shopify_app 14.4.3 → 16.1.0

data/app/views/shopify_app/sessions/request_storage_access.html.erb

@@ -49,7 +49,7 @@
               </div>
             </div>
             <div class="Polaris-Stack__Item">
-              <div class="Polaris-Stack Polaris-Stack--distributionTrailing">
+              <div class="Polaris-Stack Polaris-Stack--distributionTrailing Polaris-Stack--distributionTrailingCustomSpacing">
                 <div class="Polaris-Stack__Item">
                   <button type="button" class="Polaris-Button Polaris-Button--primary" id="TriggerAllowCookiesPrompt">
                     <span class="Polaris-Button__Content"><span><%= I18n.t('request_storage_access_action') %></span></span>

data/app/views/shopify_app/sessions/top_level_interaction.html.erb

@@ -5,6 +5,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <base target="_top">
   <title>Redirecting…</title>
+  <%= render 'shopify_app/partials/card_styles' %>
   <%= render 'shopify_app/partials/layout_styles' %>
   <%= render 'shopify_app/partials/typography_styles' %>
   <%= render 'shopify_app/partials/button_styles' %>
@@ -25,26 +26,30 @@
           <div class="Polaris-Layout__Section">
             <div class="Polaris-Stack Polaris-Stack--vertical">
               <div class="Polaris-Stack__Item">
-                <div class="Polaris-EmptyState">
-                  <div class="Polaris-EmptyState__Section">
-                    <div class="Polaris-EmptyState__DetailsContainer">
-                      <div class="Polaris-EmptyState__Details">
-                        <div class="Polaris-TextContainer">
-                          <h1 class="Polaris-DisplayText Polaris-DisplayText--sizeMedium"><%= I18n.t('top_level_interaction_heading', app: ShopifyApp.configuration.application_name) %></h1>
-                          <div class="Polaris-EmptyState__Content">
-                            <p><%= I18n.t('top_level_interaction_body', app: ShopifyApp.configuration.application_name) %></p>
+                <div class="Polaris-Card">
+                  <div class="Polaris-Card__Section">
+                    <div class="Polaris-EmptyState">
+                      <div class="Polaris-EmptyState__Section">
+                        <div class="Polaris-EmptyState__DetailsContainer">
+                          <div class="Polaris-EmptyState__Details">
+                            <div class="Polaris-TextContainer">
+                              <h1 class="Polaris-DisplayText Polaris-DisplayText--sizeSmall"><%= I18n.t('top_level_interaction_heading', app: ShopifyApp.configuration.application_name) %></h1>
+                              <div class="Polaris-EmptyState__Content">
+                                <p><%= I18n.t('top_level_interaction_body', app: ShopifyApp.configuration.application_name) %></p>
+                              </div>
+                            </div>
+                            <div class="Polaris-EmptyState__Actions">
+                              <div class="Polaris-Stack Polaris-Stack--alignmentCenter">
+                                <div class="Polaris-Stack__Item"><button type="button" id="TopLevelInteractionButton" class="Polaris-Button Polaris-Button--primary Polaris-Button--sizeLarge"><span class="Polaris-Button__Content"><span class="Polaris-Button__Icon"></span><span><%= I18n.t('top_level_interaction_action') %></span></span></button></div>
+                              </div>
+                            </div>
                           </div>
                         </div>
-                        <div class="Polaris-EmptyState__Actions">
-                          <div class="Polaris-Stack Polaris-Stack--alignmentCenter">
-                            <div class="Polaris-Stack__Item"><button type="button" id="TopLevelInteractionButton" class="Polaris-Button Polaris-Button--primary Polaris-Button--sizeLarge"><span class="Polaris-Button__Content"><span class="Polaris-Button__Icon"></span><span><%= I18n.t('top_level_interaction_action') %></span></span></button></div>
-                          </div>
+                        <div class="Polaris-EmptyState__ImageContainer">
+                          <%= image_tag 'storage_access.svg', role: "presentation", alt: "", class: "Polaris-EmptyState__Image" %>
                         </div>
                       </div>
                     </div>
-                    <div class="Polaris-EmptyState__ImageContainer">
-                      <%= image_tag 'storage_access.svg', role: "presentation", alt: "", class: "Polaris-EmptyState__Image" %>
-                    </div>
                   </div>
                 </div>
               </div>

data/docs/Releasing.md

@@ -1,18 +1,20 @@
-Releasing ShopifyApp
+# Releasing ShopifyApp
 
-1. Check the Semantic Versioning page for info on how to version the new release: http://semver.org
+1. Make the code changes in a separate PR that doesn't modify the version.
+1. After that is merged, check the Semantic Versioning page for info on how to version the new release: http://semver.org
 1. Create a pull request with the following changes:
     - Update the version of ShopifyApp in lib/shopify_app/version.rb
     - Update the version of shopify_app in package.json
+    - Run `bundle` to update `Gemfile.lock`
     - Add a CHANGELOG entry for the new release with the date
     - Change the title of the PR to something like: "Packaging for release X.Y.Z"
 1. Merge your pull request
 1. Checkout and pull from master so you have the latest version of the shopify_app
-1. Tag the HEAD with the version 
+1. Tag the HEAD with the version
 ```bash
 $ git tag -f vX.Y.Z && git push --tags --force
 ```
 1. Use Shipit to build and push the gem
 
-If you see an error like 'You need to create the vX.Y.X tag first', clear GIT
+If you see an error like 'You need to create the vX.Y.X tag first', clear git
 cache in Shipit settings

data/lib/generators/shopify_app/controllers/controllers_generator.rb

@@ -8,7 +8,7 @@ module ShopifyApp
 
       def create_controllers
         controllers.each do |controller|
-          copy_file controller
+          copy_file(controller)
         end
       end
 

data/lib/generators/shopify_app/home_controller/home_controller_generator.rb

@@ -6,16 +6,15 @@ module ShopifyApp
     class HomeControllerGenerator < Rails::Generators::Base
       source_root File.expand_path('../templates', __FILE__)
 
-      class_option :with_session_token, type: :boolean, default: false
+      class_option :with_cookie_authentication, type: :boolean, default: false
+      class_option :embedded, type: :string, default: 'true'
 
       def create_home_controller
-        @with_session_token = options['with_session_token']
-
         template(home_controller_template, 'app/controllers/home_controller.rb')
       end
 
       def create_products_controller
-        generate("shopify_app:products_controller") if with_session_token?
+        generate("shopify_app:products_controller") unless with_cookie_authentication?
       end
 
       def create_home_index_view
@@ -28,16 +27,26 @@ module ShopifyApp
 
       private
 
+      def embedded?
+        options['embedded'] == 'true'
+      end
+
       def embedded_app?
         ShopifyApp.configuration.embedded_app?
       end
 
-      def with_session_token?
-        @with_session_token
+      def with_cookie_authentication?
+        options['with_cookie_authentication']
       end
 
       def home_controller_template
-        with_session_token? ? 'unauthenticated_home_controller.rb' : 'home_controller.rb'
+        return 'unauthenticated_home_controller.rb' unless authenticated_home_controller_required?
+
+        'home_controller.rb'
+      end
+
+      def authenticated_home_controller_required?
+        with_cookie_authentication? || !embedded? || !embedded_app?
       end
     end
   end

data/lib/generators/shopify_app/home_controller/templates/index.html.erb

@@ -7,7 +7,7 @@
       rel="stylesheet"
       href="https://unpkg.com/@shopify/polaris@4.25.0/styles.min.css"
       />
-<% if @with_session_token %>    <script>
+<% unless with_cookie_authentication? %>    <script>
       document.addEventListener("DOMContentLoaded", async function() {
         var SessionToken = window["app-bridge"].actions.SessionToken
         var app = window.app;
@@ -47,7 +47,7 @@
 <% end %>  </head>
   <body>
     <h2>Products</h2>
-<% if @with_session_token %>    <div id="products"><br>Loading...</div><% else %>
+<% unless with_cookie_authentication? %>    <div id="products"><br>Loading...</div><% else %>
     <ul>
       <%% @products.each do |product| %>
         <li><%%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
@@ -55,17 +55,17 @@
     </ul>
 
     <hr>
-
+    <% end %>
     <h2>Webhooks</h2>
 
     <%% if @webhooks.present? %>
-      <ul>
-        <%% @webhooks.each do |webhook| %>
-          <li><%%= webhook.topic %> : <%%= webhook.address %></li>
-        <%% end %>
-      </ul>
+    <ul>
+      <%% @webhooks.each do |webhook| %>
+      <li><%%= webhook.topic %> : <%%= webhook.address %></li>
+      <%% end %>
+    </ul>
     <%% else %>
-      <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
-    <%% end %><% end %>
+    <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
+    <%% end %>
   </body>
 </html>

data/lib/generators/shopify_app/install/install_generator.rb

@@ -11,6 +11,7 @@ module ShopifyApp
       class_option :scope, type: :array, default: ['read_products']
       class_option :embedded, type: :string, default: 'true'
       class_option :api_version, type: :string, default: nil
+      class_option :with_cookie_authentication, type: :boolean, default: false
 
       def create_shopify_app_initializer
         @application_name = format_array_argument(options['application_name'])
@@ -64,7 +65,7 @@ module ShopifyApp
       def insert_hosts_into_development_config
         inject_into_file(
           'config/environments/development.rb',
-          "  config.hosts = (config.hosts rescue []) << /\\h+.ngrok.io/\n",
+          "  config.hosts = (config.hosts rescue []) << /\\w+\\.ngrok\\.io/\n",
           after: "Rails.application.configure do\n"
         )
       end
@@ -78,6 +79,10 @@ module ShopifyApp
       def format_array_argument(array)
         array.join(' ').tr('"', '')
       end
+
+      def with_cookie_authentication?
+        options['with_cookie_authentication'] || !embedded_app?
+      end
     end
   end
 end

data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt

@@ -1,7 +1,7 @@
 ShopifyApp.configure do |config|
   config.application_name = "<%= @application_name %>"
-  config.api_key = ENV['SHOPIFY_API_KEY']
-  config.secret = ENV['SHOPIFY_API_SECRET']
+  config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence || raise('Missing SHOPIFY_API_KEY')
+  config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence || raise('Missing SHOPIFY_API_SECRET')
   config.old_secret = "<%= @old_secret %>"
   config.scope = "<%= @scope %>" # Consult this page for more scope options:
                                  # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
@@ -9,7 +9,8 @@ ShopifyApp.configure do |config|
   config.after_authenticate_job = false
   config.api_version = "<%= @api_version %>"
   config.shop_session_repository = 'Shop'
-  config.allow_jwt_authentication = true
+  config.allow_jwt_authentication = <%= !with_cookie_authentication? %>
+  config.allow_cookie_authentication = <%= with_cookie_authentication? %>
 end
 
 # ShopifyApp::Utils.fetch_known_api_versions                        # Uncomment to fetch known api versions from shopify servers on boot

data/lib/generators/shopify_app/views/views_generator.rb

@@ -8,7 +8,7 @@ module ShopifyApp
 
       def create_views
         views.each do |view|
-          copy_file view
+          copy_file(view)
         end
       end
 

data/lib/shopify_app/configuration.rb

@@ -39,12 +39,15 @@ module ShopifyApp
     # allow enabling jwt headers for authentication
     attr_accessor :allow_jwt_authentication
 
+    attr_accessor :allow_cookie_authentication
+
     def initialize
       @root_url = '/'
       @myshopify_domain = 'myshopify.com'
       @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
       @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
       @disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
+      @allow_cookie_authentication = true
     end
 
     def login_url

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -57,6 +57,7 @@ module ShopifyApp
     end
 
     def user_session_by_cookie
+      return unless ShopifyApp.configuration.allow_cookie_authentication
       return unless session[:user_id].present?
       ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
     end
@@ -72,6 +73,7 @@ module ShopifyApp
     end
 
     def shop_session_by_cookie
+      return unless ShopifyApp.configuration.allow_cookie_authentication
       return unless session[:shop_id].present?
       ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
     end
@@ -100,7 +102,7 @@ module ShopifyApp
     end
 
     def signal_access_token_required
-      response.set_header(ACCESS_TOKEN_REQUIRED_HEADER, true)
+      response.set_header(ACCESS_TOKEN_REQUIRED_HEADER, "true")
     end
 
     protected

data/lib/shopify_app/engine.rb

@@ -1,5 +1,15 @@
 # frozen_string_literal: true
 module ShopifyApp
+  module RedactJobParams
+    private
+
+    def args_info(job)
+      log_disabled_classes = %w(ShopifyApp::ScripttagsManagerJob ShopifyApp::WebhooksManagerJob)
+      return "" if log_disabled_classes.include?(job.class.name)
+      super
+    end
+  end
+
   class Engine < Rails::Engine
     engine_name 'shopify_app'
     isolate_namespace ShopifyApp
@@ -21,5 +31,16 @@ module ShopifyApp
         app.config.middleware.insert_after(ShopifyApp::SameSiteCookieMiddleware, ShopifyApp::JWTMiddleware)
       end
     end
+
+    initializer "shopify_app.redact_job_params" do
+      ActiveSupport.on_load(:active_job) do
+        if ActiveJob::Base.respond_to?(:log_arguments?)
+          WebhooksManagerJob.log_arguments = false
+          ScripttagsManagerJob.log_arguments = false
+        elsif ActiveJob::Logging::LogSubscriber.private_method_defined?(:args_info)
+          ActiveJob::Logging::LogSubscriber.prepend(RedactJobParams)
+        end
+      end
+    end
   end
 end

data/lib/shopify_app/session/jwt.rb

@@ -2,7 +2,9 @@
 module ShopifyApp
   class JWT
     class InvalidDestinationError < StandardError; end
+
     class MismatchedHostsError < StandardError; end
+
     class InvalidAudienceError < StandardError; end
 
     WARN_EXCEPTIONS = [
@@ -25,7 +27,7 @@ module ShopifyApp
     end
 
     def shopify_user_id
-      @payload && @payload['sub']
+      @payload['sub'].to_i if @payload && @payload['sub']
     end
 
     private

data/lib/shopify_app/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '14.4.3'
+  VERSION = '16.1.0'
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "14.4.3",
+  "version": "16.1.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 14.4.3
+  version: 16.1.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-23 00:00:00.000000000 Z
+date: 2020-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -245,14 +245,15 @@ files:
 - ".github/ISSUE_TEMPLATE.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/probots.yml"
+- ".github/workflows/build.yml"
 - ".github/workflows/rubocop.yml"
 - ".gitignore"
 - ".nvmrc"
 - ".rubocop.yml"
 - ".ruby-version"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
+- Gemfile.lock
 - LICENSE
 - README.md
 - Rakefile
@@ -268,6 +269,7 @@ files:
 - app/assets/javascripts/shopify_app/top_level.js
 - app/assets/javascripts/shopify_app/top_level_interaction.js
 - app/controllers/concerns/shopify_app/authenticated.rb
+- app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
 - app/controllers/concerns/shopify_app/require_known_shop.rb
 - app/controllers/shopify_app/authenticated_controller.rb
 - app/controllers/shopify_app/callback_controller.rb
@@ -277,6 +279,7 @@ files:
 - app/views/shopify_app/partials/_button_styles.html.erb
 - app/views/shopify_app/partials/_card_styles.html.erb
 - app/views/shopify_app/partials/_empty_state_styles.html.erb
+- app/views/shopify_app/partials/_form_styles.html.erb
 - app/views/shopify_app/partials/_layout_styles.html.erb
 - app/views/shopify_app/partials/_typography_styles.html.erb
 - app/views/shopify_app/sessions/enable_cookies.html.erb

data/.travis.yml

@@ -1,27 +0,0 @@
-sudo: required
-dist: trusty
-addons:
-    chrome: stable
-before_script:
-    - "sudo chown root /opt/google/chrome/chrome-sandbox"
-    - "sudo chmod 4755 /opt/google/chrome/chrome-sandbox"
-language: ruby
-cache:
-  bundler: true
-  directories:
-    - node_modules
-  yarn: true
-
-rvm:
-  - 2.5
-  - 2.6
-  - 2.7
-
-install:
-  - bundle install
-  - nvm install node
-  - yarn
-
-script:
-  - yarn test
-  - bundle exec rake test