shopify_app 21.1.1 → 21.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 40fd868a167286d9004fe729facec79c9b7c49b468c90571eea90b4885573b15
-  data.tar.gz: a997784577b124c7d6fd2a372354b8c2ee5036d40e189953da9f55cea548ced0
+  metadata.gz: 89cc2a310a1182a7efc057933dafe337c0ba070732f40d920245741be7666c17
+  data.tar.gz: 2f981c756c218d2971687cd7e3f86a62b69b77fb49e343610523c8d8c77bb143
 SHA512:
-  metadata.gz: f22fb436540a1e7b7d36b5b037e5de0cee9212c13daddc2e3cfe0b58d8522719f475a875209e813efaf44ae7c1dd012a6b04afe643bf4621d811f1f0d4638488
-  data.tar.gz: 15354430679bda907d06e12ec9593ad3adb8cfb7fc5642bbc9461320eeda661c43bb89a62b77955042122c06589627483e01df0fa968afb387df4f5dbae1337e
+  metadata.gz: db13b7a1991ef855604d7734a79b4812f010bddc4937636c7c96594f8cbecd8daafd562ea3be6cd137887d799bb1d654eb951509334d04e17056b8c4582d4c14
+  data.tar.gz: 386345a2947c3e0c42f2ad9f2433e2702a823ede57bdd4efe73899703141c1fc58855bb451b3785c07536177f997385f6513a60e8fa1808a8de146cc33b1a294

data/.github/workflows/build.yml

@@ -28,13 +28,12 @@ jobs:
           ruby-version: ${{ matrix.version }}
           bundler-cache: true
       - name: Set up Node
-        uses: actions/setup-node@v2-beta
+        uses: actions/setup-node@v3
         with:
           node-version: '12'
-      - name: Install Dependencies
-        run: |
-          yarn
-      - name: Run Tests
-        run: |
-          yarn test
-          bundle exec rake test
+      - name: Install Yarn Dependencies
+        run: yarn
+      - name: Run Yarn Tests
+        run: yarn test
+      - name: Run Ruby Tests
+        run: bundle exec rake test

data/.github/workflows/stale.yml

@@ -29,3 +29,4 @@ jobs:
           days-before-pr-close: -1
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           exempt-issue-labels: "feature request"
+          close-issue-reason: "not_planned"

data/.spin/rails/prepare-application

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# This file exists to prevent the Spin infrastucture from infering that this is a Rails application:
+# https://github.com/Shopify/wave/issues/244
+
+set -ex
+
+bundle install

data/CHANGELOG.md

@@ -1,13 +1,31 @@
 Unreleased
 ----------
 
+21.3.0 (Dec 9, 2022)
+----------
+* Move covered scopes check into user access strategy [#1600](https://github.com/Shopify/shopify_app/pull/1600)
+* Add configuration option for user access strategy [#1599](https://github.com/Shopify/shopify_app/pull/1599)
+* Fixes a bug with `EnsureAuthenticatedLinks` causing deep links to not work [#1549](https://github.com/Shopify/shopify_app/pull/1549)
+* Ensure online token is properly used when using `current_shopify_session` [#1566](https://github.com/Shopify/shopify_app/pull/1566)
+* Added debug logs, you can read more about logging [here](./docs/logging.md). [#1545](https://github.com/Shopify/shopify_app/pull/1545)
+* Emit a deprecation notice for wrongly-rescued exceptions [#1530](https://github.com/Shopify/shopify_app/pull/1530)
+* Log a deprecation warning for the use of incompatible controller concerns [#1560](https://github.com/Shopify/shopify_app/pull/1560)
+* Fixes bug with expired sessions for embedded apps returning a 500 instead of 401 [#1580](https://github.com/Shopify/shopify_app/pull/1580)
+* Generator properly handles uninstall [#1597](https://github.com/Shopify/shopify_app/pull/1597)
+* Move ownership for session persistence from library to this gem [#1563](https://github.com/Shopify/shopify_app/pull/1563)
+* Patch phishing vulnerability [#1605](https://github.com/Shopify/shopify_app/pull/1605)
+* Remove `Itp` from `LoginProtection`. See the [upgrading docs](https://github.com/Shopify/shopify_app/blob/main/docs/Upgrading.md) for more information. [#1604](https://github.com/Shopify/shopify_app/pull/1604)
+
+21.2.0 (Oct 25, 2022)
+----------
+* Pass access scopes on query string [#1540](https://github.com/Shopify/shopify_app/pull/1540)
+
 21.1.1 (Oct 20, 2022)
 ----------
 * Updates dependency to `shopify_api` to 12.2 to fix error with host_name argument.
 
