Fix order association (3-0-stable)

config/initializers/warden.rb

@@ -2,7 +2,7 @@
 Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
   if auth.cookies.signed[:guest_token].present?
     if user.is_a?(Spree::User)
-      Spree::Order.where(email: user.email, guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
+      Spree::Order.incomplete.where(guest_token: auth.cookies.signed[:guest_token], user_id: nil).each do |order|
         order.associate_user!(user)
       end
     end

lib/controllers/frontend/spree/user_registrations_controller.rb

@@ -20,9 +20,6 @@ def create
     @user = build_resource(spree_user_params)
     if resource.save
       set_flash_message(:notice, :signed_up)
-      if current_order
-        current_order.associate_user! @user
-      end
       sign_in(:spree_user, @user)
       session[:spree_user_signup] = true
       respond_with resource, location: after_sign_up_path_for(resource)

spec/controllers/spree/user_registrations_controller_spec.rb

@@ -9,5 +9,35 @@
       spree_post :create, { spree_user: { email: '[email protected]', password: 'foobar123', password_confirmation: 'foobar123' } }
       expect(response).to redirect_to spree.root_path(thing: 7)
     end
+
+    context 'with a guest token present' do
+      before do
+        request.cookie_jar.signed[:guest_token] = 'ABC'
+      end
+
+      it 'assigns orders with the correct token and no user present' do
+        order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
+        spree_post :create, spree_user: { email: '[email protected]', password: 'foobar123', password_confirmation: 'foobar123' }
+        user = Spree::User.find_by_email('[email protected]')
+
+        order.reload
+        expect(order.user_id).to eq user.id
+        expect(order.created_by_id).to eq user.id
+      end
+
+      it 'does not assign orders with an existing user' do
+        order = create(:order, guest_token: 'ABC', user_id: 200)
+        spree_post :create, spree_user: { email: '[email protected]', password: 'foobar123', password_confirmation: 'foobar123' }
+
+        expect(order.reload.user_id).to eq 200
+      end
+
+      it 'does not assign orders with a different token' do
+        order = create(:order, guest_token: 'DEF', user_id: nil, created_by_id: nil)
+        spree_post :create, spree_user: { email: '[email protected]', password: 'foobar123', password_confirmation: 'foobar123' }
+
+        expect(order.reload.user_id).to be_nil
+      end
+    end
   end
 end

spec/controllers/spree/user_sessions_controller_spec.rb

@@ -6,15 +6,53 @@
 
   context "#create" do
     context "using correct login information" do
-      it 'properly assigns orders user from guest_token' do
-        order1 = create(:order, email: user.email, guest_token: 'ABC', user_id: nil, created_by_id: nil)
-        order2 = create(:order, guest_token: 'ABC', user_id: 200)
-        request.cookie_jar.signed[:guest_token] = 'ABC'
-        spree_post :create, spree_user: { email: user.email, password: 'secret' }
-
-        expect(order1.reload.user_id).to eq user.id
-        expect(order1.reload.created_by_id).to eq user.id
-        expect(order2.reload.user_id).to eq 200
+      context 'with a guest token present' do
+        before do
+          request.cookie_jar.signed[:guest_token] = 'ABC'
+        end
+
+        it 'assigns orders with the correct token and no user present' do
+          order = create(:order, email: user.email, guest_token: 'ABC', user_id: nil, created_by_id: nil)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          order.reload
+          expect(order.user_id).to eq user.id
+          expect(order.created_by_id).to eq user.id
+        end
+
+        it 'assigns orders with the correct token and no user or email present' do
+          order = create(:order, guest_token: 'ABC', user_id: nil, created_by_id: nil)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          order.reload
+          expect(order.user_id).to eq user.id
+          expect(order.created_by_id).to eq user.id
+        end
+
+        it 'does not assign completed orders' do
+          order = create(:order, email: user.email, guest_token: 'ABC',
+                         user_id: nil, created_by_id: nil,
+                         completed_at: 1.minute.ago)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          order.reload
+          expect(order.user_id).to be_nil
+          expect(order.created_by_id).to be_nil
+        end
+
+        it 'does not assign orders with an existing user' do
+          order = create(:order, guest_token: 'ABC', user_id: 200)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          expect(order.reload.user_id).to eq 200
+        end
+
+        it 'does not assign orders with a different token' do
+          order = create(:order, guest_token: 'DEF', user_id: nil, created_by_id: nil)
+          spree_post :create, spree_user: { email: user.email, password: 'secret' }
+
+          expect(order.reload.user_id).to be_nil
+        end
       end
 
       context "and html format is used" do