ruby_shopify_app 1.3.1 → 1.3.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/Gemfile.lock +9 -9
  4. data/lib/ruby_shopify_app/controller_concerns/login_protection.rb +28 -15
  5. data/lib/ruby_shopify_app/omniauth/omniauth_configuration.rb +6 -4
  6. data/lib/ruby_shopify_app/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4f1c0b9278c1d143d0872ca501b2259cae0998c2cba5d7c6ebac4b58428a81b1
4
- data.tar.gz: 7f9c04c736700f0e35d65af04949f8f56bcbc56611f2ddd61e796586808e4ab5
3
+ metadata.gz: 168effe34bcce65dfa9479f8e54da222422df9eb1076d6bc85df5316a9bc7206
4
+ data.tar.gz: 29be70f5e1573aedc5b92e4bd28c2ef93cfb5157818d5643c003cd0c286a3520
5
5
  SHA512:
6
- metadata.gz: 3ca8751b1d52328e68c609cba8184ae0ea035b74a0f27ab5c97a15cc01207cce6846ab5ae71db8510165e8651eb4abe16572c76642a5487cec1234276976f0e6
7
- data.tar.gz: 13f1848f49f793540f6f3b670466be3b7f4d6e728499810e080088514c8244aa25053e24cc459a27be3e937a39da3f3122d371997c4d24fdd451774e813ea46b
6
+ metadata.gz: b1d451fd0ba155fc4c873faacf0b81b9c4906d327aa8ed864fdc3d51a875a22c8e78ee069f5e0634d999ad0ef08664e48fbc04471a25e6b08825b45807cb9d85
7
+ data.tar.gz: aa5947fe71372462ed7dc5714fcc8fb3ecddfec39fd6b5c6ee8044ae9bc1e96894cf2cffec767b977e9f22073d002d9a2e55c3eb70914fc1bad983bd4103ca38
data/CHANGELOG.md CHANGED
@@ -1,3 +1,13 @@
1
+ 1.3.3
2
+ -----
3
+
4
+ * Fix a auth issue happens on safari 8
5
+
6
+ 1.3.2
7
+ -----
8
+
9
+ * better helper to determine if JS requested action
10
+
1
11
  1.3.1
2
12
  -----
3
13
 
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- ruby_shopify_app (1.2.0)
4
+ ruby_shopify_app (1.3.3)
5
5
  browser_sniffer (~> 2.0)
6
6
  jwt (>= 2.2.3)
7
7
  omniauth-rails_csrf_protection
@@ -108,7 +108,7 @@ GEM
108
108
  net-http
109
109
  globalid (1.2.1)
110
110
  activesupport (>= 6.1)
111
- graphql (2.3.2)
111
+ graphql (2.3.4)
112
112
  base64
113
113
  graphql-client (0.22.0)
114
114
  activesupport (>= 3.0)
@@ -142,7 +142,7 @@ GEM
142
142
  bigdecimal (~> 3.1)
143
143
  net-http (0.4.1)
144
144
  uri
145
- net-imap (0.4.10)
145
+ net-imap (0.4.12)
146
146
  date
147
147
  net-protocol
148
148
  net-pop (0.1.2)
@@ -151,7 +151,7 @@ GEM
151
151
  timeout
152
152
  net-smtp (0.5.0)
153
153
  net-protocol
154
- nio4r (2.7.1)
154
+ nio4r (2.7.3)
155
155
  nokogiri (1.16.4)
156
156
  mini_portile2 (~> 2.8.2)
157
157
  racc (~> 1.4)
@@ -166,7 +166,7 @@ GEM
166
166
  hashie (>= 3.4.6)
167
167
  rack (>= 2.2.3)
168
168
  rack-protection
169
- omniauth-rails_csrf_protection (1.0.1)
169
+ omniauth-rails_csrf_protection (1.0.2)
170
170
  actionpack (>= 4.2)
171
171
  omniauth (~> 2.0)
172
172
  omniauth-shopify-app (1.0.0)
@@ -251,9 +251,9 @@ GEM
251
251
  sprockets (4.2.1)
252
252
  concurrent-ruby (~> 1.0)
253
253
  rack (>= 2.2.4, < 4)
254
- sprockets-rails (3.4.2)
255
- actionpack (>= 5.2)
256
- activesupport (>= 5.2)
254
+ sprockets-rails (3.5.1)
255
+ actionpack (>= 6.1)
256
+ activesupport (>= 6.1)
257
257
  sprockets (>= 3.0.0)
258
258
  sqlite3 (1.7.3)
259
259
  mini_portile2 (~> 2.8.0)
@@ -271,7 +271,7 @@ GEM
271
271
  websocket-driver (0.7.6)
272
272
  websocket-extensions (>= 0.1.0)
273
273
  websocket-extensions (0.1.5)
274
- zeitwerk (2.6.13)
274
+ zeitwerk (2.6.15)
275
275
 
