Update all locales with the latest Transifex translations

chore(deps): bump dotenv from 3.0.3 to 3.1.0

.env.test

@@ -1,9 +1,14 @@
 # ENV vars for the test environment
 # Override locally with `.env.test.local`
 
+OFN_REDIS_JOBS_URL="redis://localhost:6379/2"
+
 SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-STRIPE_SECRET_TEST_API_KEY="bogus_key"
+STRIPE_INSTANCE_SECRET_KEY="bogus_key"
 STRIPE_CUSTOMER="bogus_customer"
+STRIPE_ACCOUNT="bogus_account"
+STRIPE_CLIENT_ID="bogus_client_id"
+STRIPE_PUBLIC_TEST_API_KEY="bogus_stripe_publishable_key"
 
 SITE_URL="test.host"
 

.github/ISSUE_TEMPLATE/release.md

@@ -10,23 +10,15 @@ assignees: ''
 ## 1. Preparation on Thursday
 
 - [ ] Merge pull requests in the [Ready To Go] column
-- [ ] Include translations
-  <details><summary>Command line instructions:</summary>
-    <pre>
-    <code>
-    git checkout master
-    git pull upstream master
-    tx pull --force
-    git commit -a -m "Update all locales with the latest Transifex translations"
-    git push upstream master
-    </code>
-    </pre>
-  </details>
-- [ ] Create a tag: `git push upstream HEAD:refs/tags/vX.Y.Z`
+- [ ] Include translations: `script/release/update_locales`
+- [ ] Increment version number: `git push upstream HEAD:refs/tags/vX.Y.Z`
+    - Major: if server changes are required (eg. provision with ofn-install)
+    - Minor: larger change that is irreversible (eg. migration deleting data)
+    - Patch: all others. Shortcut: `script/release/tag`
 - [ ] [Draft new release]. Look at previous [releases] for inspiration.
     - Select new release tag
     - _Generate release notes_ and check to ensure all items are arranged in the right category.
-- [ ] Notify [#instance-managers] of both user-facing :eyes: and :warning: API changes.
+- [ ] Notify [#instance-managers] of user-facing :eyes:, API :warning: and experimental :construction: changes.
 
 ## 2. Testing
 
@@ -42,16 +34,16 @@ assignees: ''
   <pre>
   cd ofn-install
   git pull
-  ansible-playbook --limit all-prod --extra-vars "git_version=vX.Y.Z" playbooks/deploy.yml
+  ansible-playbook --limit all_prod --extra-vars "git_version=vX.Y.Z" playbooks/deploy.yml
   </pre>
   </details>
 - [ ] Notify [#instance-managers]:
   > @instance_managers The new release has been deployed.
-- [ ] Nudge next release manager
+- [ ] [Create issue] for next release and confirm with next release manager in [#core-devs].
 
 The full process is described at https://github.com/openfoodfoundation/openfoodnetwork/wiki/Releasing.
 
-[Ready To Go]: #zenhub
+[Ready To Go]: https://github.com/orgs/openfoodfoundation/projects/8?filterQuery=status%3A%22Ready+to+go+%F0%9F%9A%80%22
 [Transifex pull request]: https://github.com/openfoodfoundation/openfoodnetwork/pulls?utf8=%E2%9C%93&q=is%3Apr+is%3Aopen+head%3Atransifex
 [Draft new release]: https://github.com/openfoodfoundation/openfoodnetwork/releases/new?tag=v&title=v+Code+Name&body=Congrats%0A%0ADescription%0A%0A
 [releases]: https://github.com/openfoodfoundation/openfoodnetwork/releases
@@ -59,3 +51,5 @@ The full process is described at https://github.com/openfoodfoundation/openfoodn
 [#testing]: https://openfoodnetwork.slack.com/app_redirect?channel=C02TZ6X00
 [Deploy to Staging]: https://github.com/openfoodfoundation/openfoodnetwork/actions/workflows/stage.yml
 [#global-community]: https://app.slack.com/client/T02G54U79/C59ADD8F2
+[Create issue]: https://github.com/openfoodfoundation/openfoodnetwork/issues/new?assignees=&labels=&projects=&template=release.md&title=Release
+[#core-devs]: https://openfoodnetwork.slack.com/archives/GK2T38QPJ

.github/PULL_REQUEST_TEMPLATE.md

@@ -22,7 +22,7 @@
 
 Changelog Category (reviewers may add a label for the release notes):
 
-- [x] User facing changes
+- [ ] User facing changes
 - [ ] API changes (V0, V1, DFC or Webhook)
 - [ ] Technical changes only
 - [ ] Feature toggled

.github/release.yml

@@ -1,6 +1,9 @@
 changelog:
+  # Categorise according to what an instance manager needs to know
   categories:
-    - title: "User-facing changes 👀"
+    # Add the right label if anything appears in here.
+    # Then re-generate the release notes.
+    - title: "❓❓❓ Uncategorised ❓❓❓"
       labels:
         - '*'
       exclude:
@@ -9,15 +12,26 @@ changelog:
           - dependencies
           - feature toggled
           - technical changes only
+          - user facing changes
+
+    # Posted in advance for #instance-managers
+    - title: "User-facing changes 👀"
+      labels:
+        - user facing changes
+
     - title: "API changes ⚠️"
       labels:
         - api changes
-    - title: "Features under construction 🚧"
+
+    - title: "Experimental features for testing 🚧" # may be tested by instance managers
       labels:
         - feature toggled
+
+    # Instance managers ignore below
     - title: "Technical changes 🛠️"
       labels:
         - technical changes only
+
     - title: "Dependencies 📦"
       labels:
         - dependencies

.github/workflows/linters.yml

@@ -18,7 +18,7 @@ jobs:
         uses: reviewdog/action-rubocop@v2
         with:
           rubocop_version: gemfile
-          rubocop_extensions: rubocop-rails:gemfile
+          rubocop_extensions: rubocop-rails:gemfile rubocop-rspec:gemfile
           reporter: github-pr-check
           level: error
           fail_on_error: true

.husky/pre-commit

@@ -1,4 +0,0 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
- yarn pretty-quick --check --staged

.rubocop.yml

@@ -4,7 +4,9 @@
 #
 # The configuration is split into three files. Look into those files for more details.
 #
-require: rubocop-rails
+require:
+  - rubocop-rails
+  - rubocop-rspec
 inherit_from:
 
   # The automatically generated todo list to ignore all current violations.
@@ -13,9 +15,10 @@ inherit_from:
   # The relaxed style rules as a common starting point which we can refine.
   - .rubocop_relaxed_styleguide.yml
 
-  # Our Open Food Network style guide. If you want to see all violations,
+  # Our Open Food Network style guides. If you want to see all violations,
   # then use only that configuration:
   #
   #     bundle exec rubocop -c .rubocop_styleguide.yml
   #
   - .rubocop_styleguide.yml
+  - .rubocop_rspec_styleguide.yml

.rubocop_rspec_styleguide.yml

@@ -0,0 +1,21 @@
+# OFN styleguide for rubocop-rspec
+# Because there are so many, we will disable by default, and enable rules as needed.
+
+Capybara:
+  Enabled: false
+
+RSpec:
+  Enabled: false
+
+FactoryBot:
+  Enabled: false
+
+RSpec/ExpectChange:
+  Enabled: true
+  EnforcedStyle: block
+
+RSpec/MultipleExpectations:
+  Max: 5 # Default 1
+
+RSpec/MultipleMemoizedHelpers:
+  Max: 10 # Default 5

.rubocop_styleguide.yml

@@ -5,22 +5,55 @@ AllCops:
   NewCops: enable
   SuggestExtensions: false
   Exclude:
-    - 'bin/**/*'
-    - 'db/**/*'
-    - 'config/**/*'
-    - 'script/**/*'
-    - 'vendor/**/*'
-    - 'node_modules/**/*'
+    - bin/**/*
+    - db/**/*
+    - config/**/*
+    - script/**/*
+    - vendor/**/*
+    - node_modules/**/*
     # Excluding: inadequate Naming/FileName rule rejects GemFile name with camelcase
-    - 'engines/web/Gemfile'
+    - engines/web/Gemfile
 
-## OFN SETTINGS
-#
-# Cop settings that have been agreed upon by the OFN community
+Bundler/DuplicatedGem:
+  Enabled: false
+
+Layout/LineLength:
+  Enabled: true
+  Max: 100
+
+Layout/MultilineMethodCallIndentation:
+  Enabled: true
+  EnforcedStyle: indented
+
+# Don't think this is a big issue, mostly picking up RPSEC scope definitions
+# with lamdas and RSpec '.to change{}' blocks
+Lint/AmbiguousBlockAssociation:
+  Enabled: false
+
+Lint/MissingSuper:
+  Exclude:
+    - app/components/**/*
+
+Lint/RaiseException:
+  Enabled: true
+
+Lint/StructNewOverride:
+  Enabled: true
+
+# Heaps of offences (> 100) in specs, mostly in situations where two or more
+# instances of a model are required, but only one is referenced. Difficult to
+# fix without making the spec look messy or rewriting it.
+# Should definitely fix at some point.
+Lint/UselessAssignment:
+  Exclude:
+    - spec/**/*
 
 Metrics:
   Enabled: true
 
+Metrics/AbcSize:
+  Max: 30 # default 17
+
 Metrics/BlockLength:
   AllowedMethods: [
     "class_eval",
@@ -46,13 +79,31 @@ Metrics/BlockLength:
     "xdescribe",
   ]
 
+Metrics/MethodLength:
+  Enabled: true
+  Max: 25 # default 10
+
 Metrics/ParameterLists:
   CountKeywordArgs: false
 
+Metrics/PerceivedComplexity:
+  Enabled: true
+  Max: 14 # default 8
+
+Naming/PredicateName:
+  Enabled: false
+
+Naming/VariableNumber:
+  AllowedIdentifiers:
+    - street_address_1
+    - street_address_2
+  AllowedPatterns:
+    - _v[\d]+
+
 Rails/ApplicationRecord:
   Exclude:
     # Migrations should not contain application code:
-    - "db/migrate/*.rb"
+    - db/migrate/*.rb
 
 # Allow many-to-many associations without explicit model.
 # - It avoids the additional code of a model class.
@@ -61,19 +112,23 @@ Rails/ApplicationRecord:
 Rails/HasAndBelongsToMany:
   Enabled: false
 
+Rails/OutputSafety:
+  Exclude:
+    - spec/**/*
+
 Rails/SkipsModelValidations:
   AllowedMethods:
-    - "touch"
-    - "touch_all"
-    - "update_all"
-    - "update_attribute"
-    - "update_column"
-    - "update_columns"
+    - touch
+    - touch_all
+    - update_all
+    - update_attribute
+    - update_column
+    - update_columns
 
 Style/Documentation:
   Enabled: false
 
-Style/StringLiterals:
+Style/FormatStringToken:
   Enabled: false
 
 Style/HashSyntax:
@@ -83,62 +138,5 @@ Style/HashSyntax:
 Style/Send:
   Enabled: true
 
-Layout/MultilineMethodCallIndentation:
-  Enabled: true
-  EnforcedStyle: indented
-
-Layout/LineLength:
-  Enabled: true
-  Max: 100
-
-Lint/RaiseException:
-  Enabled: true
-
-Lint/StructNewOverride:
-  Enabled: true
-
-Naming/VariableNumber:
-  AllowedIdentifiers:
-    - street_address_1
-    - street_address_2
-  AllowedPatterns:
-    - _v[\d]+
-
-Bundler/DuplicatedGem:
-  Enabled: false
-
-## TEMPORARY/CONTESTED SETTINGS
-#
-# These are still to be decided upon, but recommended for inclusion by
-# oeoeaio after scrutinising offenses the codebase
-
-# Don't think this is a big issue, mostly picking up RPSEC scope definitions
-# with lamdas and RSpec '.to change{}' blocks
-Lint/AmbiguousBlockAssociation:
-  Enabled: false
-
-# Heaps of offences (> 100) in specs, mostly in situations where two or more
-# instances of a model are required, but only one is referenced. Difficult to
-# fix without making the spec look messy or rewriting it.
-# Should definitely fix at some point.
-Lint/UselessAssignment:
-  Exclude:
-  - spec/**/*
-
-Lint/MissingSuper:
-  Exclude:
-    - 'app/components/**/*'
-
-Metrics/AbcSize:
-  Max: 30 # default 17
-
-Metrics/MethodLength:
-  Enabled: true
-  Max: 25 # default 10
-
-Metrics/PerceivedComplexity:
-  Enabled: true
-  Max: 14 # default 8
-
-Naming/PredicateName:
+Style/StringLiterals:
   Enabled: false

.rubocop_todo.yml

@@ -1,25 +1,16 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --exclude-limit 1400 --no-auto-gen-timestamp`
-# using RuboCop version 1.56.3.
+# using RuboCop version 1.60.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 1
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
-# URISchemes: http, https
-Layout/LineLength:
-  Exclude:
-    - 'spec/system/admin/tag_rules_spec.rb'
-
-# Offense count: 17
+# Offense count: 16
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: enums
 Lint/ConstantDefinitionInBlock:
   Exclude:
-    - 'lib/active_merchant/billing/gateways/stripe_payment_intents_decorator.rb'
     - 'lib/tasks/import_product_images.rake'
     - 'lib/tasks/users.rake'
     - 'spec/controllers/spree/admin/base_controller_spec.rb'
@@ -115,6 +106,11 @@ Lint/RedundantSafeNavigation:
   Exclude:
     - 'app/models/spree/payment.rb'
 
+# Offense count: 1
+Lint/SelfAssignment:
+  Exclude:
+    - 'app/models/spree/order/checkout.rb'
+
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Lint/UselessMethodDefinition:
@@ -147,8 +143,8 @@ Metrics/AbcSize:
     - 'lib/tasks/enterprises.rake'
     - 'spec/services/order_checkout_restart_spec.rb'
 
-# Offense count: 46
-# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
+# Offense count: 9
+# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns, inherit_mode.
 # AllowedMethods: refine
 Metrics/BlockLength:
   Exclude:
@@ -158,27 +154,6 @@ Metrics/BlockLength:
     - 'app/models/spree/shipment.rb'
     - 'lib/spree/core/controller_helpers/common.rb'
     - 'lib/tasks/data.rake'
-    - 'spec/factories.rb'
-    - 'spec/factories/address_factory.rb'
-    - 'spec/factories/enterprise_factory.rb'
-    - 'spec/factories/line_item_factory.rb'
-    - 'spec/factories/order_cycle_factory.rb'
-    - 'spec/factories/order_factory.rb'
-    - 'spec/factories/product_factory.rb'
-    - 'spec/factories/shipment_factory.rb'
-    - 'spec/factories/shipping_method_factory.rb'
-    - 'spec/factories/subscription_factory.rb'
-    - 'spec/factories/user_factory.rb'
-    - 'spec/factories/variant_factory.rb'
-    - 'spec/requests/api/orders_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
-    - 'spec/requests/checkout/stripe_sca_spec.rb'
-    - 'spec/support/cancan_helper.rb'
-    - 'spec/support/matchers/select2_matchers.rb'
-    - 'spec/support/matchers/table_matchers.rb'
-    - 'spec/system/consumer/shopping/checkout_spec.rb'
-    - 'spec/system/consumer/shopping/checkout_stripe_spec.rb'
-    - 'spec/system/consumer/shopping/variant_overrides_spec.rb'
 
 # Offense count: 1
 # Configuration parameters: CountBlocks, Max.
@@ -186,7 +161,7 @@ Metrics/BlockNesting:
   Exclude:
     - 'app/models/spree/payment/processing.rb'
 
-# Offense count: 45
+# Offense count: 46
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ClassLength:
   Exclude:
@@ -204,6 +179,7 @@ Metrics/ClassLength:
     - 'app/controllers/spree/admin/users_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/models/enterprise.rb'
+    - 'app/models/invoice/data_presenter.rb'
     - 'app/models/order_cycle.rb'
     - 'app/models/product_import/entry_processor.rb'
     - 'app/models/product_import/entry_validator.rb'
@@ -428,33 +404,18 @@ Rails/FindEach:
     - 'spec/system/admin/bulk_order_management_spec.rb'
     - 'spec/system/admin/enterprise_relationships_spec.rb'
 
-# Offense count: 47
+# Offense count: 11
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
   Exclude:
-    - 'app/models/customer.rb'
     - 'app/models/enterprise.rb'
-    - 'app/models/order_cycle.rb'
     - 'app/models/spree/address.rb'
-    - 'app/models/spree/adjustment.rb'
-    - 'app/models/spree/country.rb'
-    - 'app/models/spree/credit_card.rb'
-    - 'app/models/spree/order.rb'
-    - 'app/models/spree/payment.rb'
-    - 'app/models/spree/payment_method.rb'
-    - 'app/models/spree/property.rb'
-    - 'app/models/spree/return_authorization.rb'
-    - 'app/models/spree/shipment.rb'
-    - 'app/models/spree/shipping_category.rb'
-    - 'app/models/spree/shipping_method.rb'
     - 'app/models/spree/stock_item.rb'
     - 'app/models/spree/tax_rate.rb'
-    - 'app/models/spree/taxonomy.rb'
-    - 'app/models/spree/user.rb'
     - 'app/models/spree/variant.rb'
 
