Accept source as permitted attribute importing orders

[jtapia]

Description

Sending the source data inside payments payload to spree/api/orders#create is returning an error:
ActiveRecord::RecordInvalid: Validation failed: Source can't be blank

[spaghetticode]

@jtapia the changes in file core/spec/lib/spree/core/importer/order_spec.rb are only formatting, I think this creates confusion in PRs that include code changes. I think it would be better to remove these changes from this PR.

It seems to me that the code you added in orders_controller.rb is not covered by new specs, can you please add some? As usual, thank you for your work!

[jtapia]

@spaghetticode I just added a test, please let me know what do you think

[spaghetticode]

@jtapia I think the tests don't verify that the payment source is correctly saved. They only test that the controller action returns a 201 or a 404.

Also, I ran the tests commeting the code you added in Spree::Api::OrdersController and they still pass, so I'm a bit puzzled 🤔... did not investigate more though.

[jtapia]

@spaghetticode please check again the test case, it's returning:

1) Spree::Api::OrdersController as an admin creation with payment with source creates a payment
     Failure/Error: @order = Spree::Core::Importer::Order.import(determine_order_user, order_params)

     ActiveRecord::RecordInvalid:
       Validation failed: Source can't be blank

[spaghetticode]

@jtapia it looks good I left a few comments, it's only minor improvements 👍

[jtapia]

@spaghetticode please let me know what do you think, thanks

[spaghetticode]

@jtapia looks good to me , thank you 👍

[jtapia]

@spaghetticode should we remove the Needs Tests tag?

[spaghetticode]

@jtapia let's wait for somebody from the core team to chime in for that.

[tvdeyen]

Thanks. This is a great addition. But:

We need a way to allow other payment sources than credit cards as well.

[tvdeyen]

Great thanks 👏