shopify_app 18.1.3 → 19.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (88) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build.yml +2 -2
  3. data/.gitignore +1 -0
  4. data/CHANGELOG.md +3 -2
  5. data/Gemfile +3 -2
  6. data/Gemfile.lock +122 -136
  7. data/Rakefile +4 -3
  8. data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +1 -1
  9. data/app/controllers/shopify_app/authenticated_controller.rb +1 -0
  10. data/app/controllers/shopify_app/callback_controller.rb +35 -147
  11. data/app/controllers/shopify_app/sessions_controller.rb +25 -137
  12. data/app/controllers/shopify_app/webhooks_controller.rb +5 -23
  13. data/config/routes.rb +6 -12
  14. data/docs/Troubleshooting.md +0 -3
  15. data/docs/Upgrading.md +85 -2
  16. data/docs/shopify_app/webhooks.md +1 -1
  17. data/lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb +10 -9
  18. data/lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb +1 -0
  19. data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +4 -3
  20. data/lib/generators/shopify_app/add_webhook/add_webhook_generator.rb +13 -12
  21. data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt +9 -1
  22. data/lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb +7 -6
  23. data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_controller.rb +2 -1
  24. data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_route.rb +1 -1
  25. data/lib/generators/shopify_app/authenticated_controller/authenticated_controller_generator.rb +3 -3
  26. data/lib/generators/shopify_app/controllers/controllers_generator.rb +4 -3
  27. data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +11 -15
  28. data/lib/generators/shopify_app/home_controller/templates/home_controller.rb +2 -2
  29. data/lib/generators/shopify_app/home_controller/templates/index.html.erb +3 -3
  30. data/lib/generators/shopify_app/install/install_generator.rb +25 -74
  31. data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +1 -1
  32. data/lib/generators/shopify_app/install/templates/session_store.rb +2 -1
  33. data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +20 -5
  34. data/lib/generators/shopify_app/products_controller/products_controller_generator.rb +3 -3
  35. data/lib/generators/shopify_app/products_controller/templates/products_controller.rb +1 -1
  36. data/lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb +4 -4
  37. data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake +1 -0
  38. data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb +1 -1
  39. data/lib/generators/shopify_app/routes/routes_generator.rb +6 -5
  40. data/lib/generators/shopify_app/routes/templates/routes.rb +5 -5
  41. data/lib/generators/shopify_app/shop_model/shop_model_generator.rb +11 -10
  42. data/lib/generators/shopify_app/shop_model/templates/shop.rb +1 -0
  43. data/lib/generators/shopify_app/shopify_app_generator.rb +4 -3
  44. data/lib/generators/shopify_app/user_model/templates/user.rb +1 -0
  45. data/lib/generators/shopify_app/user_model/user_model_generator.rb +11 -10
  46. data/lib/generators/shopify_app/views/views_generator.rb +4 -3
  47. data/lib/shopify_app/access_scopes/shop_strategy.rb +2 -2
  48. data/lib/shopify_app/access_scopes/user_strategy.rb +4 -4
  49. data/lib/shopify_app/configuration.rb +5 -17
  50. data/lib/shopify_app/controller_concerns/app_proxy_verification.rb +4 -3
