shopify-cli 1.12.0 → 2.0.1

data/lib/shopify-cli/http_request.rb

@@ -1,4 +1,5 @@
 require "net/http"
+require "openssl"
 
 module ShopifyCli
   class HttpRequest
@@ -8,14 +9,29 @@ module ShopifyCli
         request(uri, body, headers, req)
       end
 
+      def put(uri, body, headers)
+        req = ::Net::HTTP::Put.new(uri.request_uri)
+        request(uri, body, headers, req)
+      end
+
       def get(uri, body, headers)
         req = ::Net::HTTP::Get.new(uri.request_uri)
         request(uri, body, headers, req)
       end
 
+      def delete(uri, body, headers)
+        req = ::Net::HTTP::Delete.new(uri.request_uri)
+        request(uri, body, headers, req)
+      end
+
       def request(uri, body, headers, req)
+        cert_store = OpenSSL::X509::Store.new
+        cert_store.set_default_paths
+
         http = ::Net::HTTP.new(uri.host, uri.port)
         http.use_ssl = true
+        http.cert_store = cert_store
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE if ENV["SSL_VERIFY_NONE"]
 
         req.body = body unless body.nil?
         req["Content-Type"] = "application/json"

data/lib/shopify-cli/identity_auth.rb

@@ -0,0 +1,282 @@
+require "base64"
+require "digest"
+require "json"
+require "net/http"
+require "securerandom"
+require "openssl"
+require "shopify_cli"
+require "uri"
+require "webrick"
+
+module ShopifyCli
+  class IdentityAuth
+    include SmartProperties
+
+    autoload :Servlet, "shopify-cli/identity_auth/servlet"
+
+    class Error < StandardError; end
+    class Timeout < StandardError; end
+    LocalRequest = Struct.new(:method, :path, :query, :protocol)
+    LOCAL_DEBUG = "SHOPIFY_APP_CLI_LOCAL_PARTNERS"
+
+    DEFAULT_PORT = 3456
+    REDIRECT_HOST = "http://127.0.0.1:#{DEFAULT_PORT}"
+
+    APPLICATION_SCOPES = {
+      "shopify" => %w[https://api.shopify.com/auth/shop.admin.graphql https://api.shopify.com/auth/shop.admin.themes https://api.shopify.com/auth/partners.collaborator-relationships.readonly],
+      "storefront_renderer_production" => %w[https://api.shopify.com/auth/shop.storefront-renderer.devtools],
+      "partners" => %w[https://api.shopify.com/auth/partners.app.cli.access],
+    }
+
+    APPLICATION_CLIENT_IDS = {
+      "shopify" => "7ee65a63608843c577db8b23c4d7316ea0a01bd2f7594f8a9c06ea668c1b775c",
+      "storefront_renderer_production" => "ee139b3d-5861-4d45-b387-1bc3ada7811c",
+      "partners" => "271e16d403dfa18082ffb3d197bd2b5f4479c3fc32736d69296829cbb28d41a6",
+    }
+
+    DEV_APPLICATION_CLIENT_IDS = {
+      "shopify" => "e92482cebb9bfb9fb5a0199cc770fde3de6c8d16b798ee73e36c9d815e070e52",
+      "storefront_renderer_production" => "46f603de-894f-488d-9471-5b721280ff49",
+      "partners" => "df89d73339ac3c6c5f0a98d9ca93260763e384d51d6038da129889c308973978",
+    }
+
+    EXCHANGE_TOKENS = APPLICATION_SCOPES.keys.map do |key|
+      "#{key}_exchange_token".to_sym
+    end
+
+    IDENTITY_ACCESS_TOKENS = %i[
+      identity_access_token
+      identity_refresh_token
+    ]
+
+    property! :ctx
+    property :store, default: -> { ShopifyCli::DB.new }
+    property :state_token, accepts: String, default: SecureRandom.hex(30)
+    property :code_verifier, accepts: String, default: SecureRandom.hex(30)
+
+    attr_accessor :response_query
+
+    def authenticate
+      return if refresh_exchange_tokens || refresh_access_tokens
+
+      initiate_authentication
+
+      begin
+        request_access_token(code: receive_access_code)
+      rescue IdentityAuth::Timeout => e
+        ctx.abort(e.message)
+      end
+      request_exchange_tokens
+    end
+
+    def reauthenticate
+      return if refresh_exchange_tokens || refresh_access_tokens
+      ctx.abort(ctx.message("core.identity_auth.error.reauthenticate", ShopifyCli::TOOL_NAME))
+    end
+
+    def code_challenge
+      @code_challenge ||= Base64.urlsafe_encode64(
+        OpenSSL::Digest::SHA256.digest(code_verifier),
+        padding: false,
+      )
+    end
+
+    def server
+      @server ||= begin
+        server = WEBrick::HTTPServer.new(
+          Port: DEFAULT_PORT,
+          Logger: WEBrick::Log.new(File.open(File::NULL, "w")),
+          AccessLog: [],
+        )
+        server.mount("/", Servlet, self, state_token)
+        server
+      end
+    end
+
+    def self.delete_tokens_and_keys
+      ShopifyCli::DB.del(*IDENTITY_ACCESS_TOKENS)
+      ShopifyCli::DB.del(*EXCHANGE_TOKENS)
+    end
+
+    private
+
+    def initiate_authentication
+      @server_thread = Thread.new { server.start }
+      params = {
+        client_id: client_id,
+        scope: scopes(APPLICATION_SCOPES.values.flatten),
+        redirect_uri: REDIRECT_HOST,
+        state: state_token,
+        response_type: :code,
+      }
+      params.merge!(challange_params)
+      uri = URI.parse("#{auth_url}/authorize")
+      uri.query = URI.encode_www_form(params)
+      open_browser_authentication(uri)
+    end
+
+    def open_browser_authentication(uri)
+      ctx.open_browser_url!(uri)
+    end
+
+    def receive_access_code
+      @access_code ||= begin
+        @server_thread.join(240)
