shopify_app 16.1.0 → 17.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44ec6da287b58bdae2e84213de7ef0780078bd09c7c25558b75e738e7b1fe8ae
-  data.tar.gz: fc2e72d9c007933a42c45f286b259b2a27a425b0174aadd9095f140d2707922a
+  metadata.gz: 7cab2299a543318d0a7d39fafcfa16a1067222041eeaa5e7c02563dd0d5ed80a
+  data.tar.gz: 9f7dcc292f0f98c28e458f519cea464ae00925f770c7a065aca12c1579ecbbc5
 SHA512:
-  metadata.gz: cf8d2e8fda1d93bf9bee47491662d751be025f2f3dd80cf0e6bc92fc7a5577481dcf78fcba8e9dee1c03c0b5ebf34c686e062eb03313de9679ca3056f675b669
-  data.tar.gz: a71980adc7d070ba469e1fe1a15b69ebbadf8f4f871b3fb2ccc32d989df85cbb702df5101c5cc57b253416693530cd412011e227dc5aa9a24c96e2efddcdb506
+  metadata.gz: f60af66dbfa84fc2a185bb733967124633acc0cbad22b0de805e89d10a6d2863651973ba91cbc3cc026c3d987a3eedfaba4796f97a8e68c0ee1e28bb920dff39
+  data.tar.gz: 1d03e4fecbdfcc1bfb46c5495b3c3f58c071ba7128fdd6d99db43a5920816a18d8fb4b2d4404058bf8c62f9d04f4d57cebb388b37fe864b7246a127d37f109e0

data/.github/workflows/release.yml

@@ -0,0 +1,24 @@
+name: Create Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Extract tag name
+      id: tag
+      run: echo "::set-output name=value::${GITHUB_REF##*/}"
+    - uses: actions/checkout@v2
+
+    - name: Create Release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        tag_name: ${{ steps.tag.outputs.value }}
+        release_name: ${{ steps.tag.outputs.value }}

data/CHANGELOG.md

@@ -1,3 +1,26 @@
+Unreleased
+----------
+
+17.0.4 (January 25, 2021)
+----------
+* Redirect user to login page if shopify domain is not found in the `EnsureAuthenticatedLinks` concern [#1158](https://github.com/Shopify/shopify_app/pull/1158) 
+
+17.0.3 (January 22, 2021)
+----------
+* Amend fix for #1144 to raise on missing API keys only when running the server [#1155](https://github.com/Shopify/shopify_app/pull/1155)
+
+17.0.2 (January 20, 2021)
+------
+* Fix failing script tags and webhooks installs after completing OAuth [#1151](https://github.com/Shopify/shopify_app/pull/1151)
+
+17.0.1 (January 18, 2021)
+------
+* Don't attempt to read Shopify environment variables when the generators are running, since they may not be present yet [#1144](https://github.com/Shopify/shopify_app/pull/1144)
+
+17.0.0 (January 13, 2021)
+------
+* Rails 6.1 is not yet supported [#1134](https://github.com/Shopify/shopify_app/pull/1134)
+
 16.1.0
 ------
 * Use Session Token auth strategy by default for new embedded apps [#1111](https://github.com/Shopify/shopify_app/pull/1111)

data/Gemfile.lock

@@ -1,11 +1,11 @@
 PATH
   remote: .
   specs:
-    shopify_app (16.1.0)
+    shopify_app (17.0.4)
       browser_sniffer (~> 1.2.2)
       jwt (~> 2.2.1)
       omniauth-shopify-oauth2 (~> 2.2.2)
-      rails (> 5.2.1)
+      rails (> 5.2.1, < 6.1)
       redirect_safely (~> 1.0)
       shopify_api (~> 9.1)
 
@@ -89,12 +89,14 @@ GEM
     crass (1.0.6)
     debug_inspector (0.0.3)
     erubi (1.9.0)
-    faraday (1.1.0)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
       ruby2_keywords
+    faraday-net_http (1.0.1)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    graphql (1.11.6)
+    graphql (1.12.1)
     graphql-client (0.16.0)
       activesupport (>= 3.0)
       graphql (~> 1.8)
@@ -113,15 +115,16 @@ GEM
     method_source (0.9.2)
     mimemagic (0.3.5)
     mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
+    mini_portile2 (2.5.0)
     minitest (5.14.2)
     mocha (1.11.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     nio4r (2.5.4)
-    nokogiri (1.10.10)
-      mini_portile2 (~> 2.4.0)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
@@ -149,6 +152,7 @@ GEM
       binding_of_caller (>= 0.7)
       pry (>= 0.9.11)
     public_suffix (4.0.6)
+    racc (1.5.2)
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
@@ -203,7 +207,7 @@ GEM
     rubocop-shopify (1.0.7)
       rubocop (~> 1.4)
     ruby-progressbar (1.10.1)
-    ruby2_keywords (0.0.2)
+    ruby2_keywords (0.0.4)
     shopify_api (9.2.0)
       activeresource (>= 4.1.0, < 6.0.0)
       graphql-client
@@ -216,7 +220,7 @@ GEM
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
     sqlite3 (1.4.2)
-    thor (1.0.1)
+    thor (1.1.0)
     thread_safe (0.3.6)
     tzinfo (1.2.7)
       thread_safe (~> 0.1)

data/README.md

@@ -8,6 +8,8 @@ Shopify App
 
 Shopify Application Rails engine and generator
 
+### NOTE: Rails 6.1 or above is not yet supported due to the new `cookies_same_site_protection` setting.
+
 #### NOTE: Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
 
