RubyGems - shopify_app - Versions diffs - 13.0.0 → 14.0.0 - Mend

shopify_app 13.0.0 → 14.0.0

Files changed (86) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d4e2d37f9112725500d1a9f36fe76b743e8981920eea4838024cafd6a71cb5eb
-  data.tar.gz: 3c52a0ee9a7f40433ad01b82bda3a0c6d30dd9bb45c319f1d457a0bd13c30fc0
+  metadata.gz: eb6669e0b864299f689103042e4c59cb4ddc7e53481b559275b64accc6e390b9
+  data.tar.gz: 9e3481e24e1e44ef799ac573025e532814acff362d0c9ea3f44b3e4000a68037
 SHA512:
-  metadata.gz: 19a445a22b25b01f860a84128551234313bc44e7acd1583ec90bc96f59d65a8fac208feb1d5a6899453935dd19458196c5253605d85e3ac346be2fa405a50b4c
-  data.tar.gz: 526354098526753ade6d30a346ffa75b2280707638b66dba61c89b34a771e72dd4c23cfae8bda319de58a7a373e7c05d233a13a4f2f8325c7754cda1ed58d835
+  metadata.gz: 13f7898748c764d9093d8479ce61a3b1f2d5e9d3ebf7b04a952af7587ef243f9c785c3573c45a915a909a6b9d6cb15ea0d63ab34ed424c45401419f331aa141d
+  data.tar.gz: ba8649d90387c3c5c8050ad69923a9e56509955016c5d8bfd955e8870bf0d55f6ed3956dc1643e2f11aa655730e82504e7c28a472a7fcc542a4977b76169ebf4

data/.github/PULL_REQUEST_TEMPLATE.md ADDED Viewed

@@ -0,0 +1,6 @@
+Before submitting the PR, please consider if any of the following are needed:
+- [ ] Update `CHANGELOG.md` if the changes would impact users
+- [ ] Update `README.md`, if appropriate.
+- [ ] Update any relevant pages in `docs/`, if necessary
+- [ ] For security fixes, the [Disclosure Policy](https://github.com/Shopify/shopify_app/blob/master/SECURITY.md#disclosure-policy) must be followed.

data/.github/workflows/rubocop.yml ADDED Viewed

@@ -0,0 +1,28 @@
+name: RuboCop
+on: [push, pull_request]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.7
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+    - name: Cache gems
+      uses: actions/cache@v1
+      with:
+        path: vendor/bundle
+        key: ${{ runner.os }}-rubocop-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-rubocop-
+    - name: Install gems
+      run: |
+        bundle config path vendor/bundle
+        bundle config set without 'default development test'
+        bundle install --jobs 4 --retry 3
+    - name: Run RuboCop
+      run: bundle exec rubocop --parallel

data/.rubocop.yml CHANGED Viewed

@@ -1,10 +1,17 @@
-inherit_from:
-  - https://shopify.github.io/ruby-style-guide/rubocop.yml
+inherit_gem:
+    rubocop-shopify: rubocop.yml
-LineLength:
+AllCops:
+  TargetRubyVersion: 2.7
   Exclude:
-    - test/**/*
+    - 'test/tmp/**/*'
+    - 'vendor/bundle/**/*'
-Metrics/ClassLength:
+Style/MethodCallWithArgsParentheses:
   Exclude:
-    - test/**/*
+    - '**/Gemfile'
+Style/ClassAndModuleChildren:
+  Exclude:
+    - 'test/**/*'

data/.travis.yml CHANGED Viewed

@@ -13,9 +13,9 @@ cache:
   yarn: true
 rvm:
-  - 2.4.3
-  - 2.5.0
-  - 2.6.2
+  - 2.5
+  - 2.6
+  - 2.7
 install:
   - bundle install

