shopify_app 11.4.0 → 11.7.1

data/lib/shopify_app/session/storage_strategies/shop_storage_strategy.rb

@@ -0,0 +1,23 @@
+module ShopifyApp
+  module SessionStorage
+    module ShopStorageStrategy
+      def store(auth_session, *args)
+        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
+        shop.shopify_token = auth_session.token
+        shop.save!
+        shop.id
+      end
+
+      def retrieve(id)
+        return unless id
+        if shop = self.find_by(id: id)
+          ShopifyAPI::Session.new(
+            domain: shop.shopify_domain,
+            token: shop.shopify_token,
+            api_version: shop.api_version
+          )
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/session/storage_strategies/user_storage_strategy.rb

@@ -0,0 +1,24 @@
+module ShopifyApp
+  module SessionStorage
+    module UserStorageStrategy
+      def store(auth_session, user)
+        user = find_or_initialize_by(shopify_user_id: user[:id])
+        user.shopify_token = auth_session.token
+        user.shopify_domain = auth_session.domain
+        user.save!
+        user.id
+      end
+
+      def retrieve(id)
+        return unless id
+        if user = self.find_by(shopify_user_id: id)
+          ShopifyAPI::Session.new(
+            domain: user.shopify_domain,
+            token: user.shopify_token,
+            api_version: user.api_version
+          )
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/version.rb

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '11.4.0'.freeze
+  VERSION = '11.7.1'.freeze
 end

data/package-lock.json

@@ -5909,12 +5909,6 @@
       "integrity": "sha512-Ya52jSX2u7QKghxeoFGpLwCtGlt7j0oY9DYb5apt9nPlJ42ID+ulTXESnt/qAQcoSERyZ5sl3LDIOw0nAn/5DA==",
       "dev": true
     },
-    "serialize-javascript": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz",
-      "integrity": "sha512-0Vb/54WJ6k5v8sSWN09S0ora+Hnr+cX40r9F170nT+mSkaxltoE/7R3OrIdBSUv1OoiobH1QoWQbCnAO+e8J1A==",
-      "dev": true
-    },
     "set-blocking": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
@@ -6497,31 +6491,6 @@
         }
       }
     },
-    "terser-webpack-plugin": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-1.4.1.tgz",
-      "integrity": "sha512-ZXmmfiwtCLfz8WKZyYUuuHf3dMYEjg8NrjHMb0JqHVHVOSkzp3cW2/XG1fP3tRhqEqSzMwzzRQGtAPbs4Cncxg==",
-      "dev": true,
-      "requires": {
-        "cacache": "12.0.3",
-        "find-cache-dir": "2.1.0",
-        "is-wsl": "1.1.0",
-        "schema-utils": "1.0.0",
-        "serialize-javascript": "1.9.1",
-        "source-map": "0.6.1",
-        "terser": "4.3.1",
-        "webpack-sources": "1.4.3",
-        "worker-farm": "1.7.0"
-      },
-      "dependencies": {
-        "source-map": {
-          "version": "0.6.1",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
-          "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
-          "dev": true
-        }
-      }
-    },
     "through2": {
       "version": "2.0.5",
       "resolved": "https://registry.npmjs.org/through2/-/through2-2.0.5.tgz",
@@ -6878,9 +6847,9 @@
       }
     },
     "webpack": {
-      "version": "4.40.2",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.40.2.tgz",
-      "integrity": "sha512-5nIvteTDCUws2DVvP9Qe+JPla7kWPPIDFZv55To7IycHWZ+Z5qBdaBYPyuXWdhggTufZkQwfIK+5rKQTVovm2A==",
+      "version": "4.41.3",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-4.41.3.tgz",
+      "integrity": "sha512-EcNzP9jGoxpQAXq1VOoTet0ik7/VVU1MovIfcUSAjLowc7GhcQku/sOXALvq5nPpSei2HF6VRhibeJSC3i/Law==",
       "dev": true,
       "requires": {
         "@webassemblyjs/ast": "1.8.5",
@@ -6903,7 +6872,7 @@
         "node-libs-browser": "2.2.1",
         "schema-utils": "1.0.0",
         "tapable": "1.1.3",
-        "terser-webpack-plugin": "1.4.1",
+        "terser-webpack-plugin": "1.4.3",
         "watchpack": "1.6.0",
         "webpack-sources": "1.4.3"
       },
@@ -6925,6 +6894,35 @@
           "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.4.1.tgz",
           "integrity": "sha512-RO1ibKvd27e6FEShVFfPALuHI3WjSVNeK5FIsmme/LYRNxjKuNj+Dt7bucLa6NdSv3JcVTyMlm9kGR84z1XpaQ==",
           "dev": true
+        },
+        "serialize-javascript": {
+          "version": "2.1.2",
+          "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz",
+          "integrity": "sha512-rs9OggEUF0V4jUSecXazOYsLfu7OGK2qIn3c7IPBiffz32XniEp/TX9Xmc9LQfK2nQ2QKHvZ2oygKUGU0lG4jQ==",
+          "dev": true
+        },
+        "source-map": {
+          "version": "0.6.1",
+          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+          "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+          "dev": true
+        },
+        "terser-webpack-plugin": {
+          "version": "1.4.3",
+          "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-1.4.3.tgz",
+          "integrity": "sha512-QMxecFz/gHQwteWwSo5nTc6UaICqN1bMedC5sMtUc7y3Ha3Q8y6ZO0iCR8pq4RJC8Hjf0FEPEHZqcMB/+DFCrA==",
+          "dev": true,
+          "requires": {
+            "cacache": "12.0.3",
+            "find-cache-dir": "2.1.0",
+            "is-wsl": "1.1.0",
+            "schema-utils": "1.0.0",
+            "serialize-javascript": "2.1.2",
+            "source-map": "0.6.1",
+            "terser": "4.3.1",
+            "webpack-sources": "1.4.3",
+            "worker-farm": "1.7.0"
+          }
         }
       }
     },

