shopify_app 12.0.7 → 13.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +44 -19
- data/app/controllers/concerns/shopify_app/authenticated.rb +1 -1
- data/app/controllers/shopify_app/callback_controller.rb +14 -10
- data/app/controllers/shopify_app/sessions_controller.rb +27 -4
- data/lib/generators/shopify_app/home_controller/templates/index.html.erb +1 -1
- data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +1 -1
- data/lib/generators/shopify_app/install/templates/shopify_app.rb +1 -1
- data/lib/generators/shopify_app/install/templates/shopify_provider.rb +1 -1
- data/lib/generators/shopify_app/shop_model/shop_model_generator.rb +1 -1
- data/lib/generators/shopify_app/shop_model/templates/shop.rb +1 -1
- data/lib/generators/shopify_app/user_model/templates/user.rb +1 -1
- data/lib/generators/shopify_app/user_model/user_model_generator.rb +1 -1
- data/lib/shopify_app.rb +4 -2
- data/lib/shopify_app/configuration.rb +10 -7
- data/lib/shopify_app/controller_concerns/login_protection.rb +25 -20
- data/lib/shopify_app/session/in_memory_shop_session_store.rb +4 -0
- data/lib/shopify_app/session/in_memory_user_session_store.rb +4 -0
- data/lib/shopify_app/session/session_repository.rb +38 -13
- data/lib/shopify_app/session/session_storage.rb +0 -10
- data/lib/shopify_app/session/{storage_strategies/shop_storage_strategy.rb → shop_session_storage.rb} +9 -2
- data/lib/shopify_app/session/{storage_strategies/user_storage_strategy.rb → user_session_storage.rb} +10 -3
- data/lib/shopify_app/version.rb +1 -1
- data/package-lock.json +1228 -1207
- data/package.json +1 -1
- data/shopify_app.gemspec +2 -2
- metadata +10 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d4e2d37f9112725500d1a9f36fe76b743e8981920eea4838024cafd6a71cb5eb
|
4
|
+
data.tar.gz: 3c52a0ee9a7f40433ad01b82bda3a0c6d30dd9bb45c319f1d457a0bd13c30fc0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 19a445a22b25b01f860a84128551234313bc44e7acd1583ec90bc96f59d65a8fac208feb1d5a6899453935dd19458196c5253605d85e3ac346be2fa405a50b4c
|
7
|
+
data.tar.gz: 526354098526753ade6d30a346ffa75b2280707638b66dba61c89b34a771e72dd4c23cfae8bda319de58a7a373e7c05d233a13a4f2f8325c7754cda1ed58d835
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -25,6 +25,7 @@ Table of Contents
|
|
25
25
|
- [AppProxyVerification](#appproxyverification)
|
26
26
|
- [Troubleshooting](#troubleshooting)
|
27
27
|
- [Testing an embedded app outside the Shopify admin](#testing-an-embedded-app-outside-the-shopify-admin)
|
28
|
+
- [Migration to 13.0.0](#migrating-to-13)
|
28
29
|
- [Questions or problems?](#questions-or-problems-)
|
29
30
|
- [Rails 6 Compatibility](#rails-6-compatibility)
|
30
31
|
- [Upgrading from 8.6 to 9.0.0](#upgrading-from-86-to-900)
|
@@ -43,9 +44,9 @@ Become a Shopify App Developer
|
|
43
44
|
--------------------------------
|
44
45
|
To become a Shopify App Developer you'll need a [Shopify Partner account.](http://shopify.com/partners) If you don't have a Shopify Partner account, head to http://shopify.com/partners to create one before you start.
|
45
46
|
|
46
|
-
Once you have a Partner account, [create a new application in the Partner Dashboard](https://help.shopify.com/en/api/tools/partner-dashboard/your-apps) to get an API key and other API credentials.
|
47
|
+
Once you have a Partner account, [create a new application in the Partner Dashboard](https://help.shopify.com/en/api/tools/partner-dashboard/your-apps) to get an API key and other API credentials.
