shopify_app 18.1.1 → 19.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (97) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build.yml +2 -2
  3. data/.gitignore +1 -0
  4. data/CHANGELOG.md +14 -0
  5. data/Gemfile +3 -2
  6. data/Gemfile.lock +124 -158
  7. data/Rakefile +4 -3
  8. data/app/assets/javascripts/shopify_app/app_bridge_2.0.12.js +10 -0
  9. data/app/assets/javascripts/shopify_app/app_bridge_redirect.js +2 -3
  10. data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +1 -1
  11. data/app/controllers/concerns/shopify_app/require_known_shop.rb +1 -0
  12. data/app/controllers/concerns/shopify_app/shop_access_scopes_verification.rb +1 -1
  13. data/app/controllers/shopify_app/authenticated_controller.rb +1 -0
  14. data/app/controllers/shopify_app/callback_controller.rb +35 -147
  15. data/app/controllers/shopify_app/sessions_controller.rb +25 -132
  16. data/app/controllers/shopify_app/webhooks_controller.rb +5 -23
  17. data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -1
  18. data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -1
  19. data/app/views/shopify_app/sessions/top_level_interaction.html.erb +1 -1
  20. data/app/views/shopify_app/shared/redirect.html.erb +1 -1
  21. data/config/routes.rb +6 -12
  22. data/docs/Troubleshooting.md +0 -3
  23. data/docs/Upgrading.md +92 -3
  24. data/docs/shopify_app/webhooks.md +1 -1
  25. data/lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb +10 -9
  26. data/lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb +1 -0
  27. data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +4 -3
  28. data/lib/generators/shopify_app/add_webhook/add_webhook_generator.rb +13 -12
  29. data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt +9 -1
  30. data/lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb +7 -6
  31. data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_controller.rb +2 -1
  32. data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_route.rb +1 -1
  33. data/lib/generators/shopify_app/authenticated_controller/authenticated_controller_generator.rb +3 -3
  34. data/lib/generators/shopify_app/controllers/controllers_generator.rb +4 -3
  35. data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +11 -15
  36. data/lib/generators/shopify_app/home_controller/templates/home_controller.rb +2 -2
  37. data/lib/generators/shopify_app/home_controller/templates/index.html.erb +3 -3
  38. data/lib/generators/shopify_app/install/install_generator.rb +25 -74
  39. data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +1 -1
  40. data/lib/generators/shopify_app/install/templates/session_store.rb +2 -1
  41. data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +20 -5
  42. data/lib/generators/shopify_app/products_controller/products_controller_generator.rb +3 -3
  43. data/lib/generators/shopify_app/products_controller/templates/products_controller.rb +1 -1
  44. data/lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb +4 -4
  45. data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake +1 -0
  46. data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb +1 -1
  47. data/lib/generators/shopify_app/routes/routes_generator.rb +6 -5
  48. data/lib/generators/shopify_app/routes/templates/routes.rb +5 -5
  49. data/lib/generators/shopify_app/shop_model/shop_model_generator.rb +11 -10
  50. data/lib/generators/shopify_app/shop_model/templates/shop.rb +1 -0
  51. data/lib/generators/shopify_app/shopify_app_generator.rb +4 -3
  52. data/lib/generators/shopify_app/user_model/templates/user.rb +1 -0
  53. data/lib/generators/shopify_app/user_model/user_model_generator.rb +11 -10
  54. data/lib/generators/shopify_app/views/views_generator.rb +4 -3
  55. data/lib/shopify_app/access_scopes/shop_strategy.rb +2 -2
  56. data/lib/shopify_app/access_scopes/user_strategy.rb +4 -4
  57. data/lib/shopify_app/configuration.rb +5 -17
  58. data/lib/shopify_app/controller_concerns/app_proxy_verification.rb +4 -3
  59. data/lib/shopify_app/controller_concerns/csrf_protection.rb +2 -1
  60. data/lib/shopify_app/controller_concerns/embedded_app.rb +4 -3
  61. data/lib/shopify_app/controller_concerns/itp.rb +3 -3
  62. data/lib/shopify_app/controller_concerns/localization.rb +1 -0
  63. data/lib/shopify_app/controller_concerns/login_protection.rb +55 -73
  64. data/lib/shopify_app/controller_concerns/payload_verification.rb +3 -2
  65. data/lib/shopify_app/controller_concerns/webhook_verification.rb +2 -1
  66. data/lib/shopify_app/engine.rb +7 -15