  51. data/lib/shopify_app/controller_concerns/csrf_protection.rb +2 -1
  52. data/lib/shopify_app/controller_concerns/embedded_app.rb +4 -3
  53. data/lib/shopify_app/controller_concerns/itp.rb +3 -3
  54. data/lib/shopify_app/controller_concerns/localization.rb +1 -0
  55. data/lib/shopify_app/controller_concerns/login_protection.rb +50 -70
  56. data/lib/shopify_app/controller_concerns/payload_verification.rb +3 -2
  57. data/lib/shopify_app/controller_concerns/webhook_verification.rb +2 -1
  58. data/lib/shopify_app/engine.rb +7 -15
  59. data/lib/shopify_app/jobs/scripttags_manager_job.rb +2 -2
  60. data/lib/shopify_app/jobs/webhooks_manager_job.rb +4 -5
  61. data/lib/shopify_app/managers/scripttags_manager.rb +11 -4
  62. data/lib/shopify_app/managers/webhooks_manager.rb +42 -44
  63. data/lib/shopify_app/middleware/jwt_middleware.rb +5 -4
  64. data/lib/shopify_app/session/in_memory_session_store.rb +1 -0
  65. data/lib/shopify_app/session/in_memory_shop_session_store.rb +2 -1
  66. data/lib/shopify_app/session/in_memory_user_session_store.rb +1 -0
  67. data/lib/shopify_app/session/jwt.rb +9 -8
  68. data/lib/shopify_app/session/null_user_session_store.rb +2 -1
  69. data/lib/shopify_app/session/session_repository.rb +37 -0
  70. data/lib/shopify_app/session/session_storage.rb +4 -6
  71. data/lib/shopify_app/session/shop_session_storage.rb +6 -6
  72. data/lib/shopify_app/session/shop_session_storage_with_scopes.rb +7 -8
  73. data/lib/shopify_app/session/user_session_storage.rb +19 -6
  74. data/lib/shopify_app/session/user_session_storage_with_scopes.rb +21 -8
  75. data/lib/shopify_app/test_helpers/all.rb +2 -1
  76. data/lib/shopify_app/test_helpers/webhook_verification_helper.rb +4 -3
  77. data/lib/shopify_app/utils.rb +2 -9
  78. data/lib/shopify_app/version.rb +2 -1
  79. data/lib/shopify_app.rb +35 -40
  80. data/package.json +1 -1
  81. data/shopify_app.gemspec +21 -20
  82. data/yarn.lock +6 -6
  83. metadata +45 -50
  84. data/lib/generators/shopify_app/install/templates/omniauth.rb +0 -4
  85. data/lib/generators/shopify_app/install/templates/shopify_provider.rb.tt +0 -8
  86. data/lib/generators/shopify_app/install/templates/user_agent.rb +0 -6
  87. data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +0 -34
  88. data/lib/shopify_app/omniauth/omniauth_configuration.rb +0 -64
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 72f82b74b58afbd537a042ee0b4f662dfe0ff4ba3a3e50961ca5548d0faf949c
4
- data.tar.gz: 57fc402338880daae022582fd94e3c7f7d504d7d63e93c62f708728f48c95baa
3
+ metadata.gz: 68bc78da7e88e7482f179b4d8ce4cf6734f3595631007e047c59a3a31cfcc7f3
4
+ data.tar.gz: 84e0a185dfc9e34e80749db04c1b1a218fb0aed3499379e532c9a5903da3706a
5
5
  SHA512:
6
- metadata.gz: 4787465beea494d6711b9086a25d2dd73584b4be292b12e559b4f3b5bee74c13a8da215a341b28556a2749ab36537fe7855b1d6de766170a90f06d6dc02326bf
7
- data.tar.gz: a97ea3bead071112b72eeeb49590f936c6cc39939acfa05e83fb425005422fba56c3dbb9ea5de404772c1daedc458b0f7d67dd1e116b2161110914465ed20e93
6
+ metadata.gz: fe5829d4783dcee78ae5141f51b1e177f65fcae58407101b25af7a83b467c9d3586e58a58785d7fb1730e8c7be34861c6f2cfc62e1e36c4527486e529da74910
7
+ data.tar.gz: e125dd848ea4faf473ea39d38dd186114dad9bf7ce1ebe4083bbf121fec18ba165936e28f7be0ee485b92426ed4f0cb76743a7cb014de5edbfdc85a4d8511489
@@ -2,9 +2,9 @@ name: CI
2
2
 
