RubyGems - shopify_app - Versions diffs - 12.0.0 → 17.2.0 - Mend

shopify_app 12.0.0 → 17.2.0

Files changed (145) hide show

data/lib/shopify_app/session/null_user_session_store.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+module ShopifyApp
+  class NullUserSessionStore
+    class << self
+      def retrieve(_)
+        nil
+      end
+      def store(_, _)
+        raise SessionRepository::ConfigurationError, 'user_storage is not configured'
+      end
+      def retrieve_by_shopify_user_id(_)
+        nil
+      end
+      def blank?
+        true
+      end
+    end
+  end
+end

data/lib/shopify_app/session/session_repository.rb CHANGED Viewed

@@ -1,33 +1,55 @@
+# frozen_string_literal: true
 module ShopifyApp
   class SessionRepository
     class ConfigurationError < StandardError; end
     class << self
-      def storage=(storage)
-        @storage = storage
+      attr_writer :shop_storage
-        unless storage.nil? || self.storage.respond_to?(:store) && self.storage.respond_to?(:retrieve)
-          raise ArgumentError, "storage must respond to :store and :retrieve"
-        end
+      attr_writer :user_storage
+      def retrieve_shop_session(id)
+        shop_storage.retrieve(id)
+      end
+      def retrieve_user_session(id)
+        user_storage.retrieve(id)
       end
-      def retrieve(id)
-        storage.retrieve(id)
+      def retrieve_shop_session_by_shopify_domain(shopify_domain)
+        shop_storage.retrieve_by_shopify_domain(shopify_domain)
       end
-      def store(session, *args)
-        storage.store(session, *args)
+      def retrieve_user_session_by_shopify_user_id(user_id)
+        user_storage.retrieve_by_shopify_user_id(user_id)
       end
-      def storage
-        load_storage || raise(ConfigurationError.new("ShopifySessionRepository.storage is not configured!"))
+      def store_shop_session(session)
+        shop_storage.store(session)
+      end
+      def store_user_session(session, user)
+        user_storage.store(session, user)
+      end
+      def shop_storage
+        load_shop_storage || raise(ConfigurationError, "ShopifySessionRepository.shop_storage is not configured!")
+      end
+      def user_storage
+        load_user_storage
       end
       private
-      def load_storage
-        return unless @storage
-        @storage.respond_to?(:safe_constantize) ? @storage.safe_constantize : @storage
+      def load_shop_storage
+        return unless @shop_storage
+        @shop_storage.respond_to?(:safe_constantize) ? @shop_storage.safe_constantize : @shop_storage
+      end
+      def load_user_storage
+        return NullUserSessionStore unless @user_storage
+        @user_storage.respond_to?(:safe_constantize) ? @user_storage.safe_constantize : @user_storage
       end
     end
   end

data/lib/shopify_app/session/session_storage.rb CHANGED Viewed

@@ -1,20 +1,11 @@
+# frozen_string_literal: true
 module ShopifyApp
   module SessionStorage
     extend ActiveSupport::Concern
     included do
-      if ShopifyApp.configuration.per_user_tokens?
-        extend ShopifyApp::SessionStorage::UserStorageStrategy
-      else
-        extend ShopifyApp::SessionStorage::ShopStorageStrategy
-      end
       validates :shopify_token, presence: true
       validates :api_version, presence: true
-      validates :shopify_domain, presence: true,
-        if: Proc.new {|_| ShopifyApp.configuration.per_user_tokens? }
-      validates :shopify_domain, presence: true, uniqueness: { case_sensitive: false },
-        if: Proc.new {|_| !ShopifyApp.configuration.per_user_tokens? }
     end
     def with_shopify_session(&block)

data/lib/shopify_app/session/shop_session_storage.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+module ShopifyApp
+  module ShopSessionStorage
+    extend ActiveSupport::Concern
+    include ::ShopifyApp::SessionStorage
+    included do
+      validates :shopify_domain, presence: true, uniqueness: { case_sensitive: false }
+    end
+    class_methods do
+      def store(auth_session, *_args)
+        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
+        shop.shopify_token = auth_session.token
+        shop.save!
+        shop.id
+      end
+      def retrieve(id)
+        shop = find_by(id: id)
+        construct_session(shop)
+      end
+      def retrieve_by_shopify_domain(domain)
+        shop = find_by(shopify_domain: domain)
+        construct_session(shop)
+      end
+      private
+      def construct_session(shop)
+        return unless shop
+        ShopifyAPI::Session.new(
+          domain: shop.shopify_domain,
+          token: shop.shopify_token,
+          api_version: shop.api_version,
+        )
+      end
+    end
+  end
+end

