shopify_app 17.2.1 → 18.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c3196fb2b6cba6107aee7ad481c745d3c76121f5f07a2f99e812f5e0dc206baa
4
- data.tar.gz: 4243a519b5e601238974ba566c978badf4fe2132f5c2e5616f2dd35e2f0557ba
3
+ metadata.gz: 7da18fdd3924eb35146d7ca4dbd928567e377757d0f3cc11c72ef6aa732e1cec
4
+ data.tar.gz: 5e90219d351aab20f23e247c28d63626ecbd1a26f960157a2e91221940b09b5f
5
5
  SHA512:
6
- metadata.gz: 3cd70a25dc28f3eedafe42dcf312d15a63d2775cd7f98457f6a431574aef1a7e5566fbb033c1ed67ed207ad88cb356741a38f642765b057b4fc9c288df82f008
7
- data.tar.gz: a30861d15e1db1bf447c655d5a889921dc991e421723781cd9f4cceb3828a91b73a6b73aa696df95cdcefca6f23caf1fd3834ffe4e9cad5b1bb4b4a90d187ff0
6
+ metadata.gz: f29dcc0b4504248d2811d9d61be42fa03f2a161eb16f79dde1b044db71e6f2697847dabb80563cb1cd21cdcc3979b1eb147d6ff07e4a51baad571a8830ed4969
7
+ data.tar.gz: a2138081a6942f4418cf3efb72f63ed61a3de162686c2e3d1b9316ed7f292c0adf8fa5e248b8a5396504096d561248427de32a36b87d1f84bb6901fd9efca661
data/CHANGELOG.md CHANGED
@@ -1,6 +1,12 @@
1
1
  Unreleased
2
2
  ----------
3
3
 
4
+ 18.0.0 (May 3, 2021)
5
+ ----------
6
+ * Support OmniAuth 2.x
7
+ * If your app has custom OmniAuth configuration, please refer to the [OmniAuth 2.0 upgrade guide](https://github.com/omniauth/omniauth/wiki/Upgrading-to-2.0).
8
+ * Support App Bridge version 2.x in the Embedded App layout. [#1241](https://github.com/Shopify/shopify_app/pull/1241)
9
+
4
10
  17.2.1 (April 1, 2021)
5
11
  ----------
6
12
  * Bug fix: Lock the CDN App Bridge version to `v1.X.Y` in the Embedded App layout [#1238](https://github.com/Shopify/shopify_app/pull/1238)
data/Gemfile.lock CHANGED
@@ -1,10 +1,11 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- shopify_app (17.2.1)
4
+ shopify_app (18.0.0)
5
5
  browser_sniffer (~> 1.2.2)
6
- jwt (~> 2.2.1)
7
- omniauth-shopify-oauth2 (~> 2.2.2)
6
+ jwt (>= 2.2.3)
7
+ omniauth-rails_csrf_protection
8
+ omniauth-shopify-oauth2 (~> 2.3)
8
9
  rails (> 5.2.1, < 6.2)
9
10
  redirect_safely (~> 1.0)
10
11
  shopify_api (~> 9.4)
@@ -93,14 +94,18 @@ GEM
93
94
  crass (1.0.6)
94
95
  debug_inspector (0.0.3)
95
96
  erubi (1.10.0)
96
- faraday (1.3.0)
97
+ faraday (1.4.1)
98
+ faraday-excon (~> 1.1)
97
99
  faraday-net_http (~> 1.0)
100
+ faraday-net_http_persistent (~> 1.1)
98
101
  multipart-post (>= 1.2, < 3)
99
- ruby2_keywords
102
+ ruby2_keywords (>= 0.0.4)
103
+ faraday-excon (1.1.0)
100
104
  faraday-net_http (1.0.1)
105
+ faraday-net_http_persistent (1.1.0)
101
106
  globalid (0.4.2)
102
107
  activesupport (>= 4.2.0)
103
- graphql (1.12.6)
108
+ graphql (1.12.8)
104
109
  graphql-client (0.16.0)
105
110
  activesupport (>= 3.0)
106
111
  graphql (~> 1.8)
@@ -108,13 +113,13 @@ GEM
108
113
  hashie (4.1.0)
109
114
  i18n (1.8.9)
110
115
  concurrent-ruby (~> 1.0)
111
- jwt (2.2.2)
116
+ jwt (2.2.3)
112
117
  loofah (2.9.0)
113
118
  crass (~> 1.0.2)
114
119
  nokogiri (>= 1.5.9)
115
120
  mail (2.7.1)
116
121
  mini_mime (>= 0.1.1)
117
- marcel (1.0.0)
122
+ marcel (1.0.1)
118
123
  method_source (0.9.2)
119
124
  mini_mime (1.0.3)
120
125
  mini_portile2 (2.5.0)
@@ -133,15 +138,19 @@ GEM
133
138
  multi_json (~> 1.3)
134
139
  multi_xml (~> 0.5)
