shopify-cli 1.14.0 → 2.0.0

data/lib/{project_types/node → shopify-cli}/commands/populate/customer.rb

@@ -1,6 +1,6 @@
 require "shopify_cli"
 
-module Node
+module ShopifyCli
   module Commands
     class Populate
       class Customer < ShopifyCli::AdminAPI::PopulateResourceCommand
@@ -17,13 +17,7 @@ module Node
         def message(data)
           ret = data["customerCreate"]["customer"]
           id = ShopifyCli::API.gid_to_id(ret["id"])
-          @ctx.message(
-            "node.populate.customer.added",
-            ret["displayName"],
-            ShopifyCli::Project.current.env.shop,
-            admin_url,
-            id
-          )
+          @ctx.message("core.populate.customer.added", ret["displayName"], @shop, admin_url, id)
         end
       end
     end

data/lib/{project_types/node → shopify-cli}/commands/populate/draft_order.rb

@@ -1,6 +1,6 @@
 require "shopify_cli"
 
-module Node
+module ShopifyCli
   module Commands
     class Populate
       class DraftOrder < ShopifyCli::AdminAPI::PopulateResourceCommand
@@ -20,7 +20,7 @@ module Node
         def message(data)
           ret = data["draftOrderCreate"]["draftOrder"]
           id = ShopifyCli::API.gid_to_id(ret["id"])
-          @ctx.message("node.populate.draft_order.added", ShopifyCli::Project.current.env.shop, admin_url, id)
+          @ctx.message("core.populate.draft_order.added", @shop, admin_url, id)
         end
       end
     end

data/lib/{project_types/node → shopify-cli}/commands/populate/product.rb

@@ -1,6 +1,6 @@
 require "shopify_cli"
 
-module Node
+module ShopifyCli
   module Commands
     class Populate
       class Product < ShopifyCli::AdminAPI::PopulateResourceCommand
@@ -16,13 +16,7 @@ module Node
         def message(data)
           ret = data["productCreate"]["product"]
           id = ShopifyCli::API.gid_to_id(ret["id"])
-          @ctx.message(
-            "node.populate.product.added",
-            ret["title"],
-            ShopifyCli::Project.current.env.shop,
-            admin_url,
-            id
-          )
+          @ctx.message("core.populate.product.added", ret["title"], @shop, admin_url, id)
         end
       end
     end

data/lib/shopify-cli/commands/store.rb

@@ -0,0 +1,15 @@
+require "shopify_cli"
+
+module ShopifyCli
+  module Commands
+    class Store < ShopifyCli::Command
+      def call(_args, _name)
+        @ctx.puts(@ctx.message("core.store.shop", ShopifyCli::AdminAPI.get_shop_or_abort(@ctx)))
+      end
+
+      def self.help
+        ShopifyCli::Context.message("core.store.help", ShopifyCli::TOOL_NAME)
+      end
+    end
+  end
+end

data/lib/shopify-cli/commands/switch.rb

@@ -0,0 +1,39 @@
+require "shopify_cli"
+
+module ShopifyCli
+  module Commands
+    class Switch < ShopifyCli::Command
+      options do |parser, flags|
+        parser.on("--store=STORE") { |url| flags[:shop] = url }
+        # backwards compatibility allow 'shop' for now
+        parser.on("--shop=SHOP") { |url| flags[:shop] = url }
+      end
+
+      def call(*)
+        if Shopifolk.acting_as_shopify_organization?
+          @ctx.puts(@ctx.message("core.switch.disabled_as_shopify_org"))
+          return
+        end
+
+        shop = if options.flags[:shop]
+          Login.validate_shop(options.flags[:shop])
+        elsif (org_id = DB.get(:organization_id))
+          res = ShopifyCli::Tasks::SelectOrgAndShop.call(@ctx, organization_id: org_id)
+          res[:shop_domain]
+        else
+          AdminAPI.get_shop_or_abort(@ctx)
+          res = ShopifyCli::Tasks::SelectOrgAndShop.call(@ctx)
+          res[:shop_domain]
+        end
+        DB.set(shop: shop)
+        IdentityAuth.new(ctx: @ctx).reauthenticate
+
+        @ctx.puts(@ctx.message("core.switch.success", shop))
+      end
+
+      def self.help
+        ShopifyCli::Context.message("core.switch.help", ShopifyCli::TOOL_NAME)
+      end
+    end
+  end
+end

