shopify_app 17.1.0 → 17.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: db6d499169653da5b11b813fe35e2ecf11312403cfa418c755e43c6b2dea3667
4
- data.tar.gz: 39d42cd9bba1bc353a5959376758fc52a71cfb3005c25dd9defb9d0816210244
3
+ metadata.gz: b7c85212f0a947dfc426afa1c06eec9330bfd47ff42794f05d070e7e01cdbe42
4
+ data.tar.gz: f919606ea20ae9b7626983783dc99aa1fc7776fc0cc2fe1f87b35653847f86ee
5
5
  SHA512:
6
- metadata.gz: 013f7337c0018134bd389a4c968118d8f26a4df9dca4d22a2dfe8de7d514f6914c5c11bd9e7446e3ab15d7c81c744967621f03c9fd354c43843706e77db79d21
7
- data.tar.gz: 3cc55404a0dd1e4dc0d3dadf1226c1755d887f13698dd87d118589a8c325b657d85de719a8a49ec3e6dcf33e7191968f7b04b8caaf5f722ee9ad36c1513937cb
6
+ metadata.gz: 0ed7553a6e6c0397668e7897bb42871bc96375f2773d017f18c3ef60572fb3979cd7ce101c3ffcf601057134676b4881aa96097123438ba83275c20086a9d4aa
7
+ data.tar.gz: 2a37f8439ad82010abddbc9108e08de3d8ef3c574a7ee24b67eb3ec36cfd36856563658f2f5014815a9cbea7210f495f8672337b6cd2c0ce5445e61a46753ce8
@@ -1,7 +1,10 @@
1
1
  name: CI
2
2
 
3
- on:
3
+ on:
4
4
  push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
5
8
 
6
9
  jobs:
7
10
  build:
data/CHANGELOG.md CHANGED
@@ -1,6 +1,10 @@
1
1
  Unreleased
2
2
  ----------
3
3
 
4
+ 17.1.1 (March 12, 2021)
5
+ ----------
6
+ * Fix issues with mocking OmniAuth callback controller tests [#1210](https://github.com/Shopify/shopify_app/pull/1210)
7
+
4
8
  17.1.0 (March 5, 2021)
5
9
  ----------
6
10
  * Create OmniAuthConfiguration object to build future OmniAuth strategies [#1190](https://github.com/Shopify/shopify_app/pull/1190)
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- shopify_app (17.1.0)
4
+ shopify_app (17.1.1)
5
5
  browser_sniffer (~> 1.2.2)
6
6
  jwt (~> 2.2.1)
7
7
  omniauth-shopify-oauth2 (~> 2.2.2)
@@ -129,8 +129,7 @@ module ShopifyApp
129
129
  end
130
130
 
131
131
  def access_scopes
132
- return unless auth_hash['extra']['scope']
133
- auth_hash['extra']['scope']
132
+ auth_hash.dig('extra', 'scope')
134
133
  end
135
134
 
136
135
  def reset_session_options
@@ -1,7 +1,20 @@
1
- Troubleshooting Shopify App
2
- ===========
1
+ # Troubleshooting Shopify App
3
2
 
4
- ### Generator shopify_app:install hangs
3
+ #### Table of contents
4
+
5
+ [Generators](#generators)
6
+ * [The `shopify_app:install` generator hangs](#the-shopifyappinstall-generator-hangs)
7
+
8
+ [App installation](#app-installation)
9
+ * [My app won't install](#my-app-wont-install)
10
+
11
+ [JWT session tokens](#jwt-session-tokens)
12
+ * [My app is still using cookies to authenticate](#my-app-is-still-using-cookies-to-authenticate)
13
+ * [My app can't make requests to the Shopify API](#my-app-cant-make-requests-to-the-shopify-api)
14
+
15
+ ## Generators
16
+
17
+ ### The shopify_app:install generator hangs
5
18
 
6
19
  Rails uses spring by default to speed up development. To run the generator, spring has to be stopped:
7
20
 
@@ -11,6 +24,85 @@ $ bundle exec spring stop
11
24
 
12
25
  Run shopify_app generator again.
13
26
 
14
- ### App installation fails with 'The page you’re looking for could not be found' if the app was installed before
27
+ ## App installation
28
+
29
+ ### My app won't install
30
+
31
+ #### App installation fails with 'The page you’re looking for could not be found' if the app was installed before
15
32
 
