shopify_app 13.0.0 → 14.0.0

data/lib/shopify_app/session/user_session_storage.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyApp
   module UserSessionStorage
     extend ActiveSupport::Concern
@@ -17,14 +18,24 @@ module ShopifyApp
       end
 
       def retrieve(id)
-        return unless id
-        if user = find_by(id: id)
-          ShopifyAPI::Session.new(
-            domain: user.shopify_domain,
-            token: user.shopify_token,
-            api_version: user.api_version
-          )
-        end
+        user = find_by(id: id)
+        construct_session(user)
+      end
+
+      def retrieve_by_shopify_user_id(user_id)
+        user = find_by(shopify_user_id: user_id)
+        construct_session(user)
+      end
+
+      private
+
+      def construct_session(user)
+        return unless user
+        ShopifyAPI::Session.new(
+          domain: user.shopify_domain,
+          token: user.shopify_token,
+          api_version: user.api_version,
+        )
       end
     end
   end

data/lib/shopify_app/test_helpers/all.rb

@@ -0,0 +1,2 @@
+# frozen_string_literal: true
+require 'shopify_app/test_helpers/webhook_verification_helper'

data/lib/shopify_app/test_helpers/webhook_verification_helper.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+module ShopifyApp
+  module TestHelpers
+    module WebhookVerificationHelper
+      def authorized_webhook_verification_headers!(params = {})
+        digest = OpenSSL::Digest.new('sha256')
+        secret = ShopifyApp.configuration.secret
+        valid_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, params.to_query)).strip
+        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = valid_hmac
+      end
+
+      def unauthorized_webhook_verification_headers!
+        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = "invalid_hmac"
+      end
+    end
+  end
+end

data/lib/shopify_app/utils.rb

@@ -1,13 +1,14 @@
+# frozen_string_literal: true
 module ShopifyApp
   module Utils
-
     def self.sanitize_shop_domain(shop_domain)
+      myshopify_domain = ShopifyApp.configuration.myshopify_domain
       name = shop_domain.to_s.downcase.strip
-      name += ".#{ShopifyApp.configuration.myshopify_domain}" if !name.include?("#{ShopifyApp.configuration.myshopify_domain}") && !name.include?(".")
+      name += ".#{myshopify_domain}" if !name.include?(myshopify_domain.to_s) && !name.include?(".")
       name.sub!(%r|https?://|, '')
 
       u = URI("http://#{name}")
-      u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(ShopifyApp.configuration.myshopify_domain)}$/)
+      u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(myshopify_domain)}$/)
     rescue URI::InvalidURIError
       nil
     end
@@ -16,8 +17,8 @@ module ShopifyApp
       Rails.logger.info("[ShopifyAPI::ApiVersion] Fetching known Admin API Versions from Shopify...")
       ShopifyAPI::ApiVersion.fetch_known_versions
       Rails.logger.info("[ShopifyAPI::ApiVersion] Known API Versions: #{ShopifyAPI::ApiVersion.versions.keys}")
-      rescue ActiveResource::ConnectionError
-        logger.error( "[ShopifyAPI::ApiVersion] Unable to fetch api_versions from Shopify")
+    rescue ActiveResource::ConnectionError
+      logger.error("[ShopifyAPI::ApiVersion] Unable to fetch api_versions from Shopify")
     end
   end
 end

data/lib/shopify_app/version.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyApp
-  VERSION = '13.0.0'.freeze
+  VERSION = '14.0.0'
 end

data/lib/shopify_app.rb

@@ -1,8 +1,10 @@
+# frozen_string_literal: true
 require 'shopify_app/version'
 
 # deps
 require 'shopify_api'
 require 'omniauth-shopify-oauth2'
+require 'redirect_safely'
 
 module ShopifyApp
   def self.rails6?
@@ -25,12 +27,14 @@ module ShopifyApp
   require 'shopify_app/utils'
 
   # controller concerns
+  require 'shopify_app/controller_concerns/csrf_protection'
   require 'shopify_app/controller_concerns/localization'
   require 'shopify_app/controller_concerns/itp'
   require 'shopify_app/controller_concerns/login_protection'
   require 'shopify_app/controller_concerns/embedded_app'
-  require 'shopify_app/controller_concerns/webhook_verification'
+  require 'shopify_app/controller_concerns/payload_verification'
   require 'shopify_app/controller_concerns/app_proxy_verification'
+  require 'shopify_app/controller_concerns/webhook_verification'
 
   # jobs
   require 'shopify_app/jobs/webhooks_manager_job'
@@ -41,14 +45,17 @@ module ShopifyApp
   require 'shopify_app/managers/scripttags_manager'
 
   # middleware
+  require 'shopify_app/middleware/jwt_middleware'
   require 'shopify_app/middleware/same_site_cookie_middleware'
 
