ruby_shopify_app 1.3.1 → 1.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 168effe34bcce65dfa9479f8e54da222422df9eb1076d6bc85df5316a9bc7206
|
|
4
|
+
data.tar.gz: 29be70f5e1573aedc5b92e4bd28c2ef93cfb5157818d5643c003cd0c286a3520
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b1d451fd0ba155fc4c873faacf0b81b9c4906d327aa8ed864fdc3d51a875a22c8e78ee069f5e0634d999ad0ef08664e48fbc04471a25e6b08825b45807cb9d85
|
|
7
|
+
data.tar.gz: aa5947fe71372462ed7dc5714fcc8fb3ecddfec39fd6b5c6ee8044ae9bc1e96894cf2cffec767b977e9f22073d002d9a2e55c3eb70914fc1bad983bd4103ca38
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
ruby_shopify_app (1.
|
|
4
|
+
ruby_shopify_app (1.3.3)
|
|
5
5
|
browser_sniffer (~> 2.0)
|
|
6
6
|
jwt (>= 2.2.3)
|
|
7
7
|
omniauth-rails_csrf_protection
|
|
@@ -108,7 +108,7 @@ GEM
|
|
|
108
108
|
net-http
|
|
109
109
|
globalid (1.2.1)
|
|
110
110
|
activesupport (>= 6.1)
|
|
111
|
-
graphql (2.3.
|
|
111
|
+
graphql (2.3.4)
|
|
112
112
|
base64
|
|
113
113
|
graphql-client (0.22.0)
|
|
114
114
|
activesupport (>= 3.0)
|
|
@@ -142,7 +142,7 @@ GEM
|
|
|
142
142
|
bigdecimal (~> 3.1)
|
|
143
143
|
net-http (0.4.1)
|
|
144
144
|
uri
|
|
145
|
-
net-imap (0.4.
|
|
145
|
+
net-imap (0.4.12)
|
|
146
146
|
date
|
|
147
147
|
net-protocol
|
|
148
148
|
net-pop (0.1.2)
|
|
@@ -151,7 +151,7 @@ GEM
|
|
|
151
151
|
timeout
|
|
152
152
|
net-smtp (0.5.0)
|
|
153
153
|
net-protocol
|
|
154
|
-
nio4r (2.7.
|
|
154
|
+
nio4r (2.7.3)
|
|
155
155
|
nokogiri (1.16.4)
|
|
156
156
|
mini_portile2 (~> 2.8.2)
|
|
157
157
|
racc (~> 1.4)
|
|
@@ -166,7 +166,7 @@ GEM
|
|
|
166
166
|
hashie (>= 3.4.6)
|
|
167
167
|
rack (>= 2.2.3)
|
|
168
168
|
rack-protection
|
|
169
|
-
omniauth-rails_csrf_protection (1.0.
|
|
169
|
+
omniauth-rails_csrf_protection (1.0.2)
|
|
170
170
|
actionpack (>= 4.2)
|
|
171
171
|
omniauth (~> 2.0)
|
|
172
172
|
omniauth-shopify-app (1.0.0)
|
|
@@ -251,9 +251,9 @@ GEM
|
|
|
251
251
|
sprockets (4.2.1)
|
|
252
252
|
concurrent-ruby (~> 1.0)
|
|
253
253
|
rack (>= 2.2.4, < 4)
|
|
254
|
-
sprockets-rails (3.
|
|
255
|
-
actionpack (>=
|
|
256
|
-
activesupport (>=
|
|
254
|
+
sprockets-rails (3.5.1)
|
|
255
|
+
actionpack (>= 6.1)
|
|
256
|
+
activesupport (>= 6.1)
|
|
257
257
|
sprockets (>= 3.0.0)
|
|
258
258
|
sqlite3 (1.7.3)
|
|
259
259
|
mini_portile2 (~> 2.8.0)
|
|
@@ -271,7 +271,7 @@ GEM
|
|
|
271
271
|
websocket-driver (0.7.6)
|
|
272
272
|
websocket-extensions (>= 0.1.0)
|
|
273
273
|
websocket-extensions (0.1.5)
|
|
274
|
-
zeitwerk (2.6.