 21.1.0 (Oct 17, 2022)
 ----------
-
 * Removes assumed `https` required to run locally. Support both `http` and `https` in backward compatible way. [#1518](https://github.com/Shopify/shopify_app/pull/1518)
 
 21.0.0 (Oct 3, 2022)
@@ -26,14 +44,12 @@ Unreleased
 
 20.1.1 (September 2, 2022)
 ----------
-
 * Fixed an issue where the `embedded_redirect_url` could lead to a redirect loop in server-side rendered (or production) apps. [#1497](https://github.com/Shopify/shopify_app/pull/1497)
 * Fixes bug where webhooks were generated with addresses instead of the [path the Ruby API](https://github.com/Shopify/shopify-api-ruby/blob/7a08ae9d96a7a85abd0113dae4eb76398cba8c64/lib/shopify_api/webhooks/registrations/http.rb#L12) is expecting [#1474](https://github.com/Shopify/shopify_app/pull/1474). The breaking change that was accidentially already shipped was that `address` attribute for webhooks should be paths not addresses with `https://` and the host name. While the `address` attribute name will still work assuming the value is a path, this name is deprecated. Please configure webhooks with the `path` attribute name instead.
 * Deduce webhook path from deprecated webhook address if initializer uses address attribute. This makes this attribute change a non-breaking change for those upgrading.
 
 20.1.0 (August 22, 2022)
 ----------
-
 * Set the appropriate CSP `frame-ancestor` directive in controllers using the `EmbeddedApp` concern. [#1474](https://github.com/Shopify/shopify_app/pull/1474)
 * Allow [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/trycloudflare/) hosts in `config/environments/development.rb`.
 * Use [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/trycloudflare/) as example tunnel in readme/docs.
@@ -41,30 +57,25 @@ Unreleased
 
 20.0.2 (July 7, 2022)
 ----------
-
 * Bump [Shopify API](https://github.com/Shopify/shopify-api-ruby) to version 11.0.1. It includes [these updates](https://github.com/Shopify/shopify-api-ruby/blob/main/CHANGELOG.md#version-1101). Fix an issue where HMAC signature verification would fail in OAuth flows during API key rotation.
 
 20.0.1 (July 6, 2022)
 ----------
-
 * Accept extra keyword arguments to WebhooksManagerJob to ease upgrade path from v18 or older (https://github.com/Shopify/shopify_app/pull/1466)
 
 20.0.0 (July 4, 2022)
 ----------
-
 * Bump [Shopify API](https://github.com/Shopify/shopify-api-ruby) to version 11.0.0. It includes [these updates](https://github.com/Shopify/shopify-api-ruby/blob/main/CHANGELOG.md#version-1100). The breaking change relates to the removal of API version `2021-07` support.
 * Internal update, adding App Bridge 3 for redirect (only). [#1458](https://github.com/Shopify/shopify_app/pull/1458)
 
 19.1.0 (June 20, 2022)
 ----------
-
 * Add the `login_callback_url` config to allow overwriting that route as well, and mount the engine routes based on the configurations. [#1445](https://github.com/Shopify/shopify_app/pull/1445)
 * Add special headers when returning 401s from LoginProtection. [#1450](https://github.com/Shopify/shopify_app/pull/1450)
 * Add a new `billing` configuration which takes in a `ShopifyApp::BillingConfiguration` object and checks for payment on controllers with `Authenticated`. [#1455](https://github.com/Shopify/shopify_app/pull/1455)
 
 19.0.2 (April 27, 2022)
 ----------
-
 * Fix regression in apps using online tokens. [#1413](https://github.com/Shopify/shopify_app/pull/1413)
 * Bump [Shopify API](https://github.com/Shopify/shopify-api-ruby) to version 10.0.3. It includes [these fixes](https://github.com/Shopify/shopify-api-ruby/blob/main/CHANGELOG.md#version-1003).
 

