shopify_app 18.1.0 → 19.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (99) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build.yml +2 -2
  3. data/.gitignore +1 -0
  4. data/CHANGELOG.md +13 -0
  5. data/Gemfile +3 -2
  6. data/Gemfile.lock +124 -158
  7. data/README.md +1 -0
  8. data/Rakefile +4 -3
  9. data/app/assets/javascripts/shopify_app/app_bridge_2.0.12.js +10 -0
  10. data/app/assets/javascripts/shopify_app/app_bridge_redirect.js +3 -4
  11. data/app/assets/javascripts/shopify_app/storage_access.js +1 -1
  12. data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +1 -1
  13. data/app/controllers/concerns/shopify_app/require_known_shop.rb +1 -0
  14. data/app/controllers/concerns/shopify_app/shop_access_scopes_verification.rb +1 -1
  15. data/app/controllers/shopify_app/authenticated_controller.rb +1 -0
  16. data/app/controllers/shopify_app/callback_controller.rb +35 -147
  17. data/app/controllers/shopify_app/sessions_controller.rb +25 -132
  18. data/app/controllers/shopify_app/webhooks_controller.rb +5 -23
  19. data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -8
  20. data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -8
  21. data/app/views/shopify_app/sessions/top_level_interaction.html.erb +1 -1
  22. data/app/views/shopify_app/shared/redirect.html.erb +1 -7
  23. data/config/routes.rb +6 -12
  24. data/docs/Troubleshooting.md +0 -3
  25. data/docs/Upgrading.md +92 -3
  26. data/docs/shopify_app/webhooks.md +1 -1
  27. data/lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb +10 -9
  28. data/lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb +1 -0
  29. data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +4 -3
  30. data/lib/generators/shopify_app/add_webhook/add_webhook_generator.rb +13 -12
  31. data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt +9 -1
  32. data/lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb +7 -6
  33. data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_controller.rb +2 -1
  34. data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_route.rb +1 -1
  35. data/lib/generators/shopify_app/authenticated_controller/authenticated_controller_generator.rb +3 -3
  36. data/lib/generators/shopify_app/controllers/controllers_generator.rb +4 -3
  37. data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +11 -15
  38. data/lib/generators/shopify_app/home_controller/templates/home_controller.rb +2 -2
  39. data/lib/generators/shopify_app/home_controller/templates/index.html.erb +3 -3
  40. data/lib/generators/shopify_app/install/install_generator.rb +25 -74
  41. data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +1 -1
  42. data/lib/generators/shopify_app/install/templates/session_store.rb +2 -1
  43. data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +20 -5
  44. data/lib/generators/shopify_app/products_controller/products_controller_generator.rb +3 -3
  45. data/lib/generators/shopify_app/products_controller/templates/products_controller.rb +1 -1
  46. data/lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb +4 -4
  47. data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake +1 -0
  48. data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb +1 -1
  49. data/lib/generators/shopify_app/routes/routes_generator.rb +6 -5
  50. data/lib/generators/shopify_app/routes/templates/routes.rb +5 -5
  51. data/lib/generators/shopify_app/shop_model/shop_model_generator.rb +11 -10
  52. data/lib/generators/shopify_app/shop_model/templates/shop.rb +1 -0
  53. data/lib/generators/shopify_app/shopify_app_generator.rb +4 -3
  54. data/lib/generators/shopify_app/user_model/templates/user.rb +1 -0
  55. data/lib/generators/shopify_app/user_model/user_model_generator.rb +11 -10
  56. data/lib/generators/shopify_app/views/views_generator.rb +4 -3
  57. data/lib/shopify_app/access_scopes/shop_strategy.rb +2 -2
  58. data/lib/shopify_app/access_scopes/user_strategy.rb +4 -4
  59. data/lib/shopify_app/configuration.rb +5 -17
  60. data/lib/shopify_app/controller_concerns/app_proxy_verification.rb +4 -3
  61. data/lib/shopify_app/controller_concerns/csrf_protection.rb +2 -1
  62. data/lib/shopify_app/controller_concerns/embedded_app.rb +4 -3
  63. data/lib/shopify_app/controller_concerns/itp.rb +3 -3
  64. data/lib/shopify_app/controller_concerns/localization.rb +1 -0
  65. data/lib/shopify_app/controller_concerns/login_protection.rb +55 -73
  66. data/lib/shopify_app/controller_concerns/payload_verification.rb +3 -2
  67. data/lib/shopify_app/controller_concerns/webhook_verification.rb +2 -1
  68. data/lib/shopify_app/engine.rb +7 -15
  69. data/lib/shopify_app/jobs/scripttags_manager_job.rb +2 -2
  70. data/lib/shopify_app/jobs/webhooks_manager_job.rb +4 -5
  71. data/lib/shopify_app/managers/scripttags_manager.rb +11 -4
  72. data/lib/shopify_app/managers/webhooks_manager.rb +42 -44
  73. data/lib/shopify_app/middleware/jwt_middleware.rb +5 -4
  74. data/lib/shopify_app/session/in_memory_session_store.rb +1 -0
  75. data/lib/shopify_app/session/in_memory_shop_session_store.rb +2 -1
  76. data/lib/shopify_app/session/in_memory_user_session_store.rb +1 -0
  77. data/lib/shopify_app/session/jwt.rb +9 -8
  78. data/lib/shopify_app/session/null_user_session_store.rb +2 -1
  79. data/lib/shopify_app/session/session_repository.rb +37 -0
  80. data/lib/shopify_app/session/session_storage.rb +4 -6
  81. data/lib/shopify_app/session/shop_session_storage.rb +6 -6
  82. data/lib/shopify_app/session/shop_session_storage_with_scopes.rb +7 -8
  83. data/lib/shopify_app/session/user_session_storage.rb +19 -6
  84. data/lib/shopify_app/session/user_session_storage_with_scopes.rb +21 -8
  85. data/lib/shopify_app/test_helpers/all.rb +2 -1
  86. data/lib/shopify_app/test_helpers/webhook_verification_helper.rb +4 -3
  87. data/lib/shopify_app/utils.rb +4 -10
  88. data/lib/shopify_app/version.rb +2 -1
  89. data/lib/shopify_app.rb +35 -40
  90. data/package.json +1 -1
  91. data/shopify_app.gemspec +21 -20
  92. data/yarn.lock +6 -6
  93. metadata +44 -49
  94. data/app/assets/javascripts/shopify_app/app_bridge_1.30.0.js +0 -1
  95. data/lib/generators/shopify_app/install/templates/omniauth.rb +0 -4
  96. data/lib/generators/shopify_app/install/templates/shopify_provider.rb.tt +0 -8
  97. data/lib/generators/shopify_app/install/templates/user_agent.rb +0 -6
  98. data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +0 -34
  99. data/lib/shopify_app/omniauth/omniauth_configuration.rb +0 -64
@@ -1,62 +1,60 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  class WebhooksManager
4
5
  class CreationFailed < StandardError; end
5
6
 