3
3
  on:
4
4
  push:
5
- branches: [ master, v18 ]
5
+ branches: [ main ]
6
6
  pull_request:
7
- branches: [ master, v18 ]
7
+ branches: [ main ]
8
8
 
9
9
  jobs:
10
10
  build:
data/.gitignore CHANGED
@@ -7,6 +7,7 @@ doc/
7
7
  *.log
8
8
  *.sqlite3
9
9
  test/tmp/*
10
+ test/.generated/*
10
11
  .idea
11
12
  # ignore sprockets cache
12
13
  /test/dummy/tmp/*
data/CHANGELOG.md CHANGED
@@ -1,6 +1,7 @@
1
- 18.1.3 (Jun 2, 2022)
1
+ 19.0.0 (April 6, 2022)
2
2
  ----------
3
- * Update browser_sniffer to 2.0.0
3
+ * Use v10 of the Shopify API (https://github.com/Shopify/shopify_api). This update requires changes to an app - please refer to the [migration guide](https://github.com/Shopify/shopify_app/blob/main/docs/Upgrading.md) for details.
4
+ BREAKING, please see migration notes.
4
5
 
5
6
  18.1.2 (Mar 3, 2022)
6
7
  ----------
data/Gemfile CHANGED
@@ -1,11 +1,12 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  source "https://rubygems.org"
3
4
 
4
5
  # Specify your gem's dependencies in shopify_app.gemspec
5
6
  gemspec
6
7
 
7
- gem 'rails-controller-testing', group: :test
8
+ gem "rails-controller-testing", group: :test
8
9
 
9
10
  group :rubocop do
10
- gem 'rubocop-shopify', require: false
11
+ gem "rubocop-shopify", require: false
11
12
  end
data/Gemfile.lock CHANGED
@@ -1,80 +1,80 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- shopify_app (18.1.3)
5
- browser_sniffer (~> 2.0)
4
+ shopify_app (19.0.0)
5
+ activeresource
6
+ browser_sniffer (~> 1.4.0)
6
7
  jwt (>= 2.2.3)
7
- omniauth-rails_csrf_protection
8
- omniauth-shopify-oauth2 (~> 2.3)
9
8
  rails (> 5.2.1)
10
9
  redirect_safely (~> 1.0)
11
- shopify_api (~> 9.4)
10
+ shopify_api (~> 10.0)
11
+ sprockets-rails (>= 2.0.0)
12
12
 
