shopify_app 18.1.2 → 19.0.2

data/lib/shopify_app.rb

@@ -1,11 +1,10 @@
 # frozen_string_literal: true
-require 'shopify_app/version'
+
+require "shopify_app/version"
 
 # deps
-require 'shopify_api'
-require 'omniauth/rails_csrf_protection'
-require 'omniauth-shopify-oauth2'
-require 'redirect_safely'
+require "shopify_api"
+require "redirect_safely"
 
 module ShopifyApp
   def self.rails6?
@@ -22,59 +21,55 @@ module ShopifyApp
 
   def self.use_webpacker?
     rails6? &&
-      defined?(Webpacker) == 'constant' &&
+      defined?(Webpacker) == "constant" &&
       !configuration.disable_webpacker
   end
 
   # config
-  require 'shopify_app/configuration'
+  require "shopify_app/configuration"
 
   # engine
-  require 'shopify_app/engine'
+  require "shopify_app/engine"
 
   # utils
-  require 'shopify_app/utils'
+  require "shopify_app/utils"
 
   # controller concerns
-  require 'shopify_app/controller_concerns/csrf_protection'
-  require 'shopify_app/controller_concerns/localization'
-  require 'shopify_app/controller_concerns/itp'
-  require 'shopify_app/controller_concerns/login_protection'
-  require 'shopify_app/controller_concerns/embedded_app'
-  require 'shopify_app/controller_concerns/payload_verification'
-  require 'shopify_app/controller_concerns/app_proxy_verification'
-  require 'shopify_app/controller_concerns/webhook_verification'
+  require "shopify_app/controller_concerns/csrf_protection"
+  require "shopify_app/controller_concerns/localization"
+  require "shopify_app/controller_concerns/itp"
+  require "shopify_app/controller_concerns/login_protection"
+  require "shopify_app/controller_concerns/embedded_app"
+  require "shopify_app/controller_concerns/payload_verification"
+  require "shopify_app/controller_concerns/app_proxy_verification"
+  require "shopify_app/controller_concerns/webhook_verification"
 
   # jobs
-  require 'shopify_app/jobs/webhooks_manager_job'
-  require 'shopify_app/jobs/scripttags_manager_job'
+  require "shopify_app/jobs/webhooks_manager_job"
+  require "shopify_app/jobs/scripttags_manager_job"
 
   # managers
-  require 'shopify_app/managers/webhooks_manager'
-  require 'shopify_app/managers/scripttags_manager'
+  require "shopify_app/managers/webhooks_manager"
+  require "shopify_app/managers/scripttags_manager"
 
   # middleware
-  require 'shopify_app/middleware/jwt_middleware'
-  require 'shopify_app/middleware/same_site_cookie_middleware'
+  require "shopify_app/middleware/jwt_middleware"
 
   # session
-  require 'shopify_app/session/in_memory_session_store'
-  require 'shopify_app/session/in_memory_shop_session_store'
-  require 'shopify_app/session/in_memory_user_session_store'
-  require 'shopify_app/session/jwt'
-  require 'shopify_app/session/null_user_session_store'
-  require 'shopify_app/session/session_repository'
-  require 'shopify_app/session/session_storage'
-  require 'shopify_app/session/shop_session_storage'
-  require 'shopify_app/session/shop_session_storage_with_scopes'
-  require 'shopify_app/session/user_session_storage'
-  require 'shopify_app/session/user_session_storage_with_scopes'
+  require "shopify_app/session/in_memory_session_store"
+  require "shopify_app/session/in_memory_shop_session_store"
+  require "shopify_app/session/in_memory_user_session_store"
+  require "shopify_app/session/jwt"
+  require "shopify_app/session/null_user_session_store"
+  require "shopify_app/session/session_repository"
+  require "shopify_app/session/session_storage"
+  require "shopify_app/session/shop_session_storage"
+  require "shopify_app/session/shop_session_storage_with_scopes"
+  require "shopify_app/session/user_session_storage"
+  require "shopify_app/session/user_session_storage_with_scopes"
 