|
|
274
|
+
zeitwerk (2.6.15)
|
|
275
275
|
|
|
276
276
|
PLATFORMS
|
|
277
277
|
ruby
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require
|
|
3
|
+
require "browser_sniffer"
|
|
4
4
|
|
|
5
5
|
module ShopifyApp
|
|
6
6
|
module LoginProtection
|
|
@@ -16,7 +16,7 @@ module ShopifyApp
|
|
|
16
16
|
rescue_from ActiveResource::UnauthorizedAccess, with: :close_session
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
ACCESS_TOKEN_REQUIRED_HEADER =
|
|
19
|
+
ACCESS_TOKEN_REQUIRED_HEADER = "X-Shopify-API-Request-Failure-Unauthorized"
|
|
20
20
|
|
|
21
21
|
def activate_shopify_session
|
|
22
22
|
if user_session_expected? && user_session.blank?
|
|
@@ -37,9 +37,7 @@ module ShopifyApp
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def current_shopify_session
|
|
40
|
-
@current_shopify_session ||=
|
|
41
|
-
user_session || shop_session
|
|
42
|
-
end
|
|
40
|
+
@current_shopify_session ||= user_session || shop_session
|
|
43
41
|
end
|
|
44
42
|
|
|
45
43
|
def user_session
|
|
@@ -49,12 +47,14 @@ module ShopifyApp
|
|
|
49
47
|
def user_session_by_jwt
|
|
50
48
|
return unless ShopifyApp.configuration.allow_jwt_authentication
|
|
51
49
|
return unless jwt_shopify_user_id
|
|
50
|
+
|
|
52
51
|
ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(jwt_shopify_user_id)
|
|
53
52
|
end
|
|
54
53
|
|
|
55
54
|
def user_session_by_cookie
|
|
56
55
|
return unless ShopifyApp.configuration.allow_cookie_authentication
|
|
57
56
|
return unless session[:user_id].present?
|
|
57
|
+
|
|
58
58
|
ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
|
|
59
59
|
end
|
|
60
60
|
|
|
@@ -65,12 +65,14 @@ module ShopifyApp
|
|
|
65
65
|
def shop_session_by_jwt
|
|
66
66
|
return unless ShopifyApp.configuration.allow_jwt_authentication
|
|
67
67
|
return unless jwt_shopify_domain
|
|
68
|
+
|
|
68
69
|
ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(jwt_shopify_domain)
|
|
69
70
|
end
|
|
70
71
|
|
|
71
72
|
def shop_session_by_cookie
|
|
72
73
|
return unless ShopifyApp.configuration.allow_cookie_authentication
|
|
73
74
|
return unless session[:shop_id].present?
|
|
75
|
+
|
|
74
76
|
ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
|
|
75
77
|
end
|
|
76
78
|
|
|
@@ -80,8 +82,8 @@ module ShopifyApp
|
|
|
80
82
|
end
|
|
81
83
|
|
|
82
84
|
if current_shopify_session &&
|
|
83
|
-
|
|
84
|
-
|
|
85
|
+
params[:shop] && params[:shop].is_a?(String) &&
|
|
86
|
+
(current_shopify_session.domain != params[:shop])
|
|
85
87
|
clear_session = true
|
|
86
88
|
end
|
|
87
89
|
|
|
@@ -96,19 +98,20 @@ module ShopifyApp
|
|
|
96
98
|
end
|
|
97
99
|
|
|
98
100
|
def jwt_expire_at
|
|
99
|
-
expire_at = request.env[
|
|
101
|
+
expire_at = request.env["jwt.expire_at"]
|
|
100
102
|
return unless expire_at
|
|
103
|
+
|
|
101
104
|
expire_at - 5.seconds # 5s gap to start fetching new token in advance
|
|
102
105
|
end
|
|
103
106
|
|
|
104
107
|
protected
|
|
105
108
|
|
|
106
109
|
def jwt_shopify_domain
|
|
107
|
-
request.env[
|
|
110
|
+
request.env["jwt.shopify_domain"]
|
|
108
111
|
end
|
|
109
112
|
|
|
110
113
|
def jwt_shopify_user_id
|
|
111
|
-
request.env[
|
|
114
|
+
request.env["jwt.shopify_user_id"]
|
|
112
115
|
end
|
|
113
116
|
|
|
114
117
|
def host
|
|
@@ -116,7 +119,7 @@ module ShopifyApp
|
|
|
116
119
|
end
|
|
117
120
|
|
|
118
121
|
def redirect_to_login
|
|
119
|
-
if
|
|
122
|
+
if requested_by_javascript?