13
13
  GEM
14
14
  remote: https://rubygems.org/
15
15
  specs:
16
- actioncable (6.1.4.4)
17
- actionpack (= 6.1.4.4)
18
- activesupport (= 6.1.4.4)
16
+ actioncable (6.1.5)
17
+ actionpack (= 6.1.5)
18
+ activesupport (= 6.1.5)
19
19
  nio4r (~> 2.0)
20
20
  websocket-driver (>= 0.6.1)
21
- actionmailbox (6.1.4.4)
22
- actionpack (= 6.1.4.4)
23
- activejob (= 6.1.4.4)
24
- activerecord (= 6.1.4.4)
25
- activestorage (= 6.1.4.4)
26
- activesupport (= 6.1.4.4)
21
+ actionmailbox (6.1.5)
22
+ actionpack (= 6.1.5)
23
+ activejob (= 6.1.5)
24
+ activerecord (= 6.1.5)
25
+ activestorage (= 6.1.5)
26
+ activesupport (= 6.1.5)
27
27
  mail (>= 2.7.1)
28
- actionmailer (6.1.4.4)
29
- actionpack (= 6.1.4.4)
30
- actionview (= 6.1.4.4)
31
- activejob (= 6.1.4.4)
32
- activesupport (= 6.1.4.4)
28
+ actionmailer (6.1.5)
29
+ actionpack (= 6.1.5)
30
+ actionview (= 6.1.5)
31
+ activejob (= 6.1.5)
32
+ activesupport (= 6.1.5)
33
33
  mail (~> 2.5, >= 2.5.4)
34
34
  rails-dom-testing (~> 2.0)
35
- actionpack (6.1.4.4)
36
- actionview (= 6.1.4.4)
37
- activesupport (= 6.1.4.4)
35
+ actionpack (6.1.5)
36
+ actionview (= 6.1.5)
37
+ activesupport (= 6.1.5)
38
38
  rack (~> 2.0, >= 2.0.9)
39
39
  rack-test (>= 0.6.3)
40
40
  rails-dom-testing (~> 2.0)
41
41
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
42
- actiontext (6.1.4.4)
43
- actionpack (= 6.1.4.4)
44
- activerecord (= 6.1.4.4)
45
- activestorage (= 6.1.4.4)
46
- activesupport (= 6.1.4.4)
42
+ actiontext (6.1.5)
43
+ actionpack (= 6.1.5)
44
+ activerecord (= 6.1.5)
45
+ activestorage (= 6.1.5)
46
+ activesupport (= 6.1.5)
47
47
  nokogiri (>= 1.8.5)
48
- actionview (6.1.4.4)
49
- activesupport (= 6.1.4.4)
48
+ actionview (6.1.5)
49
+ activesupport (= 6.1.5)
50
50
  builder (~> 3.1)
51
51
  erubi (~> 1.4)
52
52
  rails-dom-testing (~> 2.0)
53
53
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
54
- activejob (6.1.4.4)
55
- activesupport (= 6.1.4.4)
54
+ activejob (6.1.5)
55
+ activesupport (= 6.1.5)
56
56
  globalid (>= 0.3.6)
57
- activemodel (6.1.4.4)
58
- activesupport (= 6.1.4.4)
57
+ activemodel (6.1.5)
58
+ activesupport (= 6.1.5)
59
59
  activemodel-serializers-xml (1.0.2)
60
60
  activemodel (> 5.x)
61
61
  activesupport (> 5.x)
62
62
  builder (~> 3.1)
63
- activerecord (6.1.4.4)
64
- activemodel (= 6.1.4.4)
65
- activesupport (= 6.1.4.4)
63
+ activerecord (6.1.5)
64
+ activemodel (= 6.1.5)
65
+ activesupport (= 6.1.5)
66
66
  activeresource (6.0.0)
67
67
  activemodel (>= 6.0)
68
68
  activemodel-serializers-xml (~> 1.0)
69
69
  activesupport (>= 6.0)
70
- activestorage (6.1.4.4)
71
- actionpack (= 6.1.4.4)
72
- activejob (= 6.1.4.4)
73
- activerecord (= 6.1.4.4)
74
- activesupport (= 6.1.4.4)
75
- marcel (~> 1.0.0)
70
+ activestorage (6.1.5)
71
+ actionpack (= 6.1.5)
72
+ activejob (= 6.1.5)
73
+ activerecord (= 6.1.5)
74
+ activesupport (= 6.1.5)
75
+ marcel (~> 1.0)
76
76
  mini_mime (>= 1.1.0)
77
- activesupport (6.1.4.4)
77
+ activesupport (6.1.5)
78
78
  concurrent-ruby (~> 1.0, >= 1.0.2)
79
79
  i18n (>= 1.6, < 2)
80
80
  minitest (>= 5.1)
@@ -82,101 +82,80 @@ GEM