   # session
-  require 'shopify_app/session/session_storage'
-  require 'shopify_app/session/shop_session_storage'
-  require 'shopify_app/session/user_session_storage'
-  require 'shopify_app/session/session_repository'
   require 'shopify_app/session/in_memory_session_store'
   require 'shopify_app/session/in_memory_shop_session_store'
   require 'shopify_app/session/in_memory_user_session_store'
+  require 'shopify_app/session/jwt'
+  require 'shopify_app/session/null_user_session_store'
+  require 'shopify_app/session/session_repository'
+  require 'shopify_app/session/session_storage'
+  require 'shopify_app/session/shop_session_storage'
+  require 'shopify_app/session/user_session_storage'
 end

data/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "12.0.2",
+  "version": "13.6.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -53,12 +53,6 @@
             "minimist": "^1.2.0"
           }
         },
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        },
         "ms": {
           "version": "2.1.2",
           "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -78,14 +72,6 @@
         "lodash": "^4.17.13",
         "source-map": "^0.5.0",
         "trim-right": "^1.0.1"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/helper-annotate-as-pure": {
@@ -151,14 +137,6 @@
         "@babel/helper-function-name": "^7.1.0",
         "@babel/types": "^7.5.5",
         "lodash": "^4.17.13"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/helper-explode-assignable-expression": {
@@ -230,14 +208,6 @@
         "@babel/template": "^7.4.4",
         "@babel/types": "^7.5.5",
         "lodash": "^4.17.13"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/helper-optimise-call-expression": {
@@ -262,14 +232,6 @@
       "dev": true,
       "requires": {
         "lodash": "^4.17.13"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/helper-remap-async-to-generator": {
@@ -598,14 +560,6 @@
       "requires": {
         "@babel/helper-plugin-utils": "^7.0.0",
         "lodash": "^4.17.13"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/plugin-transform-classes": {
@@ -1056,12 +1010,6 @@
             "ms": "^2.1.1"
           }
         },
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        },
         "ms": {
           "version": "2.1.2",
           "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -1079,14 +1027,6 @@
         "esutils": "^2.0.2",
         "lodash": "^4.17.13",
         "to-fast-properties": "^2.0.0"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@sinonjs/commons": {
@@ -1117,14 +1057,6 @@
         "@sinonjs/commons": "^1.3.0",
         "array-from": "^2.1.1",
         "lodash": "^4.17.15"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@sinonjs/text-encoding": {
@@ -1332,9 +1264,9 @@
       }
     },
     "acorn": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.3.0.tgz",
-      "integrity": "sha512-/czfa8BwS88b9gWQVhc8eknunSA2DoJpJyTQkhheIf5E48u1N0R4q/YxxsAeqRrmK9TQ/uYfgLDfZo91UlANIA==",
+      "version": "6.4.1",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.4.1.tgz",
+      "integrity": "sha512-ZVA9k326Nwrj3Cj9jlh3wGFutC2ZornPNARZwsNYqQYgN0EsV2d53w5RN/co65Ohn4sUAUtb1rSUAOD6XN9idA==",
       "dev": true
     },
     "after": {
@@ -2600,9 +2532,9 @@
       "dev": true
     },
     "elliptic": {
-      "version": "6.5.1",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.1.tgz",
-      "integrity": "sha512-xvJINNLbTeWQjrl6X+7eQCrIy/YPv5XCpKW6kB5mKvtnGILoLDcySuwomfdzt0BMdLNVnuRNTuzKNHj0bva1Cg==",
+      "version": "6.5.3",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz",
+      "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==",
       "dev": true,
       "requires": {
         "bn.js": "^4.4.0",
@@ -4579,9 +4511,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.15",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
+      "version": "4.17.19",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
+      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==",
       "dev": true
     },
     "log-symbols": {

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "13.0.0",
+  "version": "14.0.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -1,4 +1,5 @@
-$LOAD_PATH.push File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+$LOAD_PATH.push(File.expand_path('../lib', __FILE__))
 require "shopify_app/version"
 
 Gem::Specification.new do |s|
@@ -6,14 +7,18 @@ Gem::Specification.new do |s|
   s.version     = ShopifyApp::VERSION
   s.platform    = Gem::Platform::RUBY
   s.author      = "Shopify"
-  s.summary     = %q{This gem is used to get quickly started with the Shopify API}
+  s.summary     = 'This gem is used to get quickly started with the Shopify API'
 
-  s.required_ruby_version = ">= 2.3.1"
+  s.required_ruby_version = ">= 2.5"
 
