shopify_app 16.1.0 → 17.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 44ec6da287b58bdae2e84213de7ef0780078bd09c7c25558b75e738e7b1fe8ae
4
- data.tar.gz: fc2e72d9c007933a42c45f286b259b2a27a425b0174aadd9095f140d2707922a
3
+ metadata.gz: b4760b55b5a05f6879b992c7292f99c51a50b3c080215b74c789214ebc467b5c
4
+ data.tar.gz: e67a45136ca74cbd6c3403f1e3a17577be621f0617a22c3f177f51e452dda369
5
5
  SHA512:
6
- metadata.gz: cf8d2e8fda1d93bf9bee47491662d751be025f2f3dd80cf0e6bc92fc7a5577481dcf78fcba8e9dee1c03c0b5ebf34c686e062eb03313de9679ca3056f675b669
7
- data.tar.gz: a71980adc7d070ba469e1fe1a15b69ebbadf8f4f871b3fb2ccc32d989df85cbb702df5101c5cc57b253416693530cd412011e227dc5aa9a24c96e2efddcdb506
6
+ metadata.gz: 7f5978d3ee4bd6cb553b30b57a50233d0d983fb8715a0e6fb272dbe9d5fb91b8a90ca3d04d97221a45035bf7c66b6cadd6c897fee548c0998c6c9323d4a1ec92
7
+ data.tar.gz: 62d60866c63e2b4ad3f70f1375fcfb3e7fda69edb4ef78a9e75cde872a909b5e8cc4ad764ec69225cbec3da42cd9a4556f6f473b863df3a403dfc7376e410af1
@@ -1,3 +1,10 @@
1
+ Unreleased
2
+ ----------
3
+
4
+ 17.0.0 (January 13, 2021)
5
+ ------
6
+ * Rails 6.1 is not yet supported [#1134](https://github.com/Shopify/shopify_app/pull/1134)
7
+
1
8
  16.1.0
2
9
  ------
3
10
  * Use Session Token auth strategy by default for new embedded apps [#1111](https://github.com/Shopify/shopify_app/pull/1111)
@@ -1,11 +1,11 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- shopify_app (16.1.0)
4
+ shopify_app (17.0.0)
5
5
  browser_sniffer (~> 1.2.2)
6
6
  jwt (~> 2.2.1)
7
7
  omniauth-shopify-oauth2 (~> 2.2.2)
8
- rails (> 5.2.1)
8
+ rails (> 5.2.1, < 6.1)
9
9
  redirect_safely (~> 1.0)
10
10
  shopify_api (~> 9.1)
11
11
 
@@ -89,9 +89,11 @@ GEM
89
89
  crass (1.0.6)
90
90
  debug_inspector (0.0.3)
91
91
  erubi (1.9.0)
92
- faraday (1.1.0)
92
+ faraday (1.3.0)
93
+ faraday-net_http (~> 1.0)
93
94
  multipart-post (>= 1.2, < 3)
94
95
  ruby2_keywords
96
+ faraday-net_http (1.0.1)
95
97
  globalid (0.4.2)
96
98
  activesupport (>= 4.2.0)
97
99
  graphql (1.11.6)
@@ -113,15 +115,16 @@ GEM
113
115
  method_source (0.9.2)
114
116
  mimemagic (0.3.5)
115
117
  mini_mime (1.0.2)
116
- mini_portile2 (2.4.0)
118
+ mini_portile2 (2.5.0)
117
119
  minitest (5.14.2)
118
120
  mocha (1.11.2)
119
121
  multi_json (1.15.0)
120
122
  multi_xml (0.6.0)
121
123
  multipart-post (2.1.1)
122
124
  nio4r (2.5.4)
123
- nokogiri (1.10.10)
124
- mini_portile2 (~> 2.4.0)
125
+ nokogiri (1.11.1)
126
+ mini_portile2 (~> 2.5.0)
127
+ racc (~> 1.4)
125
128
  oauth2 (1.4.4)
126
129
  faraday (>= 0.8, < 2.0)
127
130
  jwt (>= 1.0, < 3.0)
@@ -149,6 +152,7 @@ GEM
149
152
  binding_of_caller (>= 0.7)
150
153
  pry (>= 0.9.11)
151
154
  public_suffix (4.0.6)
155
+ racc (1.5.2)
152
156
  rack (2.2.3)
153
157
  rack-test (1.1.0)
154
158
  rack (>= 1.0, < 3)
data/README.md CHANGED
@@ -8,6 +8,8 @@ Shopify App
8
8
 
9
9
  Shopify Application Rails engine and generator
10
10
 
11
+ ### NOTE: Rails 6.1 or above is not yet supported due to the new `cookies_same_site_protection` setting.