data/package.json

@@ -19,9 +19,10 @@
     "mocha-debug": "^0.0.1",
     "sinon": "^7.4.2",
     "sinon-chai": "^3.2.0",
-    "webpack": "^4.40.2"
+    "webpack": "^4.41.3"
   },
   "scripts": {
     "test": "./node_modules/.bin/karma start --browsers ChromeHeadless --single-run"
-  }
+  },
+  "version": "11.7.1"
 }

data/service.yml

@@ -2,6 +2,6 @@ audience: partner
 classification: library
 org_line: App & Partner Platform
 owners:
-  - Shopify/app-partner-dev-tools-education
+  - Shopify/platform-dev-tools-education
 slack_channels:
   - dev-tools-education

data/shopify_app.gemspec

@@ -18,6 +18,9 @@ Gem::Specification.new do |s|
   s.add_development_dependency('rake')
   s.add_development_dependency('byebug')
   s.add_development_dependency('pry')
+  s.add_development_dependency('pry-nav')
+  s.add_development_dependency('pry-stack_explorer')
+  s.add_development_dependency('rb-readline')
   s.add_development_dependency('sqlite3', '~> 1.4')
   s.add_development_dependency('minitest')
   s.add_development_dependency('mocha')
@@ -26,4 +29,4 @@ Gem::Specification.new do |s|
   s.files         = `git ls-files`.split("\n").reject { |f| f.match(%r{^(test|example)/}) }
   s.test_files    = `git ls-files -- {test}/*`.split("\n")
   s.require_paths = ["lib"]
-end
+end

data/yarn.lock

@@ -4360,10 +4360,10 @@ semver@^6.3.0:
   resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
   integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
 
-serialize-javascript@^1.7.0:
-  version "1.9.1"
-  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-1.9.1.tgz#cfc200aef77b600c47da9bb8149c943e798c2fdb"
-  integrity sha512-0Vb/54WJ6k5v8sSWN09S0ora+Hnr+cX40r9F170nT+mSkaxltoE/7R3OrIdBSUv1OoiobH1QoWQbCnAO+e8J1A==
+serialize-javascript@^2.1.2:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-2.1.2.tgz#ecec53b0e0317bdc95ef76ab7074b7384785fa61"
+  integrity sha512-rs9OggEUF0V4jUSecXazOYsLfu7OGK2qIn3c7IPBiffz32XniEp/TX9Xmc9LQfK2nQ2QKHvZ2oygKUGU0lG4jQ==
 
 set-blocking@^2.0.0, set-blocking@~2.0.0:
   version "2.0.0"
@@ -4769,16 +4769,16 @@ tar@^4:
     safe-buffer "^5.1.2"
     yallist "^3.0.3"
 
-terser-webpack-plugin@^1.4.1:
-  version "1.4.1"
-  resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-1.4.1.tgz#61b18e40eaee5be97e771cdbb10ed1280888c2b4"
-  integrity sha512-ZXmmfiwtCLfz8WKZyYUuuHf3dMYEjg8NrjHMb0JqHVHVOSkzp3cW2/XG1fP3tRhqEqSzMwzzRQGtAPbs4Cncxg==
+terser-webpack-plugin@^1.4.3:
+  version "1.4.3"
+  resolved "https://registry.yarnpkg.com/terser-webpack-plugin/-/terser-webpack-plugin-1.4.3.tgz#5ecaf2dbdc5fb99745fd06791f46fc9ddb1c9a7c"
+  integrity sha512-QMxecFz/gHQwteWwSo5nTc6UaICqN1bMedC5sMtUc7y3Ha3Q8y6ZO0iCR8pq4RJC8Hjf0FEPEHZqcMB/+DFCrA==
   dependencies:
     cacache "^12.0.2"
     find-cache-dir "^2.1.0"
     is-wsl "^1.1.0"
     schema-utils "^1.0.0"
-    serialize-javascript "^1.7.0"
+    serialize-javascript "^2.1.2"
     source-map "^0.6.1"
     terser "^4.1.2"
     webpack-sources "^1.4.0"
@@ -5083,10 +5083,10 @@ webpack-sources@^1.4.0, webpack-sources@^1.4.1:
     source-list-map "^2.0.0"
     source-map "~0.6.1"
 
