Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not allow successful checkout when order has only a void payment #3123

Merged
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion core/app/models/spree/payment.rb
Original file line number Diff line number Diff line change
@@ -58,7 +58,7 @@ class Payment < Spree::Base
scope :failed, -> { with_state('failed') }

scope :risky, -> { where("avs_response IN (?) OR (cvv_response_code IS NOT NULL and cvv_response_code != 'M') OR state = 'failed'", RISKY_AVS_CODES) }
scope :valid, -> { where.not(state: %w(failed invalid)) }
scope :valid, -> { where.not(state: %w(failed invalid void)) }

scope :store_credits, -> { where(source_type: Spree::StoreCredit.to_s) }
scope :not_store_credits, -> { where(arel_table[:source_type].not_eq(Spree::StoreCredit.to_s).or(arel_table[:source_type].eq(nil))) }
12 changes: 12 additions & 0 deletions core/spec/models/spree/payment_spec.rb
Original file line number Diff line number Diff line change
@@ -1255,4 +1255,16 @@
end
end
end

describe '::valid scope' do
before do
create :payment, state: :void
create :payment, state: :failed
create :payment, state: :invalid
end

it 'does not include void, failed and invalid payments' do
expect(described_class.valid).to be_empty
end
end
end
20 changes: 20 additions & 0 deletions frontend/spec/features/checkout_spec.rb
Original file line number Diff line number Diff line change
@@ -211,6 +211,26 @@
end
end

context "when order has only a void payment" do
let(:order) { Spree::TestingSupport::OrderWalkthrough.up_to(:payment) }

before do
user = create(:user)
order.user = user
order.recalculate

allow_any_instance_of(Spree::CheckoutController).to receive_messages(current_order: order)
allow_any_instance_of(Spree::CheckoutController).to receive_messages(try_spree_current_user: user)
end

it "does not allow successful order submission" do
visit spree.checkout_path
order.payments.first.update state: :void
click_button 'Place Order'
expect(page).to have_current_path spree.checkout_state_path(:payment)
end
spaghetticode marked this conversation as resolved.
Show resolved Hide resolved
end

# Regression test for https://github.com/spree/spree/issues/2694 and https://github.com/spree/spree/issues/4117
context "doesn't allow bad credit card numbers" do
let!(:payment_method) { create(:credit_card_payment_method) }