shopify_app 16.0.0 → 17.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb021068958e3d20cb00ac2e038b2b51b475a70fe586756b426b4fe9f36ee214
-  data.tar.gz: 1263b5be44c7a8db83e4620130e00e191d30e12f541edc93861cf2383c132be1
+  metadata.gz: 96eacf692dda7725748337cf7ca8e2e1bc13570ffdefffb47588ccf93feb949f
+  data.tar.gz: 52f20a1df1a565802d4ca01dc45b624ecbff7d02eeea4a1cb1d4f905a0a0bf17
 SHA512:
-  metadata.gz: 0105ac8d2e7efe5b523ed8ab9d3e968ab9613215b000fb99c6f9515b2379428da7b291c3a2c0b6e9640440d9f2754474a3c11a62b3de2f9dbbdd4d02003af12e
-  data.tar.gz: 320fd2f2cf36367bffc54edf546169cc13d9be9ee3b02a3fdd02e1df9333529cfe323378e303872284567ed7f6642399dfbbc5ad46ba29a15ebc012184d25035
+  metadata.gz: d02120729eebc18d6634b1848e6f85573d44dab582dba38e17d114b4afd0a4072017f9649a276cdf58355693f05e2e9daa53bc519da98b8b3f400cb28f41cfe8
+  data.tar.gz: 3332c4c0f8860a95b3e1859f5482cd3c9140943d608173668841f671e037ee7b532a6099eef49a257c254e517baf6d616c0aa3aacf1d298820ec06d8d779885a

data/.github/workflows/release.yml

@@ -0,0 +1,24 @@
+name: Create Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Extract tag name
+      id: tag
+      run: echo "::set-output name=value::${GITHUB_REF##*/}"
+    - uses: actions/checkout@v2
+
+    - name: Create Release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ steps.tag.outputs.value }}
+        release_name: ${{ steps.tag.outputs.value }}

data/CHANGELOG.md

@@ -1,3 +1,27 @@
+Unreleased
+----------
+
+17.0.3 (January 22, 2021)
+----------
+* Amend fix for #1144 to raise on missing API keys only when running the server [#1155](https://github.com/Shopify/shopify_app/pull/1155)
+
+17.0.2 (January 20, 2021)
+------
+* Fix failing script tags and webhooks installs after completing OAuth [#1151](https://github.com/Shopify/shopify_app/pull/1151)
+
+17.0.1 (January 18, 2021)
+------
+* Don't attempt to read Shopify environment variables when the generators are running, since they may not be present yet [#1144](https://github.com/Shopify/shopify_app/pull/1144)
+
+17.0.0 (January 13, 2021)
+------
+* Rails 6.1 is not yet supported [#1134](https://github.com/Shopify/shopify_app/pull/1134)
+
+16.1.0
+------
+* Use Session Token auth strategy by default for new embedded apps [#1111](https://github.com/Shopify/shopify_app/pull/1111)
+* Create optional `EnsureAuthenticatedLinks` concern to authenticate deep links using Turbolinks [#1118](https://github.com/Shopify/shopify_app/pull/1118)
+
 16.0.0
 ------
 * Update all `html.erb` and `css` files to correspond with updated store admin design language [#1102](https://github.com/Shopify/shopify_app/pull/1102)

data/Gemfile.lock

@@ -1,11 +1,11 @@
 PATH
   remote: .
   specs:
-    shopify_app (16.0.0)
+    shopify_app (17.0.3)
       browser_sniffer (~> 1.2.2)
       jwt (~> 2.2.1)
       omniauth-shopify-oauth2 (~> 2.2.2)
-      rails (> 5.2.1)
+      rails (> 5.2.1, < 6.1)
       redirect_safely (~> 1.0)
       shopify_api (~> 9.1)
 
@@ -89,12 +89,14 @@ GEM
     crass (1.0.6)
     debug_inspector (0.0.3)
     erubi (1.9.0)
-    faraday (1.1.0)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
       ruby2_keywords
+    faraday-net_http (1.0.1)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    graphql (1.11.6)
+    graphql (1.12.0)
     graphql-client (0.16.0)
       activesupport (>= 3.0)
       graphql (~> 1.8)
@@ -113,15 +115,16 @@ GEM
     method_source (0.9.2)
     mimemagic (0.3.5)
     mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
+    mini_portile2 (2.5.0)
     minitest (5.14.2)
     mocha (1.11.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     nio4r (2.5.4)
-    nokogiri (1.10.10)
-      mini_portile2 (~> 2.4.0)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
@@ -149,6 +152,7 @@ GEM
       binding_of_caller (>= 0.7)
       pry (>= 0.9.11)
     public_suffix (4.0.6)
+    racc (1.5.2)
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
@@ -203,7 +207,7 @@ GEM
     rubocop-shopify (1.0.7)
       rubocop (~> 1.4)
     ruby-progressbar (1.10.1)
-    ruby2_keywords (0.0.2)
+    ruby2_keywords (0.0.4)
     shopify_api (9.2.0)
       activeresource (>= 4.1.0, < 6.0.0)
       graphql-client
@@ -216,7 +220,7 @@ GEM
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     sqlite3 (1.4.2)
-    thor (1.0.1)
+    thor (1.1.0)
     thread_safe (0.3.6)
     tzinfo (1.2.7)
       thread_safe (~> 0.1)

data/README.md

@@ -8,6 +8,8 @@ Shopify App
 
 Shopify Application Rails engine and generator
 
+### NOTE: Rails 6.1 or above is not yet supported due to the new `cookies_same_site_protection` setting.
+
 #### NOTE: Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
 
 Table of Contents
@@ -72,28 +74,31 @@ The latest version of shopify_app is compatible with Rails `>= 5`. Use version `
 Generators
 ----------
 
-### Default Generator
+### API Keys
+<!-- This anchor name `#api-keys` is linked to from user output in `templates/shopify_app.rb.tt` so beware of changing -->
+Before starting the app, you'll need to ensure it can read the Shopify environment variables `SHOPIFY_API_KEY` and `SHOPIFY_API_SECRET`.
 
