shopify_app 21.0.0 → 22.5.0

data/Gemfile.lock

@@ -1,135 +1,151 @@
 PATH
   remote: .
   specs:
-    shopify_app (21.0.0)
+    shopify_app (22.5.0)
       activeresource
-      browser_sniffer (~> 2.0)
+      addressable (~> 2.7)
       jwt (>= 2.2.3)
       rails (> 5.2.1)
       redirect_safely (~> 1.0)
-      shopify_api (~> 12.0.0)
+      shopify_api (>= 14.7.0, < 15.0)
       sprockets-rails (>= 2.0.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.5)
-      actionpack (= 6.1.5)
-      activesupport (= 6.1.5)
+    actioncable (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.5)
-      actionpack (= 6.1.5)
-      activejob (= 6.1.5)
-      activerecord (= 6.1.5)
-      activestorage (= 6.1.5)
-      activesupport (= 6.1.5)
+    actionmailbox (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activestorage (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       mail (>= 2.7.1)
-    actionmailer (6.1.5)
-      actionpack (= 6.1.5)
-      actionview (= 6.1.5)
-      activejob (= 6.1.5)
-      activesupport (= 6.1.5)
+    actionmailer (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      actionview (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.5)
-      actionview (= 6.1.5)
-      activesupport (= 6.1.5)
+    actionpack (6.1.7.9)
+      actionview (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.5)
-      actionpack (= 6.1.5)
-      activerecord (= 6.1.5)
-      activestorage (= 6.1.5)
-      activesupport (= 6.1.5)
+    actiontext (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activestorage (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       nokogiri (>= 1.8.5)
-    actionview (6.1.5)
-      activesupport (= 6.1.5)
+    actionview (6.1.7.9)
+      activesupport (= 6.1.7.9)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.5)
-      activesupport (= 6.1.5)
+    activejob (6.1.7.9)
+      activesupport (= 6.1.7.9)
       globalid (>= 0.3.6)
-    activemodel (6.1.5)
-      activesupport (= 6.1.5)
+    activemodel (6.1.7.9)
+      activesupport (= 6.1.7.9)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (6.1.5)
-      activemodel (= 6.1.5)
-      activesupport (= 6.1.5)
-    activeresource (6.0.0)
+    activerecord (6.1.7.9)
+      activemodel (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
+    activeresource (6.1.3)
       activemodel (>= 6.0)
       activemodel-serializers-xml (~> 1.0)
       activesupport (>= 6.0)
-    activestorage (6.1.5)
-      actionpack (= 6.1.5)
-      activejob (= 6.1.5)
-      activerecord (= 6.1.5)
-      activesupport (= 6.1.5)
+    activestorage (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.5)
+    activesupport (6.1.7.9)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
       zeitwerk (~> 2.3)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.4)
+      public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
     binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
-    browser_sniffer (2.1.0)
-    builder (3.2.4)
+    builder (3.3.0)
     byebug (11.1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.3.4)
     crack (0.4.5)
       rexml
     crass (1.0.6)
+    date (3.3.4)
     debug_inspector (1.1.0)
-    erubi (1.10.0)
-    globalid (1.0.0)
-      activesupport (>= 5.0)
+    erubi (1.13.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
     hash_diff (1.1.1)
     hashdiff (1.0.1)
-    httparty (0.20.0)
-      mime-types (~> 3.0)
+    httparty (0.21.0)
+      mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    i18n (1.10.0)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
-    jwt (2.5.0)
-    loofah (2.15.0)
+    json (2.7.2)
+    jwt (2.7.0)
+    language_server-protocol (3.17.0.3)
+    loofah (2.22.0)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
+      nokogiri (>= 1.12.0)
+    mail (2.8.1)
       mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
     marcel (1.0.2)
     method_source (1.0.0)
-    mime-types (3.4.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2022.0105)
-    mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
-    minitest (5.15.0)
-    mocha (1.13.0)
+    mini_mime (1.1.5)
+    minitest (5.18.0)
+    mocha (2.0.2)
+      ruby2_keywords (>= 0.0.5)
     multi_xml (0.6.0)
-    nio4r (2.5.8)
-    nokogiri (1.13.4)
-      mini_portile2 (~> 2.8.0)
+    net-imap (0.4.17)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.2)
+      timeout
+    net-smtp (0.5.0)
+      net-protocol
+    nio4r (2.5.9)
+    nokogiri (1.16.7-arm64-darwin)
       racc (~> 1.4)
-    oj (3.13.21)
-    openssl (3.0.1)
-    parallel (1.21.0)
-    parser (3.1.0.0)
+    nokogiri (1.16.7-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.16.7-x86_64-linux)
+      racc (~> 1.4)
+    oj (3.14.3)
+    openssl (3.1.0)
+    parallel (1.24.0)
+    parser (3.3.0.5)
       ast (~> 2.4.1)
-    pry (0.14.1)
+      racc
+    prettier_print (1.2.1)
+    pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
     pry-nav (1.0.0)
@@ -137,38 +153,40 @@ GEM
     pry-stack_explorer (0.6.1)
       binding_of_caller (~> 1.0)
       pry (~> 0.13)
-    public_suffix (4.0.6)
-    racc (1.6.0)
-    rack (2.2.3)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (6.1.5)
-      actioncable (= 6.1.5)
-      actionmailbox (= 6.1.5)
-      actionmailer (= 6.1.5)
-      actionpack (= 6.1.5)
-      actiontext (= 6.1.5)
-      actionview (= 6.1.5)
-      activejob (= 6.1.5)
-      activemodel (= 6.1.5)
-      activerecord (= 6.1.5)
-      activestorage (= 6.1.5)
-      activesupport (= 6.1.5)
+    public_suffix (5.0.1)
+    racc (1.8.1)
+    rack (2.2.10)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rails (6.1.7.9)
+      actioncable (= 6.1.7.9)
+      actionmailbox (= 6.1.7.9)
+      actionmailer (= 6.1.7.9)
+      actionpack (= 6.1.7.9)
+      actiontext (= 6.1.7.9)
+      actionview (= 6.1.7.9)
+      activejob (= 6.1.7.9)
+      activemodel (= 6.1.7.9)
+      activerecord (= 6.1.7.9)
+      activestorage (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       bundler (>= 1.15.0)
-      railties (= 6.1.5)
+      railties (= 6.1.7.9)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
-      loofah (~> 2.3)
-    railties (6.1.5)
-      actionpack (= 6.1.5)
-      activesupport (= 6.1.5)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    railties (6.1.7.9)
+      actionpack (= 6.1.7.9)
+      activesupport (= 6.1.7.9)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -177,24 +195,32 @@ GEM
     rb-readline (0.5.5)
     redirect_safely (1.0.0)
       activemodel
-    regexp_parser (2.2.0)
-    rexml (3.2.5)
-    rubocop (1.25.1)
+    regexp_parser (2.9.0)
+    rexml (3.3.9)
+    rubocop (1.62.1)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.15.1, < 2.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.15.1)
-      parser (>= 3.0.1.1)
-    rubocop-shopify (2.4.0)
-      rubocop (~> 1.24)
-    ruby-progressbar (1.11.0)
-    securerandom (0.2.0)
-    shopify_api (12.0.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.31.2)
+      parser (>= 3.3.0.4)
+    rubocop-shopify (2.13.0)
+      rubocop (~> 1.50)
+    ruby-lsp (0.5.1)
+      language_server-protocol (~> 3.17.0)
+      sorbet-runtime
+      syntax_tree (>= 6.1.1, < 7)
+    ruby-progressbar (1.13.0)
+    ruby2_keywords (0.0.5)
+    securerandom (0.2.2)
+    shopify_api (14.7.0)
+      activesupport
       concurrent-ruby
       hash_diff
       httparty
@@ -204,30 +230,41 @@ GEM
       securerandom
       sorbet-runtime
       zeitwerk (~> 2.5)
-    sorbet-runtime (0.5.10477)
-    sprockets (4.1.1)
+    sorbet-runtime (0.5.10835)
+    sprockets (4.2.0)
       concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
+      rack (>= 2.2.4, < 4)
     sprockets-rails (3.4.2)
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
-    sqlite3 (1.4.2)
-    thor (1.2.1)
-    tzinfo (2.0.4)
+    sqlite3 (1.7.3-arm64-darwin)
+    sqlite3 (1.7.3-x86_64-darwin)
+    sqlite3 (1.7.3-x86_64-linux)
+    syntax_tree (6.1.1)
+      prettier_print (>= 1.2.0)
+    thor (1.2.2)
+    timeout (0.4.1)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.1.0)
-    webmock (3.14.0)
+    unicode-display_width (2.5.0)
+    webmock (3.18.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.6.1)
+    zeitwerk (2.6.18)
 
 PLATFORMS
-  ruby
+  arm64-darwin-21
+  arm64-darwin-22
+  arm64-darwin-23
+  x86_64-darwin-19
+  x86_64-darwin-20
+  x86_64-darwin-21
+  x86_64-linux
 
 DEPENDENCIES
   byebug
@@ -236,13 +273,15 @@ DEPENDENCIES
   pry
   pry-nav
   pry-stack_explorer
+  rails (< 7)
   rails-controller-testing
   rake
   rb-readline
   rubocop-shopify
+  ruby-lsp
   shopify_app!
   sqlite3 (~> 1.4)
   webmock
 
 BUNDLED WITH
-   2.3.5
+   2.4.10

data/README.md

@@ -7,10 +7,10 @@
 
 This gem builds Rails applications that can be embedded in the Shopify Admin.
 
-[Introduction](#introduction) | 
-[Requirements](#requirements) | 
-[Usage](#usage) | 
-[Documentation](#documentation) | 
+[Introduction](#introduction) |
+[Requirements](#requirements) |
+[Usage](#usage) |
+[Documentation](#documentation) |
 [Contributing](/CONTRIBUTING.md) |
 [License](/LICENSE)
 
@@ -22,15 +22,12 @@ This gem includes a Rails engine, generators, modules, and mixins that help crea
 <!-- This section is linked to in `templates/shopify_app.rb.tt`. Be careful renaming this heading. -->
 ## Requirements
 
-> **Rails compatibility** 
-> * Use Shopify App `<= v7.2.8` if you need to work with Rails 4.
-
 To become a Shopify app developer, you will need a [Shopify Partners](https://www.shopify.com/partners) account. Explore the [Shopify dev docs](https://shopify.dev/concepts/shopify-introduction) to learn more about [building Shopify apps](https://shopify.dev/concepts/apps).
 
 This gem requires that you have the following credentials:
 
-- **Shopify API key:** The API key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations). 
-- **Shopify API secret:** The API secret key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations). 
+- **Shopify API key:** The API key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
+- **Shopify API secret:** The API secret key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
 
 ## Usage
 
@@ -40,21 +37,22 @@ This gem requires that you have the following credentials:
 rails new my_shopify_app
 ```
 
-2. Add the Shopify App gem to `my_shopify_app`'s Gemfile.
+2. Add the Shopify App gem to the app's Gemfile:
 
 ```sh
 bundle add shopify_app
 ```
 
-3. Create a `.env` file in the root of `my_shopify_app` to specify your Shopify API credentials:
+3. You will need to provide several environment variables to the app.
+There are a variety of way of doing this, but for a development environment we recommended the [`dotenv-rails`](https://github.com/bkeepers/dotenv) gem.
+Create a `.env` file in the root of your Rails app to specify the full host and Shopify API credentials:
 
 ```sh
+HOST=http://localhost:3000
 SHOPIFY_API_KEY=<Your Shopify API key>
 SHOPIFY_API_SECRET=<Your Shopify API secret>
 ```
 
-> In a development environment, you can use a gem like `dotenv-rails` to manage environment variables. 
-
 4. Run the default Shopify App generator to create an app that can be embedded in the Shopify Admin:
 
 ```sh
@@ -67,15 +65,18 @@ rails generate shopify_app
 rails db:migrate
 ```
 
-6. Setup a SSH tunnel to allow the OAuth redirect to work. See how in the [Setup SSH tunnel for development](/docs/Quickstart.md#setup-ssh-tunnel-for-development) section in [Quickstart](/docs/Quickstart.md)
-
-7. Run the app:
+6. Run the app:
 
 ```sh
 rails server
 ```
 
-8. Install the app by visiting the server's URL (e.g. http://127.0.0.1:3000) and specifying the subdomain of the shop where you want it to be installed to.
+7. Within [Shopify Partners](https://www.shopify.com/partners), navigate to your App, then App Setup, and configure the URLs, e.g.:
+
+  * App URL: http://localhost:3000/
+  * Allowed redirection URL(s): http://localhost:3000/auth/shopify/callback
+
+8. Install the app by visiting the server's URL (e.g. http://localhost:3000) and specifying the subdomain of the shop where you want it to be installed to.
 
 9. After the app is installed, you're redirected to the embedded app.
 
@@ -103,13 +104,14 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor
 [Shopify App](/docs/shopify_app)
   * [Authentication](/docs/shopify_app/authentication.md)
   * [Engine](/docs/shopify_app/engine.md)
+  * [Controller Concerns](/docs/shopify_app/controller-concerns.md)
   * [Generators](/docs/shopify_app/generators.md)
-  * [ScriptTags](/docs/shopify_app/script-tags.md)
-  * [Session repository](/docs/shopify_app/session-repository.md)
+  * [Sessions](/docs/shopify_app/sessions.md)
   * [Handling changes in access scopes](/docs/shopify_app/handling-access-scopes-changes.md)
   * [Testing](/docs/shopify_app/testing.md)
   * [Webhooks](/docs/shopify_app/webhooks.md)
   * [Content Security Policy](/docs/shopify_app/content-security-policy.md)
+  * [Logging](/docs/shopify_app/logging.md)
 
 ### Engine
 
@@ -127,6 +129,52 @@ These routes are configurable. See the more detailed [*Engine*](/docs/shopify_ap
 
 To learn more about how this gem authenticates with Shopify, see [*Authentication*](/docs/shopify_app/authentication.md).
 
+### New embedded app authorization strategy (Token Exchange)
+
+> [!TIP]
+> If you are building an embedded app, we **strongly** recommend using [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation)
+> with [token exchange](https://shopify.dev/docs/apps/auth/get-access-tokens/token-exchange) instead of the legacy authorization code grant flow.
+
+We've introduced a new installation and authorization strategy for **embedded apps** that
+eliminates the redirects that were previously necessary.
+It replaces the existing [installation and authorization code grant flow](https://shopify.dev/docs/apps/auth/get-access-tokens/authorization-code-grant).
+
+This is achieved by using [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation)
+to handle automatic app installations and scope updates, while utilizing
+[token exchange](https://shopify.dev/docs/apps/auth/get-access-tokens/token-exchange) to retrieve an access token for
+authenticated API access.
+
+##### Enabling this new strategy in your app
+
+1. Enable [Shopify managed installation](https://shopify.dev/docs/apps/auth/installation#shopify-managed-installation)
+    by configuring your scopes [through the Shopify CLI](https://shopify.dev/docs/apps/tools/cli/configuration).
+> [!NOTE]
+> Ensure you don't have `use_legacy_install_flow = true` in your `shopify.app.toml` configuration file. If `use_legacy_install_flow` is true, Shopify will not manage the installation process for your app.
+> You should remove the `use_legacy_install_flow` line from your `shopify.app.toml` configuration file or set it to `false`.
+
+2. Enable the new auth strategy in your app's ShopifyApp configuration file.
+
+```ruby
+# config/initializers/shopify_app.rb
+ShopifyApp.configure do |config|
+  #.....
+  config.embedded_app = true
+  config.new_embedded_auth_strategy = true
+
+  # If your app is configured to use online sessions, you can enable session expiry date check so a new access token
+  # is fetched automatically when the session expires.
+  # See expiry date check docs: https://github.com/Shopify/shopify_app/blob/main/docs/shopify_app/sessions.md#expiry-date
+  config.check_session_expiry_date = true
+  ...
+end
+
+```
+3. Handle special callback logic. If your app has overridden the OAuth CallbackController to run special tasks post authorization,
+you'll need to create and configure a custom PostAuthenticateTasks class to run these tasks after the token exchange. The original