 Table of Contents
@@ -72,28 +74,31 @@ The latest version of shopify_app is compatible with Rails `>= 5`. Use version `
 Generators
 ----------
 
-### Default Generator
+### API Keys
+<!-- This anchor name `#api-keys` is linked to from user output in `templates/shopify_app.rb.tt` so beware of changing -->
+Before starting the app, you'll need to ensure it can read the Shopify environment variables `SHOPIFY_API_KEY` and `SHOPIFY_API_SECRET`.
 
-The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
+In a development environment, a common approach is to use the [dotenv-rails](https://github.com/bkeepers/dotenv) gem, along with an `.env` file in the following format:
 
-```sh
-$ rails generate shopify_app
+```
+SHOPIFY_API_KEY=your api key
+SHOPIFY_API_SECRET=your api secret
 ```
 
-After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
+These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard].
+(If you are using [shopify-app-cli](https://github.com/Shopify/shopify-app-cli) this `.env` file will be created automatically).
+If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
 
-### API Keys
+### Default Generator
 
-The default and install generators have been updated to source Shopify API key and secret from an Environment (`.env`) variables file, which you will need to create with the following format:
+The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
 
-```
-SHOPIFY_API_KEY=your api key
-SHOPIFY_API_SECRET=your api secret
+```sh
+$ rails generate shopify_app
 ```
 
-These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard]. If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
+After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
 
-**You will need to load the ENV variables into your environment, you can do this with the [dot-env](https://github.com/bkeepers/dotenv) gem or any other method you wish to.**
 
 ### Install Generator
 

data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb

@@ -13,6 +13,10 @@ module ShopifyApp
     def redirect_to_splash_page
       splash_page_path = root_path(return_to: request.fullpath, shop: current_shopify_domain)
       redirect_to(splash_page_path)
+    rescue ShopifyApp::LoginProtection::ShopifyDomainNotFound => error
+      Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
+                         "Could not determine current shop domain")
+      redirect_to(ShopifyApp.configuration.login_url)
     end
 
     def missing_expected_jwt?

data/app/controllers/shopify_app/callback_controller.rb

@@ -30,16 +30,12 @@ module ShopifyApp
     end
 
     def respond_with_user_token_flow
-      Rails.logger.debug("[ShopifyApp::CallbackController] Redirecting for user token...")
       redirect_to(login_url_with_optional_shop)
     end
 
     def store_access_token_and_build_session
       if native_browser_request?
-        Rails.logger.debug("[ShopifyApp::CallbackController] Not a JWT request. Resetting session options...")
         reset_session_options
-      else
-        Rails.logger.debug("[ShopifyApp::CallbackController] JWT request detected. Setting shopify session...")
       end
       set_shopify_session
     end
@@ -62,10 +58,8 @@ module ShopifyApp
 
     def respond_with_error
       if jwt_request?
-        Rails.logger.debug("[ShopifyApp::CallbackController] Invalid JWT auth detected.")
         head(:unauthorized)
       else
-        Rails.logger.debug("[ShopifyApp::CallbackController] Invalid non JWT auth detected.")
         flash[:error] = I18n.t('could_not_log_in')
         redirect_to(login_url_with_optional_shop)
       end
@@ -95,6 +89,14 @@ module ShopifyApp
       auth_hash.uid
     end
 
+    def offline_access_token
+      ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(shop_name)&.token
+    end
+
+    def online_access_token
+      ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(associated_user_id)&.token
+    end
+
     def associated_user
       return unless auth_hash.dig('extra', 'associated_user').present?
 
@@ -138,7 +140,7 @@ module ShopifyApp
 
       WebhooksManager.queue(
         shop_name,
-        shop_session&.token || user_session.token,
+        offline_access_token || online_access_token,
         ShopifyApp.configuration.webhooks
       )
     end
@@ -148,7 +150,7 @@ module ShopifyApp
 