82
82
  zeitwerk (~> 2.3)
83
83
  addressable (2.8.0)
84
84
  public_suffix (>= 2.0.2, < 5.0)
85
- ast (2.4.1)
86
- binding_of_caller (0.8.0)
85
+ ast (2.4.2)
86
+ binding_of_caller (1.0.0)
87
87
  debug_inspector (>= 0.0.1)
88
- browser_sniffer (2.0.0)
88
+ browser_sniffer (1.4.0)
89
89
  builder (3.2.4)
90
90
  byebug (11.1.3)
91
91
  coderay (1.1.3)
92
- concurrent-ruby (1.1.9)
93
- crack (0.4.4)
92
+ concurrent-ruby (1.1.10)
93
+ crack (0.4.5)
94
+ rexml
94
95
  crass (1.0.6)
95
- debug_inspector (0.0.3)
96
+ debug_inspector (1.1.0)
96
97
  erubi (1.10.0)
97
- faraday (2.3.0)
98
- faraday-net_http (~> 2.0)
99
- ruby2_keywords (>= 0.0.4)
100
- faraday-net_http (2.0.3)
101
98
  globalid (1.0.0)
102
99
  activesupport (>= 5.0)
103
- graphql (2.0.9)
104
- graphql-client (0.18.0)
105
- activesupport (>= 3.0)
106
- graphql
100
+ hash_diff (1.0.0)
107
101
  hashdiff (1.0.1)
108
- hashie (5.0.0)
109
- i18n (1.9.1)
102
+ httparty (0.20.0)
103
+ mime-types (~> 3.0)
104
+ multi_xml (>= 0.5.2)
105
+ i18n (1.10.0)
110
106
  concurrent-ruby (~> 1.0)
111
107
  jwt (2.3.0)
112
- loofah (2.13.0)
108
+ loofah (2.15.0)
113
109
  crass (~> 1.0.2)
114
110
  nokogiri (>= 1.5.9)
115
111
  mail (2.7.1)
116
112
  mini_mime (>= 0.1.1)
117
113
  marcel (1.0.2)
118
- method_source (0.9.2)
114
+ method_source (1.0.0)
115
+ mime-types (3.4.1)
116
+ mime-types-data (~> 3.2015)
117
+ mime-types-data (3.2022.0105)
119
118
  mini_mime (1.1.2)
120
- mini_portile2 (2.6.1)
121
- minitest (5.14.4)
122
- mocha (1.11.2)
123
- multi_json (1.15.0)
119
+ mini_portile2 (2.8.0)
120
+ minitest (5.15.0)
121
+ mocha (1.13.0)
124
122
  multi_xml (0.6.0)
125
123
  nio4r (2.5.8)
126
- nokogiri (1.12.5)
127
- mini_portile2 (~> 2.6.1)
124
+ nokogiri (1.13.3)
125
+ mini_portile2 (~> 2.8.0)
128
126
  racc (~> 1.4)
129
- oauth2 (1.4.9)
130
- faraday (>= 0.17.3, < 3.0)
131
- jwt (>= 1.0, < 3.0)
132
- multi_json (~> 1.3)
133
- multi_xml (~> 0.5)
134
- rack (>= 1.2, < 3)
135
- omniauth (2.1.0)
136
- hashie (>= 3.4.6)
137
- rack (>= 2.2.3)
138
- rack-protection
139
- omniauth-oauth2 (1.7.2)
140
- oauth2 (~> 1.4)
141
- omniauth (>= 1.9, < 3)
142
- omniauth-rails_csrf_protection (1.0.1)
143
- actionpack (>= 4.2)
144
- omniauth (~> 2.0)
145
- omniauth-shopify-oauth2 (2.3.2)
146
- activesupport
147
- omniauth-oauth2 (~> 1.5)
148
- parallel (1.20.1)
149
- parser (2.7.2.0)
127
+ oj (3.13.11)
128
+ openssl (3.0.0)
129
+ parallel (1.21.0)
130
+ parser (3.1.0.0)
150
131
  ast (~> 2.4.1)
151
- pry (0.12.2)
152
- coderay (~> 1.1.0)
153
- method_source (~> 0.9.0)
154
- pry-nav (0.3.0)
155
- pry (>= 0.9.10, < 0.13.0)
156
- pry-stack_explorer (0.4.9.3)
157
- binding_of_caller (>= 0.7)
158
- pry (>= 0.9.11)
132
+ pry (0.14.1)
133
+ coderay (~> 1.1)
134
+ method_source (~> 1.0)
135
+ pry-nav (1.0.0)
136
+ pry (>= 0.9.10, < 0.15)
137
+ pry-stack_explorer (0.6.1)
138
+ binding_of_caller (~> 1.0)
139
+ pry (~> 0.13)
159
140
  public_suffix (4.0.6)
160
141
  racc (1.6.0)
161
142
  rack (2.2.3)
162
- rack-protection (2.2.0)
163
- rack
164
143
  rack-test (1.1.0)
165
144
  rack (>= 1.0, < 3)
166
