shopify_app 11.4.0 → 11.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +0 -2
- data/CHANGELOG.md +25 -0
- data/README.md +123 -115
- data/app/controllers/concerns/shopify_app/authenticated.rb +1 -1
- data/app/controllers/shopify_app/callback_controller.rb +8 -2
- data/app/controllers/shopify_app/extension_verification_controller.rb +20 -0
- data/config/locales/nl.yml +1 -1
- data/docs/Quickstart.md +44 -16
- data/docs/install-on-dev-shop.png +0 -0
- data/docs/test-your-app.png +0 -0
- data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb +1 -1
- data/lib/generators/shopify_app/install/install_generator.rb +0 -4
- data/lib/generators/shopify_app/install/templates/shopify_app.rb +1 -1
- data/lib/generators/shopify_app/install/templates/shopify_provider.rb +1 -0
- data/lib/generators/shopify_app/user_model/templates/db/migrate/create_users.erb +16 -0
- data/lib/generators/shopify_app/user_model/templates/user.rb +7 -0
- data/lib/generators/shopify_app/user_model/templates/users.yml +4 -0
- data/lib/generators/shopify_app/user_model/user_model_generator.rb +38 -0
- data/lib/shopify_app.rb +5 -3
- data/lib/shopify_app/configuration.rb +13 -8
- data/lib/shopify_app/controller_concerns/login_protection.rb +22 -3
- data/lib/shopify_app/engine.rb +4 -0
- data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +60 -0
- data/lib/shopify_app/session/in_memory_session_store.rb +1 -1
- data/lib/shopify_app/session/session_repository.rb +2 -2
- data/lib/shopify_app/session/session_storage.rb +10 -22
- data/lib/shopify_app/session/storage_strategies/shop_storage_strategy.rb +23 -0
- data/lib/shopify_app/session/storage_strategies/user_storage_strategy.rb +24 -0
- data/lib/shopify_app/version.rb +1 -1
- data/package-lock.json +33 -35
- data/package.json +3 -2
- data/service.yml +1 -1
- data/shopify_app.gemspec +4 -1
- data/yarn.lock +14 -14
- metadata +54 -3
- data/lib/shopify_app/controllers/extension_verification_controller.rb +0 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b458ca32eeb9b1c13643fbb77333b744b7c95b015fec2a485e5fa4d3a18410c4
|
4
|
+
data.tar.gz: 84c33e75b4862583968a4ee6abf13fc0f455ed3977db33e7e130420d14ebca6b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3fde0d0d3c6e77a05afbad57a7db60866f738d5520453394027ab2bda81b31fb615ce0db59f0147327dce90ed1e0b6b9093129b49778d4f65550abfca7ad2c8d
|
7
|
+
data.tar.gz: 475d5a91322c9f4e59a4b2977a781fc4f3c74db719142f9af06e6d51843fda44537993f1a4620e3db538760f16f7bf017eeab7126464826b1fe701bf8b222945
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,28 @@
|
|
1
|
+
11.7.1
|
2
|
+
-----
|
3
|
+
* Fix to allow SessionStorage to be flexible on what model names that the are used for storing shop and user data
|
4
|
+
|
5
|
+
11.7.0
|
6
|
+
-----
|
7
|
+
* Move ExtensionVerificationController from engine to app controllers, as being in the engine makes ActionController::Base get loaded before app initiates [#855](https://github.com/Shopify/shopify_app/pull/855)
|
8
|
+
* Add back per-user token support (added in 11.5.0, reverted in 11.5.1)
|
9
|
+
* If you have an override on the `self.store(auth_session)` method on your `SessionRepository` model, the method signature must be changed as according to this [change](https://github.com/Shopify/shopify_app/pull/856/files#diff-deaed2b262ec885f4e36de05621e41eaR18)
|
10
|
+
|
11
|
+
11.6.0
|
12
|
+
-----
|
13
|
+
* Enable SameSite=None; Secure by default on all cookies for embedded apps [#851](https://github.com/Shopify/shopify_app/pull/851)
|
14
|
+
* Ensures compatibility of embedded apps with upcoming Chrome version 80 changes to cookie behaviour
|
15
|
+
* Configurable via `ShopifyApp.configuration.enable_same_site_none` (default true for embedded apps)
|
16
|
+
|
17
|
+
11.5.1
|
18
|
+
-----
|
19
|
+
* Revert per-user token support temporarily
|
20
|
+
|
21
|
+
11.5.0
|
22
|
+
-----
|
23
