shopify_app 17.0.5 → 17.1.0

data/lib/generators/shopify_app/install/templates/shopify_provider.rb.tt

@@ -0,0 +1,8 @@
+  provider :shopify,
+      ShopifyApp.configuration.api_key,
+      ShopifyApp.configuration.secret,
+      scope: ShopifyApp.configuration.scope,
+      setup: lambda { |env|
+        configuration = ShopifyApp::OmniAuthConfiguration.new(env['omniauth.strategy'], Rack::Request.new(env))
+        configuration.build_options
+      }

data/lib/generators/shopify_app/shop_model/shop_model_generator.rb

@@ -8,6 +8,8 @@ module ShopifyApp
       include Rails::Generators::Migration
       source_root File.expand_path('../templates', __FILE__)
 
+      class_option :new_shopify_cli_app, type: :boolean, default: false
+
       def create_shop_model
         copy_file('shop.rb', 'app/models/shop.rb')
       end
@@ -16,6 +18,27 @@ module ShopifyApp
         migration_template('db/migrate/create_shops.erb', 'db/migrate/create_shops.rb')
       end
 
+      def create_shop_with_access_scopes_migration
+        scopes_column_prompt = <<~PROMPT
+          It is highly recommended that apps record the access scopes granted by \
+          merchants during app installation. See app/models/shop.rb to modify how \
+          access scopes are stored and retrieved.
+
+          [WARNING] You will need to update the access_scopes accessors in the Shop model \
+          to allow shopify_app to store and retrieve scopes when going through OAuth.
+
+          The following migration will add an `access_scopes` column to the Shop model. \
+          Do you want to include this migration? [y/n]
+        PROMPT
+
+        if new_shopify_cli_app? || Rails.env.test? || yes?(scopes_column_prompt)
+          migration_template(
+            'db/migrate/add_shop_access_scopes_column.erb',
+            'db/migrate/add_shop_access_scopes_column.rb'
+          )
+        end
+      end
+
       def update_shopify_app_initializer
         gsub_file('config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryShopSessionStore', 'Shop')
       end
@@ -26,6 +49,10 @@ module ShopifyApp
 
       private
 
+      def new_shopify_cli_app?
+        options['new_shopify_cli_app']
+      end
+
       def rails_migration_version
         Rails.version.match(/\d\.\d/)[0]
       end

data/lib/generators/shopify_app/shop_model/templates/db/migrate/add_shop_access_scopes_column.erb

@@ -0,0 +1,5 @@
+class AddShopAccessScopesColumn < ActiveRecord::Migration[<%= rails_migration_version %>]
+  def change
+    add_column :shops, :access_scopes, :string
+  end
+end

data/lib/generators/shopify_app/shop_model/templates/shop.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 class Shop < ActiveRecord::Base
-  include ShopifyApp::ShopSessionStorage
+  include ShopifyApp::ShopSessionStorageWithScopes
 
   def api_version
     ShopifyApp.configuration.api_version

data/lib/generators/shopify_app/shopify_app_generator.rb

@@ -9,7 +9,7 @@ module ShopifyApp
 
       def run_all_generators
         generate("shopify_app:install #{@opts.join(' ')}")
-        generate("shopify_app:shop_model")
+        generate("shopify_app:shop_model #{@opts.join(' ')}")
         generate("shopify_app:authenticated_controller")
         generate("shopify_app:home_controller #{@opts.join(' ')}")
       end

data/lib/generators/shopify_app/user_model/templates/db/migrate/add_user_access_scopes_column.erb

@@ -0,0 +1,5 @@
+class AddUserAccessScopesColumn < ActiveRecord::Migration[<%= rails_migration_version %>]
+  def change
+    add_column :users, :access_scopes, :string
+  end
+end

data/lib/generators/shopify_app/user_model/templates/user.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 class User < ActiveRecord::Base
-  include ShopifyApp::UserSessionStorage
+  include ShopifyApp::UserSessionStorageWithScopes
 
   def api_version
     ShopifyApp.configuration.api_version

data/lib/generators/shopify_app/user_model/user_model_generator.rb

@@ -8,6 +8,8 @@ module ShopifyApp
       include Rails::Generators::Migration
       source_root File.expand_path('../templates', __FILE__)
 
+      class_option :new_shopify_cli_app, type: :boolean, default: false
+
       def create_user_model
         copy_file('user.rb', 'app/models/user.rb')
       end
@@ -16,6 +18,27 @@ module ShopifyApp
         migration_template('db/migrate/create_users.erb', 'db/migrate/create_users.rb')
       end
 
