RubyGems - shopify_app - Versions diffs - 11.5.1 → 12.0.1 - Mend

shopify_app 11.5.1 → 12.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

data/lib/shopify_app/controller_concerns/login_protection.rb CHANGED

@@ -27,12 +27,30 @@ module ShopifyApp
     end
     def shop_session
-      return unless session[:shopify]
-      @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
+      if ShopifyApp.configuration.per_user_tokens?
+        return unless session[:shopify_user]
+        @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify_user]['id'])
+      else
+        return unless session[:shopify]
+        @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
+      end
     end
-    def login_again_if_different_shop
+    def login_again_if_different_user_or_shop
+      if ShopifyApp.configuration.per_user_tokens?
+        valid_session_data = session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
+        sessions_do_not_match = session[:user_session] != params[:session] # current user is different from stored user
+        if valid_session_data && sessions_do_not_match
+          clear_session = true
+        end
+      end
       if shop_session && params[:shop] && params[:shop].is_a?(String) && (shop_session.domain != params[:shop])
+        clear_session = true
+      end
+      if clear_session
         clear_shop_session
         redirect_to_login
       end
@@ -45,8 +63,14 @@ module ShopifyApp
         head :unauthorized
       else
         if request.get?
-          session[:return_to] = "#{request.path}?#{sanitized_params.to_query}"
+          path = request.path
+          query = sanitized_params.to_query
+        else
+          referer = URI(request.referer || "/")
+          path = referer.path
+          query = "#{referer.query}&#{sanitized_params.to_query}"
         end
+        session[:return_to] = "#{path}?#{query}"
         redirect_to(login_url_with_optional_shop)
       end
     end
@@ -60,6 +84,7 @@ module ShopifyApp
       session[:shopify] = nil
       session[:shopify_domain] = nil
       session[:shopify_user] = nil
+      session[:user_session] = nil
     end
     def login_url_with_optional_shop(top_level: false)
@@ -75,8 +100,10 @@ module ShopifyApp
       query_params = {}
       query_params[:shop] = sanitized_params[:shop] if params[:shop].present?
-      if session[:return_to] && return_to_param_required?
-        query_params[:return_to] = session[:return_to]
+      return_to = session[:return_to] || params[:return_to]
+      if return_to.present? && return_to_param_required?
+        query_params[:return_to] = return_to
       end
       has_referer_shop_name = referer_sanitized_shop_name.present?

data/lib/shopify_app/engine.rb CHANGED

@@ -12,5 +12,9 @@ module ShopifyApp
         storage_access.svg
       ]
     end
+    initializer "shopify_app.middleware" do |app|
+      app.config.middleware.insert_before(ActionDispatch::Cookies, ShopifyApp::SameSiteCookieMiddleware)
+    end
   end
 end

data/lib/shopify_app/middleware/same_site_cookie_middleware.rb ADDED

@@ -0,0 +1,60 @@
+module ShopifyApp
+  class SameSiteCookieMiddleware
+    def initialize(app)
+      @app = app
+    end
+    def call(env)
+      _status, headers, _body = @app.call(env)
+    ensure
+      user_agent = env['HTTP_USER_AGENT']
+      if headers && headers['Set-Cookie'] && !SameSiteCookieMiddleware.same_site_none_incompatible?(user_agent) &&
+          ShopifyApp.configuration.enable_same_site_none
+        cookies = headers['Set-Cookie'].split("\n").compact
+        cookies.each do |cookie|
+          unless cookie.include?("; SameSite")
+            headers['Set-Cookie'] = headers['Set-Cookie'].gsub(cookie, "#{cookie}; secure; SameSite=None")
+          end
+        end
+      end
+    end
+    def self.same_site_none_incompatible?(user_agent)
+      sniffer = BrowserSniffer.new(user_agent)
+      webkit_same_site_bug?(sniffer) || drops_unrecognized_same_site_cookies?(sniffer)
+    rescue
+      true
+    end
+    def self.webkit_same_site_bug?(sniffer)
+      (sniffer.os == :ios && sniffer.os_version.match(/^([0-9]|1[12])[\.\_]/)) ||
+        (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match(/^10[\.\_]14/))
+    end
+    def self.drops_unrecognized_same_site_cookies?(sniffer)
+      (chromium_based?(sniffer) && sniffer.major_browser_version >= 51 && sniffer.major_browser_version <= 66) ||
+        (uc_browser?(sniffer) && !uc_browser_version_at_least?(sniffer: sniffer, major: 12, minor: 13, build: 2))
+    end
+    def self.chromium_based?(sniffer)
+      sniffer.browser_name.downcase.match(/chrom(e|ium)/)
+    end
+    def self.uc_browser?(sniffer)
+      sniffer.user_agent.downcase.match(/uc\s?browser/)
+    end
+    def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)
+      digits = sniffer.browser_version.split('.').map(&:to_i)
+      return false unless digits.count >= 3
+      return digits[0] > major if digits[0] != major
+      return digits[1] > minor if digits[1] != minor
+      digits[2] >= build
+    end
+  end
+end

