shopify_app 12.0.3 → 12.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/app/assets/javascripts/shopify_app/storage_access.js +4 -4
  4. data/app/controllers/shopify_app/sessions_controller.rb +22 -9
  5. data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -1
  6. data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -1
  7. data/lib/shopify_app/controller_concerns/login_protection.rb +14 -2
  8. data/lib/shopify_app/version.rb +1 -1
  9. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5dcd45c8f2586d1be89322c54d902eb7f9d91d28969725d7ba10e332d3165e29
4
- data.tar.gz: ac7e290930adff81933a9dac3a2b212a0b2d579018cca043ed01f9c54dd78b35
3
+ metadata.gz: 97b51956c46bc3fa2f253b3a2a949bb65f338999b46cd28ec182c4774f6d2b01
4
+ data.tar.gz: 1f8199a550dfd21035e620e052b636c3c8956ae820c47385a80cc58981a78802
5
5
  SHA512:
6
- metadata.gz: 47e1984dd4168715a3b0698f41cfe76fa989121be1f915dde626bd18e769a535431e78694b1e7b5eaac86324e0bfef89e47289fcbf0d1ab8927c1ed5ead6fb66
7
- data.tar.gz: 3226cfe6d9001f37b2349f039dfe5a860693ef2bf84d2ca4386c7b0c6024d13ac4a998abfbf4ad331cd190f187b95fe7f3069365d08fcc1466627ed528050c66
6
+ metadata.gz: 10004812203cadeaa93607ef0726bb0f96d541b363da568bb379260b9861773392050a42ab99fbabca69517d0851deb4263ba2de7f4f8c33865c6e83b2f71772
7
+ data.tar.gz: a777827c69680e90cf514cd0409039d393c1f7a6c0c523f6d3a61b6dd01cd2e3bfcfbe5ea67aa42bd9e4c8b2a57cd53d9d27a6378833055d47bf4745c155fc2f
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ 12.0.4
2
+ ------
3
+ * Reverts reverted PR (#895) #897
4
+
1
5
  12.0.3
2
6
  ------
3
7
  * Moves samesite middleware higher in the stack #898
data/app/assets/javascripts/shopify_app/storage_access.js CHANGED
@@ -28,8 +28,8 @@
28
28
  window.parent.location.href = this.redirectData.myshopifyUrl + '/admin/apps';
29
29
  }
30
30
 
31
- StorageAccessHelper.prototype.redirectToAppHome = function() {
32
- window.location.href = this.redirectData.appHomeUrl;
31
+ StorageAccessHelper.prototype.redirectToAppTargetUrl = function() {
32
+ window.location.href = this.redirectData.appTargetUrl;
33
33
  }
34
34
 
35
35
  StorageAccessHelper.prototype.sameSiteNoneIncompatible = function(ua) {
@@ -68,7 +68,7 @@
68
68
  if (!document.cookie) {
69
69
  throw 'Cannot set third-party cookie.'
70
70
  }
71
- this.redirectToAppHome();
71
+ this.redirectToAppTargetUrl();
72
72
  } catch (error) {
73
73
  console.warn('Third party cookies may be blocked.', error);
74
74
  this.redirectToAppTLD(ACCESS_DENIED_STATUS);
@@ -90,7 +90,7 @@
90
90
  StorageAccessHelper.prototype.handleHasStorageAccess = function() {
91
91
  if (sessionStorage.getItem('shopify.granted_storage_access')) {
92
92
  // If app was classified by ITP and used Storage Access API to acquire access
93
- this.redirectToAppHome();
93
+ this.redirectToAppTargetUrl();
94
94
  } else {
95
95
  // If app has not been classified by ITP and still has storage access
96
96
  this.redirectToAppTLD(ACCESS_GRANTED_STATUS);
data/app/controllers/shopify_app/sessions_controller.rb CHANGED
@@ -20,11 +20,15 @@ module ShopifyApp
20
20
 
21
21
  render(:enable_cookies, layout: false, locals: {
22
22
  does_not_have_storage_access_url: top_level_interaction_path(
23
- shop: sanitized_shop_name
23
+ shop: sanitized_shop_name,
24
+ return_to: params[:return_to]
24
25
  ),
25
26
  has_storage_access_url: login_url_with_optional_shop(top_level: true),
26
- app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
27
- current_shopify_domain: current_shopify_domain,
27
+ app_target_url: granted_storage_access_path(
28
+ shop: sanitized_shop_name,
29
+ return_to: params[:return_to]
30
+ ),
31
+ current_shopify_domain: current_shopify_domain
28
32
  })
29
33
  end
30
34
 