       ScripttagsManager.queue(
         shop_name,
-        shop_session&.token || user_session.token,
+        offline_access_token || online_access_token,
         ShopifyApp.configuration.scripttags
       )
     end

data/app/controllers/shopify_app/sessions_controller.rb

@@ -10,19 +10,14 @@ module ShopifyApp
     end
 
     def new
-      if sanitized_shop_name.present?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Sanitized shop name present. Authenticating...")
-        authenticate
-      end
+      authenticate if sanitized_shop_name.present?
     end
 
     def create
-      Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating...")
       authenticate
     end
 
     def enable_cookies
-      Rails.logger.debug("[ShopifyApp::SessionsController] Enabling cookies...")
       return unless validate_shop_presence
 
       render(:enable_cookies, layout: false, locals: {
@@ -45,7 +40,6 @@ module ShopifyApp
     end
 
     def granted_storage_access
-      Rails.logger.debug("[ShopifyApp::SessionsController] Granted storage access.")
       return unless validate_shop_presence
 
       session['shopify.granted_storage_access'] = true
@@ -56,7 +50,6 @@ module ShopifyApp
     end
 
     def destroy
-      Rails.logger.debug("[ShopifyApp::SessionsController] Resetting session.")
       reset_session
       flash[:notice] = I18n.t('.logged_out')
       redirect_to(login_url_with_optional_shop)
@@ -73,23 +66,18 @@ module ShopifyApp
       set_user_tokens_option
 
       if user_agent_can_partition_cookies
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating with partitioning...")
         authenticate_with_partitioning
       else
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating normally...")
         authenticate_normally
       end
     end
 
     def authenticate_normally
       if request_storage_access?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Redirecting to request storage access...")
         redirect_to_request_storage_access
       elsif authenticate_in_context?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating in context...")
         authenticate_in_context
       else
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating at top level...")
         authenticate_at_top_level
       end
     end
@@ -107,7 +95,6 @@ module ShopifyApp
     # rubocop:disable Lint/SuppressedException
     def set_user_tokens_option
       if shop_session.blank?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Shop session is blank.")
         session[:user_tokens] = false
         return
       end
@@ -130,7 +117,6 @@ module ShopifyApp
     def validate_shop_presence
       @shop = sanitized_shop_name
       unless @shop
-        Rails.logger.debug("[ShopifyApp::SessionsController] Invalid shop detected.")
         render_invalid_shop_error
         return false
       end

data/config/locales/de.yml

@@ -4,19 +4,19 @@ de:
   could_not_log_in: Shopify Store Login fehlgeschlagen
   invalid_shop_url: Ungültige Shop-Domain
   enable_cookies_heading: Cookies von %{app} aktivieren
-  enable_cookies_body: Sie müssen Cookies in diesem Browser manuell aktivieren, um
-    %{app} in Shopify verwenden zu können.
-  enable_cookies_footer: Mithilfe von Cookies kann die App Sie authentifizieren, indem
-    Ihre Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden.
-    Sie laufen nach 30 Tagen ab.
+  enable_cookies_body: Du musst Cookies in diesem Browser manuell aktivieren, um %{app}
+    in Shopify verwenden zu können.
+  enable_cookies_footer: Mithilfe von Cookies kann die App dich authentifizieren,
+    indem deine Einstellungen und personenbezogenen Daten vorübergehend gespeichert
+    werden. Sie laufen nach 30 Tagen ab.
   enable_cookies_action: Cookies aktivieren
-  top_level_interaction_heading: Ihr Browser muss %{app} authentifizieren
-  top_level_interaction_body: Ihr Browser verlangt, dass Apps wie %{app} Sie um Zugriff
-    auf Cookies bitten, bevor Shopify sie für Sie öffnen kann.
+  top_level_interaction_heading: Dein Browser muss %{app} authentifizieren
+  top_level_interaction_body: Dein Browser verlangt, dass Apps wie %{app} dich um
+    Zugriff auf Cookies bitten, bevor Shopify sie für dich öffnen kann.
   top_level_interaction_action: Weiter
   request_storage_access_heading: "%{app} braucht Zugriff auf Cookies"
-  request_storage_access_body: Damit kann die App Sie authentifizieren, indem Ihre
-    Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden. Klicken
-    Sie auf "Weiter" und erlauben Sie den Cookies, die App zu verwenden.
+  request_storage_access_body: Damit kann die App dich authentifizieren, indem deine
+    Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden. Klicke
+    auf "Weiter" und erlaube Cookies, um die App zu verwenden.
   request_storage_access_footer: Cookies laufen nach 30 Tagen ab.
   request_storage_access_action: Weiter

data/config/locales/vi.yml

@@ -0,0 +1,22 @@
+---
+vi:
+  logged_out: Đã đăng xuất thành công
+  could_not_log_in: Không thể đăng nhập vào cửa hàng trên Shopify
+  invalid_shop_url: Miền cửa hàng không hợp lệ
+  enable_cookies_heading: Bật cookie từ %{app}
+  enable_cookies_body: Bạn phải bật cookie trong trình duyệt này theo cách thủ công
+    để sử dụng %{app} trong Shopify.
+  enable_cookies_footer: Cookie cho phép ứng dụng xác thực bạn bằng cách tạm thời
+    lưu trữ tùy chọn và thông tin cá nhân của bạn. Những thông tin này sẽ hết hạn
+    sau 30 ngày.
+  enable_cookies_action: Bật cookie
+  top_level_interaction_heading: Trình duyệt của bạn cần xác thực %{app}
+  top_level_interaction_body: Trình duyệt của bạn cần các ứng dụng như %{app} để yêu
+    cầu quyền truy cập vào cookie thì Shopify mới có thể mở giúp bạn.
+  top_level_interaction_action: Tiếp tục
+  request_storage_access_heading: "%{app} cần quyền truy cập cookie"
+  request_storage_access_body: Nhờ vậy, ứng dụng có thể xác thực bạn bằng cách tạm
+    thời lưu trữ thông tin cá nhân của bạn. Nhấp vào tiếp tục và cho phép cookie sử
+    dụng ứng dụng.
+  request_storage_access_footer: Cookie sẽ hết hạn sau 30 ngày.
+  request_storage_access_action: Tiếp tục

