RubyGems - shopify_app - Versions diffs - 18.1.3 → 19.0.0 - Mend

shopify_app 18.1.3 → 19.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

data/lib/shopify_app/session/in_memory_shop_session_store.rb CHANGED Viewed

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
 module ShopifyApp
   class InMemoryShopSessionStore < InMemorySessionStore
     class << self
       def store(session, *args)
         id = super
-        repo[session.domain] = session
+        repo[session.shop] = session
         id
       end

data/lib/shopify_app/session/in_memory_user_session_store.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   class InMemoryUserSessionStore < InMemorySessionStore
     class << self

data/lib/shopify_app/session/jwt.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   class JWT
     class InvalidDestinationError < StandardError; end
@@ -23,15 +24,15 @@ module ShopifyApp
     end
     def shopify_domain
-      @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload['dest'])
+      @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload["dest"])
     end
     def shopify_user_id
-      @payload['sub'].to_i if @payload && @payload['sub']
+      @payload["sub"].to_i if @payload && @payload["sub"]
     end
     def expire_at
-      @payload['exp'].to_i if @payload && @payload['exp']
+      @payload["exp"].to_i if @payload && @payload["exp"]
     end
     private
@@ -45,19 +46,19 @@ module ShopifyApp
     end
     def parse_token_data(secret, old_secret)
-      ::JWT.decode(@token, secret, true, { algorithm: 'HS256' })
+      ::JWT.decode(@token, secret, true, { algorithm: "HS256" })
     rescue ::JWT::VerificationError
       raise unless old_secret
-      ::JWT.decode(@token, old_secret, true, { algorithm: 'HS256' })
+      ::JWT.decode(@token, old_secret, true, { algorithm: "HS256" })
     end
     def validate_payload(payload)
-      dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload['dest'])
-      iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload['iss'])
+      dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload["dest"])
+      iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload["iss"])
       api_key = ShopifyApp.configuration.api_key
-      raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload['aud'] == api_key
+      raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload["aud"] == api_key
       raise InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
       raise MismatchedHostsError, "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host

data/lib/shopify_app/session/null_user_session_store.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   class NullUserSessionStore
     class << self
@@ -7,7 +8,7 @@ module ShopifyApp
       end
       def store(_, _)
-        raise SessionRepository::ConfigurationError, 'user_storage is not configured'
+        raise SessionRepository::ConfigurationError, "user_storage is not configured"
       end
       def retrieve_by_shopify_user_id(_)

data/lib/shopify_app/session/session_repository.rb CHANGED Viewed

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 module ShopifyApp
   class SessionRepository
+    extend ShopifyAPI::Auth::SessionStorage
     class ConfigurationError < StandardError; end
     class << self
@@ -40,6 +43,40 @@ module ShopifyApp
         load_user_storage
       end
+      # ShopifyAPI::Auth::SessionStorage override
+      def store_session(session)
+        if session.online?
+          user_storage.store(session, session.associated_user.id.to_s)
+        else
+          shop_storage.store(session)
+        end
+      end
+      # ShopifyAPI::Auth::SessionStorage override
+      def load_session(id)
+        match = id.match(/^offline_(.*)/)
+        if match
+          retrieve_shop_session_by_shopify_domain(match[1])
+        else
+          retrieve_user_session_by_shopify_user_id(id.split("_").last)
+        end
+      end
+      # ShopifyAPI::Auth::SessionStorage override
+      def delete_session(id)
+        match = id.match(/^offline_(.*)/)
+        record = if match
+          Shop.find_by(shopify_domain: match[1])
+        else
+          User.find_by(shopify_user_id: id.split("_").last)
+        end
+        record.destroy
+        true
+      end
       private
       def load_shop_storage

data/lib/shopify_app/session/session_storage.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   module SessionStorage
     extend ActiveSupport::Concern
@@ -9,12 +10,9 @@ module ShopifyApp
     end
     def with_shopify_session(&block)
-      ShopifyAPI::Session.temp(
-        domain: shopify_domain,
-        token: shopify_token,
-        api_version: api_version,
-        &block
-      )
+      ShopifyAPI::Auth::Session.temp(shop: shopify_domain, access_token: shopify_token) do
+        yield block
+      end
     end
   end
 end

