shopify_app 21.0.0 → 22.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 818a15b2d9822d6cf785722387873d805ca1709f9c4bec394e4481a0a7e8f70e
-  data.tar.gz: 0701e46e9492f2d387abbc1d2b2ef3c33a20b6196df340c353c6e6ddadc48cbe
+  metadata.gz: d8a8d6fb5b227bbe3070fba9050497eb007e4191a782bc89b12a84546470ed65
+  data.tar.gz: 5f8d8e4486585b07a93ad7f6abddaebde7a263568dc78e757627476aba37d38b
 SHA512:
-  metadata.gz: 60f33ceb026c9684efbfe16d638f822a7ea82f9c4a24346a4ca3ddd6c525bfd6819913ea8fd3ac2c5aa7979d053dddf45fa5496c028d26f7a30e4dd2dd8d1b1c
-  data.tar.gz: b2c1fba3d38554e357d77e6c75348af9ade64e70e8aacb9bc9910a6e07c4eb8d69fa29e694abda00a25e7e836445a3f31eba2f8e88299f4d0a689ea70a99b7f7
+  metadata.gz: 2a0b7ad073c42b6fbe5033aa686fa365050d8d56305507746b15f938a1511e979eecd49dcaefbe2793114c6ca4c4ef4f986085b743651115dc816faab404da15
+  data.tar.gz: a8896ed834816ef8fd35f17db67aef3efcd401fa2a46900e2a2bce8d5b96f863db3eaa0335e73d63b6c48e6382d52d9103c46fce7a7252568e1abe7e503d2075

data/.github/CODEOWNERS

@@ -1,2 +1,3 @@
 *       @shopify/platform-dev-tools-education
 *       @shopify/app-foundations
+*       @Shopify/client-libraries-app-templates

data/.github/ISSUE_TEMPLATE/ENHANCEMENT.md

@@ -0,0 +1,9 @@
+---
+name: '📈 Enhancement'
+about: Enhancement to our codebase that isn't a adding or changing a feature
+labels: 'Type: Enhancement 📈'
+---
+
+## Overview/summary
+
+<!-- Write a short description of the enhancement here ↓ -->

data/.github/ISSUE_TEMPLATE/bug-report.md

@@ -1,63 +1,46 @@
 ---
-name: Bug report
-about: Report a technical issue with the Shopify App gem.
-labels: bug
+name: "🐛 Bug Report"
+about: Something isn't working
+labels: "Type: Bug 🐛"
 ---
 
-<!--
-
-Do you want to ask a question? Are you looking for support? The Shopify Community forum is the best place for getting support: https://community.shopify.com
+# Issue summary
 
-You can also join the Partners Slack Community group: https://www.shopify.com/partners/community#conversation
+Before opening this issue, I have:
 
-Authentication Issues: A great deal of the issues surrounding this repo are around authenticating (installing) the generated app with Shopify.
+- [ ] Upgraded to the latest version of the package
+  - `shopify_app` version:
+  - Ruby version:
+  - Operating system:
+- [ ] Set `log_level: :debug` [in my configuration](https://github.com/Shopify/shopify-api-ruby#setup-shopify-context), if applicable
+- [ ] Found a reliable way to reproduce the problem that indicates it's a problem with the package
+- [ ] Looked for similar issues in this repository
+- [ ] Checked that this isn't an issue with a Shopify API
+  - If it is, please create a post in the [Shopify community forums](https://community.shopify.com/c/partners-and-developers/ct-p/appdev) or report it to [Shopify Partner Support](https://help.shopify.com/en/support/partners/org-select)
 
-If you are experiencing issues with your app authenticating/installing the best way to get help fast is to create a repo with the minimal amount of code to demonstrate the issue and a clearly documented set of steps you took to arrive there. This will help us solve your problem quicker since we won't need to spend any time figuring out how to reproduce the bug. Please also include your operating system and browser.
+<!--
+Write a short description of the issue here.
 
