shopify_app 20.1.1 → 20.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87362d48113e64119d57d3f458fc3334f8097a7a234b9a77e806b327baa55196
-  data.tar.gz: 07bd6f5051b5e77a6c360699fb6fa090e55e8d7674ba9814eadcf025a8566523
+  metadata.gz: cb6f3007d376f75a09be6f17e5dd378e4adc0a7ccc5feeac7ee18ecaf5469ee5
+  data.tar.gz: 62c9f9d55bf842fb2c20c4123555d0c1e3f234e11855825e8afeec2e38db971d
 SHA512:
-  metadata.gz: 750c1ffd57c2922165af74710a27e243b4a32fb016b393e22c8f861428700c754ebacc98e9c6604c0937df0a2197ed164444b1fe0bc9bab28c84b4d2be5ff2d0
-  data.tar.gz: fc987464248ff4c0e88a91c9b5e8150659ef93f683a9912a3b1088e80fe50057bf6a821eb169a18d4e82e5a190d42abb82c10bcf6159a744831bdc07a7583a51
+  metadata.gz: d845e94acae7308bb796e46c1134faa06fdfa564fdfb8ecb65ec942a85d7e4b464de4e4d875b52add54d60ba6d3d4f4678f009957b8ac277067e683d3ebb70b2
+  data.tar.gz: 16fbc75dc6a020f758e2020b2735ed6357878065e110c63072ac1c9114ba4bdc0dad8378d74064e34f69d4287046069e68004f9a64a14ac9c6c587102933c01a

data/.github/workflows/close-waiting-for-response-issues.yml

@@ -0,0 +1,20 @@
+name: Close Waiting for Response Issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+  workflow_dispatch:
+jobs:
+  check-need-info:
+    runs-on: ubuntu-latest
+    steps:
+      - name: close-issues
+        uses: actions-cool/issues-helper@v3
+        with:
+          actions: 'close-issues'
+          token: ${{ secrets.GITHUB_TOKEN }}
+          labels: 'Waiting for Response'
+          inactive-day: 7
+          body: |
+            We are closing this issue because we did not hear back regarding additional details we needed to resolve this issue. If the issue persists and you are able to provide the missing clarification we need, feel free to respond and reopen this issue.
+
+            We appreciate your understanding as we try to manage our number of open issues.

data/.github/workflows/remove-labels-on-activity.yml

@@ -0,0 +1,16 @@
+name: Remove Stale or Waiting Labels
+on:
+  issue_comment:
+    types: [created]
+  workflow_dispatch:
+jobs:
+  remove-labels-on-activity:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-ecosystem/action-remove-labels@v1
+        if: contains(github.event.issue.labels.*.name, 'Waiting for Response')
+        with:
+          labels: |
+            Waiting for Response
+

data/.github/workflows/stale.yml

@@ -12,14 +12,20 @@ jobs:
     steps:
       - uses: actions/stale@v5
         with:
-          days-before-issue-stale: 730
+          days-before-issue-stale: 90
           days-before-issue-close: 14
-          stale-issue-label: "stale"
+          stale-issue-label: "Stale"
           stale-issue-message: >
-            This issue is stale because it has been open for 2 years. It will be closed if no further action occurs in 14 days. 
-          close-issue-message: >
-            This issue was closed because it has been inactive for 14 days since being marked as stale.
+            This issue is stale because it has been open for 90 days with no activity. It will be closed if no further action occurs in 14 days. 
+          close-issue-message: |
+            We are closing this issue because it has been inactive for a few months. 
+            This probably means that it is not reproducible or it has been fixed in a newer version. 
+            If it’s an enhancement and hasn’t been taken on since it was submitted, then it seems other issues have taken priority.
+
+            If you still encounter this issue with the latest stable version, please reopen using the issue template. You can also contribute directly by submitting a pull request– see the [CONTRIBUTING.md](https://github.com/Shopify/shopify_app/blob/main/CONTRIBUTING.md) file for guidelines
+
+            Thank you!
           days-before-pr-stale: -1
           days-before-pr-close: -1
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-          operations_per_run: 100
+          exempt-issue-labels: "feature request"

