
+  test-engines-etc:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run JS tests
+        run: RAILS_ENV=test bundle exec rake karma:run
+
+      - name: Run all other tests
+        run: bundle exec rake ofn:specs:run:excluding_folders["models,controllers,serializers,features,lib"]
+
+  test-the-rest:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run admin feature folders, engines, lib
+        run: bundle exec rspec --profile --pattern "engines/*/spec/{,/*/**}/*_spec.rb,spec/features/admin/*/*_spec.rb,spec/lib/{,/*/**}/*_spec.rb"
--- a/.gitignore
+++ b/.gitignore
@@ -31,6 +31,7 @@ app/public
 public/system
 public/stylesheets
 public/images
+public/files
 public/spree
 public/assets
 config/abr.yml
--- a/.rspec
+++ b/.rspec
@@ -1,2 +0,0 @@
--colour
--format Fuubar
--- a/.rubocop_manual_todo.yml
+++ b/.rubocop_manual_todo.yml
@@ -21,6 +21,25 @@
 Layout/LineLength:
  Max: 100
  Exclude:
+  - app/controllers/spree/admin/products_controller.rb
+  - app/controllers/spree/admin/reports_controller.rb
+  - app/controllers/spree/paypal_controller.rb
+  - engines/order_management/spec/services/order_management/order/stripe_sca_payment_authorize_spec.rb
+  - engines/order_management/spec/services/order_management/order/updater_spec.rb
+  - engines/order_management/spec/services/order_management/reports/bulk_coop/bulk_coop_report_spec.rb
+  - lib/open_food_network/reports/line_items.rb
+  - spec/controllers/spree/admin/orders/invoices_spec.rb
+  - spec/controllers/spree/admin/tax_rates_controller_spec.rb
+  - spec/controllers/user_passwords_controller_spec.rb
+  - spec/features/admin/configuration/general_settings_spec.rb
+  - spec/features/consumer/shopping/unit_price_spec.rb
+  - spec/helpers/admin/orders_helper_spec.rb
+  - spec/lib/open_food_network/order_cycle_management_report_spec.rb
+  - spec/lib/stripe/authorize_response_patcher_spec.rb
+  - spec/services/bulk_invoice_service_spec.rb
+  - spec/services/content_sanitizer_spec.rb
+  - spec/services/process_payment_intent_spec.rb
+  - spec/support/features/datepicker_helper.rb
  - app/controllers/admin/bulk_line_items_controller.rb
  - app/controllers/admin/contents_controller.rb
  - app/controllers/admin/customers_controller.rb
@@ -329,6 +348,29 @@ Layout/LineLength:
 Metrics/AbcSize:
  Max: 15
  Exclude:
+  - app/controllers/admin/schedules_controller.rb
+  - app/controllers/checkout_controller.rb
+  - app/controllers/spree/admin/general_settings_controller.rb
+  - app/controllers/spree/admin/images_controller.rb
+  - app/controllers/spree/admin/mail_methods_controller.rb
+  - app/controllers/spree/admin/shipping_methods_controller.rb
+  - app/controllers/spree/paypal_controller.rb
+  - app/helpers/spree/base_helper.rb
+  - app/jobs/subscription_placement_job.rb
+  - app/models/order_cycle.rb
+  - app/models/product_import/unit_converter.rb
+  - app/models/spree/gateway/pay_pal_express.rb
+  - app/serializers/api/admin/enterprise_serializer.rb
+  - app/services/order_factory.rb
+  - app/services/variants_stock_levels.rb
+  - engines/order_management/app/services/order_management/subscriptions/form.rb
+  - lib/open_food_network/enterprise_fee_calculator.rb
+  - lib/open_food_network/order_grouper.rb
+  - lib/spree/core/controller_helpers/auth.rb
+  - lib/spree/core/controller_helpers/common.rb
+  - lib/spree/core/product_duplicator.rb
+  - lib/stripe/authorize_response_patcher.rb
+  - lib/stripe/profile_storer.rb
  - app/controllers/admin/bulk_line_items_controller.rb
  - app/controllers/admin/customers_controller.rb
  - app/controllers/admin/enterprise_fees_controller.rb
@@ -468,7 +510,7 @@ Metrics/AbcSize:

 Metrics/BlockLength:
  Max: 25
-  ExcludedMethods: [
+  IgnoredMethods: [
    "class_eval",
    "collection",
    "context",
@@ -482,6 +524,8 @@ Metrics/BlockLength:
    "scenario"
  ]
  Exclude:
+  - spec/features/admin/order_cycles/complex_updating_specific_time_spec.rb
+  - spec/features/admin/tag_rules_spec.rb
  - app/models/spree/order/checkout.rb
  - app/models/spree/payment/processing.rb
  - app/models/spree/shipment.rb
@@ -514,6 +558,27 @@ Metrics/BlockLength:
 Metrics/CyclomaticComplexity:
  Max: 6
  Exclude:
+  - app/controllers/admin/resource_controller.rb
+  - app/controllers/spree/admin/payment_methods_controller.rb
+  - app/controllers/spree/admin/payments_controller.rb
+  - app/controllers/spree/admin/products_controller.rb
+  - app/controllers/spree/admin/users_controller.rb
+  - app/models/product_import/entry_validator.rb
+  - app/models/spree/order_inventory.rb
+  - app/models/spree/order.rb
+  - app/models/spree/shipment.rb
+  - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
+  - engines/order_management/app/services/order_management/reports/enterprise_fee_summary/parameters.rb
+  - lib/active_merchant/billing/gateways/stripe_decorator.rb
+  - lib/open_food_network/group_buy_report.rb
+  - lib/open_food_network/order_cycle_form_applicator.rb
+  - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/payments_report.rb
+  - lib/spree/core/controller_helpers/common.rb
+  - lib/stripe/authorize_response_patcher.rb
+  - lib/stripe/credit_card_clone_destroyer.rb
+  - spec/support/i18n_translations_checker.rb
  - app/controllers/admin/enterprise_fees_controller.rb
  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/spree/admin/taxons_controller.rb
@@ -552,6 +617,18 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
  Max: 7
  Exclude:
+  - app/controllers/spree/admin/payment_methods_controller.rb
+  - app/controllers/spree/admin/payments_controller.rb
+  - app/controllers/spree/admin/users_controller.rb
+  - app/models/product_import/entry_validator.rb
+  - app/models/spree/order_inventory.rb
+  - app/models/spree/shipment.rb
+  - app/models/spree/variant.rb
+  - lib/active_merchant/billing/gateways/stripe_decorator.rb
+  - lib/open_food_network/group_buy_report.rb
+  - lib/open_food_network/order_cycle_form_applicator.rb
+  - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/payments_report.rb
  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/api/variants_controller.rb
  - app/controllers/spree/admin/taxons_controller.rb
@@ -702,10 +779,18 @@ Metrics/MethodLength:
  - spec/features/consumer/shopping/variant_overrides_spec.rb
  - spec/models/product_importer_spec.rb
  - spec/support/i18n_translations_checker.rb
+  - app/controllers/admin/bulk_line_items_controller.rb
+  - app/controllers/spree/paypal_controller.rb
+  - app/jobs/subscription_placement_job.rb
+  - app/models/spree/gateway/pay_pal_express.rb

 Metrics/ClassLength:
  Max: 100
  Exclude:
+  - app/controllers/admin/customers_controller.rb
+  - app/controllers/spree/admin/payments_controller.rb
+  - app/controllers/spree/paypal_controller.rb
+  - engines/order_management/app/services/order_management/order/updater.rb
  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/admin/order_cycles_controller.rb
  - app/controllers/admin/resource_controller.rb
--- a/.rubocop_styleguide.yml
+++ b/.rubocop_styleguide.yml
@@ -5,7 +5,9 @@
 # rubocop locally, the default configuration file `.rubocop.yml` loads
 # our "todo lists" to ignore all current violations.
 AllCops:
-  TargetRailsVersion: 4.0
+  NewCops: disable
+  SuggestExtensions: false
+  TargetRailsVersion: 5.0
  Exclude:
    - 'bin/**/*'
    - 'db/**/*'
@@ -183,7 +185,7 @@ Metrics/AbcSize:

 Metrics/BlockLength:
  Max: 25
-  ExcludedMethods: [
+  IgnoredMethods: [
    "class_eval",
    "collection",
    "context",
@@ -217,3 +219,6 @@ Metrics/ParameterLists:

 Metrics/PerceivedComplexity:
  Max: 7
+
+Naming/PredicateName:
+  Enabled: false
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
--- a/spec/coverage_helper.rb
+++ b/spec/coverage_helper.rb
@@ -1,9 +1,8 @@
-# frozen_string_literal: true
+#!/bin/env ruby

-require 'simplecov'
-
-SimpleCov.minimum_coverage 54
 SimpleCov.start 'rails' do
+  minimum_coverage 54
+
  add_filter '/bin/'
  add_filter '/config/'
  add_filter '/jobs/application_job.rb'
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -15,6 +15,14 @@ Create a new branch on your local machine to make your changes against (based on

    git checkout -b branch-name-here --no-track upstream/master

+You might need to update or install missing gems:
+
+    bundle install
+
+Also, there might be missing dependencies, after pulling a particular branch. To update dependencies, run:
+
+    yarn install
+
 If you want to run the whole test suite, we recommend using a free CI service to run your tests in parallel. Running the whole suite locally in series is likely to take > 40 minutes. [TravisCI][travis] and [SemaphoreCI][semaphore] both work great in our experience. Either way, make sure the tests pass on your new branch:

    bundle exec rspec spec
--- a/GETTING_STARTED.md
+++ b/GETTING_STARTED.md
@@ -6,12 +6,13 @@ This is a general guide to setting up an Open Food Network **development environ

 The fastest way to make it work locally is to use Docker, you only need to setup git, see the [Docker setup guide](docker/README.md).
 Otherwise, for a local setup you will need:
-* Ruby 2.3.7 and bundler
+* Ruby 2.4.4 and bundler (check current Ruby version in [.ruby-version](https://github.com/openfoodfoundation/openfoodnetwork/blob/master/.ruby-version) file)
 * PostgreSQL database
 * Chrome (for testing)

 The following guides will provide OS-specific step-by-step instructions to get these requirements installed:
 - [Ubuntu Setup Guide][ubuntu]
+- [Debian Setup Guide][debian]
 - [OSX Setup Guide][osx]

 If you are likely to need to manage multiple version of ruby on your local machine, we recommend version managers such as [rbenv](https://github.com/rbenv/rbenv) or [RVM](https://rvm.io/).
@@ -20,7 +21,7 @@ For those new to Rails, the following tutorial will help get you up to speed wit

 ### Get it

-If you're planning on contributing code to the project (which we [LOVE](CONTRIBUTING.md)), it is a good idea to begin by forking this repo using the `Fork` button in the top-right corner of this screen. You should then be able to use `git clone` to copy your fork onto your local machine.
+So you have set up your local environment according to the requirements listed above. If you're planning on contributing code to the project (which we [LOVE](CONTRIBUTING.md)), it is a good idea to begin by forking this repo using the `Fork` button in the top-right corner of this screen. You should then be able to use `git clone` to copy your fork onto your local machine:

    git clone https://github.com/YOUR_GITHUB_USERNAME_HERE/openfoodnetwork

@@ -116,6 +117,7 @@ If these commands succeed, you should be able to [continue the setup process](#g
 [developer-wiki]: https://github.com/openfoodfoundation/openfoodnetwork/wiki
 [osx]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup:-OS-X
 [ubuntu]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup:-Ubuntu
+[debian]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup:-Debian
 [wiki]: https://github.com/openfoodfoundation/openfoodnetwork/wiki
 [zeus]: https://github.com/burke/zeus
 [rubocop]: https://rubocop.readthedocs.io/en/latest/
--- a/63
+++ b/63
@@ -4,49 +4,24 @@ source 'https://rubygems.org'
 ruby "2.4.4"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }

-plugin 'bootboot', '~> 0.1.1' unless Bundler.settings[:frozen]
-Plugin.__send__(:load_plugin, 'bootboot') if Plugin.installed?('bootboot')
+gem 'rails', '~> 5.0.0'

-if ENV['DEPENDENCIES_NEXT']
-  enable_dual_booting if Plugin.installed?('bootboot')
-
-  # This will only be loaded when running
-  # bundler command prefixed with `DEPENDENCIES_NEXT=1
-  gem 'rails', '> 5.0', '< 5.1'
-
-  gem 'activemerchant', '>= 1.78.0'
-  gem 'angular-rails-templates', '>= 0.3.0'
-  gem 'awesome_nested_set'
-  gem 'ransack', '2.3.0'
-  gem 'responders'
-  gem 'sass', '<= 4.7.1'
-  gem 'sass-rails', '< 6.0.0'
-  gem 'libv8', '< 8'
-else
-  gem 'rails', '~> 4.2'
-
-  gem 'activemerchant', '~> 1.78.0'
-  gem 'angular-rails-templates', '~> 0.3.0'
-  gem 'awesome_nested_set', '~> 3.3.1'
-  gem 'ransack', '~> 1.8.10'
-  gem 'responders', '~> 2.0'
-  gem 'sass'
-  gem 'sass-rails'
-
-  gem 'db2fog'
-  gem 'unicorn'
-
-  group :test do
-    gem 'test_after_commit' # needed to test Devise callbacks
-  end
-end
+gem 'activemerchant', '>= 1.78.0'
+gem 'angular-rails-templates', '>= 0.3.0'
+gem 'awesome_nested_set'
+gem 'ransack', '2.3.0'
+gem 'responders'
+gem 'sass', '<= 4.7.1'
+gem 'sass-rails', '< 6.0.0'

 gem 'i18n'
-gem 'i18n-js', '~> 3.8.0'
+gem 'i18n-js', '~> 3.8.2'
 gem 'rails-i18n'
 gem 'rails_safe_tasks', '~> 1.0'

 gem "activerecord-import"
+gem "db2fog", github: "openfoodfoundation/db2fog", branch: "rails-5"
+gem "fog-aws", ">= 0.6.0"

 gem "catalog", path: "./engines/catalog"
 gem 'dfc_provider', path: './engines/dfc_provider'
@@ -57,11 +32,11 @@ gem 'activerecord-postgresql-adapter'
 gem 'pg', '~> 0.21.0'

 gem 'acts_as_list', '0.9.19'
-gem 'cancancan', '~> 1.7.0'
+gem 'cancancan', '~> 1.15.0'
 gem 'ffaker'
 gem 'highline', '2.0.3' # Necessary for the install generator
 gem 'json'
-gem 'monetize', '~> 1.10'
+gem 'monetize', '~> 1.11'
 gem 'paranoia', '~> 2.4'
 gem 'state_machines-activerecord'
 gem 'stringex', '~> 2.8.5'
@@ -73,7 +48,7 @@ gem 'devise'
 gem 'devise-encryptable'
 gem 'devise-token_authenticatable'
 gem 'jwt', '~> 2.2'
-gem 'oauth2', '~> 1.4.4' # Used for Stripe Connect
+gem 'oauth2', '~> 1.4.7' # Used for Stripe Connect

 gem 'daemons'
 gem 'delayed_job_active_record'
@@ -93,7 +68,7 @@ gem 'actionpack-action_caching'
 #   AMS is deprecated, we will introduce an alternative at some point
 gem "active_model_serializers", "0.8.4"
 gem 'activerecord-session_store'
-gem 'acts-as-taggable-on', '~> 4.0'
+gem 'acts-as-taggable-on', '~> 7.0'
 gem 'angularjs-file-upload-rails', '~> 2.4.1'
 gem 'custom_error_message', github: 'jeremydurham/custom-err-msg'
 gem 'dalli'
@@ -108,7 +83,7 @@ gem 'roadie-rails', '~> 1.3.0'

 gem 'combine_pdf'
 gem 'wicked_pdf'
-gem 'wkhtmltopdf-binary'
+gem 'wkhtmltopdf-binary', '0.12.5' # We need to upgrade our CI before we can bump this :/

 gem 'immigrant'
 gem 'roo', '~> 2.8.3'
@@ -120,7 +95,7 @@ gem 'test-unit', '~> 3.4'
 gem 'coffee-rails', '~> 4.2.2'
 gem 'compass-rails'

-gem 'mini_racer', '0.2.15'
+gem 'mini_racer', '0.3.1'

 gem 'uglifier', '>= 1.0.3'

@@ -136,6 +111,8 @@ gem 'select2-rails', '~> 3.4.7'

 gem 'ofn-qz', github: 'openfoodfoundation/ofn-qz', branch: 'ofn-rails-4'

+gem 'good_migrations'
+
 group :production, :staging do
  gem 'ddtrace'
  gem 'unicorn-worker-killer'
@@ -145,6 +122,7 @@ group :test, :development do
  # Pretty printed test output
  gem 'atomic'
  gem 'awesome_print'
+  gem 'bullet'
  gem 'capybara'
  gem 'database_cleaner', require: false
  gem "factory_bot_rails", '5.2.0', require: false
@@ -166,6 +144,7 @@ group :test do
  gem 'simplecov', require: false
  gem 'test-prof'
  gem 'webmock'
+  gem 'rails-controller-testing'
  # See spec/spec_helper.rb for instructions
  # gem 'perftools.rb'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -4,6 +4,16 @@ GIT
  specs:
    custom_error_message (1.1.1)