|
+
* Modularizes durable session storage
|
24
|
+
* Introduces per-user token support and user session management
|
25
|
+
|
1
26
|
11.4.0
|
2
27
|
-----
|
3
28
|
* Remove `dotenv-rails` dependency. [#835](https://github.com/Shopify/shopify_app/pull/835)
|
data/README.md
CHANGED
@@ -12,70 +12,44 @@ Shopify Application Rails engine and generator
|
|
12
12
|
|
13
13
|
Table of Contents
|
14
14
|
-----------------
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
* [**Authenticated**](#authenticated)
|
34
|
-
* [**AppProxyVerification**](#appproxyverification)
|
35
|
-
* [Recommended Usage](#recommended-usage)
|
36
|
-
* [**Upgrading from 8.6 to 9.0.0**](#upgrading-from-86-to-900)
|
37
|
-
* [**Troubleshooting**](#troubleshooting)
|
38
|
-
* [Generator shopify_app:install hangs](#generator-shopify_appinstall-hangs)
|
39
|
-
* [**Testing an embedded app outside the Shopify admin**](#testing-an-embedded-app-outside-the-shopify-admin)
|
40
|
-
* [**Questions or problems?**](#questions-or-problems)
|
41
|
-
|
42
|
-
|
43
|
-
Description
|
15
|
+
- [Introduction](#introduction)
|
16
|
+
- [Become a Shopify App Developer](#become-a-shopify-app-developer)
|
17
|
+
- [Installation](#installation)
|
18
|
+
- [Generators](#generators)
|
19
|
+
- [Mounting the Engine](#mounting-the-engine)
|
20
|
+
- [Authentication](#authentication)
|
21
|
+
- [WebhooksManager](#webhooksmanager)
|
22
|
+
- [ScripttagsManager](#scripttagsmanager)
|
23
|
+
- [RotateShopifyTokenJob](#rotateshopifytokenjob)
|
24
|
+
- [App Tunneling](#app-tunneling)
|
25
|
+
- [AppProxyVerification](#appproxyverification)
|
26
|
+
- [Troubleshooting](#troubleshooting)
|
27
|
+
- [Testing an embedded app outside the Shopify admin](#testing-an-embedded-app-outside-the-shopify-admin)
|
28
|
+
- [Questions or problems?](#questions-or-problems-)
|
29
|
+
- [Rails 6 Compatibility](#rails-6-compatibility)
|
30
|
+
- [Upgrading from 8.6 to 9.0.0](#upgrading-from-86-to-900)
|
31
|
+
|
32
|
+
Introduction
|
44
33
|
-----------
|
45
|
-
This gem includes a Rails Engine and generators for writing Rails applications using the Shopify API. The Engine provides a SessionsController and all the required code for authenticating with a shop via Oauth (other authentication methods are not supported).
|
34
|
+
Get started with the [Shopify Admin API](https://help.shopify.com/en/api/getting-started) faster; This gem includes a Rails Engine and generators for writing Rails applications using the Shopify API. The Engine provides a SessionsController and all the required code for authenticating with a shop via Oauth (other authentication methods are not supported).
|
46
35
|
|
47
|
-
*Note: It's recommended to use this on a new Rails project, so that the generator won't overwrite/delete
|
36
|
+
*Note: It's recommended to use this on a new Rails project, so that the generator won't overwrite/delete your files.*
|
48
37
|
|
49
|
-
|
50
|
-
Quickstart
|
51
|
-
----------
|
52
|
-
|
53
|
-
Check out this screencast on how to create and deploy a new Shopify App to Heroku in 5 minutes:
|
38
|
+
Learn how to create and deploy a new Shopify App to Heroku with our [quickstart guide](https://github.com/Shopify/shopify_app/blob/master/docs/Quickstart.md), or dive in in less than 5 minutes with this quickstart video:
|
54
39
|
|
55
40
|
[https://www.youtube.com/watch?v=yGxeoAHlQOg](https://www.youtube.com/watch?v=yGxeoAHlQOg)
|
56
41
|
|
57
|
-
|
58
|
-
|
59
|
-
App Tunneling
|
60
|
-
-------------
|
61
|
-
|
62
|
-
Your local app needs to be accessible from the public Internet in order to install it on a shop, use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks. Use a tunneling service like [ngrok](https://ngrok.com/), [Forward](https://forwardhq.com/), [Beeceptor](https://beeceptor.com/), [Mockbin](http://mockbin.org/), [Hookbin](https://hookbin.com/), etc.
