RubyGems - shopify_app - Versions diffs - 13.0.0 → 13.0.1 - Mend

shopify_app 13.0.0 → 13.0.1

Files changed (65) hide show

data/lib/generators/shopify_app/install/install_generator.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 module ShopifyApp
@@ -16,7 +17,7 @@ module ShopifyApp
         @scope = format_array_argument(options['scope'])
         @api_version = options['api_version'] || ShopifyAPI::Meta.admin_versions.find(&:latest_supported).handle
-        template 'shopify_app.rb', 'config/initializers/shopify_app.rb'
+        template('shopify_app.rb', 'config/initializers/shopify_app.rb')
       end
       def create_session_store_initializer
@@ -24,22 +25,22 @@ module ShopifyApp
       end
       def create_and_inject_into_omniauth_initializer
-        unless File.exist? "config/initializers/omniauth.rb"
-          copy_file 'omniauth.rb', 'config/initializers/omniauth.rb'
+        unless File.exist?("config/initializers/omniauth.rb")
+          copy_file('omniauth.rb', 'config/initializers/omniauth.rb')
         end
         inject_into_file(
           'config/initializers/omniauth.rb',
           File.read(File.expand_path(find_in_source_paths('shopify_provider.rb'))),
-          after: "Rails.application.config.middleware.use OmniAuth::Builder do\n"
+          after: "Rails.application.config.middleware.use(OmniAuth::Builder) do\n"
         )
       end
       def create_embedded_app_layout
         return unless embedded_app?
-        copy_file 'embedded_app.html.erb', 'app/views/layouts/embedded_app.html.erb'
-        copy_file '_flash_messages.html.erb', 'app/views/layouts/_flash_messages.html.erb'
+        copy_file('embedded_app.html.erb', 'app/views/layouts/embedded_app.html.erb')
+        copy_file('_flash_messages.html.erb', 'app/views/layouts/_flash_messages.html.erb')
         if ShopifyApp.use_webpacker?
           copy_file('shopify_app.js', 'app/javascript/shopify_app/shopify_app.js')
@@ -53,11 +54,11 @@ module ShopifyApp
       end
       def create_user_agent_initializer
-        template 'user_agent.rb', 'config/initializers/user_agent.rb'
+        template('user_agent.rb', 'config/initializers/user_agent.rb')
       end
       def mount_engine
-        route "mount ShopifyApp::Engine, at: '/'"
+        route("mount ShopifyApp::Engine, at: '/'")
       end
       def insert_hosts_into_development_config

data/lib/generators/shopify_app/install/templates/omniauth.rb CHANGED

@@ -1,2 +1,3 @@
-Rails.application.config.middleware.use OmniAuth::Builder do
+# frozen_string_literal: true
+Rails.application.config.middleware.use(OmniAuth::Builder) do
 end

data/lib/generators/shopify_app/install/templates/user_agent.rb CHANGED

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
 module ShopifyAPI
   class Base < ActiveResource::Base
-    self.headers['User-Agent'] << " | ShopifyApp/#{ShopifyApp::VERSION}"
+    headers['User-Agent'] << " | ShopifyApp/#{ShopifyApp::VERSION}"
   end
 end

data/lib/generators/shopify_app/routes/routes_generator.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 module ShopifyApp

data/lib/generators/shopify_app/routes/templates/routes.rb CHANGED

@@ -1,11 +1,12 @@
+# frozen_string_literal: true
-  controller :sessions do
-    get 'login' => :new, :as => :login
-    post 'login' => :create, :as => :authenticate
-    get 'auth/shopify/callback' => :callback
-    get 'logout' => :destroy, :as => :logout
-  end
+controller :sessions do
+  get 'login' => :new, :as => :login
+  post 'login' => :create, :as => :authenticate
+  get 'auth/shopify/callback' => :callback
+  get 'logout' => :destroy, :as => :logout
+end
-  namespace :webhooks do
-    post ':type' => :receive
-  end
+namespace :webhooks do
+  post ':type' => :receive
+end

data/lib/generators/shopify_app/shop_model/shop_model_generator.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 require 'rails/generators/active_record'
@@ -8,19 +9,19 @@ module ShopifyApp
       source_root File.expand_path('../templates', __FILE__)
       def create_shop_model
-        copy_file 'shop.rb', 'app/models/shop.rb'
+        copy_file('shop.rb', 'app/models/shop.rb')
       end
       def create_shop_migration
-        migration_template 'db/migrate/create_shops.erb', 'db/migrate/create_shops.rb'
+        migration_template('db/migrate/create_shops.erb', 'db/migrate/create_shops.rb')
       end
       def update_shopify_app_initializer
-        gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryShopSessionStore', 'Shop'
+        gsub_file('config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryShopSessionStore', 'Shop')
       end
       def create_shop_fixtures
-        copy_file 'shops.yml', 'test/fixtures/shops.yml'
+        copy_file('shops.yml', 'test/fixtures/shops.yml')
       end
       private