-# Offense count: 25
+# Offense count: 26
 # Configuration parameters: Include.
 # Include: app/helpers/**/*.rb
 Rails/HelperInstanceVariable:
@@ -534,21 +495,7 @@ Rails/NegateInclude:
     - 'lib/spree/localized_number.rb'
     - 'spec/support/matchers/table_matchers.rb'
 
-# Offense count: 16
-Rails/OutputSafety:
-  Exclude:
-    - 'app/helpers/angular_form_helper.rb'
-    - 'app/helpers/application_helper.rb'
-    - 'app/helpers/reports_helper.rb'
-    - 'app/helpers/spree/admin/base_helper.rb'
-    - 'app/helpers/spree/admin/navigation_helper.rb'
-    - 'app/helpers/spree/admin/orders_helper.rb'
-    - 'app/helpers/spree/admin/zones_helper.rb'
-    - 'lib/reporting/queries/query_builder.rb'
-    - 'lib/reporting/queries/query_interface.rb'
-    - 'lib/spree/money.rb'
-
-# Offense count: 31
+# Offense count: 32
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/Pluck:
   Exclude:
@@ -567,6 +514,7 @@ Rails/Pluck:
     - 'spec/lib/reports/lettuce_share_report_spec.rb'
     - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
     - 'spec/serializers/api/admin/for_order_cycle/supplied_product_serializer_spec.rb'
+    - 'spec/support/api_helper.rb'
 
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -576,17 +524,18 @@ Rails/PluckInWhere:
   Exclude:
     - 'app/models/spree/variant.rb'
 
-# Offense count: 5
+# Offense count: 4
 # This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowedReceivers.
+# AllowedReceivers: ActionMailer::Preview, ActiveSupport::TimeZone
 Rails/RedundantActiveRecordAllMethod:
   Exclude:
     - 'app/models/spree/tax_rate.rb'
     - 'app/models/spree/user.rb'
     - 'app/models/spree/variant.rb'
     - 'spec/system/admin/product_import_spec.rb'
-    - 'spec/system/admin/tag_rules_spec.rb'
 
-# Offense count: 22
+# Offense count: 20
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/RedundantPresenceValidationOnBelongsTo:
   Exclude:
@@ -603,7 +552,6 @@ Rails/RedundantPresenceValidationOnBelongsTo:
     - 'app/models/spree/stock_item.rb'
     - 'app/models/spree/stock_movement.rb'
     - 'app/models/spree/tax_rate.rb'
-    - 'app/models/spree/variant.rb'
     - 'app/models/subscription_line_item.rb'
     - 'app/models/tag_rule.rb'
     - 'app/models/variant_override.rb'
@@ -634,13 +582,11 @@ Rails/ResponseParsedBody:
     - 'spec/controllers/spree/credit_cards_controller_spec.rb'
     - 'spec/controllers/user_registrations_controller_spec.rb'
 
-# Offense count: 3
+# Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/RootPathnameMethods:
   Exclude:
     - 'spec/lib/reports/orders_and_fulfillment/order_cycle_customer_totals_report_spec.rb'
-    - 'spec/models/terms_of_service_file_spec.rb'
-    - 'spec/system/admin/configuration/terms_of_service_files_spec.rb'
 
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -700,7 +646,6 @@ Rails/UnknownEnv:
     - 'app/models/spree/app_configuration.rb'
 
 # Offense count: 7
-# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: Severity.
 Rails/UnusedRenderContent:
   Exclude:
@@ -711,7 +656,7 @@ Rails/UnusedRenderContent:
     - 'app/controllers/api/v0/taxons_controller.rb'
     - 'app/controllers/api/v0/variants_controller.rb'
 
-# Offense count: 56
+# Offense count: 55
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/WhereEquals:
   Exclude:
@@ -738,7 +683,6 @@ Rails/WhereEquals:
     - 'app/serializers/api/order_serializer.rb'
     - 'lib/open_food_network/enterprise_fee_calculator.rb'
     - 'lib/open_food_network/order_cycle_permissions.rb'
-    - 'lib/reporting/reports/customers/base.rb'
     - 'lib/reporting/reports/products_and_inventory/base.rb'
     - 'lib/tasks/data.rake'
     - 'lib/tasks/data/anonymize_data.rake'
@@ -815,19 +759,6 @@ Style/ClassAndModuleChildren:
     - 'spec/controllers/spree/admin/base_controller_spec.rb'
     - 'spec/models/spree/payment_method_spec.rb'
 
-# Offense count: 1
-Style/ClassVars:
-  Exclude:
-    - 'lib/spree/core/delegate_belongs_to.rb'
-
-# Offense count: 2
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
-# SupportedStyles: annotated, template, unannotated
-# AllowedMethods: redirect
-Style/FormatStringToken:
-  EnforcedStyle: unannotated
-
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
@@ -862,139 +793,28 @@ Style/HashConversion:
     - 'spec/controllers/admin/inventory_items_controller_spec.rb'
     - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
 
+# Offense count: 13
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowedReceivers.
+# AllowedReceivers: Thread.current
+Style/HashEachMethods:
+  Exclude:
+    - 'app/controllers/admin/enterprises_controller.rb'
+    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
+    - 'app/forms/enterprise_fees_bulk_update.rb'
+    - 'app/models/product_import/entry_processor.rb'
+    - 'app/models/spree/preferences/configuration.rb'
+    - 'app/services/sets/model_set.rb'
+    - 'lib/reporting/reports/sales_tax/sales_tax_totals_by_producer.rb'
+    - 'spec/models/product_importer_spec.rb'
+    - 'spec/support/cancan_helper.rb'
+
 # Offense count: 1
 # Configuration parameters: MinBranchesCount.
 Style/HashLikeCase:
   Exclude:
     - 'app/models/enterprise.rb'
 
-# Offense count: 1043
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle, EnforcedShorthandSyntax, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
-# SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys
-# SupportedShorthandSyntax: always, never, either, consistent
-Style/HashSyntax:
-  Exclude:
-    - 'spec/models/spree/product_spec.rb'
-    - 'spec/models/spree/return_authorization_spec.rb'
-    - 'spec/models/spree/shipment_spec.rb'
-    - 'spec/models/spree/shipping_method_spec.rb'
-    - 'spec/models/spree/shipping_rate_spec.rb'
-    - 'spec/models/spree/stock/availability_validator_spec.rb'
-    - 'spec/models/spree/stock_movement_spec.rb'
-    - 'spec/models/spree/tax_rate_spec.rb'
-    - 'spec/models/spree/user_spec.rb'
-    - 'spec/models/spree/variant_spec.rb'
-    - 'spec/models/spree/zone_spec.rb'
-    - 'spec/models/stripe_account_spec.rb'
-    - 'spec/models/variant_override_spec.rb'
-    - 'spec/models/voucher_spec.rb'
-    - 'spec/queries/complete_orders_with_balance_spec.rb'
-    - 'spec/queries/customers_with_balance_spec.rb'
-    - 'spec/queries/outstanding_balance_spec.rb'
-    - 'spec/queries/payments_requiring_action_spec.rb'
-    - 'spec/requests/api/v1/customers_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
-    - 'spec/requests/checkout/paypal_spec.rb'
-    - 'spec/requests/checkout/routes_spec.rb'
-    - 'spec/requests/checkout/stripe_sca_spec.rb'
-    - 'spec/requests/voucher_adjustments_spec.rb'
-    - 'spec/serializers/api/admin/customer_serializer_spec.rb'
-    - 'spec/serializers/api/admin/for_order_cycle/supplied_product_serializer_spec.rb'
-    - 'spec/serializers/api/admin/index_enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/admin/order_serializer_spec.rb'
-    - 'spec/serializers/api/admin/variant_override_serializer_spec.rb'
-    - 'spec/serializers/api/enterprise_serializer_spec.rb'
-    - 'spec/serializers/api/order_serializer_spec.rb'
-    - 'spec/serializers/api/product_serializer_spec.rb'
-    - 'spec/services/cap_quantity_spec.rb'
-    - 'spec/services/cart_service_spec.rb'
-    - 'spec/services/checkout/payment_method_fetcher_spec.rb'
-    - 'spec/services/default_stock_location_spec.rb'
-    - 'spec/services/invoice_data_generator_spec.rb'
-    - 'spec/services/order_available_payment_methods_spec.rb'
-    - 'spec/services/order_available_shipping_methods_spec.rb'
-    - 'spec/services/order_cart_reset_spec.rb'
-    - 'spec/services/order_checkout_restart_spec.rb'
-    - 'spec/services/order_cycle_distributed_products_spec.rb'
-    - 'spec/services/order_cycle_form_spec.rb'
-    - 'spec/services/order_cycle_webhook_service_spec.rb'
-    - 'spec/services/order_data_masker_spec.rb'
-    - 'spec/services/order_factory_spec.rb'
-    - 'spec/services/order_fees_handler_spec.rb'
-    - 'spec/services/order_invoice_comparator_spec.rb'
-    - 'spec/services/order_payment_finder_spec.rb'
-    - 'spec/services/order_syncer_spec.rb'
-    - 'spec/services/order_tax_adjustments_fetcher_spec.rb'
-    - 'spec/services/order_workflow_spec.rb'
-    - 'spec/services/paypal_items_builder_spec.rb'
-    - 'spec/services/permissions/order_spec.rb'
-    - 'spec/services/place_proxy_order_spec.rb'
-    - 'spec/services/process_payment_intent_spec.rb'
-    - 'spec/services/product_tag_rules_filterer_spec.rb'
-    - 'spec/services/products_renderer_spec.rb'
-    - 'spec/services/search_orders_spec.rb'
-    - 'spec/services/sets/product_set_spec.rb'
-    - 'spec/services/tax_rate_finder_spec.rb'
-    - 'spec/services/user_default_address_setter_spec.rb'
-    - 'spec/services/variants_stock_levels_spec.rb'
-    - 'spec/services/voucher_adjustments_service_spec.rb'
-    - 'spec/support/controller_helper.rb'
-    - 'spec/support/controller_requests_helper.rb'
-    - 'spec/support/request/stripe_stubs.rb'
-    - 'spec/support/request/ui_component_helper.rb'
-    - 'spec/support/request/web_helper.rb'
-    - 'spec/system/admin/adjustments_spec.rb'
-    - 'spec/system/admin/bulk_product_update_spec.rb'
-    - 'spec/system/admin/configuration/states_spec.rb'
-    - 'spec/system/admin/configuration/tax_rates_spec.rb'
-    - 'spec/system/admin/customers_spec.rb'
-    - 'spec/system/admin/enterprises_spec.rb'
-    - 'spec/system/admin/invoice_print_spec.rb'
-    - 'spec/system/admin/order_cycles/complex_creating_specific_time_spec.rb'
-    - 'spec/system/admin/order_cycles/complex_updating_specific_time_spec.rb'
-    - 'spec/system/admin/order_cycles/simple_spec.rb'
-    - 'spec/system/admin/order_spec.rb'
-    - 'spec/system/admin/orders_spec.rb'
-    - 'spec/system/admin/payments_stripe_spec.rb'
-    - 'spec/system/admin/reports/enterprise_fee_summaries_spec.rb'
-    - 'spec/system/admin/reports/enterprise_summary_fees/enterprise_summary_fee_with_tax_report_by_order_spec.rb'
-    - 'spec/system/admin/reports/orders_and_fulfillment_spec.rb'
-    - 'spec/system/admin/reports/packing_report_spec.rb'
-    - 'spec/system/admin/reports/payments_report_spec.rb'
-    - 'spec/system/admin/reports/revenues_by_hub_spec.rb'
-    - 'spec/system/admin/reports/sales_tax/sales_tax_totals_by_order_spec.rb'
-    - 'spec/system/admin/reports/sales_tax/sales_tax_totals_by_producer_spec.rb'
-    - 'spec/system/admin/reports_spec.rb'
-    - 'spec/system/admin/subscriptions_spec.rb'
-    - 'spec/system/admin/tag_rules_spec.rb'
-    - 'spec/system/admin/variant_overrides_spec.rb'
-    - 'spec/system/admin/vouchers_spec.rb'
-    - 'spec/system/consumer/account/cards_spec.rb'
-    - 'spec/system/consumer/account/developer_settings_spec.rb'
-    - 'spec/system/consumer/account/payments_spec.rb'
-    - 'spec/system/consumer/account_spec.rb'
-    - 'spec/system/consumer/authentication_spec.rb'
-    - 'spec/system/consumer/multilingual_spec.rb'
-    - 'spec/system/consumer/shopping/cart_spec.rb'
-    - 'spec/system/consumer/shopping/checkout_auth_spec.rb'
-    - 'spec/system/consumer/shopping/checkout_paypal_spec.rb'
-    - 'spec/system/consumer/shopping/checkout_spec.rb'
-    - 'spec/system/consumer/shopping/checkout_stripe_spec.rb'
-    - 'spec/system/consumer/shopping/orders_spec.rb'
-    - 'spec/system/consumer/shopping/products_spec.rb'
-    - 'spec/system/consumer/shopping/shopping_spec.rb'
-    - 'spec/system/consumer/shopping/unit_price_spec.rb'
-    - 'spec/system/consumer/shopping/variant_overrides_spec.rb'
-    - 'spec/system/consumer/split_checkout_spec.rb'
-    - 'spec/system/consumer/split_checkout_tax_incl_spec.rb'
-    - 'spec/system/consumer/split_checkout_tax_not_incl_spec.rb'
-    - 'spec/system/consumer/user_password_spec.rb'
-    - 'spec/system/consumer/white_label_spec.rb'
-    - 'spec/system/support/cuprite_setup.rb'
-    - 'spec/views/spree/orders/edit.html.haml_spec.rb'
-    - 'spec/views/spree/shared/_order_details.html.haml_spec.rb'
-
 # Offense count: 4
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/MapToHash:
@@ -1011,19 +831,6 @@ Style/MissingRespondToMissing:
     - 'app/models/spree/gateway.rb'
     - 'app/models/spree/preferences/configuration.rb'
 
-# Offense count: 1
-# This cop supports safe autocorrection (--autocorrect).
-Style/MultilineTernaryOperator:
-  Exclude:
-    - 'spec/system/admin/subscriptions_spec.rb'
-
-# Offense count: 2
-# This cop supports safe autocorrection (--autocorrect).
-Style/NegatedIfElseCondition:
-  Exclude:
-    - 'app/mailers/spree/shipment_mailer.rb'
-    - 'spec/support/matchers/table_matchers.rb'
-
 # Offense count: 22
 # This cop supports safe autocorrection (--autocorrect).
 Style/NestedModifier:
@@ -1052,7 +859,7 @@ Style/OpenStructUse:
     - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
     - 'spec/serializers/api/enterprise_serializer_spec.rb'
 
-# Offense count: 16
+# Offense count: 15
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: respond_to_missing?
 Style/OptionalBooleanParameter:
@@ -1066,16 +873,8 @@ Style/OptionalBooleanParameter:
     - 'app/models/spree/shipment.rb'
     - 'engines/order_management/app/services/order_management/stock/estimator.rb'
     - 'lib/spree/core/controller_helpers/order.rb'
-    - 'lib/spree/core/delegate_belongs_to.rb'
     - 'spec/support/request/web_helper.rb'
 
-# Offense count: 1
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowSafeAssignment, AllowInMultilineConditions.
-Style/ParenthesesAroundCondition:
-  Exclude:
-    - 'spec/system/support/precompile_assets.rb'
-
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
@@ -1084,19 +883,6 @@ Style/PreferredHashMethods:
   Exclude:
     - 'app/controllers/api/v0/shipments_controller.rb'
 
-# Offense count: 16
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: same_as_string_literals, single_quotes, double_quotes
-Style/QuotedSymbols:
-  Exclude:
-    - 'app/services/exchange_products_renderer.rb'
-    - 'lib/stripe/credit_card_cloner.rb'
-    - 'spec/controllers/api/v0/exchange_products_controller_spec.rb'
-    - 'spec/requests/api/orders_spec.rb'
-    - 'spec/requests/api/v1/customers_spec.rb'
-    - 'spec/support/request/stripe_stubs.rb'
-
 # Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Methods.
@@ -1105,25 +891,11 @@ Style/RedundantArgument:
     - 'engines/dfc_provider/app/services/authorization_control.rb'
     - 'spec/support/query_counter.rb'
 
-# Offense count: 13
-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantConstantBase:
-  Exclude:
-    - 'app/controllers/split_checkout_controller.rb'
-    - 'app/controllers/webhook_endpoints_controller.rb'
-    - 'config.ru'
-    - 'spec/helpers/checkout_helper_spec.rb'
-    - 'spec/models/spree/order_spec.rb'
-    - 'spec/models/spree/payment_method_spec.rb'
-    - 'spec/models/spree/payment_spec.rb'
-    - 'spec/queries/complete_visible_orders_spec.rb'
-    - 'spec/services/paypal_items_builder_spec.rb'
-
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
-Style/RedundantDoubleSplatHashBraces:
+Style/RedundantAssignment:
   Exclude:
-    - 'spec/system/support/cuprite_setup.rb'
+    - 'spec/models/database_spec.rb'
 