+        raise Timeout, ctx.message("core.identity_auth.error.timeout") if response_query.nil?
+        raise Error, response_query["error_description"] unless response_query["error"].nil?
+        response_query["code"]
+      end
+    end
+
+    def request_access_token(code:)
+      resp = post_token_request(
+        grant_type: :authorization_code,
+        code: code,
+        redirect_uri: REDIRECT_HOST,
+        client_id: client_id,
+        code_verifier: code_verifier,
+      )
+      store.set(
+        identity_access_token: resp["access_token"],
+        identity_refresh_token: resp["refresh_token"],
+      )
+    end
+
+    def refresh_access_tokens
+      return false unless IDENTITY_ACCESS_TOKENS.all? { |key| store.exists?(key) }
+
+      resp = post_token_request(
+        grant_type: :refresh_token,
+        access_token: store.get(:identity_access_token),
+        refresh_token: store.get(:identity_refresh_token),
+        client_id: client_id,
+      )
+      store.set(
+        identity_access_token: resp["access_token"],
+        identity_refresh_token: resp["refresh_token"],
+      )
+
+      # Need to refresh the exchange token on successful access token refresh
+      request_exchange_tokens
+
+      true
+    rescue
+      store.del(*IDENTITY_ACCESS_TOKENS)
+      false
+    end
+
+    def refresh_exchange_tokens
+      return false unless EXCHANGE_TOKENS.all? { |key| store.exists?(key) }
+
+      request_exchange_tokens
+
+      true
+    rescue
+      store.del(*EXCHANGE_TOKENS)
+      false
+    end
+
+    def request_exchange_tokens
+      APPLICATION_SCOPES.each do |key, scopes|
+        request_exchange_token(key, client_id_for_application(key), scopes)
+      end
+    end
+
+    def request_exchange_token(name, audience, additional_scopes)
+      return if name == "shopify" && !store.exists?(:shop)
+
+      params = {
+        grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
+        requested_token_type: "urn:ietf:params:oauth:token-type:access_token",
+        subject_token_type: "urn:ietf:params:oauth:token-type:access_token",
+        client_id: client_id,
+        audience: audience,
+        scope: scopes(additional_scopes),
+        subject_token: store.get(:identity_access_token),
+      }.tap do |result|
+        if name == "shopify"
+          result[:destination] = "https://#{store.get(:shop)}/admin"
+        end
+      end
+      # ctx.debug(params)
+      resp = post_token_request(params)
+      store.set("#{name}_exchange_token".to_sym => resp["access_token"])
+      ctx.debug("#{name}_exchange_token: " + resp["access_token"])
+    end
+
+    def post_token_request(params)
+      post_request("/token", params)
+    end
+
+    def post_request(endpoint, params)
+      uri = URI.parse("#{auth_url}#{endpoint}")
+      https = Net::HTTP.new(uri.host, uri.port)
+      https.use_ssl = true
+      request = Net::HTTP::Post.new(uri.path)
+      request["User-Agent"] = "Shopify CLI #{::ShopifyCli::VERSION}"
+      request.body = URI.encode_www_form(params)
+      res = https.request(request)
+      unless res.is_a?(Net::HTTPSuccess)
+        error_msg = JSON.parse(res.body)["error_description"]
+        shop = store.get(:shop)
+        if error_msg.include?("destination")
+          store.del(:shop)
+          ctx.abort(ctx.message("core.identity_auth.error.invalid_destination", shop))
+        end
+        raise Error, error_msg
+      end
+      JSON.parse(res.body)
+    end
+
+    def challange_params
+      {
+        code_challenge: code_challenge,
+        code_challenge_method: "S256",
+      }
+    end
+
+    def auth_url
+      return "https://accounts.shopify.com/oauth" if ENV[LOCAL_DEBUG].nil?
+      "https://identity.myshopify.io/oauth"
+    end
+
+    def client_id_for_application(application_name)
+      client_ids = if ENV[LOCAL_DEBUG]
+        DEV_APPLICATION_CLIENT_IDS
+      else
+        APPLICATION_CLIENT_IDS
+      end
+
+      client_ids[application_name]
+    end
+
+    def scopes(additional_scopes = [])
+      (["openid"] + additional_scopes).tap do |result|
+        result << "employee" if ShopifyCli::Shopifolk.acting_as_shopify_organization?
+      end.join(" ")
+    end
+
+    def client_id
+      return "fbdb2649-e327-4907-8f67-908d24cfd7e3" if ENV[LOCAL_DEBUG].nil?
+
+      ctx.abort(ctx.message("core.identity_auth.error.local_identity_not_running")) unless local_identity_running?
+
+      # Fetch the client ID from the local Identity Dynamic Registration endpoint
+      response = post_request("/client", {
+        name: "shopify-cli-development",
+        public_type: "native",
+      })
+
+      response["client_id"]
+    end
+
+    def local_identity_running?
+      Net::HTTP.start("identity.myshopify.io", 443, use_ssl: true, open_timeout: 1, read_timeout: 10) do |http|
+        req = Net::HTTP::Get.new(URI.join("https://identity.myshopify.io", "/services/ping"))
+        http.request(req).is_a?(Net::HTTPSuccess)
+      end
+    rescue Timeout::Error, Errno::EHOSTUNREACH, Errno::EHOSTDOWN, Errno::EADDRNOTAVAIL, Errno::ECONNREFUSED
+      false
+    end
+  end
+end