6
- def self.queue(shop_domain, shop_token, webhooks)
7
- ShopifyApp::WebhooksManagerJob.perform_later(
8
- shop_domain: shop_domain,
9
- shop_token: shop_token,
10
- webhooks: webhooks
11
- )
12
- end
13
-
14
- attr_reader :required_webhooks
15
-
16
- def initialize(webhooks)
17
- @required_webhooks = webhooks
18
- end
19
-
20
- def recreate_webhooks!
21
- destroy_webhooks
22
- create_webhooks
23
- end
24
-
25
- def create_webhooks
26
- return unless required_webhooks.present?
7
+ class << self
8
+ def queue(shop_domain, shop_token)
9
+ ShopifyApp::WebhooksManagerJob.perform_later(
10
+ shop_domain: shop_domain,
11
+ shop_token: shop_token
12
+ )
13
+ end
27
14
 
28
- required_webhooks.each do |webhook|
29
- create_webhook(webhook) unless webhook_exists?(webhook[:topic])
15
+ def create_webhooks(session:)
16
+ return unless ShopifyApp.configuration.has_webhooks?
17
+ ShopifyAPI::Webhooks::Registry.register_all(session: session)
30
18
  end
31
- end
32
19
 
33
- def destroy_webhooks
34
- ShopifyAPI::Webhook.all.to_a.each do |webhook|
35
- ShopifyAPI::Webhook.delete(webhook.id) if required_webhook?(webhook)
20
+ def recreate_webhooks!(session:)
21
+ destroy_webhooks
22
+ return unless ShopifyApp.configuration.has_webhooks?
23
+ add_registrations
24
+ ShopifyAPI::Webhooks::Registry.register_all(session: session)
36
25
  end
37
26
 