  67. data/lib/shopify_app/jobs/scripttags_manager_job.rb +2 -2
  68. data/lib/shopify_app/jobs/webhooks_manager_job.rb +4 -5
  69. data/lib/shopify_app/managers/scripttags_manager.rb +11 -4
  70. data/lib/shopify_app/managers/webhooks_manager.rb +42 -44
  71. data/lib/shopify_app/middleware/jwt_middleware.rb +5 -4
  72. data/lib/shopify_app/session/in_memory_session_store.rb +1 -0
  73. data/lib/shopify_app/session/in_memory_shop_session_store.rb +2 -1
  74. data/lib/shopify_app/session/in_memory_user_session_store.rb +1 -0
  75. data/lib/shopify_app/session/jwt.rb +9 -8
  76. data/lib/shopify_app/session/null_user_session_store.rb +2 -1
  77. data/lib/shopify_app/session/session_repository.rb +37 -0
  78. data/lib/shopify_app/session/session_storage.rb +4 -6
  79. data/lib/shopify_app/session/shop_session_storage.rb +6 -6
  80. data/lib/shopify_app/session/shop_session_storage_with_scopes.rb +7 -8
  81. data/lib/shopify_app/session/user_session_storage.rb +19 -6
  82. data/lib/shopify_app/session/user_session_storage_with_scopes.rb +21 -8
  83. data/lib/shopify_app/test_helpers/all.rb +2 -1
  84. data/lib/shopify_app/test_helpers/webhook_verification_helper.rb +4 -3
  85. data/lib/shopify_app/utils.rb +4 -10
  86. data/lib/shopify_app/version.rb +2 -1
  87. data/lib/shopify_app.rb +35 -40
  88. data/package.json +1 -1
  89. data/shopify_app.gemspec +21 -20
  90. data/yarn.lock +6 -6
  91. metadata +44 -49
  92. data/app/assets/javascripts/shopify_app/app_bridge_1.30.0.js +0 -1
  93. data/lib/generators/shopify_app/install/templates/omniauth.rb +0 -4
  94. data/lib/generators/shopify_app/install/templates/shopify_provider.rb.tt +0 -8
  95. data/lib/generators/shopify_app/install/templates/user_agent.rb +0 -6
  96. data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +0 -34
  97. data/lib/shopify_app/omniauth/omniauth_configuration.rb +0 -64
@@ -1,34 +0,0 @@
1
- # frozen_string_literal: true
2
- module ShopifyApp
3
- class SameSiteCookieMiddleware
4
- COOKIE_SEPARATOR = "\n"
5
-
6
- def initialize(app)
7
- @app = app
8
- end
9
-
10
- def call(env)
11
- status, headers, body = @app.call(env)
12
- user_agent = env['HTTP_USER_AGENT']
13
-
14
- if headers && headers['Set-Cookie'] &&
15
- BrowserSniffer.new(user_agent).same_site_none_compatible? &&
16
- ShopifyApp.configuration.enable_same_site_none &&
17
- Rack::Request.new(env).ssl?
18
-
19
- set_cookies = headers['Set-Cookie']
20
- .split(COOKIE_SEPARATOR)
21
- .compact
22
- .map do |cookie|
23
- cookie << '; Secure' unless cookie =~ /;\s*secure/i
24
- cookie << '; SameSite=None' if ShopifyApp.configuration.embedded_app?
25
- cookie
26
- end
27
-
28
- headers['Set-Cookie'] = set_cookies.join(COOKIE_SEPARATOR)
29
- end
30
-
31
- [status, headers, body]
32
- end
33
- end
34
- end
@@ -1,64 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ShopifyApp
4
- class OmniAuthConfiguration
5
- attr_reader :strategy, :request
6
- attr_writer :client_options_site, :scopes, :per_user_permissions
7
-
8
- def initialize(strategy, request)
9
- @strategy = strategy
10
- @request = request
11
- end
12
-
13
- def build_options
14
- strategy.options[:client_options][:site] = client_options_site
15
- strategy.options[:scope] = scopes
16
- strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
17
- strategy.options[:per_user_permissions] = request_online_tokens?
18
- end
19
-
20
- private
21
-
22
- def request_online_tokens?
23
- return @per_user_permissions unless @per_user_permissions.nil?
24
- default_request_online_tokens?
25
- end
26
-
27
- def scopes
28
- @scopes || default_scopes
29
- end
30
-
31
- def client_options_site
32
- @client_options_site || default_client_options_site
33
- end
34
-
35
- def default_scopes
36
- if request_online_tokens?
37
- ShopifyApp.configuration.user_access_scopes
38
- else
39
- ShopifyApp.configuration.shop_access_scopes
40
- end
41
- end
42
-
43
- def default_client_options_site
44
- return '' unless shop_domain.present?
45
- "https://#{shopify_auth_params[:shop]}"
46
- end
47
-
48
- def default_request_online_tokens?
49
- strategy.session[:user_tokens] && !update_shop_scopes?
50
- end
51
-
52
- def update_shop_scopes?
53
- ShopifyApp.configuration.shop_access_scopes_strategy.update_access_scopes?(shop_domain)
54
- end
55
-
56
- def shop_domain
57
- request.params['shop'] || (shopify_auth_params && shopify_auth_params['shop'])
58
- end
59
-
60
- def shopify_auth_params
61
- strategy.session['shopify.omniauth_params']&.with_indifferent_access
62
- end
63
- end
64
- end