ruby_shopify_app 1.3.1 → 1.3.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 168effe34bcce65dfa9479f8e54da222422df9eb1076d6bc85df5316a9bc7206
|
4
|
+
data.tar.gz: 29be70f5e1573aedc5b92e4bd28c2ef93cfb5157818d5643c003cd0c286a3520
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b1d451fd0ba155fc4c873faacf0b81b9c4906d327aa8ed864fdc3d51a875a22c8e78ee069f5e0634d999ad0ef08664e48fbc04471a25e6b08825b45807cb9d85
|
7
|
+
data.tar.gz: aa5947fe71372462ed7dc5714fcc8fb3ecddfec39fd6b5c6ee8044ae9bc1e96894cf2cffec767b977e9f22073d002d9a2e55c3eb70914fc1bad983bd4103ca38
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
ruby_shopify_app (1.
|
4
|
+
ruby_shopify_app (1.3.3)
|
5
5
|
browser_sniffer (~> 2.0)
|
6
6
|
jwt (>= 2.2.3)
|
7
7
|
omniauth-rails_csrf_protection
|
@@ -108,7 +108,7 @@ GEM
|
|
108
108
|
net-http
|
109
109
|
globalid (1.2.1)
|
110
110
|
activesupport (>= 6.1)
|
111
|
-
graphql (2.3.
|
111
|
+
graphql (2.3.4)
|
112
112
|
base64
|
113
113
|
graphql-client (0.22.0)
|
114
114
|
activesupport (>= 3.0)
|
@@ -142,7 +142,7 @@ GEM
|
|
142
142
|
bigdecimal (~> 3.1)
|
143
143
|
net-http (0.4.1)
|
144
144
|
uri
|
145
|
-
net-imap (0.4.
|
145
|
+
net-imap (0.4.12)
|
146
146
|
date
|
147
147
|
net-protocol
|
148
148
|
net-pop (0.1.2)
|
@@ -151,7 +151,7 @@ GEM
|
|
151
151
|
timeout
|
152
152
|
net-smtp (0.5.0)
|
153
153
|
net-protocol
|
154
|
-
nio4r (2.7.
|
154
|
+
nio4r (2.7.3)
|
155
155
|
nokogiri (1.16.4)
|
156
156
|
mini_portile2 (~> 2.8.2)
|
157
157
|
racc (~> 1.4)
|
@@ -166,7 +166,7 @@ GEM
|
|
166
166
|
hashie (>= 3.4.6)
|
167
167
|
rack (>= 2.2.3)
|
168
168
|
rack-protection
|
169
|
-
omniauth-rails_csrf_protection (1.0.
|
169
|
+
omniauth-rails_csrf_protection (1.0.2)
|
170
170
|
actionpack (>= 4.2)
|
171
171
|
omniauth (~> 2.0)
|
172
172
|
omniauth-shopify-app (1.0.0)
|
@@ -251,9 +251,9 @@ GEM
|
|
251
251
|
sprockets (4.2.1)
|
252
252
|
concurrent-ruby (~> 1.0)
|
253
253
|
rack (>= 2.2.4, < 4)
|
254
|
-
sprockets-rails (3.
|
255
|
-
actionpack (>=
|
256
|
-
activesupport (>=
|
254
|
+
sprockets-rails (3.5.1)
|
255
|
+
actionpack (>= 6.1)
|
256
|
+
activesupport (>= 6.1)
|
257
257
|
sprockets (>= 3.0.0)
|
258
258
|
sqlite3 (1.7.3)
|
259
259
|
mini_portile2 (~> 2.8.0)
|
@@ -271,7 +271,7 @@ GEM
|
|
271
271
|
websocket-driver (0.7.6)
|
272
272
|
websocket-extensions (>= 0.1.0)
|
273
273
|
websocket-extensions (0.1.5)
|
274
|
-
zeitwerk (2.6.