data/lib/shopify_app/session/shop_session_storage_with_scopes.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+module ShopifyApp
+  module ShopSessionStorageWithScopes
+    extend ActiveSupport::Concern
+    include ::ShopifyApp::SessionStorage
+    included do
+      validates :shopify_domain, presence: true, uniqueness: { case_sensitive: false }
+    end
+    class_methods do
+      def store(auth_session, *_args)
+        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
+        shop.shopify_token = auth_session.token
+        shop.access_scopes = auth_session.access_scopes
+        shop.save!
+        shop.id
+      end
+      def retrieve(id)
+        shop = find_by(id: id)
+        construct_session(shop)
+      end
+      def retrieve_by_shopify_domain(domain)
+        shop = find_by(shopify_domain: domain)
+        construct_session(shop)
+      end
+      private
+      def construct_session(shop)
+        return unless shop
+        ShopifyAPI::Session.new(
+          domain: shop.shopify_domain,
+          token: shop.shopify_token,
+          api_version: shop.api_version,
+          access_scopes: shop.access_scopes
+        )
+      end
+    end
+    def access_scopes=(scopes)
+      super(scopes)
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to handle storing access scopes: #{scopes}"
+    end
+    def access_scopes
+      super
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to hook into stored access scopes"
+    end
+  end
+end

data/lib/shopify_app/session/user_session_storage.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+module ShopifyApp
+  module UserSessionStorage
+    extend ActiveSupport::Concern
+    include ::ShopifyApp::SessionStorage
+    included do
+      validates :shopify_domain, presence: true
+    end
+    class_methods do
+      def store(auth_session, user)
+        user = find_or_initialize_by(shopify_user_id: user[:id])
+        user.shopify_token = auth_session.token
+        user.shopify_domain = auth_session.domain
+        user.save!
+        user.id
+      end
+      def retrieve(id)
+        user = find_by(id: id)
+        construct_session(user)
+      end
+      def retrieve_by_shopify_user_id(user_id)
+        user = find_by(shopify_user_id: user_id)
+        construct_session(user)
+      end
+      private
+      def construct_session(user)
+        return unless user
+        ShopifyAPI::Session.new(
+          domain: user.shopify_domain,
+          token: user.shopify_token,
+          api_version: user.api_version,
+        )
+      end
+    end
+  end
+end

data/lib/shopify_app/session/user_session_storage_with_scopes.rb ADDED Viewed

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+module ShopifyApp
+  module UserSessionStorageWithScopes
+    extend ActiveSupport::Concern
+    include ::ShopifyApp::SessionStorage
+    included do
+      validates :shopify_domain, presence: true
+    end
+    class_methods do
+      def store(auth_session, user)
+        user = find_or_initialize_by(shopify_user_id: user[:id])
+        user.shopify_token = auth_session.token
+        user.shopify_domain = auth_session.domain
+        user.access_scopes = auth_session.access_scopes
+        user.save!
+        user.id
+      end
+      def retrieve(id)
+        user = find_by(id: id)
+        construct_session(user)
+      end
+      def retrieve_by_shopify_user_id(user_id)
+        user = find_by(shopify_user_id: user_id)
+        construct_session(user)
+      end
+      private
+      def construct_session(user)
+        return unless user
+        ShopifyAPI::Session.new(
+          domain: user.shopify_domain,
+          token: user.shopify_token,
+          api_version: user.api_version,
+          access_scopes: user.access_scopes
+        )
+      end
+    end
+    def access_scopes=(scopes)
+      super(scopes)
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to handle storing access scopes: #{scopes}"
+    end
+    def access_scopes
+      super
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to hook into stored access scopes"
+    end
+  end
+end

data/lib/shopify_app/test_helpers/all.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ # frozen_string_literal: true
2	+ require 'shopify_app/test_helpers/webhook_verification_helper'

data/lib/shopify_app/test_helpers/webhook_verification_helper.rb ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module ShopifyApp
+  module TestHelpers
+    module WebhookVerificationHelper
+      def authorized_webhook_verification_headers!(params = {})
+        digest = OpenSSL::Digest.new('sha256')
+        secret = ShopifyApp.configuration.secret
+        valid_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, params.to_query)).strip
+        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = valid_hmac
+      end
+      def unauthorized_webhook_verification_headers!
+        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = "invalid_hmac"
+      end
+    end
+  end
+end