|
47
48
|
|
48
|
-
To create an application for development set your new app's `App URL` to the URL provided by [your tunnel](#app-tunneling), ensuring that you use `https://`. If you are not planning to embed your app inside the Shopify admin or receive webhooks, set your redirect URL to `http://localhost:3000/` and the `Whitelisted redirection URL(s)` to contain `<App URL>/auth/shopify/callback`.
|
49
|
+
To create an application for development set your new app's `App URL` to the URL provided by [your tunnel](#app-tunneling), ensuring that you use `https://`. If you are not planning to embed your app inside the Shopify admin or receive webhooks, set your redirect URL to `http://localhost:3000/` and the `Whitelisted redirection URL(s)` to contain `<App URL>/auth/shopify/callback`.
|
49
50
|
|
50
51
|
Installation
|
51
52
|
------------
|
@@ -80,7 +81,7 @@ The default generator will run the `install`, `shop`, and `home_controller` gene
|
|
80
81
|
$ rails generate shopify_app
|
81
82
|
```
|
82
83
|
|
83
|
-
After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
|
84
|
+
After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
|
84
85
|
|
85
86
|
### API Keys
|
86
87
|
|
@@ -228,8 +229,6 @@ Upon completing the authentication flow Shopify calls the app at the `callback_p
|
|
228
229
|
|
229
230
|
`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session, *args)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. These methods are already implemented as part of the `ShopifyApp::SessionStorage` concern, but can be overridden for custom implementation.
|
230
231
|
|
231
|
-
If you only run the install generator then by default you will have an in memory store but it **won't work** on multi-server environments including Heroku. For multi-server environments, implement one of the following token-storage strategies.
|
232
|
-
|
233
232
|
#### Shop-based token storage
|
234
233
|
Storing tokens on the store model means that any user login associated to the store will have equal access levels to whatever the original user granted the app.
|
235
234
|
```sh
|
@@ -238,32 +237,35 @@ $ rails generate shopify_app:shop_model
|
|
238
237
|
This will generate a shop model which will be the storage for the tokens necessary for authentication.
|
239
238
|
|
240
239
|
#### User-based token storage
|
241
|
-
A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed.
|
240
|
+
A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed. Shop tokens must still be maintained if you are running background jobs so that you can make use of them when necessary.
|
242
241
|
```sh
|
242
|
+
$ rails generate shopify_app:shop_model
|
243
243
|
$ rails generate shopify_app:user_model
|
244
244
|
```
|
245
|
-
This will generate a user model which will be the storage for the tokens necessary for authentication.
|
245
|
+
This will generate a shop model and user model which will be the storage for the tokens necessary for authentication.
|
246
246
|
|
247
247
|
The current Shopify user will be stored in the rails session at `session[:shopify_user]`
|
248
248
|
|
249
|
-
|
250
|
-
|
251
|
-
This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
|
249
|
+
Read more about Online vs. Offline access [here](https://help.shopify.com/api/getting-started/authentication/oauth).
|
252
250
|
|
253
251
|
#### Migrating from shop-based to user-based token strategy
|
254
|
-
|
255
|
-
|
252
|
+
1. Run the `user_model` generator as mentioned above.
|
253
|
+
2. Ensure that both your `Shop` model and `User` model includes the necessary concerns `ShopifyApp::ShopSessionStorage` and `ShopifyApp::UserSessionStorage`.
|
254
|
+
3. Make changes to 2 initializer files as shown below:
|
256
255
|
```ruby
|
257
256
|
# In the `omniauth.rb` initializer:
|
258
257
|
provider :shopify,
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
258
|
+
...
|
259
|
+
setup: lambda { |env|
|
260
|
+
...
|
261
|
+
# Add this line
|
262
|
+
strategy.options[:per_user_permissions] = strategy.session[:user_tokens]
|
263
|
+
...
|
264
|
+
}
|
263
265
|
|
264
266
|
# In the `shopify_app.rb` initializer:
|
265
|
-
config.
|
266
|
-
config.
|
267
|
+
config.shop_session_repository = {YOUR_SHOP_MODEL_CLASS}
|
268
|
+
config.user_session_repository = {YOUR_USER_MODEL_CLASS}
|
267
269
|
```
|
268
270
|
|
269
271
|
### Authenticated
|
@@ -429,7 +431,7 @@ strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
|
|
429
431
|
App Tunneling
|
430
432
|
-------------
|
431
433
|
|
432
|
-
Your local app needs to be accessible from the public Internet in order to install it on a Shopify store, to use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks.
