RubyGems - shopify_app - Versions diffs - 12.0.0 → 13.0.0 - Mend

shopify_app 12.0.0 → 13.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

data/app/views/shopify_app/sessions/enable_cookies.html.erb CHANGED Viewed

@@ -32,7 +32,7 @@
           myshopifyUrl: "https://#{current_shopify_domain}",
           hasStorageAccessUrl: "#{has_storage_access_url}",
           doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
-          appHomeUrl: "#{app_home_url}"
+          appTargetUrl: "#{app_target_url}"
         },
       },
     )

data/app/views/shopify_app/sessions/request_storage_access.html.erb CHANGED Viewed

@@ -24,7 +24,7 @@
                       myshopifyUrl: "https://#{current_shopify_domain}",
                       hasStorageAccessUrl: "#{has_storage_access_url}",
                       doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
-                      appHomeUrl: "#{app_home_url}"
+                      appTargetUrl: "#{app_target_url}"
                   },
               },
               )

data/config/locales/pt-BR.yml CHANGED Viewed

@@ -4,7 +4,7 @@ pt-BR:
   could_not_log_in: Não foi possível fazer login na Shopify store
   invalid_shop_url: Domínio de loja inválido
   enable_cookies_heading: Habilitar cookies de %{app}
-  enable_cookies_body: Você deve habilitar manualmente os cookies neste navegador
+  enable_cookies_body: Você precisa habilitar manualmente os cookies neste navegador
     para usar %{app} dentro da Shopify.
   enable_cookies_footer: Os cookies permitem que o app o autentique armazenando temporariamente
     suas preferências e dados pessoais. Eles expiram depois de 30 dias.

data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb CHANGED Viewed

@@ -3,11 +3,7 @@
 class MarketingActivitiesController < ShopifyApp::ExtensionVerificationController
   def preload_form_data
     preload_data = {
-      "form_data": {
-        "budget": {
-          "currency": "USD",
-        }
-      }
+      "form_data": {}
     }
     render(json: preload_data, status: :ok)
   end

data/lib/generators/shopify_app/home_controller/templates/index.html.erb CHANGED Viewed

@@ -2,7 +2,7 @@
 <ul>
   <% @products.each do |product| %>
-    <li><%= link_to product.title, "https://#{@shop_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
+    <li><%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
   <% end %>
 </ul>

data/lib/generators/shopify_app/install/templates/embedded_app.html.erb CHANGED Viewed

@@ -28,7 +28,7 @@
     <%= content_tag(:div, nil, id: 'shopify-app-init', data: {
       api_key: ShopifyApp.configuration.api_key,
-      shop_origin: (@shop_session.domain if @shop_session),
+      shop_origin: (@current_shopify_session.domain if @current_shopify_session),
       debug: Rails.env.development?
     } ) %>

data/lib/generators/shopify_app/install/templates/shopify_app.rb CHANGED Viewed

@@ -8,7 +8,7 @@ ShopifyApp.configure do |config|
   config.embedded_app = <%= embedded_app? %>
   config.after_authenticate_job = false
   config.api_version = "<%= @api_version %>"
-  config.session_repository = 'ShopifyApp::InMemorySessionStore'
+  config.shop_session_repository = 'ShopifyApp::InMemoryShopSessionStore'
 end
 # ShopifyApp::Utils.fetch_known_api_versions                        # Uncomment to fetch known api versions from shopify servers on boot

data/lib/generators/shopify_app/install/templates/shopify_provider.rb CHANGED Viewed

@@ -4,7 +4,6 @@ provider :shopify,
   ShopifyApp.configuration.api_key,
   ShopifyApp.configuration.secret,
   scope: ShopifyApp.configuration.scope,
-  per_user_permissions: ShopifyApp.configuration.per_user_tokens,
   setup: lambda { |env|
     strategy = env['omniauth.strategy']
@@ -17,4 +16,5 @@ provider :shopify,
     strategy.options[:client_options][:site] = shop
     strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
+    strategy.options[:per_user_permissions] = strategy.session[:user_tokens]
   }