data/lib/shopify_app/utils.rb CHANGED Viewed

@@ -1,13 +1,14 @@
+# frozen_string_literal: true
 module ShopifyApp
   module Utils
     def self.sanitize_shop_domain(shop_domain)
+      myshopify_domain = ShopifyApp.configuration.myshopify_domain
       name = shop_domain.to_s.downcase.strip
-      name += ".#{ShopifyApp.configuration.myshopify_domain}" if !name.include?("#{ShopifyApp.configuration.myshopify_domain}") && !name.include?(".")
+      name += ".#{myshopify_domain}" if !name.include?(myshopify_domain.to_s) && !name.include?(".")
       name.sub!(%r|https?://|, '')
       u = URI("http://#{name}")
-      u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(ShopifyApp.configuration.myshopify_domain)}$/)
+      u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(myshopify_domain)}$/)
     rescue URI::InvalidURIError
       nil
     end
@@ -16,8 +17,20 @@ module ShopifyApp
       Rails.logger.info("[ShopifyAPI::ApiVersion] Fetching known Admin API Versions from Shopify...")
       ShopifyAPI::ApiVersion.fetch_known_versions
       Rails.logger.info("[ShopifyAPI::ApiVersion] Known API Versions: #{ShopifyAPI::ApiVersion.versions.keys}")
-      rescue ActiveResource::ConnectionError
-        logger.error( "[ShopifyAPI::ApiVersion] Unable to fetch api_versions from Shopify")
+    rescue ActiveResource::ConnectionError
+      logger.error("[ShopifyAPI::ApiVersion] Unable to fetch api_versions from Shopify")
+    end
+    def self.shop_login_url(shop:, return_to:)
+      return ShopifyApp.configuration.login_url unless shop
+      url = URI(ShopifyApp.configuration.login_url)
+      url.query = URI.encode_www_form(
+        shop: shop,
+        return_to: return_to,
+      )
+      url.to_s
     end
   end
 end

data/lib/shopify_app/version.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyApp
-  VERSION = '12.0.0'.freeze
+  VERSION = '17.2.0'
 end

data/lib/shopify_app.rb CHANGED Viewed

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
 require 'shopify_app/version'
 # deps
 require 'shopify_api'
 require 'omniauth-shopify-oauth2'
+require 'redirect_safely'
 module ShopifyApp
   def self.rails6?
@@ -25,12 +27,14 @@ module ShopifyApp
   require 'shopify_app/utils'
   # controller concerns
+  require 'shopify_app/controller_concerns/csrf_protection'
   require 'shopify_app/controller_concerns/localization'
   require 'shopify_app/controller_concerns/itp'
   require 'shopify_app/controller_concerns/login_protection'
   require 'shopify_app/controller_concerns/embedded_app'
-  require 'shopify_app/controller_concerns/webhook_verification'
+  require 'shopify_app/controller_concerns/payload_verification'
   require 'shopify_app/controller_concerns/app_proxy_verification'
+  require 'shopify_app/controller_concerns/webhook_verification'
   # jobs
   require 'shopify_app/jobs/webhooks_manager_job'
@@ -41,12 +45,27 @@ module ShopifyApp
   require 'shopify_app/managers/scripttags_manager'
   # middleware
+  require 'shopify_app/middleware/jwt_middleware'
   require 'shopify_app/middleware/same_site_cookie_middleware'
   # session
-  require 'shopify_app/session/storage_strategies/shop_storage_strategy'
-  require 'shopify_app/session/storage_strategies/user_storage_strategy'
-  require 'shopify_app/session/session_storage'
-  require 'shopify_app/session/session_repository'
   require 'shopify_app/session/in_memory_session_store'
+  require 'shopify_app/session/in_memory_shop_session_store'
+  require 'shopify_app/session/in_memory_user_session_store'
+  require 'shopify_app/session/jwt'
+  require 'shopify_app/session/null_user_session_store'
+  require 'shopify_app/session/session_repository'
+  require 'shopify_app/session/session_storage'
+  require 'shopify_app/session/shop_session_storage'
+  require 'shopify_app/session/shop_session_storage_with_scopes'
+  require 'shopify_app/session/user_session_storage'
+  require 'shopify_app/session/user_session_storage_with_scopes'
+  # access scopes strategies
+  require 'shopify_app/access_scopes/shop_strategy'
+  require 'shopify_app/access_scopes/user_strategy'
+  require 'shopify_app/access_scopes/noop_strategy'
+  # omniauth_configuration
+  require 'shopify_app/omniauth/omniauth_configuration'
 end