data/config/locales/zh-CN.yml

@@ -8,7 +8,7 @@ zh-CN:
   enable_cookies_footer: Cookie 使此应用能够通过暂时存储您的偏好设置和个人信息来验证您的身份。这些信息将在 30 天后过期。
   enable_cookies_action: 启用 Cookie
   top_level_interaction_heading: 您的浏览器需要对 %{app} 进行验证
-  top_level_interaction_body: 您的浏览器要求类似 %{app} 的应用向您请求访问 Cookie，之后 Shopify 才能为您打开它。
+  top_level_interaction_body: 您的浏览器要求类似 %{app} 的应用向您申请访问 Cookie，之后 Shopify 才能为您打开它。
   top_level_interaction_action: 继续
   request_storage_access_heading: "%{app} 需要访问 Cookie"
   request_storage_access_body: 这使此应用能够通过暂时存储您的个人信息来验证您的身份。单击继续并启用 Cookie 以使用此应用。

data/docs/Releasing.md

@@ -11,9 +11,10 @@
 1. Merge your pull request
 1. Checkout and pull from master so you have the latest version of the shopify_app
 1. Tag the HEAD with the version
-```bash
-$ git tag -f vX.Y.Z && git push --tags --force
-```
+    ```bash
+    $ git tag -f vX.Y.Z && git push --tags --force
+    ```
+1. Check that Create Release workflow successfully runs
 1. Use Shipit to build and push the gem
 
 If you see an error like 'You need to create the vX.Y.X tag first', clear git

data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt

@@ -1,16 +1,21 @@
 ShopifyApp.configure do |config|
   config.application_name = "<%= @application_name %>"
-  config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence || raise('Missing SHOPIFY_API_KEY')
-  config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence || raise('Missing SHOPIFY_API_SECRET')
   config.old_secret = "<%= @old_secret %>"
   config.scope = "<%= @scope %>" # Consult this page for more scope options:
-                                 # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
+                                  # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
   config.embedded_app = <%= embedded_app? %>
   config.after_authenticate_job = false
   config.api_version = "<%= @api_version %>"
   config.shop_session_repository = 'Shop'
   config.allow_jwt_authentication = <%= !with_cookie_authentication? %>
   config.allow_cookie_authentication = <%= with_cookie_authentication? %>
+
+  config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence
+  config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence
+  if defined? Rails::Server
+    raise('Missing SHOPIFY_API_KEY. See https://github.com/Shopify/shopify_app#api-keys') unless config.api_key
+    raise('Missing SHOPIFY_API_SECRET. See https://github.com/Shopify/shopify_app#api-keys') unless config.secret
+  end
 end
 
 # ShopifyApp::Utils.fetch_known_api_versions                        # Uncomment to fetch known api versions from shopify servers on boot

data/lib/shopify_app/controller_concerns/itp.rb

@@ -13,12 +13,10 @@ module ShopifyApp
     end
 
     def set_top_level_oauth_cookie
-      Rails.logger.debug("[ShopifyApp::Itp] Setting top level oauth cookie...")
       session['shopify.top_level_oauth'] = true
     end
 
     def clear_top_level_oauth_cookie
-      Rails.logger.debug("[ShopifyApp::Itp] Clearing top level oauth cookie...")
       session.delete('shopify.top_level_oauth')
     end
 

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -18,24 +18,18 @@ module ShopifyApp
 
     def activate_shopify_session
       if user_session_expected? && user_session.blank?
-        Rails.logger.debug("[ShopifyApp::LoginProtection] User session required. Redirecting to login...")
         signal_access_token_required
         return redirect_to_login
       end
 
-      if current_shopify_session.blank?
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Current shopify session is blank. Redirecting to login...")
-        return redirect_to_login
-      end
+      return redirect_to_login if current_shopify_session.blank?
 
