shopify_app 11.7.1 → 12.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b458ca32eeb9b1c13643fbb77333b744b7c95b015fec2a485e5fa4d3a18410c4
-  data.tar.gz: 84c33e75b4862583968a4ee6abf13fc0f455ed3977db33e7e130420d14ebca6b
+  metadata.gz: 97b51956c46bc3fa2f253b3a2a949bb65f338999b46cd28ec182c4774f6d2b01
+  data.tar.gz: 1f8199a550dfd21035e620e052b636c3c8956ae820c47385a80cc58981a78802
 SHA512:
-  metadata.gz: 3fde0d0d3c6e77a05afbad57a7db60866f738d5520453394027ab2bda81b31fb615ce0db59f0147327dce90ed1e0b6b9093129b49778d4f65550abfca7ad2c8d
-  data.tar.gz: 475d5a91322c9f4e59a4b2977a781fc4f3c74db719142f9af06e6d51843fda44537993f1a4620e3db538760f16f7bf017eeab7126464826b1fe701bf8b222945
+  metadata.gz: 10004812203cadeaa93607ef0726bb0f96d541b363da568bb379260b9861773392050a42ab99fbabca69517d0851deb4263ba2de7f4f8c33865c6e83b2f71772
+  data.tar.gz: a777827c69680e90cf514cd0409039d393c1f7a6c0c523f6d3a61b6dd01cd2e3bfcfbe5ea67aa42bd9e4c8b2a57cd53d9d27a6378833055d47bf4745c155fc2f

data/CHANGELOG.md

@@ -1,3 +1,28 @@
+12.0.4
+------
+* Reverts reverted PR (#895) #897
+
+12.0.3
+------
+* Moves samesite middleware higher in the stack #898
+* Fix issue where not redirecting user to granted storage page casues infinite loop #900
+
+12.0.2
+------
+* Reverts "Fix for return_to in safari after enable_cookies/granted_storage_access" introduced in 12.0.1
+
+12.0.1
+------
+* disable samesite cookie middleware in tests
+* middleware compatibility for ruby 2.3
+* samesite cookie fixes for javascript libraries
+* change generators to add AppBridge instead of EASDK
+* Fix for return_to in safari after enable_cookies/granted_storage_access
+
+12.0.0
+-----
+* Updating shopify_api gem to 9.0.0
+
 11.7.1
 -----
 * Fix to allow SessionStorage to be flexible on what model names that the are used for storing shop and user data

data/README.md

@@ -439,6 +439,11 @@ end
 Create your app proxy url in the [Shopify Partners' Dashboard][dashboard], making sure to point it to `https://your_app_website.com/app_proxy`.
 ![Creating an App Proxy](/images/app-proxy-screenshot.png)
 
+App Bridge
+---
+
+A basic example of using [App Bridge][app-bridge] is included in the install generator. An app instance is automatically initialized in [shopify_app.js](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/shopify_app.js) and [flash_messages.js](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/flash_messages.js) converts Rails [flash messages](https://api.rubyonrails.org/classes/ActionDispatch/Flash.html) to App Bridge Toast actions automatically. By default, this library is included via [unpkg in the embedded_app layout](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/embedded_app.html.erb#L27). For more advanced uses it is recommended to [install App Bridge via npm or yarn](https://help.shopify.com/en/api/embedded-apps/app-bridge/getting-started#set-up-shopify-app-bridge-in-your-app).
+
 Troubleshooting
 ---------------
 
@@ -537,3 +542,4 @@ is changed to
 You will need to also follow the ShopifyAPI [upgrade guide](https://github.com/Shopify/shopify_api/blob/master/README.md#-breaking-change-notice-for-version-700-) to ensure your app is ready to work with api versioning.
 
 [dashboard]:https://partners.shopify.com
+[app-bridge]:https://help.shopify.com/en/api/embedded-apps/app-bridge

data/app/assets/javascripts/shopify_app/itp_helper.js

@@ -4,31 +4,31 @@
     this.itpAction = document.getElementById('TopLevelInteractionButton');
     this.redirectUrl = opts.redirectUrl;
   }
-  
+
   ITPHelper.prototype.redirect = function() {
     sessionStorage.setItem('shopify.top_level_interaction', true);
     window.location.href = this.redirectUrl;
   }
-  
+
   ITPHelper.prototype.userAgentIsAffected = function() {
     return Boolean(document.hasStorageAccess);
   }
-  
+
   ITPHelper.prototype.canPartitionCookies = function() {
     var versionRegEx = /Version\/12\.0\.?\d? Safari/;
     return versionRegEx.test(navigator.userAgent);
   }
-  
+
   ITPHelper.prototype.setUpContent = function(onClick) {
     this.itpContent.style.display = 'block';
     this.itpAction.addEventListener('click', this.redirect.bind(this));
   }
-  
+
   ITPHelper.prototype.execute = function() {
     if (!this.itpContent) {
       return;
     }
-  
+
     if (this.userAgentIsAffected()) {
       this.setUpContent();
     } else {