38
- @current_webhooks = nil
39
- end
27
+ def destroy_webhooks
28
+ return unless ShopifyApp.configuration.has_webhooks?
40
29
 
41
- private
30
+ ShopifyApp.configuration.webhooks.each do |attributes|
31
+ ShopifyAPI::Webhooks::Registry.unregister(topic: attributes[:topic])
32
+ end
33
+ end
42
34
 
43
- def required_webhook?(webhook)
44
- required_webhooks.map { |w| w[:address] }.include?(webhook.address)
45
- end
35
+ def add_registrations
36
+ return unless ShopifyApp.configuration.has_webhooks?
37
+
38
+ ShopifyApp.configuration.webhooks.each do |attributes|
39
+ ShopifyAPI::Webhooks::Registry.add_registration(
40
+ topic: attributes[:topic],
41
+ delivery_method: attributes[:delivery_method] || :http,
42
+ path: attributes[:address],
43
+ handler: webhook_job_klass(attributes[:topic]),
44
+ fields: attributes[:fields]
45
+ )
46
+ end
47
+ end
46
48
 
47
- def create_webhook(attributes)
48
- attributes.reverse_merge!(format: 'json')
49
- webhook = ShopifyAPI::Webhook.create(attributes)
50
- raise CreationFailed, webhook.errors.full_messages.to_sentence unless webhook.persisted?
51
- webhook
52
- end
49
+ private
53
50
 
54
- def webhook_exists?(topic)
55
- current_webhooks[topic]
56
- end
51
+ def webhook_job_klass(topic)
52
+ webhook_job_klass_name(topic).safe_constantize || raise(ShopifyApp::MissingWebhookJobError)
53
+ end
57
54
 
58
- def current_webhooks
59
- @current_webhooks ||= ShopifyAPI::Webhook.all.to_a.index_by(&:topic)
55
+ def webhook_job_klass_name(topic)
56
+ [ShopifyApp.configuration.webhook_jobs_namespace, "#{topic.gsub("/", "_")}_job"].compact.join("/").classify
57
+ end
60
58
  end
61
59
  end
62
60
  end
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  class JWTMiddleware
4
5
  TOKEN_REGEX = /^Bearer\s+(.*?)$/
@@ -24,7 +25,7 @@ module ShopifyApp
24
25
  end
25
26
 
26
27
  def authorization_header(env)
27
- env['HTTP_AUTHORIZATION']
28
+ env["HTTP_AUTHORIZATION"]
28
29
  end
29
30
 
30
31
  def extract_token(env)
@@ -35,9 +36,9 @@ module ShopifyApp
35
36
  def set_env_variables(token, env)
36
37
  jwt = ShopifyApp::JWT.new(token)
37
38
 
38
- env['jwt.shopify_domain'] = jwt.shopify_domain
39
- env['jwt.shopify_user_id'] = jwt.shopify_user_id
40
- env['jwt.expire_at'] = jwt.expire_at
39
+ env["jwt.shopify_domain"] = jwt.shopify_domain
40
+ env["jwt.shopify_user_id"] = jwt.shopify_user_id
41
+ env["jwt.expire_at"] = jwt.expire_at
41
42
  end
42
43
  end
43
44
  end
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  # rubocop:disable Style/ClassVars
4
5
  # Class var repo is needed here in order to share data between the 2 child classes.
@@ -1,10 +1,11 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  class InMemoryShopSessionStore < InMemorySessionStore
4
5
  class << self
5
6
  def store(session, *args)
6
7
  id = super
7
- repo[session.domain] = session
8
+ repo[session.shop] = session
8
9
  id
9
10
  end
10
11
 
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  class InMemoryUserSessionStore < InMemorySessionStore
4
5
  class << self
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  class JWT
4
5
  class InvalidDestinationError < StandardError; end
@@ -23,15 +24,15 @@ module ShopifyApp
23
24
  end
24
25
 
25
26
  def shopify_domain
26
- @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload['dest'])
27
+ @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload["dest"])
27
28
  end
28
29
 
29
30
  def shopify_user_id
30
- @payload['sub'].to_i if @payload && @payload['sub']
31
+ @payload["sub"].to_i if @payload && @payload["sub"]
31
32
  end
32
33
 