- rails (6.1.4.4)
167
- actioncable (= 6.1.4.4)
168
- actionmailbox (= 6.1.4.4)
169
- actionmailer (= 6.1.4.4)
170
- actionpack (= 6.1.4.4)
171
- actiontext (= 6.1.4.4)
172
- actionview (= 6.1.4.4)
173
- activejob (= 6.1.4.4)
174
- activemodel (= 6.1.4.4)
175
- activerecord (= 6.1.4.4)
176
- activestorage (= 6.1.4.4)
177
- activesupport (= 6.1.4.4)
145
+ rails (6.1.5)
146
+ actioncable (= 6.1.5)
147
+ actionmailbox (= 6.1.5)
148
+ actionmailer (= 6.1.5)
149
+ actionpack (= 6.1.5)
150
+ actiontext (= 6.1.5)
151
+ actionview (= 6.1.5)
152
+ activejob (= 6.1.5)
153
+ activemodel (= 6.1.5)
154
+ activerecord (= 6.1.5)
155
+ activestorage (= 6.1.5)
156
+ activesupport (= 6.1.5)
178
157
  bundler (>= 1.15.0)
179
- railties (= 6.1.4.4)
158
+ railties (= 6.1.5)
180
159
  sprockets-rails (>= 2.0.0)
181
160
  rails-controller-testing (1.0.5)
182
161
  actionpack (>= 5.0.1.rc1)
@@ -187,38 +166,45 @@ GEM
187
166
  nokogiri (>= 1.6)
188
167
  rails-html-sanitizer (1.4.2)
189
168
  loofah (~> 2.3)
190
- railties (6.1.4.4)
191
- actionpack (= 6.1.4.4)
192
- activesupport (= 6.1.4.4)
169
+ railties (6.1.5)
170
+ actionpack (= 6.1.5)
171
+ activesupport (= 6.1.5)
193
172
  method_source
194
- rake (>= 0.13)
173
+ rake (>= 12.2)
195
174
  thor (~> 1.0)
196
- rainbow (3.0.0)
197
- rake (13.0.3)
175
+ rainbow (3.1.1)
176
+ rake (13.0.6)
198
177
  rb-readline (0.5.5)
199
178
  redirect_safely (1.0.0)
200
179
  activemodel
201
- regexp_parser (2.0.0)
180
+ regexp_parser (2.2.0)
202
181
  rexml (3.2.5)
203
- rubocop (1.5.2)
182
+ rubocop (1.25.1)
204
183
  parallel (~> 1.10)
205
- parser (>= 2.7.1.5)
184
+ parser (>= 3.1.0.0)
206
185
  rainbow (>= 2.2.2, < 4.0)
207
186
  regexp_parser (>= 1.8, < 3.0)
208
187
  rexml
209
- rubocop-ast (>= 1.2.0, < 2.0)
188
+ rubocop-ast (>= 1.15.1, < 2.0)
210
189
  ruby-progressbar (~> 1.7)
211
- unicode-display_width (>= 1.4.0, < 2.0)
212
- rubocop-ast (1.3.0)
213
- parser (>= 2.7.1.5)
214
- rubocop-shopify (1.0.7)
215
- rubocop (~> 1.4)
216
- ruby-progressbar (1.10.1)
217
- ruby2_keywords (0.0.5)
218
- shopify_api (9.5.1)
219
- activeresource (>= 4.1.0)
220
- graphql-client
221
- rack
190
+ unicode-display_width (>= 1.4.0, < 3.0)
191
+ rubocop-ast (1.15.1)
192
+ parser (>= 3.0.1.1)
193
+ rubocop-shopify (2.4.0)
194
+ rubocop (~> 1.24)
195
+ ruby-progressbar (1.11.0)
196
+ securerandom (0.2.0)
197
+ shopify_api (10.0.0)
198
+ concurrent-ruby
199
+ hash_diff
200
+ httparty
201
+ jwt
202
+ oj
203
+ openssl
204
+ securerandom
205
+ sorbet-runtime
206
+ zeitwerk (~> 2.5)
207
+ sorbet-runtime (0.5.9854)
222
208
  sprockets (4.0.3)
223
209
  concurrent-ruby (~> 1.0)
224
210
  rack (> 1, < 3)
@@ -230,9 +216,9 @@ GEM
230
216
  thor (1.2.1)
231
217
  tzinfo (2.0.4)
232
218
  concurrent-ruby (~> 1.0)
233
- unicode-display_width (1.7.0)
234
- webmock (3.9.1)
235
- addressable (>= 2.3.6)
219
+ unicode-display_width (2.1.0)
220
+ webmock (3.14.0)
221
+ addressable (>= 2.8.0)
236
222
  crack (>= 0.3.2)
237
223
  hashdiff (>= 0.4.0, < 2.0.0)
238
224
  websocket-driver (0.7.5)
@@ -259,4 +245,4 @@ DEPENDENCIES
259
245
  webmock
260
246
 
