shopify_api 9.0.3 → 9.4.0

data/lib/shopify_api/resources/webhook.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyAPI
   class Webhook < Base
   end

data/lib/shopify_api/session.rb

@@ -1,26 +1,27 @@
+# frozen_string_literal: true
 require 'openssl'
 require 'rack'
 
 module ShopifyAPI
-
   class ValidationException < StandardError
   end
 
   class Session
+    SECONDS_IN_A_DAY = 24 * 60 * 60
+
     cattr_accessor :api_key, :secret, :myshopify_domain
     self.myshopify_domain = 'myshopify.com'
 
     attr_accessor :domain, :token, :name, :extra
-    attr_reader :api_version
+    attr_reader :api_version, :access_scopes
     alias_method :url, :domain
 
     class << self
-
       def setup(params)
-        params.each { |k,value| public_send("#{k}=", value) }
+        params.each { |k, value| public_send("#{k}=", value) }
       end
 
-      def temp(domain:, token:, api_version:, &block)
+      def temp(domain:, token:, api_version: ShopifyAPI::Base.api_version, &block)
         session = new(domain: domain, token: token, api_version: api_version)
 
         with_session(session, &block)
@@ -28,12 +29,17 @@ module ShopifyAPI
 
       def with_session(session, &_block)
         original_session = extract_current_session
+        original_user = ShopifyAPI::Base.user
+        original_password = ShopifyAPI::Base.password
 
         begin
+          ShopifyAPI::Base.clear_session
           ShopifyAPI::Base.activate_session(session)
           yield
         ensure
           ShopifyAPI::Base.activate_session(original_session)
+          ShopifyAPI::Base.user = original_user
+          ShopifyAPI::Base.password = original_password
         end
       end
 
@@ -51,7 +57,7 @@ module ShopifyAPI
         # extract host, removing any username, password or path
         shop = URI.parse("https://#{domain}").host
         # extract subdomain of .myshopify.com
-        if idx = shop.index(".")
+        if (idx = shop.index("."))
           shop = shop.slice(0, idx)
         end
         return nil if shop.empty?
@@ -62,9 +68,11 @@ module ShopifyAPI
 
       def validate_signature(params)
         params = (params.respond_to?(:to_unsafe_hash) ? params.to_unsafe_hash : params).with_indifferent_access
-        return false unless signature = params[:hmac]
+        return false unless (signature = params[:hmac])
 
-        calculated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new(), secret, encoded_params_for_signature(params))
+        calculated_signature = OpenSSL::HMAC.hexdigest(
+          OpenSSL::Digest.new('SHA256'), secret, encoded_params_for_signature(params)
+        )
 
         Rack::Utils.secure_compare(calculated_signature, signature)
       end
@@ -73,7 +81,7 @@ module ShopifyAPI
 
       def encoded_params_for_signature(params)
         params = params.except(:signature, :hmac, :action, :controller)
-        params.map{|k,v| "#{URI.escape(k.to_s, '&=%')}=#{URI.escape(v.to_s, '&%')}"}.sort.join('&')
+        params.map { |k, v| "#{URI.escape(k.to_s, '&=%')}=#{URI.escape(v.to_s, '&%')}" }.sort.join('&')
       end
 
       def extract_current_session
@@ -84,15 +92,16 @@ module ShopifyAPI
       end
     end
 
-    def initialize(domain:, token:, api_version:, extra: {})
+    def initialize(domain:, token:, access_scopes: nil, api_version: ShopifyAPI::Base.api_version, extra: {})
       self.domain = self.class.prepare_domain(domain)
       self.api_version = api_version
       self.token = token
+      self.access_scopes = access_scopes
       self.extra = extra
     end
 
     def create_permission_url(scope, redirect_uri, options = {})
-      params = { client_id: api_key, scope: scope.join(','), redirect_uri: redirect_uri }
+      params = { client_id: api_key, scope: ShopifyAPI::ApiAccess.new(scope).to_s, redirect_uri: redirect_uri }
       params[:state] = options[:state] if options[:state]
       construct_oauth_url("authorize", params)
     end
@@ -100,7 +109,8 @@ module ShopifyAPI
     def request_token(params)
       return token if token
 
-      unless self.class.validate_signature(params) && params[:timestamp].to_i > 24.hours.ago.utc.to_i
+      twenty_four_hours_ago = Time.now.utc.to_i - SECONDS_IN_A_DAY
+      unless self.class.validate_signature(params) && params[:timestamp].to_i > twenty_four_hours_ago
         raise ShopifyAPI::ValidationException, "Invalid Signature: Possible malicious login"
       end
 