+GIT
+  remote: https://github.com/openfoodfoundation/db2fog.git
+  revision: 8ceef362c64e6573d62d26db5ebb0c0f33cd3d61
+  branch: rails-5
+  specs:
+    db2fog (0.9.1)
+      activerecord (>= 3.2.0, < 6.0)
+      fog-core (~> 1.0)
+      rails (>= 3.2.0, < 6.0)
+
 GIT
  remote: https://github.com/openfoodfoundation/ofn-qz.git
  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
@@ -37,46 +47,48 @@ PATH
 GEM
  remote: https://rubygems.org/
  specs:
-    CFPropertyList (2.3.6)
-    actionmailer (4.2.11.3)
-      actionpack (= 4.2.11.3)
-      actionview (= 4.2.11.3)
-      activejob (= 4.2.11.3)
+    actioncable (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      nio4r (>= 1.2, < 3.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.11.3)
-      actionview (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      rack (~> 1.6)
-      rack-test (~> 0.6.2)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.0.7.2)
+      actionview (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      rack (~> 2.0)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
    actionpack-action_caching (1.2.1)
      actionpack (>= 4.0.0)
-    actionview (4.2.11.3)
-      activesupport (= 4.2.11.3)
+    actionview (5.0.7.2)
+      activesupport (= 5.0.7.2)
      builder (~> 3.1)
      erubis (~> 2.7.0)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.3)
    active_model_serializers (0.8.4)
      activemodel (>= 3.0)
-    activejob (4.2.11.3)
-      activesupport (= 4.2.11.3)
-      globalid (>= 0.3.0)
-    activemerchant (1.78.0)
-      activesupport (>= 3.2.14, < 6.x)
+    activejob (5.0.7.2)
+      activesupport (= 5.0.7.2)
+      globalid (>= 0.3.6)
+    activemerchant (1.107.4)
+      activesupport (>= 4.2)
      builder (>= 2.1.2, < 4.0.0)
      i18n (>= 0.6.9)
      nokogiri (~> 1.4)
-    activemodel (4.2.11.3)
-      activesupport (= 4.2.11.3)
-      builder (~> 3.1)
-    activerecord (4.2.11.3)
-      activemodel (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      arel (~> 6.0)
-    activerecord-import (1.0.7)
+    activemodel (5.0.7.2)
+      activesupport (= 5.0.7.2)
+    activerecord (5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      arel (~> 7.0)
+    activerecord-import (1.0.8)
      activerecord (>= 3.2)
    activerecord-postgresql-adapter (0.0.1)
      pg
@@ -86,35 +98,32 @@ GEM
      multi_json (~> 1.11, >= 1.11.2)
      rack (>= 1.5.2, < 3)
      railties (>= 4.0)
-    activesupport (4.2.11.3)
-      i18n (~> 0.7)
+    activesupport (5.0.7.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
-    acts-as-taggable-on (4.0.0)
-      activerecord (>= 4.0)
+    acts-as-taggable-on (7.0.0)
+      activerecord (>= 5.0, < 6.2)
    acts_as_list (0.9.19)
      activerecord (>= 3.0)
    addressable (2.7.0)
      public_suffix (>= 2.0.2, < 5.0)
-    aliyun-sdk (0.8.0)
-      nokogiri (~> 1.6)
-      rest-client (~> 2.0)
    andand (1.3.3)
-    angular-rails-templates (0.3.0)
-      railties (>= 3.1)
-      sprockets (~> 2.0)
+    angular-rails-templates (1.1.0)
+      railties (>= 4.2, < 7)
+      sprockets (>= 3.0, < 5)
      tilt
    angular_rails_csrf (4.2.0)
      railties (>= 3, < 7)
    angularjs-file-upload-rails (2.4.1)
    angularjs-rails (1.5.5)
-    arel (6.0.4)
+    arel (7.1.4)
    ast (2.4.2)
    atomic (1.1.101)
-    awesome_nested_set (3.3.1)
+    awesome_nested_set (3.4.0)
      activerecord (>= 4.0.0, < 7.0)
-    awesome_print (1.8.0)
+    awesome_print (1.9.2)
    aws-sdk (1.67.0)
      aws-sdk-v1 (= 1.67.0)
    aws-sdk-v1 (1.67.0)
@@ -124,8 +133,11 @@ GEM
    bugsnag (6.19.0)
      concurrent-ruby (~> 1.0)
    builder (3.2.4)
+    bullet (6.1.4)
+      activesupport (>= 3.0.0)
+      uniform_notifier (~> 1.11)
    byebug (11.1.3)
-    cancancan (1.7.1)
+    cancancan (1.15.0)
    capybara (3.32.2)
      addressable
      mini_mime (>= 0.1.3)
@@ -136,7 +148,7 @@ GEM
      xpath (~> 3.2)
    childprocess (3.0.0)
    chronic (0.10.2)
-    chunky_png (1.3.14)
+    chunky_png (1.4.0)
    climate_control (0.2.0)
    cocaine (0.5.8)
      climate_control (>= 0.0.3, < 1.0)
@@ -175,19 +187,15 @@ GEM
    daemons (1.3.1)
    dalli (2.7.11)
    database_cleaner (1.99.0)
-    db2fog (0.9.0)
-      activerecord (>= 3.2.0, < 5.0)
-      fog (~> 1.0)
-      rails (>= 3.2.0, < 5.0)
-    ddtrace (0.45.0)
+    ddtrace (0.46.0)
      msgpack
    debugger-linecache (1.2.0)
    delayed_job (4.1.9)
      activesupport (>= 3.0, < 6.2)
-    delayed_job_active_record (4.1.5)
+    delayed_job_active_record (4.1.6)
      activerecord (>= 3.0, < 6.2)
      delayed_job (>= 3.0, < 5)
-    delayed_job_web (1.4.3)
+    delayed_job_web (1.4.4)
      activerecord (> 3.0.0)
      delayed_job (> 2.0.3)
      rack-protection (>= 1.5.5)
@@ -204,171 +212,36 @@ GEM
      devise (>= 4.0.0, < 5.0.0)
    diff-lcs (1.4.4)
    docile (1.3.4)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
-    dry-inflector (0.1.2)
    erubis (2.7.0)
    eventmachine (1.2.7)
-    excon (0.78.0)
+    excon (0.79.0)
    execjs (2.7.0)
    factory_bot (5.2.0)
      activesupport (>= 4.2.0)
    factory_bot_rails (5.2.0)
      factory_bot (~> 5.2.0)
      railties (>= 4.2.0)
-    faraday (1.0.1)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
      multipart-post (>= 1.2, < 3)
+      ruby2_keywords
+    faraday-net_http (1.0.1)
    ffaker (2.16.0)
-    ffi (1.13.1)
+    ffi (1.15.0)
    figaro (1.2.0)
      thor (>= 0.14.0, < 2)
-    fission (0.5.0)
-      CFPropertyList (~> 2.2)
-    fog (1.41.0)
-      fog-aliyun (>= 0.1.0)
-      fog-atmos
-      fog-aws (>= 0.6.0)
-      fog-brightbox (~> 0.4)
-      fog-cloudatcost (~> 0.1.0)
-      fog-core (~> 1.45)
-      fog-digitalocean (>= 0.3.0)
-      fog-dnsimple (~> 1.0)
-      fog-dynect (~> 0.0.2)
-      fog-ecloud (~> 0.1)
-      fog-google (<= 0.1.0)
-      fog-internet-archive
-      fog-joyent
-      fog-json
-      fog-local
-      fog-openstack
-      fog-powerdns (>= 0.1.1)
-      fog-profitbricks
-      fog-rackspace
-      fog-radosgw (>= 0.0.2)
-      fog-riakcs
-      fog-sakuracloud (>= 0.0.4)
-      fog-serverlove
-      fog-softlayer
-      fog-storm_on_demand
-      fog-terremark
-      fog-vmfusion
-      fog-voxel
-      fog-vsphere (>= 0.4.0)
-      fog-xenserver
-      fog-xml (~> 0.1.1)
-      ipaddress (~> 0.5)
-      json (>= 1.8, < 2.0)
-    fog-aliyun (0.3.19)
-      aliyun-sdk (~> 0.8.0)
-      fog-core
-      fog-json
-      ipaddress (~> 0.8)
-      xml-simple (~> 1.1)
-    fog-atmos (0.1.0)
-      fog-core
-      fog-xml
    fog-aws (2.0.1)
      fog-core (~> 1.38)
      fog-json (~> 1.0)
      fog-xml (~> 0.1)
      ipaddress (~> 0.8)
-    fog-brightbox (0.16.1)
-      dry-inflector
-      fog-core
-      fog-json
-      mime-types
-    fog-cloudatcost (0.1.2)
-      fog-core (~> 1.36)
-      fog-json (~> 1.0)
-      fog-xml (~> 0.1)
-      ipaddress (~> 0.8)
    fog-core (1.45.0)
      builder
      excon (~> 0.58)
      formatador (~> 0.2)
-    fog-digitalocean (0.4.0)
-      fog-core
-      fog-json
-      fog-xml
-      ipaddress (>= 0.5)
-    fog-dnsimple (1.0.0)
-      fog-core (~> 1.38)
-      fog-json (~> 1.0)
-    fog-dynect (0.0.3)
-      fog-core
-      fog-json
-      fog-xml
-    fog-ecloud (0.3.0)
-      fog-core
-      fog-xml
-    fog-google (0.1.0)
-      fog-core
-      fog-json
-      fog-xml
-    fog-internet-archive (0.0.2)
-      fog-core
-      fog-json
-      fog-xml
-    fog-joyent (0.0.1)
-      fog-core (~> 1.42)
-      fog-json (>= 1.0)
    fog-json (1.2.0)
      fog-core
      multi_json (~> 1.10)
-    fog-local (0.6.0)
-      fog-core (>= 1.27, < 3.0)
-    fog-openstack (0.3.10)
-      fog-core (>= 1.45, <= 2.1.0)
-      fog-json (>= 1.0)
-      ipaddress (>= 0.8)
-    fog-powerdns (0.2.0)
-      fog-core
-      fog-json
-      fog-xml
-    fog-profitbricks (4.1.1)
-      fog-core (~> 1.42)
-      fog-json (~> 1.0)
-    fog-rackspace (0.1.6)
-      fog-core (>= 1.35)
-      fog-json (>= 1.0)
-      fog-xml (>= 0.1)
-      ipaddress (>= 0.8)
-    fog-radosgw (0.0.5)
-      fog-core (>= 1.21.0)
-      fog-json
-      fog-xml (>= 0.0.1)
-    fog-riakcs (0.1.0)
-      fog-core
-      fog-json
-      fog-xml
-    fog-sakuracloud (1.7.5)
-      fog-core
-      fog-json
-    fog-serverlove (0.1.2)
-      fog-core
-      fog-json
-    fog-softlayer (1.1.4)
-      fog-core
-      fog-json
-    fog-storm_on_demand (0.1.1)
-      fog-core
-      fog-json
-    fog-terremark (0.1.0)
-      fog-core
-      fog-xml
-    fog-vmfusion (0.1.0)
-      fission
-      fog-core
-    fog-voxel (0.1.0)
-      fog-core
-      fog-xml
-    fog-vsphere (3.4.0)
-      fog-core
-      rbvmomi (>= 1.9, < 3)
-    fog-xenserver (1.0.0)
-      fog-core
-      fog-xml
-      xmlrpc
    fog-xml (0.1.3)
      fog-core
      nokogiri (>= 1.5.11, < 2.0.0)
@@ -382,24 +255,23 @@ GEM
    fuubar (2.5.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
-    geocoder (1.6.4)
+    geocoder (1.6.6)
    get_process_mem (0.2.7)
      ffi (~> 1.0)
    globalid (0.4.2)
      activesupport (>= 4.2.0)
    gmaps4rails (2.1.2)
+    good_migrations (0.0.2)
+      activerecord (>= 3.1)
+      railties (>= 3.1)
    haml (5.2.1)
      temple (>= 0.8.0)
      tilt
    hashdiff (1.0.1)
    highline (2.0.3)
-    hike (1.2.3)
-    http-accept (1.7.0)
-    http-cookie (1.0.3)
-      domain_name (~> 0.5)
-    i18n (0.9.5)
+    i18n (1.8.9)
      concurrent-ruby (~> 1.0)
-    i18n-js (3.8.0)
+    i18n-js (3.8.2)
      i18n (>= 0.6.6)
    immigrant (0.3.6)
      activerecord (>= 3.0)
@@ -437,7 +309,7 @@ GEM
      addressable (~> 2.3)
    letter_opener (1.7.0)
      launchy (~> 2.2)
-    libv8 (7.3.492.27.1)
+    libv8 (8.4.255.0)
    loofah (2.9.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
@@ -446,30 +318,31 @@ GEM
    method_source (1.0.0)
    mime-types (3.3.1)
      mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.0512)
+    mime-types-data (3.2020.1104)
    mini_mime (1.0.2)
    mini_portile2 (2.4.0)
-    mini_racer (0.2.15)
-      libv8 (> 7.3)
-    minitest (5.14.3)
-    monetize (1.10.0)
+    mini_racer (0.3.1)
+      libv8 (~> 8.4.255)
+    minitest (5.14.4)
+    monetize (1.11.0)
      money (~> 6.12)
-    money (6.14.0)
+    money (6.14.1)
      i18n (>= 0.6.4, <= 2)
    msgpack (1.4.2)
    multi_json (1.15.0)
    multi_xml (0.6.0)
    multipart-post (2.1.1)
-    netrc (0.11.0)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    nio4r (2.5.2)
    nokogiri (1.10.10)
      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
+    oauth2 (1.4.7)
      faraday (>= 0.8, < 2.0)
      jwt (>= 1.0, < 3.0)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
-    optimist (3.0.1)
    orm_adapter (0.5.0)
    paper_trail (10.3.1)
      activerecord (>= 4.2)
@@ -491,6 +364,8 @@ GEM
    paypal-sdk-merchant (1.117.2)
      paypal-sdk-core (~> 0.3.0)
    pg (0.21.0)
+    polyamorous (2.3.0)
+      activerecord (>= 5.0)
    power_assert (2.0.0)
    pry (0.13.1)
      coderay (~> 1.1)
@@ -499,72 +374,66 @@ GEM
      byebug (~> 11.0)
      pry (~> 0.13.0)
    public_suffix (4.0.6)
-    rack (1.6.13)
+    rack (2.2.3)
    rack-mini-profiler (2.3.1)
      rack (>= 1.2.0)
-    rack-protection (1.5.5)
+    rack-protection (2.1.0)
      rack
    rack-rewrite (1.5.1)
    rack-ssl (1.4.1)
      rack
    rack-test (0.6.3)
      rack (>= 1.0)
-    rails (4.2.11.3)
-      actionmailer (= 4.2.11.3)
-      actionpack (= 4.2.11.3)
-      actionview (= 4.2.11.3)
-      activejob (= 4.2.11.3)
-      activemodel (= 4.2.11.3)
-      activerecord (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.11.3)
-      sprockets-rails
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.9)
-      activesupport (>= 4.2.0, < 5.0)
-      nokogiri (~> 1.6)
-      rails-deprecated_sanitizer (>= 1.0.1)
+    rails (5.0.7.2)
+      actioncable (= 5.0.7.2)
+      actionmailer (= 5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activerecord (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      bundler (>= 1.3.0)
+      railties (= 5.0.7.2)
+      sprockets-rails (>= 2.0.0)
+    rails-controller-testing (1.0.5)
+      actionpack (>= 5.0.1.rc1)
+      actionview (>= 5.0.1.rc1)
+      activesupport (>= 5.0.1.rc1)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
    rails-html-sanitizer (1.3.0)
      loofah (~> 2.3)
-    rails-i18n (4.0.9)
-      i18n (~> 0.7)
-      railties (~> 4.0)
+    rails-i18n (5.1.3)
+      i18n (>= 0.7, < 2)
+      railties (>= 5.0, < 6)
    rails_safe_tasks (1.0.0)
-    railties (4.2.11.3)
-      actionpack (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
+    railties (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      method_source
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rainbow (3.0.0)
    raindrops (0.19.1)
    rake (13.0.3)
-    ransack (1.8.10)
-      actionpack (>= 3.0, < 5.2)
-      activerecord (>= 3.0, < 5.2)
-      activesupport (>= 3.0, < 5.2)
+    ransack (2.3.0)
+      actionpack (>= 5.0)
+      activerecord (>= 5.0)
+      activesupport (>= 5.0)
      i18n
+      polyamorous (= 2.3.0)
    rb-fsevent (0.10.4)
    rb-inotify (0.10.1)
      ffi (~> 1.0)
-    rbvmomi (2.4.1)
-      builder (~> 3.0)
-      json (>= 1.8)
-      nokogiri (~> 1.5)
-      optimist (~> 3.0)
    redcarpet (3.5.1)
    regexp_parser (1.8.2)
    request_store (1.5.0)
      rack (>= 1.4)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    rest-client (2.1.0)
-      http-accept (>= 1.7.0, < 2.0)
-      http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 4.0)
-      netrc (~> 0.8)
+    responders (3.0.1)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
    rexml (3.2.4)
    roadie (3.5.1)
      css_parser (~> 1.4)
@@ -584,10 +453,10 @@ GEM
    rspec-expectations (3.10.1)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.0)
+    rspec-mocks (3.10.2)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
-    rspec-rails (4.0.2)
+    rspec-rails (4.1.2)
      actionpack (>= 4.2)
      activesupport (>= 4.2)
      railties (>= 4.2)
@@ -597,21 +466,21 @@ GEM
      rspec-support (~> 3.10)
    rspec-retry (0.6.2)
      rspec-core (> 3.3)
-    rspec-support (3.10.1)
-    rswag (2.3.2)
-      rswag-api (= 2.3.2)
-      rswag-specs (= 2.3.2)
-      rswag-ui (= 2.3.2)
-    rswag-api (2.3.2)
+    rspec-support (3.10.2)
+    rswag (2.4.0)
+      rswag-api (= 2.4.0)
+      rswag-specs (= 2.4.0)
+      rswag-ui (= 2.4.0)
+    rswag-api (2.4.0)
      railties (>= 3.1, < 7.0)
-    rswag-specs (2.3.2)
+    rswag-specs (2.4.0)
      activesupport (>= 3.1, < 7.0)
      json-schema (~> 2.2)
      railties (>= 3.1, < 7.0)
-    rswag-ui (2.3.2)
+    rswag-ui (2.4.0)
      actionpack (>= 3.1, < 7.0)
      railties (>= 3.1, < 7.0)
-    rubocop (1.9.1)
+    rubocop (1.12.0)
      parallel (~> 1.10)
      parser (>= 3.0.0.0)
      rainbow (>= 2.2.2, < 4.0)
@@ -628,6 +497,7 @@ GEM
      rubocop (>= 0.90.0, < 2.0)
    ruby-progressbar (1.11.0)
    ruby-rc4 (0.1.5)
+    ruby2_keywords (0.0.2)
    rubyzip (2.3.0)
    sass (3.4.25)
    sass-rails (5.0.7)
@@ -648,22 +518,21 @@ GEM
      docile (~> 1.1)
      simplecov-html (~> 0.11)
    simplecov-html (0.12.3)
-    sinatra (1.4.8)
-      rack (~> 1.5)
-      rack-protection (~> 1.4)
-      tilt (>= 1.3, < 3)
+    sinatra (2.1.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
+      tilt (~> 2.0)
    spring (2.1.1)
    spring-commands-rspec (1.0.4)
      spring (>= 0.9.1)
-    sprockets (2.12.5)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.3.3)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      sprockets (>= 2.8, < 4.0)
+    sprockets (3.7.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.2)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
    state_machines (0.5.0)
    state_machines-activemodel (0.7.1)
      activemodel (>= 4.1)
@@ -672,24 +541,19 @@ GEM
      activerecord (>= 4.1)
      state_machines-activemodel (>= 0.5.0)
    stringex (2.8.5)
-    stripe (5.29.0)
+    stripe (5.30.0)
    temple (0.8.2)
    test-prof (0.11.3)
    test-unit (3.4.0)
      power_assert
-    test_after_commit (1.2.2)
-      activerecord (>= 3.2, < 5.0)
    thor (0.20.3)
    thread_safe (0.3.6)
-    tilt (1.4.1)
-    timecop (0.9.2)
+    tilt (2.0.10)
+    timecop (0.9.4)
    tzinfo (1.2.9)
      thread_safe (~> 0.1)
    uglifier (4.2.0)
      execjs (>= 0.3.0, < 3)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.7.7)
    unicode-display_width (2.0.0)
    unicorn (5.8.0)
      kgio (~> 2.6)
@@ -700,23 +564,26 @@ GEM
    unicorn-worker-killer (0.4.4)
      get_process_mem (~> 0)
      unicorn (>= 4, < 6)
-    warden (1.2.7)
-      rack (>= 1.0)
-    webdrivers (4.5.0)
+    uniform_notifier (1.14.1)
+    warden (1.2.9)
+      rack (>= 2.0.9)
+    webdrivers (4.6.0)
      nokogiri (~> 1.6)
      rubyzip (>= 1.3.0)
      selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.11.2)
+    webmock (3.12.2)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
+    websocket-driver (0.6.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
    whenever (1.0.0)
      chronic (>= 0.6.3)
    wicked_pdf (2.1.0)
      activesupport
    wkhtmltopdf-binary (0.12.5)
    xml-simple (1.1.8)
-    xmlrpc (0.3.0)
    xpath (3.2.0)
      nokogiri (~> 1.8)