+      def create_scopes_storage_in_user_model
+        scopes_column_prompt = <<~PROMPT
+          It is highly recommended that apps record the access scopes granted by \
+          merchants during app installation. See app/models/user.rb to modify how \
+          access scopes are stored and retrieved.
+
+          [WARNING] You will need to update the access_scopes accessors in the User model \
+          to allow shopify_app to store and retrieve scopes when going through OAuth.
+
+          The following migration will add an `access_scopes` column to the User model. \
+          Do you want to include this migration? [y/n]
+        PROMPT
+
+        if new_shopify_cli_app? || Rails.env.test? || yes?(scopes_column_prompt)
+          migration_template(
+            'db/migrate/add_user_access_scopes_column.erb',
+            'db/migrate/add_user_access_scopes_column.rb'
+          )
+        end
+      end
+
       def update_shopify_app_initializer
         gsub_file('config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryUserSessionStore', 'User')
       end
@@ -26,6 +49,10 @@ module ShopifyApp
 
       private
 
+      def new_shopify_cli_app?
+        options['new_shopify_cli_app']
+      end
+
       def rails_migration_version
         Rails.version.match(/\d\.\d/)[0]
       end

data/lib/shopify_app.rb

@@ -57,5 +57,15 @@ module ShopifyApp
   require 'shopify_app/session/session_repository'
   require 'shopify_app/session/session_storage'
   require 'shopify_app/session/shop_session_storage'
+  require 'shopify_app/session/shop_session_storage_with_scopes'
   require 'shopify_app/session/user_session_storage'
+  require 'shopify_app/session/user_session_storage_with_scopes'
+
+  # access scopes strategies
+  require 'shopify_app/access_scopes/shop_strategy'
+  require 'shopify_app/access_scopes/user_strategy'
+  require 'shopify_app/access_scopes/noop_strategy'
+
+  # omniauth_configuration
+  require 'shopify_app/omniauth/omniauth_configuration'
 end

data/lib/shopify_app/access_scopes/noop_strategy.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module AccessScopes
+    class NoopStrategy
+      class << self
+        def update_access_scopes?(*_args)
+          false
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/access_scopes/shop_strategy.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module AccessScopes
+    class ShopStrategy
+      class << self
+        def update_access_scopes?(shop_domain)
+          shop_access_scopes = shop_access_scopes(shop_domain)
+          configuration_access_scopes != shop_access_scopes
+        end
+
+        private
+
+        def shop_access_scopes(shop_domain)
+          ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(shop_domain)&.access_scopes
+        end
+
+        def configuration_access_scopes
+          ShopifyAPI::ApiAccess.new(ShopifyApp.configuration.shop_access_scopes)
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/access_scopes/user_strategy.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module AccessScopes
+    class UserStrategy
+      class InvalidInput < StandardError; end
+
+      class << self
+        def update_access_scopes?(user_id: nil, shopify_user_id: nil)
+          return update_access_scopes_for_user_id?(user_id) if user_id
+          return update_access_scopes_for_shopify_user_id?(shopify_user_id) if shopify_user_id
+          raise(InvalidInput, '#update_access_scopes? requires user_id or shopify_user_id parameter inputs')
+        end
+
+        private
+
+        def update_access_scopes_for_user_id?(user_id)
+          user_access_scopes = user_access_scopes_by_user_id(user_id)
+          configuration_access_scopes != user_access_scopes
+        end
+
+        def update_access_scopes_for_shopify_user_id?(shopify_user_id)
+          user_access_scopes = user_access_scopes_by_shopify_user_id(shopify_user_id)
+          configuration_access_scopes != user_access_scopes
+        end
+
+        def user_access_scopes_by_user_id(user_id)
+          ShopifyApp::SessionRepository.retrieve_user_session(user_id)&.access_scopes
+        end
+
+        def user_access_scopes_by_shopify_user_id(shopify_user_id)
+          ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(shopify_user_id)&.access_scopes
+        end
+
+        def configuration_access_scopes
+          ShopifyAPI::ApiAccess.new(ShopifyApp.configuration.user_access_scopes)
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/configuration.rb

@@ -9,6 +9,8 @@ module ShopifyApp
     attr_accessor :secret
     attr_accessor :old_secret
     attr_accessor :scope
+    attr_writer :shop_access_scopes
+    attr_writer :user_access_scopes
     attr_accessor :embedded_app
     alias_method  :embedded_app?, :embedded_app
     attr_accessor :webhooks
@@ -16,6 +18,8 @@ module ShopifyApp
     attr_accessor :after_authenticate_job
     attr_accessor :api_version
 
+    attr_accessor :reauth_on_access_scope_changes
+
     # customise urls
     attr_accessor :root_url
     attr_writer :login_url
@@ -70,6 +74,16 @@ module ShopifyApp
       ShopifyApp::SessionRepository.shop_storage
     end
 