-  s.add_runtime_dependency('browser_sniffer', '~> 1.2.0')
+  s.metadata['allowed_push_host'] = 'https://rubygems.org'
+
+  s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
   s.add_runtime_dependency('rails', '> 5.2.1')
-  s.add_runtime_dependency('shopify_api', '~> 9.0.2')
+  s.add_runtime_dependency('shopify_api', '~> 9.1')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
+  s.add_runtime_dependency('jwt', '~> 2.2.1')
+  s.add_runtime_dependency('redirect_safely', '~> 1.0')
 
   s.add_development_dependency('rake')
   s.add_development_dependency('byebug')
@@ -26,7 +31,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency('mocha')
   s.add_development_dependency('webmock')
 
-  s.files         = `git ls-files`.split("\n").reject { |f| f.match(%r{^(test|example)/}) }
-  s.test_files    = `git ls-files -- {test}/*`.split("\n")
+  s.files         = %x(git ls-files).split("\n").reject { |f| f.match(%r{^(test|example)/}) }
+  s.test_files    = %x(git ls-files -- {test}/*).split("\n")
   s.require_paths = ["lib"]
 end

data/yarn.lock

@@ -994,9 +994,9 @@ accepts@~1.3.4:
     negotiator "0.6.2"
 
 acorn@^6.2.1:
-  version "6.3.0"
-  resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.3.0.tgz#0087509119ffa4fc0a0041d1e93a417e68cb856e"
-  integrity sha512-/czfa8BwS88b9gWQVhc8eknunSA2DoJpJyTQkhheIf5E48u1N0R4q/YxxsAeqRrmK9TQ/uYfgLDfZo91UlANIA==
+  version "6.4.1"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-6.4.1.tgz#531e58ba3f51b9dacb9a6646ca4debf5b14ca474"
+  integrity sha512-ZVA9k326Nwrj3Cj9jlh3wGFutC2ZornPNARZwsNYqQYgN0EsV2d53w5RN/co65Ohn4sUAUtb1rSUAOD6XN9idA==
 
 after@0.8.2:
   version "0.8.2"
@@ -1293,9 +1293,9 @@ bluebird@^3.3.0, bluebird@^3.5.5:
   integrity sha512-5am6HnnfN+urzt4yfg7IgTbotDjIT/u8AJpEt0sIU9FtXfVeezXAPKswrG+xKUCOYAINpSdgZVDU6QFh+cuH3w==
 
 bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.1.1, bn.js@^4.4.0:
-  version "4.11.8"
-  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.8.tgz#2cde09eb5ee341f484746bb0309b3253b1b1442f"
-  integrity sha512-ItfYfPLkWHUjckQCk8xC+LwxgK8NYcXywGigJgSwOP8Y2iyWT4f2vsZnoOXTTbo+o5yXmIUJ4gn5538SO5S3gA==
+  version "4.11.9"
+  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828"
+  integrity sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==
 
 body-parser@^1.16.1:
   version "1.19.0"
@@ -2039,9 +2039,9 @@ electron-to-chromium@^1.3.247:
   integrity sha512-wGt+OivF1C1MPwaSv3LJ96ebNbLAWlx3HndivDDWqwIVSQxmhL17Y/YmwUdEMtS/bPyommELt47Dct0/VZNQBQ==
 
 elliptic@^6.0.0:
-  version "6.5.1"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.1.tgz#c380f5f909bf1b9b4428d028cd18d3b0efd6b52b"
-  integrity sha512-xvJINNLbTeWQjrl6X+7eQCrIy/YPv5XCpKW6kB5mKvtnGILoLDcySuwomfdzt0BMdLNVnuRNTuzKNHj0bva1Cg==
+  version "6.5.3"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.3.tgz#cb59eb2efdaf73a0bd78ccd7015a62ad6e0f93d6"
+  integrity sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==
   dependencies:
     bn.js "^4.4.0"
     brorand "^1.0.1"
@@ -3202,9 +3202,9 @@ locate-path@^3.0.0:
     path-exists "^3.0.0"
 
 lodash@^4.17.11, lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15:
-  version "4.17.15"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548"
-  integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==
+  version "4.17.19"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"
+  integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==
 