-webpack@^4.40.2:
-  version "4.40.2"
-  resolved "https://registry.yarnpkg.com/webpack/-/webpack-4.40.2.tgz#d21433d250f900bf0facbabe8f50d585b2dc30a7"
-  integrity sha512-5nIvteTDCUws2DVvP9Qe+JPla7kWPPIDFZv55To7IycHWZ+Z5qBdaBYPyuXWdhggTufZkQwfIK+5rKQTVovm2A==
+webpack@^4.41.3:
+  version "4.41.3"
+  resolved "https://registry.yarnpkg.com/webpack/-/webpack-4.41.3.tgz#cb7592c43080337dbc9be9e98fc6478eb3981026"
+  integrity sha512-EcNzP9jGoxpQAXq1VOoTet0ik7/VVU1MovIfcUSAjLowc7GhcQku/sOXALvq5nPpSei2HF6VRhibeJSC3i/Law==
   dependencies:
     "@webassemblyjs/ast" "1.8.5"
     "@webassemblyjs/helper-module-context" "1.8.5"
@@ -5108,7 +5108,7 @@ webpack@^4.40.2:
     node-libs-browser "^2.2.1"
     schema-utils "^1.0.0"
     tapable "^1.1.3"
-    terser-webpack-plugin "^1.4.1"
+    terser-webpack-plugin "^1.4.3"
     watchpack "^1.6.0"
     webpack-sources "^1.4.1"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 11.4.0
+  version: 11.7.1
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-10 00:00:00.000000000 Z
+date: 2020-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -108,6 +108,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-nav
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-stack_explorer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rb-readline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -197,6 +239,7 @@ files:
 - app/controllers/concerns/shopify_app/authenticated.rb
 - app/controllers/shopify_app/authenticated_controller.rb
 - app/controllers/shopify_app/callback_controller.rb
+- app/controllers/shopify_app/extension_verification_controller.rb
 - app/controllers/shopify_app/sessions_controller.rb
 - app/controllers/shopify_app/webhooks_controller.rb
 - app/views/shopify_app/partials/_button_styles.html.erb
@@ -235,6 +278,8 @@ files:
 - docs/Quickstart.md
 - docs/Releasing.md
 - docs/Troubleshooting.md
+- docs/install-on-dev-shop.png
+- docs/test-your-app.png
 - images/app-proxy-screenshot.png
 - karma.conf.js
 - lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb
@@ -275,6 +320,10 @@ files:
 - lib/generators/shopify_app/shop_model/templates/shop.rb
 - lib/generators/shopify_app/shop_model/templates/shops.yml
 - lib/generators/shopify_app/shopify_app_generator.rb
+- lib/generators/shopify_app/user_model/templates/db/migrate/create_users.erb
+- lib/generators/shopify_app/user_model/templates/user.rb
+- lib/generators/shopify_app/user_model/templates/users.yml
+- lib/generators/shopify_app/user_model/user_model_generator.rb
 - lib/generators/shopify_app/views/views_generator.rb
 - lib/shopify_app.rb
 - lib/shopify_app/configuration.rb
@@ -284,15 +333,17 @@ files:
 - lib/shopify_app/controller_concerns/localization.rb
 - lib/shopify_app/controller_concerns/login_protection.rb
 - lib/shopify_app/controller_concerns/webhook_verification.rb
-- lib/shopify_app/controllers/extension_verification_controller.rb
 - lib/shopify_app/engine.rb
 - lib/shopify_app/jobs/scripttags_manager_job.rb
 - lib/shopify_app/jobs/webhooks_manager_job.rb
 - lib/shopify_app/managers/scripttags_manager.rb
 - lib/shopify_app/managers/webhooks_manager.rb
+- lib/shopify_app/middleware/same_site_cookie_middleware.rb
 - lib/shopify_app/session/in_memory_session_store.rb
 - lib/shopify_app/session/session_repository.rb
 - lib/shopify_app/session/session_storage.rb
+- lib/shopify_app/session/storage_strategies/shop_storage_strategy.rb
+- lib/shopify_app/session/storage_strategies/user_storage_strategy.rb
 - lib/shopify_app/utils.rb
 - lib/shopify_app/version.rb
 - package-lock.json

data/lib/shopify_app/controllers/extension_verification_controller.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-class ExtensionVerificationController < ActionController::Base
-  before_action :verify_request
-
-  private
-
-  def verify_request
-    hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
-    request_body = request.body.read
-    secret = ShopifyApp.configuration.secret
-    digest = OpenSSL::Digest.new('sha256')
-
-    expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
-    head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
-  end
-end