       clear_top_level_oauth_cookie
 
       begin
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Activating session...")
         ShopifyAPI::Base.activate_session(current_shopify_session)
         yield
       ensure
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing session...")
         ShopifyAPI::Base.clear_session
       end
     end
@@ -80,12 +74,7 @@ module ShopifyApp
 
     def login_again_if_different_user_or_shop
       if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Session data was sent/stored correctly.")
         clear_session = session[:user_session] != params[:session] # current user is different from stored user
-        if clear_session
-          Rails.logger.debug("[ShopifyApp::LoginProtection] Current user is different from stored user.")
-        end
-        clear_session
       end
 
       if current_shopify_session &&
@@ -95,7 +84,6 @@ module ShopifyApp
       end
 
       if clear_session
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing shopify session and redirecting to login...")
         clear_shopify_session
         redirect_to_login
       end

data/lib/shopify_app/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '16.1.0'
+  VERSION = '17.0.4'
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "16.1.0",
+  "version": "17.0.4",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
   s.metadata['allowed_push_host'] = 'https://rubygems.org'
 
   s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
-  s.add_runtime_dependency('rails', '> 5.2.1')
+  s.add_runtime_dependency('rails', '> 5.2.1', '< 6.1')
   s.add_runtime_dependency('shopify_api', '~> 9.1')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
   s.add_runtime_dependency('jwt', '~> 2.2.1')

data/translation.yml

@@ -1,5 +1,5 @@
 source_language: en
-target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, zh-CN, zh-TW]
+target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, vi, zh-CN, zh-TW]
 components:
   - name: 'merchant'
     paths:

data/yarn.lock

@@ -1347,11 +1347,6 @@ async-each@^1.0.1:
   resolved "https://registry.yarnpkg.com/async-each/-/async-each-1.0.3.tgz#b727dbf87d7651602f06f4d4ac387f47d91b0cbf"
   integrity sha512-z/WhQ5FPySLdvREByI2vZiTWwCnF0moMJ1hK9YQwDTHKh6I7/uSckMetoRGb5UBZPC1z0jlw+n/XCgjeH7y1AQ==
 
-async-limiter@~1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/async-limiter/-/async-limiter-1.0.1.tgz#dd379e94f0db8310b08291f9d64c3209766617fd"
-  integrity sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==
-
 atob@^2.1.2:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
@@ -1419,10 +1414,10 @@ balanced-match@^1.0.0:
   resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767"
   integrity sha1-ibTRmasr7kneFk6gK4nORi1xt2c=
 
-base64-arraybuffer@0.1.5:
-  version "0.1.5"
-  resolved "https://registry.yarnpkg.com/base64-arraybuffer/-/base64-arraybuffer-0.1.5.tgz#73926771923b5a19747ad666aa5cd4bf9c6e9ce8"
-  integrity sha1-c5JncZI7Whl0etZmqlzUv5xunOg=
+base64-arraybuffer@0.1.4:
+  version "0.1.4"
+  resolved "https://registry.yarnpkg.com/base64-arraybuffer/-/base64-arraybuffer-0.1.4.tgz#9818c79e059b1355f97e0428a017c838e90ba812"
+  integrity sha1-mBjHngWbE1X5fgQooBfIOOkLqBI=
 
 base64-js@^1.0.2:
   version "1.3.1"
@@ -1447,13 +1442,6 @@ base@^0.11.1:
     mixin-deep "^1.2.0"
     pascalcase "^0.1.1"
 
-better-assert@~1.0.0:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/better-assert/-/better-assert-1.0.2.tgz#40866b9e1b9e0b55b481894311e68faffaebc522"
-  integrity sha1-QIZrnhueC1W0gYlDEeaPr/rrxSI=
-  dependencies:
-    callsite "1.0.0"
-
 big.js@^5.2.2:
   version "5.2.2"
   resolved "https://registry.yarnpkg.com/big.js/-/big.js-5.2.2.tgz#65f0af382f578bcdc742bd9c281e9cb2d7768328"
@@ -1689,11 +1677,6 @@ cache-base@^1.0.1:
     union-value "^1.0.0"
     unset-value "^1.0.0"
 
-callsite@1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/callsite/-/callsite-1.0.0.tgz#280398e5d664bd74038b6f0905153e6e8af1bc20"
-  integrity sha1-KAOY5dZkvXQDi28JBRU+borxvCA=
-
 camelcase@^5.0.0, camelcase@^5.3.1:
   version "5.3.1"
   resolved "https://registry.yarnpkg.com/camelcase/-/camelcase-5.3.1.tgz#e3c9b31569e106811df242f715725a1f4c494320"
@@ -1954,10 +1937,10 @@ convert-source-map@^1.7.0:
   dependencies:
     safe-buffer "~5.1.1"
 
-cookie@0.3.1:
-  version "0.3.1"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.3.1.tgz#e7e0a1f9ef43b4c8ba925c5c5a96e806d16873bb"
-  integrity sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s=
+cookie@~0.4.1:
+  version "0.4.1"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.4.1.tgz#afd713fe26ebd21ba95ceb61f9a8116e50a537d1"
+  integrity sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==
 
 copy-concurrently@^1.0.0:
   version "1.0.5"
@@ -2236,45 +2219,45 @@ end-of-stream@^1.0.0, end-of-stream@^1.1.0:
   dependencies:
     once "^1.4.0"
 