33
34
  def expire_at
34
- @payload['exp'].to_i if @payload && @payload['exp']
35
+ @payload["exp"].to_i if @payload && @payload["exp"]
35
36
  end
36
37
 
37
38
  private
@@ -45,19 +46,19 @@ module ShopifyApp
45
46
  end
46
47
 
47
48
  def parse_token_data(secret, old_secret)
48
- ::JWT.decode(@token, secret, true, { algorithm: 'HS256' })
49
+ ::JWT.decode(@token, secret, true, { algorithm: "HS256" })
49
50
  rescue ::JWT::VerificationError
50
51
  raise unless old_secret
51
52
 
52
- ::JWT.decode(@token, old_secret, true, { algorithm: 'HS256' })
53
+ ::JWT.decode(@token, old_secret, true, { algorithm: "HS256" })
53
54
  end
54
55
 
55
56
  def validate_payload(payload)
56
- dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload['dest'])
57
- iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload['iss'])
57
+ dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload["dest"])
58
+ iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload["iss"])
58
59
  api_key = ShopifyApp.configuration.api_key
59
60
 
60
- raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload['aud'] == api_key
61
+ raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload["aud"] == api_key
61
62
  raise InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
62
63
  raise MismatchedHostsError, "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host
63
64
 
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  class NullUserSessionStore
4
5
  class << self
@@ -7,7 +8,7 @@ module ShopifyApp
7
8
  end
8
9
 
9
10
  def store(_, _)
10
- raise SessionRepository::ConfigurationError, 'user_storage is not configured'
11
+ raise SessionRepository::ConfigurationError, "user_storage is not configured"
11
12
  end
12
13
 
13
14
  def retrieve_by_shopify_user_id(_)
@@ -1,6 +1,9 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  class SessionRepository
5
+ extend ShopifyAPI::Auth::SessionStorage
6
+
4
7
  class ConfigurationError < StandardError; end
5
8
 
6
9
  class << self
@@ -40,6 +43,40 @@ module ShopifyApp
40
43
  load_user_storage
41
44
  end
42
45
 
46
+ # ShopifyAPI::Auth::SessionStorage override
47
+ def store_session(session)
48
+ if session.online?
49
+ user_storage.store(session, session.associated_user.id.to_s)
50
+ else
51
+ shop_storage.store(session)
52
+ end
53
+ end
54
+
55
+ # ShopifyAPI::Auth::SessionStorage override
56
+ def load_session(id)
57
+ match = id.match(/^offline_(.*)/)
58
+ if match
59
+ retrieve_shop_session_by_shopify_domain(match[1])
60
+ else
61
+ retrieve_user_session_by_shopify_user_id(id.split("_").last)
62
+ end
63
+ end
64
+
65
+ # ShopifyAPI::Auth::SessionStorage override
66
+ def delete_session(id)
67
+ match = id.match(/^offline_(.*)/)
68
+
69
+ record = if match
70
+ Shop.find_by(shopify_domain: match[1])
71
+ else
72
+ User.find_by(shopify_user_id: id.split("_").last)
73
+ end
74
+
75
+ record.destroy
76
+
77
+ true
78
+ end
79
+
43
80
  private
44
81
 
45
82
  def load_shop_storage
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  module SessionStorage
4
5
  extend ActiveSupport::Concern
@@ -9,12 +10,9 @@ module ShopifyApp
9
10
  end
10
11
 
11
12
  def with_shopify_session(&block)
12
- ShopifyAPI::Session.temp(
13
- domain: shopify_domain,
14
- token: shopify_token,
15
- api_version: api_version,
16
- &block
17
- )
13
+ ShopifyAPI::Auth::Session.temp(shop: shopify_domain, access_token: shopify_token) do
14
+ yield block
15
+ end
18
16
  end
19
17
  end
20
18
  end
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  module ShopSessionStorage
4
5
  extend ActiveSupport::Concern
@@ -10,8 +11,8 @@ module ShopifyApp
10
11
 
11
12
  class_methods do
12
13
  def store(auth_session, *_args)
13
- shop = find_or_initialize_by(shopify_domain: auth_session.domain)
14
- shop.shopify_token = auth_session.token
14
+ shop = find_or_initialize_by(shopify_domain: auth_session.shop)
15
+ shop.shopify_token = auth_session.access_token
15
16
  shop.save!
16
17
  shop.id
17
18
  end
@@ -31,10 +32,9 @@ module ShopifyApp
31
32
  def construct_session(shop)
32
33
  return unless shop
33
34
 
