Merge branch 'develop' into develop

.changeset/beige-dots-divide.md

@@ -0,0 +1,5 @@
+---
+"@medusajs/auth-google": patch
+---
+
+fix: Use sub instead of email for google entity ID

.changeset/bright-bees-decide.md

@@ -0,0 +1,5 @@
+---
+"@medusajs/core-flows": patch
+---
+
+Keep customer when updating cart

.changeset/gentle-baboons-camp.md

@@ -0,0 +1,5 @@
+---
+"@medusajs/framework": patch
+---
+
+Exclude nested fields when excluding field from endpoint

.changeset/lucky-pets-glow.md

@@ -0,0 +1,7 @@
+---
+"@medusajs/link-modules": patch
+"@medusajs/types": patch
+"@medusajs/utils": patch
+---
+
+Generate graph schema with readonly links

.changeset/selfish-wombats-smash.md

@@ -0,0 +1,5 @@
+---
+"@medusajs/payment-stripe": patch
+---
+
+feat(stripe): add promptpay

.github/workflows/admin-i18n-validation.yml

@@ -0,0 +1,47 @@
+name: i18n Validation
+
+on:
+  pull_request:
+    paths:
+      - packages/admin/dashboard/src/i18n/translations/**
+
+
+jobs:
+  i18n-validation-admin-dashboard:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20'
+          cache: 'yarn'
+
+      - name: Install dependencies
+        working-directory: packages/admin/dashboard
+        run: yarn install
+
+      - name: Validate i18n translations
+        working-directory: packages/admin/dashboard
+        run: |
+          git diff --name-only --diff-filter=A origin/develop HEAD -- src/i18n/translations > i18n_added_files.txt
+          
+          cat i18n_added_files.txt
+          
+          while read -r file; do
+            # Get the base name of the file
+            filename=$(basename "$file")
+          
+            # Skip those items
+            if [ "$filename" = "\$schema.json" ] || [ "$filename" = "index.ts" ] || [ -d "$file" ]; then
+              continue
+            fi
+          
+            # Run validation on the file
+            yarn i18n:validate "$filename"
+          done < i18n_added_files.txt

README.md

@@ -36,23 +36,21 @@
 
 ## Getting Started
 
-Visit the [Quickstart Guide](https://docs.medusajs.com/create-medusa-app) to set up a server.
-
-Visit the [Docs](https://docs.medusajs.com/development/backend/prepare-environment) to learn more about our system requirements.
+Visit the [Documentation](https://docs.medusajs.com/learn) to set up a Medusa application.
 
 ## What is Medusa
 
 Medusa is a set of commerce modules and tools that allow you to build rich, reliable, and performant commerce applications without reinventing core commerce logic. The modules can be customized and used to build advanced ecommerce stores, marketplaces, or any product that needs foundational commerce primitives. All modules are open-source and freely available on npm.
 
-Learn more about [Medusa’s architecture](https://docs.medusajs.com/development/fundamentals/architecture-overview) and [commerce modules](https://docs.medusajs.com/modules/overview) in the Docs.
+Learn more about [Medusa’s architecture](https://docs.medusajs.com/learn/advanced-development/architecture/overview) and [commerce modules](https://docs.medusajs.com/resources/commerce-modules) in the Docs.
 
-## Roadmap, Upgrades & Plugins
+## Roadmap, Upgrades & Integrations
 
 You can view the planned, started and completed features in the [Roadmap discussion](https://github.com/medusajs/medusa/discussions/categories/roadmap).
 
-Follow the [Upgrade Guides](https://docs.medusajs.com/upgrade-guides/) to keep your Medusa project up-to-date.
+Follow the [Release Notes](https://github.com/medusajs/medusa/releases) to keep your Medusa project up-to-date.
 
-Check out all [available Medusa plugins](https://medusajs.com/plugins/).
+Check out all [available Medusa integrations](https://docs.medusajs.com/resources/integrations).
 
 ## Community & Contributions
 

integration-tests/http/__tests__/auth/admin/auth.spec.ts

@@ -230,6 +230,57 @@ medusaIntegrationTestRunner({
         expect(login.data).toEqual({ token: expect.any(String) })
       })
 
