From 7a103afb5081db9f449dc7d12e40f45e07c2e7c2 Mon Sep 17 00:00:00 2001
From: Matijs van Zuijlen <matijs@matijs.net>
Date: Thu, 31 Mar 2016 08:56:21 +0200
Subject: [PATCH 1/4] Expand specs for order assigning

---
 .../user_registrations_controller_spec.rb     | 30 ++++++++++++++++
 .../spree/user_sessions_controller_spec.rb    | 36 ++++++++++++++-----
 2 files changed, 57 insertions(+), 9 deletions(-)

diff --git a/spec/controllers/spree/user_registrations_controller_spec.rb b/spec/controllers/spree/user_registrations_controller_spec.rb
index e1306213e..e6668e86e 100644
--- a/spec/controllers/spree/user_registrations_controller_spec.rb
+++ b/spec/controllers/spree/user_registrations_controller_spec.rb
@@ -9,5 +9,35 @@
       spree_post :create, { spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' } }
       expect(response).to redirect_to spree.root_path(thing: 7)
     end
+
+    context 'with a guest token present' do
+      before do
+        request.cookie_jar.signed[:guest_token] = 'ABC'
+      end
+
+      it 'assigns orders with the correct token and no user present' do
+        order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
+        spree_post :create, spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' }
+        user = Spree::User.find_by_email('foobar@example.com')
+
+        order.reload
+        expect(order.user_id).to eq user.id
+        expect(order.created_by_id).to eq user.id
+      end
+
+      it 'does not assign orders with an existing user' do
+        order = create(:order, guest_token: 'ABC', user_id: 200)
+        spree_post :create, spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' }
+
+        expect(order.reload.user_id).to eq 200
+      end
+
+      it 'does not assign orders with a different token' do
+        order = create(:order, guest_token: 'DEF', user_id: nil, created_by_id: nil)
+        spree_post :create, spree_user: { email: 'foobar@example.com', password: 'foobar123', password_confirmation: 'foobar123' }
+
+        expect(order.reload.user_id).to be_nil
+      end
+    end
   end
 end
diff --git a/spec/controllers/spree/user_sessions_controller_spec.rb b/spec/controllers/spree/user_sessions_controller_spec.rb
index 78f60a6f1..8dd6c3dff 100644
--- a/spec/controllers/spree/user_sessions_controller_spec.rb
+++ b/spec/controllers/spree/user_sessions_controller_spec.rb
@@ -6,15 +6,33 @@
 
   context "#create" do
     context "using correct login information" do
-      it 'properly assigns orders user from guest_token' do
-        order1 = create(:order, email: user.email, guest_token: 'ABC', user_id: nil, created_by_id: nil)
-        order2 = create(:order, guest_token: 'ABC', user_id: 200)
-        request.cookie_jar.signed[:guest_token] = 'ABC'
-        spree_post :create, spree_user: { email: user.email, password: 'secret' }
-
-        expect(order1.reload.user_id).to eq user.id
-        expect(order1.reload.created_by_id).to eq user.id
-        expect(order2.reload.user_id).to eq 200
+      context 'with a guest token present' do
+        before do
+          request.cookie_jar.signed[:guest_token] = 'ABC'
+        end
+
+        it 'assigns orders with the correct token and no user present' do
+          order = create(:order, email: user.email, guest_token: 'ABC', user_id: nil, created_by_id: nil)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          order.reload
+          expect(order.user_id).to eq user.id
+          expect(order.created_by_id).to eq user.id
+        end
+
+        it 'does not assign orders with an existing user' do
+          order = create(:order, guest_token: 'ABC', user_id: 200)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          expect(order.reload.user_id).to eq 200
+        end
+
+        it 'does not assign orders with a different token' do
+          order = create(:order, guest_token: 'DEF', user_id: nil, created_by_id: nil)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          expect(order.reload.user_id).to be_nil
+        end
       end
 
       context "and html format is used" do

From a04521b156aaaf254e646f91f4c3153f8fe51bf0 Mon Sep 17 00:00:00 2001
From: Matijs van Zuijlen <matijs@matijs.net>
Date: Thu, 31 Mar 2016 09:00:56 +0200
Subject: [PATCH 2/4] Do not assign completed orders