12
+
11
13
  #### NOTE: Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
12
14
 
13
15
  Table of Contents
@@ -72,19 +74,11 @@ The latest version of shopify_app is compatible with Rails `>= 5`. Use version `
72
74
  Generators
73
75
  ----------
74
76
 
75
- ### Default Generator
76
-
77
- The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
78
-
79
- ```sh
80
- $ rails generate shopify_app
81
- ```
82
-
83
- After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
84
-
85
77
  ### API Keys
86
78
 
87
- The default and install generators have been updated to source Shopify API key and secret from an Environment (`.env`) variables file, which you will need to create with the following format:
79
+ Before running the generators, you'll need to ensure your app can read the Shopify environment variables `SHOPIFY_API_KEY` and `SHOPIFY_API_SECRET`.
80
+
81
+ A common approach is to use the [dotenv-rails](https://github.com/bkeepers/dotenv) gem, along with an `.env` file in the following format:
88
82
 
89
83
  ```
90
84
  SHOPIFY_API_KEY=your api key
@@ -93,7 +87,16 @@ SHOPIFY_API_SECRET=your api secret
93
87
 
94
88
  These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard]. If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
95
89
 
96
- **You will need to load the ENV variables into your environment, you can do this with the [dot-env](https://github.com/bkeepers/dotenv) gem or any other method you wish to.**
90
+ ### Default Generator
91
+
92
+ The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
93
+
94
+ ```sh
95
+ $ rails generate shopify_app
96
+ ```
97
+
98
+ After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
99
+
97
100
 
98
101
  ### Install Generator
99
102
 
@@ -30,16 +30,12 @@ module ShopifyApp
30
30
  end
31
31
 
32
32
  def respond_with_user_token_flow
33
- Rails.logger.debug("[ShopifyApp::CallbackController] Redirecting for user token...")
34
33
  redirect_to(login_url_with_optional_shop)
35
34
  end
36
35
 
37
36
  def store_access_token_and_build_session
38
37
  if native_browser_request?
39
- Rails.logger.debug("[ShopifyApp::CallbackController] Not a JWT request. Resetting session options...")
40
38
  reset_session_options
41
- else
42
- Rails.logger.debug("[ShopifyApp::CallbackController] JWT request detected. Setting shopify session...")
43
39
  end
44
40
  set_shopify_session
45
41
  end
@@ -62,10 +58,8 @@ module ShopifyApp
62
58
 
63
59
  def respond_with_error
64
60
  if jwt_request?
65
- Rails.logger.debug("[ShopifyApp::CallbackController] Invalid JWT auth detected.")
66
61
  head(:unauthorized)
67
62
  else
68
- Rails.logger.debug("[ShopifyApp::CallbackController] Invalid non JWT auth detected.")
69
63
  flash[:error] = I18n.t('could_not_log_in')
70
64
  redirect_to(login_url_with_optional_shop)
71
65
  end
@@ -10,19 +10,14 @@ module ShopifyApp
10
10
  end
11
11
 
12
12
  def new
13
- if sanitized_shop_name.present?
14
- Rails.logger.debug("[ShopifyApp::SessionsController] Sanitized shop name present. Authenticating...")
15
- authenticate
16
- end
13
+ authenticate if sanitized_shop_name.present?
17
14
  end
18
15
 
19
16
  def create
20
- Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating...")
21
17
  authenticate
22
18
  end
23
19
 
24
20
  def enable_cookies
25
- Rails.logger.debug("[ShopifyApp::SessionsController] Enabling cookies...")