135
140
  rack (>= 1.2, < 3)
136
- omniauth (1.9.1)
141
+ omniauth (2.0.4)
137
142
  hashie (>= 3.4.6)
138
143
  rack (>= 1.6.2, < 3)
139
- omniauth-oauth2 (1.5.0)
140
- oauth2 (~> 1.1)
141
- omniauth (~> 1.2)
142
- omniauth-shopify-oauth2 (2.2.3)
144
+ rack-protection
145
+ omniauth-oauth2 (1.7.1)
146
+ oauth2 (~> 1.4)
147
+ omniauth (>= 1.9, < 3)
148
+ omniauth-rails_csrf_protection (1.0.0)
149
+ actionpack (>= 4.2)
150
+ omniauth (~> 2.0)
151
+ omniauth-shopify-oauth2 (2.3.2)
143
152
  activesupport
144
- omniauth-oauth2 (~> 1.5.0)
153
+ omniauth-oauth2 (~> 1.5)
145
154
  parallel (1.20.1)
146
155
  parser (2.7.2.0)
147
156
  ast (~> 2.4.1)
@@ -156,6 +165,8 @@ GEM
156
165
  public_suffix (4.0.6)
157
166
  racc (1.5.2)
158
167
  rack (2.2.3)
168
+ rack-protection (2.1.0)
169
+ rack
159
170
  rack-test (1.1.0)
160
171
  rack (>= 1.0, < 3)
161
172
  rails (6.1.3.1)
@@ -150,7 +150,11 @@ module ShopifyApp
150
150
  end
151
151
 
152
152
  def authenticate_in_context
153
- redirect_to("#{main_app.root_path}auth/shopify")
153
+ post_redirect_to_auth_shopify
154
+ end
155
+
156
+ def post_redirect_to_auth_shopify
157
+ render('shopify_app/shared/post_redirect_to_auth_shopify', layout: false)
154
158
  end
155
159
 
156
160
  def authenticate_at_top_level
@@ -0,0 +1,21 @@
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="utf-8" />
5
+ <meta name="viewport" content="width=device-width, initial-scale=1" />
6
+ <base target="_top">
7
+ <title>Redirecting…</title>
8
+ <script>
9
+ function redirect() {
10
+ var form = document.getElementById("redirect-form");
11
+ if (form) {
12
+ form.submit();
13
+ }
14
+ }
15
+ document.addEventListener("DOMContentLoaded", redirect);
16
+ </script>
17
+ </head>
18
+ <body>
19
+ <%= form_tag '/auth/shopify', id: 'redirect-form' %>
20
+ </body>
21
+ </html>
@@ -16,6 +16,8 @@
16
16
  * [My app is still using cookies to authenticate](#my-app-is-still-using-cookies-to-authenticate)
17
17
  * [My app can't make requests to the Shopify API](#my-app-cant-make-requests-to-the-shopify-api)
18
18
 
19
+ [Migrating to App Bridge 2.0](#migrating-to-app-bridge-2.0)
20
+
19
21
  ## Generators
20
22
 
21
23
  ### The shopify_app:install generator hangs
@@ -138,4 +140,15 @@ _Example:_ If your embedded app cannot handle server-side XHR redirects, then co
138
140
  X-Shopify-API-Request-Failure-Unauthorized: true
139
141
  ```
140
142
 
141
- Then, use the [Shopify App Bridge Redirect](https://shopify.dev/tools/app-bridge/actions/navigation/redirect) action to redirect your app frontend to the app login URL if this header is set.
143
+ Then, use the [Shopify App Bridge Redirect](https://shopify.dev/tools/app-bridge/actions/navigation/redirect) action to redirect your app frontend to the app login URL if this header is set.
144
+
145
+ ## Migrating to App Bridge 2.0
146
+
147
+ In order to upgrade your embedded app to the latest App Bridge 2.0 version, please refer to the [migration guide](https://shopify.dev/tutorials/migrate-your-app-to-app-bridge-2).
148
+
149
+ To ensure that your app's embedded layout doesn't import App Bridge 2.0 before fully migrating, make the following change to bind it to v1.x.