---
 config/initializers/warden.rb                         |  2 +-
 .../spree/user_sessions_controller_spec.rb            | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index 45b10ea98..8f47dcbcd 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -2,7 +2,7 @@
 Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
   if auth.cookies.signed[:guest_token].present?
     if user.is_a?(Spree::User)
-      Spree::Order.where(email: user.email, guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
+      Spree::Order.incomplete.where(email: user.email, guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
         order.associate_user!(user)
       end
     end
diff --git a/spec/controllers/spree/user_sessions_controller_spec.rb b/spec/controllers/spree/user_sessions_controller_spec.rb
index 8dd6c3dff..ddd131395 100644
--- a/spec/controllers/spree/user_sessions_controller_spec.rb
+++ b/spec/controllers/spree/user_sessions_controller_spec.rb
@@ -20,6 +20,17 @@
           expect(order.created_by_id).to eq user.id
         end
 
+        it 'does not assign completed orders' do
+          order = create(:order, email: user.email, guest_token: 'ABC',
+                         user_id: nil, created_by_id: nil,
+                         completed_at: 1.minute.ago)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          order.reload
+          expect(order.user_id).to be_nil
+          expect(order.created_by_id).to be_nil
+        end
+
         it 'does not assign orders with an existing user' do
           order = create(:order, guest_token: 'ABC', user_id: 200)
           spree_post :create, spree_user: { email: user.email, password: 'secret' }

From 90aeb7630012ffd2e8f5a0bceeec35de316716f7 Mon Sep 17 00:00:00 2001
From: Matijs van Zuijlen <matijs@matijs.net>
Date: Thu, 31 Mar 2016 09:42:49 +0200
Subject: [PATCH 3/4] Associate orders even without email

---
 config/initializers/warden.rb                           | 2 +-
 spec/controllers/spree/user_sessions_controller_spec.rb | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index 8f47dcbcd..f33f742ea 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -2,7 +2,7 @@
 Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
   if auth.cookies.signed[:guest_token].present?
     if user.is_a?(Spree::User)
-      Spree::Order.incomplete.where(email: user.email, guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
+      Spree::Order.incomplete.where(guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
         order.associate_user!(user)
       end
     end
diff --git a/spec/controllers/spree/user_sessions_controller_spec.rb b/spec/controllers/spree/user_sessions_controller_spec.rb
index ddd131395..7b42c21d4 100644
--- a/spec/controllers/spree/user_sessions_controller_spec.rb
+++ b/spec/controllers/spree/user_sessions_controller_spec.rb
@@ -20,6 +20,15 @@
           expect(order.created_by_id).to eq user.id
         end
 
+        it 'assigns orders with the correct token and no user or email present' do
+          order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          order.reload
+          expect(order.user_id).to eq user.id
+          expect(order.created_by_id).to eq user.id
+        end
+
         it 'does not assign completed orders' do
           order = create(:order, email: user.email, guest_token: 'ABC',
                          user_id: nil, created_by_id: nil,

From 4340a84643d66b26575f9e0716b1d30846c773e7 Mon Sep 17 00:00:00 2001
From: Matijs van Zuijlen <matijs@matijs.net>
Date: Thu, 31 Mar 2016 21:30:43 +0200
Subject: [PATCH 4/4] Remove now-superfluous extra association code

---
 .../frontend/spree/user_registrations_controller.rb            | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/lib/controllers/frontend/spree/user_registrations_controller.rb b/lib/controllers/frontend/spree/user_registrations_controller.rb
index be719b34c..5fa73257f 100644
--- a/lib/controllers/frontend/spree/user_registrations_controller.rb
+++ b/lib/controllers/frontend/spree/user_registrations_controller.rb
@@ -20,9 +20,6 @@ def create
     @user = build_resource(spree_user_params)
     if resource.save
       set_flash_message(:notice, :signed_up)
-      if current_order
-        current_order.associate_user! @user
-      end
       sign_in(:spree_user, @user)
       session[:spree_user_signup] = true
       respond_with resource, location: after_sign_up_path_for(resource)