RubyGems - shopify_app - Versions diffs - 12.0.0 → 17.2.0 - Mend

shopify_app 12.0.0 → 17.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (145) hide show

data/app/controllers/shopify_app/extension_verification_controller.rb CHANGED Viewed

@@ -2,19 +2,14 @@
 module ShopifyApp
   class ExtensionVerificationController < ActionController::Base
+    include ShopifyApp::PayloadVerification
     protect_from_forgery with: :null_session
     before_action :verify_request
     private
     def verify_request
-      hmac_header = request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
-      request_body = request.body.read
-      secret = ShopifyApp.configuration.secret
-      digest = OpenSSL::Digest.new('sha256')
-      expected_hmac = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, secret, request_body))
-      head(:unauthorized) unless ActiveSupport::SecurityUtils.secure_compare(expected_hmac, hmac_header)
+      head(:unauthorized) unless hmac_valid?(request.body.read)
     end
   end
 end

data/app/controllers/shopify_app/sessions_controller.rb CHANGED Viewed

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
 module ShopifyApp
-  class SessionsController < ActionController::Base # rubocop:disable Metrics/ClassLength
+  class SessionsController < ActionController::Base
     include ShopifyApp::LoginProtection
     layout false, only: :new
     after_action only: [:new, :create] do |controller|
       controller.response.headers.except!('X-Frame-Options')
     end
@@ -16,30 +18,35 @@ module ShopifyApp
     end
     def enable_cookies
-      return unless validate_shop
+      return unless validate_shop_presence
       render(:enable_cookies, layout: false, locals: {
         does_not_have_storage_access_url: top_level_interaction_path(
-          shop: sanitized_shop_name
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
         ),
         has_storage_access_url: login_url_with_optional_shop(top_level: true),
-        app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
+        app_target_url: granted_storage_access_path(
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
+        ),
         current_shopify_domain: current_shopify_domain,
       })
     end
     def top_level_interaction
       @url = login_url_with_optional_shop(top_level: true)
-      validate_shop
+      validate_shop_presence
     end
     def granted_storage_access
-      return unless validate_shop
+      return unless validate_shop_presence
       session['shopify.granted_storage_access'] = true
-      params = { shop: @shop }
-      redirect_to("#{return_address}?#{params.to_query}")
+      copy_return_to_param_to_session
+      redirect_to(return_address_with_params({ shop: @shop }))
     end
     def destroy
@@ -54,7 +61,9 @@ module ShopifyApp
       return render_invalid_shop_error unless sanitized_shop_name.present?
       session['shopify.omniauth_params'] = { shop: sanitized_shop_name }
-      session[:return_to] = params[:return_to] if params[:return_to]
+      copy_return_to_param_to_session
+      set_user_tokens_option
       if user_agent_can_partition_cookies
         authenticate_with_partitioning
@@ -83,7 +92,38 @@ module ShopifyApp
       end
     end
-    def validate_shop
+    # Override shop_session_by_cookie from LoginProtection to bypass allow_cookie_authentication
+    # setting check because session cookies are justified at top level
+    def shop_session_by_cookie
+      return unless session[:shop_id].present?
+      ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
+    end
+    # rubocop:disable Lint/SuppressedException
+    def set_user_tokens_option
+      current_shop_session = shop_session
+      if current_shop_session.blank?
+        session[:user_tokens] = false
+        return
+      end
+      session[:user_tokens] = ShopifyApp::SessionRepository.user_storage.present?
+      ShopifyAPI::Session.temp(
+        domain: current_shop_session.domain,
+        token: current_shop_session.token,
+        api_version: current_shop_session.api_version
+      ) do
+        ShopifyAPI::Metafield.find(:token_validity_bogus_check)
+      end
+    rescue ActiveResource::UnauthorizedAccess
+      session[:user_tokens] = false
+    rescue StandardError
+    end
+    # rubocop:enable Lint/SuppressedException
+    def validate_shop_presence
       @shop = sanitized_shop_name
       unless @shop
         render_invalid_shop_error
@@ -93,9 +133,13 @@ module ShopifyApp
       true
     end
+    def copy_return_to_param_to_session
+      session[:return_to] = RedirectSafely.make_safe(params[:return_to], '/') if params[:return_to]
+    end
     def render_invalid_shop_error
       flash[:error] = I18n.t('invalid_shop_url')
-      redirect_to return_address
+      redirect_to(return_address)
     end
     def enable_cookie_access
@@ -106,7 +150,7 @@ module ShopifyApp
     end
     def authenticate_in_context
-      redirect_to "#{main_app.root_path}auth/shopify"
+      redirect_to("#{main_app.root_path}auth/shopify")
     end
     def authenticate_at_top_level
@@ -133,10 +177,14 @@ module ShopifyApp
         layout: false,
         locals: {
           does_not_have_storage_access_url: top_level_interaction_path(
-            shop: sanitized_shop_name
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
           ),
           has_storage_access_url: login_url_with_optional_shop(top_level: true),
-          app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
+          app_target_url: granted_storage_access_path(
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
+          ),
           current_shopify_domain: current_shopify_domain,
         }
       )