-The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
+In a development environment, a common approach is to use the [dotenv-rails](https://github.com/bkeepers/dotenv) gem, along with an `.env` file in the following format:
 
-```sh
-$ rails generate shopify_app
+```
+SHOPIFY_API_KEY=your api key
+SHOPIFY_API_SECRET=your api secret
 ```
 
-After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
+These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard].
+(If you are using [shopify-app-cli](https://github.com/Shopify/shopify-app-cli) this `.env` file will be created automatically).
+If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
 
-### API Keys
+### Default Generator
 
-The default and install generators have been updated to source Shopify API key and secret from an Environment (`.env`) variables file, which you will need to create with the following format:
+The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
 
-```
-SHOPIFY_API_KEY=your api key
-SHOPIFY_API_SECRET=your api secret
+```sh
+$ rails generate shopify_app
 ```
 
-These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard]. If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
+After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
 
-**You will need to load the ENV variables into your environment, you can do this with the [dot-env](https://github.com/bkeepers/dotenv) gem or any other method you wish to.**
 
 ### Install Generator
 
@@ -107,6 +112,7 @@ Options include:
 (e.g. `--scope read_products, write_orders, write_products` or `--scope "read_products, write_orders, write_products"`)
 For more information, refer to the [docs](http://docs.shopify.com/api/tutorials/oauth).
 * `embedded` - the default is to generate an [embedded app](http://docs.shopify.com/embedded-app-sdk), if you want a legacy non-embedded app then set this to false, `--embedded false`
+* __[Not recommended for embedded apps]__ `with-cookie-authentication` - sets up the authentication strategy of the app to use cookies. By default, it uses JWT based session tokens.
 
 You can update any of these settings later on easily; the arguments are simply for convenience.
 