data/app/assets/javascripts/shopify_app/storage_access.js

@@ -28,18 +28,47 @@
     window.parent.location.href = this.redirectData.myshopifyUrl + '/admin/apps';
   }
 
-  StorageAccessHelper.prototype.redirectToAppHome = function() {
-    window.location.href = this.redirectData.appHomeUrl;
+  StorageAccessHelper.prototype.redirectToAppTargetUrl = function() {
+    window.location.href = this.redirectData.appTargetUrl;
+  }
+
+  StorageAccessHelper.prototype.sameSiteNoneIncompatible = function(ua) {
+    return ua.includes("iPhone OS 12_") || ua.includes("iPad; CPU OS 12_") || //iOS 12
+    (ua.includes("UCBrowser/")
+        ? this.isOlderUcBrowser(ua) //UC Browser < 12.13.2
+        : (ua.includes("Chrome/5") || ua.includes("Chrome/6"))) ||
+    ua.includes("Chromium/5") || ua.includes("Chromium/6") ||
+    (ua.includes(" OS X 10_14_") &&
+        ((ua.includes("Version/") && ua.includes("Safari")) || //Safari on MacOS 10.14
+        ua.endsWith("(KHTML, like Gecko)"))); //Web view on MacOS 10.14
+  }
+
+  StorageAccessHelper.prototype.isOlderUcBrowser = function(ua) {
+    var match = ua.match(/UCBrowser\/(\d+)\.(\d+)\.(\d+)\./);
+    if (!match) return false;
+    var major = parseInt(match[1]);
+    var minor = parseInt(match[2]);
+    var build = parseInt(match[3]);
+    if (major != 12) return major < 12;
+    if (minor != 13) return minor < 13;
+    return build < 2;
+  }
+
+  StorageAccessHelper.prototype.setCookie = function(value) {
+    if(!this.sameSiteNoneIncompatible(navigator.userAgent)) {
+      value += '; secure; SameSite=None'
+    }
+    document.cookie = value;
   }
 
   StorageAccessHelper.prototype.grantedStorageAccess = function() {
     try {
       sessionStorage.setItem('shopify.granted_storage_access', true);
-      document.cookie = 'shopify.granted_storage_access=true';
+      this.setCookie('shopify.granted_storage_access=true');
       if (!document.cookie) {
         throw 'Cannot set third-party cookie.'
       }
-      this.redirectToAppHome();
+      this.redirectToAppTargetUrl();
     } catch (error) {
       console.warn('Third party cookies may be blocked.', error);
       this.redirectToAppTLD(ACCESS_DENIED_STATUS);
@@ -61,7 +90,7 @@
   StorageAccessHelper.prototype.handleHasStorageAccess = function() {
     if (sessionStorage.getItem('shopify.granted_storage_access')) {
       // If app was classified by ITP and used Storage Access API to acquire access
-      this.redirectToAppHome();
+      this.redirectToAppTargetUrl();
     } else {
       // If app has not been classified by ITP and still has storage access
       this.redirectToAppTLD(ACCESS_GRANTED_STATUS);
@@ -107,7 +136,7 @@
   }
 
   StorageAccessHelper.prototype.setCookieAndRedirect = function() {
-    document.cookie = "shopify.cookies_persist=true";
+    this.setCookie('shopify.cookies_persist=true');
     var helper = this.setUpHelper();
     helper.redirect();
   }

data/app/controllers/shopify_app/sessions_controller.rb

@@ -20,11 +20,15 @@ module ShopifyApp
 
       render(:enable_cookies, layout: false, locals: {
         does_not_have_storage_access_url: top_level_interaction_path(
-          shop: sanitized_shop_name
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
         ),
         has_storage_access_url: login_url_with_optional_shop(top_level: true),
-        app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
-        current_shopify_domain: current_shopify_domain,
+        app_target_url: granted_storage_access_path(
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
+        ),
+        current_shopify_domain: current_shopify_domain
       })
     end
 