150
+
151
+ ```diff
152
+ - <script src="https://unpkg.com/@shopify/app-bridge"></script>
153
+ + <script src="https://unpkg.com/@shopify/app-bridge@1"></script>
154
+ ```
@@ -3,8 +3,16 @@
3
3
  class HomeController < AuthenticatedController
4
4
  include ShopifyApp::ShopAccessScopesVerification
5
5
 
6
+ before_action :set_host
7
+
6
8
  def index
7
9
  @products = ShopifyAPI::Product.find(:all, params: { limit: 10 })
8
10
  @webhooks = ShopifyAPI::Webhook.find(:all)
9
11
  end
12
+
13
+ private
14
+
15
+ def set_host
16
+ @host = params[:host]
17
+ end
10
18
  end
@@ -18,7 +18,7 @@
18
18
 
19
19
  // Save a session token for future requests
20
20
  window.sessionToken = await new Promise((resolve) => {
21
- app.subscribe(SessionToken.ActionType.RESPOND, (data) => {
21
+ app.subscribe(SessionToken.Action.RESPOND, (data) => {
22
22
  resolve(data.sessionToken || "");
23
23
  });
24
24
  });
@@ -7,5 +7,6 @@ class HomeController < ApplicationController
7
7
 
8
8
  def index
9
9
  @shop_origin = current_shopify_domain
10
+ @host = params[:host]
10
11
  end
11
12
  end
@@ -24,11 +24,12 @@
24
24
 
25
25
  <%= render 'layouts/flash_messages' %>
26
26
 
27
- <script src="https://unpkg.com/@shopify/app-bridge@1"></script>
27
+ <script src="https://unpkg.com/@shopify/app-bridge@2"></script>
28
28
 
29
29
  <%= content_tag(:div, nil, id: 'shopify-app-init', data: {
30
30
  api_key: ShopifyApp.configuration.api_key,
31
31
  shop_origin: @shop_origin || (@current_shopify_session.domain if @current_shopify_session),
32
+ host: @host,
32
33
  debug: Rails.env.development?
33
34
  } ) %>
34
35
 
@@ -4,7 +4,7 @@ document.addEventListener('DOMContentLoaded', () => {
4
4
  var createApp = AppBridge.default;
5
5
  window.app = createApp({
6
6
  apiKey: data.apiKey,
7
- shopOrigin: data.shopOrigin,
7
+ host: data.host,
8
8
  });
9
9
 
10
10
  var actions = AppBridge.actions;
data/lib/shopify_app.rb CHANGED
@@ -3,6 +3,7 @@ require 'shopify_app/version'
3
3
 
4
4
  # deps
5
5
  require 'shopify_api'
6
+ require 'omniauth/rails_csrf_protection'
6
7
  require 'omniauth-shopify-oauth2'
7
8
  require 'redirect_safely'
8
9
 
@@ -9,6 +9,8 @@ module ShopifyApp
9
9
 
10
10
  class ShopifyDomainNotFound < StandardError; end
11
11
 
12
+ class ShopifyHostNotFound < StandardError; end
13
+
12
14
  included do
13
15
  after_action :set_test_cookie
14
16
  rescue_from ActiveResource::UnauthorizedAccess, with: :close_session
@@ -103,6 +105,12 @@ module ShopifyApp
103
105
  request.env['jwt.shopify_user_id']
104
106
  end
105
107
 
108
+ def host
109
+ return params[:host] if params[:host].present?
110
+
111
+ raise ShopifyHostNotFound
112
+ end
113
+
106
114
  def redirect_to_login
107
115
  if request.xhr?
108
116
  head(:unauthorized)
@@ -215,9 +223,8 @@ module ShopifyApp
215
223
  end
216
224
 
217
225
  def return_address
218
- return base_return_address unless ShopifyApp.configuration.allow_jwt_authentication
219
- return_address_with_params(shop: current_shopify_domain)
220
- rescue ShopifyDomainNotFound
226
+ return_address_with_params(shop: current_shopify_domain, host: host)
227
+ rescue ShopifyDomainNotFound, ShopifyHostNotFound
221
228
  base_return_address
222
229
  end
223
230
 
@@ -1,4 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
  module ShopifyApp
3
- VERSION = '17.2.1'
3
+ VERSION = '18.0.0'
4
4
  end
data/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shopify_app",
3
- "version": "17.2.1",
3
+ "version": "18.0.0",
4
4
  "repository": "git@github.com:Shopify/shopify_app.git",
5
5
  "author": "Shopify",
6
6
  "license": "MIT",
data/service.yml CHANGED
@@ -1,7 +1,4 @@
1
1
  audience: partner
2
2
  classification: library
3
- org_line: App & Partner Platform
4
- owners:
5
- - Shopify/platform-dev-tools-education
6
3
  slack_channels:
7
- - dev-tools-education
4
+ - core-build-extend
data/shopify_app.gemspec CHANGED
@@ -14,10 +14,11 @@ Gem::Specification.new do |s|
14
14
  s.metadata['allowed_push_host'] = 'https://rubygems.org'
15
15
 
16