@@ -121,10 +127,10 @@ After running the `install` generator, you can start your app with `bundle exec
 $ rails generate shopify_app:home_controller
 ```
 
-This generator creates an example home controller and view which fetches and displays products using the Shopify API.
+This generator creates an example home controller and view which fetches and displays products using the Shopify API. By default, this generator creates an unauthenticated home_controller and a sample protected products_controller.
 
 Options include:
-* __[beta]__ `with-session-token`: This flag generates an unauthenticated home_controller and a protected sample products_controller. It also creates a home view that leverages a session token to fetch products from your products_controller. Use this flag if you plan to build a single-page application or to secure your app using JWT session tokens (e.g. `--with-session-token` or `--with-session-token true`). 
+* __[Not recommended for embedded apps]__ `with-cookie-authentication` - This flag generates an authenticated home_controller, where the authentication strategy relies on cookies. By default, this generator creates an unauthenticated home_controller and protected sample products_controller.
 
 ### Products Controller Generator
 
@@ -279,6 +285,21 @@ The engine provides a `ShopifyApp::Authenticated` concern which should be includ
 
 For backwards compatibility, the engine still provides a controller called `ShopifyApp::AuthenticatedController` which includes the `ShopifyApp::Authenticated` concern. Note that it inherits directly from `ActionController::Base`, so you will not be able to share functionality between it and your application's `ApplicationController`.
 
+### EnsureAuthenticatedLinks
+
+The `ShopifyApp::EnsureAuthenticatedLinks` concern helps authenticate users that access protected pages of your app directly.
+
+Include this concern in your app's `AuthenticatedController` if your app uses session tokens with [Turbolinks](https://shopify.dev/tutorials/authenticate-server-side-rendered-apps-with-session-tokens-app-bridge-turbolinks). It adds a `before_action` filter that detects whether a session token is present or not. If a session is not found, the user is redirected to your app's splash page path (`root_path`) along with `return_to` and `shop` parameters.
+
+Example `AuthenticatedController`:
+
+```rb
+class AuthenticatedController < ApplicationController
+  include ShopifyApp::EnsureAuthenticatedLinks
+  include ShopifyApp::Authenticated
+end
+```
+
 ### AfterAuthenticate Job
 
 If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job, update your initializer as follows:

data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module EnsureAuthenticatedLinks
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :redirect_to_splash_page, if: :missing_expected_jwt?
+    end
+
+    private
+
+    def redirect_to_splash_page
+      splash_page_path = root_path(return_to: request.fullpath, shop: current_shopify_domain)
+      redirect_to(splash_page_path)
+    end
+
+    def missing_expected_jwt?
+      jwt_shopify_domain.blank?
+    end
+  end
+end

data/app/controllers/shopify_app/callback_controller.rb

@@ -30,16 +30,12 @@ module ShopifyApp
     end
 
     def respond_with_user_token_flow
-      Rails.logger.debug("[ShopifyApp::CallbackController] Redirecting for user token...")
       redirect_to(login_url_with_optional_shop)
     end
 
     def store_access_token_and_build_session
       if native_browser_request?
-        Rails.logger.debug("[ShopifyApp::CallbackController] Not a JWT request. Resetting session options...")
         reset_session_options
-      else
-        Rails.logger.debug("[ShopifyApp::CallbackController] JWT request detected. Setting shopify session...")
       end
       set_shopify_session
     end
@@ -62,10 +58,8 @@ module ShopifyApp
 
     def respond_with_error
       if jwt_request?
-        Rails.logger.debug("[ShopifyApp::CallbackController] Invalid JWT auth detected.")
         head(:unauthorized)
       else
-        Rails.logger.debug("[ShopifyApp::CallbackController] Invalid non JWT auth detected.")
         flash[:error] = I18n.t('could_not_log_in')
         redirect_to(login_url_with_optional_shop)
       end
@@ -95,6 +89,14 @@ module ShopifyApp
       auth_hash.uid
     end
 
+    def offline_access_token
+      ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(shop_name)&.token
+    end
+
+    def online_access_token
+      ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(associated_user_id)&.token
+    end
+
     def associated_user
       return unless auth_hash.dig('extra', 'associated_user').present?
 
@@ -138,7 +140,7 @@ module ShopifyApp
 
       WebhooksManager.queue(
         shop_name,
-        shop_session&.token || user_session.token,
+        offline_access_token || online_access_token,
         ShopifyApp.configuration.webhooks
       )
     end
@@ -148,7 +150,7 @@ module ShopifyApp
 
       ScripttagsManager.queue(
         shop_name,
-        shop_session&.token || user_session.token,
+        offline_access_token || online_access_token,
         ShopifyApp.configuration.scripttags
       )
     end

data/app/controllers/shopify_app/sessions_controller.rb

@@ -10,19 +10,14 @@ module ShopifyApp
     end
 
     def new
-      if sanitized_shop_name.present?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Sanitized shop name present. Authenticating...")
-        authenticate
-      end
+      authenticate if sanitized_shop_name.present?
     end
 
     def create
-      Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating...")
       authenticate
     end
 
     def enable_cookies
-      Rails.logger.debug("[ShopifyApp::SessionsController] Enabling cookies...")
       return unless validate_shop_presence
 
       render(:enable_cookies, layout: false, locals: {
@@ -45,7 +40,6 @@ module ShopifyApp
     end
 
     def granted_storage_access
-      Rails.logger.debug("[ShopifyApp::SessionsController] Granted storage access.")