data/lib/shopify_app/session/in_memory_session_store.rb CHANGED

@@ -6,7 +6,7 @@ module ShopifyApp
       repo[id]
     end
-    def self.store(session)
+    def self.store(session, *args)
       id = SecureRandom.uuid
       repo[id] = session
       id

data/lib/shopify_app/session/session_repository.rb CHANGED

@@ -15,8 +15,8 @@ module ShopifyApp
         storage.retrieve(id)
       end
-      def store(session)
-        storage.store(session)
+      def store(session, *args)
+        storage.store(session, *args)
       end
       def storage

data/lib/shopify_app/session/session_storage.rb CHANGED

@@ -3,9 +3,18 @@ module ShopifyApp
     extend ActiveSupport::Concern
     included do
-      validates :shopify_domain, presence: true, uniqueness: { case_sensitive: false }
+      if ShopifyApp.configuration.per_user_tokens?
+        extend ShopifyApp::SessionStorage::UserStorageStrategy
+      else
+        extend ShopifyApp::SessionStorage::ShopStorageStrategy
+      end
       validates :shopify_token, presence: true
       validates :api_version, presence: true
+      validates :shopify_domain, presence: true,
+        if: Proc.new {|_| ShopifyApp.configuration.per_user_tokens? }
+      validates :shopify_domain, presence: true, uniqueness: { case_sensitive: false },
+        if: Proc.new {|_| !ShopifyApp.configuration.per_user_tokens? }
     end
     def with_shopify_session(&block)
@@ -16,26 +25,5 @@ module ShopifyApp
         &block
       )
     end
-    class_methods do
-      def store(session)
-        shop = find_or_initialize_by(shopify_domain: session.domain)
-        shop.shopify_token = session.token
-        shop.save!
-        shop.id
-      end
-      def retrieve(id)
-        return unless id
-        if shop = self.find_by(id: id)
-          ShopifyAPI::Session.new(
-            domain: shop.shopify_domain,
-            token: shop.shopify_token,
-            api_version: shop.api_version
-          )
-        end
-      end
-    end
   end
 end

data/lib/shopify_app/session/storage_strategies/shop_storage_strategy.rb ADDED

@@ -0,0 +1,23 @@
+module ShopifyApp
+  module SessionStorage
+    module ShopStorageStrategy
+      def store(auth_session, *args)
+        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
+        shop.shopify_token = auth_session.token
+        shop.save!
+        shop.id
+      end
+      def retrieve(id)
+        return unless id
+        if shop = self.find_by(id: id)
+          ShopifyAPI::Session.new(
+            domain: shop.shopify_domain,
+            token: shop.shopify_token,
+            api_version: shop.api_version
+          )
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/session/storage_strategies/user_storage_strategy.rb ADDED

@@ -0,0 +1,24 @@
+module ShopifyApp
+  module SessionStorage
+    module UserStorageStrategy
+      def store(auth_session, user)
+        user = find_or_initialize_by(shopify_user_id: user[:id])
+        user.shopify_token = auth_session.token
+        user.shopify_domain = auth_session.domain
+        user.save!
+        user.id
+      end
+      def retrieve(id)
+        return unless id
+        if user = self.find_by(shopify_user_id: id)
+          ShopifyAPI::Session.new(
+            domain: user.shopify_domain,
+            token: user.shopify_token,
+            api_version: user.api_version
+          )
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/version.rb CHANGED

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '11.5.1'.freeze
+  VERSION = '12.0.1'.freeze
 end

data/package.json CHANGED

@@ -1,5 +1,6 @@
 {
   "name": "shopify_app",
+  "version": "12.0.1",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/service.yml CHANGED