26
21
  return unless validate_shop_presence
27
22
 
28
23
  render(:enable_cookies, layout: false, locals: {
@@ -45,7 +40,6 @@ module ShopifyApp
45
40
  end
46
41
 
47
42
  def granted_storage_access
48
- Rails.logger.debug("[ShopifyApp::SessionsController] Granted storage access.")
49
43
  return unless validate_shop_presence
50
44
 
51
45
  session['shopify.granted_storage_access'] = true
@@ -56,7 +50,6 @@ module ShopifyApp
56
50
  end
57
51
 
58
52
  def destroy
59
- Rails.logger.debug("[ShopifyApp::SessionsController] Resetting session.")
60
53
  reset_session
61
54
  flash[:notice] = I18n.t('.logged_out')
62
55
  redirect_to(login_url_with_optional_shop)
@@ -73,23 +66,18 @@ module ShopifyApp
73
66
  set_user_tokens_option
74
67
 
75
68
  if user_agent_can_partition_cookies
76
- Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating with partitioning...")
77
69
  authenticate_with_partitioning
78
70
  else
79
- Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating normally...")
80
71
  authenticate_normally
81
72
  end
82
73
  end
83
74
 
84
75
  def authenticate_normally
85
76
  if request_storage_access?
86
- Rails.logger.debug("[ShopifyApp::SessionsController] Redirecting to request storage access...")
87
77
  redirect_to_request_storage_access
88
78
  elsif authenticate_in_context?
89
- Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating in context...")
90
79
  authenticate_in_context
91
80
  else
92
- Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating at top level...")
93
81
  authenticate_at_top_level
94
82
  end
95
83
  end
@@ -107,7 +95,6 @@ module ShopifyApp
107
95
  # rubocop:disable Lint/SuppressedException
108
96
  def set_user_tokens_option
109
97
  if shop_session.blank?
110
- Rails.logger.debug("[ShopifyApp::SessionsController] Shop session is blank.")
111
98
  session[:user_tokens] = false
112
99
  return
113
100
  end
@@ -130,7 +117,6 @@ module ShopifyApp
130
117
  def validate_shop_presence
131
118
  @shop = sanitized_shop_name
132
119
  unless @shop
133
- Rails.logger.debug("[ShopifyApp::SessionsController] Invalid shop detected.")
134
120
  render_invalid_shop_error
135
121
  return false
136
122
  end
@@ -4,19 +4,19 @@ de:
4
4
  could_not_log_in: Shopify Store Login fehlgeschlagen
5
5
  invalid_shop_url: Ungültige Shop-Domain
6
6
  enable_cookies_heading: Cookies von %{app} aktivieren
7
- enable_cookies_body: Sie müssen Cookies in diesem Browser manuell aktivieren, um
8
- %{app} in Shopify verwenden zu können.
9
- enable_cookies_footer: Mithilfe von Cookies kann die App Sie authentifizieren, indem
10
- Ihre Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden.
11
- Sie laufen nach 30 Tagen ab.
7
+ enable_cookies_body: Du musst Cookies in diesem Browser manuell aktivieren, um %{app}
8
+ in Shopify verwenden zu können.
9
+ enable_cookies_footer: Mithilfe von Cookies kann die App dich authentifizieren,
10
+ indem deine Einstellungen und personenbezogenen Daten vorübergehend gespeichert
11
+ werden. Sie laufen nach 30 Tagen ab.
12
12
  enable_cookies_action: Cookies aktivieren
13
- top_level_interaction_heading: Ihr Browser muss %{app} authentifizieren
14
- top_level_interaction_body: Ihr Browser verlangt, dass Apps wie %{app} Sie um Zugriff
15
- auf Cookies bitten, bevor Shopify sie für Sie öffnen kann.
13
+ top_level_interaction_heading: Dein Browser muss %{app} authentifizieren
14
+ top_level_interaction_body: Dein Browser verlangt, dass Apps wie %{app} dich um
15
+ Zugriff auf Cookies bitten, bevor Shopify sie für dich öffnen kann.