data/lib/generators/shopify_app/shop_model/templates/shop.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 class Shop < ActiveRecord::Base
   include ShopifyApp::ShopSessionStorage

data/lib/generators/shopify_app/shopify_app_generator.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyApp
   module Generators
     class ShopifyAppGenerator < Rails::Generators::Base
@@ -7,10 +8,10 @@ module ShopifyApp
       end
       def run_all_generators
-        generate "shopify_app:install #{@opts.join(' ')}"
-        generate "shopify_app:shop_model"
+        generate("shopify_app:install #{@opts.join(' ')}")
+        generate("shopify_app:shop_model")
         generate("shopify_app:authenticated_controller")
-        generate "shopify_app:home_controller"
+        generate("shopify_app:home_controller")
       end
     end
   end

data/lib/generators/shopify_app/user_model/templates/user.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 class User < ActiveRecord::Base
   include ShopifyApp::UserSessionStorage

data/lib/generators/shopify_app/user_model/user_model_generator.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 require 'rails/generators/active_record'
@@ -8,19 +9,19 @@ module ShopifyApp
       source_root File.expand_path('../templates', __FILE__)
       def create_user_model
-        copy_file 'user.rb', 'app/models/user.rb'
+        copy_file('user.rb', 'app/models/user.rb')
       end
       def create_user_migration
-        migration_template 'db/migrate/create_users.erb', 'db/migrate/create_users.rb'
+        migration_template('db/migrate/create_users.erb', 'db/migrate/create_users.rb')
       end
       def update_shopify_app_initializer
-        gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryUserSessionStore', 'User'
+        gsub_file('config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryUserSessionStore', 'User')
       end
       def create_user_fixtures
-        copy_file 'users.yml', 'test/fixtures/users.yml'
+        copy_file('users.yml', 'test/fixtures/users.yml')
       end
       private

data/lib/generators/shopify_app/views/views_generator.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 module ShopifyApp

data/lib/shopify_app.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'shopify_app/version'
 # deps
@@ -44,11 +45,13 @@ module ShopifyApp
   require 'shopify_app/middleware/same_site_cookie_middleware'
   # session
-  require 'shopify_app/session/session_storage'
-  require 'shopify_app/session/shop_session_storage'
-  require 'shopify_app/session/user_session_storage'
-  require 'shopify_app/session/session_repository'
   require 'shopify_app/session/in_memory_session_store'
   require 'shopify_app/session/in_memory_shop_session_store'
   require 'shopify_app/session/in_memory_user_session_store'
+  require 'shopify_app/session/jwt'
+  require 'shopify_app/session/null_user_session_store'
+  require 'shopify_app/session/session_repository'
+  require 'shopify_app/session/session_storage'
+  require 'shopify_app/session/shop_session_storage'
+  require 'shopify_app/session/user_session_storage'
 end

data/lib/shopify_app/configuration.rb CHANGED

@@ -1,11 +1,11 @@
+# frozen_string_literal: true
 module ShopifyApp
   class Configuration
     # Shopify App settings. These values should match the configuration
     # for the app in your Shopify Partners page. Change your settings in
     # `config/initializers/shopify_app.rb`
     attr_accessor :application_name
-    attr_accessor  :api_key
+    attr_accessor :api_key
     attr_accessor :secret
     attr_accessor :old_secret
     attr_accessor :scope
@@ -14,13 +14,11 @@ module ShopifyApp
     attr_accessor :webhooks
     attr_accessor :scripttags
     attr_accessor :after_authenticate_job
-    attr_reader :shop_session_repository
-    attr_reader :user_session_repository
     attr_accessor :api_version
     # customise urls
     attr_accessor :root_url
-    attr_accessor :login_url
+    attr_writer :login_url
     # customise ActiveJob queue names
     attr_accessor :scripttags_manager_queue_name
@@ -36,7 +34,10 @@ module ShopifyApp
     attr_accessor :webhook_jobs_namespace
     # allow enabling of same site none on cookies
-    attr_accessor :enable_same_site_none
+    attr_writer :enable_same_site_none
+    # allow enabling jwt headers for authentication
+    attr_accessor :allow_jwt_authentication
     def initialize
       @root_url = '/'
@@ -51,15 +52,21 @@ module ShopifyApp
     end
     def user_session_repository=(klass)
-      @user_session_repository = klass
       ShopifyApp::SessionRepository.user_storage = klass
     end
+    def user_session_repository
+      ShopifyApp::SessionRepository.user_storage
+    end
     def shop_session_repository=(klass)
-      @shop_session_repository = klass
       ShopifyApp::SessionRepository.shop_storage = klass
     end
+    def shop_session_repository
+      ShopifyApp::SessionRepository.shop_storage
+    end
     def has_webhooks?
       webhooks.present?
     end