 log-symbols@2.2.0:
   version "2.2.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 13.0.0
+  version: 14.0.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-16 00:00:00.000000000 Z
+date: 2020-08-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 1.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.0
+        version: 1.2.2
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 9.0.2
+        version: '9.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 9.0.2
+        version: '9.1'
 - !ruby/object:Gem::Dependency
   name: omniauth-shopify-oauth2
   requirement: !ruby/object:Gem::Requirement
@@ -66,6 +66,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 2.2.2
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.2.1
+- !ruby/object:Gem::Dependency
+  name: redirect_safely
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -215,7 +243,9 @@ files:
 - ".babelrc"
 - ".github/CODEOWNERS"
 - ".github/ISSUE_TEMPLATE.md"
+- ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/probots.yml"
+- ".github/workflows/rubocop.yml"
 - ".gitignore"
 - ".nvmrc"
 - ".rubocop.yml"
@@ -226,6 +256,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- SECURITY.md
 - app/assets/images/storage_access.svg
 - app/assets/javascripts/shopify_app/enable_cookies.js
 - app/assets/javascripts/shopify_app/itp_helper.js
@@ -237,6 +268,7 @@ files:
 - app/assets/javascripts/shopify_app/top_level.js
 - app/assets/javascripts/shopify_app/top_level_interaction.js
 - app/controllers/concerns/shopify_app/authenticated.rb
+- app/controllers/concerns/shopify_app/require_known_shop.rb
 - app/controllers/shopify_app/authenticated_controller.rb
 - app/controllers/shopify_app/callback_controller.rb
 - app/controllers/shopify_app/extension_verification_controller.rb
@@ -287,7 +319,7 @@ files:
 - lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb
 - lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb
 - lib/generators/shopify_app/add_webhook/add_webhook_generator.rb
-- lib/generators/shopify_app/add_webhook/templates/webhook_job.rb
+- lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt
 - lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb
 - lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_controller.rb
 - lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_route.rb
@@ -298,6 +330,7 @@ files:
 - lib/generators/shopify_app/home_controller/home_controller_generator.rb
 - lib/generators/shopify_app/home_controller/templates/home_controller.rb
 - lib/generators/shopify_app/home_controller/templates/index.html.erb
+- lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb
 - lib/generators/shopify_app/install/install_generator.rb
 - lib/generators/shopify_app/install/templates/_flash_messages.html.erb
 - lib/generators/shopify_app/install/templates/embedded_app.html.erb
@@ -305,10 +338,12 @@ files:
 - lib/generators/shopify_app/install/templates/omniauth.rb
 - lib/generators/shopify_app/install/templates/session_store.rb
 - lib/generators/shopify_app/install/templates/shopify_app.js
-- lib/generators/shopify_app/install/templates/shopify_app.rb
+- lib/generators/shopify_app/install/templates/shopify_app.rb.tt
 - lib/generators/shopify_app/install/templates/shopify_app_index.js
 - lib/generators/shopify_app/install/templates/shopify_provider.rb
 - lib/generators/shopify_app/install/templates/user_agent.rb
+- lib/generators/shopify_app/products_controller/products_controller_generator.rb
+- lib/generators/shopify_app/products_controller/templates/products_controller.rb
 - lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb
 - lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake
 - lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb
@@ -327,24 +362,31 @@ files:
 - lib/shopify_app.rb
 - lib/shopify_app/configuration.rb
 - lib/shopify_app/controller_concerns/app_proxy_verification.rb
+- lib/shopify_app/controller_concerns/csrf_protection.rb
 - lib/shopify_app/controller_concerns/embedded_app.rb
 - lib/shopify_app/controller_concerns/itp.rb
 - lib/shopify_app/controller_concerns/localization.rb
 - lib/shopify_app/controller_concerns/login_protection.rb
+- lib/shopify_app/controller_concerns/payload_verification.rb
 - lib/shopify_app/controller_concerns/webhook_verification.rb
 - lib/shopify_app/engine.rb
 - lib/shopify_app/jobs/scripttags_manager_job.rb
 - lib/shopify_app/jobs/webhooks_manager_job.rb
 - lib/shopify_app/managers/scripttags_manager.rb
 - lib/shopify_app/managers/webhooks_manager.rb
+- lib/shopify_app/middleware/jwt_middleware.rb
 - lib/shopify_app/middleware/same_site_cookie_middleware.rb
 - lib/shopify_app/session/in_memory_session_store.rb
 - lib/shopify_app/session/in_memory_shop_session_store.rb
 - lib/shopify_app/session/in_memory_user_session_store.rb
+- lib/shopify_app/session/jwt.rb
+- lib/shopify_app/session/null_user_session_store.rb
 - lib/shopify_app/session/session_repository.rb
 - lib/shopify_app/session/session_storage.rb
 - lib/shopify_app/session/shop_session_storage.rb
 - lib/shopify_app/session/user_session_storage.rb
+- lib/shopify_app/test_helpers/all.rb
+- lib/shopify_app/test_helpers/webhook_verification_helper.rb
 - lib/shopify_app/utils.rb
 - lib/shopify_app/version.rb
 - package-lock.json
@@ -357,7 +399,8 @@ files:
 - yarn.lock
 homepage: 
 licenses: []
-metadata: {}
+metadata:
+  allowed_push_host: https://rubygems.org
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -366,7 +409,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.1
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="