       return unless validate_shop_presence
 
       session['shopify.granted_storage_access'] = true
@@ -56,7 +50,6 @@ module ShopifyApp
     end
 
     def destroy
-      Rails.logger.debug("[ShopifyApp::SessionsController] Resetting session.")
       reset_session
       flash[:notice] = I18n.t('.logged_out')
       redirect_to(login_url_with_optional_shop)
@@ -73,23 +66,18 @@ module ShopifyApp
       set_user_tokens_option
 
       if user_agent_can_partition_cookies
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating with partitioning...")
         authenticate_with_partitioning
       else
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating normally...")
         authenticate_normally
       end
     end
 
     def authenticate_normally
       if request_storage_access?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Redirecting to request storage access...")
         redirect_to_request_storage_access
       elsif authenticate_in_context?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating in context...")
         authenticate_in_context
       else
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating at top level...")
         authenticate_at_top_level
       end
     end
@@ -107,7 +95,6 @@ module ShopifyApp
     # rubocop:disable Lint/SuppressedException
     def set_user_tokens_option
       if shop_session.blank?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Shop session is blank.")
         session[:user_tokens] = false
         return
       end
@@ -130,7 +117,6 @@ module ShopifyApp
     def validate_shop_presence
       @shop = sanitized_shop_name
       unless @shop
-        Rails.logger.debug("[ShopifyApp::SessionsController] Invalid shop detected.")
         render_invalid_shop_error
         return false
       end

data/config/locales/de.yml

@@ -4,19 +4,19 @@ de:
   could_not_log_in: Shopify Store Login fehlgeschlagen
   invalid_shop_url: Ungültige Shop-Domain
   enable_cookies_heading: Cookies von %{app} aktivieren
-  enable_cookies_body: Sie müssen Cookies in diesem Browser manuell aktivieren, um
-    %{app} in Shopify verwenden zu können.
-  enable_cookies_footer: Mithilfe von Cookies kann die App Sie authentifizieren, indem
-    Ihre Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden.
-    Sie laufen nach 30 Tagen ab.
+  enable_cookies_body: Du musst Cookies in diesem Browser manuell aktivieren, um %{app}
+    in Shopify verwenden zu können.
+  enable_cookies_footer: Mithilfe von Cookies kann die App dich authentifizieren,
+    indem deine Einstellungen und personenbezogenen Daten vorübergehend gespeichert
+    werden. Sie laufen nach 30 Tagen ab.
   enable_cookies_action: Cookies aktivieren
-  top_level_interaction_heading: Ihr Browser muss %{app} authentifizieren
-  top_level_interaction_body: Ihr Browser verlangt, dass Apps wie %{app} Sie um Zugriff
-    auf Cookies bitten, bevor Shopify sie für Sie öffnen kann.
+  top_level_interaction_heading: Dein Browser muss %{app} authentifizieren
+  top_level_interaction_body: Dein Browser verlangt, dass Apps wie %{app} dich um
+    Zugriff auf Cookies bitten, bevor Shopify sie für dich öffnen kann.
   top_level_interaction_action: Weiter
   request_storage_access_heading: "%{app} braucht Zugriff auf Cookies"
-  request_storage_access_body: Damit kann die App Sie authentifizieren, indem Ihre
-    Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden. Klicken
-    Sie auf "Weiter" und erlauben Sie den Cookies, die App zu verwenden.
+  request_storage_access_body: Damit kann die App dich authentifizieren, indem deine
+    Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden. Klicke
+    auf "Weiter" und erlaube Cookies, um die App zu verwenden.
   request_storage_access_footer: Cookies laufen nach 30 Tagen ab.
   request_storage_access_action: Weiter

data/config/locales/vi.yml

@@ -0,0 +1,22 @@
+---
+vi:
+  logged_out: Đã đăng xuất thành công
+  could_not_log_in: Không thể đăng nhập vào cửa hàng trên Shopify
+  invalid_shop_url: Miền cửa hàng không hợp lệ
+  enable_cookies_heading: Bật cookie từ %{app}
+  enable_cookies_body: Bạn phải bật cookie trong trình duyệt này theo cách thủ công
+    để sử dụng %{app} trong Shopify.
+  enable_cookies_footer: Cookie cho phép ứng dụng xác thực bạn bằng cách tạm thời
+    lưu trữ tùy chọn và thông tin cá nhân của bạn. Những thông tin này sẽ hết hạn
+    sau 30 ngày.
+  enable_cookies_action: Bật cookie
+  top_level_interaction_heading: Trình duyệt của bạn cần xác thực %{app}
+  top_level_interaction_body: Trình duyệt của bạn cần các ứng dụng như %{app} để yêu
+    cầu quyền truy cập vào cookie thì Shopify mới có thể mở giúp bạn.
+  top_level_interaction_action: Tiếp tục
+  request_storage_access_heading: "%{app} cần quyền truy cập cookie"
+  request_storage_access_body: Nhờ vậy, ứng dụng có thể xác thực bạn bằng cách tạm
+    thời lưu trữ thông tin cá nhân của bạn. Nhấp vào tiếp tục và cho phép cookie sử
+    dụng ứng dụng.
+  request_storage_access_footer: Cookie sẽ hết hạn sau 30 ngày.
+  request_storage_access_action: Tiếp tục

data/config/locales/zh-CN.yml

@@ -8,7 +8,7 @@ zh-CN:
   enable_cookies_footer: Cookie 使此应用能够通过暂时存储您的偏好设置和个人信息来验证您的身份。这些信息将在 30 天后过期。
   enable_cookies_action: 启用 Cookie
   top_level_interaction_heading: 您的浏览器需要对 %{app} 进行验证
-  top_level_interaction_body: 您的浏览器要求类似 %{app} 的应用向您请求访问 Cookie，之后 Shopify 才能为您打开它。
+  top_level_interaction_body: 您的浏览器要求类似 %{app} 的应用向您申请访问 Cookie，之后 Shopify 才能为您打开它。
   top_level_interaction_action: 继续
   request_storage_access_heading: "%{app} 需要访问 Cookie"
   request_storage_access_body: 这使此应用能够通过暂时存储您的个人信息来验证您的身份。单击继续并启用 Cookie 以使用此应用。

data/docs/Releasing.md

@@ -5,14 +5,16 @@
 1. Create a pull request with the following changes:
     - Update the version of ShopifyApp in lib/shopify_app/version.rb
     - Update the version of shopify_app in package.json
+    - Run `bundle` to update `Gemfile.lock`
     - Add a CHANGELOG entry for the new release with the date