|
|
120
123
|
head(:unauthorized)
|
|
121
124
|
else
|
|
122
125
|
if request.get?
|
|
@@ -179,14 +182,17 @@ module ShopifyApp
|
|
|
179
182
|
end
|
|
180
183
|
|
|
181
184
|
def return_to_param_required?
|
|
182
|
-
native_params =
|
|
183
|
-
request.path !=
|
|
185
|
+
native_params = [:shop, :hmac, :timestamp, :locale, :protocol, :return_to]
|
|
186
|
+
request.path != "/" || sanitized_params.except(*native_params).any?
|
|
184
187
|
end
|
|
185
188
|
|
|
186
189
|
def fullpage_redirect_to(url)
|
|
187
190
|
if ShopifyApp.configuration.embedded_app?
|
|
188
|
-
render(
|
|
189
|
-
|
|
191
|
+
render(
|
|
192
|
+
"shopify_app/shared/redirect",
|
|
193
|
+
layout: false,
|
|
194
|
+
locals: { url: url, current_shopify_domain: current_shopify_domain },
|
|
195
|
+
)
|
|
190
196
|
else
|
|
191
197
|
redirect_to(url)
|
|
192
198
|
end
|
|
@@ -219,6 +225,7 @@ module ShopifyApp
|
|
|
219
225
|
|
|
220
226
|
def sanitize_shop_param(params)
|
|
221
227
|
return unless params[:shop].present?
|
|
228
|
+
|
|
222
229
|
ShopifyApp::Utils.sanitize_shop_domain(params[:shop])
|
|
223
230
|
end
|
|
224
231
|
|
|
@@ -255,5 +262,11 @@ module ShopifyApp
|
|
|
255
262
|
def user_session_expected?
|
|
256
263
|
!ShopifyApp.configuration.user_session_repository.blank? && ShopifyApp::SessionRepository.user_storage.present?
|
|
257
264
|
end
|
|
265
|
+
|
|
266
|
+
def requested_by_javascript?
|
|
267
|
+
request.xhr? ||
|
|
268
|
+
request.media_type == "text/javascript" ||
|
|
269
|
+
request.media_type == "application/javascript"
|
|
270
|
+
end
|
|
258
271
|
end
|
|
259
272
|
end
|
|
@@ -21,6 +21,7 @@ module ShopifyApp
|
|
|
21
21
|
|
|
22
22
|
def request_online_tokens?
|
|
23
23
|
return @per_user_permissions unless @per_user_permissions.nil?
|
|
24
|
+
|
|
24
25
|
default_request_online_tokens?
|
|
25
26
|
end
|
|
26
27
|
|
|
@@ -41,8 +42,9 @@ module ShopifyApp
|
|
|
41
42
|
end
|
|
42
43
|
|
|
43
44
|
def default_client_options_site
|
|
44
|
-
return
|
|
45
|
-
|
|
45
|
+
return "" unless shop_domain.present?
|
|
46
|
+
|
|
47
|
+
"https://#{shop_domain}"
|
|
46
48
|
end
|
|
47
49
|
|
|
48
50
|
def default_request_online_tokens?
|
|
@@ -54,11 +56,11 @@ module ShopifyApp
|
|
|
54
56
|
end
|
|
55
57
|
|
|
56
58
|
def shop_domain
|
|
57
|
-
request.params[
|
|
59
|
+
request.params["shop"] || (shopify_auth_params && shopify_auth_params["shop"])
|
|
58
60
|
end
|
|
59
61
|
|
|
60
62
|
def shopify_auth_params
|
|
61
|
-
strategy.session[
|
|
63
|
+
strategy.session["shopify.omniauth_params"]&.with_indifferent_access
|
|
62
64
|
end
|
|
63
65
|
end
|
|
64
66
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ruby_shopify_app
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hopper Gee
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-06-
|
|
11
|
+
date: 2024-06-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: browser_sniffer
|