Spree Commerce

Try It Now

Exploits found within Core and API

Posted on January 31, 2013 by Ryan Bigg

Please upgrade your Spree stores now to their latest gem versions 1.3.2, 1.2.4, 1.1.5 or 1.0.7.

Thanks to the work of Egor Homakov, we have located and patched two serious exploits within Spree.

The first allows a user to authenticate as a random user to the API, which could
potentially lead them to authenticating as an admin user for the store. The
second allows them to issue a Denial of Service attack against the store using
an especially crafted URL.

We have patched the 1-0-stable, 1-1-stable, 1-2-stable, 1-3-stable and master
branches for Spree, as well as released new gem versions for the stable

We strongly advise all Spree stores to upgrade to their latest gem versions so
that they are not affected by these exploits.

What’s the best way to collect sales tax online?

Posted on January 30, 2013 by Erin Granville

If you have an online business, you already have to collect sales tax for at least one state—your home state—and you may soon have to collect sales tax in more states. So what’s the best way to handle online sales tax collection?

While you do have a few options, most of them—with one notable exception—require you to invest significant time and/or resources. Some e-commerce platforms offer sales tax calculators, but you’ll have to manually enter the sales tax rate for each state and local tax jurisdiction in a table and update them any time there’s a change. Or, if you have programming experience or the resources to hire someone who does, it’s possible to create your own program to calculate sales tax.

But the easiest option by far is to use a sales tax management service.

Sales tax management services automatically handle sales tax collection for you. All services calculate sales tax, but some can also create and file your sales tax returns, remit the sales tax collected to states, and manage exemption certificates. If the service has been certified by states, it may also offer indemnification—you won’t be held liable for any errors. Sales tax management services also automatically update any changes to sales tax rates.

These services vary in cost. Most frequently, they charge a software licensing fee as well as a fee for each time your store looks up a tax rate, though some services charge just the licensing fee or just the look-up fee. In addition, some charge for features such as sales tax return filing.

There is currently just one free service available, TaxCloud, which offers the features mentioned above—calculation, remittance, filing, exemption certificate management, indemnification, and automatic updating—at no cost to retailers. Instead, states pay a commission based on the amount of sales tax that TaxCloud helps retailers collect. (Full disclosure: I’m employed by FedTax, the company that created TaxCloud.)

If you’re a Spree Commerce merchant, there’s an extension that lets you integrate TaxCloud with your online store, or you can use Spree’s default tax calculator. Spree’s guide to taxation has more information about sales tax and the Value Added Tax (VAT) often used outside the US.

About the Author

Erin Granville is Communications Editor at FedTax, the proud creator of TaxCloud.
TaxCloud is a free, easy-to-use sales tax management service for retailers. It handles every aspect of sales tax, from calculation to collection to filing—all at no cost for retailers.

TaxCloud can be easily integrated into most accounting, order management, and shopping cart systems. It has been evaluated by states and an independent review board and has been designated one of only six Certified Service Providers in the nation.

Check out the Spree TaxCloud extension written by Spree Community member Jerrold Thompson to integrate TaxCloud with your Spree store.

Checkout API Enhancements

Posted on January 29, 2013 by John Dyer

The Spree team has been working hard the last few months to make our API really robust. In November we announced the complete refactoring of the API to include a brand new Backbone.js based administration interface and a new documentation site. We are now adding the ability to checkout an order using the API. Using the “CheckoutsController” feature the API will allow an existing order to be updated and advanced until it is in the complete state following these steps:

Creating a New, Empty Order

You can create a new, empty order by making the following request:

POST /api/checkouts

Advancing an Order’s State

To advance an order to the next state, make the following request:

PUT /api/checkouts/ORDER_NUMBER

If successful, this will advance the order’s state and return the order specified in the request. Otherwise, this will return any errors on the order. Note that while the API documentation for checkouts was written with the default Spree checkout flow in mind, this will work with custom order states you may have implemented. You can also select a shipping method and payment method while advancing your order. For details on how to do this, review the Checkout API documentation.

Try Out the Checkout API Feature

The Checkout API feature is available now and is on the 1-3-stable branch. Feel free to give it a try and please report any feedback or issues. Detailed information about the Checkout API is covered in our documentation.