16
16
  top_level_interaction_action: Weiter
17
17
  request_storage_access_heading: "%{app} braucht Zugriff auf Cookies"
18
- request_storage_access_body: Damit kann die App Sie authentifizieren, indem Ihre
19
- Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden. Klicken
20
- Sie auf "Weiter" und erlauben Sie den Cookies, die App zu verwenden.
18
+ request_storage_access_body: Damit kann die App dich authentifizieren, indem deine
19
+ Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden. Klicke
20
+ auf "Weiter" und erlaube Cookies, um die App zu verwenden.
21
21
  request_storage_access_footer: Cookies laufen nach 30 Tagen ab.
22
22
  request_storage_access_action: Weiter
@@ -0,0 +1,22 @@
1
+ ---
2
+ vi:
3
+ logged_out: Đã đăng xuất thành công
4
+ could_not_log_in: Không thể đăng nhập vào cửa hàng trên Shopify
5
+ invalid_shop_url: Miền cửa hàng không hợp lệ
6
+ enable_cookies_heading: Bật cookie từ %{app}
7
+ enable_cookies_body: Bạn phải bật cookie trong trình duyệt này theo cách thủ công
8
+ để sử dụng %{app} trong Shopify.
9
+ enable_cookies_footer: Cookie cho phép ứng dụng xác thực bạn bằng cách tạm thời
10
+ lưu trữ tùy chọn và thông tin cá nhân của bạn. Những thông tin này sẽ hết hạn
11
+ sau 30 ngày.
12
+ enable_cookies_action: Bật cookie
13
+ top_level_interaction_heading: Trình duyệt của bạn cần xác thực %{app}
14
+ top_level_interaction_body: Trình duyệt của bạn cần các ứng dụng như %{app} để yêu
15
+ cầu quyền truy cập vào cookie thì Shopify mới có thể mở giúp bạn.
16
+ top_level_interaction_action: Tiếp tục
17
+ request_storage_access_heading: "%{app} cần quyền truy cập cookie"
18
+ request_storage_access_body: Nhờ vậy, ứng dụng có thể xác thực bạn bằng cách tạm
19
+ thời lưu trữ thông tin cá nhân của bạn. Nhấp vào tiếp tục và cho phép cookie sử
20
+ dụng ứng dụng.
21
+ request_storage_access_footer: Cookie sẽ hết hạn sau 30 ngày.
22
+ request_storage_access_action: Tiếp tục
@@ -8,7 +8,7 @@ zh-CN:
8
8
  enable_cookies_footer: Cookie 使此应用能够通过暂时存储您的偏好设置和个人信息来验证您的身份。这些信息将在 30 天后过期。
9
9
  enable_cookies_action: 启用 Cookie
10
10
  top_level_interaction_heading: 您的浏览器需要对 %{app} 进行验证
11
- top_level_interaction_body: 您的浏览器要求类似 %{app} 的应用向您请求访问 Cookie,之后 Shopify 才能为您打开它。
11
+ top_level_interaction_body: 您的浏览器要求类似 %{app} 的应用向您申请访问 Cookie,之后 Shopify 才能为您打开它。
12
12
  top_level_interaction_action: 继续
13
13
  request_storage_access_heading: "%{app} 需要访问 Cookie"
14
14
  request_storage_access_body: 这使此应用能够通过暂时存储您的个人信息来验证您的身份。单击继续并启用 Cookie 以使用此应用。
@@ -13,12 +13,10 @@ module ShopifyApp
13
13
  end
14
14
 
15
15
  def set_top_level_oauth_cookie
16
- Rails.logger.debug("[ShopifyApp::Itp] Setting top level oauth cookie...")
17
16
  session['shopify.top_level_oauth'] = true
18
17
  end
19
18
 
20
19
  def clear_top_level_oauth_cookie
21
- Rails.logger.debug("[ShopifyApp::Itp] Clearing top level oauth cookie...")
22
20
  session.delete('shopify.top_level_oauth')
23
21
  end
24
22
 
@@ -18,24 +18,18 @@ module ShopifyApp
18
18
 
19
19
  def activate_shopify_session
20
20
  if user_session_expected? && user_session.blank?
21
- Rails.logger.debug("[ShopifyApp::LoginProtection] User session required. Redirecting to login...")