|
434
|
+
Your local app needs to be accessible from the public Internet in order to install it on a Shopify store, to use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks.
|
433
435
|
|
434
436
|
Use a tunneling service like [ngrok](https://ngrok.com/), [Forward](https://forwardhq.com/), [Beeceptor](https://beeceptor.com/), [Mockbin](http://mockbin.org/), or [Hookbin](https://hookbin.com/) to make your development environment accessible to the internet.
|
435
437
|
|
@@ -479,6 +481,29 @@ By default, loading your embedded app will redirect to the Shopify admin, with t
|
|
479
481
|
forceRedirect: <%= Rails.env.development? || Rails.env.test? ? 'false' : 'true' %>
|
480
482
|
```
|
481
483
|
|
484
|
+
Migrating to 13.0.0
|
485
|
+
-------------------
|
486
|
+
|
487
|
+
Version 13.0.0 adds the ability to use both user and shop sessions, concurrently. This however involved a large
|
488
|
+
change to how session stores work. Here are the steps to migrate to 13.x
|
489
|
+
|
490
|
+
### Changes to `config/initializers/shopify_app.rb`
|
491
|
+
- *REMOVE* `config.per_user_tokens = [true|false]` this is no longer needed
|
492
|
+
- *CHANGE* `config.session_repository = 'Shop'` To `config.shop_session_repository = 'Shop'`
|
493
|
+
- *ADD (optional)* User Session Storage `config.user_session_repository = 'User'`
|
494
|
+
|
495
|
+
### Shop Model Changes (normally `app/models/shop.rb`)
|
496
|
+
- *CHANGE* `include ShopifyApp::SessionStorage` to `include ShopifyApp::ShopSessionStorage`
|
497
|
+
|
498
|
+
### Changes to `ShopifyApp::LoginProtection`
|
499
|
+
`ShopifyApp::LoginProtection`
|
500
|
+
|
501
|
+
if you are using `ShopifyApp::LoginProtection#shop_session` in your code, it will need to be
|
502
|
+
changed to `ShopifyApp::LoginProtection#activate_shopify_session`
|
503
|
+
|
504
|
+
### Notes
|
505
|
+
You do not need a user model, a shop session is fine for most applications.
|
506
|
+
|
482
507
|
Questions or problems?
|
483
508
|
----------------------
|
484
509
|
|
@@ -8,6 +8,11 @@ module ShopifyApp
|
|
8
8
|
def callback
|
9
9
|
if auth_hash
|
10
10
|
login_shop
|
11
|
+
|
12
|
+
if ShopifyApp::SessionRepository.user_storage.present? && user_session.blank?
|
13
|
+
return redirect_to(login_url_with_optional_shop)
|
14
|
+
end
|
15
|
+
|
11
16
|
install_webhooks
|
12
17
|
install_scripttags
|
13
18
|
perform_after_authenticate_job
|
@@ -55,16 +60,15 @@ module ShopifyApp
|
|
55
60
|
token: token,
|
56
61
|
api_version: ShopifyApp.configuration.api_version
|
57
62
|
)
|
58
|
-
session[:shopify] = ShopifyApp::SessionRepository.store(session_store, user: associated_user)
|
59
|
-
session[:shopify_domain] = shop_name
|
60
|
-
session[:shopify_user] = associated_user
|
61
63
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
session[:
|
64
|
+
session[:shopify_user] = associated_user
|
65
|
+
if session[:shopify_user].present?