   # access scopes strategies
-  require 'shopify_app/access_scopes/shop_strategy'
-  require 'shopify_app/access_scopes/user_strategy'
-  require 'shopify_app/access_scopes/noop_strategy'
-
-  # omniauth_configuration
-  require 'shopify_app/omniauth/omniauth_configuration'
+  require "shopify_app/access_scopes/shop_strategy"
+  require "shopify_app/access_scopes/user_strategy"
+  require "shopify_app/access_scopes/noop_strategy"
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "18.1.2",
+  "version": "19.0.1",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
-$LOAD_PATH.push(File.expand_path('../lib', __FILE__))
+
+$LOAD_PATH.push(File.expand_path("../lib", __FILE__))
 require "shopify_app/version"
 
 Gem::Specification.new do |s|
@@ -7,30 +8,30 @@ Gem::Specification.new do |s|
   s.version     = ShopifyApp::VERSION
   s.platform    = Gem::Platform::RUBY
   s.author      = "Shopify"
-  s.summary     = 'This gem is used to get quickly started with the Shopify API'
+  s.summary     = "This gem is used to get quickly started with the Shopify API"
 
   s.required_ruby_version = ">= 2.6"
 
-  s.metadata['allowed_push_host'] = 'https://rubygems.org'
+  s.metadata["allowed_push_host"] = "https://rubygems.org"
 
-  s.add_runtime_dependency('browser_sniffer', '~> 1.4.0')
-  s.add_runtime_dependency('omniauth-rails_csrf_protection')
-  s.add_runtime_dependency('rails', '> 5.2.1')
-  s.add_runtime_dependency('shopify_api', '~> 9.4')
-  s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.3')
-  s.add_runtime_dependency('jwt', '>= 2.2.3')
-  s.add_runtime_dependency('redirect_safely', '~> 1.0')
+  s.add_runtime_dependency("activeresource") # TODO: Remove this once all active resource dependencies are removed
+  s.add_runtime_dependency("browser_sniffer", "~> 1.4.0")
+  s.add_runtime_dependency("jwt", ">= 2.2.3")
+  s.add_runtime_dependency("rails", "> 5.2.1")
+  s.add_runtime_dependency("redirect_safely", "~> 1.0")
+  s.add_runtime_dependency("shopify_api", "~> 10.0")
+  s.add_runtime_dependency("sprockets-rails", ">= 2.0.0")
 
-  s.add_development_dependency('rake')
-  s.add_development_dependency('byebug')
-  s.add_development_dependency('pry')
-  s.add_development_dependency('pry-nav')
-  s.add_development_dependency('pry-stack_explorer')
-  s.add_development_dependency('rb-readline')
-  s.add_development_dependency('sqlite3', '~> 1.4')
-  s.add_development_dependency('minitest')
-  s.add_development_dependency('mocha')
-  s.add_development_dependency('webmock')
+  s.add_development_dependency("byebug")
+  s.add_development_dependency("minitest")
+  s.add_development_dependency("mocha")
+  s.add_development_dependency("pry")
+  s.add_development_dependency("pry-nav")
+  s.add_development_dependency("pry-stack_explorer")
+  s.add_development_dependency("rake")
+  s.add_development_dependency("rb-readline")
+  s.add_development_dependency("sqlite3", "~> 1.4")
+  s.add_development_dependency("webmock")
 
   s.files         = %x(git ls-files).split("\n").reject { |f| f.match(%r{^(test|example)/}) }
   s.test_files    = %x(git ls-files -- {test}/*).split("\n")

data/yarn.lock

@@ -2555,9 +2555,9 @@ flush-write-stream@^1.0.0:
     readable-stream "^2.3.6"
 
