shopify_app 15.0.1 → 17.0.2

data/lib/generators/shopify_app/home_controller/templates/index.html.erb

@@ -7,7 +7,7 @@
       rel="stylesheet"
       href="https://unpkg.com/@shopify/polaris@4.25.0/styles.min.css"
       />
-<% if @with_session_token %>    <script>
+<% unless with_cookie_authentication? %>    <script>
       document.addEventListener("DOMContentLoaded", async function() {
         var SessionToken = window["app-bridge"].actions.SessionToken
         var app = window.app;
@@ -47,7 +47,7 @@
 <% end %>  </head>
   <body>
     <h2>Products</h2>
-<% if @with_session_token %>    <div id="products"><br>Loading...</div><% else %>
+<% unless with_cookie_authentication? %>    <div id="products"><br>Loading...</div><% else %>
     <ul>
       <%% @products.each do |product| %>
         <li><%%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
@@ -55,17 +55,17 @@
     </ul>
 
     <hr>
-
+    <% end %>
     <h2>Webhooks</h2>
 
     <%% if @webhooks.present? %>
-      <ul>
-        <%% @webhooks.each do |webhook| %>
-          <li><%%= webhook.topic %> : <%%= webhook.address %></li>
-        <%% end %>
-      </ul>
+    <ul>
+      <%% @webhooks.each do |webhook| %>
+      <li><%%= webhook.topic %> : <%%= webhook.address %></li>
+      <%% end %>
+    </ul>
     <%% else %>
-      <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
-    <%% end %><% end %>
+    <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
+    <%% end %>
   </body>
 </html>

data/lib/generators/shopify_app/install/install_generator.rb

@@ -11,6 +11,7 @@ module ShopifyApp
       class_option :scope, type: :array, default: ['read_products']
       class_option :embedded, type: :string, default: 'true'
       class_option :api_version, type: :string, default: nil
+      class_option :with_cookie_authentication, type: :boolean, default: false
 
       def create_shopify_app_initializer
         @application_name = format_array_argument(options['application_name'])
@@ -78,6 +79,10 @@ module ShopifyApp
       def format_array_argument(array)
         array.join(' ').tr('"', '')
       end
+
+      def with_cookie_authentication?
+        options['with_cookie_authentication'] || !embedded_app?
+      end
     end
   end
 end

data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt

@@ -1,15 +1,18 @@
-ShopifyApp.configure do |config|
-  config.application_name = "<%= @application_name %>"
-  config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence || raise('Missing SHOPIFY_API_KEY')
-  config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence || raise('Missing SHOPIFY_API_SECRET')
-  config.old_secret = "<%= @old_secret %>"
-  config.scope = "<%= @scope %>" # Consult this page for more scope options:
-                                 # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
-  config.embedded_app = <%= embedded_app? %>
-  config.after_authenticate_job = false
-  config.api_version = "<%= @api_version %>"
-  config.shop_session_repository = 'Shop'
-  config.allow_jwt_authentication = true
+unless defined? Rails::Generators
+  ShopifyApp.configure do |config|
+    config.application_name = "<%= @application_name %>"
+    config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence || raise('Missing SHOPIFY_API_KEY. See https://github.com/Shopify/shopify_app#api-keys')
+    config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence || raise('Missing SHOPIFY_API_SECRET. See https://github.com/Shopify/shopify_app#api-keys')
+    config.old_secret = "<%= @old_secret %>"
+    config.scope = "<%= @scope %>" # Consult this page for more scope options:
+                                   # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
+    config.embedded_app = <%= embedded_app? %>
+    config.after_authenticate_job = false
+    config.api_version = "<%= @api_version %>"
+    config.shop_session_repository = 'Shop'
+    config.allow_jwt_authentication = <%= !with_cookie_authentication? %>
+    config.allow_cookie_authentication = <%= with_cookie_authentication? %>
+  end
 end
 
 # ShopifyApp::Utils.fetch_known_api_versions                        # Uncomment to fetch known api versions from shopify servers on boot

data/lib/shopify_app/configuration.rb

@@ -39,12 +39,15 @@ module ShopifyApp
     # allow enabling jwt headers for authentication
     attr_accessor :allow_jwt_authentication
 
+    attr_accessor :allow_cookie_authentication
+
     def initialize
       @root_url = '/'
       @myshopify_domain = 'myshopify.com'
       @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
       @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
       @disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
+      @allow_cookie_authentication = true
     end
 
     def login_url

data/lib/shopify_app/controller_concerns/itp.rb

@@ -13,12 +13,10 @@ module ShopifyApp
     end
 
     def set_top_level_oauth_cookie
-      Rails.logger.debug("[ShopifyApp::Itp] Setting top level oauth cookie...")
       session['shopify.top_level_oauth'] = true
     end
 
     def clear_top_level_oauth_cookie
-      Rails.logger.debug("[ShopifyApp::Itp] Clearing top level oauth cookie...")
       session.delete('shopify.top_level_oauth')
     end
 

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -18,24 +18,18 @@ module ShopifyApp
 
     def activate_shopify_session
       if user_session_expected? && user_session.blank?
-        Rails.logger.debug("[ShopifyApp::LoginProtection] User session required. Redirecting to login...")
         signal_access_token_required
         return redirect_to_login
       end
 