@@ -38,8 +42,9 @@ module ShopifyApp
 
       session['shopify.granted_storage_access'] = true
 
-      params = { shop: @shop }
-      redirect_to("#{return_address}?#{params.to_query}")
+      copy_return_to_param_to_session
+
+      redirect_to(return_address_with_params({ shop: @shop }))
     end
 
     def destroy
@@ -54,7 +59,7 @@ module ShopifyApp
       return render_invalid_shop_error unless sanitized_shop_name.present?
       session['shopify.omniauth_params'] = { shop: sanitized_shop_name }
 
-      session[:return_to] = params[:return_to] if params[:return_to]
+      copy_return_to_param_to_session
 
       if user_agent_can_partition_cookies
         authenticate_with_partitioning
@@ -93,6 +98,10 @@ module ShopifyApp
       true
     end
 
+    def copy_return_to_param_to_session
+      session[:return_to] = params[:return_to] if params[:return_to]
+    end
+
     def render_invalid_shop_error
       flash[:error] = I18n.t('invalid_shop_url')
       redirect_to return_address
@@ -133,11 +142,15 @@ module ShopifyApp
         layout: false,
         locals: {
           does_not_have_storage_access_url: top_level_interaction_path(
-            shop: sanitized_shop_name
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
           ),
           has_storage_access_url: login_url_with_optional_shop(top_level: true),
-          app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
-          current_shopify_domain: current_shopify_domain,
+          app_target_url: granted_storage_access_path(
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
+          ),
+          current_shopify_domain: current_shopify_domain
         }
       )
     end

data/app/views/shopify_app/sessions/enable_cookies.html.erb

@@ -32,7 +32,7 @@
           myshopifyUrl: "https://#{current_shopify_domain}",
           hasStorageAccessUrl: "#{has_storage_access_url}",
           doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
-          appHomeUrl: "#{app_home_url}"
+          appTargetUrl: "#{app_target_url}"
         },
       },
     )

data/app/views/shopify_app/sessions/request_storage_access.html.erb

@@ -24,7 +24,7 @@
                       myshopifyUrl: "https://#{current_shopify_domain}",
                       hasStorageAccessUrl: "#{has_storage_access_url}",
                       doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
-                      appHomeUrl: "#{app_home_url}"
+                      appTargetUrl: "#{app_target_url}"
                   },
               },
               )

data/config/locales/pt-BR.yml

@@ -4,7 +4,7 @@ pt-BR:
   could_not_log_in: Não foi possível fazer login na Shopify store
   invalid_shop_url: Domínio de loja inválido
   enable_cookies_heading: Habilitar cookies de %{app}
-  enable_cookies_body: Você deve habilitar manualmente os cookies neste navegador
+  enable_cookies_body: Você precisa habilitar manualmente os cookies neste navegador
     para usar %{app} dentro da Shopify.
   enable_cookies_footer: Os cookies permitem que o app o autentique armazenando temporariamente
     suas preferências e dados pessoais. Eles expiram depois de 30 dias.

data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb

@@ -3,11 +3,7 @@
 class MarketingActivitiesController < ShopifyApp::ExtensionVerificationController
   def preload_form_data
     preload_data = {
-      "form_data": {
-        "budget": {
-          "currency": "USD",
-        }
-      }
+      "form_data": {}
     }
     render(json: preload_data, status: :ok)
   end

data/lib/generators/shopify_app/home_controller/home_controller_generator.rb

@@ -11,12 +11,6 @@ module ShopifyApp
 
       def create_home_index_view
         copy_file 'index.html.erb', 'app/views/home/index.html.erb'
-        if embedded_app?
-          prepend_to_file(
-            'app/views/home/index.html.erb',
-            File.read(File.expand_path(find_in_source_paths('shopify_app_ready_script.html.erb')))
-          )
-        end
       end
 
       def add_home_index_route

data/lib/generators/shopify_app/install/templates/embedded_app.html.erb

@@ -24,11 +24,11 @@
 
     <%= render 'layouts/flash_messages' %>
 
-    <script src="https://cdn.shopify.com/s/assets/external/app.js?<%= Time.now.strftime('%Y%m%d%H') %>"></script>
+    <script src="https://unpkg.com/@shopify/app-bridge"></script>
 