@@ -109,12 +119,12 @@ module ShopifyAPI
         self.extra = JSON.parse(response.body)
         self.token = extra.delete('access_token')
 
-        if expires_in = extra.delete('expires_in')
+        if (expires_in = extra.delete('expires_in'))
           extra['expires_at'] = Time.now.utc.to_i + expires_in
         end
         token
       else
-        raise RuntimeError, response.msg
+        raise response.msg
       end
     end
 
@@ -127,7 +137,11 @@ module ShopifyAPI
     end
 
     def api_version=(version)
-      @api_version = ApiVersion::NullVersion.matches?(version) ? ApiVersion::NullVersion : ApiVersion.find_version(version)
+      @api_version = if ApiVersion::NullVersion.matches?(version)
+        ApiVersion::NullVersion
+      else
+        ApiVersion.find_version(version)
+      end
     end
 
     def valid?
@@ -149,8 +163,29 @@ module ShopifyAPI
       expires_in <= 0
     end
 
+    def hash
+      state.hash
+    end
+
+    def ==(other)
+      self.class == other.class && state == other.state
+    end
+
+    alias_method :eql?, :==
+
+    protected
+
+    def state
+      [domain, token, api_version, extra]
+    end
+
     private
 
+    def access_scopes=(access_scopes)
+      return unless access_scopes
+      @access_scopes = ShopifyAPI::ApiAccess.new(access_scopes)
+    end
+
     def parameterize(params)
       URI.escape(params.collect { |k, v| "#{k}=#{v}" }.join('&'))
     end

data/lib/shopify_api/version.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyAPI
-  VERSION = "9.0.3"
+  VERSION = "9.4.0"
 end

data/lib/verify_docs.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+class VerifyDocs
+  def self.call
+    readme_content = File.read("README.md").lines[2..-1]
+    docs_content = File.read("docs/index.md").lines[4..-1]
+    readme_content == docs_content
+  end
+end

data/service.yml

@@ -5,4 +5,4 @@ owners:
   - Shopify/app-partner-dev-tools-education
 slack_channels:
   - dev-tools-education
-  - api-patterns-team
+  - help-api-patterns

data/shopify_api.gemspec

@@ -1,4 +1,5 @@
-$:.push File.expand_path("../lib", __FILE__)
+# frozen_string_literal: true
+$:.push(File.expand_path("../lib", __FILE__))
 require "shopify_api/version"
 
 Gem::Specification.new do |s|
@@ -7,7 +8,12 @@ Gem::Specification.new do |s|
   s.author = "Shopify"
 
   s.summary = %q{The Shopify API gem is a lightweight gem for accessing the Shopify admin REST web services}
-  s.description = %q{The Shopify API gem allows Ruby developers to programmatically access the admin section of Shopify stores. The API is implemented as JSON or XML over HTTP using all four verbs (GET/POST/PUT/DELETE). Each resource, like Order, Product, or Collection, has its own URL and is manipulated in isolation.}
+  s.description = <<~HERE
+    The Shopify API gem allows Ruby developers to programmatically access the admin
+    section of Shopify stores. The API is implemented as JSON or XML over HTTP using
+    all four verbs (GET/POST/PUT/DELETE). Each resource, like Order, Product, or
+    Collection, has its own URL and is manipulated in isolation.
+  HERE
   s.email = %q{developers@jadedpixel.com}
   s.homepage = %q{http://www.shopify.com/partners/apps}
 
@@ -15,11 +21,10 @@ Gem::Specification.new do |s|
 
   s.extra_rdoc_files = [
     "LICENSE",
-    "README.md"
+    "README.md",
   ]
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
 
   s.rdoc_options = ["--charset=UTF-8"]
   s.summary = %q{ShopifyAPI is a lightweight gem for accessing the Shopify admin REST web services}
@@ -31,12 +36,12 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency("rack")
   s.add_runtime_dependency("graphql-client")
 