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -1139,32 +911,6 @@ Style/RedundantInterpolation:
     - 'lib/tasks/karma.rake'
     - 'spec/base_spec_helper.rb'
 
-# Offense count: 2
-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantRegexpArgument:
-  Exclude:
-    - 'app/models/spree/shipping_method.rb'
-    - 'lib/spree/i18n.rb'
-
-# Offense count: 5
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowMultipleReturnValues.
-Style/RedundantReturn:
-  Exclude:
-    - 'app/models/product_import/entry_validator.rb'
-    - 'app/models/spree/stock/availability_validator.rb'
-    - 'lib/reporting/reports/enterprise_fee_summary/summarizer.rb'
-    - 'lib/stripe/authorize_response_patcher.rb'
-    - 'lib/tasks/data.rake'
-
-# Offense count: 4
-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantStringEscape:
-  Exclude:
-    - 'app/models/spree/calculator.rb'
-    - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
-    - 'spec/system/admin/enterprise_fees_spec.rb'
-
 # Offense count: 19
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
@@ -1216,7 +962,7 @@ Style/SlicingWithRange:
     - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
     - 'lib/discourse/single_sign_on.rb'
 
-# Offense count: 28
+# Offense count: 25
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Mode.
 Style/StringConcatenation:
@@ -1238,6 +984,5 @@ Style/StringConcatenation:
     - 'spec/models/spree/line_item_spec.rb'
     - 'spec/models/spree/product_spec.rb'
     - 'spec/services/embedded_page_service_spec.rb'
-    - 'spec/support/api_helper.rb'
     - 'spec/support/features/datepicker_helper.rb'
     - 'spec/system/admin/products_spec.rb'

Gemfile

@@ -5,7 +5,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
 ruby File.read('.ruby-version').chomp
 
-gem 'dotenv-rails', require: 'dotenv/rails-now' # Load ENV vars before other gems
+gem 'dotenv', require: 'dotenv/load' # Load ENV vars before other gems
 
 gem 'rails'
 
@@ -17,7 +17,7 @@ gem "image_processing"
 gem 'activemerchant', '>= 1.78.0'
 gem 'angular-rails-templates', '>= 0.3.0'
 gem 'awesome_nested_set'
-gem 'ransack', '~> 2.6.0'
+gem 'ransack', '~> 4.1.0'
 gem 'responders'
 gem 'rexml'
 gem 'webpacker', '~> 5'
@@ -32,6 +32,7 @@ gem "db2fog", github: "openfoodfoundation/db2fog", branch: "rails-7"
 gem "fog-aws", "~> 2.0" # db2fog does not support v3
 gem "mime-types" # required by fog
 
+gem "validates_lengths_from_database"
 gem "valid_email2"
 
 gem "catalog", path: "./engines/catalog"
@@ -73,7 +74,7 @@ gem 'rswag-ui'
 
 gem 'omniauth_openid_connect'
 gem 'omniauth-rails_csrf_protection'
-gem 'openid_connect', '~> 1.3'
+gem 'openid_connect'
 
 gem 'angularjs-rails', '1.8.0'
 gem 'bugsnag'
@@ -92,14 +93,13 @@ gem 'bootsnap', require: false
 gem 'geocoder'
 gem 'gmaps4rails'
 gem 'mimemagic', '> 0.3.5'
-gem 'paper_trail', '~> 12.1'
+gem 'paper_trail'
 gem 'rack-rewrite'
 gem 'rack-timeout'
 gem 'roadie-rails'
 
-gem 'hiredis'
 gem 'puma'
-gem 'redis', '>= 4.0', require: ['redis', 'redis/connection/hiredis']
+gem 'redis'
 gem 'sidekiq'
 gem 'sidekiq-scheduler'
 
@@ -133,6 +133,8 @@ gem 'flipper-ui'
 gem "view_component"
 gem 'view_component_reflex', '3.1.14.pre9'
 
+# mini_portile2 is needed when installing with Vargant
+# https://openfoodnetwork.slack.com/archives/CEBMTRCNS/p1668439152992899
 gem 'mini_portile2', '~> 2.8'
 
 gem "faraday"
@@ -140,6 +142,8 @@ gem "private_address_check"
 
 gem 'newrelic_rpm'
 
+gem 'invisible_captcha'
+
 group :production, :staging do
   gem 'sd_notify' # For better Systemd process management. Used by Puma.
 end
@@ -157,7 +161,7 @@ group :test, :development do
   gem 'letter_opener', '>= 1.4.1'
   gem 'rspec-rails', ">= 3.5.2"
   gem 'rspec-retry', require: false
-  gem 'rswag-specs'
+  gem 'rswag'
   gem 'shoulda-matchers'
   gem 'stimulus_reflex_testing'
   gem 'timecop'
@@ -182,8 +186,10 @@ group :development do
   gem 'rails-erd'
   gem 'rubocop'
   gem 'rubocop-rails'
+  gem 'rubocop-rspec'
   gem 'spring'
   gem 'spring-commands-rspec'
+  gem 'spring-commands-rubocop'
   gem 'web-console'
 
   gem 'rack-mini-profiler', '< 3.0.0'

Gemfile.lock

@@ -90,7 +90,7 @@ GEM
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
     active_model_serializers (0.8.4)
       activemodel (>= 3.0)
-    active_storage_validations (1.0.4)
+    active_storage_validations (1.1.4)
       activejob (>= 5.2.0)
       activemodel (>= 5.2.0)
       activestorage (>= 5.2.0)
@@ -98,17 +98,18 @@ GEM
     activejob (7.0.8)
       activesupport (= 7.0.8)
       globalid (>= 0.3.6)
-    activemerchant (1.123.0)
+    activemerchant (1.133.0)
       activesupport (>= 4.2)
       builder (>= 2.1.2, < 4.0.0)
       i18n (>= 0.6.9)
       nokogiri (~> 1.4)
+      rexml (~> 3.2.5)
     activemodel (7.0.8)
       activesupport (= 7.0.8)
     activerecord (7.0.8)
       activemodel (= 7.0.8)
       activesupport (= 7.0.8)
-    activerecord-import (1.5.0)
+    activerecord-import (1.5.1)
       activerecord (>= 4.2)
     activerecord-postgresql-adapter (0.0.1)
       pg
@@ -131,56 +132,57 @@ GEM
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    acts-as-taggable-on (9.0.1)
-      activerecord (>= 6.0, < 7.1)
+    acts-as-taggable-on (10.0.0)
+      activerecord (>= 6.1, < 7.2)
     acts_as_list (1.0.4)
       activerecord (>= 4.2)
-    addressable (2.8.4)
+    addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
     aes_key_wrap (1.1.0)
     afm (0.2.2)
-    angular-rails-templates (1.2.0)
-      railties (>= 5.0, < 7.1)
+    angular-rails-templates (1.2.1)
+      railties (>= 5.0, < 7.2)
       sprockets (>= 3.0, < 5)
       sprockets-rails
       tilt
-    angular_rails_csrf (5.0.0)
+    angular_rails_csrf (6.0.0)
       railties (>= 3, < 8)
     angularjs-file-upload-rails (2.4.1)
     angularjs-rails (1.8.0)
     arel-helpers (2.14.0)
       activerecord (>= 3.1.0, < 8)
     ast (2.4.2)
-    attr_required (1.0.1)
-    awesome_nested_set (3.5.0)
-      activerecord (>= 4.0.0, < 7.1)
-    aws-eventstream (1.2.0)
-    aws-partitions (1.826.0)
-    aws-sdk-core (3.183.0)
-      aws-eventstream (~> 1, >= 1.0.2)
+    attr_required (1.0.2)
+    awesome_nested_set (3.6.0)
+      activerecord (>= 4.0.0, < 7.2)
+    aws-eventstream (1.3.0)
+    aws-partitions (1.883.0)
+    aws-sdk-core (3.191.0)
+      aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.5)
+      aws-sigv4 (~> 1.8)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.71.0)
-      aws-sdk-core (~> 3, >= 3.177.0)
+    aws-sdk-kms (1.77.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.135.0)
-      aws-sdk-core (~> 3, >= 3.181.0)
+    aws-sdk-s3 (1.143.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
       aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.6)
-    aws-sigv4 (1.6.0)
+      aws-sigv4 (~> 1.8)
+    aws-sigv4 (1.8.0)
       aws-eventstream (~> 1, >= 1.0.2)
-    base64 (0.1.1)
-    bcrypt (3.1.18)
+    base64 (0.2.0)
+    bcp47_spec (0.2.1)
+    bcrypt (3.1.19)
     bigdecimal (3.0.2)
     bindata (2.4.15)
     bindex (0.8.1)
-    bootsnap (1.16.0)
+    bootsnap (1.18.3)
       msgpack (~> 1.2)
-    bugsnag (6.26.0)
+    bugsnag (6.26.3)
       concurrent-ruby (~> 1.0)
     builder (3.2.4)
-    bullet (7.0.7)
+    bullet (7.1.6)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
     cable_ready (5.0.1)
@@ -190,11 +192,11 @@ GEM
       railties (>= 5.2)
       thread-local (>= 1.1.0)
     cancancan (1.15.0)
-    capybara (3.39.2)
+    capybara (3.40.0)
       addressable
       matrix
       mini_mime (>= 0.1.3)
-      nokogiri (~> 1.8)
+      nokogiri (~> 1.11)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
@@ -215,33 +217,34 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    combine_pdf (1.0.23)
+    combine_pdf (1.0.26)
       matrix
       ruby-rc4 (>= 0.1.5)
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
-    crack (0.4.5)
+    crack (1.0.0)
+      bigdecimal
       rexml
     crass (1.0.6)
-    css_parser (1.11.0)
+    css_parser (1.16.0)
       addressable
-    cuprite (0.14.3)
+    cuprite (0.15)
       capybara (~> 3.0)
-      ferrum (~> 0.13.0)
+      ferrum (~> 0.14.0)
     database_cleaner (2.0.2)
       database_cleaner-active_record (>= 2, < 3)
     database_cleaner-active_record (2.1.0)
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
-    datafoodconsortium-connector (1.0.0.pre.alpha.8)
+    datafoodconsortium-connector (1.0.0.pre.alpha.10)
       virtual_assembly-semantizer (~> 1.0, >= 1.0.5)
-    date (3.3.3)
-    debug (1.8.0)
-      irb (>= 1.5.0)
-      reline (>= 0.3.1)
+    date (3.3.4)
+    debug (1.9.1)
+      irb (~> 1.10)
+      reline (>= 0.3.8)
     debugger-linecache (1.2.0)
-    devise (4.9.2)
+    devise (4.9.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -249,17 +252,16 @@ GEM
       warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
-    devise-i18n (1.11.0)
+    devise-i18n (1.12.0)
       devise (>= 4.9.0)
     devise-token_authenticatable (1.1.0)
       devise (>= 4.0.0, < 5.0.0)
     diff-lcs (1.5.0)
     digest (3.1.1)
     docile (1.4.0)
-    dotenv (2.8.1)
-    dotenv-rails (2.8.1)
-      dotenv (= 2.8.1)
-      railties (>= 3.2)
+    dotenv (3.1.0)
+    email_validator (2.2.4)
+      activemodel
     erubi (1.12.0)
     et-orbi (1.2.7)
       tzinfo
@@ -270,20 +272,19 @@ GEM
     factory_bot_rails (6.2.0)
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
-    faraday (2.7.11)
-      base64
-      faraday-net_http (>= 2.0, < 3.1)
-      ruby2_keywords (>= 0.0.4)
+    faraday (2.9.0)
+      faraday-net_http (>= 2.0, < 3.2)
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
-    faraday-net_http (3.0.2)
-    ferrum (0.13)
+    faraday-net_http (3.1.0)
+      net-http
+    ferrum (0.14)
       addressable (~> 2.5)
       concurrent-ruby (~> 1.1)
       webrick (~> 1.7)
       websocket-driver (>= 0.6, < 0.8)
     ffaker (2.23.0)
-    ffi (1.15.5)
+    ffi (1.16.3)
     flipper (0.26.2)
       concurrent-ruby (< 2)
     flipper-active_record (0.26.2)
@@ -328,13 +329,11 @@ GEM
     haml (5.2.2)
       temple (>= 0.8.0)
       tilt
-    hashdiff (1.0.1)
+    hashdiff (1.1.0)
     hashery (2.1.2)
     hashie (5.0.0)
     highline (2.0.3)
-    hiredis (0.6.3)
     htmlentities (4.3.4)
-    httpclient (2.8.3)
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
     i18n-js (3.9.2)
@@ -344,10 +343,13 @@ GEM
       ruby-vips (>= 2.0.17, < 3)
     immigrant (0.3.6)
       activerecord (>= 3.0)
-    io-console (0.6.0)
+    invisible_captcha (2.2.0)
+      rails (>= 5.2)
+    io-console (0.7.1)
     ipaddress (0.8.3)
-    irb (1.6.4)
-      reline (>= 0.3.0)
+    irb (1.11.0)
+      rdoc
+      reline (>= 0.3.8)
     jmespath (1.6.2)
     jquery-rails (4.4.0)
       rails-dom-testing (>= 1, < 3)
@@ -355,41 +357,43 @@ GEM
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (4.2.1)
       railties (>= 3.2.16)
-    json (2.6.3)
-    json-canonicalization (0.3.2)
-    json-jwt (1.16.3)
+    json (2.7.1)
+    json-canonicalization (1.0.0)
+    json-jwt (1.16.5)
       activesupport (>= 4.2)
       aes_key_wrap
+      base64
       bindata
       faraday (~> 2.0)
       faraday-follow_redirects
-    json-ld (3.2.5)
+    json-ld (3.3.1)
       htmlentities (~> 4.3)
-      json-canonicalization (~> 0.3, >= 0.3.2)
+      json-canonicalization (~> 1.0)
       link_header (~> 0.0, >= 0.0.8)
       multi_json (~> 1.15)
       rack (>= 2.2, < 4)
-      rdf (~> 3.2, >= 3.2.10)
-    json-schema (3.0.0)
+      rdf (~> 3.3)
+    json-schema (4.1.1)
       addressable (>= 2.8)
     json_spec (1.1.5)
       multi_json (~> 1.0)
       rspec (>= 2.0, < 4.0)
     jsonapi-serializer (2.2.0)
       activesupport (>= 4.2)
-    jwt (2.7.1)
-    knapsack_pro (5.7.0)
+    jwt (2.8.0)
+      base64
+    knapsack_pro (6.0.4)
       rake
     language_server-protocol (3.17.0.3)
-    launchy (2.5.0)
-      addressable (~> 2.7)
-    letter_opener (1.8.1)
+    launchy (2.5.2)
+      addressable (~> 2.8)
+    letter_opener (1.9.0)
       launchy (>= 2.2, < 3)
     link_header (0.0.8)
-    listen (3.8.0)
+    listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.21.3)
+    loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -400,35 +404,37 @@ GEM
     marcel (1.0.2)
     matrix (0.4.2)
     method_source (1.0.0)
-    mime-types (3.5.1)
+    mime-types (3.5.2)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2023.0808)
+    mime-types-data (3.2023.1205)
     mimemagic (0.4.3)
       nokogiri (~> 1)
       rake
     mini_magick (4.11.0)
     mini_mime (1.1.5)
-    mini_portile2 (2.8.4)
-    minitest (5.20.0)
-    monetize (1.12.0)
+    mini_portile2 (2.8.5)
+    minitest (5.22.2)
+    monetize (1.13.0)
       money (~> 6.12)
     money (6.16.0)
       i18n (>= 0.6.4, <= 2)
-    msgpack (1.7.1)
+    msgpack (1.7.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
-    net-imap (0.3.7)
+    net-http (0.4.1)
+      uri
+    net-imap (0.4.10)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
-    net-protocol (0.2.1)
+    net-protocol (0.2.2)
       timeout
-    net-smtp (0.3.3)
+    net-smtp (0.4.0.1)
       net-protocol
-    newrelic_rpm (9.5.0)
-    nio4r (2.5.9)
-    nokogiri (1.15.4)
+    newrelic_rpm (9.7.1)
+    nio4r (2.7.0)
+    nokogiri (1.16.2)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     oauth2 (1.4.11)
@@ -437,37 +443,39 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 4)
-    omniauth (2.1.1)
+    omniauth (2.1.2)
       hashie (>= 3.4.6)
       rack (>= 2.2.3)
       rack-protection
     omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
-    omniauth_openid_connect (0.6.1)
+    omniauth_openid_connect (0.7.1)
       omniauth (>= 1.9, < 3)
-      openid_connect (~> 1.1)
-    openid_connect (1.4.2)
+      openid_connect (~> 2.2)
+    openid_connect (2.3.0)
       activemodel
       attr_required (>= 1.0.0)
-      json-jwt (>= 1.15.0)
-      net-smtp
-      rack-oauth2 (~> 1.21)
-      swd (~> 1.3)
+      email_validator
+      faraday (~> 2.0)
+      faraday-follow_redirects
+      json-jwt (>= 1.16)
+      mail
+      rack-oauth2 (~> 2.2)
+      swd (~> 2.0)
       tzinfo
-      validate_email
       validate_url
-      webfinger (~> 1.2)
+      webfinger (~> 2.0)
     orm_adapter (0.5.0)
     pagy (5.10.1)
       activesupport
-    paper_trail (12.3.0)
-      activerecord (>= 5.2)
-      request_store (~> 1.1)
-    parallel (1.23.0)
-    paranoia (2.6.2)
-      activerecord (>= 5.1, < 7.1)
-    parser (3.2.2.3)
+    paper_trail (15.1.0)
+      activerecord (>= 6.1)
+      request_store (~> 1.4)
+    parallel (1.24.0)
+    paranoia (2.6.3)
+      activerecord (>= 5.1, < 7.2)
+    parser (3.3.0.5)
       ast (~> 2.4.1)
       racc
     paypal-sdk-core (0.3.4)
@@ -475,7 +483,7 @@ GEM
       xml-simple
     paypal-sdk-merchant (1.117.2)
       paypal-sdk-core (~> 0.3.0)
-    pdf-reader (2.11.0)
+    pdf-reader (2.12.0)
       Ascii85 (~> 1.0)
       afm (~> 0.2.1)
       hashery (~> 2.0)
@@ -486,25 +494,29 @@ GEM
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (5.0.3)
-    puma (6.4.0)
+    psych (5.1.2)
+      stringio
+    public_suffix (5.0.4)
+    puma (6.4.2)
       nio4r (~> 2.0)
     query_count (1.1.1)
       activerecord (>= 4.2)
       railties (>= 4.2)
     raabro (1.4.0)
-    racc (1.7.1)
+    racc (1.7.3)
     rack (2.2.8)
     rack-mini-profiler (2.3.4)
       rack (>= 1.2.0)
-    rack-oauth2 (1.21.3)
+    rack-oauth2 (2.2.1)
       activesupport
       attr_required
-      httpclient
+      faraday (~> 2.0)
+      faraday-follow_redirects
       json-jwt (>= 1.11.0)
       rack (>= 2.1.0)
-    rack-protection (3.0.5)
-      rack
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
+      rack (~> 2.2, >= 2.2.4)
     rack-proxy (0.7.6)
       rack
     rack-rewrite (1.5.1)
@@ -553,39 +565,43 @@ GEM
       thor (~> 1.0)
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
-    rake (13.0.6)
-    ransack (2.6.0)
-      activerecord (>= 6.0.4)
-      activesupport (>= 6.0.4)
+    rake (13.1.0)
+    ransack (4.1.1)
+      activerecord (>= 6.1.5)
+      activesupport (>= 6.1.5)
       i18n
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rdf (3.2.11)
+    rdf (3.3.1)
+      bcp47_spec (~> 0.2)
       link_header (~> 0.0, >= 0.0.8)
+    rdoc (6.6.2)
+      psych (>= 4.0.0)
     redcarpet (3.6.0)
-    redis (4.8.1)
-    redis-client (0.17.0)
+    redis (5.1.0)
+      redis-client (>= 0.17.0)
+    redis-client (0.20.0)
       connection_pool
-    regexp_parser (2.8.1)
-    reline (0.3.3)
+    regexp_parser (2.9.0)
+    reline (0.4.1)
       io-console (~> 0.5)
     request_store (1.5.1)
       rack (>= 1.4)
-    responders (3.1.0)
+    responders (3.1.1)
       actionpack (>= 5.2)
       railties (>= 5.2)
     rexml (3.2.6)
-    roadie (5.0.1)
+    roadie (5.2.0)
       css_parser (~> 1.4)
-      nokogiri (~> 1.8)
-    roadie-rails (3.0.0)
-      railties (>= 5.1, < 7.1)
+      nokogiri (~> 1.15)
+    roadie-rails (3.1.0)
+      railties (>= 5.1, < 8.0)
       roadie (~> 5.0)
     rodf (1.2.0)
       builder (>= 3.0)
       rubyzip (>= 1.0)
-    roo (2.10.0)
+    roo (2.10.1)
       nokogiri (~> 1)
       rubyzip (>= 1.3.0, < 3.0.0)
     rspec (3.12.0)
@@ -597,10 +613,10 @@ GEM
     rspec-expectations (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.5)
+    rspec-mocks (3.12.6)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-rails (6.0.3)
+    rspec-rails (6.1.1)
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       railties (>= 6.1)
@@ -611,41 +627,53 @@ GEM
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
     rspec-support (3.12.1)
-    rswag-api (2.10.1)
-      railties (>= 3.1, < 7.1)
-    rswag-specs (2.10.1)
-      activesupport (>= 3.1, < 7.1)
-      json-schema (>= 2.2, < 4.0)
-      railties (>= 3.1, < 7.1)
+    rswag (2.13.0)
+      rswag-api (= 2.13.0)
+      rswag-specs (= 2.13.0)
+      rswag-ui (= 2.13.0)
+    rswag-api (2.13.0)
+      activesupport (>= 3.1, < 7.2)
+      railties (>= 3.1, < 7.2)
+    rswag-specs (2.13.0)
+      activesupport (>= 3.1, < 7.2)
+      json-schema (>= 2.2, < 5.0)
+      railties (>= 3.1, < 7.2)
       rspec-core (>= 2.14)
-    rswag-ui (2.10.1)
-      actionpack (>= 3.1, < 7.1)
-      railties (>= 3.1, < 7.1)
-    rubocop (1.56.3)
-      base64 (~> 0.1.1)
+    rswag-ui (2.13.0)
+      actionpack (>= 3.1, < 7.2)
+      railties (>= 3.1, < 7.2)
+    rubocop (1.60.2)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.2.3)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.1, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.29.0)
+    rubocop-ast (1.30.0)
       parser (>= 3.2.1.0)
-    rubocop-rails (2.21.1)
+    rubocop-capybara (2.20.0)
+      rubocop (~> 1.41)
+    rubocop-factory_bot (2.25.1)
+      rubocop (~> 1.41)
+    rubocop-rails (2.23.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
+    rubocop-rspec (2.26.1)
+      rubocop (~> 1.40)
+      rubocop-capybara (~> 2.17)
+      rubocop-factory_bot (~> 2.22)
     ruby-graphviz (1.2.5)
       rexml
     ruby-progressbar (1.13.0)
     ruby-rc4 (0.1.5)
     ruby-vips (2.1.4)
       ffi (~> 1.12)
-    ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
     rufus-scheduler (3.8.2)
       fugit (~> 1.1, >= 1.1.6)
@@ -661,13 +689,13 @@ GEM
       tilt (>= 1.1, < 3)
     sd_notify (0.1.1)
     semantic_range (3.0.0)
-    shoulda-matchers (5.3.0)
+    shoulda-matchers (6.1.0)
       activesupport (>= 5.2.0)
-    sidekiq (7.1.4)
+    sidekiq (7.2.2)
       concurrent-ruby (< 2)
       connection_pool (>= 2.3.0)
       rack (>= 2.2.4)
-      redis-client (>= 0.14.0)
+      redis-client (>= 0.19.0)
     sidekiq-scheduler (5.0.3)
       rufus-scheduler (~> 3.2)
       sidekiq (>= 6, < 8)
@@ -681,9 +709,11 @@ GEM
     spreadsheet_architect (5.0.0)
       caxlsx (>= 3.3.0, < 4)
       rodf (>= 1.0.0, < 2)
-    spring (4.1.1)
+    spring (4.1.3)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
+    spring-commands-rubocop (0.4.0)
+      spring (>= 1.0)
     sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -711,33 +741,35 @@ GEM
     stimulus_reflex_testing (0.3.0)
       stimulus_reflex (>= 3.3.0)
     stringex (2.8.6)
-    stripe (9.3.0)
-    swd (1.3.0)
+    stringio (3.1.0)
+    stripe (10.10.0)
+    swd (2.0.3)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
-      httpclient (>= 2.4)
+      faraday (~> 2.0)
+      faraday-follow_redirects
     temple (0.8.2)
-    thor (1.2.2)
+    thor (1.3.0)
     thread-local (1.1.0)
-    tilt (2.1.0)
+    tilt (2.3.0)
     timecop (0.9.8)
-    timeout (0.4.0)
+    timeout (0.4.1)
     ttfunk (1.7.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.4.2)
+    unicode-display_width (2.5.0)
     uniform_notifier (1.16.0)
-    valid_email2 (5.0.3)
+    uri (0.13.0)
+    valid_email2 (5.2.1)
       activemodel (>= 3.2)
       mail (~> 2.5)
-    validate_email (0.1.6)
-      activemodel (>= 3.0)
-      mail (>= 2.2.5)
     validate_url (1.0.15)
       activemodel (>= 3.0.0)
       public_suffix
+    validates_lengths_from_database (0.8.0)
+      activerecord (>= 4)
     vcr (6.2.0)
-    view_component (3.6.0)
+    view_component (3.11.0)
       activesupport (>= 5.2.0, < 8.0)
       concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
@@ -754,10 +786,11 @@ GEM
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webfinger (1.2.0)
+    webfinger (2.1.3)
       activesupport
-      httpclient (>= 2.4)
-    webmock (3.18.1)
+      faraday (~> 2.0)
+      faraday-follow_redirects
+    webmock (3.23.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -766,7 +799,7 @@ GEM
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
       semantic_range (>= 2.3.0)
-    webrick (1.7.0)
+    webrick (1.8.1)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -778,7 +811,7 @@ GEM
     xml-simple (1.1.8)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.11)
+    zeitwerk (2.6.13)
 