+      it("should ensure you can only update password", async () => {
+        // Register user
+        await api.post("/auth/user/emailpass/register", {
+          email: "test@medusa-commerce.com",
+          password: "secret_password",
+        })
+
+        // The token won't be part of the Rest API response, so we need to generate it manually
+        const { result } = await generateResetPasswordTokenWorkflow(
+          container
+        ).run({
+          input: {
+            entityId: "test@medusa-commerce.com",
+            actorType: "user",
+            provider: "emailpass",
+            secret: "test",
+          },
+        })
+
+        const response = await api.post(
+          `/auth/user/emailpass/update?token=${result}`,
+          {
+            email: "test+new@medusa-commerce.com",
+            password: "new_password",
+          }
+        )
+
+        expect(response.status).toEqual(200)
+        expect(response.data).toEqual({ success: true })
+
+        const failedLogin = await api
+          .post("/auth/user/emailpass", {
+            email: "test+new@medusa-commerce.com",
+            password: "new_password",
+          })
+          .catch((e) => e)
+
+        expect(failedLogin.response.status).toEqual(401)
+        expect(failedLogin.response.data.message).toEqual(
+          "Invalid email or password"
+        )
+
+        const login = await api.post("/auth/user/emailpass", {
+          email: "test@medusa-commerce.com",
+          password: "new_password",
+        })
+
+        expect(login.status).toEqual(200)
+        expect(login.data).toEqual({ token: expect.any(String) })
+      })
+
       it("should fail if token has expired", async () => {
         jest.useFakeTimers()
 
@@ -286,6 +337,76 @@ medusaIntegrationTestRunner({
         expect(response.response.status).toEqual(401)
         expect(response.response.data.message).toEqual("Invalid token")
       })
+
+      it("should fail if update is attempted on different actor type", async () => {
+        jest.useFakeTimers()
+
+        // Register user
+        await api.post("/auth/user/emailpass/register", {
+          email: "test@medusa-commerce.com",
+          password: "secret_password",
+        })
+
+        // The token won't be part of the Rest API response, so we need to generate it manually
+        const { result } = await generateResetPasswordTokenWorkflow(
+          container
+        ).run({
+          input: {
+            entityId: "test@medusa-commerce.com",
+            actorType: "user",
+            provider: "emailpass",
+            secret: "test",
+          },
+        })
+
+        // Advance time by 15 minutes
+        jest.advanceTimersByTime(15 * 60 * 1000)
+
+        const response = await api
+          .post(`/auth/customer/emailpass/update?token=${result}`, {
+            email: "test@medusa-commerce.com",
+            password: "new_password",
+          })
+          .catch((e) => e)
+
+        expect(response.response.status).toEqual(401)
+        expect(response.response.data.message).toEqual("Invalid token")
+      })
+
+      it("should fail if token secret is incorrect", async () => {
+        jest.useFakeTimers()
+
+        // Register user
+        await api.post("/auth/user/emailpass/register", {
+          email: "test@medusa-commerce.com",
+          password: "secret_password",
+        })
+
+        // The token won't be part of the Rest API response, so we need to generate it manually
+        const { result } = await generateResetPasswordTokenWorkflow(
+          container
+        ).run({
+          input: {
+            entityId: "test@medusa-commerce.com",
+            actorType: "user",
+            provider: "emailpass",
+            secret: "incorrect_secret",
+          },
+        })
+
+        // Advance time by 15 minutes
+        jest.advanceTimersByTime(15 * 60 * 1000)
+
+        const response = await api
+          .post(`/auth/user/emailpass/update?token=${result}`, {
+            email: "test@medusa-commerce.com",
+            password: "new_password",
+          })
+          .catch((e) => e)
+
+        expect(response.response.status).toEqual(401)
+        expect(response.response.data.message).toEqual("Invalid token")
+      })
     })
 
     it("should refresh the token successfully", async () => {

integration-tests/http/__tests__/product/store/product.spec.ts

@@ -1,14 +1,14 @@
+import { medusaIntegrationTestRunner } from "@medusajs/test-utils"
 import { IStoreModuleService } from "@medusajs/types"
 import { ApiKeyType, Modules, ProductStatus } from "@medusajs/utils"
-import { medusaIntegrationTestRunner } from "@medusajs/test-utils"
+import qs from "qs"
 import {
   adminHeaders,
   createAdminUser,
   generatePublishableKey,
   generateStoreHeaders,
 } from "../../../../helpers/create-admin-user"
 import { getProductFixture } from "../../../../helpers/fixtures"
-import qs from "qs"
 
 jest.setTimeout(30000)
 
@@ -589,6 +589,19 @@ medusaIntegrationTestRunner({
         ])
       })
 
+      it("should list all products excluding variants", async () => {
+        let response = await api.get(
+          `/admin/products?fields=-variants`,
+          adminHeaders
+        )
+
+        expect(response.data.count).toEqual(4)
+
+        for (let product of response.data.products) {
+          expect(product.variants).toBeUndefined()
+        }
+      })
+
       it("should list all products for a sales channel", async () => {
         const salesChannel = await createSalesChannel(
           { name: "sales channel test" },