@@ -726,24 +593,25 @@ PLATFORMS
 DEPENDENCIES
  actionpack-action_caching
  active_model_serializers (= 0.8.4)
-  activemerchant (~> 1.78.0)
+  activemerchant (>= 1.78.0)
  activerecord-import
  activerecord-postgresql-adapter
  activerecord-session_store
-  acts-as-taggable-on (~> 4.0)
+  acts-as-taggable-on (~> 7.0)
  acts_as_list (= 0.9.19)
  andand
-  angular-rails-templates (~> 0.3.0)
+  angular-rails-templates (>= 0.3.0)
  angular_rails_csrf
  angularjs-file-upload-rails (~> 2.4.1)
  angularjs-rails (= 1.5.5)
  atomic
-  awesome_nested_set (~> 3.3.1)
+  awesome_nested_set
  awesome_print
  aws-sdk (= 1.67.0)
  bugsnag
+  bullet
  byebug
-  cancancan (~> 1.7.0)
+  cancancan (~> 1.15.0)
  capybara
  catalog!
  coffee-rails (~> 4.2.2)
@@ -753,7 +621,7 @@ DEPENDENCIES
  daemons
  dalli
  database_cleaner
-  db2fog
+  db2fog!
  ddtrace
  debugger-linecache
  delayed_job_active_record
@@ -766,15 +634,17 @@ DEPENDENCIES
  factory_bot_rails (= 5.2.0)
  ffaker
  figaro
+  fog-aws (>= 0.6.0)
  foundation-icons-sass-rails
  foundation-rails (= 5.5.2.1)
  fuubar (~> 2.5.1)
  geocoder
  gmaps4rails
+  good_migrations
  haml
  highline (= 2.0.3)
  i18n
-  i18n-js (~> 3.8.0)
+  i18n-js (~> 3.8.2)
  immigrant
  jquery-migrate-rails
  jquery-rails (= 4.4.0)
@@ -785,9 +655,9 @@ DEPENDENCIES
  kaminari (~> 1.2.1)
  knapsack
  letter_opener (>= 1.4.1)
-  mini_racer (= 0.2.15)
-  monetize (~> 1.10)
-  oauth2 (~> 1.4.4)
+  mini_racer (= 0.3.1)
+  monetize (~> 1.11)
+  oauth2 (~> 1.4.7)
  ofn-qz!
  order_management!
  paper_trail (~> 10.3.1)
@@ -800,12 +670,13 @@ DEPENDENCIES
  rack-mini-profiler (< 3.0.0)
  rack-rewrite
  rack-ssl
-  rails (~> 4.2)
+  rails (~> 5.0.0)
+  rails-controller-testing
  rails-i18n
  rails_safe_tasks (~> 1.0)
-  ransack (~> 1.8.10)
+  ransack (= 2.3.0)
  redcarpet
-  responders (~> 2.0)
+  responders
  roadie-rails (~> 1.3.0)
  roo (~> 2.8.3)
  rspec-rails (>= 3.5.2)
@@ -813,8 +684,8 @@ DEPENDENCIES
  rswag
  rubocop
  rubocop-rails
-  sass
-  sass-rails
+  sass (<= 4.7.1)
+  sass-rails (< 6.0.0)
  select2-rails (~> 3.4.7)
  selenium-webdriver
  shoulda-matchers
@@ -826,10 +697,8 @@ DEPENDENCIES
  stripe
  test-prof
  test-unit (~> 3.4)
-  test_after_commit
  timecop
  uglifier (>= 1.0.3)
-  unicorn
  unicorn-rails
  unicorn-worker-killer
  web!
@@ -837,7 +706,7 @@ DEPENDENCIES
  webmock
  whenever
  wicked_pdf
-  wkhtmltopdf-binary
+  wkhtmltopdf-binary (= 0.12.5)

 RUBY VERSION
   ruby 2.4.4p296
--- a/Gemfile_next.lock
+++ b/Gemfile_next.lock
@@ -1,666 +0,0 @@
-GIT
-  remote: https://github.com/jeremydurham/custom-err-msg.git
-  revision: 3a8ec9dddc7a5b0aab7c69a6060596de300c68f4
-  specs:
-    custom_error_message (1.1.1)
-
-GIT
-  remote: https://github.com/openfoodfoundation/ofn-qz.git
-  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
-  branch: ofn-rails-4
-  specs:
-    ofn-qz (0.1.0)
-
-PATH
-  remote: engines/catalog
-  specs:
-    catalog (0.0.1)
-
-PATH
-  remote: engines/dfc_provider
-  specs:
-    dfc_provider (0.0.1)
-      active_model_serializers (~> 0.8.4)
-      jwt (~> 2.2)
-      rspec (~> 3.9)
-
-PATH
-  remote: engines/order_management
-  specs:
-    order_management (0.0.1)
-
-PATH
-  remote: engines/web
-  specs:
-    web (0.0.1)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actioncable (5.0.7.2)
-      actionpack (= 5.0.7.2)
-      nio4r (>= 1.2, < 3.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.0.7.2)
-      actionpack (= 5.0.7.2)
-      actionview (= 5.0.7.2)
-      activejob (= 5.0.7.2)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.0.7.2)
-      actionview (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      rack (~> 2.0)
-      rack-test (~> 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionpack-action_caching (1.2.1)
-      actionpack (>= 4.0.0)
-    actionview (5.0.7.2)
-      activesupport (= 5.0.7.2)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    active_model_serializers (0.8.4)
-      activemodel (>= 3.0)
-    activejob (5.0.7.2)
-      activesupport (= 5.0.7.2)
-      globalid (>= 0.3.6)
-    activemerchant (1.107.4)
-      activesupport (>= 4.2)
-      builder (>= 2.1.2, < 4.0.0)
-      i18n (>= 0.6.9)
-      nokogiri (~> 1.4)
-    activemodel (5.0.7.2)
-      activesupport (= 5.0.7.2)
-    activerecord (5.0.7.2)
-      activemodel (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      arel (~> 7.0)
-    activerecord-import (1.0.7)
-      activerecord (>= 3.2)
-    activerecord-postgresql-adapter (0.0.1)
-      pg
-    activerecord-session_store (1.1.3)
-      actionpack (>= 4.0)
-      activerecord (>= 4.0)
-      multi_json (~> 1.11, >= 1.11.2)
-      rack (>= 1.5.2, < 3)
-      railties (>= 4.0)
-    activesupport (5.0.7.2)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    acts-as-taggable-on (4.0.0)
-      activerecord (>= 4.0)
-    acts_as_list (0.9.19)
-      activerecord (>= 3.0)
-    addressable (2.7.0)
-      public_suffix (>= 2.0.2, < 5.0)
-    andand (1.3.3)
-    angular-rails-templates (1.1.0)
-      railties (>= 4.2, < 7)
-      sprockets (>= 3.0, < 5)
-      tilt
-    angular_rails_csrf (4.2.0)
-      railties (>= 3, < 7)
-    angularjs-file-upload-rails (2.4.1)
-    angularjs-rails (1.5.5)
-    arel (7.1.4)
-    ast (2.4.1)
-    atomic (1.1.101)
-    awesome_nested_set (3.2.1)
-      activerecord (>= 4.0.0, < 7.0)
-    awesome_print (1.8.0)
-    aws-sdk (1.67.0)
-      aws-sdk-v1 (= 1.67.0)
-    aws-sdk-v1 (1.67.0)
-      json (~> 1.4)
-      nokogiri (~> 1)
-    bcrypt (3.1.16)
-    bugsnag (6.18.0)
-      concurrent-ruby (~> 1.0)
-    builder (3.2.4)
-    byebug (11.0.1)
-    cancancan (1.7.1)
-    capybara (3.15.0)
-      addressable
-      mini_mime (>= 0.1.3)
-      nokogiri (~> 1.8)
-      rack (>= 1.6.0)
-      rack-test (>= 0.6.3)
-      regexp_parser (~> 1.2)
-      xpath (~> 3.2)
-    childprocess (3.0.0)
-    chronic (0.10.2)
-    chunky_png (1.3.14)
-    climate_control (0.2.0)
-    cocaine (0.5.8)
-      climate_control (>= 0.0.3, < 1.0)
-    coderay (1.1.3)
-    coffee-rails (4.2.2)
-      coffee-script (>= 2.2.0)
-      railties (>= 4.0.0)
-    coffee-script (2.4.1)
-      coffee-script-source
-      execjs
-    coffee-script-source (1.12.2)
-    combine_pdf (1.0.19)
-      ruby-rc4 (>= 0.1.5)
-    compass (1.0.3)
-      chunky_png (~> 1.2)
-      compass-core (~> 1.0.2)
-      compass-import-once (~> 1.0.5)
-      rb-fsevent (>= 0.9.3)
-      rb-inotify (>= 0.9)
-      sass (>= 3.3.13, < 3.5)
-    compass-core (1.0.3)
-      multi_json (~> 1.0)
-      sass (>= 3.3.0, < 3.5)
-    compass-import-once (1.0.5)
-      sass (>= 3.2, < 3.5)
-    compass-rails (2.0.1)
-      compass (~> 1.0.0)
-    concurrent-ruby (1.1.7)
-    crack (0.4.4)
-    crass (1.0.6)
-    css_parser (1.7.1)
-      addressable
-    daemons (1.3.1)
-    dalli (2.7.11)
-    database_cleaner (1.8.5)
-    ddtrace (0.43.0)
-      msgpack
-    debugger-linecache (1.2.0)
-    delayed_job (4.1.8)
-      activesupport (>= 3.0, < 6.1)
-    delayed_job_active_record (4.1.4)
-      activerecord (>= 3.0, < 6.1)
-      delayed_job (>= 3.0, < 5)
-    delayed_job_web (1.4.3)
-      activerecord (> 3.0.0)
-      delayed_job (> 2.0.3)
-      rack-protection (>= 1.5.5)
-      sinatra (>= 1.4.4)
-    devise (4.7.3)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0)
-      responders
-      warden (~> 1.2.3)
-    devise-encryptable (0.2.0)
-      devise (>= 2.1.0)
-    devise-token_authenticatable (1.1.0)
-      devise (>= 4.0.0, < 5.0.0)
-    diff-lcs (1.4.4)
-    docile (1.3.2)
-    erubis (2.7.0)
-    eventmachine (1.2.7)
-    execjs (2.7.0)
-    factory_bot (5.2.0)
-      activesupport (>= 4.2.0)
-    factory_bot_rails (5.2.0)
-      factory_bot (~> 5.2.0)
-      railties (>= 4.2.0)
-    faraday (1.0.1)
-      multipart-post (>= 1.2, < 3)
-    ffaker (2.11.0)
-    ffi (1.13.1)
-    figaro (1.2.0)
-      thor (>= 0.14.0, < 2)
-    foundation-icons-sass-rails (3.0.0)
-      railties (>= 3.1.1)
-      sass-rails (>= 3.1.1)
-    foundation-rails (5.5.2.1)
-      railties (>= 3.1.0)
-      sass (>= 3.3.0, < 3.5)
-    fuubar (2.5.1)
-      rspec-core (~> 3.0)
-      ruby-progressbar (~> 1.4)
-    geocoder (1.6.4)
-    get_process_mem (0.2.7)
-      ffi (~> 1.0)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    gmaps4rails (2.1.2)
-    haml (5.2.0)
-      temple (>= 0.8.0)
-      tilt
-    hashdiff (1.0.1)
-    highline (2.0.3)
-    i18n (1.8.5)
-      concurrent-ruby (~> 1.0)
-    i18n-js (3.8.0)
-      i18n (>= 0.6.6)
-    immigrant (0.3.6)
-      activerecord (>= 3.0)
-    jaro_winkler (1.5.4)
-    jquery-migrate-rails (1.2.1)
-    jquery-rails (4.4.0)
-      rails-dom-testing (>= 1, < 3)
-      railties (>= 4.2.0)
-      thor (>= 0.14, < 2.0)
-    jquery-ui-rails (4.2.1)
-      railties (>= 3.2.16)
-    json (1.8.6)
-    json-schema (2.8.1)
-      addressable (>= 2.4)
-    json_spec (1.1.5)
-      multi_json (~> 1.0)
-      rspec (>= 2.0, < 4.0)
-    jwt (2.2.2)
-    kaminari (1.2.1)
-      activesupport (>= 4.1.0)
-      kaminari-actionview (= 1.2.1)
-      kaminari-activerecord (= 1.2.1)
-      kaminari-core (= 1.2.1)
-    kaminari-actionview (1.2.1)
-      actionview
-      kaminari-core (= 1.2.1)
-    kaminari-activerecord (1.2.1)
-      activerecord
-      kaminari-core (= 1.2.1)
-    kaminari-core (1.2.1)
-    kgio (2.11.3)
-    knapsack (1.20.0)
-      rake
-    launchy (2.4.3)
-      addressable (~> 2.3)
-    letter_opener (1.7.0)
-      launchy (~> 2.2)
-    libv8 (7.3.492.27.1)
-    loofah (2.7.0)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    method_source (1.0.0)
-    mime-types (3.3.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.1104)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    mini_racer (0.2.15)
-      libv8 (> 7.3)
-    minitest (5.14.2)
-    monetize (1.9.4)
-      money (~> 6.12)
-    money (6.13.8)
-      i18n (>= 0.6.4, <= 2)
-    msgpack (1.3.3)
-    multi_json (1.15.0)
-    multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    mustermann (1.1.1)
-      ruby2_keywords (~> 0.0.1)
-    nio4r (2.5.2)
-    nokogiri (1.10.10)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    orm_adapter (0.5.0)
-    paper_trail (10.3.1)
-      activerecord (>= 4.2)
-      request_store (~> 1.1)
-    paperclip (3.4.2)
-      activemodel (>= 3.0.0)
-      activerecord (>= 3.0.0)
-      activesupport (>= 3.0.0)
-      cocaine (~> 0.5.0)
-      mime-types
-    parallel (1.19.2)
-    paranoia (2.4.2)
-      activerecord (>= 4.0, < 6.1)
-    parser (2.7.2.0)
-      ast (~> 2.4.1)
-    paypal-sdk-core (0.2.10)
-      multi_json (~> 1.0)
-      xml-simple
-    paypal-sdk-merchant (1.106.1)
-      paypal-sdk-core (~> 0.2.3)
-    pg (0.21.0)
-    polyamorous (2.3.0)
-      activerecord (>= 5.0)
-    power_assert (1.2.0)
-    pry (0.13.1)
-      coderay (~> 1.1)
-      method_source (~> 1.0)
-    pry-byebug (3.9.0)
-      byebug (~> 11.0)
-      pry (~> 0.13.0)
-    public_suffix (4.0.6)
-    rack (2.2.3)
-    rack-mini-profiler (2.0.2)
-      rack (>= 1.2.0)
-    rack-protection (2.1.0)
-      rack
-    rack-rewrite (1.5.1)
-    rack-ssl (1.4.1)
-      rack
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails (5.0.7.2)
-      actioncable (= 5.0.7.2)
-      actionmailer (= 5.0.7.2)
-      actionpack (= 5.0.7.2)
-      actionview (= 5.0.7.2)
-      activejob (= 5.0.7.2)
-      activemodel (= 5.0.7.2)
-      activerecord (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      bundler (>= 1.3.0)
-      railties (= 5.0.7.2)
-      sprockets-rails (>= 2.0.0)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    rails-i18n (5.1.3)
-      i18n (>= 0.7, < 2)
-      railties (>= 5.0, < 6)
-    rails_safe_tasks (1.0.0)
-    railties (5.0.7.2)
-      actionpack (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rainbow (3.0.0)
-    raindrops (0.19.1)
-    rake (13.0.1)
-    ransack (2.3.0)
-      actionpack (>= 5.0)
-      activerecord (>= 5.0)
-      activesupport (>= 5.0)
-      i18n
-      polyamorous (= 2.3.0)
-    rb-fsevent (0.10.4)
-    rb-inotify (0.10.1)
-      ffi (~> 1.0)
-    redcarpet (3.5.0)
-    regexp_parser (1.8.2)
-    request_store (1.5.0)
-      rack (>= 1.4)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    rexml (3.2.4)
-    roadie (3.5.1)
-      css_parser (~> 1.4)
-      nokogiri (~> 1.8)
-    roadie-rails (1.3.0)
-      railties (>= 3.0, < 5.3)
-      roadie (~> 3.1)
-    roo (2.8.3)
-      nokogiri (~> 1)
-      rubyzip (>= 1.3.0, < 3.0.0)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.0)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-rails (4.0.1)
-      actionpack (>= 4.2)
-      activesupport (>= 4.2)
-      railties (>= 4.2)
-      rspec-core (~> 3.9)
-      rspec-expectations (~> 3.9)
-      rspec-mocks (~> 3.9)
-      rspec-support (~> 3.9)
-    rspec-retry (0.6.2)
-      rspec-core (> 3.3)
-    rspec-support (3.10.0)
-    rswag (2.3.1)
-      rswag-api (= 2.3.1)
-      rswag-specs (= 2.3.1)
-      rswag-ui (= 2.3.1)
-    rswag-api (2.3.1)
-      railties (>= 3.1, < 7.0)
-    rswag-specs (2.3.1)
-      activesupport (>= 3.1, < 7.0)
-      json-schema (~> 2.2)
-      railties (>= 3.1, < 7.0)
-    rswag-ui (2.3.1)
-      actionpack (>= 3.1, < 7.0)
-      railties (>= 3.1, < 7.0)
-    rubocop (0.81.0)
-      jaro_winkler (~> 1.5.1)
-      parallel (~> 1.10)
-      parser (>= 2.7.0.1)
-      rainbow (>= 2.2.2, < 4.0)
-      rexml
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-rails (2.5.2)
-      activesupport
-      rack (>= 1.1)
-      rubocop (>= 0.72.0)
-    ruby-progressbar (1.10.1)
-    ruby-rc4 (0.1.5)
-    ruby2_keywords (0.0.2)
-    rubyzip (1.3.0)
-    sass (3.4.25)
-    sass-rails (5.0.7)
-      railties (>= 4.0.0, < 6)
-      sass (~> 3.1)
-      sprockets (>= 2.8, < 4.0)
-      sprockets-rails (>= 2.0, < 4.0)
-      tilt (>= 1.1, < 3)
-    select2-rails (3.4.9)
-      sass-rails
-      thor (~> 0.14)
-    selenium-webdriver (3.142.7)
-      childprocess (>= 0.5, < 4.0)
-      rubyzip (>= 1.2.2)
-    shoulda-matchers (4.0.1)
-      activesupport (>= 4.2.0)
-    simplecov (0.17.1)
-      docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    sinatra (2.1.0)
-      mustermann (~> 1.0)
-      rack (~> 2.2)
-      rack-protection (= 2.1.0)
-      tilt (~> 2.0)
-    spring (2.0.2)
-      activesupport (>= 4.2)
-    spring-commands-rspec (1.0.4)
-      spring (>= 0.9.1)
-    sprockets (3.7.2)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.2)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    state_machines (0.5.0)
-    state_machines-activemodel (0.7.1)
-      activemodel (>= 4.1)
-      state_machines (>= 0.5.0)
-    state_machines-activerecord (0.6.0)
-      activerecord (>= 4.1)
-      state_machines-activemodel (>= 0.5.0)
-    stringex (2.8.5)
-    stripe (5.28.0)
-    temple (0.8.2)
-    test-prof (0.7.5)
-    test-unit (3.3.7)
-      power_assert
-    thor (0.20.3)
-    thread_safe (0.3.6)
-    tilt (2.0.10)
-    timecop (0.9.2)
-    tzinfo (1.2.8)
-      thread_safe (~> 0.1)
-    uglifier (4.2.0)
-      execjs (>= 0.3.0, < 3)
-    unicode-display_width (1.7.0)
-    unicorn (5.7.0)
-      kgio (~> 2.6)
-      raindrops (~> 0.7)
-    unicorn-rails (2.2.1)
-      rack
-      unicorn
-    unicorn-worker-killer (0.4.4)
-      get_process_mem (~> 0)
-      unicorn (>= 4, < 6)
-    warden (1.2.9)
-      rack (>= 2.0.9)
-    webdrivers (4.2.0)
-      nokogiri (~> 1.6)
-      rubyzip (>= 1.3.0)
-      selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.10.0)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff (>= 0.4.0, < 2.0.0)
-    websocket-driver (0.6.5)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.5)
-    whenever (1.0.0)
-      chronic (>= 0.6.3)
-    wicked_pdf (2.1.0)
-      activesupport
-    wkhtmltopdf-binary (0.12.6.5)
-    xml-simple (1.1.5)
-    xpath (3.2.0)
-      nokogiri (~> 1.8)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  actionpack-action_caching
-  active_model_serializers (= 0.8.4)
-  activemerchant (>= 1.78.0)
-  activerecord-import
-  activerecord-postgresql-adapter
-  activerecord-session_store
-  acts-as-taggable-on (~> 4.0)
-  acts_as_list (= 0.9.19)
-  andand
-  angular-rails-templates (>= 0.3.0)
-  angular_rails_csrf
-  angularjs-file-upload-rails (~> 2.4.1)
-  angularjs-rails (= 1.5.5)
-  atomic
-  awesome_nested_set
-  awesome_print
-  aws-sdk (= 1.67.0)
-  bugsnag
-  byebug
-  cancancan (~> 1.7.0)
-  capybara
-  catalog!
-  coffee-rails (~> 4.2.2)
-  combine_pdf
-  compass-rails
-  custom_error_message!
-  daemons
-  dalli
-  database_cleaner
-  ddtrace
-  debugger-linecache
-  delayed_job_active_record
-  delayed_job_web
-  devise
-  devise-encryptable
-  devise-token_authenticatable
-  dfc_provider!
-  eventmachine (>= 1.2.3)
-  factory_bot_rails (= 5.2.0)
-  ffaker
-  figaro
-  foundation-icons-sass-rails
-  foundation-rails (= 5.5.2.1)
-  fuubar (~> 2.5.1)
-  geocoder
-  gmaps4rails
-  haml
-  highline (= 2.0.3)
-  i18n
-  i18n-js (~> 3.8.0)
-  immigrant
-  jquery-migrate-rails
-  jquery-rails (= 4.4.0)
-  jquery-ui-rails (~> 4.2)
-  json
-  json_spec (~> 1.1.4)
-  jwt (~> 2.2)
-  kaminari (~> 1.2.1)
-  knapsack
-  letter_opener (>= 1.4.1)
-  libv8 (< 8)
-  mini_racer (= 0.2.15)
-  monetize (~> 1.1)
-  oauth2 (~> 1.4.4)
-  ofn-qz!
-  order_management!
-  paper_trail (~> 10.3.1)
-  paperclip (~> 3.4.1)
-  paranoia (~> 2.4)
-  paypal-sdk-merchant (= 1.106.1)
-  pg (~> 0.21.0)
-  pry
-  pry-byebug
-  rack-mini-profiler (< 3.0.0)
-  rack-rewrite
-  rack-ssl
-  rails (> 5.0, < 5.1)
-  rails-i18n
-  rails_safe_tasks (~> 1.0)
-  ransack (= 2.3.0)
-  redcarpet
-  responders
-  roadie-rails (~> 1.3.0)
-  roo (~> 2.8.3)
-  rspec-rails (>= 3.5.2)
-  rspec-retry
-  rswag
-  rubocop
-  rubocop-rails
-  sass (<= 4.7.1)
-  sass-rails (< 6.0.0)
-  select2-rails (~> 3.4.7)
-  selenium-webdriver
-  shoulda-matchers
-  simplecov
-  spring
-  spring-commands-rspec
-  state_machines-activerecord
-  stringex (~> 2.8.5)
-  stripe
-  test-prof
-  test-unit (~> 3.3)
-  timecop
-  uglifier (>= 1.0.3)
-  unicorn-rails
-  unicorn-worker-killer
-  web!
-  webdrivers
-  webmock
-  whenever
-  wicked_pdf
-  wkhtmltopdf-binary
-
-RUBY VERSION
-   ruby 2.4.4p296
-
-BUNDLED WITH
-   1.17.3
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
 [![Build Status](https://semaphoreci.com/api/v1/openfoodfoundation/openfoodnetwork-2/branches/master/badge.svg)](https://semaphoreci.com/openfoodfoundation/openfoodnetwork-2)
 [![Code Climate](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork.png)](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork)
+[![Build](https://github.com/openfoodfoundation/openfoodnetwork/actions/workflows/build.yml/badge.svg)](https://github.com/openfoodfoundation/openfoodnetwork/actions/workflows/build.yml)