 PLATFORMS
   ruby
@@ -822,7 +855,7 @@ DEPENDENCIES
   devise-token_authenticatable
   dfc_provider!
   digest
-  dotenv-rails
+  dotenv
   factory_bot_rails (= 6.2.0)
   faraday
   ffaker
@@ -837,11 +870,11 @@ DEPENDENCIES
   good_migrations
   haml
   highline (= 2.0.3)
-  hiredis
   i18n
   i18n-js (~> 3.9.0)
   image_processing
   immigrant
+  invisible_captcha
   jquery-rails (= 4.4.0)
   jquery-ui-rails (~> 4.2)
   json
@@ -859,10 +892,10 @@ DEPENDENCIES
   oauth2 (~> 1.4.7)
   omniauth-rails_csrf_protection
   omniauth_openid_connect
-  openid_connect (~> 1.3)
+  openid_connect
   order_management!
   pagy (~> 5.1)
-  paper_trail (~> 12.1)
+  paper_trail
   paranoia (~> 2.4)
   paypal-sdk-merchant (= 1.117.2)
   pdf-reader
@@ -879,20 +912,21 @@ DEPENDENCIES
   rails-erd
   rails-i18n
   rails_safe_tasks (~> 1.0)
-  ransack (~> 2.6.0)
+  ransack (~> 4.1.0)
   redcarpet
-  redis (>= 4.0)
+  redis
   responders
   rexml
   roadie-rails
   roo
   rspec-rails (>= 3.5.2)
   rspec-retry
+  rswag
   rswag-api
-  rswag-specs
   rswag-ui
   rubocop
   rubocop-rails
+  rubocop-rspec
   sd_notify
   select2-rails!
   shoulda-matchers
@@ -902,6 +936,7 @@ DEPENDENCIES
   spreadsheet_architect
   spring
   spring-commands-rspec
+  spring-commands-rubocop
   state_machines-activerecord
   stimulus_reflex (= 3.5.0.rc3)
   stimulus_reflex_testing
@@ -909,6 +944,7 @@ DEPENDENCIES
   stripe
   timecop
   valid_email2
+  validates_lengths_from_database
   vcr
   view_component
   view_component_reflex (= 3.1.14.pre9)

README.md

@@ -1,5 +1,4 @@
 [![Build](https://github.com/openfoodfoundation/openfoodnetwork/actions/workflows/build.yml/badge.svg)](https://github.com/openfoodfoundation/openfoodnetwork/actions/workflows/build.yml)
-[![Code Climate](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork.png)](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork)
 
 # Open Food Network
 
@@ -45,7 +44,7 @@ We use [KnapsackPro](https://knapsackpro.com/) for optimal parallelisation of ou
 
 ## Licence
 
-Copyright (c) 2012 - 2022 Open Food Foundation, released under the AGPL licence.
+Copyright (c) 2012 - 2024 Open Food Foundation, released under the AGPL licence.
 
 [survey]: https://docs.google.com/a/eaterprises.com.au/forms/d/1zxR5vSiU9CigJ9cEaC8-eJLgYid8CR8er7PPH9Mc-30/edit#
 [slack-invite]: https://join.slack.com/t/openfoodnetwork/shared_invite/zt-9sjkjdlu-r02kUMP1zbrTgUhZhYPF~A

app/assets/javascripts/admin/bulk_product_update.js.coffee

@@ -248,7 +248,6 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
     else
       product.variant_unit = product.variant_unit_scale = null
 
-    $scope.packVariant product, product.master if product.master
 
     if product.variants
       for id, variant of product.variants
@@ -299,7 +298,6 @@ filterSubmitProducts = (productsToFilter) ->
       if product.hasOwnProperty("id")
         filteredProduct = {id: product.id}
         filteredVariants = []
-        filteredMaster = null
         hasUpdatableProperty = false
 
         if product.hasOwnProperty("variants")
@@ -309,16 +307,6 @@ filterSubmitProducts = (productsToFilter) ->
             variantHasUpdatableProperty = result.hasUpdatableProperty
             filteredVariants.push filteredVariant  if variantHasUpdatableProperty
 
-        if product.master?.hasOwnProperty("unit_value")
-          filteredMaster ?= { id: product.master.id }
-          filteredMaster.unit_value = product.master.unit_value
-        if product.master?.hasOwnProperty("unit_description")
-          filteredMaster ?= { id: product.master.id }
-          filteredMaster.unit_description = product.master.unit_description
-        if product.master?.hasOwnProperty("display_as")
-          filteredMaster ?= { id: product.master.id }
-          filteredMaster.display_as = product.master.display_as
-
         if product.hasOwnProperty("sku")
           filteredProduct.sku = product.sku
           hasUpdatableProperty = true
@@ -350,9 +338,6 @@ filterSubmitProducts = (productsToFilter) ->
         if product.hasOwnProperty("inherits_properties")
           filteredProduct.inherits_properties = product.inherits_properties
           hasUpdatableProperty = true
-        if filteredMaster?
-          filteredProduct.master_attributes = filteredMaster
-          hasUpdatableProperty = true
         if filteredVariants.length > 0 # Note that the name of the property changes to enable mass assignment of variants attributes with rails
           filteredProduct.variants_attributes = filteredVariants
           hasUpdatableProperty = true

app/assets/javascripts/admin/line_items/controllers/line_items_controller.js.coffee

@@ -24,6 +24,9 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
     "order_bill_address_firstname",
     "order_bill_address_lastname",
     "order_bill_address_full_name",
+    "order_bill_address_full_name_reversed",
+    "order_bill_address_full_name_with_comma",
+    "order_bill_address_full_name_with_comma_reversed",
     "variant_product_supplier_name",
     "order_email",
     "order_number",

app/assets/javascripts/admin/payments/services/payment.js.coffee

@@ -42,8 +42,10 @@ angular.module('admin.payments').factory 'Payment', (AdminStripeElements, curren
 
     submit: =>
       munged = @preprocess()
-      PaymentResource.create({order_id: munged.order_id}, munged, (response, headers, status)=>
-        $window.location.pathname = "/admin/orders/" + munged.order_id + "/payments"
+      PaymentResource.create({order_id: munged.order_id}, munged, (response, headers, status) ->
+        rawHtml = Object.values(response).join('').replace('[object Object]true', '')
+        document.body.innerHTML = rawHtml
+        $window.history.pushState({}, '', "/admin/orders/" + munged.order_id + "/payments")
       , (response) ->
         StatusMessage.display 'error', t("spree.admin.payments.source_forms.stripe.error_saving_payment")
       )

app/assets/javascripts/admin/products/services/variant_unit_manager.js.coffee

@@ -2,6 +2,9 @@ angular.module("admin.products").factory "VariantUnitManager", (availableUnits)
   class VariantUnitManager
     @units:
       'weight':
+        0.001:
+          name: 'mg'
+          system: 'metric'
         1.0:
           name: 'g'
           system: 'metric'
@@ -21,12 +24,21 @@ angular.module("admin.products").factory "VariantUnitManager", (availableUnits)
         0.001:
           name: 'mL'
           system: 'metric'
+        0.01:
+          name: 'cL'
+          system: 'metric'
+        0.1:
+          name: 'dL'
+          system: 'metric'
         1.0:
           name: 'L'
           system: 'metric'
         1000.0:
           name: 'kL'
           system: 'metric'
+        4.54609:
+          name: 'gal'
+          system: 'metric'
       'items':
         1:
           name: 'items'
@@ -60,8 +72,13 @@ angular.module("admin.products").factory "VariantUnitManager", (availableUnits)
 