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased
 ----------
 
+20.2.0 (September 30, 2022)
+----------
+* Fixes a method signature error bug when raising `BillingError`.  [#1513](https://github.com/Shopify/shopify_app/pull/1513)
+* Fixes bug with Rails 7 and import maps with Safari/Firefox on the HomeController#index view.  [#1506](https://github.com/Shopify/shopify_app/pull/1506)
+* Refactors how default `domain_host` is populated in the CSP header added to responses in the `FrameAncestors` controller concern. [#1504](https://github.com/Shopify/shopify_app/pull/1504)
+* Removes duplicate `;` added in CSP header. [#1500](https://github.com/Shopify/shopify_app/pull/1500)
+
+* Fixed an issue where `ShopifyApp::UserSessionStorage` was causing an infinite OAuth loop when not checking scopes. [#1516](https://github.com/Shopify/shopify_app/pull/1516)
+* Move all error classes created for this gem into `lib/shopify_app/errors.rb`. Constant names of errors nested by modules and classes have been removed to give a shorter namespace.
+
 20.1.1 (September 2, 2022)
 ----------
 

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    shopify_app (20.1.1)
+    shopify_app (20.2.0)
       activeresource
       browser_sniffer (~> 2.0)
       jwt (>= 2.2.3)
@@ -85,7 +85,7 @@ GEM
     ast (2.4.2)
     binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
-    browser_sniffer (2.0.0)
+    browser_sniffer (2.1.0)
     builder (3.2.4)
     byebug (11.1.3)
     coderay (1.1.3)
@@ -125,7 +125,7 @@ GEM
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     oj (3.13.21)
-    openssl (3.0.0)
+    openssl (3.0.1)
     parallel (1.21.0)
     parser (3.1.0.0)
       ast (~> 2.4.1)
@@ -204,7 +204,7 @@ GEM
       securerandom
       sorbet-runtime
       zeitwerk (~> 2.5)
-    sorbet-runtime (0.5.10398)
+    sorbet-runtime (0.5.10470)
     sprockets (4.1.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)

data/README.md

@@ -32,41 +32,25 @@ This gem requires that you have the following credentials:
 - **Shopify API key:** The API key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations). 
 - **Shopify API secret:** The API secret key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations). 
 
-### OAuth Tunnel in Development
-
-In order to redirect OAuth requests securely to localhost, you'll need to setup a tunnel to redirect from the internet to localhost.
-
-We've validated that [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/trycloudflare/) works with this template.
-
-To do that, you can [install the `cloudflared` CLI tool](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/), and run:
-
-```shell
-# Note that you can also use a different port
-cloudflared tunnel --url http://localhost:3000
-```
-
-You will need to keep this window running to maintain the tunnel during development.
-
 ## Usage
 
 1. To get started, create a new Rails app:
 
 ``` sh
-$ rails new my_shopify_app
+rails new my_shopify_app
 ```
 
 2. Add the Shopify App gem to `my_shopify_app`'s Gemfile.
 
 ```sh
-$ bundle add shopify_app
+bundle add shopify_app
 ```
 
 3. Create a `.env` file in the root of `my_shopify_app` to specify your Shopify API credentials:
 
-```
+```sh
 SHOPIFY_API_KEY=<Your Shopify API key>
 SHOPIFY_API_SECRET=<Your Shopify API secret>
-HOST=<Your SSH tunnel host>
 ```
 
 > In a development environment, you can use a gem like `dotenv-rails` to manage environment variables. 
@@ -74,22 +58,26 @@ HOST=<Your SSH tunnel host>
 4. Run the default Shopify App generator to create an app that can be embedded in the Shopify Admin:
 
 ```sh
-$ rails generate shopify_app
+rails generate shopify_app
 ```
 
 5. Run a migration to create the necessary tables in your database:
 
 ```sh
-$ rails db:migrate
+rails db:migrate
 ```
 
-6. Run the app:
+6. Setup a SSH tunnel to allow the OAuth redirect to work. See how in the [Setup SSH tunnel for development](/docs/Quickstart.md#setup-ssh-tunnel-for-development) section in [Quickstart](/docs/Quickstart.md)
+
+7. Run the app:
 