data/lib/shopify-cli/commands/system.rb

@@ -20,6 +20,7 @@ module ShopifyCli
         display_environment if show_all_details
 
         display_cli_constants(show_all_details)
+        display_shopify_store(show_all_details)
         display_cli_ruby(show_all_details)
         display_utility_commands(show_all_details)
         display_project_commands(show_all_details)
@@ -59,6 +60,17 @@ module ShopifyCli
         end
       end
 
+      def display_shopify_store(_show_all_details)
+        shop = if ShopifyCli::DB.exists?(:shop)
+          ShopifyCli::AdminAPI.get_shop_or_abort(@ctx)
+        else
+          @ctx.message("core.populate.error.no_shop", ShopifyCli::TOOL_NAME)
+        end
+
+        @ctx.puts("\n" + @ctx.message("core.system.shop_header"))
+        @ctx.puts("  " + shop)
+      end
+
       def display_cli_ruby(_show_all_details)
         rbconfig_constants = %w(host RUBY_VERSION_NAME)
 

data/lib/shopify-cli/commands/whoami.rb

@@ -0,0 +1,28 @@
+require "shopify_cli"
+
+module ShopifyCli
+  module Commands
+    class Whoami < ShopifyCli::Command
+      def call(_args, _name)
+        shop = ShopifyCli::DB.get(:shop)
+        org_id = ShopifyCli::DB.get(:organization_id)
+        org = ShopifyCli::PartnersAPI::Organizations.fetch(@ctx, id: org_id) unless org_id.nil?
+
+        output = if shop.nil? && org.nil?
+          @ctx.message("core.whoami.not_logged_in", ShopifyCli::TOOL_NAME)
+        elsif !shop.nil? && org.nil?
+          @ctx.message("core.whoami.logged_in_shop_only", shop)
+        elsif shop.nil? && !org.nil?
+          @ctx.message("core.whoami.logged_in_partner_only", org["businessName"])
+        else
+          @ctx.message("core.whoami.logged_in_partner_and_shop", shop, org["businessName"])
+        end
+        @ctx.puts(output)
+      end
+
+      def self.help
+        ShopifyCli::Context.message("core.whoami.help", ShopifyCli::TOOL_NAME)
+      end
+    end
+  end
+end

data/lib/shopify-cli/connect.rb

@@ -0,0 +1,32 @@
+require "shopify_cli"
+
+module ShopifyCli
+  class Connect
+    def initialize(ctx)
+      @ctx = ctx
+    end
+
+    def default_connect(project_type)
+      if Project.current&.env
+        @ctx.puts(@ctx.message("core.connect.already_connected_warning"))
+      end
+      org = ShopifyCli::Tasks::EnsureEnv.call(@ctx, regenerate: true)
+      write_cli_yml(project_type, org["id"]) unless Project.has_current?
+      api_key = Project.current(force_reload: true).env["api_key"]
+      get_app(org["apps"], api_key).first["title"]
+    end
+
+    def write_cli_yml(project_type, org_id)
+      ShopifyCli::Project.write(
+        @ctx,
+        project_type: project_type,
+        organization_id: org_id,
+      )
+      @ctx.done(@ctx.message("core.connect.cli_yml_saved"))
+    end
+
+    def get_app(apps, api_key)
+      apps.select { |app| app["apiKey"] == api_key }
+    end
+  end
+end

data/lib/shopify-cli/context.rb

@@ -61,9 +61,10 @@ module ShopifyCli
     # will return which operating system that the cli is running on [:mac, :linux]
     def os
       host = uname
-      return :mac if /darwin/.match(host)
-      return :linux if /linux/.match(host)
-      return :windows if /mingw32/.match(host)
+      return :mac if /darwin/i.match(host)
+      return :windows if /mswin|mingw|cygwin/i.match(host)
+      return :linux if /linux|bsd/i.match(host)
+      :unknown
     end
 
