shopify_app 14.4.1 → 15.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/ISSUE_TEMPLATE.md +5 -0
- data/.rubocop.yml +1 -0
- data/CHANGELOG.md +20 -0
- data/README.md +3 -3
- data/app/controllers/shopify_app/callback_controller.rb +48 -21
- data/app/controllers/shopify_app/sessions_controller.rb +15 -1
- data/docs/Releasing.md +5 -4
- data/lib/generators/shopify_app/controllers/controllers_generator.rb +1 -1
- data/lib/generators/shopify_app/install/install_generator.rb +1 -1
- data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +2 -2
- data/lib/generators/shopify_app/views/views_generator.rb +1 -1
- data/lib/shopify_app/controller_concerns/login_protection.rb +1 -1
- data/lib/shopify_app/engine.rb +21 -0
- data/lib/shopify_app/session/jwt.rb +1 -1
- data/lib/shopify_app/version.rb +1 -1
- data/package.json +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 766b20c9b903b80875806ea437bd132f004a27f5b339faae48ee14656da7a110
|
4
|
+
data.tar.gz: d8cbdf61e359a4990f21127b4e811332253f808f011080659410ecab73144d4b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2821dedc568c6f542f79dc4bc17eb26e38b5ffd6f341cdaf22fbde7a96750145ebd6685fb2213bb7ff402795b0abf92554d3e85d961dc7e21995c3c3ba86901a
|
7
|
+
data.tar.gz: 73002f4ae08f88cbc9bfc95fe846416255e4a4e587fa954731d7e05d476bc10a3b7110ed4262e60e44277fef42ab17c6eafc4a0883eb5ee1f9149109ed657ee4
|
data/.github/ISSUE_TEMPLATE.md
CHANGED
@@ -12,3 +12,8 @@ Authentication Issues
|
|
12
12
|
A great deal of the issues surrounding this repo are around authenticating (installing) the generated app with Shopify.
|
13
13
|
|
14
14
|
If you are experiencing issues with your app authenticating/installing the best way to get help fast is to create a repo with the minimal amount of code to demonstrate the issue and a clearly documented set of steps you took to arrive there. This will help us solve your problem quicker since we won't need to spend any time figuring out how to reproduce the bug. Please also include your operating system and browser.
|
15
|
+
|
16
|
+
Security
|
17
|
+
--------
|
18
|
+
|
19
|
+
Please be certain to redact any private information from your logs or code snippets such as Api Keys, Api Secrets, and any authentication tokens such as shop_tokens.
|
data/.rubocop.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
15.0.1
|
2
|
+
------
|
3
|
+
* Allow JWT session token `sub` field to be parsed as a string [#1103](https://github.com/Shopify/shopify_app/pull/1103)
|
4
|
+
|
5
|
+
15.0.0
|
6
|
+
------
|
7
|
+
* Change `X-Shopify-API-Request-Failure-Unauthorized` HTTP header value from boolean to string
|
8
|
+
|
9
|
+
14.4.4
|
10
|
+
------
|
11
|
+
* Patch to not log params in ShopifyApp jobs [#1086](https://github.com/Shopify/shopify_app/pull/1086)
|
12
|
+
|
13
|
+
14.4.3
|
14
|
+
------
|
15
|
+
* Fix to ensure post authenticate jobs are run after callback requests [#1079](https://github.com/Shopify/shopify_app/pull/1079)
|
16
|
+
|
17
|
+
14.4.2
|
18
|
+
------
|
19
|
+
* Add debug logs in sessions controller
|
20
|
+
|
1
21
|
14.4.1
|
2
22
|
------
|
3
23
|
* Add debug logs for investigating authentication issues
|
data/README.md
CHANGED
@@ -26,7 +26,7 @@ Table of Contents
|
|
26
26
|
- [Troubleshooting](#troubleshooting)
|
27
27
|
- [Testing an embedded app outside the Shopify admin](#testing-an-embedded-app-outside-the-shopify-admin)
|
28
28
|
- [Migration to 13.0.0](#migrating-to-1300)
|
29
|
-
- [Questions or problems?](#questions-or-problems
|
29
|
+
- [Questions or problems?](#questions-or-problems)
|
30
30
|
- [Rails 6 Compatibility](#rails-6-compatibility)
|
31
31
|
- [Upgrading from 8.6 to 9.0.0](#upgrading-from-86-to-900)
|
32
32
|
|
@@ -105,7 +105,7 @@ Options include:
|
|
105
105
|
* `application_name` - the name of your app, it can be supplied with or without double-quotes if a whitespace is present. (e.g. `--application_name Example App` or `--application_name "Example App"`)
|
106
106
|
* `scope` - the OAuth access scope required for your app, e.g. **read_products, write_orders**. *Multiple options* need to be delimited by a comma-space and can be supplied with or without double-quotes
|
107
107
|
(e.g. `--scope read_products, write_orders, write_products` or `--scope "read_products, write_orders, write_products"`)
|
108
|
-
For more information, refer the [docs](http://docs.shopify.com/api/tutorials/oauth).