data/lib/shopify_app/session/shop_session_storage.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   module ShopSessionStorage
     extend ActiveSupport::Concern
@@ -10,8 +11,8 @@ module ShopifyApp
     class_methods do
       def store(auth_session, *_args)
-        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
-        shop.shopify_token = auth_session.token
+        shop = find_or_initialize_by(shopify_domain: auth_session.shop)
+        shop.shopify_token = auth_session.access_token
         shop.save!
         shop.id
       end
@@ -31,10 +32,9 @@ module ShopifyApp
       def construct_session(shop)
         return unless shop
-        ShopifyAPI::Session.new(
-          domain: shop.shopify_domain,
-          token: shop.shopify_token,
-          api_version: shop.api_version,
+        ShopifyAPI::Auth::Session.new(
+          shop: shop.shopify_domain,
+          access_token: shop.shopify_token
         )
       end
     end

data/lib/shopify_app/session/shop_session_storage_with_scopes.rb CHANGED Viewed

@@ -11,9 +11,9 @@ module ShopifyApp
     class_methods do
       def store(auth_session, *_args)
-        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
-        shop.shopify_token = auth_session.token
-        shop.access_scopes = auth_session.access_scopes
+        shop = find_or_initialize_by(shopify_domain: auth_session.shop)
+        shop.shopify_token = auth_session.access_token
+        shop.access_scopes = auth_session.scope.to_s
         shop.save!
         shop.id
@@ -34,11 +34,10 @@ module ShopifyApp
       def construct_session(shop)
         return unless shop
-        ShopifyAPI::Session.new(
-          domain: shop.shopify_domain,
-          token: shop.shopify_token,
-          api_version: shop.api_version,
-          access_scopes: shop.access_scopes
+        ShopifyAPI::Auth::Session.new(
+          shop: shop.shopify_domain,
+          access_token: shop.shopify_token,
+          scope: shop.access_scopes
         )
       end
     end

data/lib/shopify_app/session/user_session_storage.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   module UserSessionStorage
     extend ActiveSupport::Concern
@@ -11,8 +12,8 @@ module ShopifyApp
     class_methods do
       def store(auth_session, user)
         user = find_or_initialize_by(shopify_user_id: user[:id])
-        user.shopify_token = auth_session.token
-        user.shopify_domain = auth_session.domain
+        user.shopify_token = auth_session.access_token
+        user.shopify_domain = auth_session.shop
         user.save!
         user.id
       end
@@ -31,10 +32,22 @@ module ShopifyApp
       def construct_session(user)
         return unless user
-        ShopifyAPI::Session.new(
-          domain: user.shopify_domain,
-          token: user.shopify_token,
-          api_version: user.api_version,
+        associated_user = ShopifyAPI::Auth::AssociatedUser.new(
+          id: user.shopify_user_id,
+          first_name: "",
+          last_name: "",
+          email: "",
+          email_verified: false,
+          account_owner: false,
+          locale: "",
+          collaborator: false
+        )
+        ShopifyAPI::Auth::Session.new(
+          shop: user.shopify_domain,
+          access_token: user.shopify_token,
+          associated_user: associated_user
         )
       end
     end

