shopify_app 15.0.0 → 17.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build.yml +38 -0
- data/.github/workflows/release.yml +20 -0
- data/.github/workflows/rubocop.yml +1 -7
- data/.gitignore +0 -2
- data/CHANGELOG.md +24 -0
- data/Gemfile.lock +256 -0
- data/README.md +36 -15
- data/app/assets/images/storage_access.svg +1 -2
- data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +22 -0
- data/app/controllers/shopify_app/callback_controller.rb +0 -6
- data/app/controllers/shopify_app/sessions_controller.rb +1 -15
- data/app/views/shopify_app/partials/_button_styles.html.erb +41 -36
- data/app/views/shopify_app/partials/_card_styles.html.erb +3 -3
- data/app/views/shopify_app/partials/_empty_state_styles.html.erb +28 -59
- data/app/views/shopify_app/partials/_form_styles.html.erb +56 -0
- data/app/views/shopify_app/partials/_layout_styles.html.erb +16 -1
- data/app/views/shopify_app/partials/_typography_styles.html.erb +6 -6
- data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -1
- data/app/views/shopify_app/sessions/new.html.erb +38 -110
- data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -1
- data/app/views/shopify_app/sessions/top_level_interaction.html.erb +20 -15
- data/config/locales/de.yml +11 -11
- data/config/locales/vi.yml +22 -0
- data/config/locales/zh-CN.yml +1 -1
- data/docs/Releasing.md +9 -6
- data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +16 -7
- data/lib/generators/shopify_app/home_controller/templates/index.html.erb +10 -10
- data/lib/generators/shopify_app/install/install_generator.rb +6 -1
- data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +15 -12
- data/lib/shopify_app/configuration.rb +3 -0
- data/lib/shopify_app/controller_concerns/itp.rb +0 -2
- data/lib/shopify_app/controller_concerns/login_protection.rb +3 -13
- data/lib/shopify_app/session/jwt.rb +3 -1
- data/lib/shopify_app/version.rb +1 -1
- data/package.json +1 -1
- data/shopify_app.gemspec +1 -1
- data/translation.yml +1 -1
- metadata +14 -3
- data/.travis.yml +0 -27
@@ -11,6 +11,7 @@ module ShopifyApp
|
|
11
11
|
class_option :scope, type: :array, default: ['read_products']
|
12
12
|
class_option :embedded, type: :string, default: 'true'
|
13
13
|
class_option :api_version, type: :string, default: nil
|
14
|
+
class_option :with_cookie_authentication, type: :boolean, default: false
|
14
15
|
|
15
16
|
def create_shopify_app_initializer
|
16
17
|
@application_name = format_array_argument(options['application_name'])
|
@@ -64,7 +65,7 @@ module ShopifyApp
|
|
64
65
|
def insert_hosts_into_development_config
|
65
66
|
inject_into_file(
|
66
67
|
'config/environments/development.rb',
|
67
|
-
" config.hosts = (config.hosts rescue []) << /\\
|
68
|
+
" config.hosts = (config.hosts rescue []) << /\\w+\\.ngrok\\.io/\n",
|
68
69
|
after: "Rails.application.configure do\n"
|
69
70
|
)
|
70
71
|
end
|
@@ -78,6 +79,10 @@ module ShopifyApp
|
|
78
79
|
def format_array_argument(array)
|
79
80
|
array.join(' ').tr('"', '')
|
80
81
|
end
|
82
|
+
|
83
|
+
def with_cookie_authentication?
|
84
|
+
options['with_cookie_authentication'] || !embedded_app?
|
85
|
+
end
|
81
86
|
end
|
82
87
|
end
|
83
88
|
end
|
@@ -1,15 +1,18 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
1
|
+
unless defined? Rails::Generators
|
2
|
+
ShopifyApp.configure do |config|
|
3
|
+
config.application_name = "<%= @application_name %>"
|
4
|
+
config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence || raise('Missing SHOPIFY_API_KEY. See https://github.com/Shopify/shopify_app#api-keys')
|
5
|
+
config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence || raise('Missing SHOPIFY_API_SECRET. See https://github.com/Shopify/shopify_app#api-keys')
|
6
|
+
config.old_secret = "<%= @old_secret %>"
|
7
|
+
config.scope = "<%= @scope %>" # Consult this page for more scope options:
|
8
|
+
# https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
|
9
|
+
config.embedded_app = <%= embedded_app? %>
|
10
|
+
config.after_authenticate_job = false
|
11
|
+
config.api_version = "<%= @api_version %>"
|
12
|
+
config.shop_session_repository = 'Shop'
|
13
|
+
config.allow_jwt_authentication = <%= !with_cookie_authentication? %>
|
14
|
+
config.allow_cookie_authentication = <%= with_cookie_authentication? %>
|
15
|
+
end
|
13
16
|
end
|
14
17
|
|
15
18
|
# ShopifyApp::Utils.fetch_known_api_versions # Uncomment to fetch known api versions from shopify servers on boot
|
@@ -39,12 +39,15 @@ module ShopifyApp
|
|
39
39
|
# allow enabling jwt headers for authentication
|
40
40
|
attr_accessor :allow_jwt_authentication
|
41
41
|
|
42
|
+
attr_accessor :allow_cookie_authentication
|
43
|
+
|
42
44
|
def initialize
|
43
45
|
@root_url = '/'
|
44
46
|
@myshopify_domain = 'myshopify.com'
|
45
47
|
@scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
|
46
48
|
@webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
|
47
49
|
@disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
|
50
|
+
@allow_cookie_authentication = true
|
48
51
|
end
|
49
52
|
|
50
53
|
def login_url
|
@@ -13,12 +13,10 @@ module ShopifyApp
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def set_top_level_oauth_cookie
|
16
|
-
Rails.logger.debug("[ShopifyApp::Itp] Setting top level oauth cookie...")
|
17
16
|
session['shopify.top_level_oauth'] = true
|
18
17
|
end
|
19
18
|
|
20
19
|
def clear_top_level_oauth_cookie
|
21
|
-
Rails.logger.debug("[ShopifyApp::Itp] Clearing top level oauth cookie...")
|
22
20
|
session.delete('shopify.top_level_oauth')
|
23
21
|
end
|
24
22
|
|
@@ -18,24 +18,18 @@ module ShopifyApp
|
|
18
18
|
|
19
19
|
def activate_shopify_session
|
20
20
|
if user_session_expected? && user_session.blank?
|
21
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] User session required. Redirecting to login...")
|
22
21
|
signal_access_token_required
|
23
22
|
return redirect_to_login
|
24
23
|
end
|
25
24
|
|
26
|
-
if current_shopify_session.blank?
|
27
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Current shopify session is blank. Redirecting to login...")
|
28
|
-
return redirect_to_login
|
29
|
-
end
|
25
|
+
return redirect_to_login if current_shopify_session.blank?
|
30
26
|
|
31
27
|
clear_top_level_oauth_cookie
|
32
28
|
|
33
29
|
begin
|
34
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Activating session...")
|
35
30
|
ShopifyAPI::Base.activate_session(current_shopify_session)
|
36
31
|
yield
|
37
32
|
ensure
|
38
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing session...")
|
39
33
|
ShopifyAPI::Base.clear_session
|
40
34
|
end
|
41
35
|
end
|
@@ -57,6 +51,7 @@ module ShopifyApp
|
|
57
51
|
end
|
58
52
|
|
59
53
|
def user_session_by_cookie
|
54
|
+
return unless ShopifyApp.configuration.allow_cookie_authentication
|
60
55
|
return unless session[:user_id].present?
|
61
56
|
ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
|
62
57
|
end
|
@@ -72,18 +67,14 @@ module ShopifyApp
|
|
72
67
|
end
|
73
68
|
|
74
69
|
def shop_session_by_cookie
|
70
|
+
return unless ShopifyApp.configuration.allow_cookie_authentication
|
75
71
|
return unless session[:shop_id].present?
|
76
72
|
ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
|
77
73
|
end
|
78
74
|
|
79
75
|
def login_again_if_different_user_or_shop
|
80
76
|
if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
|
81
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Session data was sent/stored correctly.")
|
82
77
|
clear_session = session[:user_session] != params[:session] # current user is different from stored user
|
83
|
-
if clear_session
|
84
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Current user is different from stored user.")
|
85
|
-
end
|
86
|
-
clear_session
|
87
78
|
end
|
88
79
|
|
89
80
|
if current_shopify_session &&
|
@@ -93,7 +84,6 @@ module ShopifyApp
|
|
93
84
|
end
|
94
85
|
|
95
86
|
if clear_session
|
96
|
-
Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing shopify session and redirecting to login...")
|
97
87
|
clear_shopify_session
|
98
88
|
redirect_to_login
|
99
89
|
end
|
@@ -2,7 +2,9 @@
|
|
2
2
|
module ShopifyApp
|
3
3
|
class JWT
|
4
4
|
class InvalidDestinationError < StandardError; end
|
5
|
+
|
5
6
|
class MismatchedHostsError < StandardError; end
|
7
|
+
|
6
8
|
class InvalidAudienceError < StandardError; end
|
7
9
|
|
8
10
|
WARN_EXCEPTIONS = [
|
@@ -25,7 +27,7 @@ module ShopifyApp
|
|
25
27
|
end
|
26
28
|
|
27
29
|
def shopify_user_id
|
28
|
-
@payload && @payload['sub']
|
30
|
+
@payload['sub'].to_i if @payload && @payload['sub']
|
29
31
|
end
|
30
32
|
|
31
33
|
private
|
data/lib/shopify_app/version.rb
CHANGED
data/package.json
CHANGED
data/shopify_app.gemspec
CHANGED
@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
|
|
14
14
|
s.metadata['allowed_push_host'] = 'https://rubygems.org'
|
15
15
|
|
16
16
|
s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
|
17
|
-
s.add_runtime_dependency('rails', '> 5.2.1')
|
17
|
+
s.add_runtime_dependency('rails', '> 5.2.1', '< 6.1')
|
18
18
|
s.add_runtime_dependency('shopify_api', '~> 9.1')
|
19
19
|
s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
|
20
20
|
s.add_runtime_dependency('jwt', '~> 2.2.1')
|
data/translation.yml
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
source_language: en
|
2
|
-
target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, zh-CN, zh-TW]
|
2
|
+
target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, vi, zh-CN, zh-TW]
|
3
3
|
components:
|
4
4
|
- name: 'merchant'
|
5
5
|
paths:
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: shopify_app
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 17.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Shopify
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-01-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: browser_sniffer
|
@@ -31,6 +31,9 @@ dependencies:
|
|
31
31
|
- - ">"
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: 5.2.1
|
34
|
+
- - "<"
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: '6.1'
|
34
37
|
type: :runtime
|
35
38
|
prerelease: false
|
36
39
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -38,6 +41,9 @@ dependencies:
|
|
38
41
|
- - ">"
|
39
42
|
- !ruby/object:Gem::Version
|
40
43
|
version: 5.2.1
|
44
|
+
- - "<"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '6.1'
|
41
47
|
- !ruby/object:Gem::Dependency
|
42
48
|
name: shopify_api
|
43
49
|
requirement: !ruby/object:Gem::Requirement
|
@@ -245,14 +251,16 @@ files:
|
|
245
251
|
- ".github/ISSUE_TEMPLATE.md"
|
246
252
|
- ".github/PULL_REQUEST_TEMPLATE.md"
|
247
253
|
- ".github/probots.yml"
|
254
|
+
- ".github/workflows/build.yml"
|
255
|
+
- ".github/workflows/release.yml"
|
248
256
|
- ".github/workflows/rubocop.yml"
|
249
257
|
- ".gitignore"
|
250
258
|
- ".nvmrc"
|
251
259
|
- ".rubocop.yml"
|
252
260
|
- ".ruby-version"
|
253
|
-
- ".travis.yml"
|
254
261
|
- CHANGELOG.md
|
255
262
|
- Gemfile
|
263
|
+
- Gemfile.lock
|
256
264
|
- LICENSE
|
257
265
|
- README.md
|
258
266
|
- Rakefile
|
@@ -268,6 +276,7 @@ files:
|
|
268
276
|
- app/assets/javascripts/shopify_app/top_level.js
|
269
277
|
- app/assets/javascripts/shopify_app/top_level_interaction.js
|
270
278
|
- app/controllers/concerns/shopify_app/authenticated.rb
|
279
|
+
- app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
|
271
280
|
- app/controllers/concerns/shopify_app/require_known_shop.rb
|
272
281
|
- app/controllers/shopify_app/authenticated_controller.rb
|
273
282
|
- app/controllers/shopify_app/callback_controller.rb
|
@@ -277,6 +286,7 @@ files:
|
|
277
286
|
- app/views/shopify_app/partials/_button_styles.html.erb
|
278
287
|
- app/views/shopify_app/partials/_card_styles.html.erb
|
279
288
|
- app/views/shopify_app/partials/_empty_state_styles.html.erb
|
289
|
+
- app/views/shopify_app/partials/_form_styles.html.erb
|
280
290
|
- app/views/shopify_app/partials/_layout_styles.html.erb
|
281
291
|
- app/views/shopify_app/partials/_typography_styles.html.erb
|
282
292
|
- app/views/shopify_app/sessions/enable_cookies.html.erb
|
@@ -304,6 +314,7 @@ files:
|
|
304
314
|
- config/locales/sv.yml
|
305
315
|
- config/locales/th.yml
|
306
316
|
- config/locales/tr.yml
|
317
|
+
- config/locales/vi.yml
|
307
318
|
- config/locales/zh-CN.yml
|
308
319
|
- config/locales/zh-TW.yml
|
309
320
|
- config/routes.rb
|
data/.travis.yml
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
sudo: required
|
2
|
-
dist: trusty
|
3
|
-
addons:
|
4
|
-
chrome: stable
|
5
|
-
before_script:
|
6
|
-
- "sudo chown root /opt/google/chrome/chrome-sandbox"
|
7
|
-
- "sudo chmod 4755 /opt/google/chrome/chrome-sandbox"
|
8
|
-
language: ruby
|
9
|
-
cache:
|
10
|
-
bundler: true
|
11
|
-
directories:
|
12
|
-
- node_modules
|
13
|
-
yarn: true
|
14
|
-
|
15
|
-
rvm:
|
16
|
-
- 2.5
|
17
|
-
- 2.6
|
18
|
-
- 2.7
|
19
|
-
|
20
|
-
install:
|
21
|
-
- bundle install
|
22
|
-
- nvm install node
|
23
|
-
- yarn
|
24
|
-
|
25
|
-
script:
|
26
|
-
- yarn test
|
27
|
-
- bundle exec rake test
|