|
108
|
+
For more information, refer to the [docs](http://docs.shopify.com/api/tutorials/oauth).
|
109
109
|
* `embedded` - the default is to generate an [embedded app](http://docs.shopify.com/embedded-app-sdk), if you want a legacy non-embedded app then set this to false, `--embedded false`
|
110
110
|
|
111
111
|
You can update any of these settings later on easily; the arguments are simply for convenience.
|
@@ -427,7 +427,7 @@ bin/rails g shopify_app:rotate_shopify_token_job
|
|
427
427
|
|
428
428
|
The generated rake task will be found at `lib/tasks/shopify/rotate_shopify_token.rake` and is provided strictly for example purposes. It might not work with your application out of the box without some configuration.
|
429
429
|
|
430
|
-
⚠️ Note: if you are updating `shopify_app` from a version prior to 8.4.2 (and do not wish to run the default/install generator again), you will need to add [the following line](https://github.com/Shopify/shopify_app/blob/4f7e6cca2a472d8f7af44b938bd0fcafe4d8e88a/lib/generators/shopify_app/install/templates/shopify_provider.rb#L18) to `config/
|
430
|
+
⚠️ Note: if you are updating `shopify_app` from a version prior to 8.4.2 (and do not wish to run the default/install generator again), you will need to add [the following line](https://github.com/Shopify/shopify_app/blob/4f7e6cca2a472d8f7af44b938bd0fcafe4d8e88a/lib/generators/shopify_app/install/templates/shopify_provider.rb#L18) to `config/initializers/omniauth.rb`:
|
431
431
|
|
432
432
|
```ruby
|
433
433
|
strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
|
@@ -6,50 +6,77 @@ module ShopifyApp
|
|
6
6
|
include ShopifyApp::LoginProtection
|
7
7
|
|
8
8
|
def callback
|
9
|
-
|
10
|
-
return respond_with_error
|
11
|
-
end
|
9
|
+
return respond_with_error if invalid_request?
|
12
10
|
|
13
|
-
|
14
|
-
|
15
|
-
|
11
|
+
store_access_token_and_build_session
|
12
|
+
|
13
|
+
if start_user_token_flow?
|
14
|
+
return respond_with_user_token_flow
|
16
15
|
end
|
17
16
|
|
17
|
+
perform_post_authenticate_jobs
|
18
|
+
|
19
|
+
respond_successfully
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
|
24
|
+
def respond_successfully
|
18
25
|
if jwt_request?
|
19
|
-
Rails.logger.debug("[ShopifyApp::CallbackController] JWT request detected. Setting shopify session...")
|
20
|
-
set_shopify_session
|
21
26
|
head(:ok)
|
22
27
|
else
|
28
|
+
redirect_to(return_address)
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def respond_with_user_token_flow
|
33
|
+
Rails.logger.debug("[ShopifyApp::CallbackController] Redirecting for user token...")
|
34
|
+
redirect_to(login_url_with_optional_shop)
|
35
|
+
end
|
36
|
+
|
37
|
+
def store_access_token_and_build_session
|
38
|
+
if native_browser_request?
|
23
39
|
Rails.logger.debug("[ShopifyApp::CallbackController] Not a JWT request. Resetting session options...")
|
24
40
|
reset_session_options
|
25
|
-
|
41
|
+
else
|
42
|
+
Rails.logger.debug("[ShopifyApp::CallbackController] JWT request detected. Setting shopify session...")
|
43
|
+
end
|
44
|
+
set_shopify_session
|
45
|
+
end
|
26
46
|
|
27
|
-
|
28
|
-
|
29
|
-
return redirect_to(login_url_with_optional_shop)
|
30
|
-
end
|
47
|
+
def invalid_request?
|
48
|
+
return true unless auth_hash
|
31
49
|
|
32
|
-
|
33
|
-
|
34
|
-
perform_after_authenticate_job
|
50
|
+
jwt_request? && !valid_jwt_auth?
|
51
|
+
end
|
35
52
|
|
36
|
-
|
37
|
-
|
53
|
+
def native_browser_request?
|
54
|
+
!jwt_request?
|
38
55
|
end
|
39
56
|
|
40
|
-
|
57
|
+
def perform_post_authenticate_jobs
|
58
|
+
install_webhooks
|
59
|
+
install_scripttags
|
60
|
+
perform_after_authenticate_job
|
61
|
+
end
|
41
62
|
|
42
63
|
def respond_with_error
|
43
64
|
if jwt_request?
|
65
|
+
Rails.logger.debug("[ShopifyApp::CallbackController] Invalid JWT auth detected.")
|
44
66
|
head(:unauthorized)
|
45
67
|
else
|
68
|
+
Rails.logger.debug("[ShopifyApp::CallbackController] Invalid non JWT auth detected.")
|
46
69
|
flash[:error] = I18n.t('could_not_log_in')
|
47
70
|
redirect_to(login_url_with_optional_shop)
|
48
71
|
end
|
49
72
|
end
|
50
73
|
|
51
|
-
def
|
52
|
-
|
74
|
+
def start_user_token_flow?
|
75
|
+
if jwt_request?
|
76
|
+
false
|
77
|
+
else
|
78
|
+
ShopifyApp::SessionRepository.user_storage.present? && user_session.blank?
|
79
|
+
end
|
53
80
|
end
|
54
81
|
|
55
82
|
def jwt_request?
|
@@ -10,14 +10,19 @@ module ShopifyApp
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def new
|
13
|
-
|
13
|
+
if sanitized_shop_name.present?
|
14
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Sanitized shop name present. Authenticating...")
|
15
|
+
authenticate
|
16
|
+
end
|
14
17
|
end
|
15
18
|
|
16
19
|
def create
|
20
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating...")
|
17
21
|
authenticate
|
18
22
|
end
|
19
23
|
|
20
24
|
def enable_cookies
|
25
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Enabling cookies...")
|
21
26
|
return unless validate_shop_presence
|
22
27
|
|
23
28
|
render(:enable_cookies, layout: false, locals: {
|
@@ -40,6 +45,7 @@ module ShopifyApp
|
|
40
45
|
end
|
41
46
|
|
42
47
|
def granted_storage_access
|
48
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Granted storage access.")
|
43
49
|
return unless validate_shop_presence
|
44
50
|
|
45
51
|
session['shopify.granted_storage_access'] = true
|
@@ -50,6 +56,7 @@ module ShopifyApp
|
|
50
56
|
end
|
51
57
|
|
52
58
|
def destroy
|
59
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Resetting session.")
|
53
60
|
reset_session
|
54
61
|
flash[:notice] = I18n.t('.logged_out')
|
55
62
|
redirect_to(login_url_with_optional_shop)
|
@@ -66,18 +73,23 @@ module ShopifyApp
|
|
66
73
|
set_user_tokens_option
|
67
74
|
|
68
75
|
if user_agent_can_partition_cookies
|
76
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating with partitioning...")
|
69
77
|
authenticate_with_partitioning
|
70
78
|
else
|
79
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating normally...")
|
71
80
|
authenticate_normally
|
72
81
|
end
|
73
82
|
end
|
74
83
|
|
75
84
|
def authenticate_normally
|
76
85
|
if request_storage_access?
|
86
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Redirecting to request storage access...")
|
77
87
|
redirect_to_request_storage_access
|
78
88
|
elsif authenticate_in_context?
|
89
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating in context...")
|
79
90
|
authenticate_in_context
|
80
91
|
else
|
92
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating at top level...")
|
81
93
|
authenticate_at_top_level
|
82
94
|
end
|
83
95
|
end
|
@@ -95,6 +107,7 @@ module ShopifyApp
|
|
95
107
|
# rubocop:disable Lint/SuppressedException
|
96
108
|
def set_user_tokens_option
|
97
109
|
if shop_session.blank?
|
110
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Shop session is blank.")
|
98
111
|
session[:user_tokens] = false
|
99
112
|
return
|
100
113
|
end
|
@@ -117,6 +130,7 @@ module ShopifyApp
|
|
117
130
|
def validate_shop_presence
|
118
131
|
@shop = sanitized_shop_name
|
119
132
|
unless @shop
|
133
|
+
Rails.logger.debug("[ShopifyApp::SessionsController] Invalid shop detected.")
|
120
134
|
render_invalid_shop_error
|
121
135
|
return false
|
122
136
|
end
|
data/docs/Releasing.md
CHANGED
@@ -1,6 +1,7 @@
|
|
1
|
-
Releasing ShopifyApp
|
1
|
+
# Releasing ShopifyApp
|
2
2
|
|
3
|
-
1.
|
3
|
+
1. Make the code changes in a separate PR that doesn't modify the version.
|
4
|
+
1. After that is merged, check the Semantic Versioning page for info on how to version the new release: http://semver.org
|
4
5
|
1. Create a pull request with the following changes:
|
5
6
|
- Update the version of ShopifyApp in lib/shopify_app/version.rb
|
6
7
|
- Update the version of shopify_app in package.json
|
@@ -8,11 +9,11 @@ Releasing ShopifyApp
|
|
8
9
|
- Change the title of the PR to something like: "Packaging for release X.Y.Z"
|
9
10
|
1. Merge your pull request
|
10
11
|
1. Checkout and pull from master so you have the latest version of the shopify_app
|
11
|
-
1. Tag the HEAD with the version
|
12
|
+
1. Tag the HEAD with the version
|
12
13
|
```bash
|
13
14
|
$ git tag -f vX.Y.Z && git push --tags --force
|
14
15
|
```
|
15
16
|
1. Use Shipit to build and push the gem
|
16
17
|
|
17
|
-
If you see an error like 'You need to create the vX.Y.X tag first', clear
|
18
|
+
If you see an error like 'You need to create the vX.Y.X tag first', clear git
|
18
19
|
cache in Shipit settings
|
@@ -64,7 +64,7 @@ module ShopifyApp
|
|
64
64
|
def insert_hosts_into_development_config
|
65
65
|
inject_into_file(
|
66
66
|
'config/environments/development.rb',
|
67
|
-
" config.hosts = (config.hosts rescue []) << /\\
|
67
|
+
" config.hosts = (config.hosts rescue []) << /\\w+\\.ngrok\\.io/\n",
|
68
68
|
after: "Rails.application.configure do\n"
|
69
69
|
)
|
70
70
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
ShopifyApp.configure do |config|
|
2
2
|
config.application_name = "<%= @application_name %>"
|
3
|
-
config.api_key = ENV
|
4
|
-
config.secret = ENV
|
3
|
+
config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence || raise('Missing SHOPIFY_API_KEY')
|
4
|
+
config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence || raise('Missing SHOPIFY_API_SECRET')
|
5
5
|
config.old_secret = "<%= @old_secret %>"
|
6
6
|
config.scope = "<%= @scope %>" # Consult this page for more scope options:
|
7
7
|
# https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
|
data/lib/shopify_app/engine.rb
CHANGED
@@ -1,5 +1,15 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
module ShopifyApp
|
3
|
+
module RedactJobParams
|
4
|
+
private
|
5
|
+
|
6
|
+
def args_info(job)
|
7
|
+
log_disabled_classes = %w(ShopifyApp::ScripttagsManagerJob ShopifyApp::WebhooksManagerJob)
|
8
|
+
return "" if log_disabled_classes.include?(job.class.name)
|
9
|
+
super
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
3
13
|
class Engine < Rails::Engine
|
4
14
|
engine_name 'shopify_app'
|
5
15
|
isolate_namespace ShopifyApp
|
@@ -21,5 +31,16 @@ module ShopifyApp
|
|
21
31
|
app.config.middleware.insert_after(ShopifyApp::SameSiteCookieMiddleware, ShopifyApp::JWTMiddleware)
|
22
32
|
end
|
23
33
|
end
|
34
|
+
|
35
|
+
initializer "shopify_app.redact_job_params" do
|
36
|
+
ActiveSupport.on_load(:active_job) do
|
37
|
+
if ActiveJob::Base.respond_to?(:log_arguments?)
|
38
|
+
WebhooksManagerJob.log_arguments = false
|
39
|
+
ScripttagsManagerJob.log_arguments = false
|
40
|
+
elsif ActiveJob::Logging::LogSubscriber.private_method_defined?(:args_info)
|
41
|
+
ActiveJob::Logging::LogSubscriber.prepend(RedactJobParams)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
24
45
|
end
|
25
46
|
end
|
data/lib/shopify_app/version.rb
CHANGED
data/package.json
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: shopify_app
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 15.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Shopify
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-12-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: browser_sniffer
|