+We can only fix issues for which there is a clear reproduction scenario.
+The more context you can provide, the easier it becomes for us to investigate and fix the issue.
 -->
 
-### Description
-
-<!-- Description of the issue -->
-
-### Steps to Reproduce
-
-1. <!-- First Step -->
-2. <!-- Second Step -->
-3. <!-- and so on… -->
-
-**Expected behavior:**
-
-<!-- What you expect to happen -->
-
-**Actual behavior:**
-
-<!-- What actually happens -->
-
-**Reproduces how often:**
-
-<!-- What percentage of the time does it reproduce? -->
-
-### Browsers
-
-<!-- Please specify the browser(s) you have tested that exhibit this behaviour. -->
-
-### Gem versions
-
-<!-- Please specify which version(s) of the gem exhibit this behaviour. -->
-
-### Additional Information
+## Expected behavior
 
-<!-- Any additional information, configuration or data that might be necessary to reproduce the issue. See common examples of important information below. -->
+What do you think should happen?
 
-<!-- - [x] My app relies on third-party cookies -->
-<!-- - [x] My app is intended to be a non-embedded app -->
-<!-- - [x] My app uses session tokens -->
+## Actual behavior
 
+What actually happens?
 
-### Security
+## Steps to reproduce the problem
 
-<!-- Please be certain to redact any private information from your logs or code snippets such as Api Keys, Api Secrets, and any authentication tokens such as shop_tokens. -->
+1.
+1.
+1.
 
-- [ ] I have redacted any private information from my logs or code snippets.
+## Debug logs
 
+```
+// Paste any relevant logs here
+```

data/.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,33 +1,9 @@
 ---
-name: Feature request
-about: Request new functionality for the Shopify App gem.
-labels: feature request
+name: "🙌 Feature Request"
+about: Suggest a new feature, or changes to an existing one
+labels: "Type: Feature Request :raised_hands:"
 ---
 
-<!--
+## Overview
 
-Do you want to ask a question? Are you looking for support? The Shopify Community forum is the best place for getting support: https://community.shopify.com
-
-You can also join the Partners Slack Community group: https://www.shopify.com/partners/community#conversation
-
----
-
-Please note that the team that maintains this gem has finite resources so it's unlikely that we'll work on feature requests. If we're interested in a particular feature however, we'll follow up and ask for more detail.
-
--->
-
-### Summary
-
-<!-- One paragraph explanation of the feature or suggestions. -->
-
-### Motivation
-
-<!-- Why is this feature or suggestion needed? What is the expected outcome? -->
-
-### Describe alternatives you've considered
-
-<!-- A clear and concise description of the alternative solutions you've considered. -->
-
-### Additional context
-
-<!-- Add any other context or screenshots about the feature request here. -->
+<!-- Write a short description of the request here ↓ -->

data/.github/workflows/build.yml

@@ -12,12 +12,12 @@ jobs:
     name: Ruby ${{ matrix.version }}
     strategy:
       matrix:
-        version: ['2.7', '3.0']
+        version: ['3.0', '3.1', '3.2', '3.3']
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Cache node modules
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           # npm cache files are stored in `~/.npm` on Linux/macOS
           path: ~/.npm
@@ -28,13 +28,12 @@ jobs:
           ruby-version: ${{ matrix.version }}
           bundler-cache: true
       - name: Set up Node
-        uses: actions/setup-node@v2-beta
+        uses: actions/setup-node@v3
         with:
-          node-version: '12'
-      - name: Install Dependencies
-        run: |
-          yarn
-      - name: Run Tests
-        run: |
-          yarn test
-          bundle exec rake test
+          node-version: '18'
+      - name: Install Yarn Dependencies
+        run: yarn
+      - name: Run Yarn Tests
+        run: yarn test
+      - name: Run Ruby Tests
+        run: bundle exec rake test

data/.github/workflows/release.yml

@@ -11,8 +11,8 @@ jobs:
     steps:
     - name: Extract tag name
       id: tag
-      run: echo "::set-output name=value::${GITHUB_REF##*/}"
-    - uses: actions/checkout@v2
+      run: echo "value=${GITHUB_REF##*/}" >> "$GITHUB_OUTPUT"
+    - uses: actions/checkout@v3
 