data/lib/generators/shopify_app/shop_model/shop_model_generator.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module ShopifyApp
       end
       def update_shopify_app_initializer
-        gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemorySessionStore', 'Shop'
+        gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryShopSessionStore', 'Shop'
       end
       def create_shop_fixtures

data/lib/generators/shopify_app/shop_model/templates/shop.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 class Shop < ActiveRecord::Base
-  include ShopifyApp::SessionStorage
+  include ShopifyApp::ShopSessionStorage
   def api_version
     ShopifyApp.configuration.api_version

data/lib/generators/shopify_app/user_model/templates/user.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 class User < ActiveRecord::Base
-  include ShopifyApp::SessionStorage
+  include ShopifyApp::UserSessionStorage
   def api_version
     ShopifyApp.configuration.api_version

data/lib/generators/shopify_app/user_model/user_model_generator.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module ShopifyApp
       end
       def update_shopify_app_initializer
-        gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemorySessionStore', 'User'
+        gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryUserSessionStore', 'User'
       end
       def create_user_fixtures

data/lib/shopify_app/configuration.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module ShopifyApp
     # for the app in your Shopify Partners page. Change your settings in
     # `config/initializers/shopify_app.rb`
     attr_accessor :application_name
-    attr_accessor :api_key
+    attr_accessor  :api_key
     attr_accessor :secret
     attr_accessor :old_secret
     attr_accessor :scope
@@ -14,9 +14,8 @@ module ShopifyApp
     attr_accessor :webhooks
     attr_accessor :scripttags
     attr_accessor :after_authenticate_job
-    attr_reader :session_repository
-    attr_accessor :per_user_tokens
-    alias_method :per_user_tokens?, :per_user_tokens
+    attr_reader :shop_session_repository
+    attr_reader :user_session_repository
     attr_accessor :api_version
     # customise urls
@@ -44,7 +43,6 @@ module ShopifyApp
       @myshopify_domain = 'myshopify.com'
       @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
       @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
-      @per_user_tokens = false
       @disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
     end
@@ -52,9 +50,14 @@ module ShopifyApp
       @login_url || File.join(@root_url, 'login')
     end
-    def session_repository=(klass)
-      @session_repository = klass
-      ShopifyApp::SessionRepository.storage = klass
+    def user_session_repository=(klass)
+      @user_session_repository = klass
+      ShopifyApp::SessionRepository.user_storage = klass
+    end
+    def shop_session_repository=(klass)
+      @shop_session_repository = klass
+      ShopifyApp::SessionRepository.shop_storage = klass
     end
     def has_webhooks?
@@ -66,7 +69,7 @@ module ShopifyApp
     end
     def enable_same_site_none
-      @enable_same_site_none.nil? ? embedded_app? : @enable_same_site_none
+      !Rails.env.test? && (@enable_same_site_none.nil? ? embedded_app? : @enable_same_site_none)
     end
   end

