shopify_app 11.2.0 → 11.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b217cd07ae5ea4f41a351d5bcf4ded179269d4447692d69eeded6fbecf0aaf2a
-  data.tar.gz: 33830fab30ab792414b3edc6a889fd9534d877d916848493f7143b5eb6e53e81
+  metadata.gz: 0ba7612b4db7acb35c0fa91209e7b4421f90cefa6b95d52b433218e9be5a8703
+  data.tar.gz: 9db8d74d1f2bebd2b4fe8856bb8c2d0a3e7108cfb5a940521a70ca67b1f6e1fe
 SHA512:
-  metadata.gz: 1faa2f380d2104999524cd19cb5f3da2119ff05546ee0fea6ca1d5d6441787f4ee5832cf8a8591d9cd3059f64d51aabe46a543f72e050c6cdda95fd6465263a3
-  data.tar.gz: ee207dbeb2f9db1ec7bfb2c93f6ab4199b36252c4f8c3c2b79cea30c66460ff24bc54b844f23d4188462de6993316e7be2d21f38808bf7ace0e7db337cbd4920
+  metadata.gz: 5b73cda40e6980ab59c5f5d40bcb09c93cfeb7e0fcfd8ff8cd953509e1d43eb45073f80e987aea8e7f585c28f50328613e5956d4d1de9e264908e3fc0265d670
+  data.tar.gz: 349bbdfea89e30efd696f50572d09af4e421caa8a3ce89f539e5b1a05b956c0b35af1651482fc20bfdfc7d451874ffebecf15ed4ee86bb9bb885cab358a1d707

data/.travis.yml

@@ -6,8 +6,6 @@ before_script:
     - "sudo chown root /opt/google/chrome/chrome-sandbox"
     - "sudo chmod 4755 /opt/google/chrome/chrome-sandbox"
 language: ruby
-before_install:
-  - gem update --system
 cache:
   bundler: true
   directories:

data/CHANGELOG.md

@@ -1,3 +1,33 @@
+11.5.0
+-----
+* Modularizes durable session storage
+* Introduces per-user token support and user session management
+
+11.4.0
+-----
+* Remove `dotenv-rails` dependency. [#835](https://github.com/Shopify/shopify_app/pull/835)
+
+11.3.2
+-----
+* Fix hosts generator in Rails 5 [#823](https://github.com/Shopify/shopify_app/pull/823)
+
+11.3.1
+-----
+* Bump browser_sniffer version to 1.1.3 [#824](https://github.com/Shopify/shopify_app/pull/824)
+
+11.3.0
+-----
+* Update assets to be compatible with Rails 6 [#808](https://github.com/Shopify/shopify_app/pull/808)
+
+11.2.1
+-----
+* Adds ngrok whitelist in development [#802](https://github.com/Shopify/shopify_app/pull/802)
+
+11.2.0
+-----
+
+* Bump omniauth-shopify-oauth2 gem to v2.2.0
+
 11.1.0
 -----
 

data/README.md

@@ -12,61 +12,35 @@ Shopify Application Rails engine and generator
 
 Table of Contents
 -----------------
-* [**Description**](#description)
-* [**Quickstart**](#quickstart)
-* [**Becoming a Shopify App Developer**](#becoming-a-shopify-app-developer)
-* [**App Tunneling**](#app-tunneling)
-* [**Installation**](#installation)
-  * [Rails Compatibility](#rails-compatibility)
-* [**Generators**](#generators)
- * [Default Generator](#default-generator)
- * [Install Generator](#install-generator)
- * [Shop Model Generator](#shop-model-generator)
- * [Home Controller Generator](#home-controller-generator)
- * [App Proxy Controller Generator](#app-proxy-controller-generator)
- * [Controllers, Routes and Views](#controllers-routes-and-views)
-* [**Mounting the Engine**](#mounting-the-engine)
-* [**WebhooksManager**](#webhooksmanager)
-* [**ScripttagsManager**](#scripttagsmanager)
-* [**AfterAuthenticate Job**](#afterauthenticate-job)
-* [**ShopifyApp::SessionRepository**](#shopifyappsessionrepository)
-* [**Authenticated**](#authenticated)
-* [**AppProxyVerification**](#appproxyverification)
- * [Recommended Usage](#recommended-usage)
-* [**Upgrading from 8.6 to 9.0.0**](#upgrading-from-86-to-900)
-* [**Troubleshooting**](#troubleshooting)
- * [Generator shopify_app:install hangs](#generator-shopify_appinstall-hangs)
-* [**Testing an embedded app outside the Shopify admin**](#testing-an-embedded-app-outside-the-shopify-admin)
-* [**Questions or problems?**](#questions-or-problems)
-
-
-Description
+- [Introduction](#introduction)
+- [Becoming a Shopify App Developer](#becoming-a-shopify-app-developer)
+- [Installation](#installation)
+- [Generators](#generators)
+- [Mounting the Engine](#mounting-the-engine)
+- [Authentication](#authentication)
+- [WebhooksManager](#webhooksmanager)
+- [ScripttagsManager](#scripttagsmanager)
+- [RotateShopifyTokenJob](#rotateshopifytokenjob)
+- [App Tunneling](#app-tunneling)
+- [AppProxyVerification](#appproxyverification)
+- [Troubleshooting](#troubleshooting)
+- [Testing an embedded app outside the Shopify admin](#testing-an-embedded-app-outside-the-shopify-admin)
+- [Questions or problems?](#questions-or-problems-)
+- [Rails 6 Compatibility](#rails-6-compatibility)
+- [Upgrading from 8.6 to 9.0.0](#upgrading-from-86-to-900)
+
+Introduction
 -----------
 This gem includes a Rails Engine and generators for writing Rails applications using the Shopify API. The Engine provides a SessionsController and all the required code for authenticating with a shop via Oauth (other authentication methods are not supported).
 