     - name: Create Release
       id: create_release

data/.github/workflows/remove-labels-on-activity.yml

@@ -7,7 +7,7 @@ jobs:
   remove-labels-on-activity:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: actions-ecosystem/action-remove-labels@v1
         if: contains(github.event.issue.labels.*.name, 'Waiting for Response')
         with:

data/.github/workflows/rubocop.yml

@@ -7,11 +7,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby 2.7
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: 2.7
         bundler-cache: true
     - name: Install gems
       run: |

data/.nvmrc

@@ -1 +1 @@
-12.22.8
+20.10.0

data/.rubocop.yml

@@ -2,7 +2,6 @@ inherit_gem:
     rubocop-shopify: rubocop.yml
 
 AllCops:
-  TargetRubyVersion: 2.7
   Exclude:
     - 'test/tmp/**/*'
     - 'vendor/bundle/**/*'
@@ -16,3 +15,5 @@ Style/ClassAndModuleChildren:
   Exclude:
     - 'test/**/*'
 
+Style/ClassMethodsDefinitions:
+  Enabled: false

data/.ruby-version

@@ -1 +1 @@
-3.0.3
+3.2.2

data/.spin/rails/prepare-application

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# This file exists to prevent the Spin infrastucture from infering that this is a Rails application:
+# https://github.com/Shopify/wave/issues/244
+
+set -ex
+
+bundle install