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,54 @@
+14.0.0
+------
+* Ruby 2.4 is no longer supported by this gem
+* Bump gemspec ruby dependency to 2.5
+* (Beta) Add `--with-session-token` flag to the Shopify App generator to create an app that is compatible with App Bridge Authentication
+13.5.0
+------
+* Add `signal_access_token_required` helper method for apps to indicate access token has expired and that a new one is required
+13.4.1
+------
+* Fix the version checks for the dependency on `shopify_api` to allow all of v9.X
+13.4.0
+------
+* Skip CSRF protection if a valid signed JWT token is present as we trust Shopify to be the only source that can sign it securely. [#994](https://github.com/Shopify/shopify_app/pull/994)
+13.3.0
+------
+* Added Payload Verification module [#992](https://github.com/Shopify/shopify_app/pull/992)
+* Add concern to check for valid shop domains in the unauthenticated controller
+13.2.0
+------
+* Get current shop domain from JWT header
+* Validate that the omniauth data matches the JWT data
+* Persist the token information to the session store
+13.1.1
+------
+* Update browser_sniffer to 1.2.2
+13.1.0
+------
+* Adds the shop URL as a parameter when redirecting after the callback
+* Bump minimum Ruby version to 2.4
+* Bug fixes
+13.0.1
+------
+* Small addition to WebhookJob to return if the shop is nil #952
+* Added Rubocop to the Repo #948
+* Added a WebhookVerification test helper #950
+* Fix for deprecation warning while loading session storage at startup
+* Changes that will allow future JWT authentication
+13.0.1
+------
+* fix for deprecation warning while loading session storage at startup
 13.0.0
 ------
 + #887 Added concurrent user and shop session support (online/offline)

data/Gemfile CHANGED Viewed

@@ -1,6 +1,11 @@
+# frozen_string_literal: true
 source "https://rubygems.org"
 # Specify your gem's dependencies in shopify_app.gemspec
 gemspec
 gem 'rails-controller-testing', group: :test
+group :rubocop do
+  gem 'rubocop-shopify', require: false
+end