     <%= content_tag(:div, nil, id: 'shopify-app-init', data: {
       api_key: ShopifyApp.configuration.api_key,
-      shop_origin: ("https://#{ @shop_session.url }" if @shop_session),
+      shop_origin: (@shop_session.domain if @shop_session),
       debug: Rails.env.development?
     } ) %>
 

data/lib/generators/shopify_app/install/templates/flash_messages.js

@@ -4,12 +4,21 @@ if (!document.documentElement.hasAttribute("data-turbolinks-preview")) {
   document.addEventListener(eventName, function flash() {
     var flashData = JSON.parse(document.getElementById('shopify-app-flash').dataset.flash);
 
+    var Toast = window['app-bridge'].actions.Toast;
+
     if (flashData.notice) {
-      ShopifyApp.flashNotice(flashData.notice);
+      Toast.create(app, {
+        message: flashData.notice,
+        duration: 5000,
+      }).dispatch(Toast.Action.SHOW);
     }
 
     if (flashData.error) {
-      ShopifyApp.flashError(flashData.error);
+      Toast.create(app, {
+        message: flashData.error,
+        duration: 5000,
+        isError: true,
+      }).dispatch(Toast.Action.SHOW);
     }
 
     document.removeEventListener(eventName, flash)

data/lib/generators/shopify_app/install/templates/shopify_app.js

@@ -1,9 +1,15 @@
 document.addEventListener('DOMContentLoaded', () => {
   var data = document.getElementById('shopify-app-init').dataset;
-  ShopifyApp.init({
+  var AppBridge = window['app-bridge'];
+  var createApp = AppBridge.default;
+  window.app = createApp({
     apiKey: data.apiKey,
     shopOrigin: data.shopOrigin,
-    debug: data.debug === 'true',
-    forceRedirect: true
+  });
+
+  var actions = AppBridge.actions;
+  var TitleBar = actions.TitleBar;
+  TitleBar.create(app, {
+    title: data.page,
   });
 });

data/lib/shopify_app/configuration.rb

@@ -66,7 +66,7 @@ module ShopifyApp
     end
 
     def enable_same_site_none
-      @enable_same_site_none.nil? ? embedded_app? : @enable_same_site_none
+      !Rails.env.test? && (@enable_same_site_none.nil? ? embedded_app? : @enable_same_site_none)
     end
   end
 

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -63,8 +63,14 @@ module ShopifyApp
         head :unauthorized
       else
         if request.get?
-          session[:return_to] = "#{request.path}?#{sanitized_params.to_query}"
+          path = request.path
+          query = sanitized_params.to_query
+        else
+          referer = URI(request.referer || "/")
+          path = referer.path
+          query = "#{referer.query}&#{sanitized_params.to_query}"
         end
+        session[:return_to] = "#{path}?#{query}"
         redirect_to(login_url_with_optional_shop)
       end
     end
@@ -94,8 +100,10 @@ module ShopifyApp
       query_params = {}
       query_params[:shop] = sanitized_params[:shop] if params[:shop].present?
 
-      if session[:return_to] && return_to_param_required?
-        query_params[:return_to] = session[:return_to]
+      return_to = session[:return_to] || params[:return_to]
+
+      if return_to.present? && return_to_param_required?
+        query_params[:return_to] = return_to
       end
 
       has_referer_shop_name = referer_sanitized_shop_name.present?
@@ -159,5 +167,15 @@ module ShopifyApp
     def return_address
       session.delete(:return_to) || ShopifyApp.configuration.root_url
     end
+
+    def return_address_with_params(params)
+      uri = URI(return_address)
+      uri.query = CGI.parse(uri.query.to_s)
+        .symbolize_keys
+        .transform_values { |v| v.one? ? v.first : v }
+        .merge(params)
+        .to_query
+      uri.to_s
+    end
   end
 end

data/lib/shopify_app/engine.rb

@@ -14,7 +14,7 @@ module ShopifyApp
     end
 
     initializer "shopify_app.middleware" do |app|
-      app.config.middleware.insert_before(ActionDispatch::Cookies, ShopifyApp::SameSiteCookieMiddleware)
+      app.config.middleware.insert_after(::Rack::Runtime, ShopifyApp::SameSiteCookieMiddleware)
     end
   end
 end

data/lib/shopify_app/middleware/same_site_cookie_middleware.rb

@@ -1,25 +1,32 @@
 module ShopifyApp
   class SameSiteCookieMiddleware
+    COOKIE_SEPARATOR = "\n"
+
     def initialize(app)
       @app = app
     end
 
     def call(env)
-      _status, headers, _body = @app.call(env)
-    ensure
+      status, headers, body = @app.call(env)
       user_agent = env['HTTP_USER_AGENT']
 