|
63
|
-
|
64
|
-
For example with [ngrok](https://ngrok.com/), run this command to set up proxying to Rails' default port:
|
65
|
-
|
66
|
-
```sh
|
67
|
-
ngrok http 3000
|
68
|
-
```
|
69
|
-
|
70
|
-
Becoming a Shopify App Developer
|
42
|
+
Become a Shopify App Developer
|
71
43
|
--------------------------------
|
72
|
-
If you don't have a Shopify Partner account
|
44
|
+
To become a Shopify App Developer you'll need a [Shopify Partner account.](http://shopify.com/partners) If you don't have a Shopify Partner account, head to http://shopify.com/partners to create one before you start.
|
45
|
+
|
46
|
+
Once you have a Partner account, [create a new application in the Partner Dashboard](https://help.shopify.com/en/api/tools/partner-dashboard/your-apps) to get an API key and other API credentials.
|
73
47
|
|
74
|
-
|
48
|
+
To create an application for development set your new app's `App URL` to the URL provided by [your tunnel](#app-tunneling), ensuring that you use `https://`. If you are not planning to embed your app inside the Shopify admin or receive webhooks, set your redirect URL to `http://localhost:3000/` and the `Whitelisted redirection URL(s)` to contain `<App URL>/auth/shopify/callback`.
|
75
49
|
|
76
50
|
Installation
|
77
51
|
------------
|
78
|
-
To get started add shopify_app to your Gemfile and bundle install
|
52
|
+
To get started add `shopify_app` to your Gemfile and run `bundle install`:
|
79
53
|
|
80
54
|
``` sh
|
81
55
|
# Create a new rails app
|
@@ -87,7 +61,7 @@ $ echo "gem 'shopify_app'" >> Gemfile
|
|
87
61
|
$ bundle install
|
88
62
|
```
|
89
63
|
|
90
|
-
Now we are ready to run any of the shopify_app
|
64
|
+
Now we are ready to run any of the [generators](#generators) included with `shopify_app`. The following section explains the generators and what you can do with them.
|
91
65
|
|
92
66
|
|
93
67
|
#### Rails Compatibility
|
@@ -100,24 +74,24 @@ Generators
|
|
100
74
|
|
101
75
|
### Default Generator
|
102
76
|
|
103
|
-
The default generator will run the `install`, `shop`, and `home_controller` generators. This is the recommended way to start
|
77
|
+
The default generator will run the `install`, `shop`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
|
104
78
|
|
105
79
|
```sh
|
106
80
|
$ rails generate shopify_app
|
107
81
|
```
|
108
82
|
|
109
|
-
After running the generator, you will need to run `
|
83
|
+
After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
|
110
84
|
|
111
85
|
### API Keys
|
112
86
|
|
113
|
-
The default and install generators have been updated to source Shopify API key and secret from
|
87
|
+
The default and install generators have been updated to source Shopify API key and secret from an Environment (`.env`) variables file, which you will need to create with the following format:
|
114
88
|
|
115
89
|
```
|
116
90
|
SHOPIFY_API_KEY=your api key
|
117
91
|
SHOPIFY_API_SECRET=your api secret
|
118
92
|
```
|
119
93
|
|
120
|
-
These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard].
|
94
|
+
These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard]. If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
|
121
95
|
|
122
96
|
### Install Generator
|
123
97
|
|
@@ -143,24 +117,13 @@ The generator adds ShopifyApp and the required initializers to the host Rails ap
|
|
143
117
|
After running the `install` generator, you can start your app with `bundle exec rails server` and install your app by visiting localhost.