data/app/controllers/shopify_app/webhooks_controller.rb CHANGED Viewed

@@ -1,14 +1,15 @@
+# frozen_string_literal: true
 module ShopifyApp
+  class MissingWebhookJobError < StandardError; end
   class WebhooksController < ActionController::Base
     include ShopifyApp::WebhookVerification
-    class ShopifyApp::MissingWebhookJobError < StandardError; end
     def receive
       params.permit!
-      job_args = {shop_domain: shop_domain, webhook: webhook_params.to_h}
+      job_args = { shop_domain: shop_domain, webhook: webhook_params.to_h }
       webhook_job_klass.perform_later(job_args)
-      head :no_content
+      head(:ok)
     end
     private
@@ -18,7 +19,7 @@ module ShopifyApp
     end
     def webhook_job_klass
-      webhook_job_klass_name.safe_constantize or raise ShopifyApp::MissingWebhookJobError
+      webhook_job_klass_name.safe_constantize || raise(ShopifyApp::MissingWebhookJobError)
     end
     def webhook_job_klass_name(type = webhook_type)

data/app/views/shopify_app/partials/_button_styles.html.erb CHANGED Viewed

@@ -1,6 +1,5 @@
 <style>
   .Polaris-Button {
-    fill:#637381;
     position:relative;
     display:-webkit-inline-box;
     display:-ms-inline-flexbox;
@@ -15,12 +14,14 @@
     min-width:3.6rem;
     margin:0;
     padding:0.7rem 1.6rem;
-    background:linear-gradient(to bottom, white, #f9fafb);
-    border:1px solid #c4cdd5;
-    box-shadow:0 1px 0 0 rgba(22, 29, 37, 0.05);
-    border-radius:3px;
+    background-color:#ffffff;
+    border:1px solid #babfc3;
+    border-top-color: #c9cccf;
+    border-bottom-color: #babfc4;
+    box-shadow:0 1px 0 0 rgba(0, 0, 0, 0.05);
+    border-radius:4px;
     line-height:1;
-    color:#212b36;
+    color:#202223;
     text-align:center;
     cursor:pointer;
     -webkit-user-select:none;
@@ -29,30 +30,44 @@
     user-select:none;
     text-decoration:none;
     transition-property:background, border, box-shadow;
-    transition-duration:200ms;
+    transition-duration:100ms;
     transition-timing-function:cubic-bezier(0.64, 0, 0.35, 1);
   }
   .Polaris-Button:hover {
-    background:linear-gradient(to bottom, #f9fafb, #f4f6f8);
-    border-color:#c4cdd5;
+    background-color:#f6f6f7;
   }
   .Polaris-Button:focus {
-    border-color:#5c6ac4;
     outline:0;
-    box-shadow:0 0 0 1px #5c6ac4;
+  }
+  .Polaris-Button:focus:after {
+    box-shadow:0 0 0 .2rem #448fff;
+  }
+  .Polaris-Button:after {
+    content:'';
+    position:absolute;
+    z-index:1;
+    top:-.2rem;
+    right:-.2rem;
+    bottom:-.2rem;
+    left:-.2rem;
+    display:block;
+    pointer-events:none;
+    box-shadow:0 0 0 -.2rem #448fff;
+    transition:box-shadow 100ms cubic-bezier(0.64, 0, 0.35, 1);
+    border-radius:5px;
   }
   .Polaris-Button:active {
-    background:linear-gradient(to bottom, #f4f6f8, #f4f6f8);
-    border-color:#c4cdd5;
-    box-shadow:0 0 0 0 transparent, inset 0 1px 1px 0 rgba(99, 115, 129, 0.1), inset 0 1px 4px 0 rgba(99, 115, 129, 0.2);
+    background-color:#f1f2f3);
   }
   .Polaris-Button__Content {
-    font-size:1.5rem;
-    font-weight:400;
+    font-size:1.4rem;
+    font-weight:500;
     line-height:1.6rem;
     text-transform:initial;
     letter-spacing:initial;
@@ -70,35 +85,25 @@
     min-height:1px;
   }
-  @media (min-width: 40em) {
-    .Polaris-Button__Content {
-      font-size:1.4rem;
-    }
-  }
   .Polaris-Button--primary {
-    background:linear-gradient(to bottom, #6371c7, #5563c1);
-    border-color:#3f4eae;
-    box-shadow:inset 0 1px 0 0 #6774c8, 0 1px 0 0 rgba(22, 29, 37, 0.05), 0 0 0 0 transparent;
+    background-color:#008060;
+    border-color:transparent;
+    border-width:0;
     color:white;
-    fill:white;
   }
   .Polaris-Button--primary:hover {
-    background:linear-gradient(to bottom, #5c6ac4, #4959bd);
-    border-color:#3f4eae;
+    background-color:#006e52;
+    border-color:transparent;
     color:white;
-    text-decoration:none;
   }
-  .Polaris-Button--primary:focus {
-    border-color:#202e78;
-    box-shadow:inset 0 1px 0 0 #6f7bcb, 0 1px 0 0 rgba(22, 29, 37, 0.05), 0 0 0 1px #202e78;
+  .Polaris-Button--primary:active {
+    background-color:#005e46;
+    border-color:transparent;
   }
-  .Polaris-Button--primary:active {
-    background:linear-gradient(to bottom, #3f4eae, #3f4eae);
-    border-color:#38469b;
-    box-shadow:inset 0 0 0 0 transparent, 0 1px 0 0 rgba(22, 29, 37, 0.05), 0 0 1px 0 #38469b;
+  .Polaris-Button--sizeLarge {
+    padding:1.1rem 2.4rem;
   }
 </style>