 # Open Food Network

--- a/4
+++ b/4
@@ -8,4 +8,6 @@ require_relative 'config/application'

 Openfoodnetwork::Application.load_tasks

-Knapsack.load_tasks if defined?(Knapsack)
+unless ENV['DISABLE_KNAPSACK']
+  Knapsack.load_tasks if defined?(Knapsack)
+end
--- a/app/assets/images/question-mark-icon.svg
+++ b/app/assets/images/question-mark-icon.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50"><circle cx="24.87" cy="24.87" r="24" fill="#f4f9fd" stroke="#cfe1f3" stroke-miterlimit="10"/><path d="M36.31 18.13c0 7.51-8.11 7.63-8.11 10.4v.71c0 .74-.6 1.34-1.34 1.34h-5.11c-.74 0-1.34-.6-1.34-1.34v-.97c0-4 3.04-5.61 5.33-6.89 1.97-1.1 3.17-1.85 3.17-3.31 0-1.93-2.46-3.21-4.46-3.21-2.6 0-3.8 1.23-5.48 3.36-.45.57-1.28.68-1.87.24l-3.12-2.36a1.35 1.35 0 01-.3-1.83c2.65-3.89 6.02-6.07 11.27-6.07 5.49-.02 11.36 4.27 11.36 9.93zM29 36.86c0 2.59-2.11 4.71-4.71 4.71s-4.71-2.11-4.71-4.71c0-2.59 2.11-4.71 4.71-4.71S29 34.27 29 36.86z" fill="#81b2e1"/></svg>
--- a/app/assets/javascripts/admin/all.js
+++ b/app/assets/javascripts/admin/all.js
@@ -10,7 +10,6 @@
 //= require jquery-migrate-min
 //= require jquery_ujs
 //= require jquery.ui.all
-//= require jquery-ui-timepicker-addon
 //= require jquery.powertip
 //= require jquery.cookie
 //= require jquery.jstree/jquery.jstree
@@ -24,6 +23,24 @@
 //= require angular-rails-templates
 //= require lodash.underscore.js

+// datetimepicker  (fil, nb)
+//= require flatpickr/dist/flatpickr.min
+//= require flatpickr/dist/l10n/ar
+//= require flatpickr/dist/l10n/cat
+//= require flatpickr/dist/l10n/cy
+//= require flatpickr/dist/l10n/de
+//= require flatpickr/dist/l10n/es
+//= require flatpickr/dist/l10n/fr
+//= require flatpickr/dist/l10n/it
+//= require flatpickr/dist/l10n/nl
+//= require flatpickr/dist/l10n/pl
+//= require flatpickr/dist/l10n/pt
+//= require flatpickr/dist/l10n/ru
+//= require flatpickr/dist/l10n/sv
+//= require flatpickr/dist/l10n/tr
+//= require shortcut-buttons-flatpickr/dist/shortcut-buttons-flatpickr.min
+//= require flatpickr/dist/plugins/labelPlugin/labelPlugin
+
 // spree
 //= require admin/spree/spree
 //= require admin/spree/spree-select2
@@ -35,6 +52,9 @@
 //= require admin/spree/handlebar_extensions

 // OFN specific
+//= require ../shared/shared
+//= require_tree ../shared/directives
+//= require_tree ../templates/shared
 //= require_tree ../templates/admin
 //= require ./admin_ofn
 //= require ./customers/customers
--- a/app/assets/javascripts/admin/bulk_product_update.js.coffee
+++ b/app/assets/javascripts/admin/bulk_product_update.js.coffee
@@ -21,6 +21,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
    sorting: ""
  }

+  $scope.sorting = "name asc"
  $scope.producers = producers
  $scope.taxons = Taxons.all
  $scope.tax_categories = tax_categories
@@ -48,7 +49,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
      'q[name_cont]': $scope.q.query,
      'q[supplier_id_eq]': $scope.q.producerFilter,
      'q[primary_taxon_id_eq]': $scope.q.categoryFilter,
-      'q[s]': $scope.q.sorting,
+      'q[s]': $scope.sorting,
      import_date: $scope.q.importDateFilter,
      page: $scope.page,
      per_page: $scope.per_page
@@ -104,7 +105,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
  $scope.$watch 'sortOptions', (sort) ->
    return unless sort && sort.predicate != ""

-    $scope.q.sorting = sort.getSortingExpr()
+    $scope.sorting = sort.getSortingExpr(defaultDirection: "asc")
    $scope.fetchProducts()
  , true

@@ -216,6 +217,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
          'q[name_cont]': $scope.q.query
          'q[supplier_id_eq]': $scope.q.producerFilter
          'q[primary_taxon_id_eq]': $scope.q.categoryFilter
+          'q[s]': $scope.sorting
          import_date: $scope.q.importDateFilter
        page: $scope.page
        per_page: $scope.per_page
--- a/app/assets/javascripts/admin/directives/date_picker.js.coffee
+++ b/app/assets/javascripts/admin/directives/date_picker.js.coffee
@@ -1,9 +0,0 @@
-angular.module("ofn.admin").directive "datepicker", ->
-  require: "ngModel"
-  link: (scope, element, attrs, ngModel) ->
-    element.datepicker
-      dateFormat: "yy-mm-dd"
-      onSelect: (dateText, inst) ->
-        scope.$apply (scope) ->
-          # Fires ngModel.$parsers
-          ngModel.$setViewValue dateText
--- a/app/assets/javascripts/admin/directives/datetime_picker.js.coffee
+++ b/app/assets/javascripts/admin/directives/datetime_picker.js.coffee
@@ -1,11 +0,0 @@
-angular.module("ofn.admin").directive "datetimepicker", ->
-  require: "ngModel"
-  link: (scope, element, attrs, ngModel) ->
-    element.datetimepicker
-      dateFormat: "yy-mm-dd"
-      timeFormat: "HH:mm:ss"
-      stepMinute: 15
-      onSelect: (dateText, inst) ->
-        scope.$apply (scope) ->
-          # Fires ngModel.$parsers
-          ngModel.$setViewValue dateText
--- a/app/assets/javascripts/admin/index_utils/services/sort_options.js.coffee
+++ b/app/assets/javascripts/admin/index_utils/services/sort_options.js.coffee
@@ -3,9 +3,11 @@ angular.module("admin.indexUtils").factory 'SortOptions', ->
    predicate: ""
    reverse: true

-    getSortingExpr: () ->
-      sortingExpr = this.predicate + ' desc' if this.reverse
-      sortingExpr = this.predicate + ' asc' if !this.reverse
+    getSortingExpr: (options) ->
+      defaultDirection = if (options && options.defaultDirection) then options.defaultDirection else "desc"
+      reverseDirection = if defaultDirection == "desc" then "asc" else "desc"
+      sortingExpr = this.predicate + ' ' + defaultDirection if this.reverse
+      sortingExpr = this.predicate + ' ' + reverseDirection if !this.reverse
      sortingExpr

    toggle: (predicate) ->
--- a/app/assets/javascripts/admin/order_cycles/order_cycles.js.erb.coffee
+++ b/app/assets/javascripts/admin/order_cycles/order_cycles.js.erb.coffee
@@ -3,21 +3,12 @@ angular.module('admin.orderCycles', ['ngTagsInput', 'admin.indexUtils', 'admin.e
    require: "ngModel"
    link: (scope, element, attrs, ngModel) ->
      $timeout ->
-        # using $parse instead of scope[attrs.datetimepicker] for cases
-        # where attrs.datetimepicker is 'foo.bar.lol'
-        $(element).datetimepicker(
-          Object.assign(
-            window.JQUERY_UI_DATETIME_PICKER_DEFAULTS,
-            {
-              onSelect: (dateText, inst) ->
-                scope.$apply(->
-                  element.val(dateText)
-                  parsed = $parse(attrs.datetimepicker)
-                  parsed.assign(scope, dateText)
-                )
-            }
-          )
-        )
+        flatpickr(element,  Object.assign({},
+                            window.FLATPICKR_DATETIME_DEFAULT, {
+                            onOpen: (selectedDates, dateStr, instance) ->
+                              instance.setDate(ngModel.$modelValue)
+                              instance.input.dispatchEvent(new Event('focus', { bubbles: true }));
+                            }));

  .directive 'ofnOnChange', ->
    (scope, element, attrs) ->
--- a/app/assets/javascripts/admin/products/controllers/units_controller.js.coffee
+++ b/app/assets/javascripts/admin/products/controllers/units_controller.js.coffee
@@ -1,12 +1,13 @@
 angular.module("admin.products")
-  .controller "unitsCtrl", ($scope, VariantUnitManager, OptionValueNamer) ->
+  .controller "unitsCtrl", ($scope, VariantUnitManager, OptionValueNamer, UnitPrices) ->
    $scope.product = { master: {} }
    $scope.product.master.product = $scope.product
    $scope.placeholder_text = ""

-    $scope.$watchCollection '[product.variant_unit_with_scale, product.master.unit_value_with_description]', ->
+    $scope.$watchCollection '[product.variant_unit_with_scale, product.master.unit_value_with_description, product.price, product.variant_unit_name]', ->
      $scope.processVariantUnitWithScale()
      $scope.processUnitValueWithDescription()
+      $scope.processUnitPrice()
      $scope.placeholder_text = new OptionValueNamer($scope.product.master).name()

    $scope.variant_unit_options = VariantUnitManager.variantUnitOptions()
@@ -32,6 +33,14 @@ angular.module("admin.products")
          $scope.product.master.unit_value *= $scope.product.variant_unit_scale if $scope.product.master.unit_value && $scope.product.variant_unit_scale
          $scope.product.master.unit_description = match[3]

+    $scope.processUnitPrice = ->
+      price = $scope.product.price
+      scale = $scope.product.variant_unit_scale
+      unit_type = $scope.product.variant_unit
+      unit_value = $scope.product.master.unit_value
+      variant_unit_name = $scope.product.variant_unit_name
+      $scope.unit_price = UnitPrices.displayableUnitPrice(price, scale, unit_type, unit_value, variant_unit_name)
+
    $scope.hasVariants = (product) ->
      Object.keys(product.variants).length > 0

--- a/app/assets/javascripts/admin/products/controllers/variant_units_controller.js.coffee
+++ b/app/assets/javascripts/admin/products/controllers/variant_units_controller.js.coffee
@@ -1,8 +1,24 @@
-angular.module("admin.products").controller "variantUnitsCtrl", ($scope, VariantUnitManager, $timeout) ->
+angular.module("admin.products").controller "variantUnitsCtrl", ($scope, VariantUnitManager, $timeout, UnitPrices) ->

  $scope.unitName = (scale, type) ->
    VariantUnitManager.getUnitName(scale, type)

+  $scope.$watchCollection "[unit_value_human, variant.price]", ->
+    $scope.processUnitPrice()
+  
+  $scope.processUnitPrice = ->
+    if ($scope.variant)
+      price = $scope.variant.price
+      scale = $scope.scale
+      unit_type = angular.element("#product_variant_unit").val()
+      if (unit_type != "items")
+        $scope.updateValue()
+        unit_value = $scope.unit_value
+      else 
+        unit_value = 1
+      variant_unit_name = angular.element("#product_variant_unit_name").val()
+      $scope.unit_price = UnitPrices.displayableUnitPrice(price, scale, unit_type, unit_value, variant_unit_name)
+
  $scope.scale = angular.element('#product_variant_unit_scale').val()

  $scope.updateValue = ->
@@ -11,4 +27,6 @@ angular.module("admin.products").controller "variantUnitsCtrl", ($scope, Variant

  variant_unit_value = angular.element('#variant_unit_value').val()
  $scope.unit_value_human = variant_unit_value / $scope.scale
+
+  $timeout -> $scope.processUnitPrice()
  $timeout -> $scope.updateValue()
--- a/app/assets/javascripts/admin/products/products.js.coffee
+++ b/app/assets/javascripts/admin/products/products.js.coffee
@@ -1 +1 @@
-angular.module("admin.products", ["textAngular", "admin.utils"])
+angular.module("admin.products", ["textAngular", "admin.utils", "OFNShared"])
--- a/app/assets/javascripts/admin/products/services/unit_prices.js.coffee
+++ b/app/assets/javascripts/admin/products/services/unit_prices.js.coffee
@@ -0,0 +1,32 @@
+angular.module("admin.products").factory "UnitPrices", (VariantUnitManager, localizeCurrencyFilter) ->
+  class UnitPrices
+    @displayableUnitPrice: (price, scale, unit_type, unit_value, variant_unit_name) ->
+      if price && !isNaN(price) && unit_type && unit_value
+        value = localizeCurrencyFilter(UnitPrices.price(price, scale, unit_type, unit_value, variant_unit_name))
+        unit = UnitPrices.unit(scale, unit_type, variant_unit_name)
+        return value + " / " + unit
+      return null
+
+    @price: (price, scale, unit_type, unit_value) ->
+      price / @denominator(scale, unit_type, unit_value)
+
+    @denominator: (scale, unit_type, unit_value) ->
+      unit = @unit(scale, unit_type)
+      if unit == "lb"
+        unit_value / 453.6
+      else if unit == "kg"
+        unit_value / 1000
+      else
+        unit_value
+
+    @unit: (scale, unit_type, variant_unit_name = '') ->
+      if variant_unit_name.length > 0
+        variant_unit_name
+      else if unit_type == "items"
+        "item"
+      else if VariantUnitManager.systemOfMeasurement(scale, unit_type) == "imperial"
+        "lb"
+      else if unit_type == "weight"
+        "kg"
+      else if unit_type == "volume"
+        "L"
--- a/app/assets/javascripts/admin/products/services/variant_unit_manager.js.coffee
+++ b/app/assets/javascripts/admin/products/services/variant_unit_manager.js.coffee
@@ -67,3 +67,9 @@ angular.module("admin.products").factory "VariantUnitManager", (availableUnits)
      scaleSystem = @units[unitType][scale]['system']
      (parseFloat(scale) for scale, scaleInfo of @units[unitType] when scaleInfo['system'] == scaleSystem).sort (a, b) ->
         a - b
+
+    @systemOfMeasurement: (scale, unitType) ->
+      if @units[unitType][scale]
+        @units[unitType][scale]['system']
+      else
+        'custom'
--- a/app/assets/javascripts/admin/spree/base.js.erb
+++ b/app/assets/javascripts/admin/spree/base.js.erb
@@ -98,40 +98,6 @@ $.fn.radioControlsVisibilityOfElement = function(dependentElementSelector){
 }