 follow-redirects@^1.0.0:
-  version "1.14.7"
-  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.7.tgz#2004c02eb9436eee9a21446a6477debf17e81685"
-  integrity sha512-+hbxoLbFMbRKDwohX8GkTataGqO6Jb7jGwpAlwgy2bIz25XtRm7KEzJM76R1WiNT5SwZkX4Y75SwBolkpmE7iQ==
+  version "1.14.9"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.9.tgz#dd4ea157de7bfaf9ea9b3fbd85aa16951f78d8d7"
+  integrity sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==
 
 for-in@^1.0.2:
   version "1.0.2"
@@ -3515,9 +3515,9 @@ minimatch@3.0.4, minimatch@^3.0.4:
     brace-expansion "^1.1.7"
 
 minimist@^1.2.0, minimist@^1.2.3, minimist@^1.2.5:
-  version "1.2.5"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
-  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
+  version "1.2.6"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
+  integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
 
 mississippi@^3.0.0:
   version "3.0.0"
@@ -3892,9 +3892,9 @@ path-to-regexp@^1.7.0:
     isarray "0.0.1"
 
 pathval@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.0.tgz#b942e6d4bde653005ef6b71361def8727d0645e0"
-  integrity sha1-uULm1L3mUwBe9rcTYd74cn0GReA=
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.1.tgz#8534e77a77ce7ac5a2512ea21e0fdb8fcf6c3d8d"
+  integrity sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==
 
 pbkdf2@^3.0.3:
   version "3.1.1"

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 18.1.2
+  version: 19.0.2
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-03 00:00:00.000000000 Z
+date: 2022-04-27 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: activeresource
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
   requirement: !ruby/object:Gem::Requirement
@@ -25,19 +39,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 1.4.0
 - !ruby/object:Gem::Dependency
-  name: omniauth-rails_csrf_protection
+  name: jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.2.3
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -53,63 +67,63 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 5.2.1
 - !ruby/object:Gem::Dependency
-  name: shopify_api
+  name: redirect_safely
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '9.4'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '9.4'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
-  name: omniauth-shopify-oauth2
+  name: shopify_api
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '10.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.3'
+        version: '10.0'
 - !ruby/object:Gem::Dependency
-  name: jwt
+  name: sprockets-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.3
+        version: 2.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.2.3
+        version: 2.0.0
 - !ruby/object:Gem::Dependency
-  name: redirect_safely
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :runtime
+        version: '0'
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -123,7 +137,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -179,7 +193,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rb-readline
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -193,21 +207,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.4'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.4'
-- !ruby/object:Gem::Dependency
-  name: minitest
+  name: rb-readline
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -221,19 +221,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: mocha
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: webmock
   requirement: !ruby/object:Gem::Requirement
@@ -367,14 +367,11 @@ files:
 - lib/generators/shopify_app/install/templates/_flash_messages.html.erb
 - lib/generators/shopify_app/install/templates/embedded_app.html.erb
 - lib/generators/shopify_app/install/templates/flash_messages.js
-- lib/generators/shopify_app/install/templates/omniauth.rb
 - lib/generators/shopify_app/install/templates/session_store.rb
 - lib/generators/shopify_app/install/templates/shopify_app.js
 - lib/generators/shopify_app/install/templates/shopify_app.rb.tt
 - lib/generators/shopify_app/install/templates/shopify_app_importmap.js
 - lib/generators/shopify_app/install/templates/shopify_app_index.js
-- lib/generators/shopify_app/install/templates/shopify_provider.rb.tt
-- lib/generators/shopify_app/install/templates/user_agent.rb
 - lib/generators/shopify_app/products_controller/products_controller_generator.rb
 - lib/generators/shopify_app/products_controller/templates/products_controller.rb
 - lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb
@@ -413,8 +410,6 @@ files:
 - lib/shopify_app/managers/scripttags_manager.rb
 - lib/shopify_app/managers/webhooks_manager.rb
 - lib/shopify_app/middleware/jwt_middleware.rb
-- lib/shopify_app/middleware/same_site_cookie_middleware.rb
-- lib/shopify_app/omniauth/omniauth_configuration.rb
 - lib/shopify_app/session/in_memory_session_store.rb
 - lib/shopify_app/session/in_memory_shop_session_store.rb
 - lib/shopify_app/session/in_memory_user_session_store.rb