     @compatibleUnitScales: (scale, unitType) ->
       scaleSystem = @units[unitType][scale]['system']
-      (parseFloat(scale) for scale, scaleInfo of @units[unitType] when scaleInfo['system'] == scaleSystem).sort (a, b) ->
-         a - b
+      if availableUnits
+        available = availableUnits.split(",")
+        (parseFloat(scale) for scale, scaleInfo of @units[unitType] when scaleInfo['system'] == scaleSystem and available.includes(scaleInfo['name'])).sort (a, b) ->
+          a - b
+      else
+        (parseFloat(scale) for scale, scaleInfo of @units[unitType] when scaleInfo['system'] == scaleSystem).sort (a, b) ->
+          a - b
 
     @systemOfMeasurement: (scale, unitType) ->
       if @units[unitType][scale]

app/assets/javascripts/admin/spree/base.js.erb

@@ -32,9 +32,6 @@ jQuery(function($) {
     });
   }
 
-  // Make flash messages dissapear
-  setTimeout('$(".flash").fadeOut()', 5000);
-
   // Highlight hovered table column
   $('table tbody tr td.actions a').hover(function(){
     var tr = $(this).closest('tr');

app/assets/javascripts/admin/spree/orders/shipments.js.erb

@@ -1,22 +1,6 @@
 // Shipments AJAX API
 
 $(document).ready(function() {
-
-  handle_ship_click = function(){
-    var link = $(this);
-    var shipment_number = link.data('shipment-number');
-    var url = Spree.url( Spree.routes.orders_api + "/" + order_number + "/shipments/" + shipment_number + "/ship.json");
-    $.ajax({
-      type: "PUT",
-      url: url
-    }).done(function( msg ) {
-      window.location.reload();
-    }).error(function( msg ) {
-      console.log(msg);
-    });
-  }
-  $('.admin-order-edit-form a.ship').click(handle_ship_click);
-
   //handle shipping method edit click
   $('a.edit-method').click(toggleMethodEdit);
   $('a.cancel-method').click(toggleMethodEdit);

app/assets/javascripts/admin/spree/orders/variant_autocomplete.js.erb

@@ -50,11 +50,11 @@ $(document).ready(function() {
       if (quantity > maxQuantity) {
         quantity = maxQuantity;
         save.parents('tr').find('input.line_item_quantity').val(maxQuantity);
-        ofnAlert(t("js.admin.orders.quantity_adjusted"));
+        ofnAlert(t("js.admin.orders.quantity_unavailable"));
+      } else {
+        adjustItems(shipment_number, variant_id, quantity, true);
       }
-      toggleItemEdit();
 
-      adjustItems(shipment_number, variant_id, quantity, true);
       return false;
     }
     $('a.save-item').click(handle_save_click);

app/assets/javascripts/templates/partials/hub_details.html.haml

@@ -14,7 +14,7 @@
             {{'hubs_delivery' | t}}
     .row
       .columns.small-12
-        %a.cta-hub{"ng-href" => "{{::enterprise.path}}#/shop", "ng-attr-target" => "{{ embedded_layout ? '_blank' : undefined}}",
+        %a.cta-hub{"ng-href" => "{{::enterprise.path}}#/shop_panel", "ng-attr-target" => "{{ embedded_layout ? '_blank' : undefined}}",
         "ng-class" => "{primary: enterprise.active, secondary: !enterprise.active}",
         "ng-click" => "$close()",
         "ofn-change-hub" => "enterprise"}

app/assets/javascripts/templates/partials/producer_details.html.haml

@@ -12,7 +12,7 @@
     .row
       .columns.small-12
         %a.cta-hub{"ng-repeat" => "hub in enterprise.hubs | filter:{id: '!'+enterprise.id} | orderBy:'-active'",
-        "ng-href" => "{{::hub.path}}#/shop", "ofn-empties-cart" => "hub",
+        "ng-href" => "{{::hub.path}}#/shop_panel", "ofn-empties-cart" => "hub",
         "ng-class" => "::{primary: hub.active, secondary: !hub.active}",
         "ng-click" => "$close()",
         "ofn-change-hub" => "hub"}

app/assets/javascripts/templates/product_modal.html.haml

@@ -11,7 +11,7 @@
       %filter-selector{ 'selector-set' => "productPropertySelectors", objects: "[product] | propertiesWithValuesOf" }
 
     .product-description{"ng-if" => "product.description_html"}
-      %p.text-small{"ng-bind-html" => "::product.description_html"}
+      %p.text-small{"ng-bind-html" => "::product.description_html", "data-controller" => "add-blank-to-link"}
 
   .columns.small-12.medium-6.large-6.product-img
     %img{"ng-src" => "{{::product.largeImage}}", "ng-if" => "::product.largeImage"}

app/components/confirm_modal_component.rb

@@ -1,14 +1,29 @@
 # frozen_string_literal: true
 
 class ConfirmModalComponent < ModalComponent
-  def initialize(id:, confirm_actions: nil, reflex: nil, controller: nil, message: nil,
-                 confirm_reflexes: nil)
+  # @param actions_alignment_class [String] possible classes: 'justify-space-around', 'justify-end'
+  def initialize(
+    id:,
+    reflex: nil,
+    controller: nil,
+    message: nil,
+    confirm_actions: nil,
+    confirm_reflexes: nil,
+    confirm_button_class: :primary,
+    confirm_button_text: I18n.t('js.admin.modals.confirm'),
+    cancel_button_text: I18n.t('js.admin.modals.cancel'),
+    actions_alignment_class: 'justify-space-around'
+  )
     super(id:, close_button: true)
     @confirm_actions = confirm_actions
     @reflex = reflex
     @confirm_reflexes = confirm_reflexes
     @controller = controller
     @message = message
+    @confirm_button_class = confirm_button_class
+    @confirm_button_text = confirm_button_text
+    @cancel_button_text = cancel_button_text
+    @actions_alignment_class = actions_alignment_class
   end
 
   private

app/components/confirm_modal_component/confirm_modal_component.html.haml

@@ -1,10 +1,10 @@
 %div{ id: @id, "data-controller": "modal #{@controller}", "data-action": "keyup@document->modal#closeIfEscapeKey", "data-#{@controller}-reflex-value": @reflex }
   .reveal-modal-bg.fade{ "data-modal-target": "background", "data-action": "click->modal#close" }
-  .reveal-modal.fade.tiny.help-modal{ "data-modal-target": "modal" }
+  .reveal-modal.fade.tiny.modal-component{ "data-modal-target": "modal" }
     = content
 
     = render @message if @message
 
-    .modal-actions
-      %input{ class: "button icon-plus #{close_button_class}", type: 'button', value: t('js.admin.modals.cancel'), "data-action": "click->modal#close" }
-      %input{ class: "button icon-plus primary", type: 'button', value: t('js.admin.modals.confirm'), "data-action": @confirm_actions, "data-reflex": @confirm_reflexes }
+    %div{ class: "modal-actions #{@actions_alignment_class}" }
+      %input{ class: "button icon-plus #{close_button_class}", type: 'button', value: @cancel_button_text, "data-action": "click->modal#close" }
+      %input{ id: 'modal-confirm-button', class: "button icon-plus #{@confirm_button_class}", type: 'button', value: @confirm_button_text, "data-action": @confirm_actions, "data-reflex": @confirm_reflexes }

app/components/confirm_modal_component/confirm_modal_component.scss

@@ -1,4 +0,0 @@
-.modal-actions {
-  display: flex;
-  justify-content: space-around;
-}

app/components/help_modal_component/help_modal_component.html.haml

@@ -1,6 +1,6 @@
 %div{ id: @id, "data-controller": "help-modal", "data-action": "keyup@document->help-modal#closeIfEscapeKey" }
   .reveal-modal-bg.fade{ "data-help-modal-target": "background", "data-action": "click->help-modal#close" }
-  .reveal-modal.fade.small.help-modal{ "data-help-modal-target": "modal" }
+  .reveal-modal.fade.small.modal-component{ "data-help-modal-target": "modal" }
     = content
 
     - if close_button?

app/components/help_modal_component/help_modal_component.scss

@@ -1,10 +0,0 @@
-.help-modal {
-  visibility: visible;
-  position: fixed;
-  top: 3em;
-}
-
-/* prevent arrow on selected admin menu item appearing above modal */
-body.modal-open #admin-menu li.selected a::after {
-  z-index: 0;
-}

app/components/modal_component.rb

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
 class ModalComponent < ViewComponent::Base
-  def initialize(id:, close_button: true)
+  def initialize(id:, close_button: true, instant: false, modal_class: :small)
     @id = id
     @close_button = close_button
+    @instant = instant
+    @modal_class = modal_class
   end
 
   private

app/components/modal_component/modal_component.html.haml

@@ -0,0 +1,8 @@
+%div{ id: @id, "data-controller": "modal", "data-action": "keyup@document->modal#closeIfEscapeKey", "data-modal-instant-value": @instant }
+  .reveal-modal-bg.fade{ "data-modal-target": "background", "data-action": "click->modal#close" }
+  .reveal-modal.fade.modal-component{ "data-modal-target": "modal", class: @modal_class }
+    = content
+
+    - if close_button?
+      .text-center
+        %input{ class: "button icon-plus #{close_button_class}", type: 'button', value: t('js.admin.modals.close'), "data-action": "click->modal#close" }

app/components/modal_component/modal_component.scss

@@ -0,0 +1,56 @@
+// class name 'modal' is already taken by 'custom-alert' and 'custom-confirm'.
+.modal-component {
+  visibility: visible;
+  position: fixed;
+  top: 3em;
+  min-height: auto; // reset from reveal-modal
+
+  &.in {
+    padding: 1.2rem;
+  }
+
+  h1,
+  h2,
+  h3,
+  h4,
+  h5,
+  h6,
+  p {
+    margin-bottom: 0.5em;
+  }
+
+  img {
+    // Ensure image fits in container
+    max-width: 100%;
+    height: auto;
+  }
+}
+
+/* prevent arrow on selected admin menu item appearing above modal */
+body.modal-open #admin-menu li.selected a::after {
+  z-index: 0;
+}
+
+.modal-actions {
+  display: flex;
+  text-align: center; // Ensure text inside fullwidth buttons are centred on small screens
+
+  &.justify-space-around {
+    justify-content: space-around;
+  }
+
+  &.justify-end {
+    justify-content: flex-end;
+    input[type="button"] {
+      margin: 0 5px;
+    }
+
+    @media only screen and (max-width: 1024px) {
+      flex-direction: column;
+      justify-content: space-around;
+      input[type="button"] {
+        margin: 5px 0;
+      }
+    }
+  }
+}

app/components/ship_order_component.html.haml

@@ -0,0 +1,8 @@
+= render ConfirmModalComponent.new(id: dom_id(@order, :ship), confirm_reflexes: "click->Admin::OrdersReflex#ship", controller: "orders", reflex: "Admin::Orders#ship") do
+  %div{class: "margin-bottom-30"}
+    %p= t('spree.admin.orders.shipment.mark_as_shipped_message_html')
+  %div{class: "margin-bottom-30"}
+    = hidden_field_tag :id, @order.id
+    = label_tag do
+      = check_box_tag :send_shipment_email, "1", true
+      = t('spree.admin.orders.shipment.mark_as_shipped_label_message')

app/components/ship_order_component.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class ShipOrderComponent < ViewComponent::Base
+  def initialize(order:)
+    @order = order
+  end
+end

app/components/vertical_ellipsis_menu/component.html.haml

@@ -0,0 +1,4 @@
+.vertical-ellipsis-menu{ "data-controller": "vertical-ellipsis-menu--component" }
+  %i.fa.fa-ellipsis-v{ "data-action": "click->vertical-ellipsis-menu--component#toggle" }
+  .vertical-ellipsis-menu-content{ "data-vertical-ellipsis-menu--component-target": "content" }
+    = content

app/components/vertical_ellipsis_menu/component.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module VerticalEllipsisMenu
+  class Component < ViewComponent::Base
+  end
+end

app/components/vertical_ellipsis_menu/component.scss

@@ -1,16 +1,13 @@
 .vertical-ellipsis-menu {
   position: relative;
-  width: $btn-relaxed-height;
 
   i.fa-ellipsis-v {
     cursor: pointer;
     display: block;
-    height: $btn-relaxed-height;
-    width: $btn-relaxed-height;
-    line-height: $btn-relaxed-height;
     text-align: center;
     border-radius: 3px;
     background-color: white;
+    padding: 9px 14px;
   }
 
   .vertical-ellipsis-menu-content {
@@ -20,7 +17,7 @@
     padding-top: 5px;
     padding-bottom: 5px;
     background-color: white;
-    @include defaultBoxShadow;
+    box-shadow: $box-shadow;
     border-radius: 3px;
     min-width: 80px;
     display: none;
@@ -30,7 +27,7 @@
       display: block;
     }
 
-    .vertical-ellipsis-menu-content-item {
+    & > a {
       display: block;
       padding: 5px 10px;
       cursor: pointer;

app/controllers/admin/enterprise_fees_controller.rb

@@ -38,7 +38,8 @@ module Admin
       @enterprise_fee_set = EnterpriseFeesBulkUpdate.new(params)
 
       if @enterprise_fee_set.save
-        redirect_to redirect_path, notice: I18n.t(:enterprise_fees_update_notice)
+        flash[:success] = I18n.t(:enterprise_fees_update_notice)
+        redirect_to redirect_path
       else
         redirect_to redirect_path,
                     flash: { error: @enterprise_fee_set.errors.full_messages.to_sentence }

app/controllers/admin/enterprise_roles_controller.rb

@@ -3,9 +3,8 @@
 module Admin
   class EnterpriseRolesController < Admin::ResourceController
     def index
-      @enterprise_roles = EnterpriseRole.by_user_email
-      @users = Spree::User.order('spree_users.email')
-      @my_enterprises = @all_enterprises = Enterprise.by_name
+      @enterprise_roles, @users, @all_enterprises = Admin::EnterpriseRolesQuery.query
+      @my_enterprises = @all_enterprises
     end
 
     def create

app/controllers/admin/oidc_settings_controller.rb

@@ -2,6 +2,13 @@
 
 module Admin
   class OidcSettingsController < Spree::Admin::BaseController
-    def index; end
+    def index
+      @account = spree_current_user.oidc_account
+    end
+
+    def destroy
+      spree_current_user.oidc_account&.destroy
+      redirect_to admin_oidc_settings_path
+    end
   end
 end

app/controllers/admin/order_cycles_controller.rb

@@ -48,7 +48,7 @@ module Admin
       @order_cycle_form = OrderCycleForm.new(@order_cycle, order_cycle_params, spree_current_user)
 
       if @order_cycle_form.save
-        flash[:notice] = I18n.t(:order_cycles_create_notice)
+        flash[:success] = t('.success')
         render json: { success: true,
                        edit_path: main_app.admin_order_cycle_incoming_path(@order_cycle) }
       else
@@ -66,7 +66,7 @@ module Admin
       if @order_cycle_form.save
         update_nil_subscription_line_items_price_estimate(@order_cycle)
         respond_to do |format|
-          flash[:notice] = I18n.t(:order_cycles_update_notice) if params[:reloading] == '1'
+          flash[:success] = t('.success') if params[:reloading] == '1'
           format.html { redirect_to_after_update_path }
           format.json { render json: { success: true } }
         end
@@ -118,7 +118,7 @@ module Admin
       @order_cycle = OrderCycle.find params[:id]
       @order_cycle.clone!
       redirect_to main_app.admin_order_cycles_path,
-                  notice: I18n.t(:order_cycles_clone_notice, name: @order_cycle.name)
+                  flash: { success: t('.success', name: @order_cycle.name) }
     end
 
     # Send notifications to all producers who are part of the order cycle
@@ -126,7 +126,7 @@ module Admin
       OrderCycleNotificationJob.perform_later params[:id].to_i
 
       redirect_to main_app.admin_order_cycles_path,
-                  notice: I18n.t(:order_cycles_email_to_producers_notice)
+                  flash: { success: t('.success') }
     end
 
     protected

app/controllers/admin/reports_controller.rb

@@ -21,16 +21,10 @@ module Admin
 
     def show
       @report = report_class.new(spree_current_user, params, render: render_data?)
+      @rendering_options = rendering_options # also stores user preferences
 
-      @background_reports = OpenFoodNetwork::FeatureToggle
-        .enabled?(:background_reports, spree_current_user)
-
-      if @background_reports && request.post?
-        return background(report_format)
-      end
-
-      if params[:report_format].present?
-        export_report
+      if render_data?
+        render_in_background
       else
         show_report
       end
@@ -38,13 +32,8 @@ module Admin
 
     private
 
-    def export_report
-      send_data @report.render_as(report_format), filename: report_filename
-    end
-
     def show_report
       assign_view_data
-      @table = @report.render_as(:html) if render_data?
       render "show"
     end
 
@@ -53,7 +42,6 @@ module Admin
       @report_subtypes = report_subtypes
       @report_subtype = report_subtype
       @report_title = report_title
-      @rendering_options = rendering_options
       @data = Reporting::FrontendData.new(spree_current_user)
 
       variant_id_in = params[:variant_id_in]&.compact_blank
@@ -70,7 +58,7 @@ module Admin
       request.post?
     end
 
-    def background(format)
+    def render_in_background
       cable_ready[ScopedChannel.for_id(params[:uuid])]
         .inner_html(
           selector: "#report-table",
@@ -80,11 +68,11 @@ module Admin
           block: "start"
         ).broadcast
 
-      blob = ReportBlob.create_for_upload_later!(report_filename)
-
       ReportJob.perform_later(
         report_class:, user: spree_current_user, params:,
-        format:, blob:, channel: ScopedChannel.for_id(params[:uuid]),
+        format: report_format,
+        filename: report_filename,
+        channel: ScopedChannel.for_id(params[:uuid]),
       )
 
       head :no_content

app/controllers/admin/schedules_controller.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require 'open_food_network/permissions'
-require 'order_management/subscriptions/proxy_order_syncer'
 
 module Admin
   class SchedulesController < Admin::ResourceController

app/controllers/api/v0/enterprise_attachment_controller.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'api/admin/enterprise_serializer'
-
 module Api
   module V0
     class EnterpriseAttachmentController < Api::V0::BaseController

app/controllers/api/v0/shipments_controller.rb

@@ -23,6 +23,8 @@ module Api
 
         OrderWorkflow.new(@order).advance_to_payment if @order.line_items.any?
 