 $(document).ready(function() {
-  if (typeof Spree !== 'undefined' &&
-    typeof Spree.translations !== 'undefined') {
-    handle_date_picker_fields = function(){
-      $('.datepicker').datepicker({
-        dateFormat: Spree.translations.date_picker,
-        dayNames: Spree.translations.abbr_day_names,
-        dayNamesMin: Spree.translations.abbr_day_names,
-        monthNames: Spree.translations.month_names,
-        prevText: Spree.translations.previous,
-        nextText: Spree.translations.next,
-        showOn: "focus"
-      });
-      
-       $.datepicker.regional[I18n.locale] = {
-          prevText: Spree.translations.previous,
-          nextText: Spree.translations.next,
-          monthNames: Spree.translations.month_names,
-          dayNames: Spree.translations.abbr_day_names,
-          dayNamesMin: Spree.translations.abbr_day_names,
-          dateFormat: Spree.translations.date_picker
-      };
-      $.datepicker.setDefaults( $.datepicker.regional[I18n.locale]);
-      // Correctly display range dates
-      $('.date-range-filter .datepicker-from').datepicker('option', 'onSelect', function(selectedDate) {
-        $(".date-range-filter .datepicker-to" ).datepicker( "option", "minDate", selectedDate );
-      });
-      $('.date-range-filter .datepicker-to').datepicker('option', 'onSelect', function(selectedDate) {
-        $(".date-range-filter .datepicker-from" ).datepicker( "option", "maxDate", selectedDate );
-      });
-    }
-
-    handle_date_picker_fields();
-  }
-
  $(".observe_field").on('change', function() {
    target = $(this).attr("data-update");
    ajax_indicator = $(this).attr("data-ajax-indicator") || '#busy_indicator';
--- a/app/assets/javascripts/admin/util.js.erb
+++ b/app/assets/javascripts/admin/util.js.erb
@@ -1,30 +1,51 @@
-$(document).ready(function(){
-  window.JQUERY_UI_DATE_PICKER_DEFAULTS = {
-    dateFormat: Spree.translations.date_picker,
-    dayNames: Spree.translations.abbr_day_names,
-    dayNamesMin: Spree.translations.abbr_day_names,
-    monthNames: Spree.translations.month_names,
-    prevText: Spree.translations.previous,
-    nextText: Spree.translations.next,
-    oneLine: true,
-    showOn: 'button',
-    buttonImage: "<%= asset_path 'datepicker/cal.gif' %>",
-    buttonImageOnly: true
+$(document).ready(function() {
+  var onClickButtons = function(index, fp) {
+    var date;
+    switch (index) {
+      case 0:
+        date = new Date();
+        break;
+    }
+    fp.setDate(date, true);
  }
-
-  window.JQUERY_UI_DATETIME_PICKER_DEFAULTS = Object.assign(
+  window.FLATPICKR_DATE_DEFAULT = {
+    altInput: true,
+    altFormat: Spree.translations.flatpickr_date_format,
+    dateFormat: "Y-m-d",
+    locale: I18n.locale,
+    plugins: [
+        ShortcutButtonsPlugin({
+          button: [{
+            label: Spree.translations.today
+          }],
+          label: "or",
+          onClick: onClickButtons
+        }),
+        labelPlugin({})
+      ]
+  }
+  window.FLATPICKR_DATETIME_DEFAULT = Object.assign(
    {},
-    window.JQUERY_UI_DATE_PICKER_DEFAULTS,
+    window.FLATPICKR_DATE_DEFAULT,
    {
-      currentText: Spree.translations.datetime_ui_current_text,
-      closeText: Spree.translations.datetime_ui_close_text,
-      timeText: Spree.translations.datetime_ui_time_text,
-      timeFormat: 'HH:mm',
-      controlType: 'select',
-      stepMinute: 15
+      altInput: true,
+      altFormat: Spree.translations.flatpickr_datetime_format,
+      dateFormat: "Y-m-d H:i",
+      enableTime: true,
+      time_24hr: true,
+      plugins: [
+        ShortcutButtonsPlugin({
+          button: [{
+            label: Spree.translations.now
+          }],
+          label: "or",
+          onClick: onClickButtons
+        }),
+        labelPlugin({})
+      ]
    }
  );
-  $('.datetimepicker').datetimepicker(window.JQUERY_UI_DATETIME_PICKER_DEFAULTS);
+  flatpickr(".datetimepicker", window.FLATPICKR_DATETIME_DEFAULT);
  $('a.close').click(function(event){
    event.preventDefault();
    $(this).parent().slideUp(250);
--- a/app/assets/javascripts/admin/utils/directives/date_picker.js.coffee
+++ b/app/assets/javascripts/admin/utils/directives/date_picker.js.coffee
@@ -1,9 +1,11 @@
-angular.module("admin.utils").directive "datepicker", ->
+angular.module("admin.utils").directive "datepicker", ($window, $timeout) ->
  require: "ngModel"
  link: (scope, element, attrs, ngModel) ->
-    element.datepicker
-      dateFormat: "yy-mm-dd"
-      onSelect: (dateText, inst) ->
-        scope.$apply (scope) ->
-          # Fires ngModel.$parsers
-          ngModel.$setViewValue dateText
+    $timeout ->
+      flatpickr(element,  Object.assign(
+                            {},
+                            $window.FLATPICKR_DATE_DEFAULT, {
+                            onOpen: (selectedDates, dateStr, instance) ->
+                              instance.setDate(ngModel.$modelValue)
+                            }
+                          ));
--- a/app/assets/javascripts/darkswarm/all.js.coffee
+++ b/app/assets/javascripts/darkswarm/all.js.coffee
@@ -19,6 +19,8 @@
 #= require ../shared/ng-infinite-scroll.min.js
 #= require ../shared/angular-local-storage.js
 #= require ../shared/angular-slideables.js
+#= require ../shared/shared
+#= require_tree ../shared/directives
 #= require angularjs-file-upload
 #= require i18n/translations

--- a/app/assets/javascripts/darkswarm/controllers/edit_bought_order_controller.js.coffee
+++ b/app/assets/javascripts/darkswarm/controllers/edit_bought_order_controller.js.coffee
@@ -1,12 +1,20 @@
-Darkswarm.controller "EditBoughtOrderController", ($scope, $resource, Cart) ->
+Darkswarm.controller "EditBoughtOrderController", ($scope, $resource, $timeout, Cart, Messages) ->
  $scope.showBought = false
+  $scope.removeEnabled = true

  $scope.deleteLineItem = (id) ->
-    params = {id: id}
-    success = (response) ->
-      $(".line-item-" + id).remove()
-      Cart.removeFinalisedLineItem(id)
-    fail = (error) ->
-      console.log error
+    if Cart.has_one_line_item()
+      Messages.error(t 'orders_cannot_remove_the_final_item')
+      $scope.removeEnabled = false
+      $timeout (->
+        $scope.removeEnabled = true
+      ), 10000
+    else
+      params = {id: id}
+      success = (response) ->
+        $(".line-item-" + id).remove()
+        Cart.removeFinalisedLineItem(id)
+      fail = (error) ->
+        console.log error

-    $resource("/line_items/:id").delete(params, success, fail)
+      $resource("/line_items/:id").delete(params, success, fail)
--- a/app/assets/javascripts/darkswarm/darkswarm.js.coffee
+++ b/app/assets/javascripts/darkswarm/darkswarm.js.coffee
@@ -10,10 +10,11 @@ window.Darkswarm = angular.module("Darkswarm", [
  'uiGmapgoogle-maps',
  'duScroll',
  'angularFileUpload',
-  'angularSlideables'
+  'angularSlideables',
+  'OFNShared'
 ]).config ($httpProvider, $tooltipProvider, $locationProvider, $anchorScrollProvider) ->
  $httpProvider.defaults.headers['common']['X-Requested-With'] = 'XMLHttpRequest'
-  $httpProvider.defaults.headers.common.Accept = "application/json, text/javascript, */*"
+  $httpProvider.defaults.headers.common['Accept'] = "application/json, text/javascript, */*"

  # We manually handle our scrolling
  $anchorScrollProvider.disableAutoScrolling()
--- a/app/assets/javascripts/darkswarm/directives/map_osm_tiles.js.coffee
+++ b/app/assets/javascripts/darkswarm/directives/map_osm_tiles.js.coffee
@@ -1,21 +0,0 @@
-Darkswarm.directive 'mapOsmTiles', ($timeout) ->
-  restrict: 'E'
-  require: '^uiGmapGoogleMap'
-  scope: {}
-  link: (scope, elem, attrs, ctrl) ->
-    $timeout =>
-      map = ctrl.getMap()
-
-      map.mapTypes.set 'OSM', new google.maps.ImageMapType
-        getTileUrl: (coord, zoom) ->
-          # "Wrap" x (logitude) at 180th meridian properly
-          # NB: Don't touch coord.x because coord param is by reference, and changing its x property breaks something in Google's lib
-          tilesPerGlobe = 1 << zoom
-          x = coord.x % tilesPerGlobe
-          if x < 0
-            x = tilesPerGlobe + x
-          # Wrap y (latitude) in a like manner if you want to enable vertical infinite scroll
-          'https://a.tile.openstreetmap.org/' + zoom + '/' + x + '/' + coord.y + '.png'
-        tileSize: new google.maps.Size(256, 256)
-        name: 'OpenStreetMap'
-        maxZoom: 18
--- a/app/assets/javascripts/darkswarm/directives/shop_variant_with_unit_price.js.coffee
+++ b/app/assets/javascripts/darkswarm/directives/shop_variant_with_unit_price.js.coffee
@@ -0,0 +1,7 @@
+Darkswarm.directive "shopVariantWithUnitPrice", ->
+  restrict: 'E'
+  replace: true
+  templateUrl: 'shop_variant_with_unit_price.html'
+  scope:
+    variant: '='
+  controller: 'ShopVariantCtrl'
--- a/app/assets/javascripts/darkswarm/services/cart.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/cart.js.coffee
@@ -115,6 +115,9 @@ Darkswarm.factory 'Cart', (CurrentOrder, Variants, $timeout, $http, $modal, $roo
      @line_items = []
      localStorageService.clearAll() # One day this will have to be moar GRANULAR

+    has_one_line_item: =>
+      @line_items_finalised.length == 1
+
    removeFinalisedLineItem: (id) =>
      @line_items_finalised = @line_items_finalised.filter (item) ->
        item.id != id
--- a/app/assets/javascripts/darkswarm/services/map_configuration.js.erb.coffee
+++ b/app/assets/javascripts/darkswarm/services/map_configuration.js.erb.coffee
@@ -4,12 +4,10 @@ Darkswarm.factory "MapConfiguration", ->
      center:
        latitude: -37.4713077
        longitude: 144.7851531
-      cluster_icon: "<%= image_path('map_009-cluster.svg') %>"
+      cluster_icon: "/map_icons/map_009-cluster.svg"
      zoom: 12
      additional_options:
        # mapTypeId: 'satellite'
-        mapTypeId: 'OSM'
        mapTypeControl: false
        streetViewControl: false
      styles: [{"featureType":"landscape","stylers":[{"saturation":-100},{"lightness":65},{"visibility":"on"}]},{"featureType":"poi","stylers":[{"saturation":-100},{"lightness":51},{"visibility":"simplified"}]},{"featureType":"road.highway","stylers":[{"saturation":-100},{"visibility":"simplified"}]},{"featureType":"road.arterial","stylers":[{"saturation":-100},{"lightness":30},{"visibility":"on"}]},{"featureType":"road.local","stylers":[{"saturation":-100},{"lightness":40},{"visibility":"on"}]},{"featureType":"transit","stylers":[{"saturation":-100},{"visibility":"simplified"}]},{"featureType":"administrative.province","stylers":[{"visibility":"off"}]},{"featureType":"water","elementType":"labels","stylers":[{"visibility":"on"},{"lightness":-25},{"saturation":-100}]},{"featureType":"water","elementType":"geometry","stylers":[{"hue":"#ffff00"},{"lightness":-25},{"saturation":-97}]},{"featureType":"road","elementType": "labels.icon","stylers":[{"visibility":"off"}]}]
-
--- a/app/assets/javascripts/shared/directives/question_mark_tooltip.js.coffee
+++ b/app/assets/javascripts/shared/directives/question_mark_tooltip.js.coffee
@@ -0,0 +1,19 @@
+
+OFNShared.directive "questionMarkWithTooltip", ($tooltip)->
+  # We use the $tooltip service from Angular foundation to give us boilerplate
+  # Subsequently we patch the scope, template and restrictions
+  tooltip = $tooltip 'questionMarkWithTooltip', 'questionMarkWithTooltip', 'click'
+  tooltip.scope =
+    variant: "="
+    key: "="
+  tooltip.templateUrl = "shared/question_mark_with_tooltip_icon.html"
+  tooltip.replace = true
+  tooltip.restrict = 'E'
+  tooltip
+
+# This is automatically referenced via naming convention in $tooltip
+OFNShared.directive 'questionMarkWithTooltipPopup', ->
+  restrict: 'EA'
+  replace: true
+  templateUrl: 'shared/question_mark_with_tooltip.html'
+  scope: false
--- a/app/assets/javascripts/shared/shared.js.coffee
+++ b/app/assets/javascripts/shared/shared.js.coffee
@@ -0,0 +1,4 @@
+window.OFNShared = angular.module("OFNShared", [
+  "mm.foundation"
+]).config ($httpProvider) ->
+  $httpProvider.defaults.headers.common["Accept"] = "application/json, text/javascript, */*"
--- a/app/assets/javascripts/templates/admin/modals/bulk_invoice.html.haml
+++ b/app/assets/javascripts/templates/admin/modals/bulk_invoice.html.haml
@@ -6,7 +6,7 @@
 %p.error{ ng: { show: 'error' } }
  {{error}}

-%img.spinner{ src: "/assets/spinning-circles.svg", ng: { show: "loading" } }
+%img.spinner{ src: image_path("spinning-circles.svg"), ng: { show: "loading" } }
 %p{ ng: { show: "loading" } }
  = t('js.admin.orders.index.please_wait')

--- a/app/assets/javascripts/templates/admin/modals/image_upload.html.haml
+++ b/app/assets/javascripts/templates/admin/modals/image_upload.html.haml
@@ -3,7 +3,7 @@

 %form#image_upload{ name: 'form', novalidate: true, enctype: 'multipart/form-data', multipart: true, ng: { controller: "ProductImageCtrl" } }
  %div.image-preview
-    %img.spinner{ src: "/assets/spinning-circles.svg", ng: { hide: "!imageUploader.isUploading" }}
+    %img.spinner{ src: image_path("spinning-circles.svg"), ng: { hide: "!imageUploader.isUploading" }}
    %img.preview{ng: {src: "{{imagePreview}}", class: "{'faded': imageUploader.isUploading}"}}

  %label{for: 'image-upload', class: 'button'} {{ 'admin.products.index.upload_an_image' | t }}
--- a/app/assets/javascripts/templates/admin/panels/exchange_products_panel_footer.html.haml
+++ b/app/assets/javascripts/templates/admin/panels/exchange_products_panel_footer.html.haml
@@ -6,6 +6,6 @@

