ruby_shopify_api 1.0.0

data/lib/shopify_api/session.rb

@@ -0,0 +1,203 @@
+# frozen_string_literal: true
+require 'openssl'
+require 'rack'
+
+module ShopifyAPI
+  class ValidationException < StandardError
+  end
+
+  class Session
+    SECONDS_IN_A_DAY = 24 * 60 * 60
+
+    cattr_accessor :api_key, :secret, :myshopify_domain
+    self.myshopify_domain = 'myshopify.com'
+
+    attr_accessor :domain, :token, :name, :extra
+    attr_reader :api_version, :access_scopes
+    alias_method :url, :domain
+
+    class << self
+      def setup(params)
+        params.each { |k, value| public_send("#{k}=", value) }
+      end
+
+      def temp(domain:, token:, api_version: ShopifyAPI::Base.api_version, &block)
+        session = new(domain: domain, token: token, api_version: api_version)
+
+        with_session(session, &block)
+      end
+
+      def with_session(session, &_block)
+        original_session = extract_current_session
+        original_user = ShopifyAPI::Base.user
+        original_password = ShopifyAPI::Base.password
+
+        begin
+          ShopifyAPI::Base.clear_session
+          ShopifyAPI::Base.activate_session(session)
+          yield
+        ensure
+          ShopifyAPI::Base.activate_session(original_session)
+          ShopifyAPI::Base.user = original_user
+          ShopifyAPI::Base.password = original_password
+        end
+      end
+
+      def with_version(api_version, &block)
+        original_session = extract_current_session
+        session = new(domain: original_session.site, token: original_session.token, api_version: api_version)
+
+        with_session(session, &block)
+      end
+
+      def prepare_domain(domain)
+        return nil if domain.blank?
+        # remove http:// or https://
+        domain = domain.strip.gsub(%r{\Ahttps?://}, '')
+        # extract host, removing any username, password or path
+        shop = URI.parse("https://#{domain}").host
+        # extract subdomain of .myshopify.com
+        if (idx = shop.index("."))
+          shop = shop.slice(0, idx)
+        end
+        return nil if shop.empty?
+        "#{shop}.#{myshopify_domain}"
+      rescue URI::InvalidURIError
+        nil
+      end
+
+      def validate_signature(params)
+        params = (params.respond_to?(:to_unsafe_hash) ? params.to_unsafe_hash : params).with_indifferent_access
+        return false unless (signature = params[:hmac])
+
+        calculated_signature = OpenSSL::HMAC.hexdigest(
+          OpenSSL::Digest.new('SHA256'), secret, ShopifyAPI::HmacParams.encode(params)
+        )
+
+        Rack::Utils.secure_compare(calculated_signature, signature)
+      end
+
+      private
+
+      def extract_current_session
+        site = ShopifyAPI::Base.site.to_s
+        token = ShopifyAPI::Base.headers['X-Shopify-Access-Token']
+        version = ShopifyAPI::Base.api_version
+        new(domain: site, token: token, api_version: version)
+      end
+    end
+
+    def initialize(domain:, token:, access_scopes: nil, api_version: ShopifyAPI::Base.api_version, extra: {})
+      self.domain = self.class.prepare_domain(domain)
+      self.api_version = api_version
+      self.token = token
+      self.access_scopes = access_scopes
+      self.extra = extra
+    end
+
+    def create_permission_url(scope, redirect_uri, options = {})
+      params = { client_id: api_key, scope: ShopifyAPI::ApiAccess.new(scope).to_s, redirect_uri: redirect_uri }
+      params[:state] = options[:state] if options[:state]
+      params["grant_options[]".to_sym] = options[:grant_options] if options[:grant_options]
+      construct_oauth_url("authorize", params)
+    end
+
+    def request_token(params)
+      return token if token
+
+      twenty_four_hours_ago = Time.now.utc.to_i - SECONDS_IN_A_DAY
+      unless self.class.validate_signature(params) && params[:timestamp].to_i > twenty_four_hours_ago
+        raise ShopifyAPI::ValidationException, "Invalid Signature: Possible malicious login"
+      end
+
+      response = access_token_request(params[:code])
+      if response.code == "200"
+        self.extra = JSON.parse(response.body)
+        self.token = extra.delete('access_token')
+
+        if (expires_in = extra.delete('expires_in'))
+          extra['expires_at'] = Time.now.utc.to_i + expires_in
+        end
+        token
+      else
+        raise response.msg
+      end
+    end
+
+    def shop
+      Shop.current
+    end
+
+    def site
+      "https://#{domain}"
+    end
+
+    def api_version=(version)
+      @api_version = if ApiVersion::NullVersion.matches?(version)
+        ApiVersion::NullVersion
+      else
+        ApiVersion.find_version(version)
+      end
+    end
+
+    def valid?
+      domain.present? && token.present? && api_version.is_a?(ApiVersion)
+    end
+
+    def expires_in
+      return unless expires_at.present?
+      [0, expires_at.to_i - Time.now.utc.to_i].max
+    end
+
+    def expires_at
+      return unless extra.present?
+      @expires_at ||= Time.at(extra['expires_at']).utc
+    end
+
+    def expired?
+      return false if expires_in.nil?
+      expires_in <= 0
+    end
+
+    def hash
+      state.hash
+    end
+
+    def ==(other)
+      self.class == other.class && state == other.state
+    end
+
+    alias_method :eql?, :==
+
+    protected
+
+    def state
+      [domain, token, api_version, extra]
+    end
+
+    private
+
+    def access_scopes=(access_scopes)
+      return unless access_scopes
+      @access_scopes = ShopifyAPI::ApiAccess.new(access_scopes)
+    end
+
+    def parameterize(params)
+      URI.encode_www_form(params)
+    end
+
+    def access_token_request(code)
+      uri = URI.parse(construct_oauth_url('access_token'))
+      https = Net::HTTP.new(uri.host, uri.port)
+      https.use_ssl = true
+      request = Net::HTTP::Post.new(uri.request_uri)
+      request.set_form_data('client_id' => api_key, 'client_secret' => secret, 'code' => code)
+      https.request(request)
+    end
+
+    def construct_oauth_url(path, query_params = {})
+      query_string = "?#{parameterize(query_params)}" unless query_params.empty?
+      "https://#{domain}/admin/oauth/#{path}#{query_string}"
+    end
+  end
+end