 *Note: It's recommended to use this on a new Rails project, so that the generator won't overwrite/delete some of your files.*
 
-
-Quickstart
-----------
-
 Check out this screencast on how to create and deploy a new Shopify App to Heroku in 5 minutes:
 
 [https://www.youtube.com/watch?v=yGxeoAHlQOg](https://www.youtube.com/watch?v=yGxeoAHlQOg)
 
 Or if you prefer text instructions the steps in the video are written out [here](https://github.com/Shopify/shopify_app/blob/master/docs/Quickstart.md)
 
-App Tunneling
--------------
-
-Your local app needs to be accessible from the public Internet in order to install it on a shop, use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks. Use a tunneling service like [ngrok](https://ngrok.com/), [Forward](https://forwardhq.com/), [Beeceptor](https://beeceptor.com/), [Mockbin](http://mockbin.org/), [Hookbin](https://hookbin.com/), etc.
-
-For example with [ngrok](https://ngrok.com/), run this command to set up proxying to Rails' default port:
-
-```sh
-ngrok http 3000
-```
-
 Becoming a Shopify App Developer
 --------------------------------
 If you don't have a Shopify Partner account yet head over to http://shopify.com/partners to create one, you'll need it before you can start developing apps.
@@ -106,7 +80,7 @@ The default generator will run the `install`, `shop`, and `home_controller` gene
 $ rails generate shopify_app
 ```
 
-After running the generator, you will need to run `rake db:migrate` to add tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting localhost.
+After running the generator, you will need to run `rails db:migrate` to add tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting localhost.
 
 ### API Keys
 
@@ -143,17 +117,6 @@ The generator adds ShopifyApp and the required initializers to the host Rails ap
 After running the `install` generator, you can start your app with `bundle exec rails server` and install your app by visiting localhost.
 
 
-### Shop Model Generator
-
-```sh
-$ rails generate shopify_app:shop_model
-```
-
-The `install` generator doesn't create any database tables or models for you. If you are starting a new app its quite likely that you will want a shops table and model to store the tokens when your app is installed (most of our internally developed apps do!). This generator creates a shop model and a migration. This model includes the `ShopifyApp::SessionStorage` concern which adds two methods to make it compatible as a `SessionRepository`. After running this generator you'll notice the `session_repository` in your `config/initializers/shopify_app.rb` will be set to the `Shop` model. This means that internally ShopifyApp will try and load tokens from this model.
-
-*Note that you will need to run rake db:migrate after this generator*
-
-
 ### Home Controller Generator
 
 ```sh
@@ -171,6 +134,13 @@ $ rails generate shopify_app:app_proxy_controller
 
 This optional generator, not included with the default generator, creates the app proxy controller to handle proxy requests to the app from your shop storefront, modifies 'config/routes.rb' with a namespace route, and an example view which displays current shop information using the LiquidAPI
 
+### Marketing Extension Generator
+
+```sh
+$ rails generate shopify_app:add_marketing_activity_extension
+```
+
+This will create a controller with the endpoints required to build a [marketing activities extension](https://help.shopify.com/en/api/embedded-apps/app-extensions/shopify-admin/marketing-activities). The extension will be generated with a base url at `/marketing_activities`, which should also be configured in partners.
 