|
66
|
+
session[:user_id] = ShopifyApp::SessionRepository.store_user_session(session_store, associated_user)
|
67
|
+
else
|
68
|
+
session[:shop_id] = ShopifyApp::SessionRepository.store_shop_session(session_store)
|
67
69
|
end
|
70
|
+
session[:shopify_domain] = shop_name
|
71
|
+
session[:user_session] = auth_hash&.extra&.session
|
68
72
|
end
|
69
73
|
|
70
74
|
def install_webhooks
|
@@ -72,7 +76,7 @@ module ShopifyApp
|
|
72
76
|
|
73
77
|
WebhooksManager.queue(
|
74
78
|
shop_name,
|
75
|
-
token,
|
79
|
+
shop_session&.token || user_session.token,
|
76
80
|
ShopifyApp.configuration.webhooks
|
77
81
|
)
|
78
82
|
end
|
@@ -82,7 +86,7 @@ module ShopifyApp
|
|
82
86
|
|
83
87
|
ScripttagsManager.queue(
|
84
88
|
shop_name,
|
85
|
-
token,
|
89
|
+
shop_session&.token || user_session.token,
|
86
90
|
ShopifyApp.configuration.scripttags
|
87
91
|
)
|
88
92
|
end
|
@@ -3,6 +3,7 @@ module ShopifyApp
|
|
3
3
|
include ShopifyApp::LoginProtection
|
4
4
|
|
5
5
|
layout false, only: :new
|
6
|
+
|
6
7
|
after_action only: [:new, :create] do |controller|
|
7
8
|
controller.response.headers.except!('X-Frame-Options')
|
8
9
|
end
|
@@ -16,7 +17,7 @@ module ShopifyApp
|
|
16
17
|
end
|
17
18
|
|
18
19
|
def enable_cookies
|
19
|
-
return unless
|
20
|
+
return unless validate_shop_presence
|
20
21
|
|
21
22
|
render(:enable_cookies, layout: false, locals: {
|
22
23
|
does_not_have_storage_access_url: top_level_interaction_path(
|
@@ -34,11 +35,11 @@ module ShopifyApp
|
|
34
35
|
|
35
36
|
def top_level_interaction
|
36
37
|
@url = login_url_with_optional_shop(top_level: true)
|
37
|
-
|
38
|
+
validate_shop_presence
|
38
39
|
end
|
39
40
|
|
40
41
|
def granted_storage_access
|
41
|
-
return unless
|
42
|
+
return unless validate_shop_presence
|
42
43
|
|
43
44
|
session['shopify.granted_storage_access'] = true
|
44
45
|
|
@@ -61,6 +62,8 @@ module ShopifyApp
|
|
61
62
|
|
62
63
|
copy_return_to_param_to_session
|
63
64
|
|
65
|
+
set_user_tokens_option
|
66
|
+
|
64
67
|
if user_agent_can_partition_cookies
|
65
68
|
authenticate_with_partitioning
|
66
69
|
else
|
@@ -88,7 +91,27 @@ module ShopifyApp
|
|
88
91
|
end
|
89
92
|
end
|
90
93
|
|
91
|
-
def
|
94
|
+
def set_user_tokens_option
|
95
|
+
if shop_session.blank?
|
96
|
+
session[:user_tokens] = false
|
97
|
+
return
|
98
|
+
end
|
99
|
+
|
100
|
+
session[:user_tokens] = ShopifyApp::SessionRepository.user_storage.present?
|
101
|
+
|
102
|
+
ShopifyAPI::Session.temp(
|
103
|
+
domain: shop_session.domain,
|
104
|
+
token: shop_session.token,
|
105
|
+
api_version: shop_session.api_version
|
106
|
+
) do
|
107
|
+
ShopifyAPI::Metafield.find(:token_validity_bogus_check)
|
108
|
+
end
|
109
|
+
rescue ActiveResource::UnauthorizedAccess
|
110
|
+
session[:user_tokens] = false
|
111
|
+
rescue StandardError
|
112
|
+
end
|
113
|
+
|
114
|
+
def validate_shop_presence
|
92
115
|
@shop = sanitized_shop_name
|
93
116
|
unless @shop
|
94
117
|
render_invalid_shop_error
|
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
<ul>
|
4
4
|
<% @products.each do |product| %>
|
5
|
-
<li><%= link_to product.title, "https://#{@
|
5
|
+
<li><%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
|
6
6
|
<% end %>
|
7
7
|
</ul>
|
8
8
|
|
@@ -28,7 +28,7 @@
|
|
28
28
|
|
29
29
|
<%= content_tag(:div, nil, id: 'shopify-app-init', data: {
|
30
30
|
api_key: ShopifyApp.configuration.api_key,
|
31
|
-
shop_origin: (@
|
31
|
+
shop_origin: (@current_shopify_session.domain if @current_shopify_session),
|
32
32
|
debug: Rails.env.development?