 .sixteen.columns.alpha#loading{ 'ng-show' => 'productsLoading()' }
  %br
-  %img.spinner{ src: "/assets/spinning-circles.svg" }
+  %img.spinner{ src: image_path("spinning-circles.svg")}
  %h1
    {{ 'js.admin.panels.exchange_products.loading_variants' | t }}
--- a/app/assets/javascripts/templates/bulk_buy_modal.html.haml
+++ b/app/assets/javascripts/templates/bulk_buy_modal.html.haml
@@ -16,10 +16,7 @@
      %button.bulk-buy-add.variant-quantity{type: "button", ng: {click: "add(-1)", disabled: "!canAdd(-1)"}}>
        -# U+FF0D Fullwidth Hyphen-Minus
        －
-      %input.bulk-buy.variant-quantity{
-        type: "number",
-        min: "0",
-        max: "{{ available() }}",
+      %input.bulk-buy.variant-quantity{type: "number", min: "0", max: "{{ available() }}",
        ng: {model: "variant.line_item.quantity", max: "Infinity"}}>
      %button.bulk-buy-add.variant-quantity{type: "button", ng: {click: "add(1)", disabled: "!canAdd(1)"}}
        -# U+FF0B Fullwidth Plus Sign
@@ -31,10 +28,7 @@
      %button.bulk-buy-add.variant-quantity{type: "button", ng: {click: "addMax(-1)", disabled: "!canAddMax(-1)"}}>
        -# U+FF0D Fullwidth Hyphen-Minus
        －
-      %input.bulk-buy.variant-quantity{
-        type: "number",
-        min: "0",
-        max: "{{ available() }}",
+      %input.bulk-buy.variant-quantity{type: "number", min: "0", max: "{{ available() }}",
        ng: {model: "variant.line_item.max_quantity", max: "Infinity"}}>
      %button.bulk-buy-add.variant-quantity{type: "button", ng: {click: "addMax(1)", disabled: "!canAddMax(1)"}}
        -# U+FF0B Fullwidth Plus Sign
--- a/app/assets/javascripts/templates/partials/shop_variant_no_group_buy.html.haml
+++ b/app/assets/javascripts/templates/partials/shop_variant_no_group_buy.html.haml
@@ -8,12 +8,8 @@
    %button.variant-quantity{type: "button", ng: {click: "add(-1)", disabled: "!canAdd(-1)"}}>
      -# U+FF0D Fullwidth Hyphen-Minus
      －
-    %input.variant-quantity{
-      type: "number",
-      min: "0",
-      max: "{{ available() }}",
-      ng: {model: "variant.line_item.quantity", max: "Infinity"}
-      }>
+    %input.variant-quantity{ type: "number", min: "0", max: "{{ available() }}",
+      ng: {model: "variant.line_item.quantity", max: "Infinity"}}>
    %button.variant-quantity{type: "button", ng: {click: "add(1)", disabled: "!canAdd(1)"}}
      -# U+FF0B Fullwidth Plus Sign
      ＋
--- a/app/assets/javascripts/templates/shared/question_mark_with_tooltip.html.haml
+++ b/app/assets/javascripts/templates/shared/question_mark_with_tooltip.html.haml
@@ -0,0 +1,6 @@
+.joyride-tip-guide.question-mark-tooltip{class: "{{ context }}", ng: {class: "{ in: tt_isOpen, fade: tt_animation }", show: "tt_isOpen"}}
+  .background{ng: {click: "tt_isOpen = false"}}
+  .joyride-content-wrapper
+    {{ key  | t }}
+  %span.joyride-nub.bottom
+  
--- a/app/assets/javascripts/templates/shared/question_mark_with_tooltip_icon.html.haml
+++ b/app/assets/javascripts/templates/shared/question_mark_with_tooltip_icon.html.haml
@@ -0,0 +1 @@
+%button.question-mark-icon{"ng-class" => "{open: tt_isOpen}", type: 'button'}
--- a/app/assets/javascripts/templates/shop_variant_with_unit_price.html.haml
+++ b/app/assets/javascripts/templates/shop_variant_with_unit_price.html.haml
@@ -0,0 +1,23 @@
+.variants.row
+  .small-4.medium-4.large-5.columns.variant-name
+    .inline{"ng-if" => "::variant.display_name"} {{ ::variant.display_name }}
+    .variant-unit {{ ::variant.unit_to_display }}
+  .small-3.medium-3.large-2.columns.variant-price
+    %price-breakdown{"price-breakdown" => "_", variant: "variant",
+      "price-breakdown-append-to-body" => "true",
+      "price-breakdown-placement" => "bottom",
+      "price-breakdown-animation" => true}
+    {{ variant.price_with_fees | localizeCurrency }}
+    .unit-price.variant-unit-price
+      %question-mark-with-tooltip{"question-mark-with-tooltip" => "_",
+      "question-mark-with-tooltip-append-to-body" => "true",
+      "question-mark-with-tooltip-placement" => "top",
+      "question-mark-with-tooltip-animation" => true,
+      key: "'js.shopfront.unit_price_tooltip'"}
+      {{ variant.unit_price_price | localizeCurrency }} / {{ variant.unit_price_unit }}
+        
+  .medium-2.large-2.columns.total-price
+    %span{"ng-class" => "{filled: variant.line_item.total_price}"}
+      {{ variant.line_item.total_price | localizeCurrency }}
+  %ng-include{src: "'partials/shop_variant_no_group_buy.html'"}
+  %ng-include{src: "'partials/shop_variant_with_group_buy.html'"}
--- a/app/assets/stylesheets/admin/all.scss
+++ b/app/assets/stylesheets/admin/all.scss
@@ -7,11 +7,13 @@
 *= require normalize
 *= require responsive-tables
 *= require jquery.powertip
- *= require jquery.ui.datepicker
- *= require jquery-ui-timepicker-addon
+ *= require jquery.ui.dialog
 *= require shared/textAngular
 *= require shared/ng-tags-input.min
 *= require select2
+ *= require flatpickr/dist/flatpickr
+ *= require flatpickr/dist/themes/material_blue
+ *= require shortcut-buttons-flatpickr/dist/themes/light

 *= require_self
 */
@@ -29,6 +31,8 @@
@import 'shared/forms';
@import 'shared/layout';

+@import 'plugins/flatpickr-customization';
+
@import 'plugins/powertip';
@import 'plugins/jstree';
@import 'plugins/font-awesome';
@@ -44,3 +48,6 @@
@import 'components/*';
@import 'pages/*';
@import '*';
+
+@import "../shared/question-mark-icon";
+@import "question-mark-tooltip";
--- a/app/assets/stylesheets/admin/components/date-picker.scss
+++ b/app/assets/stylesheets/admin/components/date-picker.scss
@@ -2,6 +2,8 @@
@import 'admin/globals/mixins';
@import 'admin/plugins/font-awesome';

+// scss-lint:disable QualifyingElement
+
 .date-range-filter {
  .range-divider {
    padding: 0;
@@ -11,148 +13,21 @@
  }
 }

-#ui-datepicker-div {
-  @include border-radius($border-radius);
-  border-color: $color-3;
-  padding: 0;
-  margin-top: 10px;
-
-  &:before {
-    content: '';
-    position: absolute;
-    border-left: 10px solid transparent;
-    border-right: 10px solid transparent;
-    border-bottom: 10px solid $color-3;
-    top: 0px;
-    margin-top: -10px;
-    left: 25px;
-    z-index: 1;
-  }
-
-  .ui-datepicker-header {
-    padding: 0;
-    background-image: none;
-    background-color: $color-3;
-    border: none;
-    border-bottom: none;
-    border-radius: 0;
-    height: 32px;
-
-    .ui-datepicker-prev, .ui-datepicker-next {
-      border-radius: 0;      
-      top: 0;
-      height: 32px;
-
-      &:hover {
-        border: none;
-        background-image: none;
-        background-color: $color-3;
-        cursor: pointer;
-      }
-
-      .ui-icon {
-        background-image: none;
-        text-indent: 0;
-        color: $color-1;
-        width: 10px;
-        margin-left: -5px;
-        @extend [class^="icon-"]:before;
-
-        &:hover {
-          color: very-light($color-2, 25);
-        }
-      }
-    }
-    .ui-datepicker-prev {
-      left: 0;
-
-      .ui-icon {
-        @extend .icon-arrow-left;        
-      }
-    }
-    .ui-datepicker-next {
-      right: 0;
-
-      .ui-icon {
-        @extend .icon-arrow-right;
-      }
-
-      &:hover {
-        .ui-icon {
-          margin-left: -5px;
-        }        
-      }
-    }
-
-    .ui-datepicker-title {
-      color: $color-1;
-      text-transform: uppercase;
-      font-size: 85% !important;
-      padding: 6px 10px;
-    }
-  }
-
-  table.ui-datepicker-calendar {
-    border: none;
-
-    thead {
-      th { 
-        border-bottom: 1px solid $color-border;
-        border-right: 1px solid $color-border;
-        color: $color-body-text;
-        width: 33px;
-
-        &:last-child {
-          border-right: none;
-        }
-      }
-    }
-    tbody {
-      tr:hover {
-        td {
-          background-color: transparent !important;
-        }
-      }
-      &:last-child tr:last-child td {
-        border-bottom: none;
-      }
-      td {
-        a {
-          border: 1px solid transparent;
-          background-color: $color-1;
-          background-image: none;
-          font-size: 85%;
-          color: $color-body-text;
-
-          &.ui-state-active {
-            background-color: $color-2;
-            color: $color-1;
-          }
-
-          &:hover {
-            background-color: $color-2;
-            color: $color-1;
-            border-color: darken($color-2, 5);
-
-          }
-        }
-
-        &.ui-state-disabled {
-          .ui-state-default {
-            border: none;
-            background-image: none;
-            background-color: transparent;
-          }
-        }
-
-        &.ui-datepicker-today {
-          a {
-            background-color: $color-6;
-            color: $color-1;
-            border: 1px solid darken($color-6, 5);
-          }
-        }
-      }      
-    }
-  }
+input.datetimepicker {
+  min-width: 12.9em;
 }
+
+.container input[readonly].flatpickr-input,
+.container input[readonly].datepicker,
+.container input[readonly].datetimepicker {
+  background-color: $white;
+  cursor: pointer;
+}
+
+img.ui-datepicker-trigger {
+  margin-left: -1.75em;
+  position: absolute;
+  margin-top: 0.5em;
+}
+
+// scss-lint:enable QualifyingElement
--- a/app/assets/stylesheets/admin/datepicker.scss
+++ b/app/assets/stylesheets/admin/datepicker.scss
@@ -1,9 +0,0 @@
-input.datetimepicker {
-  min-width: 12.9em;
-}
-
-img.ui-datepicker-trigger {
-  margin-left: -1.75em;
-  position: absolute;
-  margin-top: 0.5em;
-}
--- a/app/assets/stylesheets/admin/plugins/flatpickr-customization.scss
+++ b/app/assets/stylesheets/admin/plugins/flatpickr-customization.scss
@@ -0,0 +1,62 @@
+$background-grey: #eceef1;
+$background-blue: #5498da;
+
+// scss-lint:disable SelectorFormat
+
+.flatpickr-calendar {
+  border-radius: 0;
+
+  // Disable animation
+  &.animate.open {
+    animation: none;
+  }
+
+  &.arrowBottom::after {
+    border-top-color: $background-grey;
+  }
+
+  &.arrowTop::after {
+    border-bottom-color: $background-blue;
+  }
+
+  .flatpickr-months .flatpickr-month {
+    border-radius: 0;
+  }
+
+  .flatpickr-months .flatpickr-month,
+  .flatpickr-current-month .flatpickr-monthDropdown-months {
+    background: $background-blue;
+  }
+
+  .flatpickr-weekdays {
+    background: $background-blue;
+
+    .flatpickr-weekday {
+      background: $background-blue;
+    }
+  }
+
+  .flatpickr-day.selected,
+  .flatpickr-day.startRange,
+  .flatpickr-day.endRange,
+  .flatpickr-day.selected.inRange,
+  .flatpickr-day.startRange.inRange,
+  .flatpickr-day.endRange.inRange,
+  .flatpickr-day.selected:focus,
+  .flatpickr-day.startRange:focus,
+  .flatpickr-day.endRange:focus,
+  .flatpickr-day.selected:hover,
+  .flatpickr-day.startRange:hover,
+  .flatpickr-day.endRange:hover,
+  .flatpickr-day.selected.prevMonthDay,
+  .flatpickr-day.startRange.prevMonthDay,
+  .flatpickr-day.endRange.prevMonthDay,
+  .flatpickr-day.selected.nextMonthDay,
+  .flatpickr-day.startRange.nextMonthDay,
+  .flatpickr-day.endRange.nextMonthDay {
+    background: $background-blue;
+    border-color: $background-blue;
+  }
+}
+
+// scss-lint:enable SelectorFormat
--- a/app/assets/stylesheets/admin/question-mark-tooltip.scss
+++ b/app/assets/stylesheets/admin/question-mark-tooltip.scss
@@ -0,0 +1,18 @@
+.joyride-tip-guide {
+  background: $color-3;
+  color: $white;
+  font-family: inherit;
+  font-weight: $font-weight-normal;
+  position: absolute;
+  z-index: 101;
+  padding: 5px 15px;
+
+  .joyride-nub.bottom {
+    border: 10px solid;
+    display: block;
+    height: 0;
+    position: absolute;
+    width: 0;
+  }
+}
+
--- a/app/assets/stylesheets/darkswarm/_shop-product-rows.scss
+++ b/app/assets/stylesheets/darkswarm/_shop-product-rows.scss
@@ -65,6 +65,14 @@
          }
        }

+        .variant-unit-price {
+          color: $grey-700;
+          font-size: 0.85rem;
+          margin-top: 15px;
+          position: relative;
+          left: -1px;
+        }
+
        // Total price
        .total-price {
          padding-left: 0rem;
--- a/app/assets/stylesheets/darkswarm/account.scss
+++ b/app/assets/stylesheets/darkswarm/account.scss
@@ -99,7 +99,6 @@
  .transaction-group {}

  table {
-    width: 100%;
    border-radius: $radius-medium $radius-medium 0 0;

    tr:nth-of-type(even) {
@@ -143,3 +142,29 @@
    width: 10%;
  }
 }
+
+table {
+  &.full {
+    width: 100%;
+  }
+
+  &.top-rounded {
+    border-radius: $radius-medium $radius-medium 0 0;
+  }
+}
+
+// Note this relies on the <th> using `.show-for-large-up` as well.
+.requiring-authorization tr {
+  position: relative;
+
+  th:last-child {
+    position: absolute;
+    // The following calculation is the equivalent of:
+    //
+    // $table-cell-padding + 2 * browser's default border-spacing + 2 * table border
+    //
+    // Unfortunately we can't use Scss's interpolation
+    // https://sass-lang.com/documentation/interpolation. We're using a too old version perhaps?
+    right: calc(12px + 2*2px + 2*1px);
+  }
+}
--- a/app/assets/stylesheets/darkswarm/all.scss
+++ b/app/assets/stylesheets/darkswarm/all.scss
@@ -21,3 +21,5 @@
 ofn-modal {
  display: block;
 }
+
+@import "../shared/question-mark-icon";
--- a/app/assets/stylesheets/darkswarm/branding.scss
+++ b/app/assets/stylesheets/darkswarm/branding.scss
@@ -42,8 +42,10 @@ $black: #000;
 $white: #fff;

 $grey-050: #f7f7f7;
+$grey-075: #f3f8fc;
 $grey-100: #e6e6e6;
 $grey-200: #ddd;
+$grey-250: #cfe1f3;
 $grey-300: #ccc;
 $grey-400: #bbb;
 $grey-500: #999;
@@ -53,6 +55,9 @@ $grey-650: #666;
 $grey-700: #555;
 $grey-800: #333;

+$tiny-blue: #80b2e1;
+$dynamic-blue: #3d8dd1;
+
 $teal-300: #80d3df;
 $teal-400: #4cb5c5;
 $teal-500: #0096ad;
--- a/app/assets/stylesheets/darkswarm/cart-dropdown.scss
+++ b/app/assets/stylesheets/darkswarm/cart-dropdown.scss
@@ -52,6 +52,11 @@
        font-size: 1.5em;
      }
    }
+
+    .unit-price {
+      justify-content: flex-end;
+    }
+
  }

  .go-shopping {
@@ -82,7 +87,8 @@
          padding: 0.5em 0 0.5em 1em;
        }

-        span {
+        span,
+        .total-price {
          color: $grey-800;
          font-size: 16px;
          line-height: 1.4em;
--- a/app/assets/stylesheets/darkswarm/cart-page.scss
+++ b/app/assets/stylesheets/darkswarm/cart-page.scss
@@ -44,6 +44,12 @@
    }
  }

+  .unit-price {
+    color: $grey-500;
+    font-size: $text-xs;
+  }
+
+
  input {
    &.ng-invalid-stock,
    &.ng-invalid-number {
--- a/app/assets/stylesheets/darkswarm/footer.scss
+++ b/app/assets/stylesheets/darkswarm/footer.scss
@@ -4,8 +4,8 @@

 footer {
  .row {
-    p a {
-      font-size: 0.875rem;
+    p {
+      font-size: 1rem;
    }

    a, a * {
@@ -107,9 +107,14 @@ footer {
        color: rgba($disabled-med, 0.35);
      }

+      p.text-big {
+        font-size: 1.5rem;
+        font-weight: 300;
+      }
+
      .social-icons {
-        margin-bottom: 0.25rem;
-        margin-top: 0.75rem;
+        margin-bottom: 0.9rem;
+        padding-top: 0.1rem;

        a {
          i {
@@ -128,5 +133,9 @@ footer {
        }
      }
    }
+
+    .legal p {
+      font-size: 0.875rem;
+    }
  }
 }
--- a/app/assets/stylesheets/darkswarm/map.scss
+++ b/app/assets/stylesheets/darkswarm/map.scss
@@ -64,32 +64,3 @@
    }
  }
 }
-
-.map-footer {
-  position: fixed;
-  z-index: 2;
-  width: 100%;
-  height: 23px;
-  left: 80px;
-  right: 0;
-  bottom: 6px;
-  margin: 0;
-  padding: 6px;
-  font-size: 14px;
-  font-weight: bold;
-  text-shadow: 2px 2px #aaa;
-  color: #fff;
-
-  a, a:hover, a:active, a:focus {
-    color: #fff;
-  }
-
-  @media all and (max-width: 1025px) {
-    left: 0px;
-  }
-}
-
-.tabs-content .map-footer {
-  position: relative;
-  bottom: 30px;
-}
--- a/app/assets/stylesheets/darkswarm/tables.scss
+++ b/app/assets/stylesheets/darkswarm/tables.scss
@@ -1,9 +1,11 @@
+$table-cell-padding: 12px;
+
 table {
  thead tr, tbody tr {
    th, td {
      box-sizing: border-box;
-      padding-left: 12px;
-      padding-right: 12px;
+      padding-left: $table-cell-padding;
+      padding-right: $table-cell-padding;
      overflow: hidden;
    }
  }
--- a/app/assets/stylesheets/darkswarm/ui.scss
+++ b/app/assets/stylesheets/darkswarm/ui.scss
@@ -61,6 +61,13 @@
  @include border-radius(0.5em);

  outline: none;
+
+  &.x-small {
+    padding: 0.5rem 0.75rem;
+    font-size: $text-xs;
+    font-weight: 600;
+    margin: 0;
+  }
 }

 .button.primary, button.primary {
--- a/app/assets/stylesheets/darkswarm/variables.scss
+++ b/app/assets/stylesheets/darkswarm/variables.scss
@@ -43,3 +43,7 @@ $radius-medium: 0.5em;

 $shop-sidebar-overlay: rgba(0, 0, 0, 0.5);
 $transition-sidebar: 250ms ease-in-out 0s;
+
+$padding-small: 0.5rem;
+
+$text-xs: 0.75rem;
--- a/app/assets/stylesheets/mail/email.scss
+++ b/app/assets/stylesheets/mail/email.scss
@@ -63,6 +63,12 @@ p.notice {
  margin-top: 20px;
 }

+.powered-by-ofn {
+  background-color: #ebebeb;
+  padding: .5em;
+  text-align: center;
+}
+
 table.social {
  background-color: #ebebeb;