data/lib/shopify_app/session/user_session_storage_with_scopes.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   module UserSessionStorageWithScopes
     extend ActiveSupport::Concern
@@ -11,9 +12,9 @@ module ShopifyApp
     class_methods do
       def store(auth_session, user)
         user = find_or_initialize_by(shopify_user_id: user[:id])
-        user.shopify_token = auth_session.token
-        user.shopify_domain = auth_session.domain
-        user.access_scopes = auth_session.access_scopes
+        user.shopify_token = auth_session.access_token
+        user.shopify_domain = auth_session.shop
+        user.access_scopes = auth_session.scope.to_s
         user.save!
         user.id
@@ -34,11 +35,23 @@ module ShopifyApp
       def construct_session(user)
         return unless user
-        ShopifyAPI::Session.new(
-          domain: user.shopify_domain,
-          token: user.shopify_token,
-          api_version: user.api_version,
-          access_scopes: user.access_scopes
+        associated_user = ShopifyAPI::Auth::AssociatedUser.new(
+          id: user.shopify_user_id,
+          first_name: "",
+          last_name: "",
+          email: "",
+          email_verified: false,
+          account_owner: false,
+          locale: "",
+          collaborator: false
+        )
+        ShopifyAPI::Auth::Session.new(
+          shop: user.shopify_domain,
+          access_token: user.shopify_token,
+          scope: user.access_scopes,
+          associated_user_scope: user.access_scopes,
+          associated_user: associated_user
         )
       end
     end

data/lib/shopify_app/test_helpers/all.rb CHANGED Viewed

@@ -1,2 +1,3 @@
 # frozen_string_literal: true
-require 'shopify_app/test_helpers/webhook_verification_helper'
+require "shopify_app/test_helpers/webhook_verification_helper"

data/lib/shopify_app/test_helpers/webhook_verification_helper.rb CHANGED Viewed

@@ -1,16 +1,17 @@
 # frozen_string_literal: true
 module ShopifyApp
   module TestHelpers
     module WebhookVerificationHelper
       def authorized_webhook_verification_headers!(params = {})
-        digest = OpenSSL::Digest.new('sha256')
+        digest = OpenSSL::Digest.new("sha256")
         secret = ShopifyApp.configuration.secret
         valid_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, params.to_query)).strip
-        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = valid_hmac
+        @request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"] = valid_hmac
       end
       def unauthorized_webhook_verification_headers!
-        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = "invalid_hmac"
+        @request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"] = "invalid_hmac"
       end
     end
   end

data/lib/shopify_app/utils.rb CHANGED Viewed

@@ -1,11 +1,12 @@
 # frozen_string_literal: true
 module ShopifyApp
   module Utils
     def self.sanitize_shop_domain(shop_domain)
       myshopify_domain = ShopifyApp.configuration.myshopify_domain
       name = shop_domain.to_s.downcase.strip
       name += ".#{myshopify_domain}" if !name.include?(myshopify_domain.to_s) && !name.include?(".")
-      name.sub!(%r|https?://|, '')
+      name.sub!(%r|https?://|, "")
       u = URI("http://#{name}")
       u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(myshopify_domain)}$/)
@@ -13,14 +14,6 @@ module ShopifyApp
       nil
     end
-    def self.fetch_known_api_versions
-      Rails.logger.info("[ShopifyAPI::ApiVersion] Fetching known Admin API Versions from Shopify...")
-      ShopifyAPI::ApiVersion.fetch_known_versions
-      Rails.logger.info("[ShopifyAPI::ApiVersion] Known API Versions: #{ShopifyAPI::ApiVersion.versions.keys}")
-    rescue ActiveResource::ConnectionError
-      logger.error("[ShopifyAPI::ApiVersion] Unable to fetch api_versions from Shopify")
-    end
     def self.shop_login_url(shop:, host:, return_to:)
       return ShopifyApp.configuration.login_url unless shop
       url = URI(ShopifyApp.configuration.login_url)

data/lib/shopify_app/version.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '18.1.3'
+  VERSION = "19.0.0"
 end