data/Gemfile

@@ -6,6 +6,7 @@ source "https://rubygems.org"
 gemspec
 
 gem "rails-controller-testing", group: :test
+gem "rails", "< 7" # temporary: https://github.com/Shopify/shopify_app/pull/1561
 
 group :rubocop do
   gem "rubocop-shopify", require: false

data/Gemfile.lock

@@ -1,97 +1,91 @@
 PATH
   remote: .
   specs:
-    shopify_app (21.1.1)
+    shopify_app (21.3.0)
       activeresource
       browser_sniffer (~> 2.0)
       jwt (>= 2.2.3)
       rails (> 5.2.1)
       redirect_safely (~> 1.0)
-      shopify_api (~> 12.2)
+      shopify_api (~> 12.3)
       sprockets-rails (>= 2.0.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.4)
-      actionpack (= 7.0.4)
-      activesupport (= 7.0.4)
+    actioncable (6.1.7)
+      actionpack (= 6.1.7)
+      activesupport (= 6.1.7)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.4)
-      actionpack (= 7.0.4)
-      activejob (= 7.0.4)
-      activerecord (= 7.0.4)
-      activestorage (= 7.0.4)
-      activesupport (= 7.0.4)
+    actionmailbox (6.1.7)
+      actionpack (= 6.1.7)
+      activejob (= 6.1.7)
+      activerecord (= 6.1.7)
+      activestorage (= 6.1.7)
+      activesupport (= 6.1.7)
       mail (>= 2.7.1)
-      net-imap
-      net-pop
-      net-smtp
-    actionmailer (7.0.4)
-      actionpack (= 7.0.4)
-      actionview (= 7.0.4)
-      activejob (= 7.0.4)
-      activesupport (= 7.0.4)
+    actionmailer (6.1.7)
+      actionpack (= 6.1.7)
+      actionview (= 6.1.7)
+      activejob (= 6.1.7)
+      activesupport (= 6.1.7)
       mail (~> 2.5, >= 2.5.4)
-      net-imap
-      net-pop
-      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (7.0.4)
-      actionview (= 7.0.4)
-      activesupport (= 7.0.4)
-      rack (~> 2.0, >= 2.2.0)
+    actionpack (6.1.7)
+      actionview (= 6.1.7)
+      activesupport (= 6.1.7)
+      rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.4)
-      actionpack (= 7.0.4)
-      activerecord (= 7.0.4)
-      activestorage (= 7.0.4)
-      activesupport (= 7.0.4)
-      globalid (>= 0.6.0)
+    actiontext (6.1.7)
+      actionpack (= 6.1.7)
+      activerecord (= 6.1.7)
+      activestorage (= 6.1.7)
+      activesupport (= 6.1.7)
       nokogiri (>= 1.8.5)
-    actionview (7.0.4)
-      activesupport (= 7.0.4)
+    actionview (6.1.7)
+      activesupport (= 6.1.7)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.4)
-      activesupport (= 7.0.4)
+    activejob (6.1.7)
+      activesupport (= 6.1.7)
       globalid (>= 0.3.6)
-    activemodel (7.0.4)
-      activesupport (= 7.0.4)
+    activemodel (6.1.7)
+      activesupport (= 6.1.7)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (7.0.4)
-      activemodel (= 7.0.4)
-      activesupport (= 7.0.4)
+    activerecord (6.1.7)
+      activemodel (= 6.1.7)
+      activesupport (= 6.1.7)
     activeresource (6.0.0)
       activemodel (>= 6.0)
       activemodel-serializers-xml (~> 1.0)
       activesupport (>= 6.0)
-    activestorage (7.0.4)
-      actionpack (= 7.0.4)
-      activejob (= 7.0.4)
-      activerecord (= 7.0.4)
-      activesupport (= 7.0.4)
+    activestorage (6.1.7)
+      actionpack (= 6.1.7)
+      activejob (= 6.1.7)
+      activerecord (= 6.1.7)
+      activesupport (= 6.1.7)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (7.0.4)
+    activesupport (6.1.7)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     addressable (2.8.1)
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
     binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
-    browser_sniffer (2.1.0)
+    browser_sniffer (2.2.0)
     builder (3.2.4)
     byebug (11.1.3)
     coderay (1.1.3)
@@ -110,40 +104,48 @@ GEM
       multi_xml (>= 0.5.2)
     i18n (1.12.0)
       concurrent-ruby (~> 1.0)
-    json (2.6.2)
+    json (2.6.3)
     jwt (2.5.0)
+    language_server-protocol (3.17.0.2)
     loofah (2.19.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.1)
+    mail (2.8.0)
       mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
     marcel (1.0.2)
     method_source (1.0.0)