|
33
33
|
} ) %>
|
34
34
|
|
@@ -8,7 +8,7 @@ ShopifyApp.configure do |config|
|
|
8
8
|
config.embedded_app = <%= embedded_app? %>
|
9
9
|
config.after_authenticate_job = false
|
10
10
|
config.api_version = "<%= @api_version %>"
|
11
|
-
config.
|
11
|
+
config.shop_session_repository = 'ShopifyApp::InMemoryShopSessionStore'
|
12
12
|
end
|
13
13
|
|
14
14
|
# ShopifyApp::Utils.fetch_known_api_versions # Uncomment to fetch known api versions from shopify servers on boot
|
@@ -4,7 +4,6 @@ provider :shopify,
|
|
4
4
|
ShopifyApp.configuration.api_key,
|
5
5
|
ShopifyApp.configuration.secret,
|
6
6
|
scope: ShopifyApp.configuration.scope,
|
7
|
-
per_user_permissions: ShopifyApp.configuration.per_user_tokens,
|
8
7
|
setup: lambda { |env|
|
9
8
|
strategy = env['omniauth.strategy']
|
10
9
|
|
@@ -17,4 +16,5 @@ provider :shopify,
|
|
17
16
|
|
18
17
|
strategy.options[:client_options][:site] = shop
|
19
18
|
strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
|
19
|
+
strategy.options[:per_user_permissions] = strategy.session[:user_tokens]
|
20
20
|
}
|
@@ -16,7 +16,7 @@ module ShopifyApp
|
|
16
16
|
end
|
17
17
|
|
18
18
|
def update_shopify_app_initializer
|
19
|
-
gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::
|
19
|
+
gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryShopSessionStore', 'Shop'
|
20
20
|
end
|
21
21
|
|
22
22
|
def create_shop_fixtures
|
@@ -16,7 +16,7 @@ module ShopifyApp
|
|
16
16
|
end
|
17
17
|
|
18
18
|
def update_shopify_app_initializer
|
19
|
-
gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::
|
19
|
+
gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryUserSessionStore', 'User'
|
20
20
|
end
|
21
21
|
|
22
22
|
def create_user_fixtures
|
data/lib/shopify_app.rb
CHANGED
@@ -44,9 +44,11 @@ module ShopifyApp
|
|
44
44
|
require 'shopify_app/middleware/same_site_cookie_middleware'
|
45
45
|
|
46
46
|
# session
|
47
|
-
require 'shopify_app/session/storage_strategies/shop_storage_strategy'
|
48
|
-
require 'shopify_app/session/storage_strategies/user_storage_strategy'
|
49
47
|
require 'shopify_app/session/session_storage'
|
48
|
+
require 'shopify_app/session/shop_session_storage'
|
49
|
+
require 'shopify_app/session/user_session_storage'
|
50
50
|
require 'shopify_app/session/session_repository'
|
51
51
|
require 'shopify_app/session/in_memory_session_store'
|
52
|
+
require 'shopify_app/session/in_memory_shop_session_store'
|
53
|
+
require 'shopify_app/session/in_memory_user_session_store'
|
52
54
|
end
|
@@ -14,9 +14,8 @@ module ShopifyApp
|
|
14
14
|
attr_accessor :webhooks
|
15
15
|
attr_accessor :scripttags
|
16
16
|
attr_accessor :after_authenticate_job
|
17
|
-
attr_reader :
|
18
|
-
|
19
|
-
alias_method :per_user_tokens?, :per_user_tokens
|
17
|
+
attr_reader :shop_session_repository
|
18
|
+
attr_reader :user_session_repository
|
20
19
|
attr_accessor :api_version
|
21
20
|
|
22
21
|
# customise urls
|
@@ -44,7 +43,6 @@ module ShopifyApp
|
|
44
43
|
@myshopify_domain = 'myshopify.com'
|
45
44
|
@scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
|
46
45
|
@webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
|
47
|
-
@per_user_tokens = false
|
48
46
|
@disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
|
49
47
|
end
|
50
48
|
|
@@ -52,9 +50,14 @@ module ShopifyApp
|
|
52
50
|
@login_url || File.join(@root_url, 'login')
|
53
51
|
end
|
54
52
|
|
55
|
-
def
|
56
|
-
@
|
57
|
-
ShopifyApp::SessionRepository.
