Changes for supporting guest_token cookie.

config/initializers/warden_after_auth_hook.rb

@@ -0,0 +1,6 @@
+# Merges users orders to their account after sign in and sign up.
+Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
+  if auth.cookies.signed[:guest_token].present?
+    Spree::Order.where(guest_token: auth.cookies.signed[:guest_token]).update_all(user_id: user.id)
+  end
+end

lib/controllers/frontend/spree/checkout_controller_decorator.rb

@@ -32,7 +32,7 @@ def skip_state_validation?
     end
 
     def check_authorization
-      authorize!(:edit, current_order, session[:access_token])
+      authorize!(:edit, current_order, cookies.signed[:guest_token])
     end
 
     # Introduces a registration step whenever the +registration_step+ preference is true.
@@ -47,6 +47,6 @@ def check_registration
     # are redirected to the tokenized order url unless authenticated as a registered user.
     def completion_route
       return order_path(@order) if spree_current_user
-      spree.token_order_path(@order, @order.token)
+      spree.token_order_path(@order, @order.guest_token)
     end
 end

lib/controllers/frontend/spree/orders_controller_decorator.rb

@@ -3,11 +3,11 @@
 
   private
     def check_authorization
-      session[:access_token] = params[:token] if params[:token]
+      cookies.permanent.signed[:guest_token] = params[:token] if params[:token]
       order = Spree::Order.find_by_number(params[:id]) || current_order
 
       if order
-        authorize! :edit, order, session[:access_token]
+        authorize! :edit, order, cookies.signed[:guest_token]
       else
         authorize! :create, Spree::Order.new
       end

spec/controllers/spree/checkout_controller_spec.rb

@@ -74,11 +74,12 @@
 
       context 'with a token' do
         before do
-          order.stub token: 'ABC'
+          order.stub guest_token: 'ABC'
         end
 
         it 'redirect to the tokenized order view' do
-          spree_post :update, { state: 'confirm' }, { access_token: 'ABC' }
+          request.cookie_jar.signed[:guest_token] = 'ABC'
+          spree_post :update, { state: 'confirm' }
           expect(response).to redirect_to spree.token_order_path(order, 'ABC')
           expect(flash.notice).to eq Spree.t(:order_processed_successfully)
         end
@@ -88,7 +89,7 @@
         before do
           controller.stub spree_current_user: user
           order.stub user: user
-          order.stub token: nil
+          order.stub guest_token: nil
         end
 
         it 'redirect to the standard order view' do
@@ -108,7 +109,8 @@
 
     it 'check if the user is authorized for :edit' do
       controller.should_receive(:authorize!).with(:edit, order, token)
-      spree_get :registration, {}, { access_token: token }
+      request.cookie_jar.signed[:guest_token] = token
+      spree_get :registration, {}
     end
   end
 
@@ -137,9 +139,10 @@
     end
 
     it 'check if the user is authorized for :edit' do
+      request.cookie_jar.signed[:guest_token] = token
       order.stub update_attributes: true
       controller.should_receive(:authorize!).with(:edit, order, token)
-      spree_put :update_registration, { order: { email: 'jobs@spreecommerce.com' } }, { access_token: token }
+      spree_put :update_registration, { order: { email: 'jobs@spreecommerce.com' } }
     end
   end
 end

spec/models/order_spec.rb

@@ -24,11 +24,4 @@
       expect(order.user).not_to eq guest_user
     end
   end
-
-  context '#create' do
-    it 'create a token permission' do
-      order.save
-      expect(order.token).not_to be_nil
-    end
-  end
 end