     mime-types (3.4.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2022.0105)
     mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
     minitest (5.16.3)
-    mocha (1.16.0)
+    mocha (2.0.2)
+      ruby2_keywords (>= 0.0.5)
     multi_xml (0.6.0)
     net-imap (0.3.1)
       net-protocol
     net-pop (0.1.2)
       net-protocol
-    net-protocol (0.1.3)
+    net-protocol (0.2.0)
       timeout
-    net-smtp (0.3.2)
+    net-smtp (0.3.3)
       net-protocol
     nio4r (2.5.8)
-    nokogiri (1.13.9)
-      mini_portile2 (~> 2.8.0)
+    nokogiri (1.13.9-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.13.9-x86_64-darwin)
       racc (~> 1.4)
-    oj (3.13.21)
+    nokogiri (1.13.9-x86_64-linux)
+      racc (~> 1.4)
+    oj (3.13.23)
     openssl (3.0.1)
     parallel (1.22.1)
-    parser (3.1.2.1)
+    parser (3.1.3.0)
       ast (~> 2.4.1)
+    prettier_print (1.1.0)
     pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
@@ -152,25 +154,26 @@ GEM
     pry-stack_explorer (0.6.1)
       binding_of_caller (~> 1.0)
       pry (~> 0.13)
-    public_suffix (5.0.0)
-    racc (1.6.0)
+    public_suffix (5.0.1)
+    racc (1.6.1)
     rack (2.2.4)
     rack-test (2.0.2)
       rack (>= 1.3)
-    rails (7.0.4)
-      actioncable (= 7.0.4)
-      actionmailbox (= 7.0.4)
-      actionmailer (= 7.0.4)
-      actionpack (= 7.0.4)
-      actiontext (= 7.0.4)
-      actionview (= 7.0.4)
-      activejob (= 7.0.4)
-      activemodel (= 7.0.4)
-      activerecord (= 7.0.4)
-      activestorage (= 7.0.4)
-      activesupport (= 7.0.4)
+    rails (6.1.7)
+      actioncable (= 6.1.7)
+      actionmailbox (= 6.1.7)
+      actionmailer (= 6.1.7)
+      actionpack (= 6.1.7)
+      actiontext (= 6.1.7)
+      actionview (= 6.1.7)
+      activejob (= 6.1.7)
+      activemodel (= 6.1.7)
+      activerecord (= 6.1.7)
+      activestorage (= 6.1.7)
+      activesupport (= 6.1.7)
       bundler (>= 1.15.0)
-      railties (= 7.0.4)
+      railties (= 6.1.7)
+      sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -180,37 +183,42 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
-    railties (7.0.4)
-      actionpack (= 7.0.4)
-      activesupport (= 7.0.4)
+    railties (6.1.7)
+      actionpack (= 6.1.7)
+      activesupport (= 6.1.7)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
-      zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.0.6)
     rb-readline (0.5.5)
     redirect_safely (1.0.0)
       activemodel
-    regexp_parser (2.6.0)
+    regexp_parser (2.6.1)
     rexml (3.2.5)
-    rubocop (1.37.0)
+    rubocop (1.39.0)
       json (~> 2.3)
       parallel (~> 1.10)
       parser (>= 3.1.2.1)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.22.0, < 2.0)
+      rubocop-ast (>= 1.23.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.22.0)
+    rubocop-ast (1.24.0)
       parser (>= 3.1.1.0)
     rubocop-shopify (2.10.1)
       rubocop (~> 1.35)
+    ruby-lsp (0.3.6)
+      language_server-protocol (~> 3.17.0)
+      sorbet-runtime
+      syntax_tree (>= 4.0.2, < 5.0.0)
     ruby-progressbar (1.11.0)
-    securerandom (0.2.0)
-    shopify_api (12.2.1)
+    ruby2_keywords (0.0.5)
+    securerandom (0.2.1)
+    shopify_api (12.3.0)
+      activesupport
       concurrent-ruby
       hash_diff
       httparty
@@ -219,8 +227,8 @@ GEM
       openssl
       securerandom
       sorbet-runtime
-      zeitwerk (~> 2.5)
-    sorbet-runtime (0.5.10501)
+      zeitwerk (~> 2.5, < 2.6.5)
+    sorbet-runtime (0.5.10576)
     sprockets (4.1.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -228,10 +236,13 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
-    sqlite3 (1.5.3)
-      mini_portile2 (~> 2.8.0)
+    sqlite3 (1.5.4-arm64-darwin)
+    sqlite3 (1.5.4-x86_64-darwin)
+    sqlite3 (1.5.4-x86_64-linux)
+    syntax_tree (4.3.0)
+      prettier_print (>= 1.0.2)
     thor (1.2.1)
-    timeout (0.3.0)
+    timeout (0.3.1)
     tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.3.0)
@@ -242,10 +253,12 @@ GEM
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
-    zeitwerk (2.6.1)
+    zeitwerk (2.6.4)
 