16
33
  This issue can occur when the session (the model you set as `ShopifyApp::SessionRepository.storage`) isn't deleted when the user uninstalls your app. A possible fix for this is listening to the `app/uninstalled` webhook and deleting the corresponding session in the webhook handler.
34
+
35
+ ## JWT session tokens
36
+
37
+ ### My app is still using cookies to authenticate
38
+
39
+ #### `shopify_app` gem version
40
+
41
+ Ensure the app is using shopify_app gem v13.x.x+. See [*Upgrading to `v13.0.0`*](/docs/Upgrading.md#upgrading-to-v1300).
42
+
43
+ #### `shopify_app` gem Rails configuration
44
+
45
+ Edit `config/initializer/shopify_app.rb` and ensure the following configurations are set:
46
+
47
+ ```diff
48
+ + config.embedded_app = true
49
+
50
+ + config.allow_jwt_authentication = true
51
+ + config.allow_cookie_authentication = false
52
+
53
+ # This line should already exist if you're using shopify_app gem 13.x.x+
54
+ + config.shop_session_repository = 'Shop'
55
+ ```
56
+
57
+ #### Inspect server logs
58
+
59
+ If you have checked the configurations above, and the app is still using cookies, then it is possible that the `shopify_app` gem defaulted to relying on cookies. This would happen when your browser allows third-party cookies and a session token was not successfully found as part of your request.
60
+
61
+ In this case, check the server logs to see if the session token was invalid:
62
+
63
+ ```los
64
+ [ShopifyApp::JWT] Failed to validate JWT: [JWT::<Error>] <Failure message>
65
+ ```
66
+
67
+ *Example*
68
+
69
+ ```
70
+ [ShopifyApp::JWT] Failed to validate JWT: [JWT::ImmatureSignature] Signature nbf has not been reached
71
+ ```
72
+
73
+ **Note:** In a local development environment, you may want to temporarily update your `Gemfile` to point to a local instance of the `shopify_app` library instad of an installed gem. This will enable you to use a debugging tool like `byebug` to debug the library.
74
+
75
+ ```diff
76
+ - gem 'shopify_app', '~> 14.2'
77
+ + gem 'shopify_app', path: '/path/to/shopify_app'
78
+ ```
79
+
80
+ ### My app can't make requests to the Shopify API
81
+
82
+ > **Note:** Session tokens cannot be used to make authenticated requests to the Shopify API. Learn more about authenticating your backend requests to Shopify APIs at [Shopify API authentication](https://shopify.dev/concepts/about-apis/authentication).
83
+
84
+ #### The Shopify API returns `401 Unauthorized`
85
+
86
+ If your app uses [user-based token storage](/docs/shopify_app/session-repository.md#user-based-token-storage), then your app is configured to use **online** access tokens (see [API access modes](https://shopify.dev/concepts/about-apis/authentication#api-access-modes) to learn the difference between "online" and "offline" access tokens ). Unlike offline access tokens, online access tokens expire daily and cannot be used to make authenticated requests to the Shopify API once they expire.
87
+
88
+ Converting your app to use session tokens means that your app will most likely not go through the OAuth flow as often as it did when relying on cookie sessions. Since the online access tokens stored in your app's database are refreshed during OAuth, this may cause your app's user session repository to use expired online access tokens.
89
+
90
+ If the Shopify API returns `401 Unauthorized`, handle this error on your app by redirecting the user to your login path to start the OAuth flow. As a result, your app will be given a new online access token for the current user.
91
+
92
+ > **Note:** The following are examples to common app configurations. Your specific use-case may differ.
93
+
94
+ ##### Example solution
95
+
96
+ Add the following line to your app's unauthorized response handler:
97
+
98
+ ```diff
99
+ + redirect_to(ShopifyApp.configuration.login_url, shop: current_shopify_domain)
100
+ ```
101
+
102
+ _Example:_ If your embedded app cannot handle server-side XHR redirects, then configure your app's unauthorized response handler to set a response header:
103
+
104
+ ```
105
+ X-Shopify-API-Request-Failure-Unauthorized: true
106
+ ```
107
+
108
+ Then, use the [Shopify App Bridge Redirect](https://shopify.dev/tools/app-bridge/actions/navigation/redirect) action to redirect your app frontend to the app login URL if this header is set.
@@ -1,4 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
  module ShopifyApp
3
- VERSION = '17.1.0'
3
+ VERSION = '17.1.1'
4
4
  end
data/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shopify_app",
3
- "version": "17.1.0",
3
+ "version": "17.1.1",
4
4
  "repository": "git@github.com:Shopify/shopify_app.git",
5
5
  "author": "Shopify",
6
6
  "license": "MIT",
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 17.1.0
4
+ version: 17.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-05 00:00:00.000000000 Z
11
+ date: 2021-03-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: browser_sniffer