276
276
  PLATFORMS
277
277
  ruby
data/lib/ruby_shopify_app/controller_concerns/login_protection.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'browser_sniffer'
3
+ require "browser_sniffer"
4
4
 
5
5
  module ShopifyApp
6
6
  module LoginProtection
@@ -16,7 +16,7 @@ module ShopifyApp
16
16
  rescue_from ActiveResource::UnauthorizedAccess, with: :close_session
17
17
  end
18
18
 
19
- ACCESS_TOKEN_REQUIRED_HEADER = 'X-Shopify-API-Request-Failure-Unauthorized'
19
+ ACCESS_TOKEN_REQUIRED_HEADER = "X-Shopify-API-Request-Failure-Unauthorized"
20
20
 
21
21
  def activate_shopify_session
22
22
  if user_session_expected? && user_session.blank?
@@ -37,9 +37,7 @@ module ShopifyApp
37
37
  end
38
38
 
39
39
  def current_shopify_session
40
- @current_shopify_session ||= begin
41
- user_session || shop_session
42
- end
40
+ @current_shopify_session ||= user_session || shop_session
43
41
  end
44
42
 
45
43
  def user_session
@@ -49,12 +47,14 @@ module ShopifyApp
49
47
  def user_session_by_jwt
50
48
  return unless ShopifyApp.configuration.allow_jwt_authentication
51
49
  return unless jwt_shopify_user_id
50
+
52
51
  ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(jwt_shopify_user_id)
53
52
  end
54
53
 
55
54
  def user_session_by_cookie
56
55
  return unless ShopifyApp.configuration.allow_cookie_authentication
57
56
  return unless session[:user_id].present?
57
+
58
58
  ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
59
59
  end
60
60
 
@@ -65,12 +65,14 @@ module ShopifyApp
65
65
  def shop_session_by_jwt
66
66
  return unless ShopifyApp.configuration.allow_jwt_authentication
67
67
  return unless jwt_shopify_domain
68
+
68
69
  ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(jwt_shopify_domain)
69
70
  end
70
71
 
71
72
  def shop_session_by_cookie
72
73
  return unless ShopifyApp.configuration.allow_cookie_authentication
73
74
  return unless session[:shop_id].present?
75
+
74
76
  ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
75
77
  end
76
78
 
@@ -80,8 +82,8 @@ module ShopifyApp
80
82
  end
81
83
 
82
84
  if current_shopify_session &&
83
- params[:shop] && params[:shop].is_a?(String) &&
84
- (current_shopify_session.domain != params[:shop])
85
+ params[:shop] && params[:shop].is_a?(String) &&
86
+ (current_shopify_session.domain != params[:shop])
85
87
  clear_session = true
86
88
  end
87
89
 
@@ -96,19 +98,20 @@ module ShopifyApp
96
98
  end
97
99
 
98
100
  def jwt_expire_at
99
- expire_at = request.env['jwt.expire_at']
101
+ expire_at = request.env["jwt.expire_at"]
100
102
  return unless expire_at
103
+
101
104
  expire_at - 5.seconds # 5s gap to start fetching new token in advance
102
105
  end
103
106
 
