Spree Commerce

Try It Now

Solidus 1.0.0

Posted on August 12, 2015 by John Hawthorn

Editor’s Note

This is a guest blog post from someone who is an active contributor to the open source project. This blog post has nothing to do with official Spree policy, nor does it represent any type of endrosement by Spree Commerce. There are a small number of Spree developers who want to concentrate on providing a limited set of security and performance enhancements to their existing Spree codebase without introducing new features, new Rails functionality, etc. This is a perfectly reasonable approach to take and we have no problem with it. It does not, however, relate to any actual or planned change in the direction of the Spree open source project.

About the Author

John is a programmer for FreeRunning Technologies, a team of fullstack developers based out of Victoria, BC. FreeRunning Tech builds scalable web and ecommerce software applications, leveraging Ruby on Rails and Spree Commerce.

We’re happy to announce Solidus 1.0.0, an updated fork of Spree 2.4 spearheaded by the developers at Bonobos and FreeRunning Technologies.

These changes mostly came from the needs of running a large store like Bonobos and AYR. Changes include refund and cancellation overhaul, performance fixes, customer service enhancements, changes for fulfilment, and many fixes. The downside is that this is a large set of changes. We didn’t release 1.0 early but we hope for our future versions to be released often.

We intend this to be a direct upgrade for Spree 2.4 (or earlier) users. We’ve also tweaked the Spree 2.2 → 2.3 → 2.4 migrations to be faster and more correct. A future version, likely 1.1.0, will provide an upgrade path for users on spree 3.0.

Major Changes

Rails 4.2

We’ve upgraded to rails 4.2. Notably this includes ActiveJob, asynchronous emails, and ActiveRecord performance improvements.

See the rails 4.2 release notes.

Solidus

Gems have all been renamed solidus: solidus, solidus_api, solidus_backend, solidus_core, solidus_frontend. Branding and some sample data has been changed. We will continue using the Spree:: namespace.

SSL Configuration Removed

Previously SSL was enforced by Spree at the controller level by declaring either ssl_required or ssl_allowed, which checked several Spree::Config options to determine if SSL should be used in this environment and if the HTTPS request should be redirected to plain HTTP.

It is now expected that the entire store has SSL enforced. This is to be handled either by Rails, the web server, or the load balancer.

This can be done by setting config.force_ssl = true in config/environments/production.rb

Order Mutex for the API

Previously, concurrent requests to the API could put the order into an inconsistent state. Now, concurrent requests to the API will return HTTP 409 “Conflict”.

Explicit Order Complete + Confirmation Always Required

Previously order.next was used to advance an order through the order checkout states and to ultimately complete the order. This made it easy to complete the order unintentionally through the admin or when using the API. This is now changed so that an explicit call to order.complete is required to complete the order. To facilitate this the confirm state is now always required.

The API’s advance route will now move the order to the ‘confirm’ state. The next action will continue to move orders from confirm to complete, but issues a deprecation warning when doing so.

The frontend checkout continues to act as before, but will always have the confirm state.

Store Credit

We wanted to be able to include store credits with Solidus. This integrated the existing spree_store_credit_payment_method extension.

This allows assigning an amount of store credit to a user and allow them to pay using those funds.

Cartons

When physically shipping items to a customer, multiple orders to the same customer may be combined into one package. A single shipment (as seen and paid for by customer) may end up split into multiple packages with different tracking numbers (due to sizing restrictions, for example). To better represent this, we’ve created the cartons model, which is intended to accurately represent the physical shipment (likely with a tracking number) which was sent out.

This should allow more robust integration with some third party logistics providers and help stores with complex shipping needs. In simple stores this addition will be transparent. For most stores, this change should be transparent. Shipping a shipment will create a 1:1 carton.

Stock Transfer Improvements

We added a whole lot of improvements to the stock transfer feature set, including improved admin for which stock locations the inventory is being transferred between, automatic stock quantity handling, better product search, more data capture, and blind receiving of stock transfers at the warehouse to promote assurance of correct product received.

New stock Management Interface

Stock can now be managed at a per-stock-location level in addition to a per-product level. Additionally, it is far easier to search for and filter products, as well as change stock quantities at specific stock locations. Restrictions can also be put in place to only allow certain users to access or manage certain stock locations.

Multiple Codes on a Promotion

A single promotion can now have many unique codes. Previous versions only allowed a single code per promotion. This allows reusing promotion rules and actions without having to duplicate the promotion. Each individual code has it’s own usage limit and is dynamically generated with a user specified prefix. (e.g. base_owgklx)

Adjustment Reasons

Adjustment Reasons are categorizations of why an adjustment occurred. This can help with data reporting, accounting, and business intelligence around why adjustments are occurring to orders.

Return reasons

Similar to Adjustment Reasons, Return Reasons provide an extra level of information around why returns occur.

Item Cancellations

There are times when orders are unable to be completely fulfilled, or where the customer changes their mind about receiving a product. For this purpose, Item Cancellations were introduced, which can adjust order totals before a shipment occurs, and even change the amount that you use to calculate tax or to charge with your payment provider if you capture payment at dispatch.