data/CHANGELOG.md

@@ -1,6 +1,179 @@
 Unreleased
 ----------
 
+22.5.0 (November 28, 2024)
+----------
+- Add support for filters in webhook registration [1923](https://github.com/Shopify/shopify_app/pull/1923)
+-  Make `ShopifyApp.configuration.scope` default to empty list `[]` [1913](https://github.com/Shopify/shopify_app/pull/1913)
+
+22.4.0 (August 22, 2024)
+----------
+- Add the `unified_admin_domain` configuration option for the unified admin domain.
+- Add new generators for webhook subscriptions defined in the `shopify.app.toml` file [1882](https://github.com/Shopify/shopify_app/pull/1882)
+- Fix test stubbing for Token Exchange auth [1897](https://github.com/Shopify/shopify_app/pull/1897)
+
+22.3.1 (July 26, 2024)
+----------
+- Handle edge case where we attempted to redirect to login when already at the top level [#1887](https://github.com/Shopify/shopify_app/pull/1887)
+
+22.3.0 (July 24, 2024)
+----------
+- Deprecate `ShopifyApp::JWTMiddleware`. And remove internal usage.  Any existing app code relying on decoded JWT contents set from `request.env` should instead include the `WithShopifyIdToken` concern and call its respective methods. [#1861](https://github.com/Shopify/shopify_app/pull/1861) [Migration Guide](/docs/Upgrading.md#v2300---removed-shopifyappjwtmiddleware)
+- Handle scenario when invalid URI is passed to `sanitize_shop_domain` [#1852](https://github.com/Shopify/shopify_app/pull/1852)
+- Remove references to old JS files during asset precompile [#1865](https://github.com/Shopify/shopify_app/pull/1865)
+- Remove old translation keys for `enable_cookies_*`, `top_level_interaction_*` and `request_storage_access_*` [#1865](https://github.com/Shopify/shopify_app/pull/1865)
+- Add invalid id token handling for `current_shopify_domain` method [#1868](https://github.com/Shopify/shopify_app/pull/1868)
+- Keep original path and params when redirecting deep links to embed [#1869](https://github.com/Shopify/shopify_app/pull/1869)
+- Fix managed install path for SPIN environments [#1877](https://github.com/Shopify/shopify_app/pull/1877)
+- Migrate fullpage redirect to App Bridge CDN [#1870](https://github.com/Shopify/shopify_app/pull/1870)
+- Improve embedded requests detection with `Sec-Fetch-Dest` header [#1873](https://github.com/Shopify/shopify_app/pull/1873)
+- Fix bug where locale is not read from session if locale param is not present in app request [#1878](https://github.com/Shopify/shopify_app/pull/1878)
+
+22.2.1 (May 6,2024)
+----------
+* Patch - Don't delete session on 401 errors during retry in `with_token_refetch` [#1844](https://github.com/Shopify/shopify_app/pull/1844)
+
+22.2.0 (May 2,2024)
+----------
+* Add new zero redirect authorization strategy - `Token Exchange`.
+  - This strategy replaces the existing OAuth flow for embedded apps and remove the redirects that were previously necessary to complete OAuth.
+  See ["New embedded app authorization strategy (Token Exchange)"](/README.md/#new-embedded-app-authorization-strategy-token-exchange) for how to enable this feature.
+  - Related PRs: [#1817](https://github.com/Shopify/shopify_app/pull/1817),
+  [#1818](https://github.com/Shopify/shopify_app/pull/1818),
+  [#1819](https://github.com/Shopify/shopify_app/pull/1819),
+  [#1821](https://github.com/Shopify/shopify_app/pull/1821),
+  [#1822](https://github.com/Shopify/shopify_app/pull/1822),
+  [#1823](https://github.com/Shopify/shopify_app/pull/1823),
+  [#1832](https://github.com/Shopify/shopify_app/pull/1832),
+  [#1833](https://github.com/Shopify/shopify_app/pull/1833),
+  [#1834](https://github.com/Shopify/shopify_app/pull/1834),
+  [#1836](https://github.com/Shopify/shopify_app/pull/1836),
+* Bumps `shopify_api` to `14.3.0` [1832](https://github.com/Shopify/shopify_app/pull/1832)
+* Support `id_token` from URL param [1832](https://github.com/Shopify/shopify_app/pull/1832)
+  * Extracted controller concern `WithShopifyIdToken`
+      * This concern provides a method `shopify_id_token` to retrieve the Shopify Id token from either the authorization header or the URL param `id_token`.
+  * `ShopifyApp::JWTMiddleware` supports retrieving session token from URL param `id_token`
+  * `ShopifyApp::JWTMiddleware` returns early if the app is not embedded to avoid unnecessary JWT verification
+  * `LoginProtection` now uses `WithShopifyIdToken` concern to retrieve the Shopify Id token, thus accepting the session token from the URL param `id_token`
+* Marking `ShopifyApp::JWT` to be deprecated in version 23.0.0 [1832](https://github.com/Shopify/shopify_app/pull/1832), use `ShopifyAPI::Auth::JwtPayload` instead.
+* Fix infinite redirect loop caused by handling errors from Billing API [1833](https://github.com/Shopify/shopify_app/pull/1833)
+
+22.1.0 (April 9,2024)
+----------