     # will return true if the cli is running on an apple computer.
@@ -81,6 +82,16 @@ module ShopifyCli
       os == :windows
     end
 
+    # will return true if the os is unknown
+    def unknown_os?
+      os == :unknown
+    end
+
+    # will return true if being launched from a tty
+    def tty?
+      $stdin.tty? && !testing?
+    end
+
     # will return true if the cli is being run from an installation, and not a
     # development instance. The gem installation will not have a 'test' directory.
     # See `#development?` for checking for development environment.
@@ -106,6 +117,12 @@ module ShopifyCli
       ENV["CI"]
     end
 
+    ##
+    # will return true if the cli is running with the DEBUG flag
+    def debug?
+      getenv("DEBUG")
+    end
+
     # get a environment variable value by name.
     #
     # #### Parameters
@@ -299,6 +316,28 @@ module ShopifyCli
       puts(help)
     end
 
+    # will output to the console a link for the user to either copy/paste
+    # or click on.
+    #
+    # #### Parameters
+    # * `uri` - a http URI to open in a browser
+    #
+    def open_browser_url!(uri)
+      if tty?
+        if linux? && which("xdg-open")
+          system("xdg-open", uri.to_s)
+        elsif windows?
+          system("start", uri.to_s)
+        elsif mac?
+          system("open", uri.to_s)
+        else
+          open_url!(uri)
+        end
+      else
+        open_url!(uri)
+      end
+    end
+
     # will output a message, prefixed by a yellow star, indicating that task
     # started.
     #
@@ -318,6 +357,15 @@ module ShopifyCli
       Kernel.puts(CLI::UI.fmt(*args))
     end
 
+    # a wrapper around Kernel.warn to allow for easy formatting
+    #
+    # #### Parameters
+    # * `text` - a string message to output
+    #
+    def warn(*args)
+      Kernel.warn(CLI::UI.fmt(*args))
+    end
+
     # outputs a message, prefixed by a checkmark indicating that something completed
     #
     # #### Parameters
@@ -344,7 +392,7 @@ module ShopifyCli
     # * `text` - a string message to output
     #
     def debug(text)
-      puts("{{red:DEBUG}} #{text}") if getenv("DEBUG")
+      puts("{{red:DEBUG}} #{text}") if debug?
     end
 
     # proxy call to Context.message.

data/lib/shopify-cli/core/entry_point.rb

@@ -5,35 +5,16 @@ module ShopifyCli
     module EntryPoint
       class << self
         def call(args, ctx = Context.new)
-          # Check if the shim is set up by checking whether the old Finalizer FD exists
-          begin
-            is_shell_shim = false
-            IO.open(9) { is_shell_shim = true }
-          rescue Errno::EBADF
-            # This is expected if the descriptor doesn't exist
-          rescue ArgumentError => e
-            # This can happen on RVM, because it can use fd 9 itself and block access to it. That only happens if the fd
-            # did not exist beforehand, so that means there was no fd 9 before Ruby started.
-            unless e.message == "The given fd is not accessible because RubyVM reserves it"
-              raise e
-            end
-          end
-
-          if !ctx.testing? && is_shell_shim
-            ctx.puts(ctx.message("core.warning.shell_shim"))
-            return
-          end
-
           if ctx.development?
-            ctx.puts(
+            ctx.warn(
               ctx.message("core.warning.development_version", File.join(ShopifyCli::ROOT, "bin", ShopifyCli::TOOL_NAME))
             )
           elsif !ctx.testing?
             new_version = ctx.new_version
-            ctx.puts(ctx.message("core.warning.new_version", ShopifyCli::VERSION, new_version)) unless new_version.nil?
+            ctx.warn(ctx.message("core.warning.new_version", ShopifyCli::VERSION, new_version)) unless new_version.nil?
           end
 
