shopify_app 19.0.1 → 20.0.0

data/lib/shopify_app/controller_concerns/ensure_billing.rb

@@ -0,0 +1,254 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module EnsureBilling
+    class BillingError < StandardError
+      attr_accessor :message
+      attr_accessor :errors
+
+      def initialize(message, errors)
+        super
+        @message = message
+        @errors = errors
+      end
+    end
+
+    extend ActiveSupport::Concern
+
+    RECURRING_INTERVALS = [BillingConfiguration::INTERVAL_EVERY_30_DAYS, BillingConfiguration::INTERVAL_ANNUAL]
+
+    included do
+      before_action :check_billing, if: :billing_required?
+      rescue_from BillingError, with: :handle_billing_error
+    end
+
+    private
+
+    def check_billing(session = current_shopify_session)
+      return true if session.blank? || !billing_required?
+
+      confirmation_url = nil
+
+      if has_active_payment?(session)
+        has_payment = true
+      else
+        has_payment = false
+        confirmation_url = request_payment(session)
+      end
+
+      unless has_payment
+        if request.xhr?
+          add_top_level_redirection_headers(url: confirmation_url, ignore_response_code: true)
+          head(:unauthorized)
+        else
+          redirect_to(confirmation_url, allow_other_host: true)
+        end
+      end
+
+      has_payment
+    end
+
+    def billing_required?
+      ShopifyApp.configuration.requires_billing?
+    end
+
+    def handle_billing_error(error)
+      logger.info("#{error.message}: #{error.errors}")
+      redirect_to_login
+    end
+
+    def has_active_payment?(session)
+      if recurring?
+        has_subscription?(session)
+      else
+        has_one_time_payment?(session)
+      end
+    end
+
+    def has_subscription?(session)
+      response = run_query(session: session, query: RECURRING_PURCHASES_QUERY)
+      subscriptions = response.body["data"]["currentAppInstallation"]["activeSubscriptions"]
+
+      subscriptions.each do |subscription|
+        if subscription["name"] == ShopifyApp.configuration.billing.charge_name &&
+            (!Rails.env.production? || !subscription["test"])
+
+          return true
+        end
+      end
+
+      false
+    end
+
+    def has_one_time_payment?(session)
+      purchases = nil
+      end_cursor = nil
+
+      loop do
+        response = run_query(session: session, query: ONE_TIME_PURCHASES_QUERY, variables: { endCursor: end_cursor })
+        purchases = response.body["data"]["currentAppInstallation"]["oneTimePurchases"]
+
+        purchases["edges"].each do |purchase|
+          node = purchase["node"]
+
+          if node["name"] == ShopifyApp.configuration.billing.charge_name &&
+              (!Rails.env.production? || !node["test"]) &&
+              node["status"] == "ACTIVE"
+
+            return true
+          end
+        end
+
+        end_cursor = purchases["pageInfo"]["endCursor"]
+        break unless purchases["pageInfo"]["hasNextPage"]
+      end
+
+      false
+    end
+
+    def request_payment(session)
+      shop = session.shop
+      host = Base64.encode64("#{shop}/admin")
+      return_url = "https://#{ShopifyAPI::Context.host_name}?shop=#{shop}&host=#{host}"
+
+      if recurring?
+        data = request_recurring_payment(session: session, return_url: return_url)
+        data = data["data"]["appSubscriptionCreate"]
+      else
+        data = request_one_time_payment(session: session, return_url: return_url)
+        data = data["data"]["appPurchaseOneTimeCreate"]
+      end
+
+      raise BillingError.new("Error while billing the store", data["userErrros"]) unless data["userErrors"].empty?
+
+      data["confirmationUrl"]
+    end
+
+    def request_recurring_payment(session:, return_url:)
+      response = run_query(
+        session: session,
+        query: RECURRING_PURCHASE_MUTATION,
+        variables: {
+          name: ShopifyApp.configuration.billing.charge_name,
+          lineItems: {
+            plan: {
+              appRecurringPricingDetails: {
+                interval: ShopifyApp.configuration.billing.interval,
+                price: {
+                  amount: ShopifyApp.configuration.billing.amount,
+                  currencyCode: ShopifyApp.configuration.billing.currency_code,
+                },
+              },
+            },
+          },
+          returnUrl: return_url,
+          test: !Rails.env.production?,
+        }
+      )
+
+      response.body
+    end
+
+    def request_one_time_payment(session:, return_url:)
+      response = run_query(
+        session: session,
+        query: ONE_TIME_PURCHASE_MUTATION,
+        variables: {
+          name: ShopifyApp.configuration.billing.charge_name,
+          price: {
+            amount: ShopifyApp.configuration.billing.amount,
+            currencyCode: ShopifyApp.configuration.billing.currency_code,
+          },
+          returnUrl: return_url,
+          test: !Rails.env.production?,
+        }
+      )
+
+      response.body
+    end
+
+    def recurring?
+      RECURRING_INTERVALS.include?(ShopifyApp.configuration.billing.interval)
+    end
+
+    def run_query(session:, query:, variables: nil)
+      client = ShopifyAPI::Clients::Graphql::Admin.new(session: session)
+
+      response = client.query(query: query, variables: variables)
+
+      raise BillingError.new("Error while billing the store", []) unless response.ok?
+      raise BillingError.new("Error while billing the store", response.body["errors"]) if response.body["errors"]
+
+      response
+    end
+
+    RECURRING_PURCHASES_QUERY = <<~'QUERY'
+      query appSubscription {
+        currentAppInstallation {
+          activeSubscriptions {
+            name, test
+          }
+        }
+      }
+    QUERY
+
+    ONE_TIME_PURCHASES_QUERY = <<~'QUERY'
+      query appPurchases($endCursor: String) {
+        currentAppInstallation {
+          oneTimePurchases(first: 250, sortKey: CREATED_AT, after: $endCursor) {
+            edges {
+              node {
+                name, test, status
+              }
+            }
+            pageInfo {
+              hasNextPage, endCursor
+            }
+          }
+        }
+      }
+    QUERY
+
+    RECURRING_PURCHASE_MUTATION = <<~'QUERY'
+      mutation createPaymentMutation(
+        $name: String!
+        $lineItems: [AppSubscriptionLineItemInput!]!
+        $returnUrl: URL!
+        $test: Boolean
+      ) {
+        appSubscriptionCreate(
+          name: $name
+          lineItems: $lineItems
+          returnUrl: $returnUrl
+          test: $test
+        ) {
+          confirmationUrl
+          userErrors {
+            field, message
+          }
+        }
+      }
+    QUERY
+
+    ONE_TIME_PURCHASE_MUTATION = <<~'QUERY'
+      mutation createPaymentMutation(
+        $name: String!
+        $price: MoneyInput!
+        $returnUrl: URL!
+        $test: Boolean
+      ) {
+        appPurchaseOneTimeCreate(
+          name: $name
+          price: $price
+          returnUrl: $returnUrl
+          test: $test
+        ) {
+          confirmationUrl
+          userErrors {
+            field, message
+          }
+        }
+      }
+    QUERY
+  end
+end

