ruby_shopify_app 1.3.1 → 1.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4f1c0b9278c1d143d0872ca501b2259cae0998c2cba5d7c6ebac4b58428a81b1
-  data.tar.gz: 7f9c04c736700f0e35d65af04949f8f56bcbc56611f2ddd61e796586808e4ab5
+  metadata.gz: cc9eee8b1899a69aa9a93c647372ba6355f5631ab6abf0b4e96a050d91d3f3a6
+  data.tar.gz: e997285d216f48ba365ee9e7eb91add73e38c7a831356842f6d4053e0787ff70
 SHA512:
-  metadata.gz: 3ca8751b1d52328e68c609cba8184ae0ea035b74a0f27ab5c97a15cc01207cce6846ab5ae71db8510165e8651eb4abe16572c76642a5487cec1234276976f0e6
-  data.tar.gz: 13f1848f49f793540f6f3b670466be3b7f4d6e728499810e080088514c8244aa25053e24cc459a27be3e937a39da3f3122d371997c4d24fdd451774e813ea46b
+  metadata.gz: fb7655a30f1b2b66d496deb06be8ad7ea473de55ed0968afd036385666cdb51c3578abda2045ecce5fd8d387d7d4c3b15fe61b2207b4595cc65ed8490e3d5848
+  data.tar.gz: 0501dc206c10c78f02f1406d846837f8587fb61b830e209ff0d1caccccec7e053fd1615e5e8fbb259cac6e5d992c103e894203be390a1d07e09f0e7677e36961

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+1.3.2
+-----
+
+* better helper to determine if JS requested action
+
 1.3.1
 -----
 

data/lib/ruby_shopify_app/controller_concerns/login_protection.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'browser_sniffer'
+require "browser_sniffer"
 
 module ShopifyApp
   module LoginProtection
@@ -16,7 +16,7 @@ module ShopifyApp
       rescue_from ActiveResource::UnauthorizedAccess, with: :close_session
     end
 
-    ACCESS_TOKEN_REQUIRED_HEADER = 'X-Shopify-API-Request-Failure-Unauthorized'
+    ACCESS_TOKEN_REQUIRED_HEADER = "X-Shopify-API-Request-Failure-Unauthorized"
 
     def activate_shopify_session
       if user_session_expected? && user_session.blank?
@@ -37,9 +37,7 @@ module ShopifyApp
     end
 
     def current_shopify_session
-      @current_shopify_session ||= begin
-        user_session || shop_session
-      end
+      @current_shopify_session ||= user_session || shop_session
     end
 
     def user_session
@@ -49,12 +47,14 @@ module ShopifyApp
     def user_session_by_jwt
       return unless ShopifyApp.configuration.allow_jwt_authentication
       return unless jwt_shopify_user_id
+
       ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(jwt_shopify_user_id)
     end
 
     def user_session_by_cookie
       return unless ShopifyApp.configuration.allow_cookie_authentication
       return unless session[:user_id].present?
+
       ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
     end
 
@@ -65,12 +65,14 @@ module ShopifyApp
     def shop_session_by_jwt
       return unless ShopifyApp.configuration.allow_jwt_authentication
       return unless jwt_shopify_domain
+
       ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(jwt_shopify_domain)
     end
 
     def shop_session_by_cookie
       return unless ShopifyApp.configuration.allow_cookie_authentication
       return unless session[:shop_id].present?
+
       ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
     end
 
@@ -80,8 +82,8 @@ module ShopifyApp
       end
 
       if current_shopify_session &&
-        params[:shop] && params[:shop].is_a?(String) &&
-        (current_shopify_session.domain != params[:shop])
+          params[:shop] && params[:shop].is_a?(String) &&
+          (current_shopify_session.domain != params[:shop])
         clear_session = true
       end
 
@@ -96,19 +98,20 @@ module ShopifyApp
     end
 
     def jwt_expire_at
-      expire_at = request.env['jwt.expire_at']
+      expire_at = request.env["jwt.expire_at"]
       return unless expire_at
+
       expire_at - 5.seconds # 5s gap to start fetching new token in advance
     end
 
     protected
 
     def jwt_shopify_domain
-      request.env['jwt.shopify_domain']
+      request.env["jwt.shopify_domain"]
     end
 
     def jwt_shopify_user_id
-      request.env['jwt.shopify_user_id']
+      request.env["jwt.shopify_user_id"]
     end
 
     def host
@@ -116,7 +119,7 @@ module ShopifyApp
     end
 
     def redirect_to_login
-      if request.xhr?
+      if requested_by_javascript?
         head(:unauthorized)
       else
         if request.get?
@@ -179,14 +182,17 @@ module ShopifyApp
     end
 
     def return_to_param_required?
-      native_params = %i[shop hmac timestamp locale protocol return_to]
-      request.path != '/' || sanitized_params.except(*native_params).any?
+      native_params = [:shop, :hmac, :timestamp, :locale, :protocol, :return_to]
+      request.path != "/" || sanitized_params.except(*native_params).any?
     end
 
     def fullpage_redirect_to(url)
       if ShopifyApp.configuration.embedded_app?
-        render('shopify_app/shared/redirect', layout: false,
-               locals: { url: url, current_shopify_domain: current_shopify_domain })
+        render(
+          "shopify_app/shared/redirect",
+          layout: false,
+          locals: { url: url, current_shopify_domain: current_shopify_domain },
+        )
       else
         redirect_to(url)
       end
@@ -219,6 +225,7 @@ module ShopifyApp
 
     def sanitize_shop_param(params)
       return unless params[:shop].present?
+
       ShopifyApp::Utils.sanitize_shop_domain(params[:shop])
     end
 
@@ -255,5 +262,11 @@ module ShopifyApp
     def user_session_expected?
       !ShopifyApp.configuration.user_session_repository.blank? && ShopifyApp::SessionRepository.user_storage.present?
     end
+
+    def requested_by_javascript?
+      request.xhr? ||
+        request.media_type == "text/javascript" ||
+        request.media_type == "application/javascript"
+    end
   end
 end

data/lib/ruby_shopify_app/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShopifyApp
-  VERSION = "1.3.1"
+  VERSION = "1.3.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_shopify_app
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.2
 platform: ruby
 authors:
 - Hopper Gee