-      if headers && headers['Set-Cookie'] && !SameSiteCookieMiddleware.same_site_none_incompatible?(user_agent) &&
+      if headers && headers['Set-Cookie'] &&
+          !SameSiteCookieMiddleware.same_site_none_incompatible?(user_agent) &&
           ShopifyApp.configuration.enable_same_site_none
 
-        cookies = headers['Set-Cookie'].split("\n").compact
-
-        cookies.each do |cookie|
-          unless cookie.include?("; SameSite")
-            headers['Set-Cookie'] = headers['Set-Cookie'].gsub("#{cookie}", "#{cookie}; secure; SameSite=None")
+        set_cookies = headers['Set-Cookie']
+          .split(COOKIE_SEPARATOR)
+          .compact
+          .map do |cookie|
+            cookie << '; Secure' if not cookie =~ /;\s*secure/i
+            cookie << '; SameSite=None' unless cookie =~ /;\s*samesite=/i
+            cookie
           end
-        end
+
+        headers['Set-Cookie'] = set_cookies.join(COOKIE_SEPARATOR)
       end
+
+      [status, headers, body]
     end
 
     def self.same_site_none_incompatible?(user_agent)
@@ -31,8 +38,8 @@ module ShopifyApp
     end
 
     def self.webkit_same_site_bug?(sniffer)
-      (sniffer.os == :ios && sniffer.os_version.match?(/^([0-9]|1[12])[\.\_]/)) ||
-        (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match?(/^10[\.\_]14/))
+      (sniffer.os == :ios && sniffer.os_version.match(/^([0-9]|1[12])[\.\_]/)) ||
+        (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match(/^10[\.\_]14/))
     end
 
     def self.drops_unrecognized_same_site_cookies?(sniffer)
@@ -41,11 +48,11 @@ module ShopifyApp
     end
 
     def self.chromium_based?(sniffer)
-      sniffer.browser_name.downcase.match?(/chrom(e|ium)/)
+      sniffer.browser_name.downcase.match(/chrom(e|ium)/)
     end
 
     def self.uc_browser?(sniffer)
-      sniffer.user_agent.downcase.match?(/uc\s?browser/)
+      sniffer.user_agent.downcase.match(/uc\s?browser/)
     end
 
     def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)

data/lib/shopify_app/version.rb

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '11.7.1'.freeze
+  VERSION = '12.0.4'.freeze
 end

data/package.json

@@ -1,5 +1,6 @@
 {
   "name": "shopify_app",
+  "version": "12.0.2",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",
@@ -23,6 +24,5 @@
   },
   "scripts": {
     "test": "./node_modules/.bin/karma start --browsers ChromeHeadless --single-run"
-  },
-  "version": "11.7.1"
+  }
 }

data/shopify_app.gemspec

@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
 
   s.add_runtime_dependency('browser_sniffer', '~> 1.1.3')
   s.add_runtime_dependency('rails', '> 5.2.1')
-  s.add_runtime_dependency('shopify_api', '~> 8.0')
+  s.add_runtime_dependency('shopify_api', '~> 9.0')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.0')
 
   s.add_development_dependency('rake')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 11.7.1
+  version: 12.0.4
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-21 00:00:00.000000000 Z
+date: 2020-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '9.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '9.0'
 - !ruby/object:Gem::Dependency
   name: omniauth-shopify-oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -298,7 +298,6 @@ files:
 - lib/generators/shopify_app/home_controller/home_controller_generator.rb
 - lib/generators/shopify_app/home_controller/templates/home_controller.rb
 - lib/generators/shopify_app/home_controller/templates/index.html.erb
-- lib/generators/shopify_app/home_controller/templates/shopify_app_ready_script.html.erb
 - lib/generators/shopify_app/install/install_generator.rb
 - lib/generators/shopify_app/install/templates/_flash_messages.html.erb
 - lib/generators/shopify_app/install/templates/embedded_app.html.erb

data/lib/generators/shopify_app/home_controller/templates/shopify_app_ready_script.html.erb

@@ -1,7 +0,0 @@
-<% content_for :javascript do %>
-  <script type="text/javascript">
-    ShopifyApp.ready(function(){
-      ShopifyApp.Bar.initialize({ title: "Home" });
-    });
-  </script>
-<% end %>