Calling `update_attribute` on an order saves it prematurely with invalid/blank addresses

[mike-bourgeous]

Line 11 of checkout_controller_decorator.rb calls update_attribute on an order to set the order's email address, but this saves the order without running validations. This saves blank addresses (all fields nil) into the database, which can conflict with validations performed by other gems.

If possible, we would like to suggest using an alternate means of setting the email address on a guest order that does not cause the order object to be saved without validations, such as simple attribute assignment (order.email = ...).

Thanks.

https://github.com/spree/spree_auth_devise/blob/50f60a751c22824e96250e886c6e66fa0e219987/lib/controllers/frontend/spree/checkout_controller_decorator.rb#L11

[prsanjay]

Hi @mike-bourgeous, I have faced this same issue in Spree 3.7 with latest Spree Auth Devise. I have solved this issue by calling reload on current_order like this :

current_order.reload.update_attribute(:email, params[:order][:email])

I believe this way it would detach associated object of address which have been initialized but not saved yet.

Any comments? Thanks!