 PLATFORMS
-  ruby
+  arm64-darwin-21
+  x86_64-darwin-19
+  x86_64-linux
 
 DEPENDENCIES
   byebug
@@ -254,13 +267,15 @@ DEPENDENCIES
   pry
   pry-nav
   pry-stack_explorer
+  rails (< 7)
   rails-controller-testing
   rake
   rb-readline
   rubocop-shopify
+  ruby-lsp
   shopify_app!
   sqlite3 (~> 1.4)
   webmock
 
 BUNDLED WITH
-   2.3.7
+   2.3.4

data/README.md

@@ -7,10 +7,10 @@
 
 This gem builds Rails applications that can be embedded in the Shopify Admin.
 
-[Introduction](#introduction) | 
-[Requirements](#requirements) | 
-[Usage](#usage) | 
-[Documentation](#documentation) | 
+[Introduction](#introduction) |
+[Requirements](#requirements) |
+[Usage](#usage) |
+[Documentation](#documentation) |
 [Contributing](/CONTRIBUTING.md) |
 [License](/LICENSE)
 
@@ -22,15 +22,12 @@ This gem includes a Rails engine, generators, modules, and mixins that help crea
 <!-- This section is linked to in `templates/shopify_app.rb.tt`. Be careful renaming this heading. -->
 ## Requirements
 
-> **Rails compatibility** 
-> * Use Shopify App `<= v7.2.8` if you need to work with Rails 4.
-
 To become a Shopify app developer, you will need a [Shopify Partners](https://www.shopify.com/partners) account. Explore the [Shopify dev docs](https://shopify.dev/concepts/shopify-introduction) to learn more about [building Shopify apps](https://shopify.dev/concepts/apps).
 
 This gem requires that you have the following credentials:
 
-- **Shopify API key:** The API key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations). 
-- **Shopify API secret:** The API secret key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations). 
+- **Shopify API key:** The API key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
+- **Shopify API secret:** The API secret key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
 
 ## Usage
 
@@ -40,13 +37,15 @@ This gem requires that you have the following credentials:
 rails new my_shopify_app
 ```
 
-2. Add the Shopify App gem to `my_shopify_app`'s Gemfile.
+2. Add the Shopify App gem to the app's Gemfile:
 
 ```sh
 bundle add shopify_app
 ```
 
-3. Create a `.env` file in the root of `my_shopify_app` to specify your full host and Shopify API credentials:
+3. You will need to provide several environment variables to the app.
+There are a variety of way of doing this, but for a development environment we recommended the [`dotenv-rails`](https://github.com/bkeepers/dotenv) gem.
+Create a `.env` file in the root of your Rails app to specify the full host and Shopify API credentials:
 
 ```sh
 HOST=http://localhost:3000
@@ -54,8 +53,6 @@ SHOPIFY_API_KEY=<Your Shopify API key>
 SHOPIFY_API_SECRET=<Your Shopify API secret>
 ```
 
-> In a development environment, you can use a gem like `dotenv-rails` to manage environment variables. 
-
 4. Run the default Shopify App generator to create an app that can be embedded in the Shopify Admin:
 