Customer Spotlight - Combat Gent

Posted on January 24, 2013 by Lynne Brehmer

We’d like to introduce you to Combat Gent, a Los Angeles based startup in the fashion tech industry who uses Spree for their e-commerce site. Combat Gent is an online menswear brand that offers affordable suits, shirts, pants, shorts, ties, and accessories. They skip the wholesale middleman and deliver products directly to consumers. This direct access approach allows them to offer high quality products at very low prices. We sat down with Daniel James, a developer at Combat Gent, to learn more about their business model and how they leverage Spree to target their customers’ needs.

Where did the idea for Combat Gent come from?

Combat Gent was started by Vishaal Melwani, Mohit Melwani, and Tracy Kuroye. Vishaal’s family ran Versace franchises in Los Angeles and Las Vegas for 25 years. Vishaal also worked at a clothing production company for a small streetwear brand after graduating college. These experiences provided him a behind the scenes look at the clothing manufacturing process. He witnessed the large markups that occurred between products being manufactured in China and then eventually being sold in boutiques in L.A. This inspired Vishaal to start Combat Gent. He saw an opportunity to leverage his connections and knowledge of the fashion industry to create an affordable, high quality menswear fashion line. Vishaal pulled his cousin Mohit into the business to lead the marketing strategy and his friend Tracy to handle all of the backend logistics related to inventory and budgeting.

What does the name “Combat Gent” stand for?

“Combat Gent” stands for Combatant Gentleman. We wanted to express how the modern guy views himself in today’s ultra competitive workplace — ready for battle each day to fight their way to the top. We get really great feedback from our customers about the name. They say it’s exactly how they feel going into work each day.

What sets Combat Gent apart from your competitors?

It really comes down to our production approach, our previous experience in the fashion industry, and the quality of the product we deliver. Because of our existing relationships with the clothing factories we don’t have to work through a third party manufacturer to get our clothing produced. This helps eliminate a layer of markups. We also do a lot of the work in-house. We create our own patterns and cut and sew our own original samples. Having the factory create a prototype can be very expensive, so it saves us a lot of money by doing things in-house.

We also understand our demographic really well. We target guys who are just starting their careers or have been working for a few years and are looking for an affordable clothing option to appear professional and fashionable. These guys are struggling to get ahead and need clothes that are multi-purpose that they can get multiple wears out of. This means our clothing needs to be almost indestructible so we pre-shrink all of our clothing prior to cutting each piece so that if the item is thrown into the laundry instead of taken to the dry-cleaners that it will come out looking ok.

How do you market your products?

We’re a startup so we don’t have a lot of money for advertising. We’ve focused on utilizing social media and our blog to promote the Combat Gent brand and it’s going really well. We ran a really successful campaign on Facebook last fall. We offered the chance to win a free suit to anyone who “Liked” our Facebook page. We got over 10,000 new likes in less than three months.

What do you like most about the Spree platform?

It was really easy to get our Spree store up and running. The GitHub readme was straightforward which made things very simple to get started. I had a prototype version of our store running in only three to four hours. Besides all of the core features needed to create an e-commerce site, Spree also enables you to quickly incorporate additional features through the use of extensions. For example, I recently installed a gift card feature and had it working on our site in less than two hours.

I also love how Spree keeps up to date with the latest Rails patches. Whenever there is a security update I am notified immediately in my Spree app and the Spree team already has a fix for it. I’ll I have to do is update my Gemfile, run “bundle install”, then run the test to make sure nothing breaks and thats it! I am amazed at how easy it is to stay up to date with the latest patches.

And last but not least I love the Spree community. They are an active, knowledgeable, responsive, and so so so helpful group. Whether I receive a response from someone on the core team or just another helpful community member I know there is always someone there to help me.

How did you customize Spree for Combat Gent’s online store?

We created a matching feature for Combat Gent merchandise. If you find a shirt that you like on our site you can click “match” and we’ll show you ties and pants that go with it. You can then save these items together as an outfit in your account so if you only buy one of them now you can go back later and purchase the whole look. We also created a “wish list” feature that allows you to put items in your virtual Combat Gent closet and see what they look like together.

What’s next for Combat Gent?

We are planning to expand our target market and marketing efforts to business schools and colleges. We also want to expand to a premium denim line similar to 7 For All Mankind or Lucky Brand that would sell for under $50 per pair. The jeans would be designed and manufactured in Los Angeles and display a “Made in U.S.A.” tag.

Shop the Combat Gent website and follow them on Twitter and Facebook.