From 5fda0bf605c3a8b89a42e31c9cabbe97347cd7fe Mon Sep 17 00:00:00 2001
From: Luuk Veenis <luuk@stembolt.com>
Date: Thu, 27 Jul 2017 11:38:55 -0700
Subject: [PATCH 1/2] Skip CSRF protection check on callback route

This route only gets hit by callbacks from PayBright, which won't have a
CSRF token set, and will error if we have CSRF protection enabled in our
app.
---
 app/controllers/spree/paybright_controller.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/controllers/spree/paybright_controller.rb b/app/controllers/spree/paybright_controller.rb
index 435e4ee..c2a31ec 100644
--- a/app/controllers/spree/paybright_controller.rb
+++ b/app/controllers/spree/paybright_controller.rb
@@ -1,5 +1,8 @@
 module Spree
   class PaybrightController < Spree::BaseController
+    # We can't use CSRF protection on a route that's hit by an external service
+    skip_before_action :verify_authenticity_token, only: :callback, raise: false
+
     # Server2server call that gets parameters about the results of the Paybright
     # transaction.
     def callback

From 6aebf614fda325db92074138b6c7b74079fe6dce Mon Sep 17 00:00:00 2001
From: Luuk Veenis <luuk@stembolt.com>
Date: Thu, 27 Jul 2017 11:58:48 -0700
Subject: [PATCH 2/2] Fix dependency resolution errors on CI

I took this from some of the other Solidus extensions because builds for
all Solidus versions 2.0+ started failing with dependency resolution
issues.
---
 .rubocop.yml |  6 ++++++
 Gemfile      | 12 +++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/.rubocop.yml b/.rubocop.yml
index ff3f27e..bb02624 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -230,6 +230,12 @@ Metrics/ParameterLists:
 Metrics/PerceivedComplexity:
   Enabled: false
 
+Bundler/OrderedGems:
+  Enabled: false
+
+Bundler/DuplicatedGem:
+  Enabled: false
+
 Metrics/BlockLength:
   Exclude:
     - 'spec/**/*.rb'
diff --git a/Gemfile b/Gemfile
index e9c51d6..ec2f0b7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -5,9 +5,15 @@ gem 'solidus', github: 'solidusio/solidus', branch: branch
 # Provides basic authentication functionality for testing parts of your engine
 gem 'solidus_auth_devise'
 
-if branch < 'v2.0'
-  gem 'rails', '~> 4.2.7'
-  gem 'rails_test_params_backport', group: :test
+if branch == 'master' || branch >= "v2.3"
+  gem 'rails', '~> 5.1.0' # HACK: broken bundler dependency resolution
+  gem "rails-controller-testing", group: :test
+elsif branch >= "v2.0"
+  gem 'rails', '~> 5.0.3' # HACK: broken bundler dependency resolution
+  gem "rails-controller-testing", group: :test
+else
+  gem "rails", '~> 4.2.0' # HACK: broken bundler dependency resolution
+  gem "rails_test_params_backport", group: :test
 end
 
 gemspec