shopify_app 18.1.3 → 19.0.0

data/lib/shopify_app/session/in_memory_shop_session_store.rb

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class InMemoryShopSessionStore < InMemorySessionStore
     class << self
       def store(session, *args)
         id = super
-        repo[session.domain] = session
+        repo[session.shop] = session
         id
       end
 

data/lib/shopify_app/session/in_memory_user_session_store.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class InMemoryUserSessionStore < InMemorySessionStore
     class << self

data/lib/shopify_app/session/jwt.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class JWT
     class InvalidDestinationError < StandardError; end
@@ -23,15 +24,15 @@ module ShopifyApp
     end
 
     def shopify_domain
-      @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload['dest'])
+      @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload["dest"])
     end
 
     def shopify_user_id
-      @payload['sub'].to_i if @payload && @payload['sub']
+      @payload["sub"].to_i if @payload && @payload["sub"]
     end
 
     def expire_at
-      @payload['exp'].to_i if @payload && @payload['exp']
+      @payload["exp"].to_i if @payload && @payload["exp"]
     end
 
     private
@@ -45,19 +46,19 @@ module ShopifyApp
     end
 
     def parse_token_data(secret, old_secret)
-      ::JWT.decode(@token, secret, true, { algorithm: 'HS256' })
+      ::JWT.decode(@token, secret, true, { algorithm: "HS256" })
     rescue ::JWT::VerificationError
       raise unless old_secret
 
-      ::JWT.decode(@token, old_secret, true, { algorithm: 'HS256' })
+      ::JWT.decode(@token, old_secret, true, { algorithm: "HS256" })
     end
 
     def validate_payload(payload)
-      dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload['dest'])
-      iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload['iss'])
+      dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload["dest"])
+      iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload["iss"])
       api_key = ShopifyApp.configuration.api_key
 
-      raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload['aud'] == api_key
+      raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload["aud"] == api_key
       raise InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
       raise MismatchedHostsError, "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host
 

data/lib/shopify_app/session/null_user_session_store.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class NullUserSessionStore
     class << self
@@ -7,7 +8,7 @@ module ShopifyApp
       end
 
       def store(_, _)
-        raise SessionRepository::ConfigurationError, 'user_storage is not configured'
+        raise SessionRepository::ConfigurationError, "user_storage is not configured"
       end
 
       def retrieve_by_shopify_user_id(_)

data/lib/shopify_app/session/session_repository.rb

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   class SessionRepository
+    extend ShopifyAPI::Auth::SessionStorage
+
     class ConfigurationError < StandardError; end
 
     class << self
@@ -40,6 +43,40 @@ module ShopifyApp
         load_user_storage
       end
 
+      # ShopifyAPI::Auth::SessionStorage override
+      def store_session(session)
+        if session.online?
+          user_storage.store(session, session.associated_user.id.to_s)
+        else
+          shop_storage.store(session)
+        end
+      end
+
+      # ShopifyAPI::Auth::SessionStorage override
+      def load_session(id)
+        match = id.match(/^offline_(.*)/)
+        if match
+          retrieve_shop_session_by_shopify_domain(match[1])
+        else
+          retrieve_user_session_by_shopify_user_id(id.split("_").last)
+        end
+      end
+
+      # ShopifyAPI::Auth::SessionStorage override
+      def delete_session(id)
+        match = id.match(/^offline_(.*)/)
+
+        record = if match
+          Shop.find_by(shopify_domain: match[1])
+        else
+          User.find_by(shopify_user_id: id.split("_").last)
+        end
+
+        record.destroy
+
+        true
+      end
+
       private
 
       def load_shop_storage

data/lib/shopify_app/session/session_storage.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module SessionStorage
     extend ActiveSupport::Concern
@@ -9,12 +10,9 @@ module ShopifyApp
     end
 
     def with_shopify_session(&block)
-      ShopifyAPI::Session.temp(
-        domain: shopify_domain,
-        token: shopify_token,
-        api_version: api_version,
-        &block
-      )
+      ShopifyAPI::Auth::Session.temp(shop: shopify_domain, access_token: shopify_token) do
+        yield block
+      end
     end
   end
 end