 ```sh
-$ rails server
+rails server
 ```
 
-See [*Quickstart*](/docs/Quickstart.md) to learn how to install your app on a shop.
+8. Install the app by visiting the server's URL (e.g. http://127.0.0.1:3000) and specifying the subdomain of the shop where you want it to be installed to.
+
+9. After the app is installed, you're redirected to the embedded app.
 
 This app implements [OAuth 2.0](https://shopify.dev/tutorials/authenticate-with-oauth) with Shopify to authenticate requests made to Shopify APIs. By default, this app is configured to use [session tokens](https://shopify.dev/concepts/apps/building-embedded-apps-using-session-tokens) to authenticate merchants when embedded in the Shopify Admin.
 
@@ -121,6 +109,7 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor
   * [Handling changes in access scopes](/docs/shopify_app/handling-access-scopes-changes.md)
   * [Testing](/docs/shopify_app/testing.md)
   * [Webhooks](/docs/shopify_app/webhooks.md)
+  * [Content Security Policy](/docs/shopify_app/content-security-policy.md)
 
 ### Engine
 

data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb

@@ -26,7 +26,7 @@ module ShopifyApp
 
     def redirect_to_splash_page
       redirect_to(splash_page)
-    rescue ShopifyApp::LoginProtection::ShopifyDomainNotFound => error
+    rescue ::ShopifyApp::ShopifyDomainNotFound => error
       Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
         "Could not determine current shop domain")
       redirect_to(ShopifyApp.configuration.login_url)

data/app/controllers/shopify_app/webhooks_controller.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 module ShopifyApp
-  class MissingWebhookJobError < StandardError; end
-
   class WebhooksController < ActionController::Base
     include ShopifyApp::WebhookVerification
 

data/docs/Quickstart.md

@@ -4,24 +4,31 @@ This guide assumes you have completed the steps to create a new Rails app using
 
 #### Table of contents
 
-[Make your app available to the internet](#make-your-app-available-to-the-internet)
+[Setup SSH tunnel for development](#setup-ssh-tunnel-for-development)
 
 [Use Shopify App Bridge to embed your app in the Shopify Admin](#use-shopify-app-bridge-to-embed-your-app-in-the-shopify-admin)
 
-## Make your app available to the internet
+## Setup SSH tunnel for development
 
 Your local app needs to be accessible from the public Internet in order to install it on a Shopify store, to use the [App Proxy Controller](/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_controller.rb) or receive [webhooks](/docs/shopify_app/webhooks.md).
 
-Use a tunneling service like [Cloudflare](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/trycloudflare/) to make your development environment accessible to the internet.
+In order to receive requests securely, you'll need to setup a tunnel from the internet to localhost. You can use [Cloudflare](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/trycloudflare/) for this.
 
-To use Cloudflare, [install the `cloudflared` CLI tool](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/), and run:
+To do so, [install the `cloudflared` CLI tool](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation/), and run:
 
-```shell
-# Note that you can also use a different port
+```sh
+# The port must be the same as the one you run the Rails app on later. We use the Rails default below.
 cloudflared tunnel --url http://localhost:3000
 ```
 
-See the [*Embed the app in Shopify*](https://shopify.dev/tutorials/build-rails-react-app-that-uses-app-bridge-authentication#embed-the-app-in-shopify) section of [*Build a Shopify app with Rails, React, and App Bridge*](https://shopify.dev/tutorials/build-rails-react-app-that-uses-app-bridge-authentication) to learn more.
+Keep this window running to keep the tunnel and make note of the URL this command prints out. The URL will look like `https://some-random-words.trycloudflare.com`.
+
+Visit the "App Setup" section for your app in the [Shopify Partners dashboard](https://partners.shopify.com/organizations). Set the URL as "App URL" on this settings page and add it to the "Allowed redirection URL(s)", after appending `/auth/shopify/callback` to the end (e.g. `https://some-random-words.trycloudflare.com/auth/shopify/callback`).
+
+Add the same URL as `HOST` in your `.env` file e.g.
+```sh
+HOST='https://some-random-words.trycloudflare.com/'
+```
 
 ## Use Shopify App Bridge to embed your app in the Shopify Admin
 

data/docs/Troubleshooting.md

@@ -16,8 +16,7 @@
 [JWT session tokens](#jwt-session-tokens)
   * [My app is still using cookies to authenticate](#my-app-is-still-using-cookies-to-authenticate)
   * [My app can't make requests to the Shopify API](#my-app-cant-make-requests-to-the-shopify-api)
-
-[Migrating to App Bridge 2.0](#migrating-to-app-bridge-2.0)
+  * [I'm stuck in a redirect loop after OAuth](#im-stuck-in-a-redirect-loop-after-oauth)
 