data/lib/shopify-cli/{oauth → identity_auth}/servlet.rb

@@ -1,5 +1,5 @@
 module ShopifyCli
-  class OAuth
+  class IdentityAuth
     class Servlet < WEBrick::HTTPServlet::AbstractServlet
       TEMPLATE = %{<!DOCTYPE html>
         <html>
@@ -13,15 +13,13 @@ module ShopifyCli
         </html>
       }
       AUTOCLOSE_TEMPLATE = %{
-        <script>
-          setTimeout(function() { window.close(); }, 3000)
-        </script>
+        <script>window.close();</script>
       }
 
-      def initialize(server, oauth, token)
+      def initialize(server, identity_auth, token)
         super
         @server = server
-        @oauth = oauth
+        @identity_auth = identity_auth
         @state_token = token
       end
 
@@ -30,16 +28,16 @@ module ShopifyCli
           respond_with(
             res,
             400,
-            Context.message("core.oauth.servlet.invalid_request_response", req.query["error_description"])
+            Context.message("core.identity_auth.servlet.invalid_request_response", req.query["error_description"])
           )
         elsif req.query["state"] != @state_token
-          response_message = Context.message("core.oauth.servlet.invalid_state_response")
+          response_message = Context.message("core.identity_auth.servlet.invalid_state_response")
           req.query.merge!("error" => "invalid_state", "error_description" => response_message)
           respond_with(res, 403, response_message)
         else
-          respond_with(res, 200, Context.message("core.oauth.servlet.success_response"))
+          respond_with(res, 200, Context.message("core.identity_auth.servlet.success_response"))
         end
-        @oauth.response_query = req.query
+        @identity_auth.response_query = req.query
         @server.shutdown
       end
 