|
53
|
+
def user_session_repository=(klass)
|
54
|
+
@user_session_repository = klass
|
55
|
+
ShopifyApp::SessionRepository.user_storage = klass
|
56
|
+
end
|
57
|
+
|
58
|
+
def shop_session_repository=(klass)
|
59
|
+
@shop_session_repository = klass
|
60
|
+
ShopifyApp::SessionRepository.shop_storage = klass
|
58
61
|
end
|
59
62
|
|
60
63
|
def has_webhooks?
|
@@ -14,44 +14,48 @@ module ShopifyApp
|
|
14
14
|
rescue_from ActiveResource::UnauthorizedAccess, :with => :close_session
|
15
15
|
end
|
16
16
|
|
17
|
-
def
|
18
|
-
return redirect_to_login
|
17
|
+
def activate_shopify_session
|
18
|
+
return redirect_to_login if current_shopify_session.blank?
|
19
19
|
clear_top_level_oauth_cookie
|
20
20
|
|
21
21
|
begin
|
22
|
-
ShopifyAPI::Base.activate_session(
|
22
|
+
ShopifyAPI::Base.activate_session(current_shopify_session)
|
23
23
|
yield
|
24
24
|
ensure
|
25
25
|
ShopifyAPI::Base.clear_session
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
29
|
-
def
|
30
|
-
if
|
31
|
-
|
32
|
-
@shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify_user]['id'])
|
29
|
+
def current_shopify_session
|
30
|
+
if session[:user_id].present?
|
31
|
+
@current_shopify_session ||= user_session
|
33
32
|
else
|
34
|
-
|
35
|
-
@shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
|
33
|
+
@current_shopify_session ||= shop_session
|
36
34
|
end
|
37
35
|
end
|
38
36
|
|
37
|
+
def user_session
|
38
|
+
return if session[:user_id].blank?
|
39
|
+
ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
|
40
|
+
end
|
41
|
+
|
42
|
+
def shop_session
|
43
|
+
return if session[:shop_id].blank?
|
44
|
+
ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
|
45
|
+
end
|
46
|
+
|
39
47
|
def login_again_if_different_user_or_shop
|
40
|
-
if
|
41
|
-
|
42
|
-
sessions_do_not_match = session[:user_session] != params[:session] # current user is different from stored user
|
48
|
+
if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
|
49
|
+
clear_session = session[:user_session] != params[:session] # current user is different from stored user
|
43
50
|
|
44
|
-
if valid_session_data && sessions_do_not_match
|
45
|
-
clear_session = true
|
46
|
-
end
|
47
51
|
end
|
48
52
|
|
49
|
-
if
|
53
|
+
if current_shopify_session && params[:shop] && params[:shop].is_a?(String) && (current_shopify_session.domain != params[:shop])
|
50
54
|
clear_session = true
|
51
55
|
end
|
52
56
|
|
53
57
|
if clear_session
|
54
|
-
|
58
|
+
clear_shopify_session
|
55
59
|
redirect_to_login
|
56
60
|
end
|
57
61
|
end
|
@@ -76,12 +80,13 @@ module ShopifyApp
|
|
76
80
|
end
|
77
81
|
|
78
82
|
def close_session
|
79
|
-
|
83
|
+
clear_shopify_session
|
80
84
|
redirect_to(login_url_with_optional_shop)
|
81
85
|
end
|
82
86
|
|
83
|
-
def
|
84
|
-
session[:
|
87
|
+
def clear_shopify_session
|
88
|
+
session[:shop_id] = nil
|
89
|
+
session[:user_id] = nil
|
85
90
|
session[:shopify_domain] = nil
|
86
91
|
session[:shopify_user] = nil
|
87
92
|
session[:user_session] = nil
|