 ### Controllers, Routes and Views
 
@@ -238,21 +208,82 @@ ShopifyApp.configure do |config|
 end
 ```
 
-Per User Authentication
------------------------
-To enable per user authentication you need to update the `omniauth.rb` initializer:
+Authentication
+--------------
+
+### ShopifyApp::SessionRepository
+
+`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. See either the `ShopifyApp::InMemorySessionStore` class or the `ShopifyApp::SessionStorage` concern for details.
+
+If you only run the install generator then by default you will have an in memory store but it **won't work** on multi-server environments including Heroku. For multi-server environments, implement one of the following token-storage strategies.
+
+#### Shop-based token storage
+Storing tokens on the store model means that any user login associated to the store will have equal access levels to whatever the original user granted the app.
+```sh
+$ rails generate shopify_app:shop_model
+```
+This will generate a shop model which will be the storage for the tokens necessary for authentication.
+
+#### User-based token storage
+A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed.
+```sh
+$ rails generate shopify_app:user_model
+```
+This will generate a user model which will be the storage for the tokens necessary for authentication.
+
+The current Shopify user will be stored in the rails session at `session[:shopify_user]`
+
+This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
+
+#### Migrating from shop-based to user-based token strategy
+After running the generator, ensure that configuration settings are successfully changed:
 
 ```ruby
+# In the `omniauth.rb` initializer:
 provider :shopify,
   ShopifyApp.configuration.api_key,
   ShopifyApp.configuration.secret,
   scope: ShopifyApp.configuration.scope,
   per_user_permissions: true
+
+# In the `shopify_app.rb` initializer:
+config.session_repository = User
+config.per_user_tokens = true
 ```
 
-The current Shopify user will be stored in the rails session at `session[:shopify_user]`
+### Authenticated
 
-This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
+The engine provides a `ShopifyApp::Authenticated` concern which should be included in any controller that is intended to be behind Shopify OAuth. It adds `before_action`s to ensure that the user is authenticated and will redirect to the Shopify login page if not. It is best practice to include this concern in a base controller inheriting from your `ApplicationController`, from which all controllers that require Shopify authentication inherit.
+
+For backwards compatibility, the engine still provides a controller called `ShopifyApp::AuthenticatedController` which includes the `ShopifyApp::Authenticated` concern. Note that it inherits directly from `ActionController::Base`, so you will not be able to share functionality between it and your application's `ApplicationController`.
+
+### AfterAuthenticate Job
+
+If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job update your initializer as follows:
+
+```ruby
+ShopifyApp.configure do |config|
+  config.after_authenticate_job = { job: "Shopify::AfterAuthenticateJob" }
+end
+```
+
+The job can be configured as either a class or a class name string.
+
+If you need the job to run synchronously add the `inline` flag:
+
+```ruby
+ShopifyApp.configure do |config|
+  config.after_authenticate_job = { job: Shopify::AfterAuthenticateJob, inline: true }
+end
+```
+
+We've also provided a generator which creates a skeleton job and updates the initializer for you:
+
+```
+bin/rails g shopify_app:add_after_authenticate_job
+```
+
+If you want to perform that action only once, e.g. send a welcome email to the user when they install the app, you should make sure that this action is idempotent, meaning that it won't have an impact if run multiple times.
 
 
 WebhooksManager
@@ -346,36 +377,6 @@ Scripttags are created in the same way as the Webhooks, with a background job wh
 
 If `src` responds to `call` its return value will be used as the scripttag's source. It will be called on scripttag creation and deletion.
 
-AfterAuthenticate Job
----------------------
-
-If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job update your initializer as follows:
-
-```ruby
-ShopifyApp.configure do |config|
-  config.after_authenticate_job = { job: "Shopify::AfterAuthenticateJob" }
-end
-```
-
-The job can be configured as either a class or a class name string.
-
-If you need the job to run synchronously add the `inline` flag:
-
-```ruby
-ShopifyApp.configure do |config|
-  config.after_authenticate_job = { job: Shopify::AfterAuthenticateJob, inline: true }
-end
-```
-
-We've also provided a generator which creates a skeleton job and updates the initializer for you:
-
-```
-bin/rails g shopify_app:add_after_authenticate_job
-```
-
-If you want to perform that action only once, e.g. send a welcome email to the user when they install the app, you should make sure that this action is idempotent, meaning that it won't have an impact if run multiple times.
-
-
 RotateShopifyTokenJob
 ---------------------
 
@@ -402,19 +403,16 @@ The generated rake task will be found at `lib/tasks/shopify/rotate_shopify_token
 strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
 ```
 