@@ -49,8 +47,9 @@ module ShopifyCli
           status: status,
           message: message,
           color: successful ? "black" : "red",
-          title:
-            Context.message(successful ? "core.oauth.servlet.authenticated" : "core.oauth.servlet.not_authenticated"),
+          title: Context.message(
+            successful ? "core.identity_auth.servlet.authenticated" : "core.identity_auth.servlet.not_authenticated"
+          ),
           autoclose: successful ? AUTOCLOSE_TEMPLATE : "",
         }
         response.status = status

data/lib/shopify-cli/messages/messages.rb

@@ -7,19 +7,14 @@ module ShopifyCli
         create: {
           info: {
             created: "{{v}} {{green:%s}} was created in the organization's Partner Dashboard {{underline:%s}}",
-            serve: "{{*}} Change directories to your new project folder {{green:%s}} and run {{command:%s serve}} " \
-            "to start a local server",
+            serve: "{{*}} Change directories to your new project folder {{green:%s}} and run "\
+            "{{command:%s %s serve}} to start a local server",
             install: "{{*}} Then, visit {{underline:%s/test}} to install {{green:%s}} on your Dev Store",
           },
         },
       },
       core: {
         connect: {
-          help: <<~HELP,
-            Connect (or re-connect) an existing project to a Shopify partner organization and/or a store. Creates or updates the {{green:.env}} file, and creates the {{green:.shopify-cli.yml}} file.
-              Usage: {{command:%s connect}}
-          HELP
-
           already_connected_warning: "{{yellow:! This app appears to be already connected}}",
           project_type_select: "What type of project would you like to connect?",
           cli_yml_saved: ".shopify-cli.yml saved to project root",
@@ -32,19 +27,6 @@ module ShopifyCli
           OPEN
         },
 
-        create: {
-          help: <<~HELP,
-            Create a new project.
-              Usage: {{command:%s create [ %s ]}}
-          HELP
-
-          error: {
-            invalid_app_type: "{{red:Error}}: invalid app type {{bold:%s}}",
-          },
-
-          project_type_select: "What type of project would you like to create?",
-        },
-
         env_file: {
           saving_header: "writing %s file...",
           saving: "writing %s file",
@@ -99,8 +81,6 @@ module ShopifyCli
           preamble: <<~MESSAGE,
             Use {{command:%s help <command>}} to display detailed information about a specific command.
 
-            {{bold:Available core commands:}}
-
           MESSAGE
         },
 
@@ -129,13 +109,35 @@ module ShopifyCli
           npm_installed_deps: "%d npm dependencies installed",
         },
 
+        login: {
+          help: <<~HELP,
+            Log in to the Shopify CLI by authenticating with a store or partner organization
+              Usage: {{command:%s login [--store=STORE]}}
+          HELP
+          invalid_shop: <<~MESSAGE,
+            Invalid store provided (%s). Please provide the store in the following format: my-store.myshopify.com
+          MESSAGE
+          shop_prompt: <<~PROMPT,
+            What store are you connecting to? (e.g. my-store.myshopify.com; do {{bold:NOT}} include protocol part, e.g., https://)
+          PROMPT
+        },
+
         logout: {
           help: <<~HELP,
-            Log out of a currently authenticated partner organization and store, or clear invalid credentials
+            Log out of an authenticated partner organization and store, or clear invalid credentials
               Usage: {{command:%s logout}}
           HELP
 
-          success: "Logged out of partner organization and store",
+          success: "Successfully logged out of your account",
+        },
+
+        switch: {
+          help: <<~HELP,
+            Switch between development stores in your partner organization
+              Usage: {{command:%s switch [--store=STORE]}}
+          HELP
+          disabled_as_shopify_org: "Can't switch development stores logged in as {{green:Shopify partners org}}",
+          success: "Switched development store to {{green:%s}}",
         },
 
         monorail: {
@@ -146,9 +148,12 @@ module ShopifyCli
           MSG
         },
 
-        oauth: {
+        identity_auth: {
           error: {
             timeout: "Timed out while waiting for response from Shopify",
+            local_identity_not_running: "Identity needs to be running locally in order to proceed.",
+            reauthenticate: "Please login again with {{command:shopify login}}",
+            invalid_destination: "The store %s doesn't exist. Please log out and try again.",
           },
 