|
144
118
|
|
145
119
|
|
146
|
-
### Shop Model Generator
|
147
|
-
|
148
|
-
```sh
|
149
|
-
$ rails generate shopify_app:shop_model
|
150
|
-
```
|
151
|
-
|
152
|
-
The `install` generator doesn't create any database tables or models for you. If you are starting a new app its quite likely that you will want a shops table and model to store the tokens when your app is installed (most of our internally developed apps do!). This generator creates a shop model and a migration. This model includes the `ShopifyApp::SessionStorage` concern which adds two methods to make it compatible as a `SessionRepository`. After running this generator you'll notice the `session_repository` in your `config/initializers/shopify_app.rb` will be set to the `Shop` model. This means that internally ShopifyApp will try and load tokens from this model.
|
153
|
-
|
154
|
-
*Note that you will need to run rake db:migrate after this generator*
|
155
|
-
|
156
|
-
|
157
120
|
### Home Controller Generator
|
158
121
|
|
159
122
|
```sh
|
160
123
|
$ rails generate shopify_app:home_controller
|
161
124
|
```
|
162
125
|
|
163
|
-
This generator creates an example home controller and view which fetches and displays products using the
|
126
|
+
This generator creates an example home controller and view which fetches and displays products using the Shopify API
|
164
127
|
|
165
128
|
|
166
129
|
### App Proxy Controller Generator
|
@@ -171,6 +134,13 @@ $ rails generate shopify_app:app_proxy_controller
|
|
171
134
|
|
172
135
|
This optional generator, not included with the default generator, creates the app proxy controller to handle proxy requests to the app from your shop storefront, modifies 'config/routes.rb' with a namespace route, and an example view which displays current shop information using the LiquidAPI
|
173
136
|
|
137
|
+
### Marketing Extension Generator
|
138
|
+
|
139
|
+
```sh
|
140
|
+
$ rails generate shopify_app:add_marketing_activity_extension
|
141
|
+
```
|
142
|
+
|
143
|
+
This will create a controller with the endpoints required to build a [marketing activities extension](https://help.shopify.com/en/api/embedded-apps/app-extensions/shopify-admin/marketing-activities). The extension will be generated with a base url at `/marketing_activities`, which should also be configured in partners.
|
174
144
|
|
175
145
|
### Controllers, Routes and Views
|
176
146
|
|
@@ -238,21 +208,84 @@ ShopifyApp.configure do |config|
|
|
238
208
|
end
|
239
209
|
```
|
240
210
|
|
241
|
-
|
242
|
-
|
243
|
-
|
211
|
+
Authentication
|
212
|
+
--------------
|
213
|
+
|
214
|
+
### ShopifyApp::SessionRepository
|
215
|
+
|
216
|
+
`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session, *args)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. These methods are already implemented as part of the `ShopifyApp::SessionStorage` concern, but can be overridden for custom implementation.
|
217
|
+
|
218
|
+
If you only run the install generator then by default you will have an in memory store but it **won't work** on multi-server environments including Heroku. For multi-server environments, implement one of the following token-storage strategies.
|
219
|
+
|
220
|
+
#### Shop-based token storage
|
221
|
+
Storing tokens on the store model means that any user login associated to the store will have equal access levels to whatever the original user granted the app.
|
222
|
+
```sh
|
223
|
+
$ rails generate shopify_app:shop_model
|
224
|
+
```
|
225
|
+
This will generate a shop model which will be the storage for the tokens necessary for authentication.
|
226
|
+
|
227
|
+
#### User-based token storage
|
228
|
+
A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed.
|
229
|
+
```sh
|
230
|
+
$ rails generate shopify_app:user_model
|
231
|
+
```
|
232
|
+
This will generate a user model which will be the storage for the tokens necessary for authentication.
|
233
|
+
|
234
|
+
The current Shopify user will be stored in the rails session at `session[:shopify_user]`
|
235
|
+
|
236
|
+
In this mode, The `self.store(auth_session, *args)` will be invoked with a Shopify User object hash, which is then used to store the token as part of a user record, rather than a store record.