+        @order.recreate_all_fees!
+
         render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
       end
 

app/controllers/checkout_controller.rb

@@ -2,7 +2,7 @@
 
 require 'open_food_network/address_finder'
 
-class SplitCheckoutController < ::BaseController
+class CheckoutController < BaseController
   layout 'darkswarm'
 
   include OrderStockCheck
@@ -23,12 +23,16 @@ class SplitCheckoutController < ::BaseController
   before_action :hide_ofn_navigation, only: [:edit, :update]
 
   def edit
-    redirect_to_step_based_on_order unless params[:step]
-    check_step if params[:step]
+    if params[:step].blank?
+      redirect_to_step_based_on_order
+    else
+      update_order_state
+      check_step
+    end
 
     return if available_shipping_methods.any?
 
-    flash[:error] = I18n.t('split_checkout.errors.no_shipping_methods_available')
+    flash[:error] = I18n.t('checkout.errors.no_shipping_methods_available')
   end
 
   def update
@@ -51,10 +55,10 @@ class SplitCheckoutController < ::BaseController
   private
 
   def render_error
-    flash.now[:error] ||= I18n.t('split_checkout.errors.saving_failed')
+    flash.now[:error] ||= I18n.t('checkout.errors.saving_failed')
 
     render status: :unprocessable_entity, cable_ready: cable_car.
-      replace("#checkout", partial("split_checkout/checkout")).
+      replace("#checkout", partial("checkout/checkout")).
       replace("#flashes", partial("shared/flashes", locals: { flashes: flash }))
   end
 
@@ -94,13 +98,29 @@ class SplitCheckoutController < ::BaseController
   def update_order
     return if params[:confirm_order] || @order.errors.any?
 
+    # Checking if shipping method updated before @order get updated. We can't use this guard
+    # clause in recalculate_voucher as by then the @order.shipping method would be the new one
+    shipping_method_updated = @order.shipping_method&.id != params[:shipping_method_id].to_i
+
     @order.select_shipping_method(params[:shipping_method_id])
     @order.update(order_params)
+    # We need to update voucher to take into account:
+    #  * when moving away from "details" step : potential change in shipping method fees
+    #  * when moving away from "payment" step : payment fees
+    recalculate_voucher(shipping_method_updated) if details_step? || payment_step?
     @order.update_totals_and_states
 
     validate_current_step
   end
 
+  def recalculate_voucher(shipping_method_updated)
+    return if @order.voucher_adjustments.empty?
+
+    return unless shipping_method_updated
+
+    VoucherAdjustmentsService.new(@order).update
+  end
+
   def validate_current_step
     Checkout::Validation.new(@order, params).call && @order.errors.empty?
   end
@@ -114,4 +134,15 @@ class SplitCheckoutController < ::BaseController
   def order_params
     @order_params ||= Checkout::Params.new(@order, params, spree_current_user).call
   end
+
+  # Update order state based on the step we are loading to avoid discrepancy between step and order
+  # state. We need to do this when moving back to a previous checkout step, the update action takes
+  # care of moving the order state forward.
+  def update_order_state
+    return @order.back_to_payment if @order.confirmation? && payment_step?
+
+    return unless @order.after_delivery_state? && details_step?
+
+    @order.back_to_address
+  end
 end

app/controllers/concerns/checkout_steps.rb

@@ -13,6 +13,10 @@ module CheckoutSteps
     params[:step] == "payment"
   end
 
+  def details_step?
+    params[:step] == "details"
+  end
+
   def redirect_to_step_based_on_order
     case @order.state
     when "cart", "address", "delivery"
@@ -36,12 +40,16 @@ module CheckoutSteps
     redirect_to_step_based_on_order
   end
 
+  # Checkout step and allowed order state
+  # * step details : order state in cart, address or delivery
+  # * step payment : order state is payment
+  # * step summary : order state is confirmation
   def check_step
     case @order.state
     when "cart", "address", "delivery"
-      redirect_to checkout_step_path(:details) unless params[:step] == "details"
+      redirect_to checkout_step_path(:details) unless details_step?
     when "payment"
-      redirect_to checkout_step_path(:payment) if params[:step] == "summary"
+      redirect_to checkout_step_path(:payment) if summary_step?
     end
   end
 end

app/controllers/omniauth_callbacks_controller.rb

@@ -2,7 +2,7 @@
 
 class OmniauthCallbacksController < Devise::OmniauthCallbacksController
   def openid_connect
-    spree_current_user.link_from_omniauth(request.env["omniauth.auth"])
+    OidcAccount.link(spree_current_user, request.env["omniauth.auth"])
 
     redirect_to admin_oidc_settings_path
   end

app/controllers/spree/admin/base_controller.rb

@@ -9,6 +9,7 @@ module Spree
       helper 'admin/injection'
       helper 'admin/orders'
       helper 'admin/enterprises'
+      helper 'admin/terms_of_service'
       helper 'enterprise_fees'
       helper 'angular_form'
 

app/controllers/spree/admin/images_controller.rb

@@ -32,10 +32,13 @@ module Spree
 
         if @object.save
           flash[:success] = flash_message_for(@object, :successfully_created)
-          redirect_to spree.admin_product_images_url(params[:product_id], @url_filters)
+          redirect_to location_after_save
         else
           respond_with(@object)
         end
+      rescue ActiveStorage::IntegrityError
+        @object.errors.add :attachment, :integrity_error
+        respond_with(@object)
       end
 
       def update
@@ -44,10 +47,13 @@ module Spree
 
         if @object.update(permitted_resource_params)
           flash[:success] = flash_message_for(@object, :successfully_updated)
-          redirect_to spree.admin_product_images_url(params[:product_id], @url_filters)
+          redirect_to location_after_save
         else
           respond_with(@object)
         end
+      rescue ActiveStorage::IntegrityError
+        @object.errors.add :attachment, :integrity_error
+        respond_with(@object)
       end
 
       def destroy
@@ -58,7 +64,7 @@ module Spree
           flash[:success] = flash_message_for(@object, :successfully_removed)
         end
 
-        redirect_to spree.admin_product_images_url(params[:product_id], @url_filters)
+        redirect_to location_after_save
       end
 
       private
@@ -76,7 +82,7 @@ module Spree
       end
 
       def location_after_save
-        spree.admin_product_images_url(@product)
+        params[:return_url] || spree.admin_product_images_url(params[:product_id], @url_filters)
       end
 
       def load_data

app/controllers/spree/admin/orders_controller.rb

@@ -90,7 +90,8 @@ module Spree
       end
 
       def invoice
-        Spree::OrderMailer.invoice_email(@order.id).deliver_later
+        Spree::OrderMailer.invoice_email(@order.id,
+                                         current_user_id: spree_current_user.id ).deliver_later
         flash[:success] = t('admin.orders.invoice_email_sent')
 
         respond_with(@order) { |format|
@@ -99,11 +100,16 @@ module Spree
       end
 
       def print
-        if OpenFoodNetwork::FeatureToggle.enabled?(:invoices)
-          @order = @order.invoices.find(params[:invoice_id]).presenter
+        if OpenFoodNetwork::FeatureToggle.enabled?(:invoices, spree_current_user)
+          @order = if params[:invoice_id].present?
+                     @order.invoices.find(params[:invoice_id]).presenter
+                   else
+                     OrderInvoiceGenerator.new(@order).generate_or_update_latest_invoice
+                     @order.invoices.first.presenter
+                   end
         end
 
-        render_with_wicked_pdf InvoiceRenderer.new.args(@order)
+        render_with_wicked_pdf InvoiceRenderer.new.args(@order, spree_current_user)
       end
 
       private

app/controllers/spree/admin/payment_methods_controller.rb

@@ -128,10 +128,6 @@ module Spree
       def load_providers
         providers = Gateway.providers.sort_by(&:name)
 
-        unless Rails.env.development? || Rails.env.test?
-          providers.reject! { |provider| provider.name.include? "Bogus" }
-        end
-
         unless show_stripe?
           providers.reject! { |provider| stripe_provider?(provider) }
         end
@@ -197,7 +193,9 @@ module Spree
 
       def clear_preference_cache
         @payment_method.calculator.preferences.each_key do |key|
-          Rails.cache.delete(@payment_method.calculator.preference_cache_key(key))
+          # Only persisted models have cache keys.
+          cache_key = @payment_method.calculator.preference_cache_key(key)
+          Rails.cache.delete(cache_key) if cache_key
         end
       end
 

app/controllers/spree/admin/payments_controller.rb

@@ -33,23 +33,15 @@ module Spree
             return
           end
 
-          if @order.completed?
-            authorize_stripe_sca_payment
-            @payment.process_offline!
-            flash[:success] = flash_message_for(@payment, :successfully_created)
+          OrderWorkflow.new(@order).complete! unless @order.completed?
 
-            redirect_to spree.admin_order_payments_path(@order)
-          else
-            OrderWorkflow.new(@order).complete!
-            authorize_stripe_sca_payment
-            @payment.process_offline!
-
-            flash[:success] = Spree.t(:new_order_completed)
-            redirect_to spree.edit_admin_order_url(@order)
-          end
+          authorize_stripe_sca_payment
+          @payment.process_offline!
+          flash[:success] = flash_message_for(@payment, :successfully_created)
+          redirect_to spree.admin_order_payments_path(@order)
         rescue Spree::Core::GatewayError => e
           flash[:error] = e.message.to_s
-          redirect_to spree.new_admin_order_payment_path(@order)
+          redirect_to spree.admin_order_payments_path(@order)
         end
       end
 
@@ -67,6 +59,8 @@ module Spree
           flash[:error] = t(:cannot_perform_operation)
         end
       rescue StandardError => e
+        logger.error e.message
+        Bugsnag.notify(e)
         flash[:error] = e.message
       ensure
         redirect_to request.referer
@@ -140,7 +134,8 @@ module Spree
       #
       # Otherwise redirect user to that step
       def can_transition_to_payment
-        return if @order.payment? || @order.complete? || @order.canceled? || @order.resumed?
+        return if @order.confirmation? || @order.payment? ||
+                  @order.complete? || @order.canceled? || @order.resumed?
 
         flash[:notice] = Spree.t(:fill_in_customer_info)
         redirect_to spree.edit_admin_order_customer_url(@order)
@@ -184,7 +179,8 @@ module Spree
       end
 
       def allowed_events
-        %w{capture void_transaction credit refund resend_authorization_email}
+        %w{capture void_transaction credit refund resend_authorization_email
+           capture_and_complete_order}
       end
     end
   end

app/controllers/spree/admin/products_controller.rb

@@ -82,14 +82,10 @@ module Spree
 
       def clone
         @new = @product.duplicate
+        raise "Clone failed" unless @new.save
 
-        flash[:success] = if @new.save
-                            Spree.t('notice_messages.product_cloned')
-                          else
-                            Spree.t('notice_messages.product_not_cloned')
-                          end
-
-        redirect_to spree.edit_admin_product_url(@new)
+        flash[:success] = t('.success')
+        redirect_to spree.admin_products_url
       end
 
       def group_buy_options

app/controllers/spree/admin/taxons_controller.rb

@@ -117,8 +117,8 @@ module Spree
 
       def taxon_params
         params.require(:taxon).permit(
-          :name, :parent_id, :position, :icon, :description, :permalink,
-          :taxonomy_id, :meta_description, :meta_keywords, :meta_title
+          :name, :parent_id, :position, :icon, :description, :permalink, :taxonomy_id,
+          :meta_description, :meta_keywords, :meta_title, :dfc_id
         )
       end
     end

app/controllers/spree/admin/users_controller.rb

@@ -33,8 +33,8 @@ module Spree
             @user.spree_roles = roles.compact_blank.collect{ |r| Spree::Role.find(r) }
           end
 
-          flash.now[:success] = Spree.t(:created_successfully)
-          render :edit
+          flash[:success] = Spree.t(:created_successfully)
+          redirect_to edit_admin_user_path(@user)
         else
           render :new
         end
@@ -50,9 +50,11 @@ module Spree
             @user.spree_roles = roles.compact_blank.collect{ |r| Spree::Role.find(r) }
           end
 
-          flash.now[:success] = update_message
+          flash[:success] = update_message
+          redirect_to edit_admin_user_path(@user)
+        else
+          render :edit
         end
-        render :edit
       end
 
       protected

app/controllers/spree/admin/variants_controller.rb

@@ -50,9 +50,8 @@ module Spree
           flash[:success] = flash_message_for(@object, :successfully_updated)
           redirect_to spree.admin_product_variants_url(params[:product_id], @url_filters)
         else
-          redirect_to spree.edit_admin_product_variant_url(params[:product_id],
-                                                           @object,
-                                                           @url_filters)
+          load_data
+          render :edit
         end
       end
 

app/controllers/spree/users_controller.rb

@@ -8,6 +8,7 @@ module Spree
 
     layout 'darkswarm'
 
+    invisible_captcha only: [:create], on_timestamp_spam: :render_alert_timestamp_error_message
     skip_before_action :set_current_order, only: :show
     prepend_before_action :load_object, only: [:show, :edit, :update]
     prepend_before_action :authorize_actions, only: :new
@@ -101,5 +102,16 @@ module Spree
     def user_params
       ::PermittedAttributes::User.new(params).call
     end
+
+    def render_alert_timestamp_error_message
+      render cable_ready: cable_car.inner_html(
+        "#signup-feedback",
+        partial("layouts/alert",
+                locals: {
+                  type: "alert",
+                  message: InvisibleCaptcha.timestamp_error_message
+                })
+      )
+    end
   end
 end

app/controllers/voucher_adjustments_controller.rb

@@ -32,21 +32,21 @@ class VoucherAdjustmentsController < BaseController
 
   def add_voucher
     if voucher_params[:voucher_code].blank?
-      @order.errors.add(:voucher_code, I18n.t('split_checkout.errors.voucher_not_found'))
+      @order.errors.add(:voucher_code, I18n.t('checkout.errors.voucher_not_found'))
       return false
     end
 
     voucher = Voucher.find_by(code: voucher_params[:voucher_code], enterprise: @order.distributor)
 
     if voucher.nil?
-      @order.errors.add(:voucher_code, I18n.t('split_checkout.errors.voucher_not_found'))
+      @order.errors.add(:voucher_code, I18n.t('checkout.errors.voucher_not_found'))
       return false
     end
 
     adjustment = voucher.create_adjustment(voucher.code, @order)
 
     unless adjustment.persisted?
-      @order.errors.add(:voucher_code, I18n.t('split_checkout.errors.add_voucher_error'))
+      @order.errors.add(:voucher_code, I18n.t('checkout.errors.add_voucher_error'))
       adjustment.errors.each { |error| @order.errors.import(error) }
       return false
     end
@@ -62,7 +62,7 @@ class VoucherAdjustmentsController < BaseController
   def update_payment_section
     render cable_ready: cable_car.replace(
       selector: "#checkout-payment-methods",
-      html: render_to_string(partial: "split_checkout/payment", locals: { step: "payment" })
+      html: render_to_string(partial: "checkout/payment", locals: { step: "payment" })
     )
   end
 
@@ -74,7 +74,7 @@ class VoucherAdjustmentsController < BaseController
       replace(
         "#voucher-section",
         partial(
-          "split_checkout/voucher_section",
+          "checkout/voucher_section",
           locals: { order: @order, voucher_adjustment: @order.voucher_adjustments.first }
         )
       )

app/controllers/webhook_endpoints_controller.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class WebhookEndpointsController < ::BaseController
+class WebhookEndpointsController < BaseController
   before_action :load_resource, only: :destroy
 
   def create

app/helpers/admin/enterprises_helper.rb

@@ -21,15 +21,29 @@ module Admin
       show_payment_methods = can?(:manage_payment_methods, enterprise) && is_shop
       show_enterprise_fees = can?(:manage_enterprise_fees,
                                   enterprise) && (is_shop || enterprise.is_primary_producer)
+      show_connected_apps = can?(:manage_connected_apps, enterprise) &&
+                            feature?(:connected_apps, spree_current_user, enterprise)
 