data/app/views/shopify_app/partials/_card_styles.html.erb CHANGED Viewed

@@ -11,7 +11,7 @@
   @media (min-width: 30.625em) {
     .Polaris-Card {
-      border-radius:3px;
+      border-radius:8px;
     }
   }
@@ -24,10 +24,10 @@
   }
   .Polaris-Card__Section + .Polaris-Card__Section {
-    border-top:1px solid #dfe3e8;
+    border-top:.1rem solid #e4e5e7;
   }
   .Polaris-Card__Section--subdued {
-    background-color:#f9fafb;
+    background-color:#fafbfb;
   }
 </style>

data/app/views/shopify_app/partials/_empty_state_styles.html.erb CHANGED Viewed

@@ -11,8 +11,8 @@
     -ms-flex-align:center;
     align-items:center;
     width:100%;
-    margin:2rem auto 0 auto;
-    padding:2rem 0;
+    margin:0 auto;
+    padding:2rem 0 6rem;
     max-width:99.8rem;
   }
@@ -24,33 +24,22 @@
   }
   .Polaris-EmptyState__Section {
-    position:relative;
     display:-webkit-box;
     display:-ms-flexbox;
     display:flex;
     -webkit-box-orient:vertical;
-    -webkit-box-direction:normal;
-    -ms-flex-direction:column;
-    flex-direction:column;
+    -webkit-box-direction:reverse;
+    -ms-flex-direction:column-reverse;
+    flex-direction:column-reverse;
     -webkit-box-flex:1;
     -ms-flex:1 1 auto;
     flex:1 1 auto;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
     width:100%;
   }
-  @media (min-width: 46.5em) {
-    .Polaris-EmptyState__Section {
-      left:2rem;
-      -webkit-box-orient:horizontal;
-      -webkit-box-direction:normal;
-      -ms-flex-direction:row;
-      flex-direction:row;
-      -webkit-box-align:center;
-      -ms-flex-align:center;
-      align-items:center;
-    }
-  }
   .Polaris-EmptyState__ImageContainer,
   .Polaris-EmptyState__DetailsContainer {
     -webkit-box-flex:1;
@@ -58,6 +47,7 @@
     flex:1 1 auto;
     padding:0;
     margin:0;
+    text-align:center;
   }
   @media (min-width: 46.5em) {
@@ -68,37 +58,32 @@
     }
   }
-  @media (max-width: 30.625em) {
-    .Polaris-EmptyState__ImageContainer,
-    .Polaris-EmptyState__DetailsContainer {
-      overflow-x:hidden;
-    }
-  }
   .Polaris-EmptyState__Details {
-    position:relative;
-    z-index:10;
-    padding:0 1.6rem;
-    width:33.6rem;
-  }
-  @media (min-width: 30.625em) {
-    .Polaris-EmptyState__Details {
-      padding:0;
-    }
+    max-width:40rem;
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display: flex;
+    -webkit-box-orient:vertical;
+    -webkit-box-direction:normal;
+    -ms-flex-direction:column;
+    flex-direction: column;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items: center;
   }
   .Polaris-EmptyState__Content {
-    font-size:1.6rem;
+    margin-top: 1.6rem;
+    font-size:1.5rem;
     font-weight:400;
-    line-height:2.4rem;
-    color:#637381;
+    line-height:2rem;
+    color:#6d7175;
+    padding-bottom: .8rem;
   }
   @media (min-width: 40em) {
     .Polaris-EmptyState__Content {
-      font-size:2rem;
-      line-height:2.8rem;
+      font-size:1.4rem;
     }
   }
@@ -107,23 +92,7 @@
   }
   .Polaris-EmptyState__Image {
-    display: none;
-  }
-  @media (min-width: 30.625em) {
-    .Polaris-EmptyState__Image {
-      display: block;
-      margin-left:-60%;
-      margin-top:-30%;
-      width:200%;
-    }
-  }
-  @media (min-width: 46.5em) {
-    .Polaris-EmptyState__Image {
-      margin-top:0;
-      margin-left:-90%;
-      width:200%;
-    }
+    margin: 0;
+    width: auto;
   }
 </style>