34
- ShopifyAPI::Session.new(
35
- domain: shop.shopify_domain,
36
- token: shop.shopify_token,
37
- api_version: shop.api_version,
35
+ ShopifyAPI::Auth::Session.new(
36
+ shop: shop.shopify_domain,
37
+ access_token: shop.shopify_token
38
38
  )
39
39
  end
40
40
  end
@@ -11,9 +11,9 @@ module ShopifyApp
11
11
 
12
12
  class_methods do
13
13
  def store(auth_session, *_args)
14
- shop = find_or_initialize_by(shopify_domain: auth_session.domain)
15
- shop.shopify_token = auth_session.token
16
- shop.access_scopes = auth_session.access_scopes
14
+ shop = find_or_initialize_by(shopify_domain: auth_session.shop)
15
+ shop.shopify_token = auth_session.access_token
16
+ shop.access_scopes = auth_session.scope.to_s
17
17
 
18
18
  shop.save!
19
19
  shop.id
@@ -34,11 +34,10 @@ module ShopifyApp
34
34
  def construct_session(shop)
35
35
  return unless shop
36
36
 
37
- ShopifyAPI::Session.new(
38
- domain: shop.shopify_domain,
39
- token: shop.shopify_token,
40
- api_version: shop.api_version,
41
- access_scopes: shop.access_scopes
37
+ ShopifyAPI::Auth::Session.new(
38
+ shop: shop.shopify_domain,
39
+ access_token: shop.shopify_token,
40
+ scope: shop.access_scopes
42
41
  )
43
42
  end
44
43
  end
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  module UserSessionStorage
4
5
  extend ActiveSupport::Concern
@@ -11,8 +12,8 @@ module ShopifyApp
11
12
  class_methods do
12
13
  def store(auth_session, user)
13
14
  user = find_or_initialize_by(shopify_user_id: user[:id])
14
- user.shopify_token = auth_session.token
15
- user.shopify_domain = auth_session.domain
15
+ user.shopify_token = auth_session.access_token
16
+ user.shopify_domain = auth_session.shop
16
17
  user.save!
17
18
  user.id
18
19
  end
@@ -31,10 +32,22 @@ module ShopifyApp
31
32
 
32
33
  def construct_session(user)
33
34
  return unless user
34
- ShopifyAPI::Session.new(
35
- domain: user.shopify_domain,
36
- token: user.shopify_token,
37
- api_version: user.api_version,
35
+
36
+ associated_user = ShopifyAPI::Auth::AssociatedUser.new(
37
+ id: user.shopify_user_id,
38
+ first_name: "",
39
+ last_name: "",
40
+ email: "",
41
+ email_verified: false,
42
+ account_owner: false,
43
+ locale: "",
44
+ collaborator: false
45
+ )
46
+
47
+ ShopifyAPI::Auth::Session.new(
48
+ shop: user.shopify_domain,
49
+ access_token: user.shopify_token,
50
+ associated_user: associated_user
38
51
  )
39
52
  end
40
53
  end
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  module UserSessionStorageWithScopes
4
5
  extend ActiveSupport::Concern
@@ -11,9 +12,9 @@ module ShopifyApp
11
12
  class_methods do
12
13
  def store(auth_session, user)
13
14
  user = find_or_initialize_by(shopify_user_id: user[:id])
14
- user.shopify_token = auth_session.token
15
- user.shopify_domain = auth_session.domain
16
- user.access_scopes = auth_session.access_scopes
15
+ user.shopify_token = auth_session.access_token
16
+ user.shopify_domain = auth_session.shop
17
+ user.access_scopes = auth_session.scope.to_s
17
18
 
18
19
  user.save!
19
20
  user.id
@@ -34,11 +35,23 @@ module ShopifyApp
34
35
  def construct_session(user)
35
36
  return unless user
36
37
 