|
237
|
+
|
238
|
+
This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
|
239
|
+
|
240
|
+
#### Migrating from shop-based to user-based token strategy
|
241
|
+
After running the generator, ensure that configuration settings are successfully changed:
|
244
242
|
|
245
243
|
```ruby
|
244
|
+
# In the `omniauth.rb` initializer:
|
246
245
|
provider :shopify,
|
247
246
|
ShopifyApp.configuration.api_key,
|
248
247
|
ShopifyApp.configuration.secret,
|
249
248
|
scope: ShopifyApp.configuration.scope,
|
250
249
|
per_user_permissions: true
|
250
|
+
|
251
|
+
# In the `shopify_app.rb` initializer:
|
252
|
+
config.session_repository = 'User'
|
253
|
+
config.per_user_tokens = true
|
251
254
|
```
|
252
255
|
|
253
|
-
|
256
|
+
### Authenticated
|
254
257
|
|
255
|
-
|
258
|
+
The engine provides a `ShopifyApp::Authenticated` concern which should be included in any controller that is intended to be behind Shopify OAuth. It adds `before_action`s to ensure that the user is authenticated and will redirect to the Shopify login page if not. It is best practice to include this concern in a base controller inheriting from your `ApplicationController`, from which all controllers that require Shopify authentication inherit.
|
259
|
+
|
260
|
+
For backwards compatibility, the engine still provides a controller called `ShopifyApp::AuthenticatedController` which includes the `ShopifyApp::Authenticated` concern. Note that it inherits directly from `ActionController::Base`, so you will not be able to share functionality between it and your application's `ApplicationController`.
|
261
|
+
|
262
|
+
### AfterAuthenticate Job
|
263
|
+
|
264
|
+
If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job update your initializer as follows:
|
265
|
+
|
266
|
+
```ruby
|
267
|
+
ShopifyApp.configure do |config|
|
268
|
+
config.after_authenticate_job = { job: "Shopify::AfterAuthenticateJob" }
|
269
|
+
end
|
270
|
+
```
|
271
|
+
|
272
|
+
The job can be configured as either a class or a class name string.
|
273
|
+
|
274
|
+
If you need the job to run synchronously add the `inline` flag:
|
275
|
+
|
276
|
+
```ruby
|
277
|
+
ShopifyApp.configure do |config|
|
278
|
+
config.after_authenticate_job = { job: Shopify::AfterAuthenticateJob, inline: true }
|
279
|
+
end
|
280
|
+
```
|
281
|
+
|
282
|
+
We've also provided a generator which creates a skeleton job and updates the initializer for you:
|
283
|
+
|
284
|
+
```
|
285
|
+
bin/rails g shopify_app:add_after_authenticate_job
|
286
|
+
```
|
287
|
+
|
288
|
+
If you want to perform that action only once, e.g. send a welcome email to the user when they install the app, you should make sure that this action is idempotent, meaning that it won't have an impact if run multiple times.
|
256
289
|
|
257
290
|
|
258
291
|
WebhooksManager
|
@@ -346,36 +379,6 @@ Scripttags are created in the same way as the Webhooks, with a background job wh
|
|
346
379
|
|
347
380
|
If `src` responds to `call` its return value will be used as the scripttag's source. It will be called on scripttag creation and deletion.
|
348
381
|
|
349
|
-
AfterAuthenticate Job
|
350
|
-
---------------------
|
351
|
-
|
352
|
-
If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job update your initializer as follows:
|
353
|
-
|
354
|
-
```ruby
|
355
|
-
ShopifyApp.configure do |config|
|
356
|
-
config.after_authenticate_job = { job: "Shopify::AfterAuthenticateJob" }
|
357
|
-
end
|
358
|
-
```
|
359
|
-
|
360
|
-
The job can be configured as either a class or a class name string.
|
361
|
-
|
362
|
-
If you need the job to run synchronously add the `inline` flag:
|
363
|
-
|
364
|
-
```ruby
|
365
|
-
ShopifyApp.configure do |config|
|
366
|
-
config.after_authenticate_job = { job: Shopify::AfterAuthenticateJob, inline: true }
|
367
|
-
end
|
368
|
-
```
|
369
|
-
|
370
|
-
We've also provided a generator which creates a skeleton job and updates the initializer for you:
|
371
|
-
|
372
|
-
```
|
373
|
-
bin/rails g shopify_app:add_after_authenticate_job
|
374
|
-
```
|
375
|
-
|
376
|
-
If you want to perform that action only once, e.g. send a welcome email to the user when they install the app, you should make sure that this action is idempotent, meaning that it won't have an impact if run multiple times.