-ShopifyApp::SessionRepository
------------------------------
-
-`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are retrieved and stored for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(shopify_session)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. See either the `ShopifyApp::InMemorySessionStore` class or the `ShopifyApp::SessionStorage` concern for examples.
-
-If you only run the install generator then by default you will have an in memory store but it **won't work** on multi-server environments including Heroku. If you ran all the generators including the shop_model generator then the `Shop` model itself will be the `SessionRepository`. If you look at the implementation of the generated shop model you'll see that this gem provides a concern for the `SessionRepository`. You can use this concern on any model that responds to `shopify_domain`, `shopify_token` and `api_version`.
-
-Authenticated
+App Tunneling
 -------------
 
-The engine provides a `ShopifyApp::Authenticated` concern which should be included in any controller that is intended to be behind Shopify OAuth. It adds `before_action`s to ensure that the user is authenticated and will redirect to the Shopify login page if not. It is best practice to include this concern in a base controller inheriting from your `ApplicationController`, from which all controllers that require Shopify authentication inherit.
+Your local app needs to be accessible from the public Internet in order to install it on a shop, use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks. Use a tunneling service like [ngrok](https://ngrok.com/), [Forward](https://forwardhq.com/), [Beeceptor](https://beeceptor.com/), [Mockbin](http://mockbin.org/), [Hookbin](https://hookbin.com/), etc.
 
-For backwards compatibility, the engine still provides a controller called `ShopifyApp::AuthenticatedController` which includes the `ShopifyApp::Authenticated` concern. Note that it inherits directly from `ActionController::Base`, so you will not be able to share functionality between it and your application's `ApplicationController`.
+For example with [ngrok](https://ngrok.com/), run this command to set up proxying to Rails' default port:
+
+```sh
+ngrok http 3000
+```
 
 AppProxyVerification
 --------------------
@@ -457,6 +455,23 @@ Questions or problems?
 - [Ask questions!](https://ecommerce.shopify.com/c/shopify-apis-and-technology)
 - [Read the docs!](https://help.shopify.com/api/guides)
 
+Rails 6 Compatibility
+---------------------
+
+### Disable Webpacker
+If you are using sprockets in rails 6 or want to generate a shopify_app without webpacker run the install task by running
+
+```
+SHOPIFY_APP_DISABLE_WEBPACKER=1 rails generate shopify_app
+```
+
+and then in your ShopifyApp configuration block, add
+
+```
+ShopifyApp.configure do |config|
+  config.disable_webpacker = true
+end
+```
 
 Upgrading from 8.6 to 9.0.0
 ---------------------------

data/app/controllers/concerns/shopify_app/authenticated.rb

@@ -8,7 +8,7 @@ module ShopifyApp
       include ShopifyApp::Localization
       include ShopifyApp::LoginProtection
       include ShopifyApp::EmbeddedApp
-      before_action :login_again_if_different_shop
+      before_action :login_again_if_different_user_or_shop
       around_action :shopify_session
     end
   end

data/app/controllers/shopify_app/callback_controller.rb

@@ -55,10 +55,16 @@ module ShopifyApp
         token: token,
         api_version: ShopifyApp.configuration.api_version
       )
-
-      session[:shopify] = ShopifyApp::SessionRepository.store(session_store)
+      session[:shopify] = ShopifyApp::SessionRepository.store(session_store, user: associated_user)
       session[:shopify_domain] = shop_name
       session[:shopify_user] = associated_user
+
+      if ShopifyApp.configuration.per_user_tokens?
+        # Adds the user_session to the session to determine if the logged in user has changed
+        user_session = auth_hash&.extra&.session
+        raise IndexError, "Missing user session signature" if user_session.nil?
+        session[:user_session] = user_session
+      end
     end
 
     def install_webhooks

data/config/locales/de.yml

@@ -7,7 +7,7 @@ de:
   enable_cookies_body: Sie müssen Cookies in diesem Browser manuell aktivieren, um
     %{app} in Shopify verwenden zu können.
   enable_cookies_footer: Mithilfe von Cookies kann die App Sie authentifizieren, indem
-    Ihre Einstellungen und persönlichen Informationen vorübergehend gespeichert werden.
+    Ihre Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden.
     Sie laufen nach 30 Tagen ab.
   enable_cookies_action: Cookies aktivieren
   top_level_interaction_heading: Ihr Browser muss %{app} authentifizieren
@@ -16,7 +16,7 @@ de:
   top_level_interaction_action: Weiter
   request_storage_access_heading: "%{app} braucht Zugriff auf Cookies"
   request_storage_access_body: Damit kann die App Sie authentifizieren, indem Ihre
-    Einstellungen und persönlichen Informationen vorübergehend gespeichert werden.
-    Klicken Sie auf "Weiter" und erlauben Sie den Cookies, die App zu verwenden.
+    Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden. Klicken
+    Sie auf "Weiter" und erlauben Sie den Cookies, die App zu verwenden.
   request_storage_access_footer: Cookies laufen nach 30 Tagen ab.
   request_storage_access_action: Weiter