22
21
  signal_access_token_required
23
22
  return redirect_to_login
24
23
  end
25
24
 
26
- if current_shopify_session.blank?
27
- Rails.logger.debug("[ShopifyApp::LoginProtection] Current shopify session is blank. Redirecting to login...")
28
- return redirect_to_login
29
- end
25
+ return redirect_to_login if current_shopify_session.blank?
30
26
 
31
27
  clear_top_level_oauth_cookie
32
28
 
33
29
  begin
34
- Rails.logger.debug("[ShopifyApp::LoginProtection] Activating session...")
35
30
  ShopifyAPI::Base.activate_session(current_shopify_session)
36
31
  yield
37
32
  ensure
38
- Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing session...")
39
33
  ShopifyAPI::Base.clear_session
40
34
  end
41
35
  end
@@ -80,12 +74,7 @@ module ShopifyApp
80
74
 
81
75
  def login_again_if_different_user_or_shop
82
76
  if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
83
- Rails.logger.debug("[ShopifyApp::LoginProtection] Session data was sent/stored correctly.")
84
77
  clear_session = session[:user_session] != params[:session] # current user is different from stored user
85
- if clear_session
86
- Rails.logger.debug("[ShopifyApp::LoginProtection] Current user is different from stored user.")
87
- end
88
- clear_session
89
78
  end
90
79
 
91
80
  if current_shopify_session &&
@@ -95,7 +84,6 @@ module ShopifyApp
95
84
  end
96
85
 
97
86
  if clear_session
98
- Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing shopify session and redirecting to login...")
99
87
  clear_shopify_session
100
88
  redirect_to_login
101
89
  end
@@ -1,4 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
  module ShopifyApp
3
- VERSION = '16.1.0'
3
+ VERSION = '17.0.0'
4
4
  end
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shopify_app",
3
- "version": "16.1.0",
3
+ "version": "17.0.0",
4
4
  "repository": "git@github.com:Shopify/shopify_app.git",
5
5
  "author": "Shopify",
6
6
  "license": "MIT",
@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
14
14
  s.metadata['allowed_push_host'] = 'https://rubygems.org'
15
15
 
16
16
  s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
17
- s.add_runtime_dependency('rails', '> 5.2.1')
17
+ s.add_runtime_dependency('rails', '> 5.2.1', '< 6.1')
18
18
  s.add_runtime_dependency('shopify_api', '~> 9.1')
19
19
  s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
20
20
  s.add_runtime_dependency('jwt', '~> 2.2.1')
@@ -1,5 +1,5 @@
1
1
  source_language: en
2
- target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, zh-CN, zh-TW]
2
+ target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, vi, zh-CN, zh-TW]
3
3
  components:
4
4
  - name: 'merchant'
5
5
  paths:
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 16.1.0
4
+ version: 17.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-12-15 00:00:00.000000000 Z
11
+ date: 2021-01-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: browser_sniffer
@@ -31,6 +31,9 @@ dependencies:
31
31
  - - ">"
32
32
  - !ruby/object:Gem::Version
33
33
  version: 5.2.1
34
+ - - "<"
35
+ - !ruby/object:Gem::Version
36
+ version: '6.1'
34
37
  type: :runtime
35
38
  prerelease: false
36
39
  version_requirements: !ruby/object:Gem::Requirement
@@ -38,6 +41,9 @@ dependencies:
38
41
  - - ">"
39
42
  - !ruby/object:Gem::Version
40
43
  version: 5.2.1
44
+ - - "<"
45
+ - !ruby/object:Gem::Version
46
+ version: '6.1'
41
47
  - !ruby/object:Gem::Dependency
42
48
  name: shopify_api
43
49
  requirement: !ruby/object:Gem::Requirement
@@ -307,6 +313,7 @@ files:
307
313
  - config/locales/sv.yml
308
314
  - config/locales/th.yml
309
315
  - config/locales/tr.yml
316
+ - config/locales/vi.yml
310
317
  - config/locales/zh-CN.yml
311
318
  - config/locales/zh-TW.yml
312
319
  - config/routes.rb