 ```sh
@@ -74,9 +71,14 @@ rails db:migrate
 rails server
 ```
 
-7. Install the app by visiting the server's URL (e.g. http://127.0.0.1:3000) and specifying the subdomain of the shop where you want it to be installed to.
+7. Within [Shopify Partners](https://www.shopify.com/partners), navigate to your App, then App Setup, and configure the URLs, e.g.:
+
+  * App URL: http://localhost:3000/
+  * Allowed redirection URL(s): http://localhost:3000/auth/shopify/callback
+
+8. Install the app by visiting the server's URL (e.g. http://localhost:3000) and specifying the subdomain of the shop where you want it to be installed to.
 
-8. After the app is installed, you're redirected to the embedded app.
+9. After the app is installed, you're redirected to the embedded app.
 
 This app implements [OAuth 2.0](https://shopify.dev/tutorials/authenticate-with-oauth) with Shopify to authenticate requests made to Shopify APIs. By default, this app is configured to use [session tokens](https://shopify.dev/concepts/apps/building-embedded-apps-using-session-tokens) to authenticate merchants when embedded in the Shopify Admin.
 
@@ -102,6 +104,7 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor
 [Shopify App](/docs/shopify_app)
   * [Authentication](/docs/shopify_app/authentication.md)
   * [Engine](/docs/shopify_app/engine.md)
+  * [Controller Concerns](/docs/shopify_app/controller-concerns.md)
   * [Generators](/docs/shopify_app/generators.md)
   * [ScriptTags](/docs/shopify_app/script-tags.md)
   * [Session repository](/docs/shopify_app/session-repository.md)
@@ -109,6 +112,7 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor
   * [Testing](/docs/shopify_app/testing.md)
   * [Webhooks](/docs/shopify_app/webhooks.md)
   * [Content Security Policy](/docs/shopify_app/content-security-policy.md)
+  * [Logging](/docs/shopify_app/logging.md)
 
 ### Engine
 

data/SECURITY.md

@@ -56,4 +56,4 @@ We look forward to working with all security researchers and strive to be respec
 
 ## Receiving Security Updates
 
-To recieve all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)
+To receive all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)

data/app/controllers/concerns/shopify_app/authenticated.rb

@@ -5,15 +5,10 @@ module ShopifyApp
     extend ActiveSupport::Concern
 
     included do
-      include ShopifyApp::Localization
-      include ShopifyApp::LoginProtection
-      include ShopifyApp::CsrfProtection
-      include ShopifyApp::EmbeddedApp
-      include ShopifyApp::EnsureBilling
-
-      before_action :login_again_if_different_user_or_shop
-      around_action :activate_shopify_session
-      after_action :add_top_level_redirection_headers
+      ShopifyApp::Logger.deprecated("Authenticated has been replaced by EnsureHasSession."\
+        " Please use the EnsureHasSession controller concern for the same behavior", "22.0.0")
     end
+
+    include ShopifyApp::EnsureHasSession
   end
 end

data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb

@@ -15,6 +15,7 @@ module ShopifyApp
         return_to: request.fullpath,
         shop: current_shopify_domain,
         host: params[:host],
+        embedded: params[:embedded],
       )
     end
 
@@ -27,8 +28,8 @@ module ShopifyApp
     def redirect_to_splash_page
       redirect_to(splash_page)
     rescue ::ShopifyApp::ShopifyDomainNotFound => error
-      Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
-        "Could not determine current shop domain")
+      ShopifyApp::Logger.warn("Redirecting to login: [#{error.class}]"\
+        " Could not determine current shop domain")
       redirect_to(ShopifyApp.configuration.login_url)
     end
 

data/app/controllers/concerns/shopify_app/ensure_has_session.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module EnsureHasSession
+    extend ActiveSupport::Concern
+
+    included do
+      include ShopifyApp::Localization
+      include ShopifyApp::LoginProtection
+      include ShopifyApp::CsrfProtection
+      include ShopifyApp::EmbeddedApp
+      include ShopifyApp::EnsureBilling
+
+      before_action :login_again_if_different_user_or_shop
+      around_action :activate_shopify_session
+      after_action :add_top_level_redirection_headers
+    end
+  end
+end