-engine.io-client@~3.4.0:
-  version "3.4.3"
-  resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-3.4.3.tgz#192d09865403e3097e3575ebfeb3861c4d01a66c"
-  integrity sha512-0NGY+9hioejTEJCaSJZfWZLk4FPI9dN+1H1C4+wj2iuFba47UgZbJzfWs4aNFajnX/qAaYKbe2lLTfEEWzCmcw==
+engine.io-client@~3.5.0:
+  version "3.5.0"
+  resolved "https://registry.yarnpkg.com/engine.io-client/-/engine.io-client-3.5.0.tgz#fc1b4d9616288ce4f2daf06dcf612413dec941c7"
+  integrity sha512-12wPRfMrugVw/DNyJk34GQ5vIVArEcVMXWugQGGuw2XxUSztFNmJggZmv8IZlLyEdnpO1QB9LkcjeWewO2vxtA==
   dependencies:
     component-emitter "~1.3.0"
     component-inherit "0.0.3"
-    debug "~4.1.0"
+    debug "~3.1.0"
     engine.io-parser "~2.2.0"
     has-cors "1.1.0"
     indexof "0.0.1"
-    parseqs "0.0.5"
-    parseuri "0.0.5"
-    ws "~6.1.0"
+    parseqs "0.0.6"
+    parseuri "0.0.6"
+    ws "~7.4.2"
     xmlhttprequest-ssl "~1.5.4"
     yeast "0.1.2"
 
 engine.io-parser@~2.2.0:
-  version "2.2.0"
-  resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-2.2.0.tgz#312c4894f57d52a02b420868da7b5c1c84af80ed"
-  integrity sha512-6I3qD9iUxotsC5HEMuuGsKA0cXerGz+4uGcXQEkfBidgKf0amsjrrtwcbwK/nzpZBxclXlV7gGl9dgWvu4LF6w==
+  version "2.2.1"
+  resolved "https://registry.yarnpkg.com/engine.io-parser/-/engine.io-parser-2.2.1.tgz#57ce5611d9370ee94f99641b589f94c97e4f5da7"
+  integrity sha512-x+dN/fBH8Ro8TFwJ+rkB2AmuVw9Yu2mockR/p3W8f8YtExwFgDvBDi0GWyb4ZLkpahtDGZgtr3zLovanJghPqg==
   dependencies:
     after "0.8.2"
     arraybuffer.slice "~0.0.7"
-    base64-arraybuffer "0.1.5"
+    base64-arraybuffer "0.1.4"
     blob "0.0.5"
     has-binary2 "~1.0.2"
 
-engine.io@~3.4.0:
-  version "3.4.2"
-  resolved "https://registry.yarnpkg.com/engine.io/-/engine.io-3.4.2.tgz#8fc84ee00388e3e228645e0a7d3dfaeed5bd122c"
-  integrity sha512-b4Q85dFkGw+TqgytGPrGgACRUhsdKc9S9ErRAXpPGy/CXKs4tYoHDkvIRdsseAF7NjfVwjRFIn6KTnbw7LwJZg==
+engine.io@~3.5.0:
+  version "3.5.0"
+  resolved "https://registry.yarnpkg.com/engine.io/-/engine.io-3.5.0.tgz#9d6b985c8a39b1fe87cd91eb014de0552259821b"
+  integrity sha512-21HlvPUKaitDGE4GXNtQ7PLP0Sz4aWLddMPw2VTyFz1FVZqu/kZsJUO8WNpKuE/OCL7nkfRaOui2ZCJloGznGA==
   dependencies:
     accepts "~1.3.4"
     base64id "2.0.0"
-    cookie "0.3.1"
+    cookie "~0.4.1"
     debug "~4.1.0"
     engine.io-parser "~2.2.0"
-    ws "^7.1.2"
+    ws "~7.4.2"
 
 enhanced-resolve@^4.3.0:
   version "4.3.0"
@@ -3480,17 +3463,17 @@ miller-rabin@^4.0.0:
     bn.js "^4.0.0"
     brorand "^1.0.1"
 
-mime-db@1.44.0:
-  version "1.44.0"
-  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.44.0.tgz#fa11c5eb0aca1334b4233cb4d52f10c5a6272f92"
-  integrity sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg==
+mime-db@1.45.0:
+  version "1.45.0"
+  resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.45.0.tgz#cceeda21ccd7c3a745eba2decd55d4b73e7879ea"
+  integrity sha512-CkqLUxUk15hofLoLyljJSrukZi8mAtgd+yE5uO4tqRZsdsAJKv0O+rFMhVDRJgozy+yG6md5KwuXhD4ocIoP+w==
 
 mime-types@~2.1.24:
-  version "2.1.27"
-  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.27.tgz#47949f98e279ea53119f5722e0f34e529bec009f"
-  integrity sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==
+  version "2.1.28"
+  resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.28.tgz#1160c4757eab2c5363888e005273ecf79d2a0ecd"
+  integrity sha512-0TO2yJ5YHYr7M2zzT7gDU1tbwHxEUWBCLt0lscSNpcdAfFyJOVEpRYNS7EXVcTLNj/25QO8gulHC5JtTzSE2UQ==
   dependencies:
-    mime-db "1.44.0"
+    mime-db "1.45.0"
 
 mime@^2.4.4, mime@^2.4.5:
   version "2.4.6"
@@ -3610,11 +3593,16 @@ ms@2.0.0:
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8"
   integrity sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=
 