261
247
  BUNDLED WITH
262
- 2.3.7
248
+ 2.3.5
data/Rakefile CHANGED
@@ -1,7 +1,8 @@
1
1
  # frozen_string_literal: true
2
- require 'bundler/gem_tasks'
3
- require 'rake/testtask'
4
2
 
5
- require File.expand_path('../test/dummy/config/application', __FILE__)
3
+ require "bundler/gem_tasks"
4
+ require "rake/testtask"
5
+
6
+ require File.expand_path("../test/dummy/config/application", __FILE__)
6
7
 
7
8
  Rails.application.load_tasks
@@ -28,7 +28,7 @@ module ShopifyApp
28
28
  redirect_to(splash_page)
29
29
  rescue ShopifyApp::LoginProtection::ShopifyDomainNotFound => error
30
30
  Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
31
- "Could not determine current shop domain")
31
+ "Could not determine current shop domain")
32
32
  redirect_to(ShopifyApp.configuration.login_url)
33
33
  end
34
34
 
@@ -1,4 +1,5 @@
1
1
  # frozen_string_literal: true
2
+
2
3
  module ShopifyApp
3
4
  class AuthenticatedController < ActionController::Base
4
5
  include ShopifyApp::Authenticated
@@ -6,15 +6,28 @@ module ShopifyApp
6
6
  include ShopifyApp::LoginProtection
7
7
 
8
8
  def callback
9
- return respond_with_error if invalid_request?
10
-
11
- store_access_token_and_build_session
12
-
13
- if start_user_token_flow?
14
- return respond_with_user_token_flow
9
+ begin
10
+ filtered_params = request.parameters.symbolize_keys.slice(:code, :shop, :timestamp, :state, :host, :hmac)
11
+
12
+ auth_result = ShopifyAPI::Auth::Oauth.validate_auth_callback(
13
+ cookies: {
14
+ ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME =>
15
+ cookies.encrypted[ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME],
16
+ },
17
+ auth_query: ShopifyAPI::Auth::Oauth::AuthQuery.new(**filtered_params)
18
+ )
19
+ rescue
20
+ return respond_with_error
15
21
  end
16
22
 
17
- perform_post_authenticate_jobs
23
+ cookies.encrypted[auth_result[:cookie].name] = {
24
+ expires: auth_result[:cookie].expires,
25
+ secure: true,
26
+ http_only: true,
27
+ value: auth_result[:cookie].value,
28
+ }
29
+
30
+ perform_post_authenticate_jobs(auth_result[:session])
18
31
 
19
32
  respond_successfully
20
33
  end
@@ -22,162 +35,37 @@ module ShopifyApp
22
35
  private
23
36
 
24
37
  def respond_successfully
25
- if jwt_request?
26
- head(:ok)
27
- else
28
- redirect_to(return_address)
29
- end
30
- end
31
-
32
- def respond_with_user_token_flow
33
- redirect_to(login_url_with_optional_shop)
34
- end
35
-
36
- def store_access_token_and_build_session
37
- if native_browser_request?
38
- reset_session_options
39
- end
40
- set_shopify_session
41
- end
42
-
43
- def invalid_request?
44
- return true unless auth_hash
45
-
46
- jwt_request? && !valid_jwt_auth?
47
- end
48
-
49
- def native_browser_request?
50
- !jwt_request?
51
- end
52
-
53
- def perform_post_authenticate_jobs
54
- install_webhooks
55
- install_scripttags
56
- perform_after_authenticate_job
38
+ redirect_to(return_address)
57
39
  end
58
40
 