37
- ShopifyAPI::Session.new(
38
- domain: user.shopify_domain,
39
- token: user.shopify_token,
40
- api_version: user.api_version,
41
- access_scopes: user.access_scopes
38
+ associated_user = ShopifyAPI::Auth::AssociatedUser.new(
39
+ id: user.shopify_user_id,
40
+ first_name: "",
41
+ last_name: "",
42
+ email: "",
43
+ email_verified: false,
44
+ account_owner: false,
45
+ locale: "",
46
+ collaborator: false
47
+ )
48
+
49
+ ShopifyAPI::Auth::Session.new(
50
+ shop: user.shopify_domain,
51
+ access_token: user.shopify_token,
52
+ scope: user.access_scopes,
53
+ associated_user_scope: user.access_scopes,
54
+ associated_user: associated_user
42
55
  )
43
56
  end
44
57
  end
@@ -1,2 +1,3 @@
1
1
  # frozen_string_literal: true
2
- require 'shopify_app/test_helpers/webhook_verification_helper'
2
+
3
+ require "shopify_app/test_helpers/webhook_verification_helper"
@@ -1,16 +1,17 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  module TestHelpers
4
5
  module WebhookVerificationHelper
5
6
  def authorized_webhook_verification_headers!(params = {})
6
- digest = OpenSSL::Digest.new('sha256')
7
+ digest = OpenSSL::Digest.new("sha256")
7
8
  secret = ShopifyApp.configuration.secret
8
9
  valid_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, params.to_query)).strip
9
- @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = valid_hmac
10
+ @request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"] = valid_hmac
10
11
  end
11
12
 
12
13
  def unauthorized_webhook_verification_headers!
13
- @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = "invalid_hmac"
14
+ @request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"] = "invalid_hmac"
14
15
  end
15
16
  end
16
17
  end
@@ -1,11 +1,12 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  module Utils
4
5
  def self.sanitize_shop_domain(shop_domain)
5
6
  myshopify_domain = ShopifyApp.configuration.myshopify_domain
6
7
  name = shop_domain.to_s.downcase.strip
7
8
  name += ".#{myshopify_domain}" if !name.include?(myshopify_domain.to_s) && !name.include?(".")
8
- name.sub!(%r|https?://|, '')
9
+ name.sub!(%r|https?://|, "")
9
10
 
10
11
  u = URI("http://#{name}")
11
12
  u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(myshopify_domain)}$/)
@@ -13,20 +14,13 @@ module ShopifyApp
13
14
  nil
14
15
  end
15
16
 
16
- def self.fetch_known_api_versions
17
- Rails.logger.info("[ShopifyAPI::ApiVersion] Fetching known Admin API Versions from Shopify...")
18
- ShopifyAPI::ApiVersion.fetch_known_versions
19
- Rails.logger.info("[ShopifyAPI::ApiVersion] Known API Versions: #{ShopifyAPI::ApiVersion.versions.keys}")
20
- rescue ActiveResource::ConnectionError
21
- logger.error("[ShopifyAPI::ApiVersion] Unable to fetch api_versions from Shopify")
22
- end
23
-
24
- def self.shop_login_url(shop:, return_to:)
17
+ def self.shop_login_url(shop:, host:, return_to:)
25
18
  return ShopifyApp.configuration.login_url unless shop
26
19
  url = URI(ShopifyApp.configuration.login_url)
27
20
 
28
21
  url.query = URI.encode_www_form(
29
22
  shop: shop,
23
+ host: host,
30
24
  return_to: return_to,
31
25
  )
32
26
 
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
- VERSION = '18.1.0'
4
+ VERSION = "19.0.0"
4
5
  end
data/lib/shopify_app.rb CHANGED
@@ -1,11 +1,10 @@
1
1
  # frozen_string_literal: true
2
- require 'shopify_app/version'
2
+
3
+ require "shopify_app/version"
3
4
 
4
5
  # deps
5
- require 'shopify_api'
6
- require 'omniauth/rails_csrf_protection'
7
- require 'omniauth-shopify-oauth2'
8
- require 'redirect_safely'
6
+ require "shopify_api"
7
+ require "redirect_safely"
9
8
 
10
9
  module ShopifyApp
11
10
  def self.rails6?
@@ -22,59 +21,55 @@ module ShopifyApp
22
21
 
23
22
  def self.use_webpacker?
24
23
  rails6? &&
25
- defined?(Webpacker) == 'constant' &&
24
+ defined?(Webpacker) == "constant" &&
26
25
  !configuration.disable_webpacker
27
26
  end
28
27
 
29
28
  # config
30
- require 'shopify_app/configuration'
29
+ require "shopify_app/configuration"
31
30
 