-  s.add_development_dependency("mocha", ">= 0.9.8")
+  s.add_development_dependency("mocha", ">= 1.4.0")
   s.add_development_dependency("webmock")
   s.add_development_dependency("minitest", ">= 4.0")
   s.add_development_dependency("rake")
   s.add_development_dependency("timecop")
-  s.add_development_dependency("rubocop")
+  s.add_development_dependency("rubocop-shopify")
   s.add_development_dependency("pry")
   s.add_development_dependency("pry-byebug")
 end

data/test/access_token_test.rb

@@ -1,19 +1,20 @@
+# frozen_string_literal: true
 require 'test_helper'
 
 class AccessTokenTest < Test::Unit::TestCase
-
   def test_delegate_access_token
-    fake "access_tokens/delegate.json?delegate_access_scope%5B%5D=write_orders&" \
+    fake(
+      "access_tokens/delegate.json?delegate_access_scope%5B%5D=write_orders&" \
       "delegate_access_scope%5B%5D=read_products&expires_in=",
       method: :post,
       status: 201,
       body: load_fixture('access_token_delegate'),
       extension: false
-
+    )
     delegate_scope = ['write_orders', 'read_products']
     token = ShopifyAPI::AccessToken.delegate(delegate_scope)
 
-    assert_equal 'abracadabra', token.access_token
-    assert_equal 'write_orders,read_products', token.scope
+    assert_equal('abracadabra', token.access_token)
+    assert_equal('write_orders,read_products', token.scope)
   end
 end

data/test/active_resource/json_errors_test.rb

@@ -1,19 +1,19 @@
+# frozen_string_literal: true
 require 'test_helper'
 
 module ActiveResource
   class JsonErrorsTest < Test::Unit::TestCase
-
     def test_parsing_of_error_json_hash
       @model = ShopifyAPI::Order.new
-      @model.errors.from_json({errors: {name: ['missing']}}.to_json)
-      assert_equal ['missing'], @model.errors[:name]
+      @model.errors.from_json({ errors: { name: ['missing'] } }.to_json)
+      assert_equal(['missing'], @model.errors[:name])
     end
 
     def test_parsing_of_error_json_plain_string
       @model = ShopifyAPI::Order.new
-      @model.errors.from_json({errors: 'some generic error'}.to_json)
-      assert_equal ['some generic error'], @model.errors[:base]
-      assert_equal 'some generic error', @model.errors.full_messages.to_sentence
+      @model.errors.from_json({ errors: 'some generic error' }.to_json)
+      assert_equal(['some generic error'], @model.errors[:base])
+      assert_equal('some generic error', @model.errors.full_messages.to_sentence)
     end
   end
 end