data/lib/generators/shopify_app/install/templates/omniauth.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-Rails.application.config.middleware.use(OmniAuth::Builder) do
-end

data/lib/generators/shopify_app/install/templates/shopify_provider.rb.tt

@@ -1,8 +0,0 @@
-  provider :shopify,
-      ShopifyApp.configuration.api_key,
-      ShopifyApp.configuration.secret,
-      scope: ShopifyApp.configuration.scope,
-      setup: lambda { |env|
-        configuration = ShopifyApp::OmniAuthConfiguration.new(env['omniauth.strategy'], Rack::Request.new(env))
-        configuration.build_options
-      }

data/lib/generators/shopify_app/install/templates/user_agent.rb

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-module ShopifyAPI
-  class Base < ActiveResource::Base
-    headers['User-Agent'] << " | ShopifyApp/#{ShopifyApp::VERSION}"
-  end
-end

data/lib/shopify_app/middleware/same_site_cookie_middleware.rb

@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-module ShopifyApp
-  class SameSiteCookieMiddleware
-    COOKIE_SEPARATOR = "\n"
-
-    def initialize(app)
-      @app = app
-    end
-
-    def call(env)
-      status, headers, body = @app.call(env)
-      user_agent = env['HTTP_USER_AGENT']
-
-      if headers && headers['Set-Cookie'] &&
-          BrowserSniffer.new(user_agent).same_site_none_compatible? &&
-          ShopifyApp.configuration.enable_same_site_none &&
-          Rack::Request.new(env).ssl?
-
-        set_cookies = headers['Set-Cookie']
-          .split(COOKIE_SEPARATOR)
-          .compact
-          .map do |cookie|
-            cookie << '; Secure' unless cookie =~ /;\s*secure/i
-            cookie << '; SameSite=None' if ShopifyApp.configuration.embedded_app?
-            cookie
-          end
-
-        headers['Set-Cookie'] = set_cookies.join(COOKIE_SEPARATOR)
-      end
-
-      [status, headers, body]
-    end
-  end
-end

data/lib/shopify_app/omniauth/omniauth_configuration.rb

@@ -1,64 +0,0 @@
-# frozen_string_literal: true
-
-module ShopifyApp
-  class OmniAuthConfiguration
-    attr_reader :strategy, :request
-    attr_writer :client_options_site, :scopes, :per_user_permissions
-
-    def initialize(strategy, request)
-      @strategy = strategy
-      @request = request
-    end
-
-    def build_options
-      strategy.options[:client_options][:site] = client_options_site
-      strategy.options[:scope] = scopes
-      strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
-      strategy.options[:per_user_permissions] = request_online_tokens?
-    end
-
-    private
-
-    def request_online_tokens?
-      return @per_user_permissions unless @per_user_permissions.nil?
-      default_request_online_tokens?
-    end
-
-    def scopes
-      @scopes || default_scopes
-    end
-
-    def client_options_site
-      @client_options_site || default_client_options_site
-    end
-
-    def default_scopes
-      if request_online_tokens?
-        ShopifyApp.configuration.user_access_scopes
-      else
-        ShopifyApp.configuration.shop_access_scopes
-      end
-    end
-
-    def default_client_options_site
-      return '' unless shop_domain.present?
-      "https://#{shopify_auth_params[:shop]}"
-    end
-
-    def default_request_online_tokens?
-      strategy.session[:user_tokens] && !update_shop_scopes?
-    end
-
-    def update_shop_scopes?
-      ShopifyApp.configuration.shop_access_scopes_strategy.update_access_scopes?(shop_domain)
-    end
-
-    def shop_domain
-      request.params['shop'] || (shopify_auth_params && shopify_auth_params['shop'])
-    end
-
-    def shopify_auth_params
-      strategy.session['shopify.omniauth_params']&.with_indifferent_access
-    end
-  end
-end