data/lib/shopify_app/controller_concerns/login_protection.rb CHANGED Viewed

@@ -14,44 +14,48 @@ module ShopifyApp
       rescue_from ActiveResource::UnauthorizedAccess, :with => :close_session
     end
-    def shopify_session
-      return redirect_to_login unless shop_session
+    def activate_shopify_session
+      return redirect_to_login if current_shopify_session.blank?
       clear_top_level_oauth_cookie
       begin
-        ShopifyAPI::Base.activate_session(shop_session)
+        ShopifyAPI::Base.activate_session(current_shopify_session)
         yield
       ensure
         ShopifyAPI::Base.clear_session
       end
     end
-    def shop_session
-      if ShopifyApp.configuration.per_user_tokens?
-        return unless session[:shopify_user]
-        @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify_user]['id'])
+    def current_shopify_session
+      if session[:user_id].present?
+        @current_shopify_session ||= user_session
       else
-        return unless session[:shopify]
-        @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
+        @current_shopify_session ||= shop_session
       end
     end
+    def user_session
+      return if session[:user_id].blank?
+      ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
+    end
+    def shop_session
+      return if session[:shop_id].blank?
+      ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
+    end
     def login_again_if_different_user_or_shop
-      if ShopifyApp.configuration.per_user_tokens?
-        valid_session_data = session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
-        sessions_do_not_match = session[:user_session] != params[:session] # current user is different from stored user
+      if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
+        clear_session = session[:user_session] != params[:session] # current user is different from stored user
-        if valid_session_data && sessions_do_not_match
-          clear_session = true
-        end
       end
-      if shop_session && params[:shop] && params[:shop].is_a?(String) && (shop_session.domain != params[:shop])
+      if current_shopify_session && params[:shop] && params[:shop].is_a?(String) && (current_shopify_session.domain != params[:shop])
         clear_session = true
       end
       if clear_session
-        clear_shop_session
+        clear_shopify_session
         redirect_to_login
       end
     end
@@ -76,12 +80,13 @@ module ShopifyApp
     end
     def close_session
-      clear_shop_session
+      clear_shopify_session
       redirect_to(login_url_with_optional_shop)
     end
-    def clear_shop_session
-      session[:shopify] = nil
+    def clear_shopify_session
+      session[:shop_id] = nil
+      session[:user_id] = nil
       session[:shopify_domain] = nil
       session[:shopify_user] = nil
       session[:user_session] = nil
@@ -100,8 +105,10 @@ module ShopifyApp
       query_params = {}
       query_params[:shop] = sanitized_params[:shop] if params[:shop].present?
-      if session[:return_to] && return_to_param_required?
-        query_params[:return_to] = session[:return_to]
+      return_to = session[:return_to] || params[:return_to]
+      if return_to.present? && return_to_param_required?
+        query_params[:return_to] = return_to
       end
       has_referer_shop_name = referer_sanitized_shop_name.present?
@@ -165,5 +172,15 @@ module ShopifyApp
     def return_address
       session.delete(:return_to) || ShopifyApp.configuration.root_url
     end
+    def return_address_with_params(params)
+      uri = URI(return_address)
+      uri.query = CGI.parse(uri.query.to_s)
+        .symbolize_keys
+        .transform_values { |v| v.one? ? v.first : v }
+        .merge(params)
+        .to_query
+      uri.to_s
+    end
   end
 end

data/lib/shopify_app/engine.rb CHANGED Viewed

@@ -14,7 +14,7 @@ module ShopifyApp
     end
     initializer "shopify_app.middleware" do |app|
-      app.config.middleware.insert_before(ActionDispatch::Cookies, ShopifyApp::SameSiteCookieMiddleware)
+      app.config.middleware.insert_after(::Rack::Runtime, ShopifyApp::SameSiteCookieMiddleware)
     end
   end
 end