data/lib/shopify_app/session/shop_session_storage.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module ShopSessionStorage
     extend ActiveSupport::Concern
@@ -10,8 +11,8 @@ module ShopifyApp
 
     class_methods do
       def store(auth_session, *_args)
-        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
-        shop.shopify_token = auth_session.token
+        shop = find_or_initialize_by(shopify_domain: auth_session.shop)
+        shop.shopify_token = auth_session.access_token
         shop.save!
         shop.id
       end
@@ -31,10 +32,9 @@ module ShopifyApp
       def construct_session(shop)
         return unless shop
 
-        ShopifyAPI::Session.new(
-          domain: shop.shopify_domain,
-          token: shop.shopify_token,
-          api_version: shop.api_version,
+        ShopifyAPI::Auth::Session.new(
+          shop: shop.shopify_domain,
+          access_token: shop.shopify_token
         )
       end
     end

data/lib/shopify_app/session/shop_session_storage_with_scopes.rb

@@ -11,9 +11,9 @@ module ShopifyApp
 
     class_methods do
       def store(auth_session, *_args)
-        shop = find_or_initialize_by(shopify_domain: auth_session.domain)
-        shop.shopify_token = auth_session.token
-        shop.access_scopes = auth_session.access_scopes
+        shop = find_or_initialize_by(shopify_domain: auth_session.shop)
+        shop.shopify_token = auth_session.access_token
+        shop.access_scopes = auth_session.scope.to_s
 
         shop.save!
         shop.id
@@ -34,11 +34,10 @@ module ShopifyApp
       def construct_session(shop)
         return unless shop
 
-        ShopifyAPI::Session.new(
-          domain: shop.shopify_domain,
-          token: shop.shopify_token,
-          api_version: shop.api_version,
-          access_scopes: shop.access_scopes
+        ShopifyAPI::Auth::Session.new(
+          shop: shop.shopify_domain,
+          access_token: shop.shopify_token,
+          scope: shop.access_scopes
         )
       end
     end

data/lib/shopify_app/session/user_session_storage.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module UserSessionStorage
     extend ActiveSupport::Concern
@@ -11,8 +12,8 @@ module ShopifyApp
     class_methods do
       def store(auth_session, user)
         user = find_or_initialize_by(shopify_user_id: user[:id])
-        user.shopify_token = auth_session.token
-        user.shopify_domain = auth_session.domain
+        user.shopify_token = auth_session.access_token
+        user.shopify_domain = auth_session.shop
         user.save!
         user.id
       end
@@ -31,10 +32,22 @@ module ShopifyApp
 
       def construct_session(user)
         return unless user
-        ShopifyAPI::Session.new(
-          domain: user.shopify_domain,
-          token: user.shopify_token,
-          api_version: user.api_version,
+
+        associated_user = ShopifyAPI::Auth::AssociatedUser.new(
+          id: user.shopify_user_id,
+          first_name: "",
+          last_name: "",
+          email: "",
+          email_verified: false,
+          account_owner: false,
+          locale: "",
+          collaborator: false
+        )
+
+        ShopifyAPI::Auth::Session.new(
+          shop: user.shopify_domain,
+          access_token: user.shopify_token,
+          associated_user: associated_user
         )
       end
     end

data/lib/shopify_app/session/user_session_storage_with_scopes.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module UserSessionStorageWithScopes
     extend ActiveSupport::Concern
@@ -11,9 +12,9 @@ module ShopifyApp
     class_methods do
       def store(auth_session, user)
         user = find_or_initialize_by(shopify_user_id: user[:id])
-        user.shopify_token = auth_session.token
-        user.shopify_domain = auth_session.domain
-        user.access_scopes = auth_session.access_scopes
+        user.shopify_token = auth_session.access_token
+        user.shopify_domain = auth_session.shop
+        user.access_scopes = auth_session.scope.to_s
 
         user.save!
         user.id
@@ -34,11 +35,23 @@ module ShopifyApp
       def construct_session(user)
         return unless user
 
