Load previously lost decorator code and don't delete orders

[mkllnk]

What? Why?

While investigating #5897 I found some code that could accidentally delete an order. But then I found that the code wasn't loaded and could not have caused a disappearing order.

I continued to investigate the issue of unloaded code because it could be responsible of many random issues. The deeper I dug, the clearer I could see that the unloaded code was mostly insignificant. Nonetheless, I addressed the loading issue and removed the code that could delete orders.

The non-loading was mostly no issue because our code didn't change Spree's logic. The only exception are the changes from 20f610f which were lost since v3 and now brought back.

What should we test?

Parallel browsing

• As guest user, go to a shop and add items to the cart.
• Open a different browser (or a private window or a different device) and do the same there with different items in your cart.
• The two carts should be persisted and independent.
• Log in with the same user in both browser sessions.
• Both sessions should keep their individual orders.
• Go through checkout with the first browser session.
• The first browser should now show an empty cart again.
• The second browser should still have its old cart.

Release notes

When shopping with multiple devices, no carts are lost.

Changelog Category: Changed

How is this related to the Spree upgrade?

During the last Spree update we lost some of our customisations. They were simply not loaded. Now we are loading those customisations again, enabling us to customise more and getting rid of Spree.

[Matt-Yorkley]

Great investigation! Hopefully this will help with these mercurial checkout issues...

[luisramos0]

Brilliant detective work @mkllnk thanks a lot!
Why draft? Looks good for testing.

[luisramos0]

Note: on all investigations I have done related to failed payments I only found missing entries on spree_payments. spree_orders were always there. So:

• option 1 - the payments issues I investigated are different from Stripe payment fails but no record in OFN #5897 where the order is missing
• option 2 - the order.destroy that we are removing here could, in some cases, destroy the payments but not the order?

I'd say option 1 is more likely and this is a different problem from the problem we have tried to fix in #5806 for example.

[luisramos0]

I'd mark this as closing #5897 💪
I'd merge this, close #5897 and then reopen 5897 if we do have any other occurrences.

[luisramos0]

I think this could also have an impact on #5862
I think we need to get this PR in the next release (not the current release to be tested Monday and deployed on Tuesday), ideally merge before this Thursday.

[mkllnk]

Thanks for your early review. I'll continue my work today. I should have mentioned on Friday that I left it as draft because I didn't verify all my claims. I didn't go through the testing steps myself, they are just guesses from what I saw in the code. At the weekend, I also remembered that some controllers did load the helper file (CartController and Spree::OrdersController). So the deletion of old carts could have happened when logging in on the cart page, maybe? I'll try to replicate.

[luisramos0]

ok 👍
Will you manage to finish this tomorrow?
I think this PR, as is, can fix the bug and is harmless so I think we should go ahead with it in this weeks release 👍

[luisramos0]

Hey @mkllnk I think now I remember in delivery train meeting you suggesting I pick this one up so you can work on mobile?
I am correct?
If so, what exactly do you think still needs to be done here? Can we just move this to Test Ready?

[mkllnk]

I needed to verify the test instructions and found that one part of it was invalid. I added another two commits, addressing your feedback, @luisramos0, and removing the dead code. There is more I can clean up but I will do that in a separate PR.

[mkllnk]

@luisramos0 I added two more commits in a separate PR: #5927 If you think it's better to include them here and we can still make it for the release, that would be awesome but I didn't want to put anything in the way of this PR getting into the release.

[filipefurtad0]

Hi @mkllnk ,

Thanks for this investigation and the detailed testing-steps!

Since master branch appears to be broken (as discussed here), I have staged the build used for release testing (v3.2.3), before testing this PR. The images below show session 1 on (the left) and session 2 (on the right side). I followed your procedure:

i) As guest user, went to a shop and added 5 items to the cart.
ii) Repeat the step above, on a different browser/private window. (I found no to play a role, if they are the same items or not)

At this point, both guest sessions have 5 items each. Proceeded:

iii) Logged in with the same user in both sessions

Here it became clear, that the condition
"- Both sessions should keep their individual orders." - is not verified.

The second session, now contains 10 items, the items from session 1 plus its own:

iv) At this point, attempting to checkout on session 1 generates the error:

So,

• "The first browser should now show an empty cart again." - is not verified
• "The second browser should still have its old cart." - it still does, but it contains the items from session 1 as well.

v) checking out with session 2 (which contains 10 items) is possible.

After staging the PR, following steps i) to iii), leads to the same result as before:

It's possible to check what's in the cart for both sessions - session 2 (right) contains the items from session 1 as well. Also, and as before, it's not possible to check out from session 1; This is only possible for session 2.

So, I could not verify the test cases and I am not sure the PR introduces a benefit. Thoughts? (adding feedback label)

Another issue found, before and after the PR, and therefore unrelated:

After step iii), if instead of attempting to checkout one attempts to:

• go back to the cart on session 1 -> a redirection to the homepage occurs
• after this, trying to checkout on session 2 is not possible, and the error "Checkout Failed. Let us know so we can process your order" is seen.

At this point, the user has items in the cart, but cannot checkout. He cannot visit /cart page - gets redirected to the homepage
Trying to visit another shop leads to the grumpy cat:

Logging out and back in does not solve the issue, so basically, this account becomes blocked, in terms of customer function. This will need an issue, as it seems like a point of no return, for the user.

Respective bugsnag error:
https://openfoodnetwork.slack.com/archives/CEF14NU3V/p1597934757001500

[luisramos0]

Hmmm, the interesting thing is that all this is before you stage this PR!

This PR does remove the logic of merging orders so my question is: what happens to this test case after the PR. I think it will be better! Can you please try?

[luisramos0]

"The two carts should be persisted and independent." this is not correct without the last commit I reverted.
When you log in to the new session your cart should be there as it was on the other session.

[filipefurtad0]

Hey @luisramos0,

I ran the tests before and after the PR, and got the same results... Also the issue found applies to before/after (I double checked this). It's quite a lot of text, sorry - it's easy to miss... I've edited it for readability.

I also tried the test case you proposed:

• login to OFN and add something to the cart.
• Then, open an icognito tab and login again, do you see your cart as it was? -> Yup, this worked! 👍 also before and after the PR.

So basically, I could not reproduce the scenario "lose carts", when shopping in different sessions.

[luisramos0]

ok, we need to move this forward today to get into the release.
I think this PR is low risk.
I am not sure about the test steps for this PR but this calls for a "standard test plan" on concurrent sessions and carts before and after login.
So, if you make your tests around this subject and see this PR is not introducing any new problems (the problem above is preexisting so I think we should create a new issue and ignore in terms of this PR), I think we should merge it.

What do you think Filipe?

[luisramos0]

ok, I talked with Filipe about this on slack.

This is my presentation of the situation:

• the testing notes Maikel wrote may not be correct, there's a new issue created that was not introduced by this PR Multi-session shopping: broken account due to lingering items in the cart #5936
• in this PR we are really just not destroying past orders:
  
  This destroy was only destroying an order that was not the current_order after current_order(true), so it's really not something that will affect the current cart.
  I think this change will defenitely help with Stripe payment fails but no record in OFN #5897 (maybe it is the actual full fix). The only risk I see here is some situation in multi session shopping where the user will see two different carts OR in some thing like Significant lag while editing order cycles #5926 (but we are sure this one is not caused by this PR).

Talking with Filipe we concluded the best approach here is to merge this PR and include an extra round of verifications related to this in the upcoming release testing process.

[filipefurtad0]

Fully agree @luisramos0 ,
let's merge! 👍