           location: {
@@ -166,6 +171,7 @@ module ShopifyCli
             authenticated: "Authenticated successfully",
             not_authenticated: "Failed to authenticate",
           },
+          login_prompt: "Please ensure you've logged in with {{command:%s login}} and try again",
         },
 
         options: {
@@ -184,6 +190,11 @@ module ShopifyCli
 
         api: {
           error: {
+            failed_auth: "Failed to authenticate with Shopify. Please try again later.",
+            failed_auth_debugging: "{{red:Please provide this information with your report:}}\n%s\n\n",
+            forbidden: <<~FORBIDDEN,
+              Command not allowed with current login. Please check your login details with {{command:%s whoami}}. You may need to request additional permissions for this action.
+            FORBIDDEN
             internal_server_error: "{{red:{{x}} An unexpected error occurred on Shopify.}}",
             internal_server_error_debug: "\n{{red:Response details:}}\n%s\n\n",
             invalid_url: "Invalid URL: %s",
@@ -191,22 +202,78 @@ module ShopifyCli
         },
 
         populate: {
+          help: <<~HELP,
+            Populate a Shopify store with example customers, orders, or products.
+              Usage: {{command:%s populate [ customers | draftorders | products ]}}
+          HELP
+
+          extended_help: <<~HELP,
+            {{bold:Subcommands:}}
+
+              {{cyan:customers [options]}}: Add dummy customers to the specified store.
+                Usage: {{command:%1$s populate customers}}
+
+              {{cyan:draftorders [options]}}: Add dummy orders to the specified store.
+                Usage: {{command:%1$s populate draftorders}}
+
+              {{cyan:products [options]}}: Add dummy products to the specified store.
+                Usage: {{command:%1$s populate products}}
+
+            {{bold:Options:}}
+
+              {{cyan:--count [integer]}}: The number of dummy items to populate. Defaults to 5.
+              {{cyan:--silent}}: Silence the populate output.
+              {{cyan:--help}}: Display more options specific to each subcommand.
+
+            {{bold:Examples:}}
+
+              {{command:%1$s populate products}}
+                Populate your store with 5 additional products.
+
+              {{command:%1$s populate customers --count 30}}
+                Populate your store with 30 additional customers.
+
+              {{command:%1$s populate draftorders}}
+                Populate your store with 5 additional orders.
+
+              {{command:%1$s populate products --help}}
+                Display the list of options available to customize the {{command:%1$s populate products}} command.
+          HELP
+
+          error: {
+            no_shop: "No store found. Please run {{command:%s login --store=STORE}} to login to a specific store",
+          },
+
+          customer: {
+            added: "%s added to {{green:%s}} at {{underline:%scustomers/%d}}",
+          },
+
+          draft_order: {
+            added: "DraftOrder added to {{green:%s}} at {{underline:%sdraft_orders/%d}}",
+          },
+
           options: {
             header: "{{bold:{{cyan:%s}} options:}}",
             count_help: "Number of resources to generate",
           },
+
           populating: "Populating %d %ss...",
+
           completion_message: <<~COMPLETION_MESSAGE,
             Successfully added %d %s to {{green:%s}}
             {{*}} View all %ss at {{underline:%s%ss}}
           COMPLETION_MESSAGE
+
+          product: {
+            added: "%s added to {{green:%s}} at {{underline:%sproducts/%d}}",
+          },
         },
 
         project: {
           error: {
             not_in_project: <<~MESSAGE,
               {{x}} You are not in a Shopify app project
-              {{yellow:{{*}}}}{{reset: Run}}{{cyan: shopify create}}{{reset: to create your app}}
+              {{yellow:{{*}}}}{{reset: Run}}{{cyan: shopify rails create}}{{reset: or}}{{cyan: shopify node create}}{{reset: to create your app}}
             MESSAGE
           },
         },
@@ -238,7 +305,8 @@ module ShopifyCli
             unknown_option: "{{x}} {{red:unknown option '%s'}}",
           },
 
-          header: "{{bold:Shopify App CLI}}",
+          header: "{{bold:Shopify CLI}}",
+          shop_header: "{{bold:Current Shop}}",
           const: "%17s = %s",
           ruby_header: <<~RUBY_MESSAGE,
             {{bold:Ruby (via RbConfig)}}
@@ -265,7 +333,20 @@ module ShopifyCli
           identity_is_shopifolk: "{{v}} Checked user settings: you’re Shopify staff!",
         },
 