data/README.md CHANGED Viewed

@@ -8,7 +8,7 @@ Shopify App
 Shopify Application Rails engine and generator
-#### NOTE : Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
+#### NOTE: Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
 Table of Contents
 -----------------
@@ -25,16 +25,16 @@ Table of Contents
 - [AppProxyVerification](#appproxyverification)
 - [Troubleshooting](#troubleshooting)
 - [Testing an embedded app outside the Shopify admin](#testing-an-embedded-app-outside-the-shopify-admin)
-- [Migration to 13.0.0](#migrating-to-13)
+- [Migration to 13.0.0](#migrating-to-1300)
 - [Questions or problems?](#questions-or-problems-)
 - [Rails 6 Compatibility](#rails-6-compatibility)
 - [Upgrading from 8.6 to 9.0.0](#upgrading-from-86-to-900)
 Introduction
 -----------
-Get started with the [Shopify Admin API](https://help.shopify.com/en/api/getting-started) faster; This gem includes a Rails Engine and generators for writing Rails applications using the Shopify API. The Engine provides a SessionsController and all the required code for authenticating with a shop via Oauth (other authentication methods are not supported).
+Get started with the [Shopify Admin API](https://help.shopify.com/en/api/getting-started) faster; This gem includes a Rails Engine and generators for writing Rails applications using the Shopify API. The Engine provides a SessionsController and all the required code for authenticating with a shop via OAuth (other authentication methods are not supported).
-*Note: It's recommended to use this on a new Rails project, so that the generator won't overwrite/delete your files.*
+*Note: It's recommended to use this on a new Rails project so that the generator won't overwrite/delete your files.*
 Learn how to create and deploy a new Shopify App to Heroku with our [quickstart guide](https://github.com/Shopify/shopify_app/blob/master/docs/Quickstart.md), or dive in in less than 5 minutes with this quickstart video:
@@ -42,7 +42,7 @@ Learn how to create and deploy a new Shopify App to Heroku with our [quickstart
 Become a Shopify App Developer
 --------------------------------
-To become a Shopify App Developer you'll need a [Shopify Partner account.](http://shopify.com/partners) If you don't have a Shopify Partner account, head to http://shopify.com/partners to create one before you start.
+To become a Shopify App Developer, you'll need a [Shopify Partner account.](http://shopify.com/partners) If you don't have a Shopify Partner account, head to http://shopify.com/partners to create one before you start.
 Once you have a Partner account, [create a new application in the Partner Dashboard](https://help.shopify.com/en/api/tools/partner-dashboard/your-apps) to get an API key and other API credentials.
@@ -50,7 +50,7 @@ To create an application for development set your new app's `App URL` to the URL
 Installation
 ------------
-To get started add `shopify_app` to your Gemfile and run `bundle install`:
+To get started, add `shopify_app` to your Gemfile and run `bundle install`:
 ``` sh
 # Create a new rails app
@@ -58,8 +58,7 @@ $ rails new my_shopify_app
 $ cd my_shopify_app
 # Add the gem shopify_app to your Gemfile
-$ echo "gem 'shopify_app'" >> Gemfile
-$ bundle install
+$ bundle add shopify_app
 ```
 Now we are ready to run any of the [generators](#generators) included with `shopify_app`. The following section explains the generators and what you can do with them.
@@ -67,7 +66,7 @@ Now we are ready to run any of the [generators](#generators) included with `shop
 #### Rails Compatibility
-The lastest version of shopify_app is compatible with Rails `>= 5`. Use version `<= v7.2.8` if you need to work with Rails 4.
+The latest version of shopify_app is compatible with Rails `>= 5`. Use version `<= v7.2.8` if you need to work with Rails 4.
 Generators
@@ -75,7 +74,7 @@ Generators
 ### Default Generator
-The default generator will run the `install`, `shop`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
+The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
 ```sh
 $ rails generate shopify_app
@@ -94,26 +93,22 @@ SHOPIFY_API_SECRET=your api secret
 These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard]. If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
-**You will need to load the ENV variables into your enviroment, you can do this with the [dot-env](https://github.com/bkeepers/dotenv) gem or any other method you wish to.**
+**You will need to load the ENV variables into your environment, you can do this with the [dot-env](https://github.com/bkeepers/dotenv) gem or any other method you wish to.**
 ### Install Generator
 ```sh
-$ rails generate shopify_app:install
-# or optionally with arguments:
 $ rails generate shopify_app:install
 ```
-Other options include:
+Options include:
 * `application_name` - the name of your app, it can be supplied with or without double-quotes if a whitespace is present. (e.g. `--application_name Example App` or `--application_name "Example App"`)
-* `scope` - the Oauth access scope required for your app, eg **read_products, write_orders**. *Multiple options* need to be delimited by a comma-space, and can be supplied with or without double-quotes
+* `scope` - the OAuth access scope required for your app, e.g. **read_products, write_orders**. *Multiple options* need to be delimited by a comma-space and can be supplied with or without double-quotes