data/test/api_access_test.rb

@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+require 'test_helper'
+
+class ApiAccessTest < Minitest::Test
+  def test_write_is_the_same_access_as_read_write_on_the_same_resource
+    read_write_orders = ShopifyAPI::ApiAccess.new(%w(read_orders write_orders))
+    write_orders = ShopifyAPI::ApiAccess.new(%w(write_orders))
+
+    assert_equal write_orders, read_write_orders
+  end
+
+  def test_write_is_the_same_access_as_read_write_on_the_same_unauthenticated_resource
+    unauthenticated_read_write_orders = ShopifyAPI::ApiAccess.new(%w(unauthenticated_read_orders unauthenticated_write_orders))
+    unauthenticated_write_orders = ShopifyAPI::ApiAccess.new(%w(unauthenticated_write_orders))
+
+    assert_equal unauthenticated_write_orders, unauthenticated_read_write_orders
+  end
+
+  def test_read_is_not_the_same_as_read_write_on_the_same_resource
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_write_orders = ShopifyAPI::ApiAccess.new(%w(write_orders read_orders))
+
+    refute_equal read_write_orders, read_orders
+  end
+
+  def test_two_different_resources_are_not_equal
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_products = ShopifyAPI::ApiAccess.new(%w(read_products))
+
+    refute_equal read_orders, read_products
+  end
+
+  def test_two_identical_scopes_are_equal
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_orders_identical = ShopifyAPI::ApiAccess.new(%w(read_orders))
+
+    assert_equal read_orders_identical, read_orders
+  end
+
+  def test_unauthenticated_is_not_implied_by_authenticated_access
+    unauthenticated_orders = ShopifyAPI::ApiAccess.new(%w(unauthenticated_read_orders))
+    authenticated_read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    authenticated_write_orders = ShopifyAPI::ApiAccess.new(%w(write_orders))
+
+    refute_equal unauthenticated_orders, authenticated_read_orders
+    refute_equal unauthenticated_orders, authenticated_write_orders
+  end
+
+  def test_scopes_covers_is_truthy_for_same_scopes
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_orders_identical = ShopifyAPI::ApiAccess.new(%w(read_orders))
+
+    assert read_orders.covers?(read_orders_identical)
+  end
+
+  def test_covers_is_falsy_for_different_scopes
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+    read_products = ShopifyAPI::ApiAccess.new(%w(read_products))
+
+    refute read_orders.covers?(read_products)
+  end
+
+  def test_covers_is_truthy_for_read_when_the_set_has_read_write
+    write_products = ShopifyAPI::ApiAccess.new(%w(write_products))
+    read_products = ShopifyAPI::ApiAccess.new(%w(read_products))
+
+    assert write_products.covers?(read_products)
+  end
+
+  def test_covers_is_truthy_for_read_when_the_set_has_read_write_for_that_resource_and_others
+    write_products_and_orders = ShopifyAPI::ApiAccess.new(%w(write_products, write_orders))
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+
+    assert write_products_and_orders.covers?(read_orders)
+  end
+
+  def test_covers_is_truthy_for_write_when_the_set_has_read_write_for_that_resource_and_others
+    write_products_and_orders = ShopifyAPI::ApiAccess.new(%w(write_products, write_orders))
+    write_orders = ShopifyAPI::ApiAccess.new(%w(write_orders))
+
+    assert write_products_and_orders.covers?(write_orders)
+  end
+
+  def test_covers_is_truthy_for_subset_of_scopes
+    write_products_orders_customers = ShopifyAPI::ApiAccess.new(%w(write_products write_orders write_customers))
+    write_orders_products = ShopifyAPI::ApiAccess.new(%w(write_orders read_products))
+
+    assert write_products_orders_customers.covers?(write_orders_products)
+  end
+
+  def test_covers_is_falsy_for_sets_of_scopes_that_have_no_common_elements
+    write_products_orders_customers = ShopifyAPI::ApiAccess.new(%w(write_products write_orders write_customers))
+    write_images_read_content = ShopifyAPI::ApiAccess.new(%w(write_images read_content))
+
+    refute write_products_orders_customers.covers?(write_images_read_content)
+  end
+
+  def test_covers_is_falsy_for_sets_of_scopes_that_have_only_some_common_access
+    write_products_orders_customers = ShopifyAPI::ApiAccess.new(%w(write_products write_orders write_customers))
+    write_products_read_content = ShopifyAPI::ApiAccess.new(%w(write_products read_content))
+
+    refute write_products_orders_customers.covers?(write_products_read_content)
+  end
+
+  def test_duplicate_scopes_resolve_to_one_scope
+    read_orders_duplicated = ShopifyAPI::ApiAccess.new(%w(read_orders read_orders read_orders read_orders))
+    read_orders = ShopifyAPI::ApiAccess.new(%w(read_orders))
+
+    assert_equal read_orders, read_orders_duplicated
+  end
+
+  def test_to_s_outputs_scopes_as_a_comma_separated_list_without_implied_read_scopes
+    serialized_read_products_write_orders = "read_products,write_orders"
+    read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products read_orders write_orders))
+
+    assert_equal read_products_write_orders.to_s, serialized_read_products_write_orders
+  end
+
+  def test_to_a_outputs_scopes_as_an_array_of_strings_without_implied_read_scopes
+    serialized_read_products_write_orders = %w(write_orders read_products)
+    read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products read_orders write_orders))
+
+    assert_equal read_products_write_orders.to_a.sort, serialized_read_products_write_orders.sort
+  end
+
+  def test_creating_scopes_removes_extra_whitespace_from_scope_name_and_blank_scope_names
+    deserialized_read_products_write_orders = ShopifyAPI::ApiAccess.new([' read_products', '  ', 'write_orders '])
+    serialized_read_products_write_orders = deserialized_read_products_write_orders.to_s
+    expected_read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products write_orders))
+
+    assert_equal expected_read_products_write_orders, ShopifyAPI::ApiAccess.new(serialized_read_products_write_orders)
+  end
+
+  def test_creating_scopes_from_a_string_works_with_a_comma_separated_list
+    deserialized_read_products_write_orders = ShopifyAPI::ApiAccess.new("read_products,write_orders")
+    serialized_read_products_write_orders = deserialized_read_products_write_orders.to_s
+    expected_read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products write_orders))
+
+    assert_equal expected_read_products_write_orders, ShopifyAPI::ApiAccess.new(serialized_read_products_write_orders)
+  end
+
+  def test_using_to_s_from_one_scopes_to_construct_another_will_be_equal
+    read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products write_orders))
+
+    assert_equal read_products_write_orders, ShopifyAPI::ApiAccess.new(read_products_write_orders.to_s)
+  end
+
+  def test_using_to_a_from_one_scopes_to_construct_another_will_be_equal
+    read_products_write_orders = ShopifyAPI::ApiAccess.new(%w(read_products write_orders))
+
+    assert_equal read_products_write_orders, ShopifyAPI::ApiAccess.new(read_products_write_orders.to_a)
+  end
+end