-        ShopifyAPI::Session.new(
-          domain: user.shopify_domain,
-          token: user.shopify_token,
-          api_version: user.api_version,
-          access_scopes: user.access_scopes
+        associated_user = ShopifyAPI::Auth::AssociatedUser.new(
+          id: user.shopify_user_id,
+          first_name: "",
+          last_name: "",
+          email: "",
+          email_verified: false,
+          account_owner: false,
+          locale: "",
+          collaborator: false
+        )
+
+        ShopifyAPI::Auth::Session.new(
+          shop: user.shopify_domain,
+          access_token: user.shopify_token,
+          scope: user.access_scopes,
+          associated_user_scope: user.access_scopes,
+          associated_user: associated_user
         )
       end
     end

data/lib/shopify_app/test_helpers/all.rb

@@ -1,2 +1,3 @@
 # frozen_string_literal: true
-require 'shopify_app/test_helpers/webhook_verification_helper'
+
+require "shopify_app/test_helpers/webhook_verification_helper"

data/lib/shopify_app/test_helpers/webhook_verification_helper.rb

@@ -1,16 +1,17 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module TestHelpers
     module WebhookVerificationHelper
       def authorized_webhook_verification_headers!(params = {})
-        digest = OpenSSL::Digest.new('sha256')
+        digest = OpenSSL::Digest.new("sha256")
         secret = ShopifyApp.configuration.secret
         valid_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, params.to_query)).strip
-        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = valid_hmac
+        @request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"] = valid_hmac
       end
 
       def unauthorized_webhook_verification_headers!
-        @request.headers['HTTP_X_SHOPIFY_HMAC_SHA256'] = "invalid_hmac"
+        @request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"] = "invalid_hmac"
       end
     end
   end

data/lib/shopify_app/utils.rb

@@ -1,11 +1,12 @@
 # frozen_string_literal: true
+
 module ShopifyApp
   module Utils
     def self.sanitize_shop_domain(shop_domain)
       myshopify_domain = ShopifyApp.configuration.myshopify_domain
       name = shop_domain.to_s.downcase.strip
       name += ".#{myshopify_domain}" if !name.include?(myshopify_domain.to_s) && !name.include?(".")
-      name.sub!(%r|https?://|, '')
+      name.sub!(%r|https?://|, "")
 
       u = URI("http://#{name}")
       u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(myshopify_domain)}$/)
@@ -13,14 +14,6 @@ module ShopifyApp
       nil
     end
 
-    def self.fetch_known_api_versions
-      Rails.logger.info("[ShopifyAPI::ApiVersion] Fetching known Admin API Versions from Shopify...")
-      ShopifyAPI::ApiVersion.fetch_known_versions
-      Rails.logger.info("[ShopifyAPI::ApiVersion] Known API Versions: #{ShopifyAPI::ApiVersion.versions.keys}")
-    rescue ActiveResource::ConnectionError
-      logger.error("[ShopifyAPI::ApiVersion] Unable to fetch api_versions from Shopify")
-    end
-
     def self.shop_login_url(shop:, host:, return_to:)
       return ShopifyApp.configuration.login_url unless shop
       url = URI(ShopifyApp.configuration.login_url)

data/lib/shopify_app/version.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module ShopifyApp
-  VERSION = '18.1.3'
+  VERSION = "19.0.0"
 end

data/lib/shopify_app.rb

@@ -1,11 +1,10 @@
 # frozen_string_literal: true
-require 'shopify_app/version'
+
+require "shopify_app/version"
 
 # deps
-require 'shopify_api'
-require 'omniauth/rails_csrf_protection'
-require 'omniauth-shopify-oauth2'
-require 'redirect_safely'
+require "shopify_api"
+require "redirect_safely"
 
 module ShopifyApp
   def self.rails6?
@@ -22,59 +21,55 @@ module ShopifyApp
 
   def self.use_webpacker?
     rails6? &&
-      defined?(Webpacker) == 'constant' &&
+      defined?(Webpacker) == "constant" &&
       !configuration.disable_webpacker
   end
 