-ms@2.1.2, ms@^2.1.1:
+ms@2.1.2:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009"
   integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==
 
+ms@^2.1.1:
+  version "2.1.3"
+  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2"
+  integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==
+
 nan@^2.12.1:
   version "2.14.1"
   resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.1.tgz#d7be34dfa3105b91494c3147089315eff8874b01"
@@ -3709,11 +3697,6 @@ object-assign@^4.1.1:
   resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863"
   integrity sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=
 
-object-component@0.0.3:
-  version "0.0.3"
-  resolved "https://registry.yarnpkg.com/object-component/-/object-component-0.0.3.tgz#f0c69aa50efc95b866c186f400a33769cb2f1291"
-  integrity sha1-8MaapQ78lbhmwYb0AKM3acsvEpE=
-
 object-copy@^0.1.0:
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/object-copy/-/object-copy-0.1.0.tgz#7e7d858b781bd7c991a41ba975ed3812754e998c"
@@ -3841,19 +3824,15 @@ parse-asn1@^5.0.0, parse-asn1@^5.1.5:
     pbkdf2 "^3.0.3"
     safe-buffer "^5.1.1"
 
-parseqs@0.0.5:
-  version "0.0.5"
-  resolved "https://registry.yarnpkg.com/parseqs/-/parseqs-0.0.5.tgz#d5208a3738e46766e291ba2ea173684921a8b89d"
-  integrity sha1-1SCKNzjkZ2bikbouoXNoSSGouJ0=
-  dependencies:
-    better-assert "~1.0.0"
+parseqs@0.0.6:
+  version "0.0.6"
+  resolved "https://registry.yarnpkg.com/parseqs/-/parseqs-0.0.6.tgz#8e4bb5a19d1cdc844a08ac974d34e273afa670d5"
+  integrity sha512-jeAGzMDbfSHHA091hr0r31eYfTig+29g3GKKE/PPbEQ65X0lmMwlEoqmhzu0iztID5uJpZsFlUPDP8ThPL7M8w==
 
-parseuri@0.0.5:
-  version "0.0.5"
-  resolved "https://registry.yarnpkg.com/parseuri/-/parseuri-0.0.5.tgz#80204a50d4dbb779bfdc6ebe2778d90e4bce320a"
-  integrity sha1-gCBKUNTbt3m/3G6+J3jZDkvOMgo=
-  dependencies:
-    better-assert "~1.0.0"
+parseuri@0.0.6:
+  version "0.0.6"
+  resolved "https://registry.yarnpkg.com/parseuri/-/parseuri-0.0.6.tgz#e1496e829e3ac2ff47f39a4dd044b32823c4a25a"
+  integrity sha512-AUjen8sAkGgao7UyCX6Ahv0gIK2fABKmYjvP4xmy5JaKvcbTRueIqIPHLAfq30xJddqSE033IOMUSOMCcK3Sow==
 
 parseurl@~1.3.3:
   version "1.3.3"
@@ -4436,32 +4415,29 @@ socket.io-adapter@~1.1.0:
   resolved "https://registry.yarnpkg.com/socket.io-adapter/-/socket.io-adapter-1.1.2.tgz#ab3f0d6f66b8fc7fca3959ab5991f82221789be9"
   integrity sha512-WzZRUj1kUjrTIrUKpZLEzFZ1OLj5FwLlAFQs9kuZJzJi5DKdU7FsWc36SNmA8iDOtwBQyT8FkrriRM8vXLYz8g==
 
-socket.io-client@2.3.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/socket.io-client/-/socket.io-client-2.3.0.tgz#14d5ba2e00b9bcd145ae443ab96b3f86cbcc1bb4"
-  integrity sha512-cEQQf24gET3rfhxZ2jJ5xzAOo/xhZwK+mOqtGRg5IowZsMgwvHwnf/mCRapAAkadhM26y+iydgwsXGObBB5ZdA==
+socket.io-client@2.4.0:
+  version "2.4.0"
+  resolved "https://registry.yarnpkg.com/socket.io-client/-/socket.io-client-2.4.0.tgz#aafb5d594a3c55a34355562fc8aea22ed9119a35"
+  integrity sha512-M6xhnKQHuuZd4Ba9vltCLT9oa+YvTsP8j9NcEiLElfIg8KeYPyhWOes6x4t+LTAC8enQbE/995AdTem2uNyKKQ==
   dependencies:
     backo2 "1.0.2"
-    base64-arraybuffer "0.1.5"
     component-bind "1.0.0"
-    component-emitter "1.2.1"
-    debug "~4.1.0"
-    engine.io-client "~3.4.0"
+    component-emitter "~1.3.0"
+    debug "~3.1.0"
+    engine.io-client "~3.5.0"
     has-binary2 "~1.0.2"
-    has-cors "1.1.0"
     indexof "0.0.1"
-    object-component "0.0.3"
-    parseqs "0.0.5"
-    parseuri "0.0.5"
+    parseqs "0.0.6"
+    parseuri "0.0.6"
     socket.io-parser "~3.3.0"
     to-array "0.1.4"
 