data/lib/shopify_api/version.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+module ShopifyAPI
+  VERSION = "1.0.0"
+end

data/lib/shopify_api.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+$:.unshift(File.dirname(__FILE__))
+require 'active_resource'
+require 'active_support/core_ext/class/attribute_accessors'
+require 'digest/md5'
+require 'base64'
+require 'active_resource/detailed_log_subscriber'
+require 'shopify_api/limits'
+require 'shopify_api/api_version'
+require 'shopify_api/meta'
+require 'active_resource/json_errors'
+require 'shopify_api/paginated_collection'
+require 'shopify_api/disable_prefix_check'
+
+if Gem::Version.new(RUBY_VERSION) < Gem::Version.new("2.6")
+  puts("\nshopify_api: NOTE: Support for Ruby #{RUBY_VERSION} will be dropped in the next major release. Please update to Ruby 2.6 or newer before updating this gem.\n\n")
+end
+
+module ShopifyAPI
+  include Limits
+end
+
+require 'shopify_api/events'
+require 'shopify_api/metafields'
+require 'shopify_api/countable'
+require 'shopify_api/resources'
+require 'shopify_api/session'
+require 'shopify_api/hmac_params'
+require 'shopify_api/api_access'
+require 'shopify_api/message_enricher'
+require 'shopify_api/connection'
+require 'shopify_api/pagination_link_headers'
+require 'shopify_api/graphql'
+require 'shopify_api/graphql/railtie' if defined?(Rails)
+
+if ShopifyAPI::Base.respond_to?(:connection_class)
+  ShopifyAPI::Base.connection_class = ShopifyAPI::Connection
+else
+  require 'active_resource/connection_ext'
+end
+
+if ENV["SHOPIFY_LOG_PATH"]
+  ActiveResource::Base.logger = Logger.new(ENV["SHOPIFY_LOG_PATH"])
+  ActiveResource::DetailedLogSubscriber.attach_to(:active_resource_detailed)
+end

data/lib/verify_docs.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+class VerifyDocs
+  def self.call
+    readme_content = File.read("README.md").lines[2..-1]
+    docs_content = File.read("docs/index.md").lines[4..-1]
+    readme_content == docs_content
+  end
+end

data/service.yml

@@ -0,0 +1,2 @@
+audience: partner
+classification: library

data/shipit.rubygems.yml

@@ -0,0 +1 @@
+# using the default shipit config

data/shopify_api.gemspec

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+$:.push(File.expand_path("../lib", __FILE__))
+require "shopify_api/version"
+
+Gem::Specification.new do |s|
+  s.name = %q{ruby_shopify_api}
+  s.version = ShopifyAPI::VERSION
+  s.authors = ["Hopper Gee"]
+  s.email = ["hopper.gee@hey.com"]
+
+  s.summary = %q{The Shopify API gem is a lightweight gem for accessing the Shopify admin REST web services}
+  s.description = <<~HERE
+    The Shopify API gem allows Ruby developers to programmatically access the admin
+    section of Shopify stores. The API is implemented as JSON or XML over HTTP using
+    all four verbs (GET/POST/PUT/DELETE). Each resource, like Order, Product, or
+    Collection, has its own URL and is manipulated in isolation.
+  HERE
+  s.homepage = %q{https://github.com/RetroShopifyDev/ruby-shopify-api}
+
+  s.metadata['allowed_push_host'] = 'https://rubygems.org'
+
+  s.extra_rdoc_files = [
+    "LICENSE",
+    "README.md",
+  ]
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test}/*`.split("\n")
+
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.summary = %q{ShopifyAPI is a lightweight gem for accessing the Shopify admin REST web services}
+  s.license = "MIT"
+
+  s.required_ruby_version = ">= 2.4"
+
+  s.add_runtime_dependency("activeresource", ">= 4.1.0")
+  s.add_runtime_dependency("rack")
+  s.add_runtime_dependency("graphql-client")
+
+  s.add_development_dependency("mocha", ">= 1.4.0")
+  s.add_development_dependency("webmock")
+  s.add_development_dependency("minitest", ">= 5.14")
+  s.add_development_dependency("rake")
+  s.add_development_dependency("timecop")
+  s.add_development_dependency("rubocop-shopify")
+  s.add_development_dependency("pry")
+  s.add_development_dependency("pry-byebug")
+end

data/test/abandoned_checkouts_test.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class AbandonedCheckoutsTest < Test::Unit::TestCase
+  def setup
+    super
+
+    @expected_checkouts = JSON.parse(load_fixture('abandoned_checkouts'))['checkouts']
+    @expected_checkout_id = JSON.parse(load_fixture('abandoned_checkout'))['checkout']['id']
+  end
+
+  test ":create creates a checkout" do
+    fake 'checkouts', method: :post, status: 201, body: load_fixture('abandoned_checkout')
+
+    checkout = ShopifyAPI::AbandonedCheckout.create
+
+    assert_equal @expected_checkout_id, checkout.id
+    assert_equal true, checkout.attributes.include?(:abandoned_checkout_url)
+  end
+
+  test "get all checkouts indexed by token" do
+    fake 'checkouts', method: :get, status: 200, body: load_fixture('abandoned_checkouts')
+
+    checkouts = ShopifyAPI::AbandonedCheckout.all
+
+    assert_equal @expected_checkout_id, checkouts.first.id
+    assert_equal @expected_checkouts.size, checkouts.size
+  end
+end

data/test/access_scope_test.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class AccessScopeTest < Test::Unit::TestCase
+  test 'access scope does not use the versioned resource urls' do
+    fake(
+      'access_scopes',
+      url: 'https://shop2.myshopify.com/admin/oauth/access_scopes.json',
+      method: :get,
+      status: 201,
+      body: load_fixture('access_scopes'),
+      extension: false
+    )
+
+    unstable_version = ShopifyAPI::Session.new(domain: 'shop2.myshopify.com', token: 'token2', api_version: :unstable)
+
+    ShopifyAPI::Base.activate_session(unstable_version)
+
+    scope_handles = ShopifyAPI::AccessScope.find(:all).map(&:handle)
+
+    assert_equal(['write_product_listings', 'read_shipping'], scope_handles)
+  end
+end

data/test/access_token_test.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class AccessTokenTest < Test::Unit::TestCase
+  def test_delegate_access_token
+    fake(
+      "access_tokens/delegate.json?delegate_access_scope%5B%5D=write_orders&" \
+      "delegate_access_scope%5B%5D=read_products&expires_in=",
+      method: :post,
+      status: 201,
+      body: load_fixture('access_token_delegate'),
+      extension: false
+    )
+    delegate_scope = ['write_orders', 'read_products']
+    token = ShopifyAPI::AccessToken.delegate(delegate_scope)
+
+    assert_equal('abracadabra', token.access_token)
+    assert_equal('write_orders,read_products', token.scope)
+  end
+end

data/test/active_resource/json_errors_test.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+module ActiveResource
+  class JsonErrorsTest < Test::Unit::TestCase
+    def test_parsing_of_error_json_hash
+      @model = ShopifyAPI::Order.new
+      @model.errors.from_json({ errors: { name: ['missing'] } }.to_json)
+      assert_equal(['missing'], @model.errors[:name])
+    end
+
+    def test_parsing_of_error_json_plain_string
+      @model = ShopifyAPI::Order.new
+      @model.errors.from_json({ errors: 'some generic error' }.to_json)
+      assert_equal(['some generic error'], @model.errors[:base])
+      assert_equal('some generic error', @model.errors.full_messages.to_sentence)
+    end
+  end
+end

data/test/api_access_test.rb

@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class ApiAccessTest < Minitest::Test
+  def test_write_is_the_same_access_as_read_write_on_the_same_resource
+    read_write_orders = ShopifyAPI::ApiAccess.new(%w(read_orders write_orders))
+    write_orders = ShopifyAPI::ApiAccess.new(%w(write_orders))
+
+    assert_equal write_orders, read_write_orders
+  end
+
+  def test_write_is_the_same_access_as_read_write_on_the_same_unauthenticated_resource
+    unauthenticated_read_write_orders = ShopifyAPI::ApiAccess.new(%w(unauthenticated_read_orders unauthenticated_write_orders))
+    unauthenticated_write_orders = ShopifyAPI::ApiAccess.new(%w(unauthenticated_write_orders))
+
+    assert_equal unauthenticated_write_orders, unauthenticated_read_write_orders
+  end
+
+  def test_read_is_not_the_same_as_read_write_on_the_same_resource
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_write_orders = ShopifyAPI::ApiAccess.new(%w(write_orders read_orders))
+
+    refute_equal read_write_orders, read_orders
+  end
+
+  def test_two_different_resources_are_not_equal
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_products = ShopifyAPI::ApiAccess.new(%w(read_products))
+
+    refute_equal read_orders, read_products
+  end
+
+  def test_two_identical_scopes_are_equal
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_orders_identical = ShopifyAPI::ApiAccess.new(%w(read_orders))
+
+    assert_equal read_orders_identical, read_orders
+  end
+
+  def test_unauthenticated_is_not_implied_by_authenticated_access
+    unauthenticated_orders = ShopifyAPI::ApiAccess.new(%w(unauthenticated_read_orders))
+    authenticated_read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    authenticated_write_orders = ShopifyAPI::ApiAccess.new(%w(write_orders))
+
+    refute_equal unauthenticated_orders, authenticated_read_orders
+    refute_equal unauthenticated_orders, authenticated_write_orders
+  end
+
+  def test_scopes_covers_is_truthy_for_same_scopes
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_orders_identical = ShopifyAPI::ApiAccess.new(%w(read_orders))
+
+    assert read_orders.covers?(read_orders_identical)
+  end
+
+  def test_covers_is_falsy_for_different_scopes
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_products = ShopifyAPI::ApiAccess.new(%w(read_products))
+
+    refute read_orders.covers?(read_products)
+  end
+
+  def test_covers_is_truthy_for_read_when_the_set_has_read_write
+    write_products = ShopifyAPI::ApiAccess.new(%w(write_products))
+    read_products = ShopifyAPI::ApiAccess.new(%w(read_products))
+
+    assert write_products.covers?(read_products)
+  end
+
+  def test_covers_is_truthy_for_read_when_the_set_has_read_write_for_that_resource_and_others
+    write_products_and_orders = ShopifyAPI::ApiAccess.new(%w(write_products, write_orders))
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+
+    assert write_products_and_orders.covers?(read_orders)
+  end
+
+  def test_covers_is_truthy_for_write_when_the_set_has_read_write_for_that_resource_and_others
+    write_products_and_orders = ShopifyAPI::ApiAccess.new(%w(write_products, write_orders))
+    write_orders = ShopifyAPI::ApiAccess.new(%w(write_orders))
+
+    assert write_products_and_orders.covers?(write_orders)
+  end
+
+  def test_covers_is_truthy_for_subset_of_scopes
+    write_products_orders_customers = ShopifyAPI::ApiAccess.new(%w(write_products write_orders write_customers))
+    write_orders_products = ShopifyAPI::ApiAccess.new(%w(write_orders read_products))
+
+    assert write_products_orders_customers.covers?(write_orders_products)
+  end
+
+  def test_covers_is_falsy_for_sets_of_scopes_that_have_no_common_elements
+    write_products_orders_customers = ShopifyAPI::ApiAccess.new(%w(write_products write_orders write_customers))
+    write_images_read_content = ShopifyAPI::ApiAccess.new(%w(write_images read_content))
+
+    refute write_products_orders_customers.covers?(write_images_read_content)
+  end
+
+  def test_covers_is_falsy_for_sets_of_scopes_that_have_only_some_common_access
+    write_products_orders_customers = ShopifyAPI::ApiAccess.new(%w(write_products write_orders write_customers))
+    write_products_read_content = ShopifyAPI::ApiAccess.new(%w(write_products read_content))
+
+    refute write_products_orders_customers.covers?(write_products_read_content)
+  end
+
+  def test_duplicate_scopes_resolve_to_one_scope
+    read_orders_duplicated = ShopifyAPI::ApiAccess.new(%w(read_orders read_orders read_orders read_orders))
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+
+    assert_equal read_orders, read_orders_duplicated
+  end
+
+  def test_to_s_outputs_scopes_as_a_comma_separated_list_without_implied_read_scopes
+    serialized_read_products_write_orders = "read_products,write_orders"
+    read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products read_orders write_orders))
+
+    assert_equal read_products_write_orders.to_s, serialized_read_products_write_orders
+  end
+
+  def test_to_a_outputs_scopes_as_an_array_of_strings_without_implied_read_scopes
+    serialized_read_products_write_orders = %w(write_orders read_products)
+    read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products read_orders write_orders))
+
+    assert_equal read_products_write_orders.to_a.sort, serialized_read_products_write_orders.sort
+  end
+
+  def test_creating_scopes_removes_extra_whitespace_from_scope_name_and_blank_scope_names
+    deserialized_read_products_write_orders = ShopifyAPI::ApiAccess.new([' read_products', '  ', 'write_orders '])
+    serialized_read_products_write_orders = deserialized_read_products_write_orders.to_s
+    expected_read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products write_orders))
+
+    assert_equal expected_read_products_write_orders, ShopifyAPI::ApiAccess.new(serialized_read_products_write_orders)
+  end
+
+  def test_creating_scopes_from_a_string_works_with_a_comma_separated_list
+    deserialized_read_products_write_orders = ShopifyAPI::ApiAccess.new("read_products,write_orders")
+    serialized_read_products_write_orders = deserialized_read_products_write_orders.to_s
+    expected_read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products write_orders))
+
+    assert_equal expected_read_products_write_orders, ShopifyAPI::ApiAccess.new(serialized_read_products_write_orders)
+  end
+
+  def test_using_to_s_from_one_scopes_to_construct_another_will_be_equal
+    read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products write_orders))
+
+    assert_equal read_products_write_orders, ShopifyAPI::ApiAccess.new(read_products_write_orders.to_s)
+  end
+
+  def test_using_to_a_from_one_scopes_to_construct_another_will_be_equal
+    read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products write_orders))
+
+    assert_equal read_products_write_orders, ShopifyAPI::ApiAccess.new(read_products_write_orders.to_a)
+  end
+end

data/test/api_permission_test.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class ApiPermissionTest < Test::Unit::TestCase
+  test "revoke access token" do
+    fake "api_permissions/current", method: :delete, status: 200, body: "{}"
+    assert ShopifyAPI::ApiPermission.destroy
+  end
+end