16
  s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
17
+ s.add_runtime_dependency('omniauth-rails_csrf_protection')
17
18
  s.add_runtime_dependency('rails', '> 5.2.1', '< 6.2')
18
19
  s.add_runtime_dependency('shopify_api', '~> 9.4')
19
- s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
20
- s.add_runtime_dependency('jwt', '~> 2.2.1')
20
+ s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.3')
21
+ s.add_runtime_dependency('jwt', '>= 2.2.3')
21
22
  s.add_runtime_dependency('redirect_safely', '~> 1.0')
22
23
 
23
24
  s.add_development_dependency('rake')
data/yarn.lock CHANGED
@@ -4519,9 +4519,9 @@ sprintf-js@~1.0.2:
4519
4519
  integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=
4520
4520
 
4521
4521
  ssri@^6.0.1:
4522
- version "6.0.1"
4523
- resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.1.tgz#2a3c41b28dd45b62b63676ecb74001265ae9edd8"
4524
- integrity sha512-3Wge10hNcT1Kur4PDFwEieXSCMCJs/7WvSACcrMYrNp+b8kDL1/0wJch5Ni2WrtwEa2IO8OsVfeKIciKCDx/QA==
4522
+ version "6.0.2"
4523
+ resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.2.tgz#157939134f20464e7301ddba3e90ffa8f7728ac5"
4524
+ integrity sha512-cepbSq/neFK7xB6A50KHN0xHDotYzq58wWCa5LeWqnPrHG8GzfEjO/4O8kpmcGW+oaxkvhEJCWgbgNk4/ZV93Q==
4525
4525
  dependencies:
4526
4526
  figgy-pudding "^3.5.1"
4527
4527
 
@@ -5115,9 +5115,9 @@ xtend@^4.0.0, xtend@~4.0.1:
5115
5115
  integrity sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==
5116
5116
 
5117
5117
  y18n@^4.0.0:
5118
- version "4.0.0"
5119
- resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.0.tgz#95ef94f85ecc81d007c264e190a120f0a3c8566b"
5120
- integrity sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==
5118
+ version "4.0.3"
5119
+ resolved "https://registry.yarnpkg.com/y18n/-/y18n-4.0.3.tgz#b5f259c82cd6e336921efd7bfd8bf560de9eeedf"
5120
+ integrity sha512-JKhqTOwSrqNA1NY5lSztJ1GrBiUodLMmIZuLiDaMRJ+itFd+ABVE8XBjOvIWL+rSqNDC74LCSFmlb/U4UZ4hJQ==
5121
5121
 
5122
5122
  yallist@^3.0.2:
5123
5123
  version "3.1.1"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 17.2.1
4
+ version: 18.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-01 00:00:00.000000000 Z
11
+ date: 2021-05-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: browser_sniffer
@@ -24,6 +24,20 @@ dependencies:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
26
  version: 1.2.2
27
+ - !ruby/object:Gem::Dependency
28
+ name: omniauth-rails_csrf_protection
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
27
41
  - !ruby/object:Gem::Dependency
28
42
  name: rails
29
43
  requirement: !ruby/object:Gem::Requirement
@@ -64,28 +78,28 @@ dependencies:
64
78
  requirements:
65
79
  - - "~>"
66
80
  - !ruby/object:Gem::Version
67
- version: 2.2.2
81
+ version: '2.3'
68
82
  type: :runtime
69
83
  prerelease: false
70
84
  version_requirements: !ruby/object:Gem::Requirement
71
85
  requirements:
72
86
  - - "~>"
73
87
  - !ruby/object:Gem::Version
74
- version: 2.2.2
88
+ version: '2.3'
75
89
  - !ruby/object:Gem::Dependency
76
90
  name: jwt
77
91
  requirement: !ruby/object:Gem::Requirement
78
92
  requirements:
79
- - - "~>"
93
+ - - ">="
80
94
  - !ruby/object:Gem::Version
81
- version: 2.2.1
95
+ version: 2.2.3
82
96
  type: :runtime
83
97
  prerelease: false
84
98
  version_requirements: !ruby/object:Gem::Requirement
85
99
  requirements:
86
- - - "~>"
100
+ - - ">="
87
101
  - !ruby/object:Gem::Version
88
- version: 2.2.1
102
+ version: 2.2.3
89
103
  - !ruby/object:Gem::Dependency
90
104
  name: redirect_safely
91
105
  requirement: !ruby/object:Gem::Requirement
@@ -297,6 +311,7 @@ files:
297
311
  - app/views/shopify_app/sessions/new.html.erb
298
312
  - app/views/shopify_app/sessions/request_storage_access.html.erb
299
313
  - app/views/shopify_app/sessions/top_level_interaction.html.erb
314
+ - app/views/shopify_app/shared/post_redirect_to_auth_shopify.html.erb
300
315
  - app/views/shopify_app/shared/redirect.html.erb
301
316
  - config/locales/cs.yml
302
317
  - config/locales/da.yml