-          ProjectType.load_type(Project.current_project_type)
+          ProjectType.load_all
 
           task_registry = ShopifyCli::Tasks::Registry
 

data/lib/shopify-cli/db.rb

@@ -42,7 +42,7 @@ module ShopifyCli
     #
     # #### Usage
     #
-    #   exists = ShopifyCli::DB.exists?('admin_access_token')
+    #   exists = ShopifyCli::DB.exists?('shopify_exchange_token')
     #
     def exists?(key)
       db.transaction(true) { db.root?(key) }
@@ -55,7 +55,7 @@ module ShopifyCli
     #
     # #### Usage
     #
-    #   ShopifyCli::DB.set(admin_access_token: 'token', metric_consent: true)
+    #   ShopifyCli::DB.set(shopify_exchange_token: 'token', metric_consent: true)
     #
     def set(**args)
       db.transaction do
@@ -80,7 +80,7 @@ module ShopifyCli
     #
     # #### Usage
     #
-    #   ShopifyCli::DB.get(:admin_access_token)
+    #   ShopifyCli::DB.get(:shopify_exchange_token)
     #
     def get(key)
       val = db.transaction(true) { db[key] }
@@ -95,7 +95,7 @@ module ShopifyCli
     #
     # #### Usage
     #
-    #   ShopifyCli::DB.del(:admin_access_token)
+    #   ShopifyCli::DB.del(:shopify_exchange_token)
     #
     def del(*args)
       db.transaction { args.each { |key| db.delete(key) } }

data/lib/shopify-cli/http_request.rb

@@ -8,11 +8,21 @@ module ShopifyCli
         request(uri, body, headers, req)
       end
 
+      def put(uri, body, headers)
+        req = ::Net::HTTP::Put.new(uri.request_uri)
+        request(uri, body, headers, req)
+      end
+
       def get(uri, body, headers)
         req = ::Net::HTTP::Get.new(uri.request_uri)
         request(uri, body, headers, req)
       end
 
+      def delete(uri, body, headers)
+        req = ::Net::HTTP::Delete.new(uri.request_uri)
+        request(uri, body, headers, req)
+      end
+
       def request(uri, body, headers, req)
         http = ::Net::HTTP.new(uri.host, uri.port)
         http.use_ssl = true