data/lib/shopify_app.rb CHANGED Viewed

@@ -1,11 +1,10 @@
 # frozen_string_literal: true
-require 'shopify_app/version'
+require "shopify_app/version"
 # deps
-require 'shopify_api'
-require 'omniauth/rails_csrf_protection'
-require 'omniauth-shopify-oauth2'
-require 'redirect_safely'
+require "shopify_api"
+require "redirect_safely"
 module ShopifyApp
   def self.rails6?
@@ -22,59 +21,55 @@ module ShopifyApp
   def self.use_webpacker?
     rails6? &&
-      defined?(Webpacker) == 'constant' &&
+      defined?(Webpacker) == "constant" &&
       !configuration.disable_webpacker
   end
   # config
-  require 'shopify_app/configuration'
+  require "shopify_app/configuration"
   # engine
-  require 'shopify_app/engine'
+  require "shopify_app/engine"
   # utils
-  require 'shopify_app/utils'
+  require "shopify_app/utils"
   # controller concerns
-  require 'shopify_app/controller_concerns/csrf_protection'
-  require 'shopify_app/controller_concerns/localization'
-  require 'shopify_app/controller_concerns/itp'
-  require 'shopify_app/controller_concerns/login_protection'
-  require 'shopify_app/controller_concerns/embedded_app'
-  require 'shopify_app/controller_concerns/payload_verification'
-  require 'shopify_app/controller_concerns/app_proxy_verification'
-  require 'shopify_app/controller_concerns/webhook_verification'
+  require "shopify_app/controller_concerns/csrf_protection"
+  require "shopify_app/controller_concerns/localization"
+  require "shopify_app/controller_concerns/itp"
+  require "shopify_app/controller_concerns/login_protection"
+  require "shopify_app/controller_concerns/embedded_app"
+  require "shopify_app/controller_concerns/payload_verification"
+  require "shopify_app/controller_concerns/app_proxy_verification"
+  require "shopify_app/controller_concerns/webhook_verification"
   # jobs
-  require 'shopify_app/jobs/webhooks_manager_job'
-  require 'shopify_app/jobs/scripttags_manager_job'
+  require "shopify_app/jobs/webhooks_manager_job"
+  require "shopify_app/jobs/scripttags_manager_job"
   # managers
-  require 'shopify_app/managers/webhooks_manager'
-  require 'shopify_app/managers/scripttags_manager'
+  require "shopify_app/managers/webhooks_manager"
+  require "shopify_app/managers/scripttags_manager"
   # middleware
-  require 'shopify_app/middleware/jwt_middleware'
-  require 'shopify_app/middleware/same_site_cookie_middleware'
+  require "shopify_app/middleware/jwt_middleware"
   # session
-  require 'shopify_app/session/in_memory_session_store'
-  require 'shopify_app/session/in_memory_shop_session_store'
-  require 'shopify_app/session/in_memory_user_session_store'
-  require 'shopify_app/session/jwt'
-  require 'shopify_app/session/null_user_session_store'
-  require 'shopify_app/session/session_repository'
-  require 'shopify_app/session/session_storage'
-  require 'shopify_app/session/shop_session_storage'
-  require 'shopify_app/session/shop_session_storage_with_scopes'
-  require 'shopify_app/session/user_session_storage'
-  require 'shopify_app/session/user_session_storage_with_scopes'
+  require "shopify_app/session/in_memory_session_store"
+  require "shopify_app/session/in_memory_shop_session_store"
+  require "shopify_app/session/in_memory_user_session_store"
+  require "shopify_app/session/jwt"
+  require "shopify_app/session/null_user_session_store"
+  require "shopify_app/session/session_repository"
+  require "shopify_app/session/session_storage"
+  require "shopify_app/session/shop_session_storage"
+  require "shopify_app/session/shop_session_storage_with_scopes"
+  require "shopify_app/session/user_session_storage"
+  require "shopify_app/session/user_session_storage_with_scopes"
   # access scopes strategies
-  require 'shopify_app/access_scopes/shop_strategy'
-  require 'shopify_app/access_scopes/user_strategy'
-  require 'shopify_app/access_scopes/noop_strategy'
-  # omniauth_configuration
-  require 'shopify_app/omniauth/omniauth_configuration'
+  require "shopify_app/access_scopes/shop_strategy"
+  require "shopify_app/access_scopes/user_strategy"
+  require "shopify_app/access_scopes/noop_strategy"
 end