32
31
  # engine
33
- require 'shopify_app/engine'
32
+ require "shopify_app/engine"
34
33
 
35
34
  # utils
36
- require 'shopify_app/utils'
35
+ require "shopify_app/utils"
37
36
 
38
37
  # controller concerns
39
- require 'shopify_app/controller_concerns/csrf_protection'
40
- require 'shopify_app/controller_concerns/localization'
41
- require 'shopify_app/controller_concerns/itp'
42
- require 'shopify_app/controller_concerns/login_protection'
43
- require 'shopify_app/controller_concerns/embedded_app'
44
- require 'shopify_app/controller_concerns/payload_verification'
45
- require 'shopify_app/controller_concerns/app_proxy_verification'
46
- require 'shopify_app/controller_concerns/webhook_verification'
38
+ require "shopify_app/controller_concerns/csrf_protection"
39
+ require "shopify_app/controller_concerns/localization"
40
+ require "shopify_app/controller_concerns/itp"
41
+ require "shopify_app/controller_concerns/login_protection"
42
+ require "shopify_app/controller_concerns/embedded_app"
43
+ require "shopify_app/controller_concerns/payload_verification"
44
+ require "shopify_app/controller_concerns/app_proxy_verification"
45
+ require "shopify_app/controller_concerns/webhook_verification"
47
46
 
48
47
  # jobs
49
- require 'shopify_app/jobs/webhooks_manager_job'
50
- require 'shopify_app/jobs/scripttags_manager_job'
48
+ require "shopify_app/jobs/webhooks_manager_job"
49
+ require "shopify_app/jobs/scripttags_manager_job"
51
50
 
52
51
  # managers
53
- require 'shopify_app/managers/webhooks_manager'
54
- require 'shopify_app/managers/scripttags_manager'
52
+ require "shopify_app/managers/webhooks_manager"
53
+ require "shopify_app/managers/scripttags_manager"
55
54
 
56
55
  # middleware
57
- require 'shopify_app/middleware/jwt_middleware'
58
- require 'shopify_app/middleware/same_site_cookie_middleware'
56
+ require "shopify_app/middleware/jwt_middleware"
59
57
 
60
58
  # session
61
- require 'shopify_app/session/in_memory_session_store'
62
- require 'shopify_app/session/in_memory_shop_session_store'
63
- require 'shopify_app/session/in_memory_user_session_store'
64
- require 'shopify_app/session/jwt'
65
- require 'shopify_app/session/null_user_session_store'
66
- require 'shopify_app/session/session_repository'
67
- require 'shopify_app/session/session_storage'
68
- require 'shopify_app/session/shop_session_storage'
69
- require 'shopify_app/session/shop_session_storage_with_scopes'
70
- require 'shopify_app/session/user_session_storage'
71
- require 'shopify_app/session/user_session_storage_with_scopes'
59
+ require "shopify_app/session/in_memory_session_store"
60
+ require "shopify_app/session/in_memory_shop_session_store"
61
+ require "shopify_app/session/in_memory_user_session_store"
62
+ require "shopify_app/session/jwt"
63
+ require "shopify_app/session/null_user_session_store"
64
+ require "shopify_app/session/session_repository"
65
+ require "shopify_app/session/session_storage"
66
+ require "shopify_app/session/shop_session_storage"
67
+ require "shopify_app/session/shop_session_storage_with_scopes"
68
+ require "shopify_app/session/user_session_storage"
69
+ require "shopify_app/session/user_session_storage_with_scopes"
72
70
 
73
71
  # access scopes strategies
74
- require 'shopify_app/access_scopes/shop_strategy'
75
- require 'shopify_app/access_scopes/user_strategy'
76
- require 'shopify_app/access_scopes/noop_strategy'
77
-
78
- # omniauth_configuration
79
- require 'shopify_app/omniauth/omniauth_configuration'
72
+ require "shopify_app/access_scopes/shop_strategy"
73
+ require "shopify_app/access_scopes/user_strategy"
74
+ require "shopify_app/access_scopes/noop_strategy"
80
75
  end
data/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shopify_app",
3
- "version": "18.1.0",
3
+ "version": "19.0.0",
4
4
  "repository": "git@github.com:Shopify/shopify_app.git",
5
5
  "author": "Shopify",
6
6
  "license": "MIT",