   # config
-  require 'shopify_app/configuration'
+  require "shopify_app/configuration"
 
   # engine
-  require 'shopify_app/engine'
+  require "shopify_app/engine"
 
   # utils
-  require 'shopify_app/utils'
+  require "shopify_app/utils"
 
   # controller concerns
-  require 'shopify_app/controller_concerns/csrf_protection'
-  require 'shopify_app/controller_concerns/localization'
-  require 'shopify_app/controller_concerns/itp'
-  require 'shopify_app/controller_concerns/login_protection'
-  require 'shopify_app/controller_concerns/embedded_app'
-  require 'shopify_app/controller_concerns/payload_verification'
-  require 'shopify_app/controller_concerns/app_proxy_verification'
-  require 'shopify_app/controller_concerns/webhook_verification'
+  require "shopify_app/controller_concerns/csrf_protection"
+  require "shopify_app/controller_concerns/localization"
+  require "shopify_app/controller_concerns/itp"
+  require "shopify_app/controller_concerns/login_protection"
+  require "shopify_app/controller_concerns/embedded_app"
+  require "shopify_app/controller_concerns/payload_verification"
+  require "shopify_app/controller_concerns/app_proxy_verification"
+  require "shopify_app/controller_concerns/webhook_verification"
 
   # jobs
-  require 'shopify_app/jobs/webhooks_manager_job'
-  require 'shopify_app/jobs/scripttags_manager_job'
+  require "shopify_app/jobs/webhooks_manager_job"
+  require "shopify_app/jobs/scripttags_manager_job"
 
   # managers
-  require 'shopify_app/managers/webhooks_manager'
-  require 'shopify_app/managers/scripttags_manager'
+  require "shopify_app/managers/webhooks_manager"
+  require "shopify_app/managers/scripttags_manager"
 
   # middleware
-  require 'shopify_app/middleware/jwt_middleware'
-  require 'shopify_app/middleware/same_site_cookie_middleware'
+  require "shopify_app/middleware/jwt_middleware"
 
   # session
-  require 'shopify_app/session/in_memory_session_store'
-  require 'shopify_app/session/in_memory_shop_session_store'
-  require 'shopify_app/session/in_memory_user_session_store'
-  require 'shopify_app/session/jwt'
-  require 'shopify_app/session/null_user_session_store'
-  require 'shopify_app/session/session_repository'
-  require 'shopify_app/session/session_storage'
-  require 'shopify_app/session/shop_session_storage'
-  require 'shopify_app/session/shop_session_storage_with_scopes'
-  require 'shopify_app/session/user_session_storage'
-  require 'shopify_app/session/user_session_storage_with_scopes'
+  require "shopify_app/session/in_memory_session_store"
+  require "shopify_app/session/in_memory_shop_session_store"
+  require "shopify_app/session/in_memory_user_session_store"
+  require "shopify_app/session/jwt"
+  require "shopify_app/session/null_user_session_store"
+  require "shopify_app/session/session_repository"
+  require "shopify_app/session/session_storage"
+  require "shopify_app/session/shop_session_storage"
+  require "shopify_app/session/shop_session_storage_with_scopes"
+  require "shopify_app/session/user_session_storage"
+  require "shopify_app/session/user_session_storage_with_scopes"
 
   # access scopes strategies
-  require 'shopify_app/access_scopes/shop_strategy'
-  require 'shopify_app/access_scopes/user_strategy'
-  require 'shopify_app/access_scopes/noop_strategy'
-
-  # omniauth_configuration
-  require 'shopify_app/omniauth/omniauth_configuration'
+  require "shopify_app/access_scopes/shop_strategy"
+  require "shopify_app/access_scopes/user_strategy"
+  require "shopify_app/access_scopes/noop_strategy"
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "18.1.3",
+  "version": "19.0.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
-$LOAD_PATH.push(File.expand_path('../lib', __FILE__))
+
+$LOAD_PATH.push(File.expand_path("../lib", __FILE__))
 require "shopify_app/version"
 