|
274
|
+
zeitwerk (2.6.15)
|
275
275
|
|
276
276
|
PLATFORMS
|
277
277
|
ruby
|
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require
|
3
|
+
require "browser_sniffer"
|
4
4
|
|
5
5
|
module ShopifyApp
|
6
6
|
module LoginProtection
|
@@ -16,7 +16,7 @@ module ShopifyApp
|
|
16
16
|
rescue_from ActiveResource::UnauthorizedAccess, with: :close_session
|
17
17
|
end
|
18
18
|
|
19
|
-
ACCESS_TOKEN_REQUIRED_HEADER =
|
19
|
+
ACCESS_TOKEN_REQUIRED_HEADER = "X-Shopify-API-Request-Failure-Unauthorized"
|
20
20
|
|
21
21
|
def activate_shopify_session
|
22
22
|
if user_session_expected? && user_session.blank?
|
@@ -37,9 +37,7 @@ module ShopifyApp
|
|
37
37
|
end
|
38
38
|
|
39
39
|
def current_shopify_session
|
40
|
-
@current_shopify_session ||=
|
41
|
-
user_session || shop_session
|
42
|
-
end
|
40
|
+
@current_shopify_session ||= user_session || shop_session
|
43
41
|
end
|
44
42
|
|
45
43
|
def user_session
|
@@ -49,12 +47,14 @@ module ShopifyApp
|
|
49
47
|
def user_session_by_jwt
|
50
48
|
return unless ShopifyApp.configuration.allow_jwt_authentication
|
51
49
|
return unless jwt_shopify_user_id
|
50
|
+
|
52
51
|
ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(jwt_shopify_user_id)
|
53
52
|
end
|
54
53
|
|
55
54
|
def user_session_by_cookie
|
56
55
|
return unless ShopifyApp.configuration.allow_cookie_authentication
|
57
56
|
return unless session[:user_id].present?
|
57
|
+
|
58
58
|
ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
|
59
59
|
end
|
60
60
|
|
@@ -65,12 +65,14 @@ module ShopifyApp
|
|
65
65
|
def shop_session_by_jwt
|
66
66
|
return unless ShopifyApp.configuration.allow_jwt_authentication
|
67
67
|
return unless jwt_shopify_domain
|
68
|
+
|
68
69
|
ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(jwt_shopify_domain)
|
69
70
|
end
|
70
71
|
|
71
72
|
def shop_session_by_cookie
|
72
73
|
return unless ShopifyApp.configuration.allow_cookie_authentication
|
73
74
|
return unless session[:shop_id].present?
|
75
|
+
|
74
76
|
ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
|
75
77
|
end
|
76
78
|
|
@@ -80,8 +82,8 @@ module ShopifyApp
|
|
80
82
|
end
|
81
83
|
|
82
84
|
if current_shopify_session &&
|
83
|
-
|
84
|
-
|
85
|
+
params[:shop] && params[:shop].is_a?(String) &&
|
86
|
+
(current_shopify_session.domain != params[:shop])
|
85
87
|
clear_session = true
|
86
88
|
end
|
87
89
|
|
@@ -96,19 +98,20 @@ module ShopifyApp
|
|
96
98
|
end
|
97
99
|
|
98
100
|
def jwt_expire_at
|
99
|
-
expire_at = request.env[
|
101
|
+
expire_at = request.env["jwt.expire_at"]
|
100
102
|
return unless expire_at
|
103
|
+
|
101
104
|
expire_at - 5.seconds # 5s gap to start fetching new token in advance
|
102
105
|
end
|
103
106
|
|
104
107
|
protected
|
105
108
|
|
106
109
|
def jwt_shopify_domain
|
107
|
-
request.env[
|
110
|
+
request.env["jwt.shopify_domain"]
|
108
111
|
end
|
109
112
|
|
110
113
|
def jwt_shopify_user_id
|
111
|
-
request.env[
|
114
|
+
request.env["jwt.shopify_user_id"]
|
112
115
|
end
|
113
116
|
|
114
117
|
def host
|
@@ -116,7 +119,7 @@ module ShopifyApp
|
|
116
119
|
end
|
117
120
|
|
118
121
|
def redirect_to_login
|
119
|
-
if
|
122
|
+
if requested_by_javascript?
