shopify_app 14.4.4 → 17.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build.yml +38 -0
- data/.github/workflows/rubocop.yml +1 -7
- data/.gitignore +0 -2
- data/CHANGELOG.md +24 -0
- data/Gemfile.lock +256 -0
- data/README.md +34 -15
- data/app/assets/images/storage_access.svg +1 -2
- data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +22 -0
- data/app/controllers/shopify_app/callback_controller.rb +0 -6
- data/app/controllers/shopify_app/sessions_controller.rb +1 -15
- data/app/views/shopify_app/partials/_button_styles.html.erb +41 -36
- data/app/views/shopify_app/partials/_card_styles.html.erb +3 -3
- data/app/views/shopify_app/partials/_empty_state_styles.html.erb +28 -59
- data/app/views/shopify_app/partials/_form_styles.html.erb +56 -0
- data/app/views/shopify_app/partials/_layout_styles.html.erb +16 -1
- data/app/views/shopify_app/partials/_typography_styles.html.erb +6 -6
- data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -1
- data/app/views/shopify_app/sessions/new.html.erb +38 -110
- data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -1
- data/app/views/shopify_app/sessions/top_level_interaction.html.erb +20 -15
- data/config/locales/de.yml +11 -11
- data/config/locales/vi.yml +22 -0
- data/config/locales/zh-CN.yml +1 -1
- data/docs/Releasing.md +5 -3
- data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +16 -7
- data/lib/generators/shopify_app/home_controller/templates/index.html.erb +10 -10
- data/lib/generators/shopify_app/install/install_generator.rb +6 -1
- data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +4 -3
- data/lib/shopify_app/configuration.rb +3 -0
- data/lib/shopify_app/controller_concerns/itp.rb +0 -2
- data/lib/shopify_app/controller_concerns/login_protection.rb +4 -14
- data/lib/shopify_app/session/jwt.rb +3 -1
- data/lib/shopify_app/version.rb +1 -1
- data/package.json +1 -1
- data/shopify_app.gemspec +1 -1
- data/translation.yml +1 -1
- metadata +13 -3
- data/.travis.yml +0 -27
|
@@ -11,6 +11,7 @@ module ShopifyApp
|
|
|
11
11
|
class_option :scope, type: :array, default: ['read_products']
|
|
12
12
|
class_option :embedded, type: :string, default: 'true'
|
|
13
13
|
class_option :api_version, type: :string, default: nil
|
|
14
|
+
class_option :with_cookie_authentication, type: :boolean, default: false
|
|
14
15
|
|
|
15
16
|
def create_shopify_app_initializer
|
|
16
17
|
@application_name = format_array_argument(options['application_name'])
|
|
@@ -64,7 +65,7 @@ module ShopifyApp
|
|
|
64
65
|
def insert_hosts_into_development_config
|
|
65
66
|
inject_into_file(
|
|
66
67
|
'config/environments/development.rb',
|
|
67
|
-
" config.hosts = (config.hosts rescue []) << /\\
|
|
68
|
+
" config.hosts = (config.hosts rescue []) << /\\w+\\.ngrok\\.io/\n",
|
|
68
69
|
after: "Rails.application.configure do\n"
|
|
69
70
|
)
|
|
70
71
|
end
|
|
@@ -78,6 +79,10 @@ module ShopifyApp
|
|
|
78
79
|
def format_array_argument(array)
|
|
79
80
|
array.join(' ').tr('"', '')
|
|
80
81
|
end
|
|
82
|
+
|
|
83
|
+
def with_cookie_authentication?
|
|
84
|
+
options['with_cookie_authentication'] || !embedded_app?
|
|
85
|
+
end
|
|
81
86
|
end
|
|
82
87
|
end
|
|
83
88
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
ShopifyApp.configure do |config|
|
|
2
2
|
config.application_name = "<%= @application_name %>"
|
|
3
|
-
config.api_key = ENV
|
|
4
|
-
config.secret = ENV
|
|
3
|
+
config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence || raise('Missing SHOPIFY_API_KEY')
|
|
4
|
+
config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence || raise('Missing SHOPIFY_API_SECRET')
|
|
5
5
|
config.old_secret = "<%= @old_secret %>"
|
|
6
6
|
config.scope = "<%= @scope %>" # Consult this page for more scope options:
|
|
7
7
|
# https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
|
|
@@ -9,7 +9,8 @@ ShopifyApp.configure do |config|
|
|
|
9
9
|
config.after_authenticate_job = false
|
|
10
10
|
config.api_version = "<%= @api_version %>"
|
|
11
11
|
config.shop_session_repository = 'Shop'
|
|
12
|
-
config.allow_jwt_authentication =
|
|
12
|
+
config.allow_jwt_authentication = <%= !with_cookie_authentication? %>
|
|
13
|
+
config.allow_cookie_authentication = <%= with_cookie_authentication? %>
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
# ShopifyApp::Utils.fetch_known_api_versions # Uncomment to fetch known api versions from shopify servers on boot
|
|
@@ -39,12 +39,15 @@ module ShopifyApp
|
|
|
39
39
|
# allow enabling jwt headers for authentication
|
|
40
40
|
attr_accessor :allow_jwt_authentication
|
|
41
41
|
|
|
42
|
+
attr_accessor :allow_cookie_authentication
|
|
43
|
+
|
|
42
44
|
def initialize
|
|
43
45
|
@root_url = '/'
|
|
44
46
|
@myshopify_domain = 'myshopify.com'
|
|
45
47
|
@scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
|
|
46
48
|
@webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
|
|
47
49
|
@disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
|
|
50
|
+
@allow_cookie_authentication = true
|
|
48
51
|
end
|
|
49
52
|
|
|
50
53
|
def login_url
|
|
@@ -13,12 +13,10 @@ module ShopifyApp
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def set_top_level_oauth_cookie
|
|
16
|
-
Rails.logger.debug("[ShopifyApp::Itp] Setting top level oauth cookie...")
|
|
17
16
|
session['shopify.top_level_oauth'] = true
|
|
18
17
|
end
|
|
19
18
|
|
|
20
19
|
def clear_top_level_oauth_cookie
|
|
21
|
-
Rails.logger.debug("[ShopifyApp::Itp] Clearing top level oauth cookie...")
|
|
22
20
|
session.delete('shopify.top_level_oauth')
|
|
23
21
|
end
|
|
24
22
|
|
|
@@ -18,24 +18,18 @@ module ShopifyApp
|
|
|
18
18
|
|
|
19
19
|
def activate_shopify_session
|
|
20
20
|
if user_session_expected? && user_session.blank?
|
|
21
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] User session required. Redirecting to login...")
|
|
22
21
|
signal_access_token_required
|
|
23
22
|
return redirect_to_login
|
|
24
23
|
end
|
|
25
24
|
|
|
26
|
-
if current_shopify_session.blank?
|
|
27
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Current shopify session is blank. Redirecting to login...")
|
|
28
|
-
return redirect_to_login
|
|
29
|
-
end
|
|
25
|
+
return redirect_to_login if current_shopify_session.blank?
|
|
30
26
|
|
|
31
27
|
clear_top_level_oauth_cookie
|
|
32
28
|
|
|
33
29
|
begin
|
|
34
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Activating session...")
|
|
35
30
|
ShopifyAPI::Base.activate_session(current_shopify_session)
|
|
36
31
|
yield
|
|
37
32
|
ensure
|
|
38
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing session...")
|
|
39
33
|
ShopifyAPI::Base.clear_session
|
|
40
34
|
end
|
|
41
35
|
end
|
|
@@ -57,6 +51,7 @@ module ShopifyApp
|
|
|
57
51
|
end
|
|
58
52
|
|
|
59
53
|
def user_session_by_cookie
|
|
54
|
+
return unless ShopifyApp.configuration.allow_cookie_authentication
|
|
60
55
|
return unless session[:user_id].present?
|
|
61
56
|
ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
|
|
62
57
|
end
|
|
@@ -72,18 +67,14 @@ module ShopifyApp
|
|
|
72
67
|
end
|
|
73
68
|
|
|
74
69
|
def shop_session_by_cookie
|
|
70
|
+
return unless ShopifyApp.configuration.allow_cookie_authentication
|
|
75
71
|
return unless session[:shop_id].present?
|
|
76
72
|
ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
|
|
77
73
|
end
|
|
78
74
|
|
|
79
75
|
def login_again_if_different_user_or_shop
|
|
80
76
|
if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
|
|
81
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Session data was sent/stored correctly.")
|
|
82
77
|
clear_session = session[:user_session] != params[:session] # current user is different from stored user
|
|
83
|
-
if clear_session
|
|
84
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Current user is different from stored user.")
|
|
85
|
-
end
|
|
86
|
-
clear_session
|
|
87
78
|
end
|
|
88
79
|
|
|
89
80
|
if current_shopify_session &&
|
|
@@ -93,14 +84,13 @@ module ShopifyApp
|
|
|
93
84
|
end
|
|
94
85
|
|
|
95
86
|
if clear_session
|
|
96
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing shopify session and redirecting to login...")
|
|
97
87
|
clear_shopify_session
|
|
98
88
|
redirect_to_login
|
|
99
89
|
end
|
|
100
90
|
end
|
|
101
91
|
|
|
102
92
|
def signal_access_token_required
|
|
103
|
-
response.set_header(ACCESS_TOKEN_REQUIRED_HEADER, true)
|
|
93
|
+
response.set_header(ACCESS_TOKEN_REQUIRED_HEADER, "true")
|
|
104
94
|
end
|
|
105
95
|
|
|
106
96
|
protected
|
|
@@ -2,7 +2,9 @@
|
|
|
2
2
|
module ShopifyApp
|
|
3
3
|
class JWT
|
|
4
4
|
class InvalidDestinationError < StandardError; end
|
|
5
|
+
|
|
5
6
|
class MismatchedHostsError < StandardError; end
|
|
7
|
+
|
|
6
8
|
class InvalidAudienceError < StandardError; end
|
|
7
9
|
|
|
8
10
|
WARN_EXCEPTIONS = [
|
|
@@ -25,7 +27,7 @@ module ShopifyApp
|
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
def shopify_user_id
|
|
28
|
-
@payload && @payload['sub']
|
|
30
|
+
@payload['sub'].to_i if @payload && @payload['sub']
|
|
29
31
|
end
|
|
30
32
|
|
|
31
33
|
private
|
data/lib/shopify_app/version.rb
CHANGED
data/package.json
CHANGED
data/shopify_app.gemspec
CHANGED
|
@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
|
|
|
14
14
|
s.metadata['allowed_push_host'] = 'https://rubygems.org'
|
|
15
15
|
|
|
16
16
|
s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
|
|
17
|
-
s.add_runtime_dependency('rails', '> 5.2.1')
|
|
17
|
+
s.add_runtime_dependency('rails', '> 5.2.1', '< 6.1')
|
|
18
18
|
s.add_runtime_dependency('shopify_api', '~> 9.1')
|
|
19
19
|
s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
|
|
20
20
|
s.add_runtime_dependency('jwt', '~> 2.2.1')
|
data/translation.yml
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
source_language: en
|
|
2
|
-
target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, zh-CN, zh-TW]
|
|
2
|
+
target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, vi, zh-CN, zh-TW]
|
|
3
3
|
components:
|
|
4
4
|
- name: 'merchant'
|
|
5
5
|
paths:
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_app
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 17.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shopify
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-01-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: browser_sniffer
|
|
@@ -31,6 +31,9 @@ dependencies:
|
|
|
31
31
|
- - ">"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: 5.2.1
|
|
34
|
+
- - "<"
|
|
35
|
+
- !ruby/object:Gem::Version
|
|
36
|
+
version: '6.1'
|
|
34
37
|
type: :runtime
|
|
35
38
|
prerelease: false
|
|
36
39
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -38,6 +41,9 @@ dependencies:
|
|
|
38
41
|
- - ">"
|
|
39
42
|
- !ruby/object:Gem::Version
|
|
40
43
|
version: 5.2.1
|
|
44
|
+
- - "<"
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: '6.1'
|
|
41
47
|
- !ruby/object:Gem::Dependency
|
|
42
48
|
name: shopify_api
|
|
43
49
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -245,14 +251,15 @@ files:
|
|
|
245
251
|
- ".github/ISSUE_TEMPLATE.md"
|
|
246
252
|
- ".github/PULL_REQUEST_TEMPLATE.md"
|
|
247
253
|
- ".github/probots.yml"
|
|
254
|
+
- ".github/workflows/build.yml"
|
|
248
255
|
- ".github/workflows/rubocop.yml"
|
|
249
256
|
- ".gitignore"
|
|
250
257
|
- ".nvmrc"
|
|
251
258
|
- ".rubocop.yml"
|
|
252
259
|
- ".ruby-version"
|
|
253
|
-
- ".travis.yml"
|
|
254
260
|
- CHANGELOG.md
|
|
255
261
|
- Gemfile
|
|
262
|
+
- Gemfile.lock
|
|
256
263
|
- LICENSE
|
|
257
264
|
- README.md
|
|
258
265
|
- Rakefile
|
|
@@ -268,6 +275,7 @@ files:
|
|
|
268
275
|
- app/assets/javascripts/shopify_app/top_level.js
|
|
269
276
|
- app/assets/javascripts/shopify_app/top_level_interaction.js
|
|
270
277
|
- app/controllers/concerns/shopify_app/authenticated.rb
|
|
278
|
+
- app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
|
|
271
279
|
- app/controllers/concerns/shopify_app/require_known_shop.rb
|
|
272
280
|
- app/controllers/shopify_app/authenticated_controller.rb
|
|
273
281
|
- app/controllers/shopify_app/callback_controller.rb
|
|
@@ -277,6 +285,7 @@ files:
|
|
|
277
285
|
- app/views/shopify_app/partials/_button_styles.html.erb
|
|
278
286
|
- app/views/shopify_app/partials/_card_styles.html.erb
|
|
279
287
|
- app/views/shopify_app/partials/_empty_state_styles.html.erb
|
|
288
|
+
- app/views/shopify_app/partials/_form_styles.html.erb
|
|
280
289
|
- app/views/shopify_app/partials/_layout_styles.html.erb
|
|
281
290
|
- app/views/shopify_app/partials/_typography_styles.html.erb
|
|
282
291
|
- app/views/shopify_app/sessions/enable_cookies.html.erb
|
|
@@ -304,6 +313,7 @@ files:
|
|
|
304
313
|
- config/locales/sv.yml
|
|
305
314
|
- config/locales/th.yml
|
|
306
315
|
- config/locales/tr.yml
|
|
316
|
+
- config/locales/vi.yml
|
|
307
317
|
- config/locales/zh-CN.yml
|
|
308
318
|
- config/locales/zh-TW.yml
|
|
309
319
|
- config/routes.rb
|
data/.travis.yml
DELETED
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
sudo: required
|
|
2
|
-
dist: trusty
|
|
3
|
-
addons:
|
|
4
|
-
chrome: stable
|
|
5
|
-
before_script:
|
|
6
|
-
- "sudo chown root /opt/google/chrome/chrome-sandbox"
|
|
7
|
-
- "sudo chmod 4755 /opt/google/chrome/chrome-sandbox"
|
|
8
|
-
language: ruby
|
|
9
|
-
cache:
|
|
10
|
-
bundler: true
|
|
11
|
-
directories:
|
|
12
|
-
- node_modules
|
|
13
|
-
yarn: true
|
|
14
|
-
|
|
15
|
-
rvm:
|
|
16
|
-
- 2.5
|
|
17
|
-
- 2.6
|
|
18
|
-
- 2.7
|
|
19
|
-
|
|
20
|
-
install:
|
|
21
|
-
- bundle install
|
|
22
|
-
- nvm install node
|
|
23
|
-
- yarn
|
|
24
|
-
|
|
25
|
-
script:
|
|
26
|
-
- yarn test
|
|
27
|
-
- bundle exec rake test
|