 ## Generators
 
@@ -26,7 +25,7 @@
 Rails uses spring by default to speed up development. To run the generator, spring has to be stopped:
 
 ```sh
-$ bundle exec spring stop
+bundle exec spring stop
 ```
 
 Run shopify_app generator again.
@@ -144,13 +143,9 @@ X-Shopify-API-Request-Failure-Unauthorized: true
 
 Then, use the [Shopify App Bridge Redirect](https://shopify.dev/tools/app-bridge/actions/navigation/redirect) action to redirect your app frontend to the app login URL if this header is set.
 
-## Migrating to App Bridge 2.0
 
-In order to upgrade your embedded app to the latest App Bridge 2.0 version, please refer to the [migration guide](https://shopify.dev/tutorials/migrate-your-app-to-app-bridge-2).
+### I'm stuck in a redirect loop after OAuth
 
-To ensure that your app's embedded layout doesn't import App Bridge 2.0 before fully migrating, make the following change to bind it to v1.x.
+In previous versions of `ShopifyApp::Authenticated` controller concern, App Bridge embedded apps were able to include the `Authenticated` controller concern in the `HomeController` and other embedded controllers. This is no longer supported due to browsers blocking 3rd party cookies to increase privacy. App Bridge 3 is needed to handle all embedded sessions.
 
-```diff
- - <script src="https://unpkg.com/@shopify/app-bridge"></script>
- + <script src="https://unpkg.com/@shopify/app-bridge@1"></script>
-``` 
+For more details on how to handle embeded sessions, refer to [the session token documentation](https://shopify.dev/apps/auth/oauth/session-tokens).

data/docs/Upgrading.md

@@ -4,6 +4,8 @@ This file documents important changes needed to upgrade your app's Shopify App v
 
 #### Table of contents
 
+[Upgrading to `v20.2.0`](#upgrading-to-v2020)
+
 [Upgrading to `v20.1.0`](#upgrading-to-v2010)
 
 [Upgrading to `v19.0.0`](#upgrading-to-v1900)
@@ -18,6 +20,11 @@ This file documents important changes needed to upgrade your app's Shopify App v
 
 [Upgrading from `v8.6` to `v9.0.0`](#upgrading-from-v86-to-v900)
 
+## Upgrading to `v20.2.0`
+All custom errors defined inline within the `ShopifyApp` gem have been moved to `lib/shopify_app/errors.rb`.
+
+- If you rescue any errors defined in this gem, you will need to rename them to match their new namespacing.
+
 ## Upgrading to `v20.1.0`
 
 Note that the following steps are *optional* and only apply to **embedded** applications. However, they can improve the loading time of your embedded app at installation and re-auth.

data/docs/shopify_app/authentication.md

@@ -106,6 +106,10 @@ end
 
 For backwards compatibility, the engine still provides a controller called `ShopifyApp::AuthenticatedController` which includes the `ShopifyApp::Authenticated` concern. Note that it inherits directly from `ActionController::Base`, so you will not be able to share functionality between it and your application's `ApplicationController`.
 
+#### Embedded apps and `ShopifyApp::Authenticated`
+
+Embedded Shopify Admin apps can only use the `ShopifyApp::Authenticated` controller concern *if* the requests originate from App Bridge's `authenticatedFetch` method. Those who include this concern in the `HomeController` or some other embedded controller will see what looks like an OAuth redirect loop as the `ShopifyApp::Authenticated` concern will be fighting with the App Bridge. For more details on how to handle embedded sessions, refer to [the session token documentation](https://shopify.dev/apps/auth/oauth/session-tokens).
+
 ### `ShopifyApp::EnsureAuthenticatedLinks`
 
 The [`ShopifyApp::EnsureAuthenticatedLinks`](/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb) concern helps authenticate users that access protected pages of your app directly.
@@ -121,4 +125,4 @@ class AuthenticatedController < ApplicationController
 end
 ```
 
-See [Authenticate server-side rendered embedded apps using Rails and Turbolinks](https://shopify.dev/tutorials/authenticate-server-side-rendered-embedded-apps-using-rails-and-turbolinks) for more information.
+See [Authenticate server-side rendered embedded apps using Rails and Turbolinks](https://shopify.dev/tutorials/authenticate-server-side-rendered-embedded-apps-using-rails-and-turbolinks) for more information.

data/docs/shopify_app/content-security-policy.md

@@ -0,0 +1,10 @@
+# Content Security Policy Header
+
+Shopify App [handles Rails' configuration](https://edgeguides.rubyonrails.org/security.html#content-security-policy-header) for [Content-Security-Policy Header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) when the `ShopifyApp::FrameAncestors` controller concern is included in controllers. This is tyipcally done by including the [`ShopifyApp::Authenticated`](https://github.com/Shopify/shopify_app/blob/ed41165ca9598d2c9d514487365192f22b5eb096/app/controllers/concerns/shopify_app/authenticated.rb) controller concern rather that directly including it.
+
+## Included Domains
+
+For actions that include the `ShopifyApp::FrameAncestors` controller concern, the following hosts are added to the Content-Security-Policy header as [per the store requirements](https://shopify.dev/apps/store/security/iframe-protection#embedded-apps):
+
+1. [`current_shopify_domain`](https://github.com/Shopify/shopify_app/blob/ed41165ca9598d2c9d514487365192f22b5eb096/app/controllers/concerns/shopify_app/require_known_shop.rb#L13) || `"*.myshopify.com"` if current shopify domain isn't present
+2. "https://admin.shopify.com"

data/docs/shopify_app/session-repository.md

@@ -20,7 +20,7 @@
 
 Storing tokens on the store model means that any user login associated with the store will have equal access levels to whatever the original user granted the app.
 ```sh
-$ rails generate shopify_app:shop_model
+rails generate shopify_app:shop_model
 ```
 This will generate a shop model which will be the storage for the tokens necessary for authentication.
 
@@ -28,8 +28,8 @@ This will generate a shop model which will be the storage for the tokens necessa
 
 A more granular control over the level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed. Shop tokens must still be maintained if you are running background jobs so that you can make use of them when necessary.
 ```sh
-$ rails generate shopify_app:shop_model
-$ rails generate shopify_app:user_model
+rails generate shopify_app:shop_model
+rails generate shopify_app:user_model
 ```
 This will generate a shop model and user model, which will be the storage for the tokens necessary for authentication.
 

data/lib/generators/shopify_app/home_controller/templates/index.html.erb

@@ -7,48 +7,52 @@
       rel="stylesheet"
       href="https://unpkg.com/@shopify/polaris@4.25.0/styles.min.css"
       />
-<% if embedded_app? %>    <script>
-      document.addEventListener("DOMContentLoaded", async function() {
-        <% if ShopifyApp.use_importmap? %>
-          await import("lib/shopify_app")
-        <% end %>
-
-        var SessionToken = window["app-bridge"].actions.SessionToken
-        var app = window.app;
+    <% if embedded_app? %>
+      <script type="module">
+        async function displayProducts() {
+          var SessionToken = window["app-bridge"].actions.SessionToken
+          var app = window.app;
 
-        app.dispatch(
-          SessionToken.request(),
-        );
-
-        // Save a session token for future requests
-        window.sessionToken = await new Promise((resolve) => {
-          app.subscribe(SessionToken.Action.RESPOND, (data) => {
-            resolve(data.sessionToken || "");
+          app.dispatch(
+            SessionToken.request(),
+          );
+          // Save a session token for future requests
+          window.sessionToken = await new Promise((resolve) => {
+            app.subscribe(SessionToken.Action.RESPOND, (data) => {
+              resolve(data.sessionToken || "");
+            });
           });
-        });
 
-        var fetchProducts = function() {
-          var headers = new Headers({ "Authorization": "Bearer " + window.sessionToken });
-          return fetch("/products", { headers })
-            .then(response => response.json())
-            .then(data => {
-              var products = data.products;
+          var fetchProducts = function() {
+            var headers = new Headers({ "Authorization": "Bearer " + window.sessionToken });
+            return fetch("/products", { headers })
+              .then(response => response.json())
+              .then(data => {
+                var products = data.products;
 
-              if (products === undefined || products.length == 0) {
-                document.getElementById("products").innerHTML = "<br>No products to display.";
-              } else {
-                var list = "";
-                products.forEach((product) => {
-                  var link = `<a target="_top" href="https://<%%= @shop_origin %>/admin/products/${product.id}">`
-                  list += "<li>" + link + product.title + "</a></li>";
-                });
-                document.getElementById("products").innerHTML = "<ul>" + list + "</ul>";
-              }
-            });
-        }();
-      });
-    </script>
-<% end %>  </head>
+                if (products === undefined || products.length == 0) {
+                  document.getElementById("products").innerHTML = "<br>No products to display.";
+                } else {
+                  var list = "";
+                  products.forEach((product) => {
+                    var link = `<a target="_top" href="https://<%%= @shop_origin %>/admin/products/${product.id}">`
+                    list += "<li>" + link + product.title + "</a></li>";
+                  });
+                  document.getElementById("products").innerHTML = "<ul>" + list + "</ul>";
+                }
+              });
+          }();
+        };
+
+        <% if ShopifyApp.use_importmap? %>
+          import "lib/shopify_app"
+          displayProducts();
+        <% else %>
+          document.addEventListener("DOMContentLoaded", displayProducts);
+        <% end %>
+      </script>
+    <% end %>
+  </head>
   <body>
     <h2>Products</h2>
 <% if embedded_app? %>    <div id="products"><br>Loading...</div><% else %>

data/lib/shopify_app/access_scopes/user_strategy.rb

@@ -3,14 +3,13 @@
 module ShopifyApp
   module AccessScopes
     class UserStrategy
-      class InvalidInput < StandardError; end
-
       class << self
         def update_access_scopes?(user_id: nil, shopify_user_id: nil)
           return update_access_scopes_for_user_id?(user_id) if user_id
           return update_access_scopes_for_shopify_user_id?(shopify_user_id) if shopify_user_id
 
-          raise(InvalidInput, "#update_access_scopes? requires user_id or shopify_user_id parameter inputs")
+          raise(::ShopifyApp::InvalidInput,
+            "#update_access_scopes? requires user_id or shopify_user_id parameter inputs")
         end
 
         private

data/lib/shopify_app/controller_concerns/ensure_billing.rb

@@ -2,24 +2,13 @@
 
 module ShopifyApp
   module EnsureBilling
-    class BillingError < StandardError
-      attr_accessor :message
-      attr_accessor :errors
-
-      def initialize(message, errors)
-        super
-        @message = message
-        @errors = errors
-      end
-    end
-
     extend ActiveSupport::Concern
 
     RECURRING_INTERVALS = [BillingConfiguration::INTERVAL_EVERY_30_DAYS, BillingConfiguration::INTERVAL_ANNUAL]
 
     included do
       before_action :check_billing, if: :billing_required?
-      rescue_from BillingError, with: :handle_billing_error
+      rescue_from ::ShopifyApp::BillingError, with: :handle_billing_error
     end
 
     private
@@ -119,7 +108,7 @@ module ShopifyApp
         data = data["data"]["appPurchaseOneTimeCreate"]
       end
 
-      raise BillingError.new("Error while billing the store", data["userErrros"]) unless data["userErrors"].empty?
+      raise BillingError.new("Error while billing the store", data["userErrors"]) unless data["userErrors"].empty?
 
       data["confirmationUrl"]
     end

data/lib/shopify_app/controller_concerns/frame_ancestors.rb

@@ -7,8 +7,8 @@ module ShopifyApp
     included do
       content_security_policy do |policy|
         policy.frame_ancestors(-> do
-          domain_host = current_shopify_domain || "*.myshopify.com"
-          "https://#{domain_host} https://admin.shopify.com;"
+          domain_host = current_shopify_domain || "*.#{::ShopifyApp.configuration.myshopify_domain}"
+          "https://#{domain_host} https://admin.shopify.com"
         end)
       end
     end

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -8,10 +8,6 @@ module ShopifyApp
     include ShopifyApp::Itp
     include ShopifyApp::SanitizedParams
 
-    class ShopifyDomainNotFound < StandardError; end
-
-    class ShopifyHostNotFound < StandardError; end
-
     included do
       after_action :set_test_cookie
       rescue_from ShopifyAPI::Errors::HttpResponseError, with: :handle_http_error
@@ -194,12 +190,12 @@ module ShopifyApp
 
       return shopify_domain if shopify_domain.present?
 
-      raise ShopifyDomainNotFound
+      raise ::ShopifyApp::ShopifyDomainNotFound
     end
 
     def return_address
       return_address_with_params(shop: current_shopify_domain, host: host)
-    rescue ShopifyDomainNotFound, ShopifyHostNotFound
+    rescue ::ShopifyApp::ShopifyDomainNotFound, ::ShopifyApp::ShopifyHostNotFound
       base_return_address
     end
 

data/lib/shopify_app/errors.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  class BillingError < StandardError
+    attr_accessor :message
+    attr_accessor :errors
+
+    def initialize(message, errors)
+      super(message)
+      @message = message
+      @errors = errors
+    end
+  end
+
+  class ConfigurationError < StandardError; end
+
+  class CreationFailed < StandardError; end
+
+  class EnvironmentError < StandardError; end
+
+  class InvalidAudienceError < StandardError; end
+
+  class InvalidDestinationError < StandardError; end
+
+  class InvalidInput < StandardError; end
+
+  class MismatchedHostsError < StandardError; end
+
+  class MissingWebhookJobError < StandardError; end
+
+  class ShopifyDomainNotFound < StandardError; end
+
+  class ShopifyHostNotFound < StandardError; end
+end

data/lib/shopify_app/managers/scripttags_manager.rb

@@ -2,8 +2,6 @@
 
 module ShopifyApp
   class ScripttagsManager
-    class CreationFailed < StandardError; end
-
     def self.queue(shop_domain, shop_token, scripttags)
       ShopifyApp::ScripttagsManagerJob.perform_later(
         shop_domain: shop_domain,
@@ -69,7 +67,7 @@ module ShopifyApp
       begin
         scripttag.save!
       rescue ShopifyAPI::Errors::HttpResponseError => e
-        raise CreationFailed, e.message
+        raise ::ShopifyApp::CreationFailed, e.message
       end
 
       scripttag

data/lib/shopify_app/managers/webhooks_manager.rb

@@ -4,8 +4,6 @@ require "uri"
 
 module ShopifyApp
   class WebhooksManager
-    class CreationFailed < StandardError; end
-
     class << self
       def queue(shop_domain, shop_token)
         ShopifyApp::WebhooksManagerJob.perform_later(
@@ -64,12 +62,13 @@ module ShopifyApp
         elsif uri&.path&.present?
           uri.path
         else
-          raise ShopifyApp::MissingWebhookJobError, "The :path attribute is required for webhook registration."
+          raise ::ShopifyApp::MissingWebhookJobError,
+            "The :path attribute is required for webhook registration."
         end
       end
 
       def webhook_job_klass(path)
-        webhook_job_klass_name(path).safe_constantize || raise(ShopifyApp::MissingWebhookJobError)
+        webhook_job_klass_name(path).safe_constantize || raise(::ShopifyApp::MissingWebhookJobError)
       end
 
       def webhook_job_klass_name(path)

data/lib/shopify_app/session/in_memory_session_store.rb

@@ -4,8 +4,6 @@ module ShopifyApp
   # rubocop:disable Style/ClassVars
   # Class var repo is needed here in order to share data between the 2 child classes.
   class InMemorySessionStore
-    class EnvironmentError < StandardError; end
-
     def self.retrieve(id)
       repo[id]
     end
@@ -22,7 +20,7 @@ module ShopifyApp
 
     def self.repo
       if Rails.env.production?
-        raise EnvironmentError, "Cannot use InMemorySessionStore in a Production environment. \
+        raise ::ShopifyApp::EnvironmentError, "Cannot use InMemorySessionStore in a Production environment. \
           Please initialize ShopifyApp with a model that can store and retrieve sessions"
       end
       @@repo ||= {}

data/lib/shopify_app/session/jwt.rb

@@ -2,20 +2,14 @@
 
 module ShopifyApp
   class JWT
-    class InvalidDestinationError < StandardError; end
-