@@ -38,8 +42,9 @@ module ShopifyApp
38
42
 
39
43
  session['shopify.granted_storage_access'] = true
40
44
 
41
- params = { shop: @shop }
42
- redirect_to("#{return_address}?#{params.to_query}")
45
+ copy_return_to_param_to_session
46
+
47
+ redirect_to(return_address_with_params({ shop: @shop }))
43
48
  end
44
49
 
45
50
  def destroy
@@ -54,7 +59,7 @@ module ShopifyApp
54
59
  return render_invalid_shop_error unless sanitized_shop_name.present?
55
60
  session['shopify.omniauth_params'] = { shop: sanitized_shop_name }
56
61
 
57
- session[:return_to] = params[:return_to] if params[:return_to]
62
+ copy_return_to_param_to_session
58
63
 
59
64
  if user_agent_can_partition_cookies
60
65
  authenticate_with_partitioning
@@ -93,6 +98,10 @@ module ShopifyApp
93
98
  true
94
99
  end
95
100
 
101
+ def copy_return_to_param_to_session
102
+ session[:return_to] = params[:return_to] if params[:return_to]
103
+ end
104
+
96
105
  def render_invalid_shop_error
97
106
  flash[:error] = I18n.t('invalid_shop_url')
98
107
  redirect_to return_address
@@ -133,11 +142,15 @@ module ShopifyApp
133
142
  layout: false,
134
143
  locals: {
135
144
  does_not_have_storage_access_url: top_level_interaction_path(
136
- shop: sanitized_shop_name
145
+ shop: sanitized_shop_name,
146
+ return_to: session[:return_to]
137
147
  ),
138
148
  has_storage_access_url: login_url_with_optional_shop(top_level: true),
139
- app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
140
- current_shopify_domain: current_shopify_domain,
149
+ app_target_url: granted_storage_access_path(
150
+ shop: sanitized_shop_name,
151
+ return_to: session[:return_to]
152
+ ),
153
+ current_shopify_domain: current_shopify_domain
141
154
  }
142
155
  )
143
156
  end
data/app/views/shopify_app/sessions/enable_cookies.html.erb CHANGED
@@ -32,7 +32,7 @@
32
32
  myshopifyUrl: "https://#{current_shopify_domain}",
33
33
  hasStorageAccessUrl: "#{has_storage_access_url}",
34
34
  doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
35
- appHomeUrl: "#{app_home_url}"
35
+ appTargetUrl: "#{app_target_url}"
36
36
  },
37
37
  },
38
38
  )
data/app/views/shopify_app/sessions/request_storage_access.html.erb CHANGED
@@ -24,7 +24,7 @@
24
24
  myshopifyUrl: "https://#{current_shopify_domain}",
25
25
  hasStorageAccessUrl: "#{has_storage_access_url}",
26
26
  doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
27
- appHomeUrl: "#{app_home_url}"
27
+ appTargetUrl: "#{app_target_url}"
28
28
  },
29
29
  },
30
30
  )
data/lib/shopify_app/controller_concerns/login_protection.rb CHANGED
@@ -100,8 +100,10 @@ module ShopifyApp
100
100
  query_params = {}
101
101
  query_params[:shop] = sanitized_params[:shop] if params[:shop].present?
102
102
 
103
- if session[:return_to] && return_to_param_required?
104
- query_params[:return_to] = session[:return_to]
103
+ return_to = session[:return_to] || params[:return_to]
104
+
105
+ if return_to.present? && return_to_param_required?
106
+ query_params[:return_to] = return_to
105
107
  end
106
108
 
107
109
  has_referer_shop_name = referer_sanitized_shop_name.present?
@@ -165,5 +167,15 @@ module ShopifyApp
165
167
  def return_address
166
168
  session.delete(:return_to) || ShopifyApp.configuration.root_url
167
169
  end
170
+
171
+ def return_address_with_params(params)
172
+ uri = URI(return_address)
173
+ uri.query = CGI.parse(uri.query.to_s)
174
+ .symbolize_keys
175
+ .transform_values { |v| v.one? ? v.first : v }
176
+ .merge(params)
177
+ .to_query
178
+ uri.to_s
179
+ end
168
180
  end
169
181
  end
data/lib/shopify_app/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ShopifyApp
2
- VERSION = '12.0.3'.freeze
2
+ VERSION = '12.0.4'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 12.0.3
4
+ version: 12.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-02-13 00:00:00.000000000 Z
11
+ date: 2020-02-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: browser_sniffer