 Gem::Specification.new do |s|
@@ -7,30 +8,30 @@ Gem::Specification.new do |s|
   s.version     = ShopifyApp::VERSION
   s.platform    = Gem::Platform::RUBY
   s.author      = "Shopify"
-  s.summary     = 'This gem is used to get quickly started with the Shopify API'
+  s.summary     = "This gem is used to get quickly started with the Shopify API"
 
   s.required_ruby_version = ">= 2.6"
 
-  s.metadata['allowed_push_host'] = 'https://rubygems.org'
+  s.metadata["allowed_push_host"] = "https://rubygems.org"
 
-  s.add_runtime_dependency('browser_sniffer', '~> 2.0')
-  s.add_runtime_dependency('omniauth-rails_csrf_protection')
-  s.add_runtime_dependency('rails', '> 5.2.1')
-  s.add_runtime_dependency('shopify_api', '~> 9.4')
-  s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.3')
-  s.add_runtime_dependency('jwt', '>= 2.2.3')
-  s.add_runtime_dependency('redirect_safely', '~> 1.0')
+  s.add_runtime_dependency("activeresource") # TODO: Remove this once all active resource dependencies are removed
+  s.add_runtime_dependency("browser_sniffer", "~> 1.4.0")
+  s.add_runtime_dependency("jwt", ">= 2.2.3")
+  s.add_runtime_dependency("rails", "> 5.2.1")
+  s.add_runtime_dependency("redirect_safely", "~> 1.0")
+  s.add_runtime_dependency("shopify_api", "~> 10.0")
+  s.add_runtime_dependency("sprockets-rails", ">= 2.0.0")
 
-  s.add_development_dependency('rake')
-  s.add_development_dependency('byebug')
-  s.add_development_dependency('pry')
-  s.add_development_dependency('pry-nav')
-  s.add_development_dependency('pry-stack_explorer')
-  s.add_development_dependency('rb-readline')
-  s.add_development_dependency('sqlite3', '~> 1.4')
-  s.add_development_dependency('minitest')
-  s.add_development_dependency('mocha')
-  s.add_development_dependency('webmock')
+  s.add_development_dependency("byebug")
+  s.add_development_dependency("minitest")
+  s.add_development_dependency("mocha")
+  s.add_development_dependency("pry")
+  s.add_development_dependency("pry-nav")
+  s.add_development_dependency("pry-stack_explorer")
+  s.add_development_dependency("rake")
+  s.add_development_dependency("rb-readline")
+  s.add_development_dependency("sqlite3", "~> 1.4")
+  s.add_development_dependency("webmock")
 
   s.files         = %x(git ls-files).split("\n").reject { |f| f.match(%r{^(test|example)/}) }
   s.test_files    = %x(git ls-files -- {test}/*).split("\n")

data/yarn.lock

@@ -2555,9 +2555,9 @@ flush-write-stream@^1.0.0:
     readable-stream "^2.3.6"
 
 follow-redirects@^1.0.0:
-  version "1.14.7"
-  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.7.tgz#2004c02eb9436eee9a21446a6477debf17e81685"
-  integrity sha512-+hbxoLbFMbRKDwohX8GkTataGqO6Jb7jGwpAlwgy2bIz25XtRm7KEzJM76R1WiNT5SwZkX4Y75SwBolkpmE7iQ==
+  version "1.14.9"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.9.tgz#dd4ea157de7bfaf9ea9b3fbd85aa16951f78d8d7"
+  integrity sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==
 
 for-in@^1.0.2:
   version "1.0.2"
@@ -3892,9 +3892,9 @@ path-to-regexp@^1.7.0:
     isarray "0.0.1"
 
 pathval@^1.1.0:
-  version "1.1.0"
-  resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.0.tgz#b942e6d4bde653005ef6b71361def8727d0645e0"
-  integrity sha1-uULm1L3mUwBe9rcTYd74cn0GReA=
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/pathval/-/pathval-1.1.1.tgz#8534e77a77ce7ac5a2512ea21e0fdb8fcf6c3d8d"
+  integrity sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==
 
 pbkdf2@^3.0.3:
   version "3.1.1"