+* Extracted class - `PostAuthenticateTasks` to handle post authenticate tasks. To learn more, see [post authenticate tasks](/docs/shopify_app/authentication.md#post-authenticate-tasks). [1819](https://github.com/Shopify/shopify_app/pull/1819)
+* Bumps shopify_api dependency to 14.1.0 [1826](https://github.com/Shopify/shopify_app/pull/1826)
+
+22.0.1 (March 12, 2024)
+----------
+* Bumps `shopify_api` to `14.0.1` [1813](https://github.com/Shopify/shopify_app/pull/1813)
+
+22.00.0 (March 5, 2024)
+----------
+
+To migrate from a previous version, please see the [v22 migration guide](docs/Upgrading.md#upgrading-to-v2200).
+
+* ⚠️ [Breaking] Bumps minimum supported Ruby version to 3.0. Bumps `shopify_api` to 14.0 [1801](https://github.com/Shopify/shopify_app/pull/1801)
+* ⚠️ [Breaking] Removes deprecated controller concerns that were renamed in `v21.10.0`. [1805](https://github.com/Shopify/shopify_app/pull/1805)
+* ⚠️ [Breaking] Removes deprecated `ScripttagManager`. We realize there was communication error in our logging where we logged future deprecation instead of our inteded removal. Since we have been logging that for 2 years we felt we'd move forward with the removal instead pushing this off until the next major release. [1806](https://github.com/Shopify/shopify_app/pull/1806)
+* ⚠️ [Breaking] Removes ITP controller concern and `browser_sniffer` dependency.[1810](https://github.com/Shopify/shopify_app/pull/1810)
+* ⚠️ [Breaking] Removes Marketing Extensions generator [1810](https://github.com/Shopify/shopify_app/pull/1810)
+* ⚠️ [Breaking] Thows an error if a controller includes incompatible concerns (LoginProtection/EnsureInstalled) [1809](https://github.com/Shopify/shopify_app/pull/1809)
+* ⚠️ [Breaking] No longer rescues non-shopify API errors during OAuth
+  callback [1807](https://github.com/Shopify/shopify_app/pull/1807)
+* Make type param for webhooks route optional. This will fix a bug with CLI initiated webhooks.[1786](https://github.com/Shopify/shopify_app/pull/1786)
+* Fix redirecting to login when we catch a 401 response from Shopify, so that it can also handle cases where the app is already embedded when that happens.[1787](https://github.com/Shopify/shopify_app/pull/1787)
+* Always register webhooks with offline sessions.[1788](https://github.com/Shopify/shopify_app/pull/1788)
+
+21.10.0 (January 24, 2024)
+----------
+* Fix session deletion for users with customized session storage[#1773](https://github.com/Shopify/shopify_app/pull/1773)
+* Add configuration flag `check_session_expiry_date` to trigger a re-auth when the (user) session is expired. The session expiry date must be stored and retrieved for this flag to be effective. When the `UserSessionStorageWithScopes` concern is used, a DB migration can be generated with `rails generate shopify_app:user_model --skip` and should be applied before enabling that flag[#1757](https://github.com/Shopify/shopify_app/pull/1757)
+
+21.9.0 (January 16, 2024)
+----------
+* Fix `add_webhook` generator to create the webhook jobs under the correct directory[#1748](https://github.com/Shopify/shopify_app/pull/1748)
+* Add support for metafield_namespaces in webhook registration [#1745](https://github.com/Shopify/shopify_app/pull/1745)
+* Bumps `shopify_api` to latest version (13.4.0), adds support for 2024-01 API version [#1776](https://github.com/Shopify/shopify_app/pull/1776)
+
+21.8.1 (December 6, 2023)
+----------
+* Bump `shopify_api` to 13.3.1 [1763](https://github.com/Shopify/shopify-api-ruby/blob/main/CHANGELOG.md#1331)
+
+21.8.0 (Dec 1, 2023)
+----------
+* Bump `shopify_api` to include bugfix with mandatory webhooks + fixes for CI failures that prevented earlier release
+* Fixes bug with `WebhooksManager#recreate_webhooks!` where we failed to register topics in the registry[#1743](https://github.com/Shopify/shopify_app/pull/1704)
+* Allow embedded apps to provide a full URL to get redirected to, rather than defaulting to Shopify Admin [#1746](https://github.com/Shopify/shopify_app/pull/1746)
+
+21.7.0 (Oct 12, 2023)
+----------
+* Fixes typo in webhook generator [#1704](https://github.com/Shopify/shopify_app/pull/1704)
+* Fix registration of event_bridge and pub_sub webhooks [#1635](https://github.com/Shopify/shopify_app/pull/1635)
+* Adds support for adding any number of trial days within `EnsureBilling` by adding the `trial_days` field to `BillingConfiguration`
+* Updated AppBridge to 3.7.8 [#1680](https://github.com/Shopify/shopify_app/pull/1680)
+* Support falling back to 2 letter language code locales [#1711](https://github.com/Shopify/shopify_app/pull/1711)
+* Fix locale leaks across requests [#1711](https://github.com/Shopify/shopify_app/pull/1711)
+* Fix bug in `InMemoryUserSessionStore#store`, this can now be used out of box. [#1716](https://github.com/Shopify/shopify_app/pull/1716)