--- a/app/assets/stylesheets/shared/question-mark-icon.scss
+++ b/app/assets/stylesheets/shared/question-mark-icon.scss
@@ -0,0 +1,96 @@
+@import "variables/variables";
+
+.unit-price {
+  display: flex;
+  align-items: center;
+}
+
+.question-mark-icon {
+  background-image: image-url("question-mark-icon.svg");
+  background-size: cover;
+  background-repeat: no-repeat;
+  border-radius: 50%;
+
+  // Reset button element css attributes
+  padding: 0;
+  margin: 0;
+  width: 20px;
+  min-width: 20px;
+  height: 20px;
+  background-color: transparent;
+
+  &:hover,
+  &:focus {
+    background-color: transparent;
+  }
+
+  &.open {
+    background-image: none;
+    background-color: $teal-500;
+
+    &:focus {
+      outline: 0;
+    }
+
+    &::before {
+      @include icon-font;
+      content: "";
+      color: $white;
+    }
+  }
+}
+
+// Question mark icon into a field
+.field .question-mark-icon {
+  width: 15px;
+  min-width: 15px;
+  height: 15px;
+}
+
+.joyride-tip-guide.question-mark-tooltip {
+  width: 16rem;
+  max-width: 65%;
+  // JS needs to be tweaked to adjust for left alignment - this is dynamic can't rewrite in CSS
+  margin-left: -7.4rem;
+  margin-top: -0.1rem;
+  background-color: transparent;
+
+  .background {
+    position: fixed;
+    top: 0;
+    left: 0;
+    width: 100%;
+    height: 100%;
+    z-index: -1;
+    cursor: pointer;
+  }
+
+  .joyride-content-wrapper {
+    background-color: $dynamic-blue;
+    padding: $padding-small;
+    border-radius: $radius-small;
+    color: $white;
+    width: 100%;
+    font-size: 0.8rem;
+  }
+
+  .joyride-nub.bottom {
+    // Need to rewrite all with !important as it's marked as !important in the original file
+    border-color: $dynamic-blue !important;
+    border-bottom-color: transparent !important;
+    border-left-color: transparent !important;
+    border-right-color: transparent !important;
+    left: 7.4rem;
+    z-index: -1;
+  }
+
+  &.cart-sidebar {
+    // Small size (used in the cart sidebar)
+    width: 13rem;
+    margin-left: -10.4rem;
+
+    .joyride-nub.bottom {
+      left: 10.4rem;
+    }
+  }
+}
--- a/app/assets/stylesheets/shared/variables/variables.scss
+++ b/app/assets/stylesheets/shared/variables/variables.scss
@@ -0,0 +1,25 @@
+$padding-small: 0.5rem;
+$radius-small: 0.25em;
+$white: #fff;
+$dynamic-blue: #3d8dd1;
+$teal-500: #0096ad;
+
+@font-face {
+	font-family: 'OFN';
+	src: font-url('OFN-v2.eot');
+	src: font-url('OFN-v2.eot') format('embedded-opentype'),
+		font-url('OFN-v2.woff') format('woff'),
+		font-url('OFN-v2.ttf') format('truetype'),
+		font-url('OFN-v2.svg') format('svg');
+	font-weight: normal;
+	font-style: normal;
+}
+
+@mixin icon-font {
+  font-family: "OFN";
+  display: inline-block;
+  font-weight: normal;
+  font-style: normal;
+  font-variant: normal;
+  text-transform: none;
+}
--- a/app/controllers/admin/bulk_line_items_controller.rb
+++ b/app/controllers/admin/bulk_line_items_controller.rb
@@ -33,8 +33,10 @@ module Admin
      # and https://www.postgresql.org/docs/current/static/sql-select.html#SQL-FOR-UPDATE-SHARE
      order.with_lock do
        if @line_item.update(line_item_params)
-          order.update_distribution_charge!
-          render nothing: true, status: :no_content # No Content, does not trigger ng resource auto-update
+          order.update_line_item_fees! @line_item
+          order.update_order_fees!
+          order.update!
+          render body: nil, status: :no_content # No Content, does not trigger ng resource auto-update
        else
          render json: { errors: @line_item.errors }, status: :precondition_failed
        end
@@ -48,7 +50,7 @@ module Admin
      authorize! :update, order

      @line_item.destroy
-      render nothing: true, status: :no_content # No Content, does not trigger ng resource auto-update
+      render body: nil, status: :no_content # No Content, does not trigger ng resource auto-update
    end

    private
--- a/app/controllers/admin/column_preferences_controller.rb
+++ b/app/controllers/admin/column_preferences_controller.rb
@@ -12,7 +12,7 @@ module Admin
      elsif @cp_set.errors.present?
        render json: { errors: @cp_set.errors }, status: :bad_request
      else
-        render nothing: true, status: :internal_server_error
+        render body: nil, status: :internal_server_error
      end
    end

--- a/app/controllers/admin/customers_controller.rb
+++ b/app/controllers/admin/customers_controller.rb
@@ -74,7 +74,12 @@ module Admin
    def collection
      if json_request? && params[:enterprise_id].present?
        customers_relation.
-          includes(:bill_address, :ship_address, user: :credit_cards)
+          includes(
+            :enterprise,
+            { bill_address: [:state, :country] },
+            { ship_address: [:state, :country] },
+            user: :credit_cards
+          )
      else
        Customer.where('1=0')
      end
--- a/app/controllers/admin/enterprise_fees_controller.rb
+++ b/app/controllers/admin/enterprise_fees_controller.rb
@@ -10,6 +10,8 @@ module Admin

      blank_enterprise_fee = EnterpriseFee.new
      blank_enterprise_fee.enterprise = current_enterprise
+
+      @collection = @collection.to_a
      3.times { @collection << blank_enterprise_fee }

      respond_to do |format|
--- a/app/controllers/admin/enterprise_groups_controller.rb
+++ b/app/controllers/admin/enterprise_groups_controller.rb
@@ -25,15 +25,14 @@ module Admin

    protected

-    def build_resource_with_address
-      enterprise_group = build_resource_without_address
+    def build_resource
+      enterprise_group = super
      enterprise_group.address = Spree::Address.new
      enterprise_group.address.country = Spree::Country.find_by(
        id: Spree::Config[:default_country_id]
      )
      enterprise_group
    end
-    alias_method_chain :build_resource, :address

    # Overriding method on Spree's resource controller,
    # so that resources are found using permalink.
--- a/app/controllers/admin/enterprise_relationships_controller.rb
+++ b/app/controllers/admin/enterprise_relationships_controller.rb
@@ -14,7 +14,7 @@ module Admin
      @enterprise_relationship = EnterpriseRelationship.new enterprise_relationship_params

      if @enterprise_relationship.save
-        render text: Api::Admin::EnterpriseRelationshipSerializer.new(@enterprise_relationship).to_json
+        render plain: Api::Admin::EnterpriseRelationshipSerializer.new(@enterprise_relationship).to_json
      else
        render status: :bad_request, json: { errors: @enterprise_relationship.errors.full_messages.join(', ') }
      end
@@ -23,7 +23,7 @@ module Admin
    def destroy
      @enterprise_relationship = EnterpriseRelationship.find params[:id]
      @enterprise_relationship.destroy
-      render nothing: true
+      render body: nil
    end

    private
--- a/app/controllers/admin/enterprise_roles_controller.rb
+++ b/app/controllers/admin/enterprise_roles_controller.rb
@@ -10,7 +10,7 @@ module Admin
      @enterprise_role = EnterpriseRole.new enterprise_role_params

      if @enterprise_role.save
-        render text: Api::Admin::EnterpriseRoleSerializer.new(@enterprise_role).to_json
+        render plain: Api::Admin::EnterpriseRoleSerializer.new(@enterprise_role).to_json

      else
        render status: :bad_request, json: { errors: @enterprise_role.errors.full_messages.join(', ') }
@@ -20,7 +20,7 @@ module Admin
    def destroy
      @enterprise_role = EnterpriseRole.find params[:id]
      @enterprise_role.destroy
-      render nothing: true
+      render body: nil
    end

    private
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -64,12 +64,14 @@ module Admin
    end

    def register
-      if params[:sells] == 'unspecified'
+      register_params = params.permit(:sells)
+
+      if register_params[:sells] == 'unspecified'
        flash[:error] = I18n.t(:enterprise_register_package_error)
        return render :welcome, layout: "spree/layouts/bare_admin"
      end

-      attributes = { sells: params[:sells], visible: true }
+      attributes = { sells: register_params[:sells], visible: true }

      if @enterprise.update(attributes)
        flash[:success] = I18n.t(:enterprise_register_success_notice, enterprise: @enterprise.name)
@@ -112,13 +114,12 @@ module Admin

    protected

-    def build_resource_with_address
-      enterprise = build_resource_without_address
+    def build_resource
+      enterprise = super
      enterprise.address ||= Spree::Address.new
      enterprise.address.country ||= Spree::Country.find_by(id: Spree::Config[:default_country_id])
      enterprise
    end
-    alias_method_chain :build_resource, :address

    # Overriding method on Spree's resource controller,
    # so that resources are found using permalink
@@ -245,31 +246,31 @@ module Admin

    def check_can_change_sells
      unless spree_current_user.admin? || spree_current_user == @enterprise.owner
-        params[:enterprise].delete :sells
+        enterprise_params.delete :sells
      end
    end

    def override_owner
-      params[:enterprise][:owner_id] = spree_current_user.id unless spree_current_user.admin?
+      enterprise_params[:owner_id] = spree_current_user.id unless spree_current_user.admin?
    end

    def override_sells
      unless spree_current_user.admin?
        has_hub = spree_current_user.owned_enterprises.is_hub.any?
        new_enterprise_is_producer = Enterprise.new(enterprise_params).is_primary_producer
-        params[:enterprise][:sells] = has_hub && !new_enterprise_is_producer ? 'any' : 'none'
+        enterprise_params[:sells] = has_hub && !new_enterprise_is_producer ? 'any' : 'none'
      end
    end

    def check_can_change_owner
      unless ( spree_current_user == @enterprise.owner ) || spree_current_user.admin?
-        params[:enterprise].delete :owner_id
+        enterprise_params.delete :owner_id
      end
    end

    def check_can_change_bulk_owner
      unless spree_current_user.admin?
-        params[:sets_enterprise_set][:collection_attributes].each do |_i, enterprise_params|
+        bulk_params[:collection_attributes].each do |_i, enterprise_params|
          enterprise_params.delete :owner_id
        end
      end
@@ -277,15 +278,15 @@ module Admin

    def check_can_change_managers
      unless ( spree_current_user == @enterprise.owner ) || spree_current_user.admin?
-        params[:enterprise].delete :user_ids
+        enterprise_params.delete :user_ids
      end
    end

    def strip_new_properties
-      unless spree_current_user.admin? || params[:enterprise][:producer_properties_attributes].nil?
+      unless spree_current_user.admin? || params.dig(:enterprise, :producer_properties_attributes).nil?
        names = Spree::Property.pluck(:name)
-        params[:enterprise][:producer_properties_attributes].each do |key, property|
-          params[:enterprise][:producer_properties_attributes].delete key unless names.include? property[:property_name]
+        enterprise_params[:producer_properties_attributes].each do |key, property|
+          enterprise_params[:producer_properties_attributes].delete key unless names.include? property[:property_name]
        end
      end
    end
@@ -317,13 +318,14 @@ module Admin
    end

    def enterprise_params
-      PermittedAttributes::Enterprise.new(params).call
+      @enterprise_params ||= PermittedAttributes::Enterprise.new(params).call.
+        to_h.with_indifferent_access
    end

    def bulk_params
-      params.require(:sets_enterprise_set).permit(
+      @bulk_params ||= params.require(:sets_enterprise_set).permit(
        collection_attributes: PermittedAttributes::Enterprise.attributes
-      )
+      ).to_h.with_indifferent_access
    end

    # Used in Admin::ResourceController#create
--- a/app/controllers/admin/invoice_settings_controller.rb
+++ b/app/controllers/admin/invoice_settings_controller.rb
@@ -1,7 +1,7 @@
 module Admin
  class InvoiceSettingsController < Spree::Admin::BaseController
    def update
-      Spree::Config.set(params[:preferences])
+      Spree::Config.set(preferences_params.to_h)

      respond_to do |format|
        format.html {
@@ -9,5 +9,15 @@ module Admin
        }
      end
    end
+
+    private
+
+    def preferences_params
+      params.require(:preferences).permit(
+        :enable_invoices?,
+        :invoice_style2?,
+        :enable_receipt_printing?,
+      )
+    end
  end
 end
--- a/app/controllers/admin/matomo_settings_controller.rb
+++ b/app/controllers/admin/matomo_settings_controller.rb
@@ -1,7 +1,7 @@
 module Admin
  class MatomoSettingsController < Spree::Admin::BaseController
    def update
-      Spree::Config.set(params[:preferences])
+      Spree::Config.set(preferences_params.to_h)

      respond_to do |format|
        format.html {
@@ -9,5 +9,15 @@ module Admin
        }
      end
    end
+
+    private
+
+    def preferences_params
+      params.require(:preferences).permit(
+        :matomo_url,
+        :matomo_site_id,
+        :matomo_tag_manager_url,
+      )
+    end
  end
 end
--- a/app/controllers/admin/order_cycles_controller.rb
+++ b/app/controllers/admin/order_cycles_controller.rb
@@ -101,7 +101,7 @@ module Admin

    def collection
      return Enterprise.where("1=0") unless json_request?
-      return order_cycles_from_set if params[:order_cycle_set]
+      return order_cycles_from_set if params[:order_cycle_set].present?

      ocs = order_cycles
      ocs.undated | ocs.soonest_closing | ocs.soonest_opening | ocs.closed
@@ -126,7 +126,7 @@ module Admin
    def order_cycles_as_distributor
      OrderCycle.
        preload(:schedules).
-        ransack(params[:q]).
+        ransack(raw_params[:q]).
        result.
        involving_managed_distributors_of(spree_current_user).
        order('updated_at DESC')
@@ -135,7 +135,7 @@ module Admin
    def order_cycles_as_producer
      OrderCycle.
        preload(:schedules).
-        ransack(params[:q]).
+        ransack(raw_params[:q]).
        result.
        involving_managed_producers_of(spree_current_user).
        order('updated_at DESC')
@@ -144,7 +144,7 @@ module Admin
    def order_cycles_as_both
      OrderCycle.
        preload(:schedules).
-        ransack(params[:q]).
+        ransack(raw_params[:q]).
        result.
        visible_by(spree_current_user)
    end
@@ -153,9 +153,9 @@ module Admin
      if json_request?
        # Split ransack params into all those that currently exist and new ones
        #   to limit returned ocs to recent or undated
-        orders_close_at_gt = params[:q].andand.delete(:orders_close_at_gt) || 31.days.ago
-        params[:q] = {
-          g: [params.delete(:q) || {}, { m: 'or',
+        orders_close_at_gt = raw_params[:q].andand.delete(:orders_close_at_gt) || 31.days.ago
+        raw_params[:q] = {
+          g: [raw_params.delete(:q) || {}, { m: 'or',
                                         orders_close_at_gt: orders_close_at_gt,
                                         orders_close_at_null: true }]
        }
@@ -199,27 +199,30 @@ module Admin
    end

    def remove_protected_attrs
-      params[:order_cycle].delete :coordinator_id
+      return if order_cycle_params.blank?
+
+      order_cycle_params.delete :coordinator_id

      unless Enterprise.managed_by(spree_current_user).include?(@order_cycle.coordinator)
-        params[:order_cycle].delete_if do |k, _v|
+        order_cycle_params.delete_if do |k, _v|
          [:name, :orders_open_at, :orders_close_at].include? k.to_sym
        end
      end
    end

-    def remove_unauthorized_bulk_attrs
-      params[:order_cycle_set][:collection_attributes].each do |i, hash|
+    def authorized_order_cycles
+      managed_ids = managed_enterprises.map(&:id)
+
+      (order_cycle_bulk_params[:collection_attributes] || []).keep_if do |_index, hash|
        order_cycle = OrderCycle.find(hash[:id])
-        unless Enterprise.managed_by(spree_current_user).include?(order_cycle.andand.coordinator)
-          params[:order_cycle_set][:collection_attributes].delete i
-        end
+        managed_ids.include?(order_cycle.andand.coordinator_id)
      end
    end

    def order_cycles_from_set
-      remove_unauthorized_bulk_attrs
-      OrderCycle.where(id: params[:order_cycle_set][:collection_attributes].map{ |_k, v| v[:id] })
+      return if authorized_order_cycles.blank?
+
+      OrderCycle.where(id: authorized_order_cycles.map{ |_k, v| v[:id] })
    end

    def order_cycle_set
@@ -227,7 +230,7 @@ module Admin
    end

    def require_order_cycle_set_params
-      return if params[:order_cycle_set]
+      return if params[:order_cycle_set].present?

      render json: { errors: t('admin.order_cycles.bulk_update.no_data') },
             status: :unprocessable_entity
@@ -238,13 +241,14 @@ module Admin
    end

    def order_cycle_params
-      PermittedAttributes::OrderCycle.new(params).call
+      @order_cycle_params ||= PermittedAttributes::OrderCycle.new(params).call.
+        to_h.with_indifferent_access
    end

    def order_cycle_bulk_params
      params.require(:order_cycle_set).permit(
        collection_attributes: [:id] + PermittedAttributes::OrderCycle.basic_attributes
-      )
+      ).to_h.with_indifferent_access
    end
  end
 end
--- a/app/controllers/admin/resource_controller.rb
+++ b/app/controllers/admin/resource_controller.rb
@@ -62,7 +62,7 @@ module Admin
      end

      respond_to do |format|
-        format.js { render text: 'Ok' }
+        format.js { render plain: 'Ok' }
      end
    end

--- a/app/controllers/admin/stripe_accounts_controller.rb
+++ b/app/controllers/admin/stripe_accounts_controller.rb
@@ -3,7 +3,7 @@ require 'stripe/account_connector'
 module Admin
  class StripeAccountsController < Spree::Admin::BaseController
    def connect
-      payload = params.slice(:enterprise_id)
+      payload = params.permit(:enterprise_id).to_h
      key = Openfoodnetwork::Application.config.secret_token
      url_params = { state: JWT.encode(payload, key, 'HS256'), scope: "read_write" }
      redirect_to Stripe::OAuth.authorize_url(url_params)
--- a/app/controllers/admin/stripe_connect_settings_controller.rb
+++ b/app/controllers/admin/stripe_connect_settings_controller.rb
@@ -17,7 +17,7 @@ module Admin
    end

    def update
-      Spree::Config.set(params[:settings])
+      Spree::Config.set(settings_params.to_h)
      resource = t('admin.controllers.stripe_connect_settings.resource')
      flash[:success] = t(:successfully_updated, resource: resource)
      redirect_to_edit
@@ -37,5 +37,11 @@ module Admin
      key = Stripe.api_key
      key.first(8) + "****" + key.last(4)
    end
+
+    def settings_params
+      params.require(:settings).permit(
+        :stripe_connect_enabled,
+      )
+    end
  end
 end
--- a/app/controllers/admin/subscriptions_controller.rb
+++ b/app/controllers/admin/subscriptions_controller.rb
@@ -57,14 +57,13 @@ module Admin
    end

    def unpause
-      params[:subscription][:paused_at] = nil
-      save_form_and_render
+      save_form_and_render(true, unpause: true)
    end

    private

-    def save_form_and_render(render_issues = true)
-      form = OrderManagement::Subscriptions::Form.new(@subscription, subscription_params)
+    def save_form_and_render(render_issues = true, options = {})
+      form = OrderManagement::Subscriptions::Form.new(@subscription, subscription_params, options)
      unless form.save
        render json: { errors: form.json_errors }, status: :unprocessable_entity
        return
@@ -106,22 +105,22 @@ module Admin

    # Wrap :subscription_line_items_attributes in :subscription root
    def wrap_nested_attrs
-      if params[:subscription_line_items].is_a? Array
-        attributes = params[:subscription_line_items].map do |sli|
+      if raw_params[:subscription_line_items].is_a? Array
+        attributes = raw_params[:subscription_line_items].map do |sli|
          sli.slice(*SubscriptionLineItem.attribute_names + ["_destroy"])
        end
-        params[:subscription][:subscription_line_items_attributes] = attributes
+        subscription_params[:subscription_line_items_attributes] = attributes
      end
      wrap_bill_address_attrs if params[:bill_address]
      wrap_ship_address_attrs if params[:ship_address]
    end

    def wrap_bill_address_attrs
-      params[:subscription][:bill_address_attributes] = params[:bill_address].slice(*Spree::Address.attribute_names)
+      subscription_params[:bill_address_attributes] = raw_params[:bill_address].slice(*Spree::Address.attribute_names)
    end

    def wrap_ship_address_attrs
-      params[:subscription][:ship_address_attributes] = params[:ship_address].slice(*Spree::Address.attribute_names)
+      subscription_params[:ship_address_attributes] = raw_params[:ship_address].slice(*Spree::Address.attribute_names)
    end

    def check_for_open_orders
@@ -141,8 +140,8 @@ module Admin
    end

    def strip_banned_attrs
-      params[:subscription].delete :schedule_id
-      params[:subscription].delete :customer_id
+      subscription_params.delete :schedule_id
+      subscription_params.delete :customer_id
    end