104
107
  protected
105
108
 
106
109
  def jwt_shopify_domain
107
- request.env['jwt.shopify_domain']
110
+ request.env["jwt.shopify_domain"]
108
111
  end
109
112
 
110
113
  def jwt_shopify_user_id
111
- request.env['jwt.shopify_user_id']
114
+ request.env["jwt.shopify_user_id"]
112
115
  end
113
116
 
114
117
  def host
@@ -116,7 +119,7 @@ module ShopifyApp
116
119
  end
117
120
 
118
121
  def redirect_to_login
119
- if request.xhr?
122
+ if requested_by_javascript?
120
123
  head(:unauthorized)
121
124
  else
122
125
  if request.get?
@@ -179,14 +182,17 @@ module ShopifyApp
179
182
  end
180
183
 
181
184
  def return_to_param_required?
182
- native_params = %i[shop hmac timestamp locale protocol return_to]
183
- request.path != '/' || sanitized_params.except(*native_params).any?
185
+ native_params = [:shop, :hmac, :timestamp, :locale, :protocol, :return_to]
186
+ request.path != "/" || sanitized_params.except(*native_params).any?
184
187
  end
185
188
 
186
189
  def fullpage_redirect_to(url)
187
190
  if ShopifyApp.configuration.embedded_app?
188
- render('shopify_app/shared/redirect', layout: false,
189
- locals: { url: url, current_shopify_domain: current_shopify_domain })
191
+ render(
192
+ "shopify_app/shared/redirect",
193
+ layout: false,
194
+ locals: { url: url, current_shopify_domain: current_shopify_domain },
195
+ )
190
196
  else
191
197
  redirect_to(url)
192
198
  end
@@ -219,6 +225,7 @@ module ShopifyApp
219
225
 
220
226
  def sanitize_shop_param(params)
221
227
  return unless params[:shop].present?
228
+
222
229
  ShopifyApp::Utils.sanitize_shop_domain(params[:shop])
223
230
  end
224
231
 
@@ -255,5 +262,11 @@ module ShopifyApp
255
262
  def user_session_expected?
256
263
  !ShopifyApp.configuration.user_session_repository.blank? && ShopifyApp::SessionRepository.user_storage.present?
257
264
  end
265
+
266
+ def requested_by_javascript?
267
+ request.xhr? ||
268
+ request.media_type == "text/javascript" ||
269
+ request.media_type == "application/javascript"
270
+ end
258
271
  end
259
272
  end
data/lib/ruby_shopify_app/omniauth/omniauth_configuration.rb CHANGED
@@ -21,6 +21,7 @@ module ShopifyApp
21
21
 
22
22
  def request_online_tokens?
23
23
  return @per_user_permissions unless @per_user_permissions.nil?
24
+
24
25
  default_request_online_tokens?
25
26
  end
26
27
 
@@ -41,8 +42,9 @@ module ShopifyApp
41
42
  end
42
43
 
43
44
  def default_client_options_site
44
- return '' unless shop_domain.present?
45
- "https://#{shopify_auth_params[:shop]}"
45
+ return "" unless shop_domain.present?
46
+
47
+ "https://#{shop_domain}"
46
48
  end
47
49
 
48
50
  def default_request_online_tokens?
@@ -54,11 +56,11 @@ module ShopifyApp
54
56
  end
55
57
 
56
58
  def shop_domain
57
- request.params['shop'] || (shopify_auth_params && shopify_auth_params['shop'])
59
+ request.params["shop"] || (shopify_auth_params && shopify_auth_params["shop"])
58
60
  end
59
61
 
60
62
  def shopify_auth_params
61
- strategy.session['shopify.omniauth_params']&.with_indifferent_access
63
+ strategy.session["shopify.omniauth_params"]&.with_indifferent_access
62
64
  end
63
65
  end
64
66
  end
data/lib/ruby_shopify_app/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ShopifyApp
4
- VERSION = "1.3.1"
4
+ VERSION = "1.3.3"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.1
4
+ version: 1.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hopper Gee
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-11 00:00:00.000000000 Z
11
+ date: 2024-06-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: browser_sniffer