data/lib/shopify-cli/identity_auth.rb

@@ -0,0 +1,282 @@
+require "base64"
+require "digest"
+require "json"
+require "net/http"
+require "securerandom"
+require "openssl"
+require "shopify_cli"
+require "uri"
+require "webrick"
+
+module ShopifyCli
+  class IdentityAuth
+    include SmartProperties
+
+    autoload :Servlet, "shopify-cli/identity_auth/servlet"
+
+    class Error < StandardError; end
+    class Timeout < StandardError; end
+    LocalRequest = Struct.new(:method, :path, :query, :protocol)
+    LOCAL_DEBUG = "SHOPIFY_APP_CLI_LOCAL_PARTNERS"
+
+    DEFAULT_PORT = 3456
+    REDIRECT_HOST = "http://127.0.0.1:#{DEFAULT_PORT}"
+
+    APPLICATION_SCOPES = {
+      "shopify" => %w[https://api.shopify.com/auth/shop.admin.graphql https://api.shopify.com/auth/shop.admin.themes https://api.shopify.com/auth/partners.collaborator-relationships.readonly],
+      "storefront_renderer_production" => %w[https://api.shopify.com/auth/shop.storefront-renderer.devtools],
+      "partners" => %w[https://api.shopify.com/auth/partners.app.cli.access],
+    }
+
+    APPLICATION_CLIENT_IDS = {
+      "shopify" => "7ee65a63608843c577db8b23c4d7316ea0a01bd2f7594f8a9c06ea668c1b775c",
+      "storefront_renderer_production" => "ee139b3d-5861-4d45-b387-1bc3ada7811c",
+      "partners" => "271e16d403dfa18082ffb3d197bd2b5f4479c3fc32736d69296829cbb28d41a6",
+    }
+
+    DEV_APPLICATION_CLIENT_IDS = {
+      "shopify" => "e92482cebb9bfb9fb5a0199cc770fde3de6c8d16b798ee73e36c9d815e070e52",
+      "storefront_renderer_production" => "46f603de-894f-488d-9471-5b721280ff49",
+      "partners" => "df89d73339ac3c6c5f0a98d9ca93260763e384d51d6038da129889c308973978",
+    }
+
+    EXCHANGE_TOKENS = APPLICATION_SCOPES.keys.map do |key|
+      "#{key}_exchange_token".to_sym
+    end
+
+    IDENTITY_ACCESS_TOKENS = %i[
+      identity_access_token
+      identity_refresh_token
+    ]
+
+    property! :ctx
+    property :store, default: -> { ShopifyCli::DB.new }
+    property :state_token, accepts: String, default: SecureRandom.hex(30)
+    property :code_verifier, accepts: String, default: SecureRandom.hex(30)
+
+    attr_accessor :response_query
+
+    def authenticate
+      return if refresh_exchange_tokens || refresh_access_tokens
+
+      initiate_authentication
+
+      begin
+        request_access_token(code: receive_access_code)
+      rescue IdentityAuth::Timeout => e
+        ctx.abort(e.message)
+      end
+      request_exchange_tokens
+    end
+
+    def reauthenticate
+      return if refresh_exchange_tokens || refresh_access_tokens
+      ctx.abort(ctx.message("core.identity_auth.error.reauthenticate", ShopifyCli::TOOL_NAME))
+    end
+
+    def code_challenge
+      @code_challenge ||= Base64.urlsafe_encode64(
+        OpenSSL::Digest::SHA256.digest(code_verifier),
+        padding: false,
+      )
+    end
+
+    def server
+      @server ||= begin
+        server = WEBrick::HTTPServer.new(
+          Port: DEFAULT_PORT,
+          Logger: WEBrick::Log.new(File.open(File::NULL, "w")),
+          AccessLog: [],
+        )
+        server.mount("/", Servlet, self, state_token)
+        server
+      end
+    end
+
+    def self.delete_tokens_and_keys
+      ShopifyCli::DB.del(*IDENTITY_ACCESS_TOKENS)
+      ShopifyCli::DB.del(*EXCHANGE_TOKENS)
+    end
+
+    private
+
+    def initiate_authentication
+      @server_thread = Thread.new { server.start }
+      params = {
+        client_id: client_id,
+        scope: scopes(APPLICATION_SCOPES.values.flatten),
+        redirect_uri: REDIRECT_HOST,
+        state: state_token,
+        response_type: :code,
+      }
+      params.merge!(challange_params)
+      uri = URI.parse("#{auth_url}/authorize")
+      uri.query = URI.encode_www_form(params)
+      open_browser_authentication(uri)
+    end
+
+    def open_browser_authentication(uri)
+      ctx.open_browser_url!(uri)
+    end
+
+    def receive_access_code
+      @access_code ||= begin
+        @server_thread.join(240)
+        raise Timeout, ctx.message("core.identity_auth.error.timeout") if response_query.nil?
+        raise Error, response_query["error_description"] unless response_query["error"].nil?
+        response_query["code"]
+      end
+    end
+
+    def request_access_token(code:)
+      resp = post_token_request(
+        grant_type: :authorization_code,
+        code: code,
+        redirect_uri: REDIRECT_HOST,
+        client_id: client_id,
+        code_verifier: code_verifier,
+      )
+      store.set(
+        identity_access_token: resp["access_token"],