    # Overriding Spree method to load data from params here so that
@@ -156,7 +155,8 @@ module Admin
    end

    def subscription_params
-      PermittedAttributes::Subscription.new(params).call
+      @subscription_params ||= PermittedAttributes::Subscription.new(params).call.
+        to_h.with_indifferent_access
    end
  end
 end
--- a/app/controllers/admin/tag_rules_controller.rb
+++ b/app/controllers/admin/tag_rules_controller.rb
@@ -3,7 +3,7 @@ module Admin
    respond_to :json

    respond_override destroy: { json: {
-      success: lambda { render nothing: true, status: :no_content }
+      success: lambda { render body: nil, status: :no_content }
    } }

    def map_by_tag
--- a/app/controllers/admin/variant_overrides_controller.rb
+++ b/app/controllers/admin/variant_overrides_controller.rb
@@ -21,7 +21,7 @@ module Admin
      elsif @vo_set.errors.present?
        render json: { errors: @vo_set.errors }, status: :bad_request
      else
-        render nothing: true, status: :internal_server_error
+        render body: nil, status: :internal_server_error
      end
    end

@@ -103,13 +103,13 @@ module Admin
    end

    def variant_overrides_params
-      params.require(:variant_overrides).map do |variant_override|
-        variant_override.permit(
+      params.permit(
+        variant_overrides: [
          :id, :variant_id, :hub_id,
          :price, :count_on_hand, :sku, :on_demand,
          :default_stock, :resettable, :tag_list
-        )
-      end
+        ]
+      ).to_h[:variant_overrides]
    end
  end
 end
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -4,6 +4,7 @@ require "spree/core/controller_helpers/ssl"

 module Api
  class BaseController < ActionController::Metal
+    include RawParams
    include ActionController::StrongParameters
    include ActionController::RespondWith
    include Spree::Api::ControllerSetup
--- a/app/controllers/api/enterprise_fees_controller.rb
+++ b/app/controllers/api/enterprise_fees_controller.rb
@@ -6,9 +6,9 @@ module Api
      authorize! :destroy, enterprise_fee

      if enterprise_fee.destroy
-        render text: I18n.t(:successfully_removed), status: :no_content
+        render plain: I18n.t(:successfully_removed), status: :no_content
      else
-        render text: enterprise_fee.errors.full_messages.first, status: :forbidden
+        render plain: enterprise_fee.errors.full_messages.first, status: :forbidden
      end
    end

--- a/app/controllers/api/enterprises_controller.rb
+++ b/app/controllers/api/enterprises_controller.rb
@@ -11,7 +11,7 @@ module Api

      # params[:user_ids] breaks the enterprise creation
      # We remove them from params and save them after creating the enterprise
-      user_ids = params[:enterprise].delete(:user_ids)
+      user_ids = enterprise_params.delete(:user_ids)
      @enterprise = Enterprise.new(enterprise_params)
      if @enterprise.save
        @enterprise.user_ids = user_ids
@@ -37,9 +37,9 @@ module Api
      authorize! :update, @enterprise

      if params[:logo] && @enterprise.update( logo: params[:logo] )
-        render text: @enterprise.logo.url(:medium), status: :ok
+        render plain: @enterprise.logo.url(:medium), status: :ok
      elsif params[:promo] && @enterprise.update( promo_image: params[:promo] )
-        render text: @enterprise.promo_image.url(:medium), status: :ok
+        render plain: @enterprise.promo_image.url(:medium), status: :ok
      else
        invalid_resource!(@enterprise)
      end
@@ -48,30 +48,31 @@ module Api
    private

    def override_owner
-      params[:enterprise][:owner_id] = current_api_user.id
+      enterprise_params[:owner_id] = current_api_user.id
    end

    def check_type
-      params[:enterprise].delete :type unless current_api_user.admin?
+      enterprise_params.delete :type unless current_api_user.admin?
    end

    def override_sells
      has_hub = current_api_user.owned_enterprises.is_hub.any?
-      new_enterprise_is_producer = !!params[:enterprise][:is_primary_producer]
+      new_enterprise_is_producer = !!enterprise_params[:is_primary_producer]

-      params[:enterprise][:sells] = if has_hub && !new_enterprise_is_producer
-                                      'any'
-                                    else
-                                      'unspecified'
-                                    end
+      enterprise_params[:sells] = if has_hub && !new_enterprise_is_producer
+                                    'any'
+                                  else
+                                    'unspecified'
+                                  end
    end

    def override_visible
-      params[:enterprise][:visible] = false
+      enterprise_params[:visible] = false
    end

    def enterprise_params
-      PermittedAttributes::Enterprise.new(params).call
+      @enterprise_params ||= PermittedAttributes::Enterprise.new(params).call.
+        to_h.with_indifferent_access
    end
  end
 end
--- a/app/controllers/api/exchange_products_controller.rb
+++ b/app/controllers/api/exchange_products_controller.rb
@@ -18,7 +18,7 @@ module Api
    #   In this case parameters are: enterprise_id, order_cycle_id and incoming
    #     (order_cycle_id is not necessary for incoming exchanges)
    def index
-      if params[:exchange_id].present?
+      if exchange_params[:exchange_id].present?
        load_data_from_exchange
      else
        load_data_from_other_params
@@ -32,7 +32,7 @@ module Api
    private

    def render_variant_count
-      render text: {
+      render plain: {
        count: variants.count
      }.to_json
    end
@@ -59,7 +59,7 @@ module Api
    end

    def load_data_from_exchange
-      exchange = Exchange.find_by(id: params[:exchange_id])
+      exchange = Exchange.find_by(id: exchange_params[:exchange_id])

      @order_cycle = exchange.order_cycle
      @incoming = exchange.incoming
@@ -67,14 +67,16 @@ module Api
    end

    def load_data_from_other_params
-      @enterprise = Enterprise.find_by(id: params[:enterprise_id])
+      @enterprise = Enterprise.find_by(id: exchange_params[:enterprise_id])

-      if params[:order_cycle_id]
-        @order_cycle = OrderCycle.find_by(id: params[:order_cycle_id])
-      elsif !params[:incoming]
+      # This will be a string (eg "true") when it arrives via params, but we want a boolean
+      @incoming = ActiveModel::Type::Boolean.new.cast exchange_params[:incoming]
+
+      if exchange_params[:order_cycle_id]
+        @order_cycle = OrderCycle.find_by(id: exchange_params[:order_cycle_id])
+      elsif !@incoming
        raise "order_cycle_id is required to list products for new outgoing exchange"
      end
-      @incoming = params[:incoming]
    end

    def render_paginated_products(paginated_products)
@@ -89,5 +91,10 @@ module Api
        pagination: pagination_data(paginated_products)
      }
    end
+
+    def exchange_params
+      params.permit(:enterprise_id, :exchange_id, :order_cycle_id, :incoming).
+        to_h.with_indifferent_access
+    end
  end
 end
--- a/app/controllers/api/orders_controller.rb
+++ b/app/controllers/api/orders_controller.rb
@@ -47,7 +47,7 @@ module Api
    private

    def payment_capture_failed
-      render json: { error: t(:payment_processing_failed) }, status: :unprocessable_entity
+      render json: { error: I18n.t(:payment_processing_failed) }, status: :unprocessable_entity
    end

    def serialized_orders(orders)
--- a/app/controllers/api/products_controller.rb
+++ b/app/controllers/api/products_controller.rb
@@ -7,6 +7,8 @@ module Api
    respond_to :json
    DEFAULT_PER_PAGE = 15

+    before_action :set_default_available_on, only: :create
+
    skip_authorization_check only: [:show, :bulk_products, :overridable]

    def show
@@ -16,8 +18,8 @@ module Api

    def create
      authorize! :create, Spree::Product
-      params[:product][:available_on] ||= Time.zone.now
      @product = Spree::Product.new(product_params)
+
      begin
        if @product.save
          render json: @product, serializer: Api::Admin::ProductSerializer, status: :created
@@ -146,7 +148,12 @@ module Api
    end

    def product_params
-      params.require(:product).permit PermittedAttributes::Product.attributes
+      @product_params ||=
+        params.permit(product: PermittedAttributes::Product.attributes)[:product].to_h
+    end
+
+    def set_default_available_on
+      product_params[:available_on] ||= Time.zone.now
    end
  end
 end
--- a/app/controllers/api/shipments_controller.rb
+++ b/app/controllers/api/shipments_controller.rb
@@ -27,13 +27,13 @@ module Api
      unlock = params[:shipment].delete(:unlock)

      if unlock == 'yes'
-        @shipment.adjustment.open
+        @shipment.fee_adjustment.open
      end

      @shipment.update(shipment_params[:shipment])

      if unlock == 'yes'
-        @shipment.adjustment.close
+        @shipment.fee_adjustment.close
      end

      render json: @shipment.reload, serializer: Api::ShipmentSerializer, status: :ok
--- a/app/controllers/api/shops_controller.rb
+++ b/app/controllers/api/shops_controller.rb
@@ -8,7 +8,7 @@ module Api
    def show
      enterprise = Enterprise.find_by(id: params[:id])

-      render text: Api::EnterpriseShopfrontSerializer.new(enterprise).to_json, status: :ok
+      render plain: Api::EnterpriseShopfrontSerializer.new(enterprise).to_json, status: :ok
    end

    def closed_shops
--- a/app/controllers/api/taxons_controller.rb
+++ b/app/controllers/api/taxons_controller.rb
@@ -8,9 +8,9 @@ module Api
      @taxons = if taxonomy
                  taxonomy.root.children
                elsif params[:ids]
-                  Spree::Taxon.where(id: params[:ids].split(","))
+                  Spree::Taxon.where(id: raw_params[:ids].split(","))
                else
-                  Spree::Taxon.ransack(params[:q]).result
+                  Spree::Taxon.ransack(raw_params[:q]).result
                end
      render json: @taxons, each_serializer: Api::TaxonSerializer
    end
@@ -31,7 +31,7 @@ module Api
        invalid_resource!(@taxon) && return
      end

-      @taxon.parent_id = taxonomy.root.id unless params[:taxon][:parent_id]
+      @taxon.parent_id = taxonomy.root.id unless params.dig(:taxon, :parent_id)

      if @taxon.save
        render json: @taxon, serializer: Api::TaxonSerializer, status: :created
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -23,6 +23,7 @@ class ApplicationController < ActionController::Base
  prepend_before_action :restrict_iframes
  before_action :set_cache_headers # prevent cart emptying via cache when using back button #1213

+  include RawParams
  include EnterprisesHelper
  include Spree::AuthenticationHelpers

--- a/app/controllers/cart_controller.rb
+++ b/app/controllers/cart_controller.rb
@@ -4,29 +4,23 @@ class CartController < BaseController
  def populate
    order = current_order(true)

-    # Without intervention, the Spree::Adjustment#update_adjustable callback is called many times
-    # during cart population, for both taxation and enterprise fees. This operation triggers a
-    # costly Spree::Order#update!, which only needs to be run once. We avoid this by disabling
-    # callbacks on Spree::Adjustment and then manually invoke Spree::Order#update! on success.
-    Spree::Adjustment.without_callbacks do
-      cart_service = CartService.new(order)
+    cart_service = CartService.new(order)

-      cart_service.populate(params.slice(:variants, :quantity), true)
-      if cart_service.valid?
-        order.update_distribution_charge!
-        order.cap_quantity_at_stock!
-        order.update!
+    cart_service.populate(params.slice(:variants, :quantity), true)
+    if cart_service.valid?
+      order.cap_quantity_at_stock!
+      order.recreate_all_fees!

-        variant_ids = variant_ids_in(cart_service.variants_h)
+      variant_ids = variant_ids_in(cart_service.variants_h)

-        render json: { error: false,
-                       stock_levels: VariantsStockLevels.new.call(order, variant_ids) },
-               status: :ok
-      else
-        render json: { error: cart_service.errors.full_messages.join(",") },
-               status: :precondition_failed
-      end
+      render json: { error: false,
+                     stock_levels: VariantsStockLevels.new.call(order, variant_ids) },
+             status: :ok
+    else
+      render json: { error: cart_service.errors.full_messages.join(",") },
+             status: :precondition_failed
    end
+
    populate_variant_attributes
  end

@@ -56,7 +50,8 @@ class CartController < BaseController

  def populate_variant_attributes_from_variant(order)
    params[:variant_attributes].each do |variant_id, attributes|
-      order.set_variant_attributes(Spree::Variant.find(variant_id), attributes)
+      permitted = attributes.permit(:quantity, :max_quantity).to_h.with_indifferent_access
+      order.set_variant_attributes(Spree::Variant.find(variant_id), permitted)
    end
  end

--- a/app/controllers/checkout_controller.rb
+++ b/app/controllers/checkout_controller.rb
@@ -6,15 +6,15 @@ class CheckoutController < ::BaseController
  layout 'darkswarm'

  include OrderStockCheck
-  include CheckoutHelper
-  include OrderCyclesHelper
-  include EnterprisesHelper
+
+  helper 'terms_and_conditions'
+  helper 'checkout'

  ssl_required

  # We need pessimistic locking to avoid race conditions.
  # Otherwise we fail on duplicate indexes or end up with negative stock.
-  prepend_around_action CurrentOrderLocker, only: :update
+  prepend_around_action CurrentOrderLocker, only: [:edit, :update]

  prepend_before_action :check_hub_ready_for_checkout
  prepend_before_action :check_order_cycle_expiry
@@ -46,7 +46,7 @@ class CheckoutController < ::BaseController

  def update
    params_adapter = Checkout::FormDataAdapter.new(permitted_params, @order, spree_current_user)
-    return action_failed unless @order.update(params_adapter.params[:order])
+    return action_failed unless @order.update(params_adapter.params[:order] || {})

    checkout_workflow(params_adapter.shipping_method_id)
  rescue Spree::Core::GatewayError => e
@@ -54,6 +54,8 @@ class CheckoutController < ::BaseController
  rescue StandardError => e
    flash[:error] = I18n.t("checkout.failed")
    action_failed(e)
+  ensure
+    @order.update!
  end

  # Clears the cached order. Required for #current_order to return a new order
--- a/app/controllers/concerns/raw_params.rb
+++ b/app/controllers/concerns/raw_params.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# In Rails 5, the params object no longer responds in the same way. It is not a hash but an object,
+# it does not have indifferent access, and non-permitted attributes are removed. In order to access
+# the raw params directly, we need to call params.to_unsafe_h
+
+module RawParams
+  extend ActiveSupport::Concern
+
+  private
+
+  def raw_params
+    @raw_params ||= params.to_unsafe_h
+  end
+end
--- a/app/controllers/discourse_sso_controller.rb
+++ b/app/controllers/discourse_sso_controller.rb
@@ -19,7 +19,7 @@ class DiscourseSsoController < ApplicationController
      begin
        redirect_to sso_url
      rescue TypeError
-        render text: "Bad SingleSignOn request.", status: :bad_request
+        render plain: "Bad SingleSignOn request.", status: :bad_request
      end
    else
      redirect_to login_path
--- a/app/controllers/enterprises_controller.rb
+++ b/app/controllers/enterprises_controller.rb
@@ -39,14 +39,14 @@ class EnterprisesController < BaseController

  def check_permalink
    if Enterprise.find_by permalink: params[:permalink]
-      render(text: params[:permalink], status: :conflict) && return
+      render(plain: params[:permalink], status: :conflict) && return
    end

    begin
      Rails.application.routes.recognize_path( "/#{params[:permalink]}" )
-      render text: params[:permalink], status: :conflict
+      render plain: params[:permalink], status: :conflict
    rescue ActionController::RoutingError
-      render text: params[:permalink], status: :ok
+      render plain: params[:permalink], status: :ok
    end
  end

--- a/app/controllers/line_items_controller.rb
+++ b/app/controllers/line_items_controller.rb
@@ -29,11 +29,11 @@ class LineItemsController < BaseController

  def unauthorized
    status = spree_current_user ? 403 : 401
-    render(nothing: true, status: status) && return
+    render(body: nil, status: status) && return
  end

  def not_found
-    render(nothing: true, status: :not_found) && return
+    render(body: nil, status: :not_found) && return
  end

  def destroy_with_lock(item)
@@ -42,7 +42,8 @@ class LineItemsController < BaseController
      item.destroy
      order.update_shipping_fees!
      order.update_payment_fees!
-      order.update_distribution_charge!
+      order.update_order_fees!
+      order.update!
      order.create_tax_charge!
    end
  end
--- a/app/controllers/metal_decorator.rb
+++ b/app/controllers/metal_decorator.rb
@@ -1,6 +1,6 @@
 # For the API
 ActionController::Metal.class_eval do
  def spree_current_user
-    @spree_current_user ||= env['warden'].user
+    @spree_current_user ||= request.env['warden'].user
  end
 end
--- a/app/controllers/payments_controller.rb~aa3478fba...
+++ b/app/controllers/payments_controller.rb~aa3478fba...
@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-class PaymentsController < BaseController
-  ssl_required :redirect_to_authorize
-
-  respond_to :html
-
-  prepend_before_action :require_logged_in, only: :redirect_to_authorize
-
-  def redirect_to_authorize
-    @payment = Spree::Payment.find(params[:id])
-    authorize! :show, @payment.order
-
-    if url = @payment.cvv_response_message
-      redirect_to url
-    else
-      redirect_to order_url(@payment.order)
-    end
-  end
-
-  private
-
-  def require_logged_in
-    return if session[:access_token] || params[:token] || spree_current_user
-
-    flash[:error] = I18n.t("spree.orders.edit.login_to_view_order")
-    redirect_to main_app.root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
-  end
-end
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50"><circle cx="24.87" cy="24.87" r="24" fill="#f4f9fd" stroke="#cfe1f3" stroke-miterlimit="10"/><path d="M36.31 18.13c0 7.51-8.11 7.63-8.11 10.4v.71c0 .74-.6 1.34-1.34 1.34h-5.11c-.74 0-1.34-.6-1.34-1.34v-.97c0-4 3.04-5.61 5.33-6.89 1.97-1.1 3.17-1.85 3.17-3.31 0-1.93-2.46-3.21-4.46-3.21-2.6 0-3.8 1.23-5.48 3.36-.45.57-1.28.68-1.87.24l-3.12-2.36a1.35 1.35 0 01-.3-1.83c2.65-3.89 6.02-6.07 11.27-6.07 5.49-.02 11.36 4.27 11.36 9.93zM29 36.86c0 2.59-2.11 4.71-4.71 4.71s-4.71-2.11-4.71-4.71c0-2.59 2.11-4.71 4.71-4.71S29 34.27 29 36.86z" fill="#81b2e1"/></svg>
				`@@ -0,0 +1 @@`
				`%button.question-mark-icon{"ng-class" => "{open: tt_isOpen}", type: 'button'}`