-    class MismatchedHostsError < StandardError; end
-
-    class InvalidAudienceError < StandardError; end
-
     WARN_EXCEPTIONS = [
       ::JWT::DecodeError,
       ::JWT::ExpiredSignature,
       ::JWT::ImmatureSignature,
       ::JWT::VerificationError,
-      InvalidAudienceError,
-      InvalidDestinationError,
-      MismatchedHostsError,
+      ::ShopifyApp::InvalidAudienceError,
+      ::ShopifyApp::InvalidDestinationError,
+      ::ShopifyApp::MismatchedHostsError,
     ]
 
     def initialize(token)
@@ -58,9 +52,11 @@ module ShopifyApp
       iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload["iss"])
       api_key = ShopifyApp.configuration.api_key
 
-      raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload["aud"] == api_key
-      raise InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
-      raise MismatchedHostsError, "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host
+      raise ::ShopifyApp::InvalidAudienceError,
+        "'aud' claim does not match api_key" unless payload["aud"] == api_key
+      raise ::ShopifyApp::InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
+      raise ::ShopifyApp::MismatchedHostsError,
+        "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host
 
       payload
     end

data/lib/shopify_app/session/null_user_session_store.rb

@@ -8,7 +8,7 @@ module ShopifyApp
       end
 
       def store(_, _)
-        raise SessionRepository::ConfigurationError, "user_storage is not configured"
+        raise ::ShopifyApp::ConfigurationError, "user_storage is not configured"
       end
 
       def retrieve_by_shopify_user_id(_)

data/lib/shopify_app/session/session_repository.rb

@@ -4,8 +4,6 @@ module ShopifyApp
   class SessionRepository
     extend ShopifyAPI::Auth::SessionStorage
 
-    class ConfigurationError < StandardError; end
-
     class << self
       attr_writer :shop_storage
 
@@ -36,7 +34,8 @@ module ShopifyApp
       end
 
       def shop_storage
-        load_shop_storage || raise(ConfigurationError, "ShopifySessionRepository.shop_storage is not configured!")
+        load_shop_storage || raise(::ShopifyApp::ConfigurationError,
+          "ShopifySessionRepository.shop_storage is not configured!")
       end
 
       def user_storage

data/lib/shopify_app/session/user_session_storage.rb

@@ -11,7 +11,7 @@ module ShopifyApp
 
     class_methods do
       def store(auth_session, user)
-        user = find_or_initialize_by(shopify_user_id: user[:id])
+        user = find_or_initialize_by(shopify_user_id: user.id)
         user.shopify_token = auth_session.access_token
         user.shopify_domain = auth_session.shop
         user.save!

data/lib/shopify_app/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShopifyApp
-  VERSION = "20.1.1"
+  VERSION = "20.2.0"
 end

data/lib/shopify_app.rb

@@ -34,6 +34,9 @@ module ShopifyApp
   # utils
   require "shopify_app/utils"
 
+  # errors
+  require "shopify_app/errors"
+
   # controller concerns
   require "shopify_app/controller_concerns/csrf_protection"
   require "shopify_app/controller_concerns/localization"

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "20.1.1",
+  "version": "20.2.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 20.1.1
+  version: 20.2.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-09-02 00:00:00.000000000 Z
+date: 2022-10-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activeresource
@@ -262,7 +262,9 @@ files:
 - ".github/PULL_REQUEST_TEMPLATE.md"
 - ".github/workflows/build.yml"
 - ".github/workflows/cla.yml"
+- ".github/workflows/close-waiting-for-response-issues.yml"
 - ".github/workflows/release.yml"
+- ".github/workflows/remove-labels-on-activity.yml"
 - ".github/workflows/rubocop.yml"
 - ".github/workflows/stale.yml"
 - ".gitignore"
@@ -339,6 +341,7 @@ files:
 - docs/Troubleshooting.md
 - docs/Upgrading.md
 - docs/shopify_app/authentication.md
+- docs/shopify_app/content-security-policy.md
 - docs/shopify_app/engine.md
 - docs/shopify_app/generators.md
 - docs/shopify_app/handling-access-scopes-changes.md
@@ -411,6 +414,7 @@ files:
 - lib/shopify_app/controller_concerns/sanitized_params.rb
 - lib/shopify_app/controller_concerns/webhook_verification.rb
 - lib/shopify_app/engine.rb
+- lib/shopify_app/errors.rb
 - lib/shopify_app/jobs/scripttags_manager_job.rb
 - lib/shopify_app/jobs/webhooks_manager_job.rb
 - lib/shopify_app/managers/scripttags_manager.rb