+        identity_refresh_token: resp["refresh_token"],
+      )
+    end
+
+    def refresh_access_tokens
+      return false unless IDENTITY_ACCESS_TOKENS.all? { |key| store.exists?(key) }
+
+      resp = post_token_request(
+        grant_type: :refresh_token,
+        access_token: store.get(:identity_access_token),
+        refresh_token: store.get(:identity_refresh_token),
+        client_id: client_id,
+      )
+      store.set(
+        identity_access_token: resp["access_token"],
+        identity_refresh_token: resp["refresh_token"],
+      )
+
+      # Need to refresh the exchange token on successful access token refresh
+      request_exchange_tokens
+
+      true
+    rescue
+      store.del(*IDENTITY_ACCESS_TOKENS)
+      false
+    end
+
+    def refresh_exchange_tokens
+      return false unless EXCHANGE_TOKENS.all? { |key| store.exists?(key) }
+
+      request_exchange_tokens
+
+      true
+    rescue
+      store.del(*EXCHANGE_TOKENS)
+      false
+    end
+
+    def request_exchange_tokens
+      APPLICATION_SCOPES.each do |key, scopes|
+        request_exchange_token(key, client_id_for_application(key), scopes)
+      end
+    end
+
+    def request_exchange_token(name, audience, additional_scopes)
+      return if name == "shopify" && !store.exists?(:shop)
+
+      params = {
+        grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
+        requested_token_type: "urn:ietf:params:oauth:token-type:access_token",
+        subject_token_type: "urn:ietf:params:oauth:token-type:access_token",
+        client_id: client_id,
+        audience: audience,
+        scope: scopes(additional_scopes),
+        subject_token: store.get(:identity_access_token),
+      }.tap do |result|
+        if name == "shopify"
+          result[:destination] = "https://#{store.get(:shop)}/admin"
+        end
+      end
+      # ctx.debug(params)
+      resp = post_token_request(params)
+      store.set("#{name}_exchange_token".to_sym => resp["access_token"])
+      ctx.debug("#{name}_exchange_token: " + resp["access_token"])
+    end
+
+    def post_token_request(params)
+      post_request("/token", params)
+    end
+
+    def post_request(endpoint, params)
+      uri = URI.parse("#{auth_url}#{endpoint}")
+      https = Net::HTTP.new(uri.host, uri.port)
+      https.use_ssl = true
+      request = Net::HTTP::Post.new(uri.path)
+      request["User-Agent"] = "Shopify CLI #{::ShopifyCli::VERSION}"
+      request.body = URI.encode_www_form(params)
+      res = https.request(request)
+      unless res.is_a?(Net::HTTPSuccess)
+        error_msg = JSON.parse(res.body)["error_description"]
+        shop = store.get(:shop)
+        if error_msg.include?("destination")
+          store.del(:shop)
+          ctx.abort(ctx.message("core.identity_auth.error.invalid_destination", shop))
+        end
+        raise Error, error_msg
+      end
+      JSON.parse(res.body)
+    end
+
+    def challange_params
+      {
+        code_challenge: code_challenge,
+        code_challenge_method: "S256",
+      }
+    end
+
+    def auth_url
+      return "https://accounts.shopify.com/oauth" if ENV[LOCAL_DEBUG].nil?
+      "https://identity.myshopify.io/oauth"
+    end
+
+    def client_id_for_application(application_name)
+      client_ids = if ENV[LOCAL_DEBUG]
+        DEV_APPLICATION_CLIENT_IDS
+      else
+        APPLICATION_CLIENT_IDS
+      end
+
+      client_ids[application_name]
+    end
+
+    def scopes(additional_scopes = [])
+      (["openid"] + additional_scopes).tap do |result|
+        result << "employee" if ShopifyCli::Shopifolk.acting_as_shopify_organization?
+      end.join(" ")
+    end
+
+    def client_id
+      return "fbdb2649-e327-4907-8f67-908d24cfd7e3" if ENV[LOCAL_DEBUG].nil?
+
+      ctx.abort(ctx.message("core.identity_auth.error.local_identity_not_running")) unless local_identity_running?
+
+      # Fetch the client ID from the local Identity Dynamic Registration endpoint
+      response = post_request("/client", {
+        name: "shopify-cli-development",
+        public_type: "native",
+      })
+
+      response["client_id"]
+    end
+
+    def local_identity_running?
+      Net::HTTP.start("identity.myshopify.io", 443, use_ssl: true, open_timeout: 1, read_timeout: 10) do |http|
+        req = Net::HTTP::Get.new(URI.join("https://identity.myshopify.io", "/services/ping"))
+        http.request(req).is_a?(Net::HTTPSuccess)
+      end
+    rescue Timeout::Error, Errno::EHOSTUNREACH, Errno::EHOSTDOWN, Errno::EADDRNOTAVAIL, Errno::ECONNREFUSED
+      false
+    end
+  end
+end