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -70,6 +70,25 @@ module ShopifyApp
       expire_at - 5.seconds # 5s gap to start fetching new token in advance
     end
 
+    def add_top_level_redirection_headers(url: nil, ignore_response_code: false)
+      if request.xhr? && (ignore_response_code || response.code.to_i == 401)
+        # Make sure the shop is set in the redirection URL
+        unless params[:shop]
+          params[:shop] = if current_shopify_session
+            current_shopify_session.shop
+          elsif (matches = request.headers["HTTP_AUTHORIZATION"]&.match(/^Bearer (.+)$/))
+            jwt_payload = ShopifyAPI::Auth::JwtPayload.new(T.must(matches[1]))
+            jwt_payload.shop
+          end
+        end
+
+        url ||= login_url_with_optional_shop
+
+        response.set_header("X-Shopify-API-Request-Failure-Reauthorize", "1")
+        response.set_header("X-Shopify-API-Request-Failure-Reauthorize-Url", url)
+      end
+    end
+
     protected
 
     def jwt_shopify_domain
@@ -86,6 +105,7 @@ module ShopifyApp
 
     def redirect_to_login
       if request.xhr?
+        add_top_level_redirection_headers(ignore_response_code: true)
         head(:unauthorized)
       else
         if request.get?
@@ -232,7 +252,13 @@ module ShopifyApp
       current_shopify_session && params[:shop].is_a?(String) && current_shopify_session.shop != params[:shop]
     end
 