Order Promotions

A new OrderPromotion model records that a promotion has been applied to an order, allowing item-level promotions to apply to line items or shipments added later to the order.

spree_cmd/solidus_cmd removed

Removes the spree command, which was an alternative way to add Spree to a new Rails app. We’ve removed this in favour of the normal installation generator.

Configuration

To view this blog in its full format, including the key configurations, visit the blog of solidus.

How to Add Product Properties in Spree Commerce

Posted on August 04, 2015 by Kaartik Iyer

About the Author

Kaartik Iyer is the founder of Infigic. Infigic is an ecommerce agency that develops with Spree Commerce. Infigic was started by experienced ecommerce professionals who have built succesful ecommerce ventures in the past and have started off this venture to help fellow ecommerce entrepreneurs. You can check out Infigic’s portfolio here.

The Spree Commerce platform that delivers ecommerce solutions is a great choice for many reasons. One of them is a great its depth of adjustable settings and functions. If you’re new to Spree, you might come up with number of questions. One of the most frequent questions we come across is how to use product properties properly.

Follow the simple steps below to add product properties in Spree Commerce:

Step 1:

Click the “Products” tab in your Spree store’s admin panel and click “Properties.”

Step 2:

Click the “New Property” button.

Step 3:

Enter relevant values for “Name” and “Presentation” fields, such as product type and country, or any other attribute respectively. Then, hit “Create.”

To update an existing product property in Spree:

Step 1:

Navigate to the products properties section, as shown above.

Step 2:

Edit the text box field for “Name” and “Presentation,” whatever you want to update.

Step 3:

Click “Update.”

Now you have successfully added product properties. For further questions or other issues, feel free to drop us a mail at info@infigic.com. Infigic is a Spree Commerce development company specializing in custom Spree Commerce development and Spree extension development solutions. Follow us on twitter (@infigicdigital) for more updates related to ecommerce development.

To view this post in its original format, visit the blog of Infigic Digital.

Follow Spree Commerce!

Spree Commerce Technology Dominating Ecommerce Market

Posted on July 30, 2015 by Alexander Diegel

A recent report has tracked the usage rates for ecommerce domains thus far in 2015. We are pleased to announce that Spree Commerce is the technology powering not one but BOTH of the two biggest growers in ’15.

First up is our own Spree storefront, which has seen its usage grow by an incredible 202%. Recently, ecommerce powers such as Fortnum & Mason and Bonobos have replatformed to Spree, just two of many that have made the decision to build on our Ruby on Rails-based platform.

Both Fortnum’s and Bonobos reported incredible results almost immediately. Fortnum’s in fact, saw a 15 percent customer conversion rate, a ten percent increase in on-site search conversion rate, and its 20 percent cart abandonment rate reduced to zero. Needless to say, they’re happy with the switch.

The second biggest grower in ‘15 thus far is GoDaddy. Last fall, GoDaddy chose Spree to power their endeavor into the small-to-medium-sized retailer market, known as GoDady Online Store. This redesigned platform has been cited as a primary source for GoDaddy’s growth.

GoDaddy wanted to find the simplest and easiest ecommerce solution for small and growing businesses. While making the decision, GoDaddy evaluated platforms based on criteria such as maturity, extensibility, features, modularity, adaptibility, community support and more. After months of careful review, the GoDaddy team picked Spree. With GoDaddy Online Store powering GoDaddy’s growth in ‘15, it’s safe to say they made the right choice.

So what do you have to lose by giving the giving the Spree platform a try? It’s free, and there’s no scary contracts locking you in. Give it a whirl, and see what makes Spree the fastest-growing ecommerce platform on the market.

Security Fix for all Spree Versions

Posted on July 28, 2015 by Jeff Dutil

We have just issued several new versions of Spree that address a critical security vulnerability present in all versions of Spree 1.2.x+.

An attacker with API access is able to execute arbitrary files on the remote system. It is likely that this could be leveraged to gain admin priviledges, disclose the contents of files or execute arbitrary code.

We recommend all users upgrade immediately, but this is especially dangerous to stores which provide API access to customers.

If you are unable or unwilling to upgrade you can monkey patch your Spree application with an initializer config/initializers/security_20150728.rb as a quick workaround:

Spree::Api::TaxonomiesController.before_filter do
  params[:set] = nil if params[:set] != "nested"
end

If using an unsupported version, such as, 1.2.x, 1.3.x, 2.0.x or 2.1.x you should use the above initializer as a workaround.

Previous security releases

If you have not already read about and patched last weeks security release it’s urgent you immediately upgrade to these latest releases or patch the previous security vulnerability as well. While this current security issue does require a valid API key the previous security issue does not making all un-patched Spree stores vulnerable.

Credit

Thanks to John Hawthorn again from Free Running Tech for reporting the issue privately after his recent security audit via the security@spreecommerce.com email. This allowed us to verify the problem and prepare the necessary security patches for public release.

Full Changes

To see a complete list of changes please view the compare pages: