shopify_app 15.0.1 → 17.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (40) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build.yml +38 -0
  3. data/.github/workflows/release.yml +24 -0
  4. data/.github/workflows/rubocop.yml +1 -7
  5. data/.gitignore +0 -2
  6. data/CHANGELOG.md +24 -0
  7. data/Gemfile.lock +256 -0
  8. data/README.md +36 -15
  9. data/app/assets/images/storage_access.svg +1 -2
  10. data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +22 -0
  11. data/app/controllers/shopify_app/callback_controller.rb +10 -8
  12. data/app/controllers/shopify_app/sessions_controller.rb +1 -15
  13. data/app/views/shopify_app/partials/_button_styles.html.erb +41 -36
  14. data/app/views/shopify_app/partials/_card_styles.html.erb +3 -3
  15. data/app/views/shopify_app/partials/_empty_state_styles.html.erb +28 -59
  16. data/app/views/shopify_app/partials/_form_styles.html.erb +56 -0
  17. data/app/views/shopify_app/partials/_layout_styles.html.erb +16 -1
  18. data/app/views/shopify_app/partials/_typography_styles.html.erb +6 -6
  19. data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -1
  20. data/app/views/shopify_app/sessions/new.html.erb +38 -110
  21. data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -1
  22. data/app/views/shopify_app/sessions/top_level_interaction.html.erb +20 -15
  23. data/config/locales/de.yml +11 -11
  24. data/config/locales/vi.yml +22 -0
  25. data/config/locales/zh-CN.yml +1 -1
  26. data/docs/Releasing.md +5 -3
  27. data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +16 -7
  28. data/lib/generators/shopify_app/home_controller/templates/index.html.erb +10 -10
  29. data/lib/generators/shopify_app/install/install_generator.rb +5 -0
  30. data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +15 -12
  31. data/lib/shopify_app/configuration.rb +3 -0
  32. data/lib/shopify_app/controller_concerns/itp.rb +0 -2
  33. data/lib/shopify_app/controller_concerns/login_protection.rb +3 -13
  34. data/lib/shopify_app/session/jwt.rb +2 -0
  35. data/lib/shopify_app/version.rb +1 -1
  36. data/package.json +1 -1
  37. data/shopify_app.gemspec +1 -1
  38. data/translation.yml +1 -1
  39. metadata +14 -3
  40. data/.travis.yml +0 -27
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 766b20c9b903b80875806ea437bd132f004a27f5b339faae48ee14656da7a110
4
- data.tar.gz: d8cbdf61e359a4990f21127b4e811332253f808f011080659410ecab73144d4b
3
+ metadata.gz: 00c45ff5e3c6ab4df81d1e28f068661e60e261ec521673d6b667745490c938d9
4
+ data.tar.gz: d4757699fa3dac3eea23a29a60ad0ae4972feca489355df86ed8119906e4f929
5
5
  SHA512:
6
- metadata.gz: 2821dedc568c6f542f79dc4bc17eb26e38b5ffd6f341cdaf22fbde7a96750145ebd6685fb2213bb7ff402795b0abf92554d3e85d961dc7e21995c3c3ba86901a
7
- data.tar.gz: 73002f4ae08f88cbc9bfc95fe846416255e4a4e587fa954731d7e05d476bc10a3b7110ed4262e60e44277fef42ab17c6eafc4a0883eb5ee1f9149109ed657ee4
6
+ metadata.gz: f56f3e3ef32065a340c20d50525b493120d56e0a4b2b2c37c38a77ad8631788852dfaa396a98308760370e268316f74cb78ab344850215fba88b023da40688c8
7
+ data.tar.gz: 7751267b60e9c0b2a5c83dfb826772d41edbea1682875ac0587adb47e6fef219b70d42a3f44095d5869c59e0a963b0b580a9366ed1fa429239c2eac35fd570ff
@@ -0,0 +1,38 @@
1
+ name: CI
2
+
3
+ on:
4
+ push:
5
+
6
+ jobs:
7
+ build:
8
+ runs-on: macos-latest # prevents intermittent Chrome Headless error unlike ubuntu
9
+ name: Ruby ${{ matrix.version }}
10
+ strategy:
11
+ matrix:
12
+ version: [2.5, 2.6, 2.7]
13
+
14
+ steps:
15
+ - uses: actions/checkout@v2
16
+ - name: Cache node modules
17
+ uses: actions/cache@v2
18
+ with:
19
+ # npm cache files are stored in `~/.npm` on Linux/macOS
20
+ path: ~/.npm
21
+ key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
22
+ - name: Set up Ruby ${{ matrix.version }}
23
+ uses: ruby/setup-ruby@v1
24
+ with:
25
+ ruby-version: ${{ matrix.version }}
26
+ bundler-cache: true
27
+ - name: Set up Node
28
+ uses: actions/setup-node@v2-beta
29
+ with:
30
+ node-version: '12'
31
+ - name: Install Dependencies
32
+ run: |
33
+ yarn
34
+ - name: Run Tests
35
+ run: |
36
+ yarn test
37
+ bundle exec rake test
38
+
@@ -0,0 +1,24 @@
1
+ name: Create Release
2
+
3
+ on:
4
+ push:
5
+ tags:
6
+ - 'v*'
7
+
8
+ jobs:
9
+ create-release:
10
+ runs-on: ubuntu-latest
11
+ steps:
12
+ - name: Extract tag name
13
+ id: tag
14
+ run: echo "::set-output name=value::${GITHUB_REF##*/}"
15
+ - uses: actions/checkout@v2
16
+
17
+ - name: Create Release
18
+ id: create_release
19
+ uses: actions/create-release@v1
20
+ env:
21
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
22
+ with:
23
+ tag_name: ${{ steps.tag.outputs.value }}
24
+ release_name: ${{ steps.tag.outputs.value }}
@@ -12,13 +12,7 @@ jobs:
12
12
  uses: ruby/setup-ruby@v1
13
13
  with:
14
14
  ruby-version: 2.7
15
- - name: Cache gems
16
- uses: actions/cache@v1
17
- with:
18
- path: vendor/bundle
19
- key: ${{ runner.os }}-rubocop-${{ hashFiles('**/Gemfile.lock') }}
20
- restore-keys: |
21
- ${{ runner.os }}-rubocop-
15
+ bundler-cache: true
22
16
  - name: Install gems
23
17
  run: |
24
18
  bundle config path vendor/bundle
data/.gitignore CHANGED
@@ -1,6 +1,5 @@
1
1
  *.gem
2
2
  .bundle
3
- Gemfile.lock
4
3
  pkg/*
5
4
  .DS_Store
6
5
  .yardoc
@@ -13,4 +12,3 @@ test/tmp/*
13
12
  /test/dummy/tmp/*
14
13
  /node_modules/
15
14
  .byebug_history
16
-
@@ -1,3 +1,27 @@
1
+ Unreleased
2
+ ----------
3
+
4
+ 17.0.2 (January 20, 2021)
5
+ ------
6
+ * Fix failing script tags and webhooks installs after completing OAuth [#1151](https://github.com/Shopify/shopify_app/pull/1151)
7
+
8
+ 17.0.1 (January 18, 2021)
9
+ ------
10
+ * Don't attempt to read Shopify environment variables when the generators are running, since they may not be present yet [#1144](https://github.com/Shopify/shopify_app/pull/1144)
11
+
12
+ 17.0.0 (January 13, 2021)
13
+ ------
14
+ * Rails 6.1 is not yet supported [#1134](https://github.com/Shopify/shopify_app/pull/1134)
15
+
16
+ 16.1.0
17
+ ------
18
+ * Use Session Token auth strategy by default for new embedded apps [#1111](https://github.com/Shopify/shopify_app/pull/1111)
19
+ * Create optional `EnsureAuthenticatedLinks` concern to authenticate deep links using Turbolinks [#1118](https://github.com/Shopify/shopify_app/pull/1118)
20
+
21
+ 16.0.0
22
+ ------
23
+ * Update all `html.erb` and `css` files to correspond with updated store admin design language [#1102](https://github.com/Shopify/shopify_app/pull/1102)
24
+
1
25
  15.0.1
2
26
  ------
3
27
  * Allow JWT session token `sub` field to be parsed as a string [#1103](https://github.com/Shopify/shopify_app/pull/1103)
@@ -0,0 +1,256 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ shopify_app (17.0.2)
5
+ browser_sniffer (~> 1.2.2)
6
+ jwt (~> 2.2.1)
7
+ omniauth-shopify-oauth2 (~> 2.2.2)
8
+ rails (> 5.2.1, < 6.1)
9
+ redirect_safely (~> 1.0)
10
+ shopify_api (~> 9.1)
11
+
12
+ GEM
13
+ remote: https://rubygems.org/
14
+ specs:
15
+ actioncable (6.0.3.3)
16
+ actionpack (= 6.0.3.3)
17
+ nio4r (~> 2.0)
18
+ websocket-driver (>= 0.6.1)
19
+ actionmailbox (6.0.3.3)
20
+ actionpack (= 6.0.3.3)
21
+ activejob (= 6.0.3.3)
22
+ activerecord (= 6.0.3.3)
23
+ activestorage (= 6.0.3.3)
24
+ activesupport (= 6.0.3.3)
25
+ mail (>= 2.7.1)
26
+ actionmailer (6.0.3.3)
27
+ actionpack (= 6.0.3.3)
28
+ actionview (= 6.0.3.3)
29
+ activejob (= 6.0.3.3)
30
+ mail (~> 2.5, >= 2.5.4)
31
+ rails-dom-testing (~> 2.0)
32
+ actionpack (6.0.3.3)
33
+ actionview (= 6.0.3.3)
34
+ activesupport (= 6.0.3.3)
35
+ rack (~> 2.0, >= 2.0.8)
36
+ rack-test (>= 0.6.3)
37
+ rails-dom-testing (~> 2.0)
38
+ rails-html-sanitizer (~> 1.0, >= 1.2.0)
39
+ actiontext (6.0.3.3)
40
+ actionpack (= 6.0.3.3)
41
+ activerecord (= 6.0.3.3)
42
+ activestorage (= 6.0.3.3)
43
+ activesupport (= 6.0.3.3)
44
+ nokogiri (>= 1.8.5)
45
+ actionview (6.0.3.3)
46
+ activesupport (= 6.0.3.3)
47
+ builder (~> 3.1)
48
+ erubi (~> 1.4)
49
+ rails-dom-testing (~> 2.0)
50
+ rails-html-sanitizer (~> 1.1, >= 1.2.0)
51
+ activejob (6.0.3.3)
52
+ activesupport (= 6.0.3.3)
53
+ globalid (>= 0.3.6)
54
+ activemodel (6.0.3.3)
55
+ activesupport (= 6.0.3.3)
56
+ activemodel-serializers-xml (1.0.2)
57
+ activemodel (> 5.x)
58
+ activesupport (> 5.x)
59
+ builder (~> 3.1)
60
+ activerecord (6.0.3.3)
61
+ activemodel (= 6.0.3.3)
62
+ activesupport (= 6.0.3.3)
63
+ activeresource (5.1.1)
64
+ activemodel (>= 5.0, < 7)
65
+ activemodel-serializers-xml (~> 1.0)
66
+ activesupport (>= 5.0, < 7)
67
+ activestorage (6.0.3.3)
68
+ actionpack (= 6.0.3.3)
69
+ activejob (= 6.0.3.3)
70
+ activerecord (= 6.0.3.3)
71
+ marcel (~> 0.3.1)
72
+ activesupport (6.0.3.3)
73
+ concurrent-ruby (~> 1.0, >= 1.0.2)
74
+ i18n (>= 0.7, < 2)
75
+ minitest (~> 5.1)
76
+ tzinfo (~> 1.1)
77
+ zeitwerk (~> 2.2, >= 2.2.2)
78
+ addressable (2.7.0)
79
+ public_suffix (>= 2.0.2, < 5.0)
80
+ ast (2.4.1)
81
+ binding_of_caller (0.8.0)
82
+ debug_inspector (>= 0.0.1)
83
+ browser_sniffer (1.2.2)
84
+ builder (3.2.4)
85
+ byebug (11.1.3)
86
+ coderay (1.1.3)
87
+ concurrent-ruby (1.1.7)
88
+ crack (0.4.4)
89
+ crass (1.0.6)
90
+ debug_inspector (0.0.3)
91
+ erubi (1.9.0)
92
+ faraday (1.3.0)
93
+ faraday-net_http (~> 1.0)
94
+ multipart-post (>= 1.2, < 3)
95
+ ruby2_keywords
96
+ faraday-net_http (1.0.1)
97
+ globalid (0.4.2)
98
+ activesupport (>= 4.2.0)
99
+ graphql (1.11.7)
100
+ graphql-client (0.16.0)
101
+ activesupport (>= 3.0)
102
+ graphql (~> 1.8)
103
+ hashdiff (1.0.1)
104
+ hashie (4.1.0)
105
+ i18n (1.8.5)
106
+ concurrent-ruby (~> 1.0)
107
+ jwt (2.2.2)
108
+ loofah (2.7.0)
109
+ crass (~> 1.0.2)
110
+ nokogiri (>= 1.5.9)
111
+ mail (2.7.1)
112
+ mini_mime (>= 0.1.1)
113
+ marcel (0.3.3)
114
+ mimemagic (~> 0.3.2)
115
+ method_source (0.9.2)
116
+ mimemagic (0.3.5)
117
+ mini_mime (1.0.2)
118
+ mini_portile2 (2.5.0)
119
+ minitest (5.14.2)
120
+ mocha (1.11.2)
121
+ multi_json (1.15.0)
122
+ multi_xml (0.6.0)
123
+ multipart-post (2.1.1)
124
+ nio4r (2.5.4)
125
+ nokogiri (1.11.1)
126
+ mini_portile2 (~> 2.5.0)
127
+ racc (~> 1.4)
128
+ oauth2 (1.4.4)
129
+ faraday (>= 0.8, < 2.0)
130
+ jwt (>= 1.0, < 3.0)
131
+ multi_json (~> 1.3)
132
+ multi_xml (~> 0.5)
133
+ rack (>= 1.2, < 3)
134
+ omniauth (1.9.1)
135
+ hashie (>= 3.4.6)
136
+ rack (>= 1.6.2, < 3)
137
+ omniauth-oauth2 (1.5.0)
138
+ oauth2 (~> 1.1)
139
+ omniauth (~> 1.2)
140
+ omniauth-shopify-oauth2 (2.2.3)
141
+ activesupport
142
+ omniauth-oauth2 (~> 1.5.0)
143
+ parallel (1.20.1)
144
+ parser (2.7.2.0)
145
+ ast (~> 2.4.1)
146
+ pry (0.12.2)
147
+ coderay (~> 1.1.0)
148
+ method_source (~> 0.9.0)
149
+ pry-nav (0.3.0)
150
+ pry (>= 0.9.10, < 0.13.0)
151
+ pry-stack_explorer (0.4.9.3)
152
+ binding_of_caller (>= 0.7)
153
+ pry (>= 0.9.11)
154
+ public_suffix (4.0.6)
155
+ racc (1.5.2)
156
+ rack (2.2.3)
157
+ rack-test (1.1.0)
158
+ rack (>= 1.0, < 3)
159
+ rails (6.0.3.3)
160
+ actioncable (= 6.0.3.3)
161
+ actionmailbox (= 6.0.3.3)
162
+ actionmailer (= 6.0.3.3)
163
+ actionpack (= 6.0.3.3)
164
+ actiontext (= 6.0.3.3)
165
+ actionview (= 6.0.3.3)
166
+ activejob (= 6.0.3.3)
167
+ activemodel (= 6.0.3.3)
168
+ activerecord (= 6.0.3.3)
169
+ activestorage (= 6.0.3.3)
170
+ activesupport (= 6.0.3.3)
171
+ bundler (>= 1.3.0)
172
+ railties (= 6.0.3.3)
173
+ sprockets-rails (>= 2.0.0)
174
+ rails-controller-testing (1.0.5)
175
+ actionpack (>= 5.0.1.rc1)
176
+ actionview (>= 5.0.1.rc1)
177
+ activesupport (>= 5.0.1.rc1)
178
+ rails-dom-testing (2.0.3)
179
+ activesupport (>= 4.2.0)
180
+ nokogiri (>= 1.6)
181
+ rails-html-sanitizer (1.3.0)
182
+ loofah (~> 2.3)
183
+ railties (6.0.3.3)
184
+ actionpack (= 6.0.3.3)
185
+ activesupport (= 6.0.3.3)
186
+ method_source
187
+ rake (>= 0.8.7)
188
+ thor (>= 0.20.3, < 2.0)
189
+ rainbow (3.0.0)
190
+ rake (13.0.1)
191
+ rb-readline (0.5.5)
192
+ redirect_safely (1.0.0)
193
+ activemodel
194
+ regexp_parser (2.0.0)
195
+ rexml (3.2.4)
196
+ rubocop (1.5.2)
197
+ parallel (~> 1.10)
198
+ parser (>= 2.7.1.5)
199
+ rainbow (>= 2.2.2, < 4.0)
200
+ regexp_parser (>= 1.8, < 3.0)
201
+ rexml
202
+ rubocop-ast (>= 1.2.0, < 2.0)
203
+ ruby-progressbar (~> 1.7)
204
+ unicode-display_width (>= 1.4.0, < 2.0)
205
+ rubocop-ast (1.3.0)
206
+ parser (>= 2.7.1.5)
207
+ rubocop-shopify (1.0.7)
208
+ rubocop (~> 1.4)
209
+ ruby-progressbar (1.10.1)
210
+ ruby2_keywords (0.0.4)
211
+ shopify_api (9.2.0)
212
+ activeresource (>= 4.1.0, < 6.0.0)
213
+ graphql-client
214
+ rack
215
+ sprockets (4.0.2)
216
+ concurrent-ruby (~> 1.0)
217
+ rack (> 1, < 3)
218
+ sprockets-rails (3.2.2)
219
+ actionpack (>= 4.0)
220
+ activesupport (>= 4.0)
221
+ sprockets (>= 3.0.0)
222
+ sqlite3 (1.4.2)
223
+ thor (1.0.1)
224
+ thread_safe (0.3.6)
225
+ tzinfo (1.2.7)
226
+ thread_safe (~> 0.1)
227
+ unicode-display_width (1.7.0)
228
+ webmock (3.9.1)
229
+ addressable (>= 2.3.6)
230
+ crack (>= 0.3.2)
231
+ hashdiff (>= 0.4.0, < 2.0.0)
232
+ websocket-driver (0.7.3)
233
+ websocket-extensions (>= 0.1.0)
234
+ websocket-extensions (0.1.5)
235
+ zeitwerk (2.4.0)
236
+
237
+ PLATFORMS
238
+ ruby
239
+
240
+ DEPENDENCIES
241
+ byebug
242
+ minitest
243
+ mocha
244
+ pry
245
+ pry-nav
246
+ pry-stack_explorer
247
+ rails-controller-testing
248
+ rake
249
+ rb-readline
250
+ rubocop-shopify
251
+ shopify_app!
252
+ sqlite3 (~> 1.4)
253
+ webmock
254
+
255
+ BUNDLED WITH
256
+ 2.1.4
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  Shopify App
2
2
  ===========
3
- [![Version][gem]][gem_url] [![Build Status](https://travis-ci.org/Shopify/shopify_app.png)](https://travis-ci.org/Shopify/shopify_app)
3
+ [![Version][gem]][gem_url] [![Build Status](https://github.com/Shopify/shopify_app/workflows/CI/badge.svg)](https://github.com/Shopify/shopify_app/actions?query=workflow%3ACI)
4
4
 
5
5
  [gem]: https://img.shields.io/gem/v/shopify_app.svg
6
6
  [gem_url]: https://rubygems.org/gems/shopify_app
@@ -8,6 +8,8 @@ Shopify App
8
8
 
9
9
  Shopify Application Rails engine and generator
10
10
 
11
+ ### NOTE: Rails 6.1 or above is not yet supported due to the new `cookies_same_site_protection` setting.
12
+
11
13
  #### NOTE: Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
12
14
 
13
15
  Table of Contents
@@ -72,28 +74,31 @@ The latest version of shopify_app is compatible with Rails `>= 5`. Use version `
72
74
  Generators
73
75
  ----------
74
76
 
75
- ### Default Generator
77
+ ### API Keys
78
+ <!-- This anchor name `#api-keys` is linked to from user output in `templates/shopify_app.rb.tt` so beware of changing -->
79
+ Before starting the app, you'll need to ensure it can read the Shopify environment variables `SHOPIFY_API_KEY` and `SHOPIFY_API_SECRET`.
76
80
 
77
- The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
81
+ In a development environment, a common approach is to use the [dotenv-rails](https://github.com/bkeepers/dotenv) gem, along with an `.env` file in the following format:
78
82
 
79
- ```sh
80
- $ rails generate shopify_app
83
+ ```
84
+ SHOPIFY_API_KEY=your api key
85
+ SHOPIFY_API_SECRET=your api secret
81
86
  ```
82
87
 
83
- After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
88
+ These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard].
89
+ (If you are using [shopify-app-cli](https://github.com/Shopify/shopify-app-cli) this `.env` file will be created automatically).
90
+ If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
84
91
 
85
- ### API Keys
92
+ ### Default Generator
86
93
 
87
- The default and install generators have been updated to source Shopify API key and secret from an Environment (`.env`) variables file, which you will need to create with the following format:
94
+ The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
88
95
 
89
- ```
90
- SHOPIFY_API_KEY=your api key
91
- SHOPIFY_API_SECRET=your api secret
96
+ ```sh
97
+ $ rails generate shopify_app
92
98
  ```
93
99
 
94
- These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard]. If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
100
+ After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
95
101
 
96
- **You will need to load the ENV variables into your environment, you can do this with the [dot-env](https://github.com/bkeepers/dotenv) gem or any other method you wish to.**
97
102
 
98
103
  ### Install Generator
99
104
 
@@ -107,6 +112,7 @@ Options include:
107
112
  (e.g. `--scope read_products, write_orders, write_products` or `--scope "read_products, write_orders, write_products"`)
108
113
  For more information, refer to the [docs](http://docs.shopify.com/api/tutorials/oauth).
109
114
  * `embedded` - the default is to generate an [embedded app](http://docs.shopify.com/embedded-app-sdk), if you want a legacy non-embedded app then set this to false, `--embedded false`
115
+ * __[Not recommended for embedded apps]__ `with-cookie-authentication` - sets up the authentication strategy of the app to use cookies. By default, it uses JWT based session tokens.
110
116
 
111
117
  You can update any of these settings later on easily; the arguments are simply for convenience.
112
118
 
@@ -121,10 +127,10 @@ After running the `install` generator, you can start your app with `bundle exec
121
127
  $ rails generate shopify_app:home_controller
122
128
  ```
123
129
 
124
- This generator creates an example home controller and view which fetches and displays products using the Shopify API.
130
+ This generator creates an example home controller and view which fetches and displays products using the Shopify API. By default, this generator creates an unauthenticated home_controller and a sample protected products_controller.
125
131
 
126
132
  Options include:
127
- * __[beta]__ `with-session-token`: This flag generates an unauthenticated home_controller and a protected sample products_controller. It also creates a home view that leverages a session token to fetch products from your products_controller. Use this flag if you plan to build a single-page application or to secure your app using JWT session tokens (e.g. `--with-session-token` or `--with-session-token true`).
133
+ * __[Not recommended for embedded apps]__ `with-cookie-authentication` - This flag generates an authenticated home_controller, where the authentication strategy relies on cookies. By default, this generator creates an unauthenticated home_controller and protected sample products_controller.
128
134
 
129
135
  ### Products Controller Generator
130
136
 
@@ -279,6 +285,21 @@ The engine provides a `ShopifyApp::Authenticated` concern which should be includ
279
285
 
280
286
  For backwards compatibility, the engine still provides a controller called `ShopifyApp::AuthenticatedController` which includes the `ShopifyApp::Authenticated` concern. Note that it inherits directly from `ActionController::Base`, so you will not be able to share functionality between it and your application's `ApplicationController`.
281
287
 
288
+ ### EnsureAuthenticatedLinks
289
+
290
+ The `ShopifyApp::EnsureAuthenticatedLinks` concern helps authenticate users that access protected pages of your app directly.
291
+
292
+ Include this concern in your app's `AuthenticatedController` if your app uses session tokens with [Turbolinks](https://shopify.dev/tutorials/authenticate-server-side-rendered-apps-with-session-tokens-app-bridge-turbolinks). It adds a `before_action` filter that detects whether a session token is present or not. If a session is not found, the user is redirected to your app's splash page path (`root_path`) along with `return_to` and `shop` parameters.
293
+
294
+ Example `AuthenticatedController`:
295
+
296
+ ```rb
297
+ class AuthenticatedController < ApplicationController
298
+ include ShopifyApp::EnsureAuthenticatedLinks
299
+ include ShopifyApp::Authenticated
300
+ end
301
+ ```
302
+
282
303
  ### AfterAuthenticate Job
283
304
 
284
305
  If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job, update your initializer as follows: