shopify_app 13.0.0 → 18.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d4e2d37f9112725500d1a9f36fe76b743e8981920eea4838024cafd6a71cb5eb
-  data.tar.gz: 3c52a0ee9a7f40433ad01b82bda3a0c6d30dd9bb45c319f1d457a0bd13c30fc0
+  metadata.gz: 2fcfa987c56d06c327c1cff6e12350711473a1a265844b6f4f3c32b696c1495e
+  data.tar.gz: 57b44743afc3e0175fe408ccfa688bc0b8c28d7b99db6fae5e6c7ab1a843ec9a
 SHA512:
-  metadata.gz: 19a445a22b25b01f860a84128551234313bc44e7acd1583ec90bc96f59d65a8fac208feb1d5a6899453935dd19458196c5253605d85e3ac346be2fa405a50b4c
-  data.tar.gz: 526354098526753ade6d30a346ffa75b2280707638b66dba61c89b34a771e72dd4c23cfae8bda319de58a7a373e7c05d233a13a4f2f8325c7754cda1ed58d835
+  metadata.gz: 583dbf51eaa3a3a600a410eca4d30fab58776709f6882908ed72af5da222163bbeaeba6805682ed95100abcce1217aceeba5851fa9cf00836b7a1f1201f30289
+  data.tar.gz: 8dcb0f7bceb2f4ec7bcbe8eb5f5d5bb294767fa5ead28b1d329ef34a5119fd835f99669480514473a5e184b91f9e79f4abd9941399b269faf5522ce6f69e6eb7

data/.github/CODEOWNERS

@@ -1 +1,2 @@
 *       @shopify/platform-dev-tools-education
+*       @shopify/app-foundations

data/.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,63 @@
+---
+name: Bug report
+about: Report a technical issue with the Shopify App gem.
+labels: bug
+---
+
+<!--
+
+Do you want to ask a question? Are you looking for support? The Shopify Community forum is the best place for getting support: https://community.shopify.com
+
+You can also join the Partners Slack Community group: https://www.shopify.com/partners/community#conversation
+
+Authentication Issues: A great deal of the issues surrounding this repo are around authenticating (installing) the generated app with Shopify.
+
+If you are experiencing issues with your app authenticating/installing the best way to get help fast is to create a repo with the minimal amount of code to demonstrate the issue and a clearly documented set of steps you took to arrive there. This will help us solve your problem quicker since we won't need to spend any time figuring out how to reproduce the bug. Please also include your operating system and browser.
+
+-->
+
+### Description
+
+<!-- Description of the issue -->
+
+### Steps to Reproduce
+
+1. <!-- First Step -->
+2. <!-- Second Step -->
+3. <!-- and so on… -->
+
+**Expected behavior:**
+
+<!-- What you expect to happen -->
+
+**Actual behavior:**
+
+<!-- What actually happens -->
+
+**Reproduces how often:**
+
+<!-- What percentage of the time does it reproduce? -->
+
+### Browsers
+
+<!-- Please specify the browser(s) you have tested that exhibit this behaviour. -->
+
+### Gem versions
+
+<!-- Please specify which version(s) of the gem exhibit this behaviour. -->
+
+### Additional Information
+
+<!-- Any additional information, configuration or data that might be necessary to reproduce the issue. See common examples of important information below. -->
+
+<!-- - [x] My app relies on third-party cookies -->
+<!-- - [x] My app is intended to be a non-embedded app -->
+<!-- - [x] My app uses session tokens -->
+
+
+### Security
+
+<!-- Please be certain to redact any private information from your logs or code snippets such as Api Keys, Api Secrets, and any authentication tokens such as shop_tokens. -->
+
+- [ ] I have redacted any private information from my logs or code snippets.
+

data/.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

data/.github/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,33 @@
+---
+name: Feature request
+about: Request new functionality for the Shopify App gem.
+labels: feature request
+---
+
+<!--
+
+Do you want to ask a question? Are you looking for support? The Shopify Community forum is the best place for getting support: https://community.shopify.com
+
+You can also join the Partners Slack Community group: https://www.shopify.com/partners/community#conversation
+
+---
+
+Please note that the team that maintains this gem has finite resources so it's unlikely that we'll work on feature requests. If we're interested in a particular feature however, we'll follow up and ask for more detail.
+
+-->
+
+### Summary
+
+<!-- One paragraph explanation of the feature or suggestions. -->
+
+### Motivation
+
+<!-- Why is this feature or suggestion needed? What is the expected outcome? -->
+
+### Describe alternatives you've considered
+
+<!-- A clear and concise description of the alternative solutions you've considered. -->
+
+### Additional context
+
+<!-- Add any other context or screenshots about the feature request here. -->