     - Change the title of the PR to something like: "Packaging for release X.Y.Z"
 1. Merge your pull request
 1. Checkout and pull from master so you have the latest version of the shopify_app
 1. Tag the HEAD with the version
-```bash
-$ git tag -f vX.Y.Z && git push --tags --force
-```
+    ```bash
+    $ git tag -f vX.Y.Z && git push --tags --force
+    ```
+1. Check that Create Release workflow successfully runs
 1. Use Shipit to build and push the gem
 
 If you see an error like 'You need to create the vX.Y.X tag first', clear git

data/lib/generators/shopify_app/home_controller/home_controller_generator.rb

@@ -6,16 +6,15 @@ module ShopifyApp
     class HomeControllerGenerator < Rails::Generators::Base
       source_root File.expand_path('../templates', __FILE__)
 
-      class_option :with_session_token, type: :boolean, default: false
+      class_option :with_cookie_authentication, type: :boolean, default: false
+      class_option :embedded, type: :string, default: 'true'
 
       def create_home_controller
-        @with_session_token = options['with_session_token']
-
         template(home_controller_template, 'app/controllers/home_controller.rb')
       end
 
       def create_products_controller
-        generate("shopify_app:products_controller") if with_session_token?
+        generate("shopify_app:products_controller") unless with_cookie_authentication?
       end
 
       def create_home_index_view
@@ -28,16 +27,26 @@ module ShopifyApp
 
       private
 
+      def embedded?
+        options['embedded'] == 'true'
+      end
+
       def embedded_app?
         ShopifyApp.configuration.embedded_app?
       end
 
-      def with_session_token?
-        @with_session_token
+      def with_cookie_authentication?
+        options['with_cookie_authentication']
       end
 
       def home_controller_template
-        with_session_token? ? 'unauthenticated_home_controller.rb' : 'home_controller.rb'
+        return 'unauthenticated_home_controller.rb' unless authenticated_home_controller_required?
+
+        'home_controller.rb'
+      end
+
+      def authenticated_home_controller_required?
+        with_cookie_authentication? || !embedded? || !embedded_app?
       end
     end
   end

data/lib/generators/shopify_app/home_controller/templates/index.html.erb

@@ -7,7 +7,7 @@
       rel="stylesheet"
       href="https://unpkg.com/@shopify/polaris@4.25.0/styles.min.css"
       />
-<% if @with_session_token %>    <script>
+<% unless with_cookie_authentication? %>    <script>
       document.addEventListener("DOMContentLoaded", async function() {
         var SessionToken = window["app-bridge"].actions.SessionToken
         var app = window.app;
@@ -47,7 +47,7 @@
 <% end %>  </head>
   <body>
     <h2>Products</h2>
-<% if @with_session_token %>    <div id="products"><br>Loading...</div><% else %>
+<% unless with_cookie_authentication? %>    <div id="products"><br>Loading...</div><% else %>
     <ul>
       <%% @products.each do |product| %>
         <li><%%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
@@ -55,17 +55,17 @@
     </ul>
 
     <hr>
-
+    <% end %>
     <h2>Webhooks</h2>
 
     <%% if @webhooks.present? %>
-      <ul>
-        <%% @webhooks.each do |webhook| %>
-          <li><%%= webhook.topic %> : <%%= webhook.address %></li>
-        <%% end %>
-      </ul>
+    <ul>
+      <%% @webhooks.each do |webhook| %>
+      <li><%%= webhook.topic %> : <%%= webhook.address %></li>
+      <%% end %>
+    </ul>
     <%% else %>
-      <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
-    <%% end %><% end %>
+    <p>This app has not created any webhooks for this Shop. Add webhooks to your ShopifyApp initializer if you need webhooks</p>
+    <%% end %>
   </body>
 </html>

data/lib/generators/shopify_app/install/install_generator.rb

@@ -11,6 +11,7 @@ module ShopifyApp
       class_option :scope, type: :array, default: ['read_products']
       class_option :embedded, type: :string, default: 'true'
       class_option :api_version, type: :string, default: nil
+      class_option :with_cookie_authentication, type: :boolean, default: false
 
       def create_shopify_app_initializer
         @application_name = format_array_argument(options['application_name'])
@@ -78,6 +79,10 @@ module ShopifyApp
       def format_array_argument(array)
         array.join(' ').tr('"', '')
       end
+
+      def with_cookie_authentication?
+        options['with_cookie_authentication'] || !embedded_app?
+      end
     end
   end
 end

data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt

@@ -1,15 +1,21 @@
 ShopifyApp.configure do |config|
   config.application_name = "<%= @application_name %>"
-  config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence || raise('Missing SHOPIFY_API_KEY')
-  config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence || raise('Missing SHOPIFY_API_SECRET')
   config.old_secret = "<%= @old_secret %>"
   config.scope = "<%= @scope %>" # Consult this page for more scope options:
-                                 # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
+                                  # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
   config.embedded_app = <%= embedded_app? %>
   config.after_authenticate_job = false
   config.api_version = "<%= @api_version %>"
   config.shop_session_repository = 'Shop'
-  config.allow_jwt_authentication = true
+  config.allow_jwt_authentication = <%= !with_cookie_authentication? %>
+  config.allow_cookie_authentication = <%= with_cookie_authentication? %>
+
+  config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence
+  config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence
+  if defined? Rails::Server
+    raise('Missing SHOPIFY_API_KEY. See https://github.com/Shopify/shopify_app#api-keys') unless config.api_key
+    raise('Missing SHOPIFY_API_SECRET. See https://github.com/Shopify/shopify_app#api-keys') unless config.secret
+  end
 end
 