+    def shop_session
+      ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(sanitize_shop_param(params))
+    end
+
     def user_session_expected?
+      return false if shop_session.nil?
+      return false if ShopifyApp.configuration.shop_access_scopes_strategy.update_access_scopes?(shop_session.shop)
       !ShopifyApp.configuration.user_session_repository.blank? && ShopifyApp::SessionRepository.user_storage.present?
     end
   end

data/lib/shopify_app/session/session_repository.rb

@@ -46,7 +46,7 @@ module ShopifyApp
       # ShopifyAPI::Auth::SessionStorage override
       def store_session(session)
         if session.online?
-          user_storage.store(session, session.associated_user.id.to_s)
+          user_storage.store(session, session.associated_user)
         else
           shop_storage.store(session)
         end

data/lib/shopify_app/session/user_session_storage_with_scopes.rb

@@ -11,7 +11,7 @@ module ShopifyApp
 
     class_methods do
       def store(auth_session, user)
-        user = find_or_initialize_by(shopify_user_id: user[:id])
+        user = find_or_initialize_by(shopify_user_id: user.id)
         user.shopify_token = auth_session.access_token
         user.shopify_domain = auth_session.shop
         user.access_scopes = auth_session.scope.to_s

data/lib/shopify_app/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShopifyApp
-  VERSION = "19.0.1"
+  VERSION = "20.0.0"
 end

data/lib/shopify_app.rb

@@ -39,6 +39,7 @@ module ShopifyApp
   require "shopify_app/controller_concerns/localization"
   require "shopify_app/controller_concerns/itp"
   require "shopify_app/controller_concerns/login_protection"
+  require "shopify_app/controller_concerns/ensure_billing"
   require "shopify_app/controller_concerns/embedded_app"
   require "shopify_app/controller_concerns/payload_verification"
   require "shopify_app/controller_concerns/app_proxy_verification"

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "19.0.1",
+  "version": "20.0.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -10,16 +10,16 @@ Gem::Specification.new do |s|
   s.author      = "Shopify"
   s.summary     = "This gem is used to get quickly started with the Shopify API"
 
-  s.required_ruby_version = ">= 2.6"
+  s.required_ruby_version = ">= 2.7"
 
   s.metadata["allowed_push_host"] = "https://rubygems.org"
 
   s.add_runtime_dependency("activeresource") # TODO: Remove this once all active resource dependencies are removed
-  s.add_runtime_dependency("browser_sniffer", "~> 1.4.0")
+  s.add_runtime_dependency("browser_sniffer", "~> 2.0")
   s.add_runtime_dependency("jwt", ">= 2.2.3")
   s.add_runtime_dependency("rails", "> 5.2.1")
   s.add_runtime_dependency("redirect_safely", "~> 1.0")
-  s.add_runtime_dependency("shopify_api", "~> 10.0")
+  s.add_runtime_dependency("shopify_api", "~> 11.0")
   s.add_runtime_dependency("sprockets-rails", ">= 2.0.0")
 
   s.add_development_dependency("byebug")

data/yarn.lock

@@ -3515,9 +3515,9 @@ minimatch@3.0.4, minimatch@^3.0.4:
     brace-expansion "^1.1.7"
 
 minimist@^1.2.0, minimist@^1.2.3, minimist@^1.2.5:
-  version "1.2.5"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
-  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
+  version "1.2.6"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
+  integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
 
 mississippi@^3.0.0:
   version "3.0.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 19.0.1
+  version: 20.0.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-11 00:00:00.000000000 Z
+date: 2022-07-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activeresource
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.4.0
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.4.0
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '11.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '11.0'
 - !ruby/object:Gem::Dependency
   name: sprockets-rails
   requirement: !ruby/object:Gem::Requirement
@@ -277,8 +277,9 @@ files:
 - Rakefile
 - SECURITY.md
 - app/assets/images/storage_access.svg
-- app/assets/javascripts/shopify_app/app_bridge_2.0.12.js
+- app/assets/javascripts/shopify_app/app_bridge_3.1.1.js
 - app/assets/javascripts/shopify_app/app_bridge_redirect.js
+- app/assets/javascripts/shopify_app/app_bridge_utils_3.1.1.js
 - app/assets/javascripts/shopify_app/enable_cookies.js
 - app/assets/javascripts/shopify_app/itp_helper.js
 - app/assets/javascripts/shopify_app/partition_cookies.js
@@ -399,6 +400,7 @@ files:
 - lib/shopify_app/controller_concerns/app_proxy_verification.rb
 - lib/shopify_app/controller_concerns/csrf_protection.rb
 - lib/shopify_app/controller_concerns/embedded_app.rb
+- lib/shopify_app/controller_concerns/ensure_billing.rb
 - lib/shopify_app/controller_concerns/itp.rb
 - lib/shopify_app/controller_concerns/localization.rb
 - lib/shopify_app/controller_concerns/login_protection.rb
@@ -444,14 +446,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.6'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.20
+rubygems_version: 3.3.3
 signing_key: 
 specification_version: 4
 summary: This gem is used to get quickly started with the Shopify API