 (e.g. `--scope read_products, write_orders, write_products` or `--scope "read_products, write_orders, write_products"`)
 For more information, refer the [docs](http://docs.shopify.com/api/tutorials/oauth).
 * `embedded` - the default is to generate an [embedded app](http://docs.shopify.com/embedded-app-sdk), if you want a legacy non-embedded app then set this to false, `--embedded false`
-You can update any of these settings later on easily, the arguments are simply for convenience.
+You can update any of these settings later on easily; the arguments are simply for convenience.
 The generator adds ShopifyApp and the required initializers to the host Rails application.
@@ -126,8 +121,18 @@ After running the `install` generator, you can start your app with `bundle exec
 $ rails generate shopify_app:home_controller
 ```
-This generator creates an example home controller and view which fetches and displays products using the Shopify API
+This generator creates an example home controller and view which fetches and displays products using the Shopify API.
+Options include:
+* __[beta]__ `with-session-token`: This flag generates an unauthenticated home_controller and a protected sample products_controller. It also creates a home view that leverages a session token to fetch products from your products_controller. Use this flag if you plan to build a single-page application or to secure your app using JWT session tokens (e.g. `--with-session-token` or `--with-session-token true`).
+### Products Controller Generator
+```sh
+$ rails generate shopify_app:products_controller
+```
+This generator creates an example products API controller to fetch products using the Shopify API.
 ### App Proxy Controller Generator
@@ -135,7 +140,7 @@ This generator creates an example home controller and view which fetches and dis
 $ rails generate shopify_app:app_proxy_controller
 ```
-This optional generator, not included with the default generator, creates the app proxy controller to handle proxy requests to the app from your shop storefront, modifies 'config/routes.rb' with a namespace route, and an example view which displays current shop information using the LiquidAPI
+This optional generator, not included with the default generator, creates the app proxy controller to handle proxy requests to the app from your shop storefront, modifies 'config/routes.rb' with a namespace route, and an example view which displays current shop information using the LiquidAPI.
 ### Marketing Extension Generator
@@ -143,11 +148,11 @@ This optional generator, not included with the default generator, creates the ap
 $ rails generate shopify_app:add_marketing_activity_extension
 ```
-This will create a controller with the endpoints required to build a [marketing activities extension](https://help.shopify.com/en/api/embedded-apps/app-extensions/shopify-admin/marketing-activities). The extension will be generated with a base url at `/marketing_activities`, which should also be configured in partners.
+This will create a controller with the endpoints required to build a [marketing activities extension](https://help.shopify.com/en/api/embedded-apps/app-extensions/shopify-admin/marketing-activities). The extension will be generated with a base URL at `/marketing_activities`, which should also be configured in partners.
 ### Controllers, Routes and Views
-The last group of generators are for your convenience if you want to start overriding code included as part of the Rails engine. For example by default the engine provides a simple SessionController, if you run the `rails generate shopify_app:controllers` generator then this code gets copied out into your app so you can start adding to it. Routes and views follow the exact same pattern.
+The last group of generators are for your convenience if you want to start overriding code included as part of the Rails engine. For example, by default the engine provides a simple SessionController, if you run the `rails generate shopify_app:controllers` generator then this code gets copied out into your app so you can start adding to it. Routes and views follow the exact same pattern.
 Mounting the Engine
 -------------------
@@ -170,7 +175,7 @@ The engine may also be mounted at a nested route, for example:
 mount ShopifyApp::Engine, at: '/nested'
 ```
-This will create the Shopify engine routes under the specified subpath. You'll also need to make some updates to your `shopify_app.rb` and `omniauth.rb` initializers. First update the shopify_app initializer to include a custom `root_url` e.g.:
+This will create the Shopify engine routes under the specified subpath. You'll also need to make some updates to your `shopify_app.rb` and `omniauth.rb` initializers. First, update the shopify_app initializer to include a custom `root_url` e.g.:
 ```ruby
 ShopifyApp.configure do |config|
@@ -216,7 +221,7 @@ Authentication
 ### Callback
-Upon completing the authentication flow Shopify calls the app at the `callback_path` mentioned before. If the app needs to do some extra work it can define and configure the route to a custom callback controller, inheriting from `ShopifyApp::CallbackController` and hook into or override any of the defined helper methods. The default callback controller already provides the following behaviour:
+Upon completing the authentication flow, Shopify calls the app at the `callback_path` mentioned before. If the app needs to do some extra work, it can define and configure the route to a custom callback controller, inheriting from `ShopifyApp::CallbackController` and hook into or override any of the defined helper methods. The default callback controller already provides the following behaviour:
 * Logging into the shop and resetting the session
 * [Installing Webhooks](https://github.com/Shopify/shopify_app#webhooksmanager)
 * [Setting Scripttags](https://github.com/Shopify/shopify_app#scripttagsmanager)
@@ -227,22 +232,22 @@ Upon completing the authentication flow Shopify calls the app at the `callback_p
 ### ShopifyApp::SessionRepository
-`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session, *args)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. These methods are already implemented as part of the `ShopifyApp::SessionStorage` concern, but can be overridden for custom implementation.
+`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session, *args)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. These methods are already implemented as part of the `ShopifyApp::SessionStorage` concern but can be overridden for custom implementation.
 #### Shop-based token storage
-Storing tokens on the store model means that any user login associated to the store will have equal access levels to whatever the original user granted the app.
+Storing tokens on the store model means that any user login associated with the store will have equal access levels to whatever the original user granted the app.
 ```sh
 $ rails generate shopify_app:shop_model
 ```
 This will generate a shop model which will be the storage for the tokens necessary for authentication.
 #### User-based token storage
-A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed. Shop tokens must still be maintained if you are running background jobs so that you can make use of them when necessary.
+A more granular control over the level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed. Shop tokens must still be maintained if you are running background jobs so that you can make use of them when necessary.
 ```sh
 $ rails generate shopify_app:shop_model
 $ rails generate shopify_app:user_model
 ```
-This will generate a shop model and user model which will be the storage for the tokens necessary for authentication.
+This will generate a shop model and user model, which will be the storage for the tokens necessary for authentication.
 The current Shopify user will be stored in the rails session at `session[:shopify_user]`
@@ -276,7 +281,7 @@ For backwards compatibility, the engine still provides a controller called `Shop
 ### AfterAuthenticate Job
-If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job update your initializer as follows:
+If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job, update your initializer as follows:
 ```ruby
 ShopifyApp.configure do |config|
@@ -324,11 +329,11 @@ ShopifyApp.configure do |config|
 end
 ```
-When the oauth callback is completed successfully ShopifyApp will queue a background job which will ensure all the specified webhooks exist for that shop. Because this runs on every oauth callback it means your app will always have the webhooks it needs even if the user uninstalls and re-installs the app.
+When the OAuth callback is completed successfully, ShopifyApp will queue a background job which will ensure all the specified webhooks exist for that shop. Because this runs on every OAuth callback, it means your app will always have the webhooks it needs even if the user uninstalls and re-installs the app.
-ShopifyApp also provides a WebhooksController that receives webhooks and queues a job based on the received topic. For example if you register the webhook from above then all you need to do is create a job called `CartsUpdateJob`. The job will be queued with 2 params: `shop_domain` and `webhook` (which is the webhook body).
+ShopifyApp also provides a WebhooksController that receives webhooks and queues a job based on the received topic. For example, if you register the webhook from above, then all you need to do is create a job called `CartsUpdateJob`. The job will be queued with 2 params: `shop_domain` and `webhook` (which is the webhook body).
-If you would like to namespace your jobs you may set `webhook_jobs_namespace` in the config. For example if your app handles webhooks from other ecommerce applications as well, and you want Shopify cart update webhooks to be processed by a job living in `jobs/shopify/webhooks/carts_update_job.rb` rather than `jobs/carts_update_job.rb`):
+If you would like to namespace your jobs, you may set `webhook_jobs_namespace` in the config. For example, if your app handles webhooks from other ecommerce applications as well, and you want Shopify cart update webhooks to be processed by a job living in `jobs/shopify/webhooks/carts_update_job.rb` rather than `jobs/carts_update_job.rb`):
 ```ruby
 ShopifyApp.configure do |config|
@@ -366,9 +371,9 @@ class CustomWebhooksController < ApplicationController
 end
 ```
-The module skips the `verify_authenticity_token` before_action and adds an action to verify that the webhook came from Shopify. You can now add a post route to your application pointing to the controller and action to accept the webhook data from Shopify.
+The module skips the `verify_authenticity_token` before_action and adds an action to verify that the webhook came from Shopify. You can now add a post route to your application, pointing to the controller and action to accept the webhook data from Shopify.