-      build_enterprise_side_menu_items(is_shop, show_properties, show_shipping_methods,
-                                       show_payment_methods, show_enterprise_fees)
+      build_enterprise_side_menu_items(
+        is_shop:,
+        show_properties:,
+        show_shipping_methods:,
+        show_payment_methods:,
+        show_enterprise_fees:,
+        show_connected_apps:,
+      )
     end
 
     private
 
-    def build_enterprise_side_menu_items(is_shop, show_properties, show_shipping_methods,
-                                         show_payment_methods, show_enterprise_fees)
+    def build_enterprise_side_menu_items(
+      is_shop:,
+      show_properties:,
+      show_shipping_methods:,
+      show_payment_methods:,
+      show_enterprise_fees:,
+      show_connected_apps:
+    )
       [
         { name: 'primary_details', icon_class: "icon-home", show: true, selected: 'selected' },
         { name: 'address', icon_class: "icon-map-marker", show: true },
@@ -50,6 +64,7 @@ module Admin
         { name: 'shop_preferences', icon_class: "icon-shopping-cart", show: is_shop },
         { name: 'users', icon_class: "icon-user", show: true },
         { name: 'white_label', icon_class: "icon-leaf", show: true },
+        { name: 'connected_apps', icon_class: "icon-puzzle-piece", show: show_connected_apps },
       ]
     end
   end

app/helpers/admin/injection_helper.rb

@@ -27,13 +27,6 @@ module Admin
                                   Api::Admin::EnterpriseRelationshipSerializer
     end
 
-    def admin_inject_enterprise_roles(enterprise_roles)
-      admin_inject_json_ams_array "ofn.admin",
-                                  "enterpriseRoles",
-                                  enterprise_roles,
-                                  Api::Admin::EnterpriseRoleSerializer
-    end
-
     def admin_inject_payment_methods(payment_methods)
       admin_inject_json_ams_array "admin.paymentMethods",
                                   "paymentMethods",
@@ -117,15 +110,6 @@ module Admin
                             Api::CurrencyConfigSerializer
     end
 
-    def admin_inject_enterprise_permissions(enterprise)
-      permissions =
-        { can_manage_shipping_methods: can?(:manage_shipping_methods, enterprise),
-          can_manage_payment_methods: can?(:manage_payment_methods, enterprise),
-          can_manage_enterprise_fees: can?(:manage_enterprise_fees, enterprise) }
-
-      admin_inject_json "admin.enterprises", "enterprisePermissions", permissions
-    end
-
     def admin_inject_hub_permissions(hub_permissions)
       render partial: "admin/json/injection_ams", locals: { ngModule: "admin.variantOverrides",
                                                             name: "hubPermissions",
@@ -146,13 +130,6 @@ module Admin
                                   Api::Admin::TaxonSerializer
     end
 
-    def admin_inject_users(users)
-      admin_inject_json_ams_array "ofn.admin",
-                                  "users",
-                                  users,
-                                  Api::Admin::UserSerializer
-    end
-
     def admin_inject_variant_overrides(variant_overrides)
       admin_inject_json_ams_array "admin.variantOverrides",
                                   "variantOverrides",

app/helpers/admin/orders_helper.rb

@@ -2,12 +2,30 @@
 
 module Admin
   module OrdersHelper
+    AdjustmentData = Struct.new(:label, :amount)
+
     # Adjustments to display under "Order adjustments".
     #
     # We exclude shipping method adjustments because they are displayed in a
     # separate table together with the order line items.
     def order_adjustments_for_display(order)
-      order.adjustments + order.all_adjustments.payment_fee.eligible
+      order.adjustments +
+        voucher_included_tax_representations(order) +
+        order.all_adjustments.payment_fee.eligible
+    end
+
+    def voucher_included_tax_representations(order)
+      return [] unless VoucherAdjustmentsService.new(order).voucher_included_tax.negative?
+
+      adjustment = order.voucher_adjustments.first
+
+      [
+        AdjustmentData.new(
+          I18n.t("admin.orders.edit.voucher_tax_included_in_price",
+                 label: adjustment.label),
+          adjustment.included_tax
+        )
+      ]
     end
   end
 end

app/helpers/admin/terms_of_service_helper.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Admin
+  module TermsOfServiceHelper
+    def tos_need_accepting?
+      return false unless spree_user_signed_in?
+
+      return false if Spree::Config.enterprises_require_tos == false
+
+      return false if TermsOfServiceFile.current.nil?
+
+      !accepted_tos?
+    end
+
+    private
+
+    def accepted_tos?
+      file_uploaded_at = TermsOfServiceFile.updated_at
+
+      current_spree_user.terms_of_service_accepted_at.present? &&
+        current_spree_user.terms_of_service_accepted_at > file_uploaded_at &&
+        current_spree_user.terms_of_service_accepted_at < DateTime.now
+    end
+  end
+end

app/helpers/angular_form_helper.rb

@@ -9,7 +9,7 @@ module AngularFormHelper
       text, value = option_text_and_value(element).map(&:to_s)
       %(<option value="#{ERB::Util.html_escape(value)}"\
         #{html_attributes}>#{ERB::Util.html_escape(text)}</option>)
-    end.join("\n").html_safe
+    end.join("\n").html_safe # rubocop:disable Rails/OutputSafety
   end
 
   def ng_options_from_collection_for_select(collection, value_method, text_method, angular_field)

app/helpers/application_helper.rb

@@ -10,7 +10,7 @@ module ApplicationHelper
 
     return "" unless obj && obj.errors[method].present?
 
-    errors = obj.errors[method].map { |err| h(err) }.join('<br />').html_safe
+    errors = obj.errors[method].map { |err| h(err) }.join('<br />').html_safe # rubocop:disable Rails/OutputSafety
 
     if options[:standalone]
       content_tag(
@@ -36,7 +36,7 @@ module ApplicationHelper
         hreflang: locale.to_s.gsub("_", "-").downcase,
         href: "#{request.protocol}#{request.host_with_port}/locales/#{locale}"
       )
-    end.join("\n").html_safe
+    end.join("\n").html_safe # rubocop:disable Rails/OutputSafety
   end
 
   def ng_form_for(name, *args, &)

app/helpers/bulk_form_builder.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class BulkFormBuilder < ActionView::Helpers::FormBuilder
+  def text_field(field, **opts)
+    # Mark field if it is changed (unsaved)
+    changed_method = "#{field}_changed?"
+    if object.respond_to?(changed_method) && object.public_send(changed_method)
+      opts[:class] = "#{opts[:class]} changed".strip
+    end
+
+    super(field, **opts)
+  end
+end

app/helpers/checkout_helper.rb

@@ -53,7 +53,9 @@ module CheckoutHelper
   end
 
   def display_checkout_tax_total(order)
-    Spree::Money.new order.total_tax, currency: order.currency
+    total_tax = order.total_tax + VoucherAdjustmentsService.new(order).voucher_included_tax
+
+    Spree::Money.new(total_tax, currency: order.currency)
   end
 
   def display_checkout_taxes_hash(order)
@@ -146,4 +148,10 @@ module CheckoutHelper
       ]
     end
   end
+
+  # Set the Page title of checkout process as step based like
+  # Checkout Details, Checkout Payment and Checkout Summary
+  def checkout_page_title
+    t("checkout_#{checkout_step}_title")
+  end
 end

app/helpers/reports_helper.rb

@@ -5,7 +5,9 @@ module ReportsHelper
     order_cycles.map do |oc|
       orders_open_at = oc.orders_open_at&.to_fs(:short) || 'NA'
       orders_close_at = oc.orders_close_at&.to_fs(:short) || 'NA'
+      # rubocop:disable Rails/OutputSafety
       ["#{oc.name}   (#{orders_open_at} - #{orders_close_at})".html_safe, oc.id]
+      # rubocop:enable Rails/OutputSafety
     end
   end
 

app/helpers/shared_helper.rb

@@ -20,6 +20,6 @@ module SharedHelper
   end
 
   def current_shop_products_path
-    "#{main_app.enterprise_shop_path(current_distributor)}#/shop"
+    "#{main_app.enterprise_shop_path(current_distributor)}#/shop_panel"
   end
 end

app/helpers/shop_helper.rb

@@ -22,7 +22,7 @@ module ShopHelper
       { name: 'home', title: t(:shopping_tabs_home), show: show_home_tab?,
         default: show_home_tab? },
       { name: 'shop', title: t(:shopping_tabs_shop), show: !require_customer?,
-        default: !show_home_tab? },
+        default: !show_home_tab?, shop: true },
       { name: 'about', title: t(:shopping_tabs_about), show: true },
       { name: 'producers', title: t(:shopping_tabs_producers), show: true },
       { name: 'contact', title: t(:shopping_tabs_contact), show: true },
@@ -45,7 +45,7 @@ module ShopHelper
   end
 
   def shopfront_closed_message?(order_cycles)
-    no_open_order_cycles?(order_cycles) && \
+    no_open_order_cycles?(order_cycles) &&
       current_distributor.preferred_shopfront_closed_message.present?
   end
 

app/helpers/spree/admin/base_helper.rb

@@ -6,9 +6,6 @@ module Spree
       def field_container(model, method, options = {}, &)
         css_classes = options[:class].to_a
         css_classes << 'field'
-        if error_message_on(model, method).present?
-          css_classes << 'withError'
-        end
         content_tag(:div,
                     capture(&),
                     class: css_classes.join(' '),
@@ -20,7 +17,9 @@ module Spree
         obj = object.respond_to?(:errors) ? object : instance_variable_get("@#{object}")
 
         if obj && obj.errors[method].present?
+          # rubocop:disable Rails/OutputSafety
           errors = obj.errors[method].map { |err| h(err) }.join('<br />').html_safe
+          # rubocop:enable Rails/OutputSafety
           content_tag(:span, errors, class: 'formError')
         else
           ''
@@ -113,12 +112,12 @@ module Spree
 
         object.preferences.keys.map { |key|
           preference_label = form.label("preferred_#{key}",
-                                        Spree.t(key.to_s.gsub("_from_list", "")) + ": ").html_safe
+                                        Spree.t(key.to_s.gsub("_from_list", "")) + ": ")
           preference_field = preference_field_for(
             form,
             "preferred_#{key}",
             { type: object.preference_type(key) }, object
-          ).html_safe
+          )
           { label: preference_label, field: preference_field }
         }
       end

app/helpers/spree/admin/general_settings_helper.rb

@@ -4,7 +4,10 @@ module Spree
   module Admin
     module GeneralSettingsHelper
       def all_units
-        ["g", "oz", "lb", "kg", "T", "mL", "L", "kL"]
+        [
+          WeightsAndMeasures::UNITS['weight'].values.pluck('name'),
+          WeightsAndMeasures::UNITS['volume'].values.pluck('name')
+        ].flatten.uniq
       end
     end
   end

app/helpers/spree/admin/navigation_helper.rb

@@ -98,7 +98,9 @@ module Spree
         options[:class] = (options[:class].to_s + " icon_link with-tip #{icon_name}").strip
         options[:class] += ' no-text' if options[:no_text]
         options[:title] = text if options[:no_text]
+        # rubocop:disable Rails/OutputSafety
         text = options[:no_text] ? '' : raw("<span class='text'>#{text}</span>")
+        # rubocop:enable Rails/OutputSafety
         options.delete(:no_text)
         link_to(text, url, options)
       end
@@ -131,14 +133,14 @@ module Spree
           if html_options[:icon]
             html_options[:class] += " #{html_options[:icon]}"
           end
-          link_to(text_for_button_link(text, html_options), url, html_options)
+          link_to(text, url, html_options)
         end
       end
 
       def text_for_button_link(text, _html_options)
         s = ''
         s << text
-        raw(s)
+        raw(s) # rubocop:disable Rails/OutputSafety
       end
 
       def configurations_sidebar_menu_item(link_text, url, options = {})

app/helpers/spree/admin/orders_helper.rb

@@ -7,7 +7,18 @@ module Spree
         links = []
         links << cancel_event_link if @order.can_cancel?
         links << resume_event_link if @order.can_resume?
-        links.join('&nbsp;').html_safe
+        links.join('&nbsp;').html_safe # rubocop:disable Rails/OutputSafety
+      end
+
+      def generate_invoice_button(order)
+        if order.distributor.can_invoice?
+          button_link_to t(:create_or_update_invoice), generate_admin_order_invoices_path(@order),
+                         data: { method: 'post' }, icon: 'icon-plus'
+        else
+          button_link_to t(:create_or_update_invoice), "#", data: {
+            confirm: t(:must_have_valid_business_number, enterprise_name: @order.distributor.name)
+          }, icon: 'icon-plus'
+        end
       end
 
       def line_item_shipment_price(line_item, quantity)
@@ -31,7 +42,6 @@ module Spree
       end
 
       def invoice_links
-        return [] if OpenFoodNetwork::FeatureToggle.enabled?(:invoices)
         return [] unless Spree::Config[:enable_invoices?]
 
         [send_invoice_link, print_invoice_link]
@@ -96,10 +106,8 @@ module Spree
 
       def ship_order_link
         { name: t(:ship_order),
-          url: spree.fire_admin_order_path(@order, e: 'ship'),
-          method: 'put',
-          icon: 'icon-truck',
-          confirm: t(:are_you_sure) }
+          url: '#',
+          icon: 'icon-truck' }
       end
 
       def cancel_order_link

app/helpers/spree/admin/zones_helper.rb

@@ -31,7 +31,7 @@ module Spree
         out = ''
         out << fields.hidden_field(:_destroy) unless fields.object.new_record?
         out << (link_to icon('icon-remove'), "#", class: 'remove')
-        out.html_safe
+        out.html_safe # rubocop:disable Rails/OutputSafety
       end
     end
   end

app/helpers/spree/base_helper.rb

@@ -36,8 +36,7 @@ module Spree
     end
 
     def pretty_time(time)
-      [I18n.l(time.to_date, format: :long),
-       time.strftime("%l:%M %p")].join(" ")
+      I18n.l(time, format: :long)
     end
   end
 end

app/helpers/tax_helper.rb

@@ -14,9 +14,11 @@ module TaxHelper
 
   def display_line_items_taxes(line_item, display_zero: true)
     if line_item.included_tax.positive?
-      Spree::Money.new(line_item.included_tax, currency: line_item.currency)
+      tax = line_item.included_tax + enterprise_fee_adjustments(line_item).total_included_tax
+      Spree::Money.new(tax, currency: line_item.currency)
     elsif line_item.added_tax.positive?
-      Spree::Money.new(line_item.added_tax, currency: line_item.currency)
+      tax = line_item.added_tax + enterprise_fee_adjustments(line_item).total_additional_tax
+      Spree::Money.new(tax, currency: line_item.currency)
     elsif display_zero
       Spree::Money.new(0.00, currency: line_item.currency)
     end
@@ -26,4 +28,10 @@ module TaxHelper
     total = taxable.amount + taxable.additional_tax_total
     Spree::Money.new(total, currency: taxable.currency)
   end
+
+  private
+
+  def enterprise_fee_adjustments(line_item)
+    EnterpriseFeeAdjustments.new(line_item.enterprise_fee_adjustments)
+  end
 end

app/helpers/terms_and_conditions_helper.rb

@@ -2,8 +2,8 @@
 
 module TermsAndConditionsHelper
   def link_to_platform_terms
-    link_to(t("terms_of_service"), TermsOfServiceFile.current_url, target: "_blank",
-                                                                   rel: "noopener")
+    content_tag(:a, t("terms_of_service"), href: TermsOfServiceFile.current_url, target: "_blank",
+                                           rel: "noopener")
   end
 
   def any_terms_required?(distributor)

app/jobs/application_job.rb

@@ -12,6 +12,6 @@ class ApplicationJob < ActiveJob::Base
 
   def enable_active_storage_urls
     ActiveStorage::Current.url_options ||=
-      Rails.application.config.action_controller.default_url_options
+      Rails.application.routes.default_url_options
   end
 end

app/jobs/bulk_invoice_job.rb

@@ -3,10 +3,13 @@
 class BulkInvoiceJob < ApplicationJob
   include CableReady::Broadcaster
   delegate :render, to: ActionController::Base
+  attr_reader :options
 
   def perform(order_ids, filepath, options = {})
+    @options = options
     orders = sorted_orders(order_ids)
-    orders.filter!(&:invoiceable?) if OpenFoodNetwork::FeatureToggle.enabled?(:invoices)
+    orders.filter!(&:invoiceable?) if OpenFoodNetwork::FeatureToggle.enabled?(:invoices,
+                                                                              current_user)
     orders.each(&method(:generate_invoice))
 
     ensure_directory_exists filepath
@@ -29,13 +32,13 @@ class BulkInvoiceJob < ApplicationJob
   end
 
   def generate_invoice(order)
-    renderer_data = if OpenFoodNetwork::FeatureToggle.enabled?(:invoices)
+    renderer_data = if OpenFoodNetwork::FeatureToggle.enabled?(:invoices, current_user)
                       OrderInvoiceGenerator.new(order).generate_or_update_latest_invoice
                       order.invoices.first.presenter
                     else
                       order
                     end
-    invoice = renderer.render_to_string(renderer_data)
+    invoice = renderer.render_to_string(renderer_data, current_user)
     pdf << CombinePDF.parse(invoice)
   end
 