 socket.io-parser@~3.3.0:
-  version "3.3.0"
-  resolved "https://registry.yarnpkg.com/socket.io-parser/-/socket.io-parser-3.3.0.tgz#2b52a96a509fdf31440ba40fed6094c7d4f1262f"
-  integrity sha512-hczmV6bDgdaEbVqhAeVMM/jfUfzuEZHsQg6eOmLgJht6G3mPKMxYm75w2+qhAQZ+4X+1+ATZ+QFKeOZD5riHng==
+  version "3.3.2"
+  resolved "https://registry.yarnpkg.com/socket.io-parser/-/socket.io-parser-3.3.2.tgz#ef872009d0adcf704f2fbe830191a14752ad50b6"
+  integrity sha512-FJvDBuOALxdCI9qwRrO/Rfp9yfndRtc1jSgVgV8FDraihmSP/MLGD5PEuJrNfjALvcQ+vMDM/33AWOYP/JSjDg==
   dependencies:
-    component-emitter "1.2.1"
+    component-emitter "~1.3.0"
     debug "~3.1.0"
     isarray "2.0.1"
 
@@ -4475,15 +4451,15 @@ socket.io-parser@~3.4.0:
     isarray "2.0.1"
 
 socket.io@^2.3.0:
-  version "2.3.0"
-  resolved "https://registry.yarnpkg.com/socket.io/-/socket.io-2.3.0.tgz#cd762ed6a4faeca59bc1f3e243c0969311eb73fb"
-  integrity sha512-2A892lrj0GcgR/9Qk81EaY2gYhCBxurV0PfmmESO6p27QPrUK1J3zdns+5QPqvUYK2q657nSj0guoIil9+7eFg==
+  version "2.4.1"
+  resolved "https://registry.yarnpkg.com/socket.io/-/socket.io-2.4.1.tgz#95ad861c9a52369d7f1a68acf0d4a1b16da451d2"
+  integrity sha512-Si18v0mMXGAqLqCVpTxBa8MGqriHGQh8ccEOhmsmNS3thNCGBwO8WGrwMibANsWtQQ5NStdZwHqZR3naJVFc3w==
   dependencies:
     debug "~4.1.0"
-    engine.io "~3.4.0"
+    engine.io "~3.5.0"
     has-binary2 "~1.0.2"
     socket.io-adapter "~1.1.0"
-    socket.io-client "2.3.0"
+    socket.io-client "2.4.0"
     socket.io-parser "~3.4.0"
 
 source-list-map@^2.0.0:
@@ -5123,17 +5099,10 @@ wrappy@1:
   resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
   integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=
 
-ws@^7.1.2:
-  version "7.3.1"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-7.3.1.tgz#d0547bf67f7ce4f12a72dfe31262c68d7dc551c8"
-  integrity sha512-D3RuNkynyHmEJIpD2qrgVkc9DQ23OrN/moAwZX4L8DfvszsJxpjQuUq3LMx6HoYji9fbIOBY18XWBsAux1ZZUA==
-
-ws@~6.1.0:
-  version "6.1.4"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-6.1.4.tgz#5b5c8800afab925e94ccb29d153c8d02c1776ef9"
-  integrity sha512-eqZfL+NE/YQc1/ZynhojeV8q+H050oR8AZ2uIev7RU10svA9ZnJUddHcOUZTJLinZ9yEfdA2kSATS2qZK5fhJA==
-  dependencies:
-    async-limiter "~1.0.0"
+ws@~7.4.2:
+  version "7.4.2"
+  resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.2.tgz#782100048e54eb36fe9843363ab1c68672b261dd"
+  integrity sha512-T4tewALS3+qsrpGI/8dqNMLIVdq/g/85U98HPMa6F0m6xTbvhXU6RCQLqPH3+SlomNV/LdY6RXEbBpMH6EOJnA==
 
 xmlhttprequest-ssl@~1.5.4:
   version "1.5.5"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 16.1.0
+  version: 17.0.4
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-15 00:00:00.000000000 Z
+date: 2021-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -31,6 +31,9 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: 5.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -38,6 +41,9 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: 5.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: shopify_api
   requirement: !ruby/object:Gem::Requirement
@@ -246,6 +252,7 @@ files:
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/probots.yml"
 - ".github/workflows/build.yml"
+- ".github/workflows/release.yml"
 - ".github/workflows/rubocop.yml"
 - ".gitignore"
 - ".nvmrc"
@@ -307,6 +314,7 @@ files:
 - config/locales/sv.yml
 - config/locales/th.yml
 - config/locales/tr.yml
+- config/locales/vi.yml
 - config/locales/zh-CN.yml
 - config/locales/zh-TW.yml
 - config/routes.rb