+* Adds support for 2023-10 API version [#1734](https://github.com/Shopify/shopify_app/pull/1734)
+
+21.6.0 (July 11, 2023)
+----------
+* Adds support for toggling test charges within `EnsureBilling` by adding `test` field to `BillingConfiguration` and pulling in environment variable [#1688](https://github.com/Shopify/shopify_app/pull/1688)
+* Adds support for 2023-07 API version [#1706](https://github.com/Shopify/shopify_app/pull/1706)
+
+21.5.0 (May 18, 2023)
+----------
+* Support Unified Admin [#1658](https://github.com/Shopify/shopify_app/pull/1658)
+* Set `access_scopes` column to string by default [#1636](https://github.com/Shopify/shopify_app/pull/1636)
+* Fixes a bug with `EnsureBilling` causing infinite redirect in embedded apps [#1578](https://github.com/Shopify/shopify_app/pull/1578)
+* Modifies SessionStorage#with_shopify_session to call a block with a supplied session instance [#1488](https://github.com/Shopify/shopify_app/pull/1488)
+* Refactors `ShopifyApp::WebhhooksManager#recreate_webhooks!` to have a uniform webhook inventory that doesn't clash with the API library. Updates webhook generator to use supplied session. [#1686](https://github.com/Shopify/shopify_app/pull/1686)
+* No longer use session repository from API library[#1689](https://github.com/Shopify/shopify_app/pull/1689)
+
+21.4.1 (Feb 21, 2023)
+----------
+* Fixed bug where authentication redirect could still happen even though `reauth_on_access_scope_changes` is set to `false` [#1639](https://github.com/Shopify/shopify_app/pull/1639)
+
+21.4.0 (Jan 5, 2023)
+----------
+* Updated shopify_api to 12.4.0 [#1633](https://github.com/Shopify/shopify_app/pull/1633)
+* Removed Logged output for rescued JWT exceptions [#1610](https://github.com/Shopify/shopify_app/pull/1610)
+* Fixes a bug with `ShopifyApp::WebhooksManager.destroy_webhooks` causing not passing session arguments to [unregister](https://github.com/Shopify/shopify-api-ruby/blob/main/lib/shopify_api/webhooks/registry.rb#L99) method [#1569](https://github.com/Shopify/shopify_app/pull/1569)
+* Validates shop's offline session token is still valid when using `EnsureInstalled`[#1612](https://github.com/Shopify/shopify_app/pull/1612)
+* Allows use of multiple subdomains with myshopify_domain [#1620](https://github.com/Shopify/shopify_app/pull/1620)
+* Added a `setup_shopify_session` test helper to stub a valid session
+
+21.3.1 (Dec 12, 2022)
+----------
+* Fix bug with stores using the new unified admin that were falsely being flagged as phishing attempts [#1608](https://github.com/Shopify/shopify_app/pull/1608)
+
+21.3.0 (Dec 9, 2022)
+----------
+* Move covered scopes check into user access strategy [#1600](https://github.com/Shopify/shopify_app/pull/1600)
+* Add configuration option for user access strategy [#1599](https://github.com/Shopify/shopify_app/pull/1599)
+* Fixes a bug with `EnsureAuthenticatedLinks` causing deep links to not work [#1549](https://github.com/Shopify/shopify_app/pull/1549)
+* Ensure online token is properly used when using `current_shopify_session` [#1566](https://github.com/Shopify/shopify_app/pull/1566)
+* Added debug logs, you can read more about logging [here](./docs/logging.md). [#1545](https://github.com/Shopify/shopify_app/pull/1545)
+* Emit a deprecation notice for wrongly-rescued exceptions [#1530](https://github.com/Shopify/shopify_app/pull/1530)
+* Log a deprecation warning for the use of incompatible controller concerns [#1560](https://github.com/Shopify/shopify_app/pull/1560)
+* Fixes bug with expired sessions for embedded apps returning a 500 instead of 401 [#1580](https://github.com/Shopify/shopify_app/pull/1580)
+* Generator properly handles uninstall [#1597](https://github.com/Shopify/shopify_app/pull/1597)
+* Move ownership for session persistence from library to this gem [#1563](https://github.com/Shopify/shopify_app/pull/1563)
+* Patch phishing vulnerability [#1605](https://github.com/Shopify/shopify_app/pull/1605)
+* Remove `Itp` from `LoginProtection`. See the [upgrading docs](https://github.com/Shopify/shopify_app/blob/main/docs/Upgrading.md) for more information. [#1604](https://github.com/Shopify/shopify_app/pull/1604)
+
+21.2.0 (Oct 25, 2022)
+----------
+* Pass access scopes on query string [#1540](https://github.com/Shopify/shopify_app/pull/1540)
+
+21.1.1 (Oct 20, 2022)
+----------
+* Updates dependency to `shopify_api` to 12.2 to fix error with host_name argument.
+
+21.1.0 (Oct 17, 2022)
+----------
+* Removes assumed `https` required to run locally. Support both `http` and `https` in backward compatible way. [#1518](https://github.com/Shopify/shopify_app/pull/1518)
+
 21.0.0 (Oct 3, 2022)
 ----------
 * Updating shopify_api gem to 12.0.0
@@ -17,14 +190,12 @@ Unreleased
 