data/config/locales/nl.yml

@@ -1,20 +1,20 @@
 ---
 nl:
-  logged_out: je bent afgemeld
+  logged_out: u bent afgemeld
   could_not_log_in: Kon niet aanmelden bij Shopify-winkel
   invalid_shop_url: Ongeldig winkeldomein
   enable_cookies_heading: Schakel cookies in van %{app}
-  enable_cookies_body: Je moet cookies in deze browser handmatig inschakelen om %{app}
+  enable_cookies_body: U moet cookies in deze browser handmatig inschakelen om %{app}
     binnen Shopify te gebruiken.
-  enable_cookies_footer: Met cookies kan de app je verifiëren door je voorkeuren en
+  enable_cookies_footer: Met cookies kan de app u verifiëren door uw voorkeuren en
     persoonlijke informatie tijdelijk op te slaan. Ze vervallen na 30 dagen.
   enable_cookies_action: Schakel cookies in
-  top_level_interaction_heading: Je browser moet %{app} verifiëren
-  top_level_interaction_body: Je browser heeft apps nodig zoals %{app} om je toegang
-    te vragen tot cookies voordat Shopify het voor je kan openen.
+  top_level_interaction_heading: Uw browser moet %{app} verifiëren
+  top_level_interaction_body: Uw browser heeft apps nodig zoals %{app} om u toegang
+    te vragen tot cookies voordat Shopify het voor u kan openen.
   top_level_interaction_action: Doorgaan
   request_storage_access_heading: "%{app} heeft toegang tot cookies nodig"
-  request_storage_access_body: Hiermee kan de app je verifiëren door je persoonlijke
+  request_storage_access_body: Hiermee kan de app u verifiëren door uw persoonlijke
     gegevens tijdelijk op te slaan. Klik op Doorgaan en sta cookies toe om de app
     te gebruiken.
   request_storage_access_footer: Cookies verlopen na 30 dagen.

data/config/locales/pt-BR.yml

@@ -1,14 +1,14 @@
 ---
 pt-BR:
-  logged_out: Você saiu com sucesso
+  logged_out: Você saiu.
   could_not_log_in: Não foi possível fazer login na Shopify store
   invalid_shop_url: Domínio de loja inválido
-  enable_cookies_heading: Ativar cookies de %{app}
-  enable_cookies_body: Você deve ativar manualmente os cookies neste navegador para
-    usar %{app} dentro da Shopify.
+  enable_cookies_heading: Habilitar cookies de %{app}
+  enable_cookies_body: Você deve habilitar manualmente os cookies neste navegador
+    para usar %{app} dentro da Shopify.
   enable_cookies_footer: Os cookies permitem que o app o autentique armazenando temporariamente
     suas preferências e dados pessoais. Eles expiram depois de 30 dias.
-  enable_cookies_action: Ativar cookies
+  enable_cookies_action: Habilitar cookies
   top_level_interaction_heading: Seu navegador precisa autenticar %{app}
   top_level_interaction_body: Seu navegador exige que apps como o %{app} consultem
     você sobre o acesso a cookies antes que a Shopify os abra.

data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb

@@ -0,0 +1,39 @@
+require 'rails/generators/base'
+
+module ShopifyApp
+  module Generators
+    class AddMarketingActivityExtensionGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      def generate_app_extension
+        template "marketing_activities_controller.rb", "app/controllers/marketing_activities_controller.rb"
+        generate_routes
+      end
+
+      private
+
+      def generate_routes
+        inject_into_file(
+          'config/routes.rb',
+          optimize_indentation(routes, 2),
+          after: "root :to => 'home#index'\n"
+        )
+      end
+
+      def routes
+        <<~EOS
+
+          resource :marketing_activities, only: [:create, :update] do
+            patch :resume
+            patch :pause
+            patch :delete
+            post :republish
+            post :preload_form_data
+            post :preview
+            post :errors
+          end
+        EOS
+      end
+    end
+  end
+end