@@ -2,6 +2,6 @@ audience: partner
 classification: library
 org_line: App & Partner Platform
 owners:
-  - Shopify/app-partner-dev-tools-education
+  - Shopify/platform-dev-tools-education
 slack_channels:
   - dev-tools-education

data/shopify_app.gemspec CHANGED

@@ -12,12 +12,15 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency('browser_sniffer', '~> 1.1.3')
   s.add_runtime_dependency('rails', '> 5.2.1')
-  s.add_runtime_dependency('shopify_api', '~> 8.0')
+  s.add_runtime_dependency('shopify_api', '~> 9.0')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.0')
   s.add_development_dependency('rake')
   s.add_development_dependency('byebug')
   s.add_development_dependency('pry')
+  s.add_development_dependency('pry-nav')
+  s.add_development_dependency('pry-stack_explorer')
+  s.add_development_dependency('rb-readline')
   s.add_development_dependency('sqlite3', '~> 1.4')
   s.add_development_dependency('minitest')
   s.add_development_dependency('mocha')
@@ -26,4 +29,4 @@ Gem::Specification.new do |s|
   s.files         = `git ls-files`.split("\n").reject { |f| f.match(%r{^(test|example)/}) }
   s.test_files    = `git ls-files -- {test}/*`.split("\n")
   s.require_paths = ["lib"]
-end
+end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 11.5.1
+  version: 12.0.1
 platform: ruby
 authors:
 - Shopify
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-08 00:00:00.000000000 Z
+date: 2020-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '9.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: omniauth-shopify-oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +108,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-nav
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-stack_explorer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rb-readline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -197,6 +239,7 @@ files:
 - app/controllers/concerns/shopify_app/authenticated.rb
 - app/controllers/shopify_app/authenticated_controller.rb
 - app/controllers/shopify_app/callback_controller.rb
+- app/controllers/shopify_app/extension_verification_controller.rb
 - app/controllers/shopify_app/sessions_controller.rb
 - app/controllers/shopify_app/webhooks_controller.rb
 - app/views/shopify_app/partials/_button_styles.html.erb
@@ -235,6 +278,8 @@ files:
 - docs/Quickstart.md
 - docs/Releasing.md
 - docs/Troubleshooting.md
+- docs/install-on-dev-shop.png
+- docs/test-your-app.png
 - images/app-proxy-screenshot.png
 - karma.conf.js
 - lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb
@@ -253,7 +298,6 @@ files:
 - lib/generators/shopify_app/home_controller/home_controller_generator.rb
 - lib/generators/shopify_app/home_controller/templates/home_controller.rb
 - lib/generators/shopify_app/home_controller/templates/index.html.erb
-- lib/generators/shopify_app/home_controller/templates/shopify_app_ready_script.html.erb
 - lib/generators/shopify_app/install/install_generator.rb
 - lib/generators/shopify_app/install/templates/_flash_messages.html.erb
 - lib/generators/shopify_app/install/templates/embedded_app.html.erb
@@ -275,6 +319,10 @@ files:
 - lib/generators/shopify_app/shop_model/templates/shop.rb
 - lib/generators/shopify_app/shop_model/templates/shops.yml
 - lib/generators/shopify_app/shopify_app_generator.rb
+- lib/generators/shopify_app/user_model/templates/db/migrate/create_users.erb
+- lib/generators/shopify_app/user_model/templates/user.rb
+- lib/generators/shopify_app/user_model/templates/users.yml
+- lib/generators/shopify_app/user_model/user_model_generator.rb
 - lib/generators/shopify_app/views/views_generator.rb
 - lib/shopify_app.rb
 - lib/shopify_app/configuration.rb
@@ -284,15 +332,17 @@ files:
 - lib/shopify_app/controller_concerns/localization.rb
 - lib/shopify_app/controller_concerns/login_protection.rb
 - lib/shopify_app/controller_concerns/webhook_verification.rb
-- lib/shopify_app/controllers/extension_verification_controller.rb
 - lib/shopify_app/engine.rb
 - lib/shopify_app/jobs/scripttags_manager_job.rb
 - lib/shopify_app/jobs/webhooks_manager_job.rb
 - lib/shopify_app/managers/scripttags_manager.rb
 - lib/shopify_app/managers/webhooks_manager.rb
+- lib/shopify_app/middleware/same_site_cookie_middleware.rb
 - lib/shopify_app/session/in_memory_session_store.rb
 - lib/shopify_app/session/session_repository.rb
 - lib/shopify_app/session/session_storage.rb
+- lib/shopify_app/session/storage_strategies/shop_storage_strategy.rb
+- lib/shopify_app/session/storage_strategies/user_storage_strategy.rb
 - lib/shopify_app/utils.rb
 - lib/shopify_app/version.rb
 - package-lock.json

data/lib/generators/shopify_app/home_controller/templates/shopify_app_ready_script.html.erb DELETED

@@ -1,7 +0,0 @@
-<% content_for :javascript do %>
-  <script type="text/javascript">
-    ShopifyApp.ready(function(){
-      ShopifyApp.Bar.initialize({ title: "Home" });
-    });
-  </script>
-<% end %>