 20.1.1 (September 2, 2022)
 ----------
-
 * Fixed an issue where the `embedded_redirect_url` could lead to a redirect loop in server-side rendered (or production) apps. [#1497](https://github.com/Shopify/shopify_app/pull/1497)
 * Fixes bug where webhooks were generated with addresses instead of the [path the Ruby API](https://github.com/Shopify/shopify-api-ruby/blob/7a08ae9d96a7a85abd0113dae4eb76398cba8c64/lib/shopify_api/webhooks/registrations/http.rb#L12) is expecting [#1474](https://github.com/Shopify/shopify_app/pull/1474). The breaking change that was accidentially already shipped was that `address` attribute for webhooks should be paths not addresses with `https://` and the host name. While the `address` attribute name will still work assuming the value is a path, this name is deprecated. Please configure webhooks with the `path` attribute name instead.
 * Deduce webhook path from deprecated webhook address if initializer uses address attribute. This makes this attribute change a non-breaking change for those upgrading.
 
 20.1.0 (August 22, 2022)
 ----------
-
 * Set the appropriate CSP `frame-ancestor` directive in controllers using the `EmbeddedApp` concern. [#1474](https://github.com/Shopify/shopify_app/pull/1474)
 * Allow [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/trycloudflare/) hosts in `config/environments/development.rb`.
 * Use [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/trycloudflare/) as example tunnel in readme/docs.
@@ -32,30 +203,25 @@ Unreleased
 
 20.0.2 (July 7, 2022)
 ----------
-
 * Bump [Shopify API](https://github.com/Shopify/shopify-api-ruby) to version 11.0.1. It includes [these updates](https://github.com/Shopify/shopify-api-ruby/blob/main/CHANGELOG.md#version-1101). Fix an issue where HMAC signature verification would fail in OAuth flows during API key rotation.
 
 20.0.1 (July 6, 2022)
 ----------
-
 * Accept extra keyword arguments to WebhooksManagerJob to ease upgrade path from v18 or older (https://github.com/Shopify/shopify_app/pull/1466)
 
 20.0.0 (July 4, 2022)
 ----------
-
 * Bump [Shopify API](https://github.com/Shopify/shopify-api-ruby) to version 11.0.0. It includes [these updates](https://github.com/Shopify/shopify-api-ruby/blob/main/CHANGELOG.md#version-1100). The breaking change relates to the removal of API version `2021-07` support.
 * Internal update, adding App Bridge 3 for redirect (only). [#1458](https://github.com/Shopify/shopify_app/pull/1458)
 
 19.1.0 (June 20, 2022)
 ----------
-
 * Add the `login_callback_url` config to allow overwriting that route as well, and mount the engine routes based on the configurations. [#1445](https://github.com/Shopify/shopify_app/pull/1445)
 * Add special headers when returning 401s from LoginProtection. [#1450](https://github.com/Shopify/shopify_app/pull/1450)
 * Add a new `billing` configuration which takes in a `ShopifyApp::BillingConfiguration` object and checks for payment on controllers with `Authenticated`. [#1455](https://github.com/Shopify/shopify_app/pull/1455)
 
 19.0.2 (April 27, 2022)
 ----------
-
 * Fix regression in apps using online tokens. [#1413](https://github.com/Shopify/shopify_app/pull/1413)
 * Bump [Shopify API](https://github.com/Shopify/shopify-api-ruby) to version 10.0.3. It includes [these fixes](https://github.com/Shopify/shopify-api-ruby/blob/main/CHANGELOG.md#version-1003).
 