data/lib/shopify_app/controller_concerns/app_proxy_verification.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyApp
   module AppProxyVerification
     extend ActiveSupport::Concern
@@ -8,7 +9,7 @@ module ShopifyApp
     end
     def verify_proxy_request
-      return head :forbidden unless query_string_valid?(request.query_string)
+      return head(:forbidden) unless query_string_valid?(request.query_string)
     end
     private
@@ -26,7 +27,7 @@ module ShopifyApp
     end
     def calculated_signature(query_hash_without_signature)
-      sorted_params = query_hash_without_signature.collect{|k,v| "#{k}=#{Array(v).join(',')}"}.sort.join
+      sorted_params = query_hash_without_signature.collect { |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join
       OpenSSL::HMAC.hexdigest(
         OpenSSL::Digest.new('sha256'),

data/lib/shopify_app/controller_concerns/embedded_app.rb CHANGED

@@ -1,11 +1,12 @@
+# frozen_string_literal: true
 module ShopifyApp
   module EmbeddedApp
     extend ActiveSupport::Concern
     included do
       if ShopifyApp.configuration.embedded_app?
-        after_action :set_esdk_headers
-        layout 'embedded_app'
+        after_action(:set_esdk_headers)
+        layout('embedded_app')
       end
     end

data/lib/shopify_app/controller_concerns/localization.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyApp
   module Localization
     extend ActiveSupport::Concern

data/lib/shopify_app/controller_concerns/login_protection.rb CHANGED

@@ -11,7 +11,7 @@ module ShopifyApp
     included do
       after_action :set_test_cookie
-      rescue_from ActiveResource::UnauthorizedAccess, :with => :close_session
+      rescue_from ActiveResource::UnauthorizedAccess, with: :close_session
     end
     def activate_shopify_session
@@ -27,20 +27,38 @@ module ShopifyApp
     end
     def current_shopify_session
-      if session[:user_id].present?
-        @current_shopify_session ||= user_session
-      else
-        @current_shopify_session ||= shop_session
+      @current_shopify_session ||= begin
+        user_session || shop_session
       end
     end
     def user_session
-      return if session[:user_id].blank?
+      user_session_by_jwt || user_session_by_cookie
+    end
+    def user_session_by_jwt
+      return unless ShopifyApp.configuration.allow_jwt_authentication
+      return unless jwt_shopify_user_id
+      ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(jwt_shopify_user_id)
+    end
+    def user_session_by_cookie
+      return unless session[:user_id].present?
       ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
     end
     def shop_session
-      return if session[:shop_id].blank?
+      shop_session_by_jwt || shop_session_by_cookie
+    end
+    def shop_session_by_jwt
+      return unless ShopifyApp.configuration.allow_jwt_authentication
+      return unless jwt_shopify_domain
+      ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(jwt_shopify_domain)
+    end
+    def shop_session_by_cookie
+      return unless session[:shop_id].present?
       ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
     end
@@ -50,7 +68,9 @@ module ShopifyApp
       end
-      if current_shopify_session && params[:shop] && params[:shop].is_a?(String) && (current_shopify_session.domain != params[:shop])
+      if current_shopify_session &&
+        params[:shop] && params[:shop].is_a?(String) &&
+        (current_shopify_session.domain != params[:shop])
         clear_session = true
       end
@@ -62,9 +82,23 @@ module ShopifyApp
     protected
+    def jwt_shopify_domain
+      return unless jwt
+      @jwt_shopify_domain ||= JWT.new(jwt).shopify_domain
+    end
+    def jwt_shopify_user_id
+      return unless jwt
+      @jwt_user_id ||= JWT.new(jwt).shopify_user_id
+    end
+    def jwt
+      @jwt ||= authenticate_with_http_token { |token| token }
+    end
     def redirect_to_login
       if request.xhr?
-        head :unauthorized
+        head(:unauthorized)
       else
         if request.get?
           path = request.path
@@ -128,9 +162,10 @@ module ShopifyApp
     def fullpage_redirect_to(url)
       if ShopifyApp.configuration.embedded_app?
-        render 'shopify_app/shared/redirect', layout: false, locals: { url: url, current_shopify_domain: current_shopify_domain }
+        render('shopify_app/shared/redirect', layout: false,
+               locals: { url: url, current_shopify_domain: current_shopify_domain })
       else
-        redirect_to url
+        redirect_to(url)
       end
     end

data/lib/shopify_app/controller_concerns/webhook_verification.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyApp
   module WebhookVerification
     extend ActiveSupport::Concern
@@ -11,7 +12,7 @@ module ShopifyApp
     def verify_request
       data = request.raw_post
-      return head :unauthorized unless hmac_valid?(data)
+      return head(:unauthorized) unless hmac_valid?(data)
     end
     def hmac_valid?(data)

data/lib/shopify_app/engine.rb CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyApp
   class Engine < Rails::Engine
     engine_name 'shopify_app'

data/lib/shopify_app/jobs/scripttags_manager_job.rb CHANGED

@@ -1,6 +1,6 @@
+# frozen_string_literal: true
 module ShopifyApp
   class ScripttagsManagerJob < ActiveJob::Base
     queue_as do
       ShopifyApp.configuration.scripttags_manager_queue_name
     end