@@ -58,4 +61,10 @@ class BulkInvoiceJob < ApplicationJob
   def pdf
     @pdf ||= CombinePDF.new
   end
+
+  def current_user
+    return unless options[:current_user_id]
+
+    @current_user ||= Spree::User.find(options[:current_user_id])
+  end
 end

app/jobs/connect_app_job.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class ConnectAppJob < ApplicationJob
+  include CableReady::Broadcaster
+
+  def perform(app, token, channel: nil)
+    url = "https://n8n.openfoodnetwork.org.uk/webhook/regen/connect-enterprise"
+    event = "connect-app"
+    enterprise = app.enterprise
+    payload = {
+      '@id': DfcBuilder.urls.enterprise_url(enterprise.id),
+      access_token: token,
+    }
+
+    response = WebhookDeliveryJob.perform_now(url, event, payload)
+    app.update!(data: JSON.parse(response))
+
+    return unless channel
+
+    selector = "#edit_enterprise_#{enterprise.id} #connected-app-discover-regen"
+    html = ApplicationController.render(
+      partial: "admin/enterprises/form/connected_apps",
+      locals: { enterprise: },
+    )
+
+    cable_ready[channel].morph(selector:, html:).broadcast
+  end
+end

app/jobs/report_job.rb

@@ -9,18 +9,26 @@ class ReportJob < ApplicationJob
 
   NOTIFICATION_TIME = 5.seconds
 
-  def perform(report_class:, user:, params:, format:, blob:, channel: nil)
+  def perform(report_class:, user:, params:, format:, filename:, channel: nil)
     start_time = Time.zone.now
 
     report = report_class.new(user, params, render: true)
     result = report.render_as(format)
-    blob.store(result)
+    blob = ReportBlob.create!(filename, result)
 
     execution_time = Time.zone.now - start_time
 
     email_result(user, blob) if execution_time > NOTIFICATION_TIME
 
     broadcast_result(channel, format, blob) if channel
+  rescue StandardError => e
+    Bugsnag.notify(e) do |payload|
+      payload.add_metadata :report, {
+        report_class:, user:, params:, format:
+      }
+    end
+
+    broadcast_error(channel)
   end
 
   def email_result(user, blob)
@@ -37,6 +45,13 @@ class ReportJob < ApplicationJob
     ).broadcast
   end
 
+  def broadcast_error(channel)
+    cable_ready[channel].inner_html(
+      selector: "#report-table",
+      html: I18n.t("report_job.report_failed")
+    ).broadcast
+  end
+
   def actioncable_content(format, blob)
     return blob.result if format.to_sym == :html
 

app/jobs/subscription_confirm_job.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'order_management/subscriptions/summarizer'
-
 # Confirms orders of unconfirmed proxy orders in recently closed Order Cycles
 class SubscriptionConfirmJob < ApplicationJob
   def perform

app/jobs/subscription_placement_job.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'order_management/subscriptions/summarizer'
-
 class SubscriptionPlacementJob < ApplicationJob
   def perform
     proxy_orders.each do |proxy_order|

app/jobs/webhook_delivery_job.rb

@@ -46,5 +46,7 @@ class WebhookDeliveryJob < ApplicationJob
     # Raise a failed request error and let job runner handle retrying.
     # In theory, only 5xx errors should be retried, but who knows.
     raise FailedWebhookRequestError, response.status.to_s unless response.success?
+
+    response.body
   end
 end

app/mailers/spree/order_mailer.rb

@@ -46,16 +46,19 @@ module Spree
       end
     end
 
-    def invoice_email(order_or_order_id)
+    def invoice_email(order_or_order_id, options = {})
       @order = find_order(order_or_order_id)
-      renderer_data = if OpenFoodNetwork::FeatureToggle.enabled?(:invoices)
+      current_user = if options[:current_user_id].present?
+                       find_user(options[:current_user_id])
+                     end
+      renderer_data = if OpenFoodNetwork::FeatureToggle.enabled?(:invoices, current_user)
                         OrderInvoiceGenerator.new(@order).generate_or_update_latest_invoice
                         @order.invoices.first.presenter
                       else
                         @order
                       end
 
-      pdf = InvoiceRenderer.new.render_to_string(renderer_data)
+      pdf = InvoiceRenderer.new.render_to_string(renderer_data, current_user)
 
       attach_file("invoice-#{@order.number}.pdf", pdf)
       I18n.with_locale valid_locale(@order.user) do
@@ -80,5 +83,9 @@ module Spree
     def attach_file(filename, file)
       attachments[filename] = file if file.present?
     end
+
+    def find_user(current_user_id)
+      Spree::User.find(current_user_id)
+    end
   end
 end

app/mailers/spree/shipment_mailer.rb

@@ -12,7 +12,7 @@ module Spree
     private
 
     def base_subject
-      default_subject = !@delivery ? t('.picked_up_subject') : default_i18n_subject
+      default_subject = @delivery ? default_i18n_subject : t('.picked_up_subject')
       "#{@shipment.order.distributor.name} #{default_subject} ##{@shipment.order.number}"
     end
   end

app/models/application_record.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 class ApplicationRecord < ActiveRecord::Base
-  include DelegateBelongsTo
   include Spree::Core::Permalinks
   include Spree::Preferences::Preferable
   include Searchable

app/models/connected_app.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+# An enterprise can be connected to other apps.
+#
+# Here we store keys and links to access the app.
+class ConnectedApp < ApplicationRecord
+  belongs_to :enterprise
+
+  scope :connecting, -> { where(data: nil) }
+  scope :ready, -> { where.not(data: nil) }
+end

app/models/content_configuration.rb

@@ -27,21 +27,24 @@ class ContentConfiguration < Spree::Preferences::Configuration
              default: I18n.t(:content_configuration_pricing_table)
   preference :producer_signup_case_studies_html, :text,
              default: I18n.t(:content_configuration_case_studies)
-  preference :producer_signup_detail_html, :text, default: I18n.t(:content_configuration_detail)
+  preference :producer_signup_detail_html, :text,
+             default: I18n.t(:content_configuration_detail)
 
   # Hubs sign-up page
   preference :hub_signup_pricing_table_html, :text,
              default: I18n.t(:content_configuration_pricing_table)
   preference :hub_signup_case_studies_html, :text,
              default: I18n.t(:content_configuration_case_studies)
-  preference :hub_signup_detail_html, :text, default: I18n.t(:content_configuration_detail)
+  preference :hub_signup_detail_html, :text,
+             default: I18n.t(:content_configuration_detail)
 
   # Groups sign-up page
   preference :group_signup_pricing_table_html, :text,
              default: I18n.t(:content_configuration_pricing_table)
   preference :group_signup_case_studies_html, :text,
              default: I18n.t(:content_configuration_case_studies)
-  preference :group_signup_detail_html, :text, default: I18n.t(:content_configuration_detail)
+  preference :group_signup_detail_html, :text,
+             default: I18n.t(:content_configuration_detail)
 
   # Main URLs
   preference :menu_1, :boolean, default: true

app/models/customer.rb

@@ -16,7 +16,7 @@ class Customer < ApplicationRecord
 
   belongs_to :enterprise
   belongs_to :user, class_name: "Spree::User", optional: true
-  has_many :orders, class_name: "Spree::Order"
+  has_many :orders, class_name: "Spree::Order", dependent: :nullify
   before_validation :downcase_email
   before_validation :empty_code
   before_create :associate_user
@@ -70,6 +70,5 @@ class Customer < ApplicationRecord
       throw :abort
     end
     Subscription.where(customer_id: id).destroy_all
-    orders.update_all(customer_id: nil)
   end
 end

app/models/enterprise.rb

@@ -37,7 +37,7 @@ class Enterprise < ApplicationRecord
                                     dependent: :destroy
   has_and_belongs_to_many :groups, join_table: 'enterprise_groups_enterprises',
                                    class_name: 'EnterpriseGroup'
-  has_many :producer_properties, foreign_key: 'producer_id'
+  has_many :producer_properties, foreign_key: 'producer_id', dependent: :destroy
   has_many :properties, through: :producer_properties
   has_many :supplied_products, class_name: 'Spree::Product',
                                foreign_key: 'supplier_id',
@@ -57,11 +57,12 @@ class Enterprise < ApplicationRecord
            inverse_of: :distributor, foreign_key: :distributor_id
   has_many :payment_methods, through: :distributor_payment_methods
   has_many :shipping_methods, through: :distributor_shipping_methods
-  has_many :customers
-  has_many :inventory_items
-  has_many :tag_rules
+  has_many :customers, dependent: :destroy
+  has_many :inventory_items, dependent: :destroy
+  has_many :tag_rules, dependent: :destroy
   has_one :stripe_account, dependent: :destroy
   has_many :vouchers
+  has_many :connected_apps, dependent: :destroy
   has_one :custom_tab, dependent: :destroy
 
   delegate :latitude, :longitude, :city, :state_name, to: :address

app/models/enterprise_fee_adjustments.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+# EnterpriseFeeAdjustments represent a collection of enterprise fee adjustments
+#
+class EnterpriseFeeAdjustments
+  def initialize(adjustments)
+    @adjustments = adjustments
+  end
+
+  def total_additional_tax
+    @adjustments.sum { |enterprise_fee| enterprise_fee.additional_tax_total.to_f }
+  end
+
+  def total_included_tax
+    @adjustments.sum { |enterprise_fee| enterprise_fee.included_tax_total.to_f }
+  end
+end

app/models/exchange.rb

@@ -90,6 +90,7 @@ class Exchange < ApplicationRecord
     exchange = dup
     exchange.order_cycle = new_order_cycle
     exchange.enterprise_fee_ids = enterprise_fee_ids
+    exchange.tag_list = tag_list
     exchange.save!
     clone_all_exchange_variants(exchange.id)
     exchange

app/models/invoice.rb

@@ -26,4 +26,12 @@ class Invoice < ApplicationRecord
   def cancel_previous_invoices
     order.invoices.where.not(id:).update_all(cancelled: true)
   end
+
+  def display_number
+    "#{order.distributor.id}-#{number}"
+  end
+
+  def previous_invoice
+    order.invoices.where("id < ?", id).first
+  end
 end

app/models/invoice/data_presenter.rb

@@ -2,10 +2,11 @@
 
 class Invoice
   class DataPresenter
+    include ::ActionView::Helpers::NumberHelper
     attr_reader :invoice
 
-    delegate :data, to: :invoice
-    delegate :number, :date, to: :invoice, prefix: true
+    delegate :display_number, :data, :previous_invoice, to: :invoice
+    delegate :date, to: :invoice, prefix: true
 
     FINALIZED_NON_SUCCESSFUL_STATES = %w(canceled returned).freeze
 
@@ -49,30 +50,59 @@ class Invoice
       Time.zone.parse(data[:completed_at])
     end
 
-    def checkout_adjustments(exclude: [], reject_zero_amount: true)
+    def checkout_adjustments(exclude: [])
       adjustments = all_eligible_adjustments
+        .reject { |a| a.originator.type == 'Spree::TaxRate' }
+        .map(&:clone)
 
-      adjustments.reject! { |a| a.originator_type == 'Spree::TaxRate' }
+      adjustments.reject! { |a| a.amount == 0 }
+      [:line_item, :shipment].each do |type|
+        next unless exclude.include? type
 
-      if exclude.include? :line_item
         adjustments.reject! { |a|
-          a.adjustable_type == 'Spree::LineItem'
+          a.adjustable_type == "Spree::#{type.to_s.classify}"
         }
       end
-
-      if reject_zero_amount
-        adjustments.reject! { |a| a.amount == 0 }
-      end
-
       adjustments
     end
 
-    def display_checkout_taxes_hash
-      totals = OrderTaxAdjustmentsFetcher.new(nil).totals(all_tax_adjustments)
+    def shipment_adjustment
+      all_eligible_adjustments.find { |a| a.originator.type == 'Spree::ShippingMethod' }
+    end
 
-      totals.map do |tax_rate, tax_amount|
+    # contains limited information about the shipment
+    def shipment
+      shipment_adjustment&.adjustable || null_shipment
+    end
+
+    def null_shipment
+      Struct.new(
+        :amount,
+        :included_tax_total,
+        :additional_tax_total,
+      ).new(0, 0, 0)
+    end
+
+    def display_shipment_amount_without_taxes
+      Spree::Money.new(shipment.amount - shipment.included_tax_total, currency:)
+    end
+
+    def display_shipment_amount_with_taxes
+      Spree::Money.new(shipment.amount + shipment.additional_tax_total, currency:)
+    end
+
+    def display_shipment_tax_rates
+      all_eligible_adjustments.select { |a|
+        a.originator.type == 'Spree::TaxRate' && a.adjustable_type == 'Spree::Shipment'
+      }.map(&:originator)
+        .map { |tr| number_to_percentage(tr.amount * 100, precision: 1) }.join(", ")
+    end
+
+    def display_checkout_taxes_hash
+      tax_adjustment_totals.map do |tax_rate_id, tax_amount|
+        tax_rate = tax_rate_by_id[tax_rate_id]
         {
-          amount: Spree::Money.new(tax_amount, currency: order.currency),
+          amount: Spree::Money.new(tax_amount, currency:),
           percentage: number_to_percentage(tax_rate.amount * 100, precision: 1),
           rate_amount: tax_rate.amount,
         }
@@ -83,8 +113,24 @@ class Invoice
       I18n.l(invoice_date.to_date, format: :long)
     end
 
+    def display_tax_adjustment_total
+      Spree::Money.new(all_tax_adjustments.map(&:amount).sum, currency:)
+    end
+
+    def tax_adjustment_totals
+      all_tax_adjustments.each_with_object(Hash.new(0)) do |adjustment, totals|
+        totals[adjustment.originator.id] += adjustment.amount
+      end
+    end
+
+    def tax_rate_by_id
+      all_tax_adjustments.each_with_object({}) do |adjustment, tax_rates|
+        tax_rates[adjustment.originator.id] = adjustment.originator
+      end
+    end
+
     def all_tax_adjustments
-      all_eligible_adjustments.select { |a| a.originator_type == 'Spree::TaxRate' }
+      all_eligible_adjustments.select { |a| a.originator.type == 'Spree::TaxRate' }
     end
 
     def paid?

app/models/invoice/data_presenter/adjustable.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: false
+
+class Invoice
+  class DataPresenter
+    class Adjustable < Invoice::DataPresenter::Base
+      attributes :id, :type, :currency, :included_tax_total, :additional_tax_total, :amount
+
+      def display_taxes(display_zero: false)
+        if included_tax_total.positive?
+          amount = Spree::Money.new(included_tax_total, currency:)
+          I18n.t(:tax_amount_included, amount:)
+        elsif additional_tax_total.positive?
+          Spree::Money.new(additional_tax_total, currency:)
+        elsif display_zero
+          Spree::Money.new(0.00, currency:)
+        end
+      end
+    end
+  end
+end

app/models/invoice/data_presenter/adjustment.rb

@@ -4,13 +4,20 @@ class Invoice
   class DataPresenter
     class Adjustment < Invoice::DataPresenter::Base
       attributes :additional_tax_total, :adjustable_type, :amount, :currency, :included_tax_total,
-                 :label, :originator_type
+                 :label
+      array_attribute :tax_rates, class_name: 'TaxRate'
+      attributes_with_presenter :originator, class_name: 'AdjustmentOriginator'
+      attributes_with_presenter :adjustable
       invoice_generation_attributes :additional_tax_total, :adjustable_type, :amount,
                                     :included_tax_total
       invoice_update_attributes :label
 
-      def display_amount
-        Spree::Money.new(amount, currency:)
+      def display_amount_with_taxes
+        Spree::Money.new(amount + additional_tax_total, currency:)
+      end
+
+      def display_amount_without_taxes
+        Spree::Money.new(amount - included_tax_total, currency:)
       end
 
       def display_taxes(display_zero: false)
@@ -23,6 +30,10 @@ class Invoice
           Spree::Money.new(0.00, currency:)
         end
       end
+
+      def display_adjustment_tax_rates
+        tax_rates.map { |tr| number_to_percentage(tr.amount * 100, precision: 1) }.join(", ")
+      end
     end
   end
 end

app/models/invoice/data_presenter/adjustment_originator.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: false
+
+class Invoice
+  class DataPresenter
+    class AdjustmentOriginator < Invoice::DataPresenter::Base
+      attributes :id, :type, :amount
+    end
+  end
+end