|
120
123
|
head(:unauthorized)
|
121
124
|
else
|
122
125
|
if request.get?
|
@@ -179,14 +182,17 @@ module ShopifyApp
|
|
179
182
|
end
|
180
183
|
|
181
184
|
def return_to_param_required?
|
182
|
-
native_params =
|
183
|
-
request.path !=
|
185
|
+
native_params = [:shop, :hmac, :timestamp, :locale, :protocol, :return_to]
|
186
|
+
request.path != "/" || sanitized_params.except(*native_params).any?
|
184
187
|
end
|
185
188
|
|
186
189
|
def fullpage_redirect_to(url)
|
187
190
|
if ShopifyApp.configuration.embedded_app?
|
188
|
-
render(
|
189
|
-
|
191
|
+
render(
|
192
|
+
"shopify_app/shared/redirect",
|
193
|
+
layout: false,
|
194
|
+
locals: { url: url, current_shopify_domain: current_shopify_domain },
|
195
|
+
)
|
190
196
|
else
|
191
197
|
redirect_to(url)
|
192
198
|
end
|
@@ -219,6 +225,7 @@ module ShopifyApp
|
|
219
225
|
|
220
226
|
def sanitize_shop_param(params)
|
221
227
|
return unless params[:shop].present?
|
228
|
+
|
222
229
|
ShopifyApp::Utils.sanitize_shop_domain(params[:shop])
|
223
230
|
end
|
224
231
|
|
@@ -255,5 +262,11 @@ module ShopifyApp
|
|
255
262
|
def user_session_expected?
|
256
263
|
!ShopifyApp.configuration.user_session_repository.blank? && ShopifyApp::SessionRepository.user_storage.present?
|
257
264
|
end
|
265
|
+
|
266
|
+
def requested_by_javascript?
|
267
|
+
request.xhr? ||
|
268
|
+
request.media_type == "text/javascript" ||
|
269
|
+
request.media_type == "application/javascript"
|
270
|
+
end
|
258
271
|
end
|
259
272
|
end
|
@@ -21,6 +21,7 @@ module ShopifyApp
|
|
21
21
|
|
22
22
|
def request_online_tokens?
|
23
23
|
return @per_user_permissions unless @per_user_permissions.nil?
|
24
|
+
|
24
25
|
default_request_online_tokens?
|
25
26
|
end
|
26
27
|
|
@@ -41,8 +42,9 @@ module ShopifyApp
|
|
41
42
|
end
|
42
43
|
|
43
44
|
def default_client_options_site
|
44
|
-
return
|
45
|
-
|
45
|
+
return "" unless shop_domain.present?
|
46
|
+
|
47
|
+
"https://#{shop_domain}"
|
46
48
|
end
|
47
49
|
|
48
50
|
def default_request_online_tokens?
|
@@ -54,11 +56,11 @@ module ShopifyApp
|
|
54
56
|
end
|
55
57
|
|
56
58
|
def shop_domain
|
57
|
-
request.params[
|
59
|
+
request.params["shop"] || (shopify_auth_params && shopify_auth_params["shop"])
|
58
60
|
end
|
59
61
|
|
60
62
|
def shopify_auth_params
|
61
|
-
strategy.session[
|
63
|
+
strategy.session["shopify.omniauth_params"]&.with_indifferent_access
|
62
64
|
end
|
63
65
|
end
|
64
66
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby_shopify_app
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Hopper Gee
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-06-
|
11
|
+
date: 2024-06-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: browser_sniffer
|