+        store: {
+          help: <<~HELP,
+            Display current store.
+              Usage: {{command:%s store}}
+          HELP
+          shop: "You're currently logged into {{green:%s}}",
+        },
+
         tasks: {
+          confirm_store: {
+            prompt: "You are currently logged into {{green:%s}}. Do you want to proceed using this store?",
+            confirmation: "Proceeding using {{green:%s}}",
+            cancelling: "Cancelling ...",
+          },
           ensure_env: {
             organization_select: "To which partner organization does this project belong?",
             no_development_stores: <<~MESSAGE,
@@ -292,6 +373,9 @@ module ShopifyCli
               MESSAGE
             transfer_disabled: "{{v}} Transfer has been disabled on %s.",
           },
+          ensure_project_type: {
+            wrong_project_type: "This command can only be run within %s projects.",
+          },
           update_dashboard_urls: {
             updated: "{{v}} Whitelist URLS updated in Partners Dashboard}}",
             update_error:
@@ -309,10 +393,11 @@ module ShopifyCli
               organization_not_found: "Cannot find a partner organization with that ID",
               shopifolk_notice: <<~MESSAGE,
                 {{i}} As a {{green:Shopify}} employee, the authentication should take you to the Shopify Okta login,
-                NOT the Partner account login. Please run {{command:%s logout}} and try again.
+                NOT the partner account login. Please run {{command:%s logout}} and try again.
               MESSAGE
             },
-            first_party: "Are you working on a 1P (1st Party) app?",
+            first_party: "Are you working on a {{green:Shopify project}} on behalf of the"\
+              " {{green:Shopify partners org}}?",
             identified_as_shopify: "We've identified you as a {{green:Shopify}} employee.",
             organization: "Partner organization {{green:%s (%s)}}",
             organization_select: "Select partner organization",
@@ -333,7 +418,7 @@ module ShopifyCli
           signup_suggestion: <<~MESSAGE,
             {{*}} To avoid tunnels that timeout, it is recommended to signup for a free ngrok
             account at {{underline:https://ngrok.com/signup}}. After you signup, install your
-            personalized authorization token using {{command:%s tunnel auth <token>}}.
+            personalized authorization token using {{command:%s [ node | rails ] tunnel auth <token>}}.
           MESSAGE
           start: "{{v}} ngrok tunnel running at {{underline:%s}}",
           start_with_account: "{{v}} ngrok tunnel running at {{underline:%s}}, with account %s",
@@ -357,21 +442,30 @@ module ShopifyCli
 
           DEVELOPMENT
 
-          shell_shim: <<~MESSAGE,
-            {{x}} This version of Shopify App CLI is no longer supported. You’ll need to migrate to the new CLI version to continue.
+          new_version: <<~MESSAGE,
+            {{*}} {{yellow:A new version of Shopify CLI is available! You have version %s and the latest version is %s.
 
-              Please visit this page for complete instructions:
-              {{underline:https://shopify.dev/tools/cli/troubleshooting#migrate-from-a-legacy-version}}
+              To upgrade, follow the instructions for the package manager you’re using:
+              {{underline:https://shopify.dev/tools/cli/troubleshooting#upgrade-shopify-cli}}}}
 
           MESSAGE
+        },
 
-          new_version: <<~MESSAGE,
-            {{*}} {{yellow:A new version of Shopify App CLI is available! You have version %s and the latest version is %s.
-
-              To upgrade, follow the instructions for the package manager you’re using:
-              {{underline:https://shopify.dev/tools/cli/troubleshooting#upgrade-shopify-app-cli}}}}
+        whoami: {
+          help: <<~HELP,
+            Identifies which partner organization or store you are currently logged into.
+              Usage: {{command:%s whoami}}
+          HELP
+          not_logged_in: <<~MESSAGE,
+            It doesn't appear that you're logged in. You must log into a partner organization or a store staff account.
 
+            If trying to log into a store staff account, please use {{command:%s login --store=STORE}} to log in.
+          MESSAGE
+          logged_in_shop_only: <<~MESSAGE,
+            Logged into store {{green:%s}} as staff (no partner organizations available for this login)
           MESSAGE
+          logged_in_partner_only: "Logged into partner organization {{green:%s}}",
+          logged_in_partner_and_shop: "Logged into store {{green:%s}} in partner organization {{green:%s}}",
         },
       },
     }.freeze