data/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "18.1.3",
+  "version": "19.0.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
-$LOAD_PATH.push(File.expand_path('../lib', __FILE__))
+$LOAD_PATH.push(File.expand_path("../lib", __FILE__))
 require "shopify_app/version"
 Gem::Specification.new do |s|
@@ -7,30 +8,30 @@ Gem::Specification.new do |s|
   s.version     = ShopifyApp::VERSION
   s.platform    = Gem::Platform::RUBY
   s.author      = "Shopify"
-  s.summary     = 'This gem is used to get quickly started with the Shopify API'
+  s.summary     = "This gem is used to get quickly started with the Shopify API"
   s.required_ruby_version = ">= 2.6"
-  s.metadata['allowed_push_host'] = 'https://rubygems.org'
+  s.metadata["allowed_push_host"] = "https://rubygems.org"
-  s.add_runtime_dependency('browser_sniffer', '~> 2.0')
-  s.add_runtime_dependency('omniauth-rails_csrf_protection')
-  s.add_runtime_dependency('rails', '> 5.2.1')
-  s.add_runtime_dependency('shopify_api', '~> 9.4')
-  s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.3')
-  s.add_runtime_dependency('jwt', '>= 2.2.3')
-  s.add_runtime_dependency('redirect_safely', '~> 1.0')
+  s.add_runtime_dependency("activeresource") # TODO: Remove this once all active resource dependencies are removed
+  s.add_runtime_dependency("browser_sniffer", "~> 1.4.0")
+  s.add_runtime_dependency("jwt", ">= 2.2.3")
+  s.add_runtime_dependency("rails", "> 5.2.1")
+  s.add_runtime_dependency("redirect_safely", "~> 1.0")
+  s.add_runtime_dependency("shopify_api", "~> 10.0")
+  s.add_runtime_dependency("sprockets-rails", ">= 2.0.0")
-  s.add_development_dependency('rake')
-  s.add_development_dependency('byebug')
-  s.add_development_dependency('pry')
-  s.add_development_dependency('pry-nav')
-  s.add_development_dependency('pry-stack_explorer')
-  s.add_development_dependency('rb-readline')
-  s.add_development_dependency('sqlite3', '~> 1.4')
-  s.add_development_dependency('minitest')
-  s.add_development_dependency('mocha')
-  s.add_development_dependency('webmock')
+  s.add_development_dependency("byebug")
+  s.add_development_dependency("minitest")
+  s.add_development_dependency("mocha")
+  s.add_development_dependency("pry")
+  s.add_development_dependency("pry-nav")
+  s.add_development_dependency("pry-stack_explorer")
+  s.add_development_dependency("rake")
+  s.add_development_dependency("rb-readline")
+  s.add_development_dependency("sqlite3", "~> 1.4")
+  s.add_development_dependency("webmock")
   s.files         = %x(git ls-files).split("\n").reject { |f| f.match(%r{^(test|example)/}) }
   s.test_files    = %x(git ls-files -- {test}/*).split("\n")

data/yarn.lock CHANGED Viewed

@@ -2555,9 +2555,9 @@ flush-write-stream@^1.0.0:
     readable-stream "^2.3.6"
 follow-redirects@^1.0.0:
-  version "1.14.7"
-  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.7.tgz#2004c02eb9436eee9a21446a6477debf17e81685"
-  integrity sha512-+hbxoLbFMbRKDwohX8GkTataGqO6Jb7jGwpAlwgy2bIz25XtRm7KEzJM76R1WiNT5SwZkX4Y75SwBolkpmE7iQ==
+  version "1.14.9"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.9.tgz#dd4ea157de7bfaf9ea9b3fbd85aa16951f78d8d7"
+  integrity sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==
 for-in@^1.0.2:
   version "1.0.2"
@@ -3892,9 +3892,9 @@ path-to-regexp@^1.7.0:
     isarray "0.0.1"
 pathval@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.0.tgz#b942e6d4bde653005ef6b71361def8727d0645e0"
-  integrity sha1-uULm1L3mUwBe9rcTYd74cn0GReA=
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.1.tgz#8534e77a77ce7ac5a2512ea21e0fdb8fcf6c3d8d"
+  integrity sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==
 pbkdf2@^3.0.3:
   version "3.1.1"