-      if current_shopify_session.blank?
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Current shopify session is blank. Redirecting to login...")
-        return redirect_to_login
-      end
+      return redirect_to_login if current_shopify_session.blank?
 
       clear_top_level_oauth_cookie
 
       begin
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Activating session...")
         ShopifyAPI::Base.activate_session(current_shopify_session)
         yield
       ensure
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing session...")
         ShopifyAPI::Base.clear_session
       end
     end
@@ -57,6 +51,7 @@ module ShopifyApp
     end
 
     def user_session_by_cookie
+      return unless ShopifyApp.configuration.allow_cookie_authentication
       return unless session[:user_id].present?
       ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
     end
@@ -72,18 +67,14 @@ module ShopifyApp
     end
 
     def shop_session_by_cookie
+      return unless ShopifyApp.configuration.allow_cookie_authentication
       return unless session[:shop_id].present?
       ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
     end
 
     def login_again_if_different_user_or_shop
       if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Session data was sent/stored correctly.")
         clear_session = session[:user_session] != params[:session] # current user is different from stored user
-        if clear_session
-          Rails.logger.debug("[ShopifyApp::LoginProtection] Current user is different from stored user.")
-        end
-        clear_session
       end
 
       if current_shopify_session &&
@@ -93,7 +84,6 @@ module ShopifyApp
       end
 
       if clear_session
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing shopify session and redirecting to login...")
         clear_shopify_session
         redirect_to_login
       end

data/lib/shopify_app/session/jwt.rb

@@ -2,7 +2,9 @@
 module ShopifyApp
   class JWT
     class InvalidDestinationError < StandardError; end
+
     class MismatchedHostsError < StandardError; end
+
     class InvalidAudienceError < StandardError; end
 
     WARN_EXCEPTIONS = [

data/lib/shopify_app/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '15.0.1'
+  VERSION = '17.0.2'
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "15.0.1",
+  "version": "17.0.2",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
   s.metadata['allowed_push_host'] = 'https://rubygems.org'
 
   s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
-  s.add_runtime_dependency('rails', '> 5.2.1')
+  s.add_runtime_dependency('rails', '> 5.2.1', '< 6.1')
   s.add_runtime_dependency('shopify_api', '~> 9.1')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
   s.add_runtime_dependency('jwt', '~> 2.2.1')

data/translation.yml

@@ -1,5 +1,5 @@
 source_language: en
-target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, zh-CN, zh-TW]
+target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, vi, zh-CN, zh-TW]
 components:
   - name: 'merchant'
     paths:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 15.0.1
+  version: 17.0.2
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-10 00:00:00.000000000 Z
+date: 2021-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -31,6 +31,9 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: 5.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -38,6 +41,9 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: 5.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: shopify_api
   requirement: !ruby/object:Gem::Requirement
@@ -245,14 +251,16 @@ files:
 - ".github/ISSUE_TEMPLATE.md"
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/probots.yml"
+- ".github/workflows/build.yml"
+- ".github/workflows/release.yml"
 - ".github/workflows/rubocop.yml"
 - ".gitignore"
 - ".nvmrc"
 - ".rubocop.yml"
 - ".ruby-version"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
+- Gemfile.lock
 - LICENSE
 - README.md
 - Rakefile
@@ -268,6 +276,7 @@ files:
 - app/assets/javascripts/shopify_app/top_level.js
 - app/assets/javascripts/shopify_app/top_level_interaction.js
 - app/controllers/concerns/shopify_app/authenticated.rb
+- app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
 - app/controllers/concerns/shopify_app/require_known_shop.rb
 - app/controllers/shopify_app/authenticated_controller.rb
 - app/controllers/shopify_app/callback_controller.rb
@@ -277,6 +286,7 @@ files:
 - app/views/shopify_app/partials/_button_styles.html.erb
 - app/views/shopify_app/partials/_card_styles.html.erb
 - app/views/shopify_app/partials/_empty_state_styles.html.erb
+- app/views/shopify_app/partials/_form_styles.html.erb
 - app/views/shopify_app/partials/_layout_styles.html.erb
 - app/views/shopify_app/partials/_typography_styles.html.erb
 - app/views/shopify_app/sessions/enable_cookies.html.erb
@@ -304,6 +314,7 @@ files:
 - config/locales/sv.yml
 - config/locales/th.yml
 - config/locales/tr.yml
+- config/locales/vi.yml
 - config/locales/zh-CN.yml
 - config/locales/zh-TW.yml
 - config/routes.rb

data/.travis.yml

@@ -1,27 +0,0 @@
-sudo: required
-dist: trusty
-addons:
-    chrome: stable
-before_script:
-    - "sudo chown root /opt/google/chrome/chrome-sandbox"
-    - "sudo chmod 4755 /opt/google/chrome/chrome-sandbox"
-language: ruby
-cache:
-  bundler: true
-  directories:
-    - node_modules
-  yarn: true
-
-rvm:
-  - 2.5
-  - 2.6
-  - 2.7
-
-install:
-  - bundle install
-  - nvm install node
-  - yarn
-
-script:
-  - yarn test
-  - bundle exec rake test