shopify_app 13.4.0 → 14.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f4300bbcbbf4e0e2c6b64d3943a83f8eda2774615016551b109880b21cb32d6
-  data.tar.gz: 68eca06abf0153e592b7a167bcaf0b60720213e351355737c59eafba01f65e82
+  metadata.gz: eb2a8dba3b13ca38af9a6645ce033602f9605a1302fb83a92029715d4331ae5f
+  data.tar.gz: e7b3a88c503f8422dca96c05c8ef20d90c8f987bc6a6ce3741ac371ac51b454f
 SHA512:
-  metadata.gz: 9052491aa073afeacbb8cc6dc5bd6e12fe73c4935ed36e823ed5b3966df8c240d1e1a48e9adf02444c79e4aacada04b85e0de8184ea8148b9227589ef600fc6c
-  data.tar.gz: a78d6b3a5fb2a02c3122afabd2a4b2e564f5e5d0c7cb530622004e39143f695e0fbb804a9be20379a245e600330e08e3e8837dfb9dafe0ad8ceeade613c07c3d
+  metadata.gz: 9a32e20a2cf0042fd6d68ba7c43dec78814852d6742f9190d30ac929f068ce4929a8c8cfec722be4aa399b90875ace6bd52a26cb533c728c37e59258ea8db92d
+  data.tar.gz: e16e9417de76b0d7cb78bd2f9501cd78fab1784a570640dd153d90641b92420e51f2eb137c3f47fb07ab6f9d72f66008a8201330db6eb5e75b785e669837667a

data/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,6 @@
+Before submitting the PR, please consider if any of the following are needed:
+
+- [ ] Update `CHANGELOG.md` if the changes would impact users
+- [ ] Update `README.md`, if appropriate.
+- [ ] Update any relevant pages in `docs/`, if necessary
+- [ ] For security fixes, the [Disclosure Policy](https://github.com/Shopify/shopify_app/blob/master/SECURITY.md#disclosure-policy) must be followed.

data/.travis.yml

@@ -13,7 +13,6 @@ cache:
   yarn: true
 
 rvm:
-  - 2.4
   - 2.5
   - 2.6
   - 2.7

data/CHANGELOG.md

@@ -1,3 +1,25 @@
+14.2.0
+------
+* Revert "Replace redirect calls to use App Bridge redirect functionality"
+
+14.1.0
+------
+* Replace redirect calls to use App Bridge redirect functionality
+
+14.0.0
+------
+* Ruby 2.4 is no longer supported by this gem
+* Bump gemspec ruby dependency to 2.5
+* (Beta) Add `--with-session-token` flag to the Shopify App generator to create an app that is compatible with App Bridge Authentication
+
+13.5.0
+------
+* Add `signal_access_token_required` helper method for apps to indicate access token has expired and that a new one is required
+
+13.4.1
+------
+* Fix the version checks for the dependency on `shopify_api` to allow all of v9.X
+
 13.4.0
 ------
 * Skip CSRF protection if a valid signed JWT token is present as we trust Shopify to be the only source that can sign it securely. [#994](https://github.com/Shopify/shopify_app/pull/994)

data/README.md

@@ -74,7 +74,7 @@ Generators
 
 ### Default Generator
 
-The default generator will run the `install`, `shop`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
+The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
 
 ```sh
 $ rails generate shopify_app
@@ -123,6 +123,16 @@ $ rails generate shopify_app:home_controller
 
 This generator creates an example home controller and view which fetches and displays products using the Shopify API.
 
+Options include:
+* __[beta]__ `with-session-token`: This flag generates an unauthenticated home_controller and a protected sample products_controller. It also creates a home view that leverages a session token to fetch products from your products_controller. Use this flag if you plan to build a single-page application or to secure your app using JWT session tokens (e.g. `--with-session-token` or `--with-session-token true`). 
+
+### Products Controller Generator
+
+```sh
+$ rails generate shopify_app:products_controller
+```
+
+This generator creates an example products API controller to fetch products using the Shopify API.
 
 ### App Proxy Controller Generator
 

data/app/controllers/shopify_app/callback_controller.rb

@@ -65,9 +65,9 @@ module ShopifyApp
     end
 
     def associated_user
-      return unless auth_hash['extra'].present?
+      return unless auth_hash.dig('extra', 'associated_user').present?
 
-      auth_hash['extra']['associated_user']
+      auth_hash['extra']['associated_user'].merge('scope' => auth_hash['extra']['associated_user_scope'])
     end
 
     def associated_user_id

data/docs/Releasing.md

@@ -1,18 +1,18 @@
 Releasing ShopifyApp
 
 1. Check the Semantic Versioning page for info on how to version the new release: http://semver.org
-2. Create a pull request with the following changes:
-  * Update the version of ShopifyApp in lib/shopify_app/version.rb
-  * Update the version of shopify_app in package.json
-  * Add a CHANGELOG entry for the new release with the date
-  * Change the title of the PR to something like: "Packaging for release X.Y.Z"
-3. Merge your pull request
-4. Pull from master so you have the latest version of the shopify_app
-5. Tag the HEAD with the version (Leave REV blank for HEAD or provide a SHA)
-  $ git tag vX.Y.Z
-6. Push out your tags
-  $ git push --tags
-7. Use Shipit to build and push the gem
+1. Create a pull request with the following changes:
+    - Update the version of ShopifyApp in lib/shopify_app/version.rb
+    - Update the version of shopify_app in package.json
+    - Add a CHANGELOG entry for the new release with the date
+    - Change the title of the PR to something like: "Packaging for release X.Y.Z"
+1. Merge your pull request
+1. Checkout and pull from master so you have the latest version of the shopify_app
+1. Tag the HEAD with the version 
+```bash
+$ git tag -f vX.Y.Z && git push --tags --force
+```
+1. Use Shipit to build and push the gem
 
 If you see an error like 'You need to create the vX.Y.X tag first', clear GIT
 cache in Shipit settings

data/lib/generators/shopify_app/authenticated_controller/authenticated_controller_generator.rb

@@ -7,7 +7,7 @@ module ShopifyApp
     class AuthenticatedControllerGenerator < Rails::Generators::Base
       source_root File.expand_path('../templates', __FILE__)
 
-      def create_home_controller
+      def create_authenticated_controller
         template('authenticated_controller.rb', 'app/controllers/authenticated_controller.rb')
       end
     end

data/lib/generators/shopify_app/home_controller/home_controller_generator.rb

@@ -6,21 +6,39 @@ module ShopifyApp
     class HomeControllerGenerator < Rails::Generators::Base
       source_root File.expand_path('../templates', __FILE__)
 
+      class_option :with_session_token, type: :boolean, default: false
+
       def create_home_controller
-        template('home_controller.rb', 'app/controllers/home_controller.rb')
+        @with_session_token = options['with_session_token']
+
+        template(home_controller_template, 'app/controllers/home_controller.rb')
+      end
+
+      def create_products_controller
+        generate("shopify_app:products_controller") if with_session_token?
       end
 
       def create_home_index_view
-        copy_file('index.html.erb', 'app/views/home/index.html.erb')
+        template('index.html.erb', 'app/views/home/index.html.erb')
       end
 
       def add_home_index_route
         route("root :to => 'home#index'")
       end
 
+      private
+
       def embedded_app?
         ShopifyApp.configuration.embedded_app?
       end
+
+      def with_session_token?
+        @with_session_token
+      end
+
+      def home_controller_template
+        with_session_token? ? 'unauthenticated_home_controller.rb' : 'home_controller.rb'
+      end
     end
   end
 end

data/lib/generators/shopify_app/home_controller/templates/index.html.erb

@@ -1,21 +1,71 @@
-<h2>Products</h2>
+<!DOCTYPE html>
+<html lang="<%= I18n.locale %>">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <link
+      rel="stylesheet"
+      href="https://unpkg.com/@shopify/polaris@4.25.0/styles.min.css"
+      />
+<% if @with_session_token %>    <script>
+      document.addEventListener("DOMContentLoaded", async function() {
+        var SessionToken = window["app-bridge"].actions.SessionToken
+        var app = window.app;
 
-<ul>
-  <% @products.each do |product| %>
-    <li><%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
-  <% end %>
-</ul>
+        app.dispatch(
+          SessionToken.request(),
+        );
 
-<hr>
+        // Save a session token for future requests
+        window.sessionToken = await new Promise((resolve) => {
+          app.subscribe(SessionToken.ActionType.RESPOND, (data) => {
+            resolve(data.sessionToken || "");
+          });
+        });
 
-<h2>Webhooks</h2>
+        var fetchProducts = function() {
+          var headers = new Headers({ "Authorization": "Bearer " + window.sessionToken });
+          return fetch("/products", { headers })
+            .then(response => response.json())
+            .then(data => {
+              var products = data.products;
 
-<% if @webhooks.present? %>
-  <ul>
-    <% @webhooks.each do |webhook| %>
-      <li><%= webhook.topic %> : <%= webhook.address %></li>
-    <% end %>
-  </ul>
-<% else %>
-  <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
-<% end %>
+              if (products === undefined || products.length == 0) {
+                document.getElementById("products").innerHTML = "<br>No products to display.";
+              } else {
+                var list = "";
+                products.forEach((product) => {
+                  var link = `<a target="_top" href="https://<%%= @shop_origin %>/admin/products/${product.id}">`
+                  list += "<li>" + link + product.title + "</a></li>";
+                });
+                document.getElementById("products").innerHTML = "<ul>" + list + "</ul>";
+              }
+            });
+        }();
+      });
+    </script>
+<% end %>  </head>
+  <body>
+    <h2>Products</h2>
+<% if @with_session_token %>    <div id="products"><br>Loading...</div><% else %>
+    <ul>
+      <%% @products.each do |product| %>
+        <li><%%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
+      <%% end %>
+    </ul>
+
+    <hr>
+
+    <h2>Webhooks</h2>
+
+    <%% if @webhooks.present? %>
+      <ul>
+        <%% @webhooks.each do |webhook| %>
+          <li><%%= webhook.topic %> : <%%= webhook.address %></li>
+        <%% end %>
+      </ul>
+    <%% else %>
+      <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
+    <%% end %><% end %>
+  </body>
+</html>

data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class HomeController < ApplicationController
+  include ShopifyApp::EmbeddedApp
+  include ShopifyApp::RequireKnownShop
+
+  def index
+    @shop_origin = current_shopify_domain
+  end
+end

data/lib/generators/shopify_app/install/templates/embedded_app.html.erb

@@ -28,7 +28,7 @@
 
     <%= content_tag(:div, nil, id: 'shopify-app-init', data: {
       api_key: ShopifyApp.configuration.api_key,
-      shop_origin: (@current_shopify_session.domain if @current_shopify_session),
+      shop_origin: @shop_origin || (@current_shopify_session.domain if @current_shopify_session),
       debug: Rails.env.development?
     } ) %>
 

data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt

@@ -9,6 +9,7 @@ ShopifyApp.configure do |config|
   config.after_authenticate_job = false
   config.api_version = "<%= @api_version %>"
   config.shop_session_repository = 'Shop'
+  config.allow_jwt_authentication = true
 end
 
 # ShopifyApp::Utils.fetch_known_api_versions                        # Uncomment to fetch known api versions from shopify servers on boot

data/lib/generators/shopify_app/products_controller/products_controller_generator.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'rails/generators/base'
+
+module ShopifyApp
+  module Generators
+    class ProductsControllerGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      def create_products_controller
+        template('products_controller.rb', 'app/controllers/products_controller.rb')
+      end
+
+      def add_products_route
+        route("get '/products', :to => 'products#index'")
+      end
+    end
+  end
+end

data/lib/generators/shopify_app/products_controller/templates/products_controller.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class ProductsController < AuthenticatedController
+  def index
+    @products = ShopifyAPI::Product.find(:all, params: { limit: 10 })
+    render(json: { products: @products })
+  end
+end

data/lib/generators/shopify_app/shopify_app_generator.rb

@@ -11,7 +11,7 @@ module ShopifyApp
         generate("shopify_app:install #{@opts.join(' ')}")
         generate("shopify_app:shop_model")
         generate("shopify_app:authenticated_controller")
-        generate("shopify_app:home_controller")
+        generate("shopify_app:home_controller #{@opts.join(' ')}")
       end
     end
   end

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -14,6 +14,8 @@ module ShopifyApp
       rescue_from ActiveResource::UnauthorizedAccess, with: :close_session
     end
 
+    ACCESS_TOKEN_REQUIRED_HEADER = 'X-Shopify-API-Request-Failure-Unauthorized'
+
     def activate_shopify_session
       return redirect_to_login if current_shopify_session.blank?
       clear_top_level_oauth_cookie
@@ -80,6 +82,10 @@ module ShopifyApp
       end
     end
 
+    def signal_access_token_required
+      response.set_header(ACCESS_TOKEN_REQUIRED_HEADER, true)
+    end
+
     protected
 
     def jwt_shopify_domain
@@ -204,6 +210,8 @@ module ShopifyApp
     def return_address
       return base_return_address unless ShopifyApp.configuration.allow_jwt_authentication
       return_address_with_params(shop: current_shopify_domain)
+    rescue ShopifyDomainNotFound
+      base_return_address
     end
 
     def base_return_address

data/lib/shopify_app/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '13.4.0'
+  VERSION = '14.2.0'
 end

data/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "13.0.0",
+  "version": "13.6.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -53,12 +53,6 @@
             "minimist": "^1.2.0"
           }
         },
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        },
         "ms": {
           "version": "2.1.2",
           "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -78,14 +72,6 @@
         "lodash": "^4.17.13",
         "source-map": "^0.5.0",
         "trim-right": "^1.0.1"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/helper-annotate-as-pure": {
@@ -151,14 +137,6 @@
         "@babel/helper-function-name": "^7.1.0",
         "@babel/types": "^7.5.5",
         "lodash": "^4.17.13"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/helper-explode-assignable-expression": {
@@ -230,14 +208,6 @@
         "@babel/template": "^7.4.4",
         "@babel/types": "^7.5.5",
         "lodash": "^4.17.13"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/helper-optimise-call-expression": {
@@ -262,14 +232,6 @@
       "dev": true,
       "requires": {
         "lodash": "^4.17.13"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/helper-remap-async-to-generator": {
@@ -598,14 +560,6 @@
       "requires": {
         "@babel/helper-plugin-utils": "^7.0.0",
         "lodash": "^4.17.13"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@babel/plugin-transform-classes": {
@@ -1056,12 +1010,6 @@
             "ms": "^2.1.1"
           }
         },
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        },
         "ms": {
           "version": "2.1.2",
           "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
@@ -1079,14 +1027,6 @@
         "esutils": "^2.0.2",
         "lodash": "^4.17.13",
         "to-fast-properties": "^2.0.0"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@sinonjs/commons": {
@@ -1117,14 +1057,6 @@
         "@sinonjs/commons": "^1.3.0",
         "array-from": "^2.1.1",
         "lodash": "^4.17.15"
-      },
-      "dependencies": {
-        "lodash": {
-          "version": "4.17.15",
-          "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-          "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-          "dev": true
-        }
       }
     },
     "@sinonjs/text-encoding": {
@@ -2600,9 +2532,9 @@
       "dev": true
     },
     "elliptic": {
-      "version": "6.5.1",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.1.tgz",
-      "integrity": "sha512-xvJINNLbTeWQjrl6X+7eQCrIy/YPv5XCpKW6kB5mKvtnGILoLDcySuwomfdzt0BMdLNVnuRNTuzKNHj0bva1Cg==",
+      "version": "6.5.3",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz",
+      "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==",
       "dev": true,
       "requires": {
         "bn.js": "^4.4.0",
@@ -4579,9 +4511,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.15",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
+      "version": "4.17.19",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
+      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==",
       "dev": true
     },
     "log-symbols": {