data/lib/shopify_app/middleware/same_site_cookie_middleware.rb CHANGED Viewed

@@ -1,60 +1,33 @@
 module ShopifyApp
   class SameSiteCookieMiddleware
+    COOKIE_SEPARATOR = "\n"
     def initialize(app)
       @app = app
     end
     def call(env)
-      _status, headers, _body = @app.call(env)
-    ensure
+      status, headers, body = @app.call(env)
       user_agent = env['HTTP_USER_AGENT']
-      if headers && headers['Set-Cookie'] && !SameSiteCookieMiddleware.same_site_none_incompatible?(user_agent) &&
-          ShopifyApp.configuration.enable_same_site_none
-        cookies = headers['Set-Cookie'].split("\n").compact
-        cookies.each do |cookie|
-          unless cookie.include?("; SameSite")
-            headers['Set-Cookie'] = headers['Set-Cookie'].gsub("#{cookie}", "#{cookie}; secure; SameSite=None")
+      if headers && headers['Set-Cookie'] &&
+          BrowserSniffer.new(user_agent).same_site_none_compatible? &&
+          ShopifyApp.configuration.enable_same_site_none &&
+          Rack::Request.new(env).ssl?
+        set_cookies = headers['Set-Cookie']
+          .split(COOKIE_SEPARATOR)
+          .compact
+          .map do |cookie|
+            cookie << '; Secure' if not cookie =~ /;\s*secure/i
+            cookie << '; SameSite=None' unless cookie =~ /;\s*samesite=/i
+            cookie
           end
-        end
-      end
-    end
-    def self.same_site_none_incompatible?(user_agent)
-      sniffer = BrowserSniffer.new(user_agent)
-      webkit_same_site_bug?(sniffer) || drops_unrecognized_same_site_cookies?(sniffer)
-    rescue
-      true
-    end
-    def self.webkit_same_site_bug?(sniffer)
-      (sniffer.os == :ios && sniffer.os_version.match?(/^([0-9]|1[12])[\.\_]/)) ||
-        (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match?(/^10[\.\_]14/))
-    end
-    def self.drops_unrecognized_same_site_cookies?(sniffer)
-      (chromium_based?(sniffer) && sniffer.major_browser_version >= 51 && sniffer.major_browser_version <= 66) ||
-        (uc_browser?(sniffer) && !uc_browser_version_at_least?(sniffer: sniffer, major: 12, minor: 13, build: 2))
-    end
-    def self.chromium_based?(sniffer)
-      sniffer.browser_name.downcase.match?(/chrom(e|ium)/)
-    end
-    def self.uc_browser?(sniffer)
-      sniffer.user_agent.downcase.match?(/uc\s?browser/)
-    end
-    def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)
-      digits = sniffer.browser_version.split('.').map(&:to_i)
-      return false unless digits.count >= 3
+        headers['Set-Cookie'] = set_cookies.join(COOKIE_SEPARATOR)
+      end
-      return digits[0] > major if digits[0] != major
-      return digits[1] > minor if digits[1] != minor
-      digits[2] >= build
+      [status, headers, body]
     end
   end
 end

data/lib/shopify_app/session/in_memory_shop_session_store.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module ShopifyApp
+  class InMemoryShopSessionStore < InMemorySessionStore
+  end
+end

data/lib/shopify_app/session/in_memory_user_session_store.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module ShopifyApp
+  class InMemoryUserSessionStore < InMemorySessionStore
+  end
+end

data/lib/shopify_app/session/session_repository.rb CHANGED Viewed

@@ -3,31 +3,56 @@ module ShopifyApp
     class ConfigurationError < StandardError; end
     class << self
-      def storage=(storage)
-        @storage = storage
+      def shop_storage=(storage)
+        @shop_storage = storage
-        unless storage.nil? || self.storage.respond_to?(:store) && self.storage.respond_to?(:retrieve)
-          raise ArgumentError, "storage must respond to :store and :retrieve"
+        unless storage.nil? || self.shop_storage.respond_to?(:store) && self.shop_storage.respond_to?(:retrieve)
+          raise ArgumentError, "shop storage must respond to :store and :retrieve"
         end
       end
-      def retrieve(id)
-        storage.retrieve(id)
+      def user_storage=(storage)
+        @user_storage = storage
+        unless storage.nil? || self.user_storage.respond_to?(:store) && self.user_storage.respond_to?(:retrieve)
+          raise ArgumentError, "user storage must respond to :store and :retrieve"
+        end
+      end
+      def retrieve_shop_session(id)
+        shop_storage.retrieve(id)
+      end
+      def retrieve_user_session(id)
+        user_storage.retrieve(id)
       end
-      def store(session, *args)
-        storage.store(session, *args)
+      def store_shop_session(session)
+        shop_storage.store(session)
       end
-      def storage
-        load_storage || raise(ConfigurationError.new("ShopifySessionRepository.storage is not configured!"))
+      def store_user_session(session, user)
+        user_storage.store(session, user)
+      end
+      def shop_storage
+        load_shop_storage || raise(ConfigurationError.new("ShopifySessionRepository.shop_storage is not configured!"))
+      end
+      def user_storage
+        load_user_storage
       end
       private
-      def load_storage
-        return unless @storage
-        @storage.respond_to?(:safe_constantize) ? @storage.safe_constantize : @storage
+      def load_shop_storage
+        return unless @shop_storage
+        @shop_storage.respond_to?(:safe_constantize) ? @shop_storage.safe_constantize : @shop_storage
+      end
+      def load_user_storage
+        return unless @user_storage
+        @user_storage.respond_to?(:safe_constantize) ? @user_storage.safe_constantize : @user_storage
       end
     end
   end