59
41
  def respond_with_error
60
- if jwt_request?
61
- head(:unauthorized)
62
- else
63
- flash[:error] = I18n.t('could_not_log_in')
64
- redirect_to(login_url_with_optional_shop)
65
- end
66
- end
67
-
68
- # Override user_session_by_cookie from LoginProtection to bypass allow_cookie_authentication
69
- # setting check because session cookies are justified at top level
70
- def user_session_by_cookie
71
- return unless session[:user_id].present?
72
- ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
73
- end
74
-
75
- def start_user_token_flow?
76
- if jwt_request?
77
- false
78
- else
79
- return false unless ShopifyApp::SessionRepository.user_storage.present?
80
- update_user_access_scopes?
81
- end
82
- end
83
-
84
- def update_user_access_scopes?
85
- return true if user_session.blank?
86
- user_access_scopes_strategy.update_access_scopes?(user_id: session[:user_id])
87
- end
88
-
89
- def user_access_scopes_strategy
90
- ShopifyApp.configuration.user_access_scopes_strategy
91
- end
92
-
93
- def jwt_request?
94
- jwt_shopify_domain || jwt_shopify_user_id
95
- end
96
-
97
- def valid_jwt_auth?
98
- auth_hash && jwt_shopify_domain == shop_name && jwt_shopify_user_id == associated_user_id
99
- end
100
-
101
- def auth_hash
102
- request.env['omniauth.auth']
103
- end
104
-
105
- def shop_name
106
- auth_hash.uid
107
- end
108
-
109
- def offline_access_token
110
- ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(shop_name)&.token
111
- end
112
-
113
- def online_access_token
114
- ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(associated_user_id)&.token
115
- end
116
-
117
- def associated_user
118
- return unless auth_hash.dig('extra', 'associated_user').present?
119
-
120
- auth_hash['extra']['associated_user'].merge('scope' => auth_hash['extra']['associated_user_scope'])
121
- end
122
-
123
- def associated_user_id
124
- associated_user && associated_user['id']
125
- end
126
-
127
- def token
128
- auth_hash['credentials']['token']
129
- end
130
-
131
- def access_scopes
132
- auth_hash.dig('extra', 'scope')
133
- end
134
-
135
- def reset_session_options
136
- request.session_options[:renew] = true
137
- session.delete(:_csrf_token)
42
+ flash[:error] = I18n.t("could_not_log_in")
43
+ redirect_to(login_url_with_optional_shop)
138
44
  end
139
45
 
140
- def set_shopify_session
141
- session_store = ShopifyAPI::Session.new(
142
- domain: shop_name,
143
- token: token,
144
- api_version: ShopifyApp.configuration.api_version,
145
- access_scopes: access_scopes
146
- )
147
-
148
- session[:shopify_user] = associated_user
149
- if session[:shopify_user].present?
150
- session[:shop_id] = nil if shop_session && shop_session.domain != shop_name
151
- session[:user_id] = ShopifyApp::SessionRepository.store_user_session(session_store, associated_user)
152
- else
153
- session[:shop_id] = ShopifyApp::SessionRepository.store_shop_session(session_store)
154
- session[:user_id] = nil if user_session && user_session.domain != shop_name
155
- end
156
- session[:shopify_domain] = shop_name
157
- session[:user_session] = auth_hash&.extra&.session
46
+ def perform_post_authenticate_jobs(session)
47
+ install_webhooks(session)
48
+ install_scripttags(session)
49
+ perform_after_authenticate_job(session)
158
50
  end
159
51
 
160
- def install_webhooks
52
+ def install_webhooks(session)
161
53
  return unless ShopifyApp.configuration.has_webhooks?
162
54
 
163
- WebhooksManager.queue(
164
- shop_name,
165
- offline_access_token || online_access_token,
166
- ShopifyApp.configuration.webhooks
167
- )
55
+ WebhooksManager.queue(session.shop, session.access_token)
168
56
  end
169
57
 
170
- def install_scripttags
58
+ def install_scripttags(session)
171
59
  return unless ShopifyApp.configuration.has_scripttags?
172
60
 
173
61
  ScripttagsManager.queue(
174
- shop_name,
175
- offline_access_token || online_access_token,
62
+ session.shop,
63
+ session.access_token,
176
64
  ShopifyApp.configuration.scripttags
177
65
  )
178
66
  end
179
67
 
180
- def perform_after_authenticate_job
68
+ def perform_after_authenticate_job(session)
181
69
  config = ShopifyApp.configuration.after_authenticate_job
182
70
 
183
71
  return unless config && config[:job].present?
@@ -186,9 +74,9 @@ module ShopifyApp
186
74
  job = job.constantize if job.is_a?(String)
187
75
 
188
76
  if config[:inline] == true
189
- job.perform_now(shop_domain: session[:shopify_domain])
77
+ job.perform_now(shop_domain: session.shop)
190
78
  else
191
- job.perform_later(shop_domain: session[:shopify_domain])
79
+ job.perform_later(shop_domain: session.shop)
192
80
  end
193
81
  end
194
82
  end