-The WebhooksManager uses ActiveJob, if ActiveJob is not configured then by default Rails will run the jobs inline. However it is highly recommended to configure a proper background processing queue like sidekiq or resque in production.
+The WebhooksManager uses ActiveJob. If ActiveJob is not configured then by default Rails will run the jobs inline. However, it is highly recommended to configure a proper background processing queue like Sidekiq or Resque in production.
 ShopifyApp can create webhooks for you using the `add_webhook` generator. This will add the new webhook to your config and create the required job class for you.
@@ -376,7 +381,7 @@ ShopifyApp can create webhooks for you using the `add_webhook` generator. This w
 rails g shopify_app:add_webhook -t carts/update -a https://example.com/webhooks/carts_update
 ```
-where `-t` is the topic and `-a` is the address the webhook should be sent to.
+Where `-t` is the topic and `-a` is the address the webhook should be sent to.
 ScripttagsManager
 -----------------
@@ -459,7 +464,7 @@ class ReviewsController < ApplicationController
 end
 ```
-Create your app proxy url in the [Shopify Partners' Dashboard][dashboard], making sure to point it to `https://your_app_website.com/app_proxy`.
+Create your app proxy URL in the [Shopify Partners' Dashboard][dashboard], making sure to point it to `https://your_app_website.com/app_proxy`.
 ![Creating an App Proxy](/images/app-proxy-screenshot.png)
 App Bridge
@@ -472,6 +477,31 @@ Troubleshooting
 see [TROUBLESHOOTING.md](https://github.com/Shopify/shopify_app/blob/master/docs/Troubleshooting.md)
+Using Test Helpers inside your Application
+-----------------------------------------
+A test helper that will allow you to test `ShopifyApp::WebhookVerification` in the controller from your app, to use this test, you need to `require` it directly inside your app `test/controllers/webhook_verification_test.rb`.
+```ruby
+    require 'test_helper'
+    require 'action_controller'
+    require 'action_controller/base'
+    require 'shopify_app/test_helpers/webhook_verification_helper'
+```
+Or you can require in your `test/test_helper.rb`.
+```ruby
+  ENV['RAILS_ENV'] ||= 'test'
+  require_relative '../config/environment'
+  require 'rails/test_help'
+  require 'byebug'
+  require 'shopify_app/test_helpers/all'
+```
+With `lib/shopify_app/test_helpers/all'` more tests can be added and will only need to be required in once in your library.
 Testing an embedded app outside the Shopify admin
 -------------------------------------------------
@@ -495,14 +525,22 @@ change to how session stores work. Here are the steps to migrate to 13.x
 ### Shop Model Changes (normally `app/models/shop.rb`)
 -  *CHANGE* `include ShopifyApp::SessionStorage` to `include ShopifyApp::ShopSessionStorage`
+### Changes to the @shop_session instance variable (normally in `app/controllers/*.rb`)
+- *CHANGE* if you are using shop sessions, `@shop_session` will need to be changed to `@current_shopify_session`.
+### Changes to Rails `session`
+- *CHANGE* `session[:shopify]` is no longer set. Use `session[:user_id]` if your app uses user based tokens, or `session[:shop_id]` if your app uses shop based tokens.
 ### Changes to `ShopifyApp::LoginProtection`
 `ShopifyApp::LoginProtection`
-if you are using `ShopifyApp::LoginProtection#shop_session` in your code, it will need to be
+- CHANGE if you are using `ShopifyApp::LoginProtection#shopify_session` in your code, it will need to be
 changed to `ShopifyApp::LoginProtection#activate_shopify_session`
+- CHANGE if you are using `ShopifyApp::LoginProtection#clear_shop_session` in your code, it will need to be
+changed to `ShopifyApp::LoginProtection#clear_shopify_session`
 ### Notes
-You do not need a user model, a shop session is fine for most applications.
+You do not need a user model; a shop session is fine for most applications.
 Questions or problems?
 ----------------------
@@ -540,7 +578,7 @@ Upgrading from 8.6 to 9.0.0
 ### Configuration change
-Add an api version configuration in `config/initializers/shopify_app.rb`
+Add an API version configuration in `config/initializers/shopify_app.rb`
 Set this to the version you want to run against by default. See [Shopify API docs](https://help.shopify.com/en/api/versioning) for versions available.
 ```ruby
 config.api_version = '2019-04'
@@ -548,7 +586,7 @@ config.api_version = '2019-04'
 ### Session storage change
-You will need to add an `api_version` method to you session storage object.  The default implementation for this is.
+You will need to add an `api_version` method to your session storage object.  The default implementation for this is.
 ```ruby
 def api_version
   ShopifyApp.configuration.api_version
@@ -586,7 +624,7 @@ is changed to
 ### ShopifyAPI changes
-You will need to also follow the ShopifyAPI [upgrade guide](https://github.com/Shopify/shopify_api/blob/master/README.md#-breaking-change-notice-for-version-700-) to ensure your app is ready to work with api versioning.
+You will need to also follow the ShopifyAPI [upgrade guide](https://github.com/Shopify/shopify_api/blob/master/README.md#-breaking-change-notice-for-version-700-) to ensure your app is ready to work with API versioning.
 [dashboard]:https://partners.shopify.com
 [app-bridge]:https://help.shopify.com/en/api/embedded-apps/app-bridge