+OAuth CallbackController will not be triggered anymore. See [Post Authenticate Tasks documentation](/docs/shopify_app/authentication.md#post-authenticate-tasks) for more information.
+4. Make sure your `embedded_app` layout is correct. If your app has any controller which includes `ShopifyApp::EnsureInstalled`, they will now also include the `ShopifyApp::EmbeddedApp` concern, which sets `layout 'embedded_app'` for the current controller by default. In cases where the controller originally looked for another layout file, this can cause unexpected behavior. See [`EmbeddedApp` concern's documentation](/docs/shopify_app/controller-concerns.md#embeddedapp) for more information on the effects of this concern and how to disable the layout change if needed.
+5. Enjoy a smoother and faster app installation process.
+
 ### API Versioning
 
 [Shopify's API is versioned](https://shopify.dev/concepts/about-apis/versioning). With Shopify App `v1.11.0`, the included Shopify API gem allows developers to specify and update the Shopify API version they want their app or service to use. The Shopify API gem also surfaces warnings to Rails apps about [deprecated endpoints, GraphQL fields and more](https://shopify.dev/concepts/about-apis/versioning#deprecation-practices).

data/SECURITY.md

@@ -56,4 +56,4 @@ We look forward to working with all security researchers and strive to be respec
 
 ## Receiving Security Updates
 
-To recieve all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)
+To receive all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)

data/app/assets/javascripts/shopify_app/redirect.js

@@ -1,6 +1,3 @@
-//= require ./app_bridge_redirect.js
-//= require ./app_bridge_utils_3.1.1.js
-
 (function () {
   function redirect() {
     var redirectTargetElement = document.getElementById("redirection-target");
@@ -10,14 +7,10 @@
     }
 
     var targetInfo = JSON.parse(redirectTargetElement.dataset.target);
+    var normalizedLink = document.createElement('a');
+    normalizedLink.href = targetInfo.url;
 
-    var appBridgeUtils = window['app-bridge-utils'];
-
-    if (appBridgeUtils.isShopifyEmbedded()) {
-      window.appBridgeRedirect(targetInfo.url);
-    } else {
-      window.top.location.href = targetInfo.url;
-    }
+    open(normalizedLink.href, '_top');
   }
 
   document.addEventListener("DOMContentLoaded", redirect);

data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb

@@ -14,21 +14,26 @@ module ShopifyApp
       splash_page_with_params(
         return_to: request.fullpath,
         shop: current_shopify_domain,
-        host: params[:host]
+        host: params[:host],
+        embedded: params[:embedded],
       )
     end
 
     def splash_page_with_params(params)
-      uri = URI(root_path)
+      uri = URI(base_url)
       uri.query = params.compact.to_query
       uri.to_s
     end
 
+    def base_url
+      ShopifyApp.configuration.root_url.presence || root_path
+    end
+
     def redirect_to_splash_page
       redirect_to(splash_page)
     rescue ::ShopifyApp::ShopifyDomainNotFound => error
-      Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
-        "Could not determine current shop domain")
+      ShopifyApp::Logger.warn("Redirecting to login: [#{error.class}]"\
+        " Could not determine current shop domain")
       redirect_to(ShopifyApp.configuration.login_url)
     end
 

data/app/controllers/concerns/shopify_app/ensure_has_session.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module EnsureHasSession
+    extend ActiveSupport::Concern
+
+    included do
+      include ShopifyApp::Localization
+
+      if ShopifyApp.configuration.use_new_embedded_auth_strategy?
+        include ShopifyApp::TokenExchange
+        around_action :activate_shopify_session
+      else
+        include ShopifyApp::LoginProtection
+        before_action :login_again_if_different_user_or_shop
+        around_action :activate_shopify_session
+        after_action :add_top_level_redirection_headers
+      end
+
+      include ShopifyApp::CsrfProtection
+      include ShopifyApp::EmbeddedApp
+      include ShopifyApp::EnsureBilling
+    end
+  end
+end