 # ShopifyApp::Utils.fetch_known_api_versions                        # Uncomment to fetch known api versions from shopify servers on boot

data/lib/shopify_app/configuration.rb

@@ -39,12 +39,15 @@ module ShopifyApp
     # allow enabling jwt headers for authentication
     attr_accessor :allow_jwt_authentication
 
+    attr_accessor :allow_cookie_authentication
+
     def initialize
       @root_url = '/'
       @myshopify_domain = 'myshopify.com'
       @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
       @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
       @disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
+      @allow_cookie_authentication = true
     end
 
     def login_url

data/lib/shopify_app/controller_concerns/itp.rb

@@ -13,12 +13,10 @@ module ShopifyApp
     end
 
     def set_top_level_oauth_cookie
-      Rails.logger.debug("[ShopifyApp::Itp] Setting top level oauth cookie...")
       session['shopify.top_level_oauth'] = true
     end
 
     def clear_top_level_oauth_cookie
-      Rails.logger.debug("[ShopifyApp::Itp] Clearing top level oauth cookie...")
       session.delete('shopify.top_level_oauth')
     end
 

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -18,24 +18,18 @@ module ShopifyApp
 
     def activate_shopify_session
       if user_session_expected? && user_session.blank?
-        Rails.logger.debug("[ShopifyApp::LoginProtection] User session required. Redirecting to login...")
         signal_access_token_required
         return redirect_to_login
       end
 
-      if current_shopify_session.blank?
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Current shopify session is blank. Redirecting to login...")
-        return redirect_to_login
-      end
+      return redirect_to_login if current_shopify_session.blank?
 
       clear_top_level_oauth_cookie
 
       begin
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Activating session...")
         ShopifyAPI::Base.activate_session(current_shopify_session)
         yield
       ensure
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing session...")
         ShopifyAPI::Base.clear_session
       end
     end
@@ -57,6 +51,7 @@ module ShopifyApp
     end
 
     def user_session_by_cookie
+      return unless ShopifyApp.configuration.allow_cookie_authentication
       return unless session[:user_id].present?
       ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
     end
@@ -72,18 +67,14 @@ module ShopifyApp
     end
 
     def shop_session_by_cookie
+      return unless ShopifyApp.configuration.allow_cookie_authentication
       return unless session[:shop_id].present?
       ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
     end
 
     def login_again_if_different_user_or_shop
       if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Session data was sent/stored correctly.")
         clear_session = session[:user_session] != params[:session] # current user is different from stored user
-        if clear_session
-          Rails.logger.debug("[ShopifyApp::LoginProtection] Current user is different from stored user.")
-        end
-        clear_session
       end
 
       if current_shopify_session &&
@@ -93,7 +84,6 @@ module ShopifyApp
       end
 
       if clear_session
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing shopify session and redirecting to login...")
         clear_shopify_session
         redirect_to_login
       end

data/lib/shopify_app/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '16.0.0'
+  VERSION = '17.0.3'
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "16.0.0",
+  "version": "17.0.3",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
   s.metadata['allowed_push_host'] = 'https://rubygems.org'
 
   s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
-  s.add_runtime_dependency('rails', '> 5.2.1')
+  s.add_runtime_dependency('rails', '> 5.2.1', '< 6.1')
   s.add_runtime_dependency('shopify_api', '~> 9.1')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
   s.add_runtime_dependency('jwt', '~> 2.2.1')

data/translation.yml

@@ -1,5 +1,5 @@
 source_language: en
-target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, zh-CN, zh-TW]
+target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, vi, zh-CN, zh-TW]
 components:
   - name: 'merchant'
     paths:

data/yarn.lock

@@ -1347,11 +1347,6 @@ async-each@^1.0.1:
   resolved "https://registry.yarnpkg.com/async-each/-/async-each-1.0.3.tgz#b727dbf87d7651602f06f4d4ac387f47d91b0cbf"
   integrity sha512-z/WhQ5FPySLdvREByI2vZiTWwCnF0moMJ1hK9YQwDTHKh6I7/uSckMetoRGb5UBZPC1z0jlw+n/XCgjeH7y1AQ==
 
-async-limiter@~1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/async-limiter/-/async-limiter-1.0.1.tgz#dd379e94f0db8310b08291f9d64c3209766617fd"
-  integrity sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==
-
 atob@^2.1.2:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
@@ -1419,10 +1414,10 @@ balanced-match@^1.0.0:
   resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767"
   integrity sha1-ibTRmasr7kneFk6gK4nORi1xt2c=
 
-base64-arraybuffer@0.1.5:
-  version "0.1.5"
-  resolved "https://registry.yarnpkg.com/base64-arraybuffer/-/base64-arraybuffer-0.1.5.tgz#73926771923b5a19747ad666aa5cd4bf9c6e9ce8"
-  integrity sha1-c5JncZI7Whl0etZmqlzUv5xunOg=
+base64-arraybuffer@0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/base64-arraybuffer/-/base64-arraybuffer-0.1.4.tgz#9818c79e059b1355f97e0428a017c838e90ba812"
+  integrity sha1-mBjHngWbE1X5fgQooBfIOOkLqBI=
 
 base64-js@^1.0.2:
   version "1.3.1"
@@ -1447,13 +1442,6 @@ base@^0.11.1:
     mixin-deep "^1.2.0"
     pascalcase "^0.1.1"
 
-better-assert@~1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/better-assert/-/better-assert-1.0.2.tgz#40866b9e1b9e0b55b481894311e68faffaebc522"
-  integrity sha1-QIZrnhueC1W0gYlDEeaPr/rrxSI=
-  dependencies:
-    callsite "1.0.0"
-
 big.js@^5.2.2:
   version "5.2.2"
   resolved "https://registry.yarnpkg.com/big.js/-/big.js-5.2.2.tgz#65f0af382f578bcdc742bd9c281e9cb2d7768328"