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,22 @@
+### What this PR does
+
+<!-- Please describe what changes this PR introduces and why they're needed. -->
+
+### Reviewer's guide to testing
+
+<!-- If this PR changes functionality, please list out steps to test your changes. This helps reviewers verify your changes are correct. -->
+
+### Things to focus on
+
+1. <!-- Focus on a particular file -->
+2. <!-- Is the test case correct? -->
+3. <!-- Etc. -->
+
+### Checklist
+
+Before submitting the PR, please consider if any of the following are needed:
+
+- [ ] Update `CHANGELOG.md` if the changes would impact users
+- [ ] Update `README.md`, if appropriate.
+- [ ] Update any relevant pages in `/docs`, if necessary
+- [ ] For security fixes, the [Disclosure Policy](https://github.com/Shopify/shopify_app/blob/master/SECURITY.md#disclosure-policy) must be followed.

data/.github/workflows/build.yml

@@ -0,0 +1,41 @@
+name: CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+    runs-on: macos-latest # prevents intermittent Chrome Headless error unlike ubuntu
+    name: Ruby ${{ matrix.version }}
+    strategy:
+      matrix:
+        version: [2.5, 2.6, 2.7]
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Cache node modules
+        uses: actions/cache@v2
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+      - name: Set up Ruby ${{ matrix.version }}
+        uses: ruby/setup-ruby@v1
+        with: 
+          ruby-version: ${{ matrix.version }}
+          bundler-cache: true
+      - name: Set up Node
+        uses: actions/setup-node@v2-beta
+        with:
+          node-version: '12'
+      - name: Install Dependencies
+        run: |
+          yarn
+      - name: Run Tests
+        run: |
+          yarn test
+          bundle exec rake test
+          

data/.github/workflows/release.yml

@@ -0,0 +1,24 @@
+name: Create Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Extract tag name
+      id: tag
+      run: echo "::set-output name=value::${GITHUB_REF##*/}"
+    - uses: actions/checkout@v2
+
+    - name: Create Release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ steps.tag.outputs.value }}
+        release_name: ${{ steps.tag.outputs.value }}

data/.github/workflows/rubocop.yml

@@ -0,0 +1,22 @@
+name: RuboCop
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.7
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+        bundler-cache: true
+    - name: Install gems
+      run: |
+        bundle config path vendor/bundle
+        bundle config set without 'default development test'
+        bundle install --jobs 4 --retry 3
+    - name: Run RuboCop
+      run: bundle exec rubocop --parallel

data/.gitignore

@@ -1,6 +1,5 @@
 *.gem
 .bundle
-Gemfile.lock
 pkg/*
 .DS_Store
 .yardoc
@@ -13,4 +12,3 @@ test/tmp/*
 /test/dummy/tmp/*
 /node_modules/
 .byebug_history
-

data/.rubocop.yml

@@ -1,10 +1,18 @@
-inherit_from:
-  - https://shopify.github.io/ruby-style-guide/rubocop.yml
+inherit_gem:
+    rubocop-shopify: rubocop.yml
 
-LineLength:
+AllCops:
+  TargetRubyVersion: 2.7
   Exclude:
-    - test/**/*
+    - 'test/tmp/**/*'
+    - 'vendor/bundle/**/*'
 
-Metrics/ClassLength:
+Style/MethodCallWithArgsParentheses:
   Exclude:
-    - test/**/*
+    - '**/Gemfile'
+    - 'test/**/*'
+
+Style/ClassAndModuleChildren:
+  Exclude:
+    - 'test/**/*'
+

data/CHANGELOG.md

@@ -1,3 +1,161 @@
+18.0.2 (Jun 15, 2021)
+----------
+* Added careers link to readme. [#1274](https://github.com/Shopify/shopify_app/pull/1274)
+
+18.0.1 (May 7, 2021)
+----------
+* Fix bug causing OAuth flow to fail due to CSP violation. [#1265](https://github.com/Shopify/shopify_app/pull/1265)
+
+18.0.0 (May 3, 2021)
+----------
+* Support OmniAuth 2.x 
+  * If your app has custom OmniAuth configuration, please refer to the [OmniAuth 2.0 upgrade guide](https://github.com/omniauth/omniauth/wiki/Upgrading-to-2.0).
+* Support App Bridge version 2.x in the Embedded App layout. [#1241](https://github.com/Shopify/shopify_app/pull/1241)
+
+17.2.1 (April 1, 2021)
+----------
+* Bug fix: Lock the CDN App Bridge version to `v1.X.Y` in the Embedded App layout [#1238](https://github.com/Shopify/shopify_app/pull/1238)
+  * App Bridge `v2.0` is a non-backwards compatible release
+  * A future major shopify_app gem release will support only App Bridge `v2.0`
+
+17.2.0 (April 1, 2021)
+----------
+* Support Rails `v6.1` [#1221](https://github.com/Shopify/shopify_app/pull/1221)
+  * Check out [Upgrading to `v17.2.0`](/docs/Upgrading.md#upgrading-to-v1720) in the Upgrading.md guide for the changes needed to support Rails `v6.1`
+
+17.1.1 (March 12, 2021)
+----------
+* Fix issues with mocking OmniAuth callback controller tests [#1210](https://github.com/Shopify/shopify_app/pull/1210)
+
+17.1.0 (March 5, 2021)
+----------
+* Create OmniAuthConfiguration object to build future OmniAuth strategies [#1190](https://github.com/Shopify/shopify_app/pull/1190)
+* Added access scopes to Shop and User models, added checks to handle scope changes [#1192](https://github.com/Shopify/shopify_app/pull/1192) [#1197](https://github.com/Shopify/shopify_app/pull/1197)
+
+17.0.5 (January 27, 2021)
+----------
+* Fix omniauth strategy not being set correctly for apps using session tokens [#1164](https://github.com/Shopify/shopify_app/pull/1164)
+
+17.0.4 (January 25, 2021)
+----------
+* Redirect user to login page if shopify domain is not found in the `EnsureAuthenticatedLinks` concern [#1158](https://github.com/Shopify/shopify_app/pull/1158) 
+
+17.0.3 (January 22, 2021)
+----------
+* Amend fix for #1144 to raise on missing API keys only when running the server [#1155](https://github.com/Shopify/shopify_app/pull/1155)
+
+17.0.2 (January 20, 2021)
+------
+* Fix failing script tags and webhooks installs after completing OAuth [#1151](https://github.com/Shopify/shopify_app/pull/1151)
+
+17.0.1 (January 18, 2021)
+------
+* Don't attempt to read Shopify environment variables when the generators are running, since they may not be present yet [#1144](https://github.com/Shopify/shopify_app/pull/1144)
+
+17.0.0 (January 13, 2021)
+------
+* Rails 6.1 is not yet supported [#1134](https://github.com/Shopify/shopify_app/pull/1134)
+
+16.1.0
+------
+* Use Session Token auth strategy by default for new embedded apps [#1111](https://github.com/Shopify/shopify_app/pull/1111)
+* Create optional `EnsureAuthenticatedLinks` concern to authenticate deep links using Turbolinks [#1118](https://github.com/Shopify/shopify_app/pull/1118)
+
+16.0.0
+------
+* Update all `html.erb` and `css` files to correspond with updated store admin design language [#1102](https://github.com/Shopify/shopify_app/pull/1102)
+
+15.0.1
+------
+* Allow JWT session token `sub` field to be parsed as a string [#1103](https://github.com/Shopify/shopify_app/pull/1103)
+
+15.0.0
+------
+* Change `X-Shopify-API-Request-Failure-Unauthorized` HTTP header value from boolean to string
+
+14.4.4
+------
+* Patch to not log params in ShopifyApp jobs [#1086](https://github.com/Shopify/shopify_app/pull/1086)
+
+14.4.3
+------
+* Fix to ensure post authenticate jobs are run after callback requests [#1079](https://github.com/Shopify/shopify_app/pull/1079)
+
+14.4.2
+------
+* Add debug logs in sessions controller
+
+14.4.1
+------
+* Add debug logs for investigating authentication issues
+
+14.4.0
+------
+* Replace script tags for ITP screens with data attributes
+
+14.3.0
+------
+* Create user session if one does not exist but was expected
+
+14.2.0
+------
+* Revert "Replace redirect calls to use App Bridge redirect functionality"
+
+14.1.0
+------
+* Replace redirect calls to use App Bridge redirect functionality
+
+14.0.0
+------
+* Ruby 2.4 is no longer supported by this gem
+* Bump gemspec ruby dependency to 2.5
+* (Beta) Add `--with-session-token` flag to the Shopify App generator to create an app that is compatible with App Bridge Authentication
+
+13.5.0
+------
+* Add `signal_access_token_required` helper method for apps to indicate access token has expired and that a new one is required
+
+13.4.1
+------
+* Fix the version checks for the dependency on `shopify_api` to allow all of v9.X
+
+13.4.0
+------
+* Skip CSRF protection if a valid signed JWT token is present as we trust Shopify to be the only source that can sign it securely. [#994](https://github.com/Shopify/shopify_app/pull/994)
+
+13.3.0
+------
+* Added Payload Verification module [#992](https://github.com/Shopify/shopify_app/pull/992)
+* Add concern to check for valid shop domains in the unauthenticated controller
+
+13.2.0
+------
+* Get current shop domain from JWT header
+* Validate that the omniauth data matches the JWT data
+* Persist the token information to the session store
+
+13.1.1
+------
+* Update browser_sniffer to 1.2.2
+
+13.1.0
+------
+* Adds the shop URL as a parameter when redirecting after the callback
+* Bump minimum Ruby version to 2.4
+* Bug fixes
+
+13.0.1
+------
+* Small addition to WebhookJob to return if the shop is nil #952
+* Added Rubocop to the Repo #948
+* Added a WebhookVerification test helper #950
+* Fix for deprecation warning while loading session storage at startup
+* Changes that will allow future JWT authentication
+
+13.0.1
+------
+* fix for deprecation warning while loading session storage at startup
+
 13.0.0
 ------
 + #887 Added concurrent user and shop session support (online/offline)