|
377
|
-
|
378
|
-
|
379
382
|
RotateShopifyTokenJob
|
380
383
|
---------------------
|
381
384
|
|
@@ -402,19 +405,18 @@ The generated rake task will be found at `lib/tasks/shopify/rotate_shopify_token
|
|
402
405
|
strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
|
403
406
|
```
|
404
407
|
|
405
|
-
|
406
|
-
|
408
|
+
App Tunneling
|
409
|
+
-------------
|
407
410
|
|
408
|
-
|
411
|
+
Your local app needs to be accessible from the public Internet in order to install it on a Shopify store, to use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks.
|
409
412
|
|
410
|
-
|
413
|
+
Use a tunneling service like [ngrok](https://ngrok.com/), [Forward](https://forwardhq.com/), [Beeceptor](https://beeceptor.com/), [Mockbin](http://mockbin.org/), or [Hookbin](https://hookbin.com/) to make your development environment accessible to the internet.
|
411
414
|
|
412
|
-
|
413
|
-
-------------
|
415
|
+
For example with [ngrok](https://ngrok.com/), run this command to set up a tunnel proxy to Rails' default port:
|
414
416
|
|
415
|
-
|
416
|
-
|
417
|
-
|
417
|
+
```sh
|
418
|
+
ngrok http 3000
|
419
|
+
```
|
418
420
|
|
419
421
|
AppProxyVerification
|
420
422
|
--------------------
|
@@ -457,9 +459,15 @@ Questions or problems?
|
|
457
459
|
- [Ask questions!](https://ecommerce.shopify.com/c/shopify-apis-and-technology)
|
458
460
|
- [Read the docs!](https://help.shopify.com/api/guides)
|
459
461
|
|
460
|
-
|
462
|
+
Upgrading to 11.7.0
|
461
463
|
---------------------------
|
462
464
|
|
465
|
+
### Session storage method signature breaking change
|
466
|
+
If you override `def self.store(auth_session)` method in your session storage model (e.g. Shop), the method signature has changed to `def self.store(auth_session, *args)` in order to support user-based token storage. Please update your method signature to include the second argument.
|
467
|
+
|
468
|
+
Rails 6 Compatibility
|
469
|
+
---------------------
|
470
|
+
|
463
471
|
### Disable Webpacker
|
464
472
|
If you are using sprockets in rails 6 or want to generate a shopify_app without webpacker run the install task by running
|
465
473
|
|
@@ -8,7 +8,7 @@ module ShopifyApp
|
|
8
8
|
include ShopifyApp::Localization
|
9
9
|
include ShopifyApp::LoginProtection
|
10
10
|
include ShopifyApp::EmbeddedApp
|
11
|
-
before_action :
|
11
|
+
before_action :login_again_if_different_user_or_shop
|
12
12
|
around_action :shopify_session
|
13
13
|
end
|
14
14
|
end
|
@@ -55,10 +55,16 @@ module ShopifyApp
|
|
55
55
|
token: token,
|
56
56
|
api_version: ShopifyApp.configuration.api_version
|
57
57
|
)
|
58
|
-
|
59
|
-
session[:shopify] = ShopifyApp::SessionRepository.store(session_store)
|
58
|
+
session[:shopify] = ShopifyApp::SessionRepository.store(session_store, user: associated_user)
|
60
59
|
session[:shopify_domain] = shop_name
|
61
60
|
session[:shopify_user] = associated_user
|
61
|
+
|
62
|
+
if ShopifyApp.configuration.per_user_tokens?
|
63
|
+
# Adds the user_session to the session to determine if the logged in user has changed
|
64
|
+
user_session = auth_hash&.extra&.session
|
65
|
+
raise IndexError, "Missing user session signature" if user_session.nil?
|
66
|
+
session[:user_session] = user_session
|
67
|
+
end
|
62
68
|
end
|
63
69
|
|
64
70
|
def install_webhooks
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ShopifyApp
|
4
|
+
class ExtensionVerificationController < ActionController::Base
|
5
|
+
protect_from_forgery with: :null_session
|
6
|
+
before_action :verify_request
|
7
|
+
|
8
|
+
private
|
9
|
+
|
10
|
+
def verify_request
|
11
|
+
hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
|
12
|
+
request_body = request.body.read
|
13
|
+
secret = ShopifyApp.configuration.secret
|
14
|
+
digest = OpenSSL::Digest.new('sha256')
|
15
|
+
|
16
|
+
expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
|
17
|
+
head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|