+    def shop_access_scopes_strategy
+      return ShopifyApp::AccessScopes::NoopStrategy unless reauth_on_access_scope_changes
+      ShopifyApp::AccessScopes::ShopStrategy
+    end
+
+    def user_access_scopes_strategy
+      return ShopifyApp::AccessScopes::NoopStrategy unless reauth_on_access_scope_changes
+      ShopifyApp::AccessScopes::UserStrategy
+    end
+
     def has_webhooks?
       webhooks.present?
     end
@@ -81,6 +95,14 @@ module ShopifyApp
     def enable_same_site_none
       !Rails.env.test? && (@enable_same_site_none.nil? ? embedded_app? : @enable_same_site_none)
     end
+
+    def shop_access_scopes
+      @shop_access_scopes || scope
+    end
+
+    def user_access_scopes
+      @user_access_scopes || scope
+    end
   end
 
   def self.configuration

data/lib/shopify_app/omniauth/omniauth_configuration.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  class OmniAuthConfiguration
+    attr_reader :strategy, :request
+    attr_writer :client_options_site, :scopes, :per_user_permissions
+
+    def initialize(strategy, request)
+      @strategy = strategy
+      @request = request
+    end
+
+    def build_options
+      strategy.options[:client_options][:site] = client_options_site
+      strategy.options[:scope] = scopes
+      strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
+      strategy.options[:per_user_permissions] = request_online_tokens?
+    end
+
+    private
+
+    def request_online_tokens?
+      return @per_user_permissions unless @per_user_permissions.nil?
+      default_request_online_tokens?
+    end
+
+    def scopes
+      @scopes || default_scopes
+    end
+
+    def client_options_site
+      @client_options_site || default_client_options_site
+    end
+
+    def default_scopes
+      if request_online_tokens?
+        ShopifyApp.configuration.user_access_scopes
+      else
+        ShopifyApp.configuration.shop_access_scopes
+      end
+    end
+
+    def default_client_options_site
+      return '' unless shop_domain.present?
+      "https://#{shopify_auth_params[:shop]}"
+    end
+
+    def default_request_online_tokens?
+      strategy.session[:user_tokens] && !update_shop_scopes?
+    end
+
+    def update_shop_scopes?
+      ShopifyApp.configuration.shop_access_scopes_strategy.update_access_scopes?(shop_domain)
+    end
+
+    def shop_domain
+      request.params['shop'] || (shopify_auth_params && shopify_auth_params['shop'])
+    end
+
+    def shopify_auth_params
+      strategy.session['shopify.omniauth_params']&.with_indifferent_access
+    end
+  end
+end

data/lib/shopify_app/session/in_memory_shop_session_store.rb

@@ -1,14 +1,16 @@
 # frozen_string_literal: true
 module ShopifyApp
   class InMemoryShopSessionStore < InMemorySessionStore
-    def self.store(session, *args)
-      id = super
-      repo[session.domain] = session
-      id
-    end
+    class << self
+      def store(session, *args)
+        id = super
+        repo[session.domain] = session
+        id
+      end
 
-    def self.retrieve_by_shopify_domain(shopify_domain)
-      repo[shopify_domain]
+      def retrieve_by_shopify_domain(shopify_domain)
+        repo[shopify_domain]
+      end
     end
   end
 end

data/lib/shopify_app/session/in_memory_user_session_store.rb

@@ -1,14 +1,16 @@
 # frozen_string_literal: true
 module ShopifyApp
   class InMemoryUserSessionStore < InMemorySessionStore
-    def self.store(session, user)
-      id = super
-      repo[user.shopify_user_id] = session
-      id
-    end
+    class << self
+      def store(session, user)
+        id = super
+        repo[user.shopify_user_id] = session
+        id
+      end
 
-    def self.retrieve_by_shopify_user_id(user_id)
-      repo[user_id]
+      def retrieve_by_shopify_user_id(user_id)
+        repo[user_id]
+      end
     end
   end
 end

data/lib/shopify_app/session/shop_session_storage_with_scopes.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module ShopSessionStorageWithScopes
+    extend ActiveSupport::Concern
+    include ::ShopifyApp::SessionStorage
+
+    included do
+      validates :shopify_domain, presence: true, uniqueness: { case_sensitive: false }
+    end
+
+    class_methods do
+      def store(auth_session, *_args)
+        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
+        shop.shopify_token = auth_session.token
+        shop.access_scopes = auth_session.access_scopes
+
+        shop.save!
+        shop.id
+      end
+
+      def retrieve(id)
+        shop = find_by(id: id)
+        construct_session(shop)
+      end
+
+      def retrieve_by_shopify_domain(domain)
+        shop = find_by(shopify_domain: domain)
+        construct_session(shop)
+      end
+
+      private
+
+      def construct_session(shop)
+        return unless shop
+
+        ShopifyAPI::Session.new(
+          domain: shop.shopify_domain,
+          token: shop.shopify_token,
+          api_version: shop.api_version,
+          access_scopes: shop.access_scopes
+        )
+      end
+    end
+
+    def access_scopes=(scopes)
+      super(scopes)
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to handle storing access scopes: #{scopes}"
+    end
+
+    def access_scopes
+      super
+    rescue NotImplementedError, NoMethodError
+      raise NotImplementedError, "#access_scopes= must be defined to hook into stored access scopes"
+    end
+  end
+end