data/CONTRIBUTING.md

@@ -0,0 +1,76 @@
+# Contributing to the Shopify App gem
+
+The following is a set of guidelines for contributing to the Shopify App gem. These are mostly guidelines, not rules. Use your best judgement, and feel free to propose changes to this document in a pull request.
+
+#### Table of contents
+
+[I just have a question!](#i-just-have-a-question)
+
+[How can I contribute?](#how-can-i-contribute)
+  * [Reporting bugs](#reporting-bugs)
+  * [Suggesting or requesting improvements](#suggesting-or-requesting-improvements)
+  * [Pull requests](#pull-requests)
+
+## I just have a question!
+
+> **Note:** Please don't file an issue to ask a question. You'll get faster results by using the resources below.
+
+Shopify has an official message board with dedicated forums to discuss all things apps, APIs, SDKs and more.
+
+#### Shopify Community forum links
+
+* [Shopify Community](https://community.shopify.com)
+* [Shopify Apps](https://community.shopify.com/c/Shopify-Apps/bd-p/shopify-apps)
+* [Shopify APIs & SDKs](https://community.shopify.com/c/Shopify-APIs-SDKs/bd-p/shopify-apis-and-technology)
+
+If you prefer to chat instead, join the [Shopify Partners Slack Community group](https://www.shopify.com/partners/community#conversation). This Slack group hosts an active community of thousands of app developers.
+
+By participating in the Community forum or Slack group, you agree to adhere to the forum [Code of Conduct](https://community.shopify.com/c/Announcements/Code-of-Conduct/m-p/491969#M23) outlined.
+
+## How can I contribute?
+
+### Reporting bugs
+
+This section guides you through submitting a bug report for the Shopify App gem. Following these guidelines helps maintainers and the community understand your report, reproduce the behavior, and find related reports.
+
+#### Before submitting a bug report
+
+* **Check the [troubleshooting guide](/docs/Troubleshooting.md).** You may be able to troubleshoot the issue you're facing.
+* **Check the [Shopify Community links](#shopify-community-forum-links) to search for your issue.** This problem may have been reported before and solved on the Shopify forum.
+* **Perform a cursory search for similar issues.** You may find that the same problem (or a similar one) has been filed already as an issue.
+
+#### How do I submit a good bug report?
+
+Bugs are tracked as GitHub issues. Create an issue and provide the following information by filling in the [bug-report template](/.github/ISSUE_TEMPLATE/bug-report.md).
+
+Explain the problem and include additional details to help maintainers reproduce the problem:
+
+* **Use a clear and descriptive title** for the issue to identify the problem.
+* **Describe the exact steps which reproduce the problem** in as many details as possible.
+* **Provide specific examples to demonstrate the steps.** Include links to files, or copy/pasteable snippets. If you're providing snippets in the issue, use Markdown code blocks.
+* **Describe the behavior you observed** after following the steps and point out what exactly is the problem with that behavior.
+* **Explain which behavior you expected to see** instead and why.
+* **Include screenshots and animated GIFs** where possible.
+* **Redact any private information** from your logs and issue description. This includes things like API keys, API secrets, and any access tokens.
+
+### Suggesting or requesting improvements
+
+If you have a suggestion for the Shopify App gem or a feature request, provide the appropriate information by filling out the [feature-request template](/.github/ISSUE_TEMPLATE/feature-request.md).
+
+### Pull requests
+
+The process described here has several goals:
+
+* Maintain the Shopify App gem's quality
+* Fix problems that are important to app developers
+* Enable a sustainable system for the Shopify App gem's maintainers to review contributions
+
+Please follow these steps to have your contribution considered by the maintainers:
+
+* Follow all instructions in the [pull request template](/.github/PULL_REQUEST_TEMPLATE.md)
+* After you submit your pull request, verify that all status checks are passing
+  * <details>
+      <summary>What if the status checks are failing?</summary>
+
+      While the prerequisites above must be satisfied prior to having your pull request reviewed, the reviewer(s) may ask you to complete additional design work, tests, or other changes before your pull request can be ultimately accepted.
+    </details>