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all
+people who contribute through reporting issues, posting feature
+requests, updating documentation, submitting pull requests or patches,
+and other activities.
+
+We are committed to making participation in this project a
+harassment-free experience for everyone, regardless of level of
+experience, gender, gender identity and expression, sexual orientation,
+disability, personal appearance, body size, race, ethnicity, age,
+religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+- The use of sexualized language or imagery
+- Personal attacks
+- Trolling or insulting/derogatory comments
+- Public or private harassment
+- Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+- Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit,
+or reject comments, commits, code, wiki edits, issues, and other
+contributions that are not aligned to this Code of Conduct, or to ban
+temporarily or permanently any contributor for other behaviors that they
+deem inappropriate, threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves
+to fairly and consistently applying these principles to every aspect of
+managing this project. Project maintainers who do not follow or enforce
+the Code of Conduct may be permanently removed from the project team.
+
+This Code of Conduct applies both within project spaces and in public
+spaces when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may
+be reported by contacting a project maintainer at <opensource@shopify.com>.
+All complaints will be reviewed and investigated and will result in a response
+that is deemed necessary and appropriate to the circumstances. Maintainers are
+obligated to maintain confidentiality with regard to the reporter of an incident.
+
+This Code of Conduct is adapted from the Contributor Covenant, version
+1.3.0, available from http://contributor-covenant.org/version/1/3/0/

data/CONTRIBUTING.md

@@ -23,7 +23,7 @@ Shopify has an official message board with dedicated forums to discuss all thing
 * [Shopify Apps](https://community.shopify.com/c/Shopify-Apps/bd-p/shopify-apps)
 * [Shopify APIs & SDKs](https://community.shopify.com/c/Shopify-APIs-SDKs/bd-p/shopify-apis-and-technology)
 
-If you prefer to chat instead, join the [Shopify Partners Slack Community group](https://www.shopify.com/partners/community#conversation). This Slack group hosts an active community of thousands of app developers.
+If you prefer to chat instead, join the [Shopify Partners Slack Community group](https://community.shopify.com/c/partners-and-developers/ct-p/appdev). This Slack group hosts an active community of thousands of app developers.
 
 By participating in the Community forum or Slack group, you agree to adhere to the forum [Code of Conduct](https://community.shopify.com/c/Announcements/Code-of-Conduct/m-p/491969#M23) outlined.
 
@@ -61,7 +61,7 @@ If you have a suggestion for the Shopify App gem or a feature request, provide t
 
 The process described here has several goals:
 
-* Maintain the Shopify App gem's quality
+* Maintain the Shopify App gem's quality (does the change you're making have a test?)
 * Fix problems that are important to app developers
 * Enable a sustainable system for the Shopify App gem's maintainers to review contributions
 
@@ -74,8 +74,18 @@ Please follow these steps to have your contribution considered by the maintainer
 
       While the prerequisites above must be satisfied prior to having your pull request reviewed, the reviewer(s) may ask you to complete additional design work, tests, or other changes before your pull request can be ultimately accepted.
     </details>
-    
-### App Bridge client
 
-This gem ships with a UMD version of the App Bridge client. It lives inside the assets folder: `app/assets/javascripts/shopify_app/`. To update the client, simply download the UMD build from [unpkg.com](https://unpkg.com/@shopify/app-bridge) and save it into the folder.
-Please follow the convention of including the client version number in the filename. Finally, change the reference to the new App Bridge client inside `app/assets/javascripts/shopify_app/app_bridge_redirect.js`.
+### Running tests
+
+#### Test Environment Requirements
+
+To run tests, you'll need to make sure that your development environment is setup correctly. You'll need:
+
+* Ruby 3+ is installed on your system
+* Install dependencies with `bundle install`
+
+#### Executing Tests
+
+* To run all tests: `bundle exec rake test`
+* To run a specific test file: `bundle exec rake test TEST=test/controllers/callback_controller_test.rb`
+* To run a single test: `bundle exec rake test TEST=test/controllers/callback_controller_test.rb:50` where `50` is the line number on or inside the test case.

data/Gemfile

@@ -6,6 +6,7 @@ source "https://rubygems.org"
 gemspec
 
 gem "rails-controller-testing", group: :test
+gem "rails", "< 7" # temporary: https://github.com/Shopify/shopify_app/pull/1561
 
 group :rubocop do
   gem "rubocop-shopify", require: false