@@ -1689,11 +1677,6 @@ cache-base@^1.0.1:
     union-value "^1.0.0"
     unset-value "^1.0.0"
 
-callsite@1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/callsite/-/callsite-1.0.0.tgz#280398e5d664bd74038b6f0905153e6e8af1bc20"
-  integrity sha1-KAOY5dZkvXQDi28JBRU+borxvCA=
-
 camelcase@^5.0.0, camelcase@^5.3.1:
   version "5.3.1"
   resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-5.3.1.tgz#e3c9b31569e106811df242f715725a1f4c494320"
@@ -1954,10 +1937,10 @@ convert-source-map@^1.7.0:
   dependencies:
     safe-buffer "~5.1.1"
 
-cookie@0.3.1:
-  version "0.3.1"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.3.1.tgz#e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb"
-  integrity sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=
+cookie@~0.4.1:
+  version "0.4.1"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1"
+  integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==
 
 copy-concurrently@^1.0.0:
   version "1.0.5"
@@ -2236,45 +2219,45 @@ end-of-stream@^1.0.0, end-of-stream@^1.1.0:
   dependencies:
     once "^1.4.0"
 
-engine.io-client@~3.4.0:
-  version "3.4.3"
-  resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-3.4.3.tgz#192d09865403e3097e3575ebfeb3861c4d01a66c"
-  integrity sha512-0NGY+9hioejTEJCaSJZfWZLk4FPI9dN+1H1C4+wj2iuFba47UgZbJzfWs4aNFajnX/qAaYKbe2lLTfEEWzCmcw==
+engine.io-client@~3.5.0:
+  version "3.5.0"
+  resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-3.5.0.tgz#fc1b4d9616288ce4f2daf06dcf612413dec941c7"
+  integrity sha512-12wPRfMrugVw/DNyJk34GQ5vIVArEcVMXWugQGGuw2XxUSztFNmJggZmv8IZlLyEdnpO1QB9LkcjeWewO2vxtA==
   dependencies:
     component-emitter "~1.3.0"
     component-inherit "0.0.3"
-    debug "~4.1.0"
+    debug "~3.1.0"
     engine.io-parser "~2.2.0"
     has-cors "1.1.0"
     indexof "0.0.1"
-    parseqs "0.0.5"
-    parseuri "0.0.5"
-    ws "~6.1.0"
+    parseqs "0.0.6"
+    parseuri "0.0.6"
+    ws "~7.4.2"
     xmlhttprequest-ssl "~1.5.4"
     yeast "0.1.2"
 
 engine.io-parser@~2.2.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-2.2.0.tgz#312c4894f57d52a02b420868da7b5c1c84af80ed"
-  integrity sha512-6I3qD9iUxotsC5HEMuuGsKA0cXerGz+4uGcXQEkfBidgKf0amsjrrtwcbwK/nzpZBxclXlV7gGl9dgWvu4LF6w==
+  version "2.2.1"
+  resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-2.2.1.tgz#57ce5611d9370ee94f99641b589f94c97e4f5da7"
+  integrity sha512-x+dN/fBH8Ro8TFwJ+rkB2AmuVw9Yu2mockR/p3W8f8YtExwFgDvBDi0GWyb4ZLkpahtDGZgtr3zLovanJghPqg==
   dependencies:
     after "0.8.2"
     arraybuffer.slice "~0.0.7"
-    base64-arraybuffer "0.1.5"
+    base64-arraybuffer "0.1.4"
     blob "0.0.5"
     has-binary2 "~1.0.2"
 
-engine.io@~3.4.0:
-  version "3.4.2"
-  resolved "https://registry.yarnpkg.com/engine.io/-/engine.io-3.4.2.tgz#8fc84ee00388e3e228645e0a7d3dfaeed5bd122c"
-  integrity sha512-b4Q85dFkGw+TqgytGPrGgACRUhsdKc9S9ErRAXpPGy/CXKs4tYoHDkvIRdsseAF7NjfVwjRFIn6KTnbw7LwJZg==
+engine.io@~3.5.0:
+  version "3.5.0"
+  resolved "https://registry.yarnpkg.com/engine.io/-/engine.io-3.5.0.tgz#9d6b985c8a39b1fe87cd91eb014de0552259821b"
+  integrity sha512-21HlvPUKaitDGE4GXNtQ7PLP0Sz4aWLddMPw2VTyFz1FVZqu/kZsJUO8WNpKuE/OCL7nkfRaOui2ZCJloGznGA==
   dependencies:
     accepts "~1.3.4"
     base64id "2.0.0"
-    cookie "0.3.1"
+    cookie "~0.4.1"
     debug "~4.1.0"
     engine.io-parser "~2.2.0"
-    ws "^7.1.2"
+    ws "~7.4.2"
 
 enhanced-resolve@^4.3.0:
   version "4.3.0"
@@ -3480,17 +3463,17 @@ miller-rabin@^4.0.0:
     bn.js "^4.0.0"
     brorand "^1.0.1"
 
-mime-db@1.44.0:
-  version "1.44.0"
-  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.44.0.tgz#fa11c5eb0aca1334b4233cb4d52f10c5a6272f92"
-  integrity sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==
+mime-db@1.45.0:
+  version "1.45.0"
+  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.45.0.tgz#cceeda21ccd7c3a745eba2decd55d4b73e7879ea"
+  integrity sha512-CkqLUxUk15hofLoLyljJSrukZi8mAtgd+yE5uO4tqRZsdsAJKv0O+rFMhVDRJgozy+yG6md5KwuXhD4ocIoP+w==
 
 mime-types@~2.1.24:
-  version "2.1.27"
-  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.27.tgz#47949f98e279ea53119f5722e0f34e529bec009f"
-  integrity sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==
+  version "2.1.28"
+  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.28.tgz#1160c4757eab2c5363888e005273ecf79d2a0ecd"
+  integrity sha512-0TO2yJ5YHYr7M2zzT7gDU1tbwHxEUWBCLt0lscSNpcdAfFyJOVEpRYNS7EXVcTLNj/25QO8gulHC5JtTzSE2UQ==
   dependencies:
-    mime-db "1.44.0"
+    mime-db "1.45.0"
 
 mime@^2.4.4, mime@^2.4.5:
   version "2.4.6"
@@ -3610,11 +3593,16 @@ ms@2.0.0:
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
   integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=
 
-ms@2.1.2, ms@^2.1.1:
+ms@2.1.2:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
   integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
 
+ms@^2.1.1:
+  version "2.1.3"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
+  integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
+
 nan@^2.12.1:
   version "2.14.1"
   resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.1.tgz#d7be34dfa3105b91494c3147089315eff8874b01"
@@ -3709,11 +3697,6 @@ object-assign@^4.1.1:
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
   integrity sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=
 
-object-component@0.0.3:
-  version "0.0.3"
-  resolved "https://registry.yarnpkg.com/object-component/-/object-component-0.0.3.tgz#f0c69aa50efc95b866c186f400a33769cb2f1291"
-  integrity sha1-8MaapQ78lbhmwYb0AKM3acsvEpE=
-
 object-copy@^0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/object-copy/-/object-copy-0.1.0.tgz#7e7d858b781bd7c991a41ba975ed3812754e998c"
@@ -3841,19 +3824,15 @@ parse-asn1@^5.0.0, parse-asn1@^5.1.5:
     pbkdf2 "^3.0.3"
     safe-buffer "^5.1.1"
 
-parseqs@0.0.5:
-  version "0.0.5"
-  resolved "https://registry.yarnpkg.com/parseqs/-/parseqs-0.0.5.tgz#d5208a3738e46766e291ba2ea173684921a8b89d"
-  integrity sha1-1SCKNzjkZ2bikbouoXNoSSGouJ0=
-  dependencies:
-    better-assert "~1.0.0"
+parseqs@0.0.6:
+  version "0.0.6"
+  resolved "https://registry.yarnpkg.com/parseqs/-/parseqs-0.0.6.tgz#8e4bb5a19d1cdc844a08ac974d34e273afa670d5"
+  integrity sha512-jeAGzMDbfSHHA091hr0r31eYfTig+29g3GKKE/PPbEQ65X0lmMwlEoqmhzu0iztID5uJpZsFlUPDP8ThPL7M8w==
 
-parseuri@0.0.5:
-  version "0.0.5"
-  resolved "https://registry.yarnpkg.com/parseuri/-/parseuri-0.0.5.tgz#80204a50d4dbb779bfdc6ebe2778d90e4bce320a"
-  integrity sha1-gCBKUNTbt3m/3G6+J3jZDkvOMgo=
-  dependencies:
-    better-assert "~1.0.0"
+parseuri@0.0.6:
+  version "0.0.6"
+  resolved "https://registry.yarnpkg.com/parseuri/-/parseuri-0.0.6.tgz#e1496e829e3ac2ff47f39a4dd044b32823c4a25a"
+  integrity sha512-AUjen8sAkGgao7UyCX6Ahv0gIK2fABKmYjvP4xmy5JaKvcbTRueIqIPHLAfq30xJddqSE033IOMUSOMCcK3Sow==
 
 parseurl@~1.3.3:
   version "1.3.3"
@@ -4436,32 +4415,29 @@ socket.io-adapter@~1.1.0:
   resolved "https://registry.yarnpkg.com/socket.io-adapter/-/socket.io-adapter-1.1.2.tgz#ab3f0d6f66b8fc7fca3959ab5991f82221789be9"
   integrity sha512-WzZRUj1kUjrTIrUKpZLEzFZ1OLj5FwLlAFQs9kuZJzJi5DKdU7FsWc36SNmA8iDOtwBQyT8FkrriRM8vXLYz8g==
 
-socket.io-client@2.3.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/socket.io-client/-/socket.io-client-2.3.0.tgz#14d5ba2e00b9bcd145ae443ab96b3f86cbcc1bb4"
-  integrity sha512-cEQQf24gET3rfhxZ2jJ5xzAOo/xhZwK+mOqtGRg5IowZsMgwvHwnf/mCRapAAkadhM26y+iydgwsXGObBB5ZdA==
+socket.io-client@2.4.0:
+  version "2.4.0"
+  resolved "https://registry.yarnpkg.com/socket.io-client/-/socket.io-client-2.4.0.tgz#aafb5d594a3c55a34355562fc8aea22ed9119a35"
+  integrity sha512-M6xhnKQHuuZd4Ba9vltCLT9oa+YvTsP8j9NcEiLElfIg8KeYPyhWOes6x4t+LTAC8enQbE/995AdTem2uNyKKQ==
   dependencies:
     backo2 "1.0.2"
-    base64-arraybuffer "0.1.5"
     component-bind "1.0.0"
-    component-emitter "1.2.1"
-    debug "~4.1.0"
-    engine.io-client "~3.4.0"
+    component-emitter "~1.3.0"
+    debug "~3.1.0"
+    engine.io-client "~3.5.0"
     has-binary2 "~1.0.2"
-    has-cors "1.1.0"
     indexof "0.0.1"
-    object-component "0.0.3"
-    parseqs "0.0.5"
-    parseuri "0.0.5"
+    parseqs "0.0.6"
+    parseuri "0.0.6"
     socket.io-parser "~3.3.0"
     to-array "0.1.4"
 
 socket.io-parser@~3.3.0:
-  version "3.3.0"
-  resolved "https://registry.yarnpkg.com/socket.io-parser/-/socket.io-parser-3.3.0.tgz#2b52a96a509fdf31440ba40fed6094c7d4f1262f"
-  integrity sha512-hczmV6bDgdaEbVqhAeVMM/jfUfzuEZHsQg6eOmLgJht6G3mPKMxYm75w2+qhAQZ+4X+1+ATZ+QFKeOZD5riHng==
+  version "3.3.2"
+  resolved "https://registry.yarnpkg.com/socket.io-parser/-/socket.io-parser-3.3.2.tgz#ef872009d0adcf704f2fbe830191a14752ad50b6"
+  integrity sha512-FJvDBuOALxdCI9qwRrO/Rfp9yfndRtc1jSgVgV8FDraihmSP/MLGD5PEuJrNfjALvcQ+vMDM/33AWOYP/JSjDg==
   dependencies:
-    component-emitter "1.2.1"
+    component-emitter "~1.3.0"
     debug "~3.1.0"
     isarray "2.0.1"
 
@@ -4475,15 +4451,15 @@ socket.io-parser@~3.4.0:
     isarray "2.0.1"
 
 socket.io@^2.3.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/socket.io/-/socket.io-2.3.0.tgz#cd762ed6a4faeca59bc1f3e243c0969311eb73fb"
-  integrity sha512-2A892lrj0GcgR/9Qk81EaY2gYhCBxurV0PfmmESO6p27QPrUK1J3zdns+5QPqvUYK2q657nSj0guoIil9+7eFg==
+  version "2.4.1"
+  resolved "https://registry.yarnpkg.com/socket.io/-/socket.io-2.4.1.tgz#95ad861c9a52369d7f1a68acf0d4a1b16da451d2"
+  integrity sha512-Si18v0mMXGAqLqCVpTxBa8MGqriHGQh8ccEOhmsmNS3thNCGBwO8WGrwMibANsWtQQ5NStdZwHqZR3naJVFc3w==
   dependencies:
     debug "~4.1.0"
-    engine.io "~3.4.0"
+    engine.io "~3.5.0"
     has-binary2 "~1.0.2"
     socket.io-adapter "~1.1.0"
-    socket.io-client "2.3.0"
+    socket.io-client "2.4.0"
     socket.io-parser "~3.4.0"
 
 source-list-map@^2.0.0:
@@ -5123,17 +5099,10 @@ wrappy@1:
   resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
   integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=
 
-ws@^7.1.2:
-  version "7.3.1"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-7.3.1.tgz#d0547bf67f7ce4f12a72dfe31262c68d7dc551c8"
-  integrity sha512-D3RuNkynyHmEJIpD2qrgVkc9DQ23OrN/moAwZX4L8DfvszsJxpjQuUq3LMx6HoYji9fbIOBY18XWBsAux1ZZUA==
-
-ws@~6.1.0:
-  version "6.1.4"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-6.1.4.tgz#5b5c8800afab925e94ccb29d153c8d02c1776ef9"
-  integrity sha512-eqZfL+NE/YQc1/ZynhojeV8q+H050oR8AZ2uIev7RU10svA9ZnJUddHcOUZTJLinZ9yEfdA2kSATS2qZK5fhJA==
-  dependencies:
-    async-limiter "~1.0.0"
+ws@~7.4.2:
+  version "7.4.2"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.2.tgz#782100048e54eb36fe9843363ab1c68672b261dd"
+  integrity sha512-T4tewALS3+qsrpGI/8dqNMLIVdq/g/85U98HPMa6F0m6xTbvhXU6RCQLqPH3+SlomNV/LdY6RXEbBpMH6EOJnA==
 
 xmlhttprequest-ssl@~1.5.4:
   version "1.5.5"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 16.0.0
+  version: 17.0.3
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-10 00:00:00.000000000 Z
+date: 2021-01-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -31,6 +31,9 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: 5.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -38,6 +41,9 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: 5.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: shopify_api
   requirement: !ruby/object:Gem::Requirement
@@ -246,6 +252,7 @@ files:
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/probots.yml"
 - ".github/workflows/build.yml"
+- ".github/workflows/release.yml"
 - ".github/workflows/rubocop.yml"
 - ".gitignore"
 - ".nvmrc"
@@ -269,6 +276,7 @@ files:
 - app/assets/javascripts/shopify_app/top_level.js
 - app/assets/javascripts/shopify_app/top_level_interaction.js
 - app/controllers/concerns/shopify_app/authenticated.rb
+- app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
 - app/controllers/concerns/shopify_app/require_known_shop.rb
 - app/controllers/shopify_app/authenticated_controller.rb
 - app/controllers/shopify_app/callback_controller.rb
@@ -306,6 +314,7 @@ files:
 - config/locales/sv.yml
 - config/locales/th.yml
 - config/locales/tr.yml
+- config/locales/vi.yml
 - config/locales/zh-CN.yml
 - config/locales/zh-TW.yml
 - config/routes.rb