shopify_app 21.10.0 → 22.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (31) hide show
  1. checksums.yaml +4 -4
  2. data/.github/ISSUE_TEMPLATE/bug-report.md +23 -18
  3. data/.github/workflows/build.yml +1 -1
  4. data/.github/workflows/rubocop.yml +2 -2
  5. data/CHANGELOG.md +21 -0
  6. data/CODE_OF_CONDUCT.md +46 -0
  7. data/Gemfile.lock +7 -9
  8. data/README.md +0 -1
  9. data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +5 -1
  10. data/app/controllers/concerns/shopify_app/ensure_installed.rb +2 -2
  11. data/app/controllers/shopify_app/callback_controller.rb +15 -14
  12. data/config/routes.rb +1 -1
  13. data/docs/Upgrading.md +25 -1
  14. data/docs/shopify_app/controller-concerns.md +21 -0
  15. data/docs/shopify_app/generators.md +2 -2
  16. data/lib/shopify_app/controller_concerns/embedded_app.rb +12 -4
  17. data/lib/shopify_app/controller_concerns/login_protection.rb +9 -11
  18. data/lib/shopify_app/engine.rb +1 -2
  19. data/lib/shopify_app/version.rb +1 -1
  20. data/lib/shopify_app.rb +0 -3
  21. data/package.json +1 -1
  22. data/shopify_app.gemspec +2 -3
  23. metadata +15 -30
  24. data/app/controllers/concerns/shopify_app/authenticated.rb +0 -17
  25. data/app/controllers/concerns/shopify_app/require_known_shop.rb +0 -16
  26. data/docs/shopify_app/script-tags.md +0 -28
  27. data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +0 -42
  28. data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb +0 -63
  29. data/lib/shopify_app/controller_concerns/itp.rb +0 -50
  30. data/lib/shopify_app/jobs/scripttags_manager_job.rb +0 -16
  31. data/lib/shopify_app/managers/scripttags_manager.rb +0 -85
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 927f0886c6d7be713738a4c38d2a1c5319593d2d8e4d200d854957abae73ac09
4
- data.tar.gz: cca13c50d4cc99853ef10e119d4cb10cf96ba786ee9e146c2acacc12758d741f
3
+ metadata.gz: 9ea486458223aad4ec68fd15a99a340d79ae306e95b8596ca7b9f447b0ac237c
4
+ data.tar.gz: 7cfc9f51c225a89a3aacf87fc6cd3724c3c69399c60588cab9ac821f32b9bde0
5
5
  SHA512:
6
- metadata.gz: db9c6d4fdee1744d974fcde46f54d4246c2886dafb4d31f3423d9c903566f730c06a0b3187a21cdd534d7ee63be95c1fa318e85c007b53f682cbf7a6d3184df2
7
- data.tar.gz: eb437382bf4fba13da3d3780fd05e29360807c8d999239d129dd4ff5e92fc63de33dea382deb9ab9f0e9552d208a1405acb5aa68cb85c20a7310afd81681bcb0
6
+ metadata.gz: 6c3c7f2426c24946ab299bb2499e5065c16828fe72ff8160f7d114c96ba7ff658d032494f418d58668ff0ad2fc53288a237fa92f35950e8028aeb0cd551b9d4d
7
+ data.tar.gz: e86005c3bde23478adc4444ff93274f3c6e4646f063399eb80f9165ab2a0b56765209038d49174889d2e026519296f4b44a929ce0201be5bc25c2c98470f3258
@@ -6,36 +6,41 @@ labels: "Type: Bug 🐛"
6
6
 
7
7
  # Issue summary
8
8
 
9
- <!--
10
-
11
- Write a short description of the issue here. Please provide any details or logs that
12
- can help us debug it.
9
+ Before opening this issue, I have:
10
+
11
+ - [ ] Upgraded to the latest version of the package
12
+ - `shopify_app` version:
13
+ - Ruby version:
14
+ - Operating system:
15
+ - [ ] Set `log_level: :debug` [in my configuration](https://github.com/Shopify/shopify-api-ruby#setup-shopify-context), if applicable
16
+ - [ ] Found a reliable way to reproduce the problem that indicates it's a problem with the package
17
+ - [ ] Looked for similar issues in this repository
18
+ - [ ] Checked that this isn't an issue with a Shopify API
19
+ - If it is, please create a post in the [Shopify community forums](https://community.shopify.com/c/partners-and-developers/ct-p/appdev) or report it to [Shopify Partner Support](https://help.shopify.com/en/support/partners/org-select)
13
20
 
14
- Increase the logs as described in the README by setting log_level to :debug, and paste the relevant portion here.
15
-
16
- Learn more: https://github.com/Shopify/shopify-api-ruby#setup-shopify-context
21
+ <!--
22
+ Write a short description of the issue here.
17
23
 
24
+ We can only fix issues for which there is a clear reproduction scenario.
25
+ The more context you can provide, the easier it becomes for us to investigate and fix the issue.
18
26
  -->
19
27
 
20
- - `shopify_api` version:
21
- - `shopify_app` version:
22
- - Ruby version:
23
- - Operating system:
24
-
25
- ```
26
- // Paste any relevant logs here
27
- ```
28
-
29
28
  ## Expected behavior
30
29
 
31
- <!-- What do you think should happen? -->
30
+ What do you think should happen?
32
31
 
33
32
  ## Actual behavior
34
33
 
35
- <!-- What actually happens? -->
34
+ What actually happens?
36
35
 
37
36
  ## Steps to reproduce the problem
38
37
 
39
38
  1.
40
39
  1.
41
40
  1.
41
+
42
+ ## Debug logs
43
+
44
+ ```
45
+ // Paste any relevant logs here
46
+ ```
@@ -12,7 +12,7 @@ jobs:
12
12
  name: Ruby ${{ matrix.version }}
13
13
  strategy:
14
14
  matrix:
15
- version: ['2.7', '3.0', '3.1', '3.2']
15
+ version: ['3.0', '3.1', '3.2']
16
16
 
17
17
  steps:
18
18
  - uses: actions/checkout@v3
@@ -8,10 +8,10 @@ jobs:
8
8
 
9
9
  steps:
10
10
  - uses: actions/checkout@v3
11
- - name: Set up Ruby 2.7
11
+ - name: Set up Ruby 3.2
12
12
  uses: ruby/setup-ruby@v1
13
13
  with:
14
- ruby-version: 2.7
14
+ ruby-version: 3.2
15
15
  bundler-cache: true
16
16
  - name: Install gems
17
17
  run: |
data/CHANGELOG.md CHANGED
@@ -1,6 +1,27 @@
1
1
  Unreleased
2
2
  ----------
3
3
 
4
+ 22.0.1 (March 12, 2024)
5
+ ----------
6
+ * Bumps `shopify_api` to `14.0.1` [1813](https://github.com/Shopify/shopify_app/pull/1813)
7
+
8
+ 22.00.0 (March 5, 2024)
9
+ ----------
10
+
11
+ To migrate from a previous version, please see the [v22 migration guide](docs/Upgrading.md#upgrading-to-v2200).
12
+
13
+ * ⚠️ [Breaking] Bumps minimum supported Ruby version to 3.0. Bumps `shopify_api` to 14.0 [1801](https://github.com/Shopify/shopify_app/pull/1801)
14
+ * ⚠️ [Breaking] Removes deprecated controller concerns that were renamed in `v21.10.0`. [1805](https://github.com/Shopify/shopify_app/pull/1805)
15
+ * ⚠️ [Breaking] Removes deprecated `ScripttagManager`. We realize there was communication error in our logging where we logged future deprecation instead of our inteded removal. Since we have been logging that for 2 years we felt we'd move forward with the removal instead pushing this off until the next major release. [1806](https://github.com/Shopify/shopify_app/pull/1806)
16
+ * ⚠️ [Breaking] Removes ITP controller concern and `browser_sniffer` dependency.[1810](https://github.com/Shopify/shopify_app/pull/1810)
17
+ * ⚠️ [Breaking] Removes Marketing Extensions generator [1810](https://github.com/Shopify/shopify_app/pull/1810)
18
+ * ⚠️ [Breaking] Thows an error if a controller includes incompatible concerns (LoginProtection/EnsureInstalled) [1809](https://github.com/Shopify/shopify_app/pull/1809)
19
+ * ⚠️ [Breaking] No longer rescues non-shopify API errors during OAuth
20
+ callback [1807](https://github.com/Shopify/shopify_app/pull/1807)
21
+ * Make type param for webhooks route optional. This will fix a bug with CLI initiated webhooks.[1786](https://github.com/Shopify/shopify_app/pull/1786)
22
+ * Fix redirecting to login when we catch a 401 response from Shopify, so that it can also handle cases where the app is already embedded when that happens.[1787](https://github.com/Shopify/shopify_app/pull/1787)
23
+ * Always register webhooks with offline sessions.[1788](https://github.com/Shopify/shopify_app/pull/1788)
24
+
4
25
  21.10.0 (January 24, 2024)
5
26
  ----------
6
27
  * Fix session deletion for users with customized session storage[#1773](https://github.com/Shopify/shopify_app/pull/1773)
@@ -0,0 +1,46 @@
1
+ # Contributor Code of Conduct
2
+
3
+ As contributors and maintainers of this project, and in the interest of
4
+ fostering an open and welcoming community, we pledge to respect all
5
+ people who contribute through reporting issues, posting feature
6
+ requests, updating documentation, submitting pull requests or patches,
7
+ and other activities.
8
+
9
+ We are committed to making participation in this project a
10
+ harassment-free experience for everyone, regardless of level of
11
+ experience, gender, gender identity and expression, sexual orientation,
12
+ disability, personal appearance, body size, race, ethnicity, age,
13
+ religion, or nationality.
14
+
15
+ Examples of unacceptable behavior by participants include:
16
+
17
+ - The use of sexualized language or imagery
18
+ - Personal attacks
19
+ - Trolling or insulting/derogatory comments
20
+ - Public or private harassment
21
+ - Publishing other's private information, such as physical or electronic
22
+ addresses, without explicit permission
23
+ - Other unethical or unprofessional conduct
24
+
25
+ Project maintainers have the right and responsibility to remove, edit,
26
+ or reject comments, commits, code, wiki edits, issues, and other
27
+ contributions that are not aligned to this Code of Conduct, or to ban
28
+ temporarily or permanently any contributor for other behaviors that they
29
+ deem inappropriate, threatening, offensive, or harmful.
30
+
31
+ By adopting this Code of Conduct, project maintainers commit themselves
32
+ to fairly and consistently applying these principles to every aspect of
33
+ managing this project. Project maintainers who do not follow or enforce
34
+ the Code of Conduct may be permanently removed from the project team.
35
+
36
+ This Code of Conduct applies both within project spaces and in public
37
+ spaces when an individual is representing the project or its community.
38
+
39
+ Instances of abusive, harassing, or otherwise unacceptable behavior may
40
+ be reported by contacting a project maintainer at <opensource@shopify.com>.
41
+ All complaints will be reviewed and investigated and will result in a response
42
+ that is deemed necessary and appropriate to the circumstances. Maintainers are
43
+ obligated to maintain confidentiality with regard to the reporter of an incident.
44
+
45
+ This Code of Conduct is adapted from the Contributor Covenant, version
46
+ 1.3.0, available from http://contributor-covenant.org/version/1/3/0/
data/Gemfile.lock CHANGED
@@ -1,14 +1,13 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- shopify_app (21.10.0)
4
+ shopify_app (22.0.1)
5
5
  activeresource
6
6
  addressable (~> 2.7)
7
- browser_sniffer (~> 2.0)
8
7
  jwt (>= 2.2.3)
9
8
  rails (> 5.2.1)
10
9
  redirect_safely (~> 1.0)
11
- shopify_api (~> 13.4)
10
+ shopify_api (>= 14.0.1, < 15.0)
12
11
  sprockets-rails (>= 2.0.0)
13
12
 
14
13
  GEM
@@ -86,7 +85,6 @@ GEM
86
85
  ast (2.4.2)
87
86
  binding_of_caller (1.0.0)
88
87
  debug_inspector (>= 0.0.1)
89
- browser_sniffer (2.2.0)
90
88
  builder (3.2.4)
91
89
  byebug (11.1.3)
92
90
  coderay (1.1.3)
@@ -134,11 +132,11 @@ GEM
134
132
  net-smtp (0.3.3)
135
133
  net-protocol
136
134
  nio4r (2.5.9)
137
- nokogiri (1.15.0-arm64-darwin)
135
+ nokogiri (1.16.2-arm64-darwin)
138
136
  racc (~> 1.4)
139
- nokogiri (1.15.0-x86_64-darwin)
137
+ nokogiri (1.16.2-x86_64-darwin)
140
138
  racc (~> 1.4)
141
- nokogiri (1.15.0-x86_64-linux)
139
+ nokogiri (1.16.2-x86_64-linux)
142
140
  racc (~> 1.4)
143
141
  oj (3.14.3)
144
142
  openssl (3.1.0)
@@ -155,7 +153,7 @@ GEM
155
153
  binding_of_caller (~> 1.0)
156
154
  pry (~> 0.13)
157
155
  public_suffix (5.0.1)
158
- racc (1.6.2)
156
+ racc (1.7.3)
159
157
  rack (2.2.7)
160
158
  rack-test (2.1.0)
161
159
  rack (>= 1.3)
@@ -217,7 +215,7 @@ GEM
217
215
  ruby-progressbar (1.13.0)
218
216
  ruby2_keywords (0.0.5)
219
217
  securerandom (0.2.2)
220
- shopify_api (13.4.0)
218
+ shopify_api (14.0.1)
221
219
  activesupport
222
220
  concurrent-ruby
223
221
  hash_diff
data/README.md CHANGED
@@ -106,7 +106,6 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor
106
106
  * [Engine](/docs/shopify_app/engine.md)
107
107
  * [Controller Concerns](/docs/shopify_app/controller-concerns.md)
108
108
  * [Generators](/docs/shopify_app/generators.md)
109
- * [ScriptTags](/docs/shopify_app/script-tags.md)
110
109
  * [Sessions](/docs/shopify_app/sessions.md)
111
110
  * [Handling changes in access scopes](/docs/shopify_app/handling-access-scopes-changes.md)
112
111
  * [Testing](/docs/shopify_app/testing.md)
@@ -20,11 +20,15 @@ module ShopifyApp
20
20
  end
21
21
 
22
22
  def splash_page_with_params(params)
23
- uri = URI(root_path)
23
+ uri = URI(base_url)
24
24
  uri.query = params.compact.to_query
25
25
  uri.to_s
26
26
  end
27
27
 
28
+ def base_url
29
+ ShopifyApp.configuration.root_url.presence || root_path
30
+ end
31
+
28
32
  def redirect_to_splash_page
29
33
  redirect_to(splash_page)
30
34
  rescue ::ShopifyApp::ShopifyDomainNotFound => error
@@ -9,10 +9,10 @@ module ShopifyApp
9
9
  if defined?(ShopifyApp::LoginProtection) && ancestors.include?(ShopifyApp::LoginProtection)
10
10
  message = <<~EOS
11
11
  We detected the use of incompatible concerns (EnsureInstalled and LoginProtection) in #{name},
12
- which may lead to unpredictable behavior. In a future release of this library this will raise an error.
12
+ which leads to unpredictable behavior. You cannot include both concerns in the same controller.
13
13
  EOS
14
14
 
15
- ShopifyApp::Logger.deprecated(message, "22.0.0")
15
+ raise message
16
16
  end
17
17
 
18
18
  before_action :check_shop_domain
@@ -10,8 +10,12 @@ module ShopifyApp
10
10
  begin
11
11
  api_session, cookie = validated_auth_objects
12
12
  rescue => error
13
- deprecate_callback_rescue(error) unless error.class.module_parent == ShopifyAPI::Errors
14
- return respond_with_error
13
+ if error.class.module_parent == ShopifyAPI::Errors
14
+ callback_rescue(error)
15
+ return respond_with_error
16
+ else
17
+ raise error
18
+ end
15
19
  end
16
20
 
17
21
  save_session(api_session) if api_session
@@ -25,6 +29,10 @@ module ShopifyApp
25
29
 
26
30
  private
27
31
 
32
+ def callback_rescue(error)
33
+ ShopifyApp::Logger.debug("#{error.class} was rescued and redirected to login_url_with_optional_shop")
34
+ end
35
+
28
36
  def deprecate_callback_rescue(error)
29
37
  message = <<~EOS
30
38
  An error of type #{error.class} was rescued. This is not part of `ShopifyAPI::Errors`, which could indicate a
@@ -130,8 +138,11 @@ module ShopifyApp
130
138
  end
131
139
 
132
140
  def perform_post_authenticate_jobs(session)
133
- install_webhooks(session)
134
- install_scripttags(session)
141
+ # Ensure we use the shop session to install webhooks
142
+ session_for_shop = session.online? ? shop_session : session
143
+
144
+ install_webhooks(session_for_shop)
145
+
135
146
  perform_after_authenticate_job(session)
136
147
  end
137
148
 
@@ -141,16 +152,6 @@ module ShopifyApp
141
152
  WebhooksManager.queue(session.shop, session.access_token)
142
153
  end
143
154
 
144
- def install_scripttags(session)
145
- return unless ShopifyApp.configuration.has_scripttags?
146
-
147
- ScripttagsManager.queue(
148
- session.shop,
149
- session.access_token,
150
- ShopifyApp.configuration.scripttags,
151
- )
152
- end
153
-
154
155
  def perform_after_authenticate_job(session)
155
156
  config = ShopifyApp.configuration.after_authenticate_job
156
157
 
data/config/routes.rb CHANGED
@@ -26,6 +26,6 @@ ShopifyApp::Engine.routes.draw do
26
26
  end
27
27
 
28
28
  namespace :webhooks do
29
- post ":type" => :receive
29
+ post "(:type)" => :receive
30
30
  end
31
31
  end
data/docs/Upgrading.md CHANGED
@@ -8,6 +8,8 @@ This file documents important changes needed to upgrade your app's Shopify App v
8
8
 
9
9
  [Unreleased](#unreleased)
10
10
 
11
+ [Upgrading to `v22.0.0`](#upgrading-to-v2200)
12
+
11
13
  [Upgrading to `v20.3.0`](#upgrading-to-v2030)
12
14
 
13
15
  [Upgrading to `v20.2.0`](#upgrading-to-v2020)
@@ -38,8 +40,30 @@ We also recommend the use of a staging site which matches your production enviro
38
40
 
39
41
  If you do run into issues, we recommend looking at our [debugging tips.](https://github.com/Shopify/shopify_app/blob/main/docs/Troubleshooting.md#debugging-tips)
40
42
 
43
+ ## Upgrading to `v22.0.0`
44
+ #### Dropped support for Ruby 2.x
45
+ Support for Ruby 2.x has been dropped as it is no longer supported. You'll need to upgrade to 3.x.x
46
+
47
+ #### Renamed Controller Concerns
48
+ The following controller concerns have been renamed/replaced in `v21.10.0` and have now been removed. To upgrade, please rename any usage in your apps's controllers that include them to the following:
49
+
50
+ |Old Deprecated Controller Concern |Replaced By New Controller Concern|
51
+ |---|---|
52
+ |`Authenticated`|`EnsureHasSession`|
53
+ |`RequireKnownShop`|`EnsureInstalled`|
54
+
55
+ The new names better reflect what assurances the including the controller concern provide. The new concern provide similar if not identical functionality as the concerns they replaced.
56
+
57
+ #### Remove ScripttagManager
58
+ Script tag usage has largely been replaced with the adoption of [theme app extensions](https://shopify.dev/docs/apps/online-store/theme-app-extensions) and [thank you order status customization](https://shopify.dev/docs/apps/checkout/thank-you-order-status). The manager has been removed with this major release due to effective replacement and a goal to have parity in supported functionality across language stacks.
59
+
60
+ If you find yourself still using Scipt Tags and want to continue the pattern of declarative management of script tags this gem used to use, we recommend porting the logic [the manager used in prior versions](https://github.com/Shopify/shopify_app/blob/2336fabc6d0b45a4dee3f336455dace4d2d88bc4/lib/shopify_app/managers/scripttags_manager.rb#L4) and implementing it in a [post authentication job](https://github.com/Shopify/shopify_app/blob/main/docs/shopify_app/authentication.md#run-jobs-after-the-oauth-flow). This is the recommended flow to create script tags (or any other logic) for stores that install your app.
61
+
62
+ #### No longer rescue non-shopify API errors during customized OAuth flow
63
+ If you have customized authentication logic and are counting on the `CallbackController` to catch your error and redirect to login, you'll need to catch that error and redirect to `login_url_with_optional_shop`.
64
+
41
65
  ## Upgrading to 21.3.0
42
- The `Itp` controller concern has been removed from `LoginProtection` which is included by the `Authenticated` controller concern.
66
+ The `Itp` controller concern has been removed from `LoginProtection` which is included by the `Authenticated`/`EnsureHasSession` controller concern.
43
67
  If any of your controllers are dependant on methods from `Itp` then you can include `ShopifyApp::Itp` directly.
44
68
  You may notice a deprecation notice saying, `Itp will be removed in an upcoming version`.
45
69
  This is because we intend on removing `Itp` completely in `v22.0.0`, but this will work in the meantime.
@@ -64,5 +64,26 @@ Implements Rails' [protect_from_forgery](https://api.rubyonrails.org/classes/Act
64
64
  #### EmbeddedApp
65
65
  If your ShopifyApp configuration has the `embedded_app` config set to true, [P3P header](https://www.w3.org/P3P/) and [content security policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) are handled for you.
66
66
 
67
+ By default, the `EmbeddedApp` concern also sets the layout file to be `app/views/layouts/embedded_app.html.erb`.
68
+
69
+ Sometimes one wants to run an embedded app in non-embedded mode. For example:
70
+
71
+ - When the remote environment is a CI;
72
+ - When the remote environment is a preview/PR app;
73
+ - When the developer wants to run the app in a non-embedded mode for testing.
74
+
75
+ To use the same application layout for every application controller, a developer can now overwrite the `#use_embedded_app_layout?` method.
76
+
77
+ ```ruby
78
+ class ApplicationController
79
+ # Ensures every controller is using the standard app/views/layouts/application.html.erb layout.
80
+ #
81
+ # @return [true, false]
82
+ def use_embedded_app_layout?
83
+ false
84
+ end
85
+ end
86
+ ```
87
+
67
88
  #### EnsureBilling
68
89
  If billing is enabled for the app, the active payment for the session is queried and enforced if needed. If billing is required the user will be redirected to a page requesting payment.
@@ -68,13 +68,13 @@ Specify whether the app is an embedded app. Apps are embedded by default.
68
68
 
69
69
  #### `$ rails generate shopify_app:shop_model`
70
70
 
71
- This generator creates a `Shop` model and a migration to store shop installation records. See [*Shop-based token strategy*](/docs/shopify_app/session-repository.md#shop-based-token-storage) to learn more.
71
+ This generator creates a `Shop` model and a migration to store shop installation records. See [*Shop-based token strategy*](/docs/shopify_app/sessions.md#shop-offline-token-storage) to learn more.
72
72
 
73
73
  ---
74
74
 
75
75
  #### `$ rails generate shopify_app:user_model`
76
76
 
77
- This generator creates a `User` model and a migration to store user records. See [*User-based token strategy*](/docs/shopify_app/session-repository.md#user-based-token-storage) to learn more.
77
+ This generator creates a `User` model and a migration to store user records. See [*User-based token strategy*](/docs/shopify_app/sessions.md#user-online-token-storage) to learn more.
78
78
 
79
79
  ---
80
80
 
@@ -7,14 +7,22 @@ module ShopifyApp
7
7
  include ShopifyApp::FrameAncestors
8
8
 
9
9
  included do
10
- if ShopifyApp.configuration.embedded_app?
11
- after_action(:set_esdk_headers)
12
- layout("embedded_app")
13
- end
10
+ layout :embedded_app_layout
11
+ after_action :set_esdk_headers, if: -> { ShopifyApp.configuration.embedded_app? }
12
+ end
13
+
14
+ protected
15
+
16
+ def use_embedded_app_layout?
17
+ ShopifyApp.configuration.embedded_app?
14
18
  end
15
19
 
16
20
  private
17
21
 
22
+ def embedded_app_layout
23
+ "embedded_app" if use_embedded_app_layout?
24
+ end
25
+
18
26
  def set_esdk_headers
19
27
  response.set_header("P3P", 'CP="Not used"')
20
28
  response.headers.except!("X-Frame-Options")
@@ -1,21 +1,18 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "browser_sniffer"
4
-
5
3
  module ShopifyApp
6
4
  module LoginProtection
7
5
  extend ActiveSupport::Concern
8
6
  include ShopifyApp::SanitizedParams
9
7
 
10
8
  included do
11
- if defined?(ShopifyApp::RequireKnownShop) &&
12
- defined?(ShopifyApp::EnsureInstalled) &&
13
- ancestors.include?(ShopifyApp::RequireKnownShop || ShopifyApp::EnsureInstalled)
9
+ if defined?(ShopifyApp::EnsureInstalled) &&
10
+ ancestors.include?(ShopifyApp::EnsureInstalled)
14
11
  message = <<~EOS
15
- We detected the use of incompatible concerns (RequireKnownShop/EnsureInstalled and LoginProtection) in #{name},
16
- which may lead to unpredictable behavior. In a future release of this library this will raise an error.
12
+ We detected the use of incompatible concerns (EnsureInstalled and LoginProtection) in #{name},
13
+ which leads to unpredictable behavior. You cannot include both concerns in the same controller.
17
14
  EOS
18
- ShopifyApp::Logger.deprecated(message, "22.0.0")
15
+ raise message
19
16
  end
20
17
 
21
18
  rescue_from ShopifyAPI::Errors::HttpResponseError, with: :handle_http_error
@@ -147,10 +144,11 @@ module ShopifyApp
147
144
  end
148
145
 
149
146
  def close_session
150
- clear_shopify_session
151
147
  ShopifyApp::Logger.debug("Closing session")
152
- ShopifyApp::Logger.debug("Redirecting to #{login_url_with_optional_shop}")
153
- redirect_to(login_url_with_optional_shop)
148
+ clear_shopify_session
149
+
150
+ ShopifyApp::Logger.debug("Redirecting to login")
151
+ redirect_to_login
154
152
  end
155
153
 
156
154
  def handle_http_error(error)
@@ -5,7 +5,7 @@ module ShopifyApp
5
5
  private
6
6
 
7
7
  def args_info(job)
8
- log_disabled_classes = ["ShopifyApp::ScripttagsManagerJob", "ShopifyApp::WebhooksManagerJob"]
8
+ log_disabled_classes = ["ShopifyApp::WebhooksManagerJob"]
9
9
  return "" if log_disabled_classes.include?(job.class.name)
10
10
 
11
11
  super
@@ -35,7 +35,6 @@ module ShopifyApp
35
35
  ActiveSupport.on_load(:active_job) do
36
36
  if ActiveJob::Base.respond_to?(:log_arguments?)
37
37
  WebhooksManagerJob.log_arguments = false
38
- ScripttagsManagerJob.log_arguments = false
39
38
  elsif ActiveJob::Logging::LogSubscriber.private_method_defined?(:args_info)
40
39
  ActiveJob::Logging::LogSubscriber.prepend(RedactJobParams)
41
40
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ShopifyApp
4
- VERSION = "21.10.0"
4
+ VERSION = "22.0.1"
5
5
  end
data/lib/shopify_app.rb CHANGED
@@ -44,7 +44,6 @@ module ShopifyApp
44
44
  require "shopify_app/controller_concerns/csrf_protection"
45
45
  require "shopify_app/controller_concerns/localization"
46
46
  require "shopify_app/controller_concerns/frame_ancestors"
47
- require "shopify_app/controller_concerns/itp"
48
47
  require "shopify_app/controller_concerns/sanitized_params"
49
48
  require "shopify_app/controller_concerns/redirect_for_embedded"
50
49
  require "shopify_app/controller_concerns/login_protection"
@@ -56,11 +55,9 @@ module ShopifyApp
56
55
 
57
56
  # jobs
58
57
  require "shopify_app/jobs/webhooks_manager_job"
59
- require "shopify_app/jobs/scripttags_manager_job"
60
58
 
61
59
  # managers
62
60
  require "shopify_app/managers/webhooks_manager"
63
- require "shopify_app/managers/scripttags_manager"
64
61
 
65
62
  # middleware
66
63
  require "shopify_app/middleware/jwt_middleware"
data/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shopify_app",
3
- "version": "21.10.0",
3
+ "version": "22.0.1",
4
4
  "repository": "git@github.com:Shopify/shopify_app.git",
5
5
  "author": "Shopify",
6
6
  "license": "MIT",
data/shopify_app.gemspec CHANGED
@@ -10,17 +10,16 @@ Gem::Specification.new do |s|
10
10
  s.author = "Shopify"
11
11
  s.summary = "This gem is used to get quickly started with the Shopify API"
12
12
 
13
- s.required_ruby_version = ">= 2.7"
13
+ s.required_ruby_version = ">= 3.0"
14
14
 
15
15
  s.metadata["allowed_push_host"] = "https://rubygems.org"
16
16
 
17
17
  s.add_runtime_dependency("activeresource") # TODO: Remove this once all active resource dependencies are removed
18
18
  s.add_runtime_dependency("addressable", "~> 2.7")
19
- s.add_runtime_dependency("browser_sniffer", "~> 2.0")
20
19
  s.add_runtime_dependency("jwt", ">= 2.2.3")
21
20
  s.add_runtime_dependency("rails", "> 5.2.1")
22
21
  s.add_runtime_dependency("redirect_safely", "~> 1.0")
23
- s.add_runtime_dependency("shopify_api", "~> 13.4")
22
+ s.add_runtime_dependency("shopify_api", ">= 14.0.1", "< 15.0")
24
23
  s.add_runtime_dependency("sprockets-rails", ">= 2.0.0")
25
24
 
26
25
  s.add_development_dependency("byebug")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 21.10.0
4
+ version: 22.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-24 00:00:00.000000000 Z
11
+ date: 2024-03-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activeresource
@@ -38,20 +38,6 @@ dependencies:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: '2.7'
41
- - !ruby/object:Gem::Dependency
42
- name: browser_sniffer
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - "~>"
46
- - !ruby/object:Gem::Version
47
- version: '2.0'
48
- type: :runtime
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - "~>"
53
- - !ruby/object:Gem::Version
54
- version: '2.0'
55
41
  - !ruby/object:Gem::Dependency
56
42
  name: jwt
57
43
  requirement: !ruby/object:Gem::Requirement
@@ -98,16 +84,22 @@ dependencies:
98
84
  name: shopify_api
99
85
  requirement: !ruby/object:Gem::Requirement
100
86
  requirements:
101
- - - "~>"
87
+ - - ">="
102
88
  - !ruby/object:Gem::Version
103
- version: '13.4'
89
+ version: 14.0.1
90
+ - - "<"
91
+ - !ruby/object:Gem::Version
92
+ version: '15.0'
104
93
  type: :runtime
105
94
  prerelease: false
106
95
  version_requirements: !ruby/object:Gem::Requirement
107
96
  requirements:
108
- - - "~>"
97
+ - - ">="
98
+ - !ruby/object:Gem::Version
99
+ version: 14.0.1
100
+ - - "<"
109
101
  - !ruby/object:Gem::Version
110
- version: '13.4'
102
+ version: '15.0'
111
103
  - !ruby/object:Gem::Dependency
112
104
  name: sprockets-rails
113
105
  requirement: !ruby/object:Gem::Requirement
@@ -301,6 +293,7 @@ files:
301
293
  - ".ruby-version"
302
294
  - ".spin/rails/prepare-application"
303
295
  - CHANGELOG.md
296
+ - CODE_OF_CONDUCT.md
304
297
  - CONTRIBUTING.md
305
298
  - Gemfile
306
299
  - Gemfile.lock
@@ -312,11 +305,9 @@ files:
312
305
  - app/assets/javascripts/shopify_app/app_bridge_3.7.8.js
313
306
  - app/assets/javascripts/shopify_app/app_bridge_redirect.js
314
307
  - app/assets/javascripts/shopify_app/redirect.js
315
- - app/controllers/concerns/shopify_app/authenticated.rb
316
308
  - app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
317
309
  - app/controllers/concerns/shopify_app/ensure_has_session.rb
318
310
  - app/controllers/concerns/shopify_app/ensure_installed.rb
319
- - app/controllers/concerns/shopify_app/require_known_shop.rb
320
311
  - app/controllers/concerns/shopify_app/shop_access_scopes_verification.rb
321
312
  - app/controllers/shopify_app/authenticated_controller.rb
322
313
  - app/controllers/shopify_app/callback_controller.rb
@@ -364,7 +355,6 @@ files:
364
355
  - docs/shopify_app/generators.md
365
356
  - docs/shopify_app/handling-access-scopes-changes.md
366
357
  - docs/shopify_app/logging.md
367
- - docs/shopify_app/script-tags.md
368
358
  - docs/shopify_app/sessions.md
369
359
  - docs/shopify_app/testing.md
370
360
  - docs/shopify_app/webhooks.md
@@ -374,8 +364,6 @@ files:
374
364
  - lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb
375
365
  - lib/generators/shopify_app/add_app_uninstalled_job/add_app_uninstalled_job_generator.rb
376
366
  - lib/generators/shopify_app/add_app_uninstalled_job/templates/app_uninstalled_job.rb.tt
377
- - lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb
378
- - lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb
379
367
  - lib/generators/shopify_app/add_privacy_jobs/add_privacy_jobs_generator.rb
380
368
  - lib/generators/shopify_app/add_privacy_jobs/templates/customers_data_request_job.rb.tt
381
369
  - lib/generators/shopify_app/add_privacy_jobs/templates/customers_redact_job.rb.tt
@@ -432,7 +420,6 @@ files:
432
420
  - lib/shopify_app/controller_concerns/embedded_app.rb
433
421
  - lib/shopify_app/controller_concerns/ensure_billing.rb
434
422
  - lib/shopify_app/controller_concerns/frame_ancestors.rb
435
- - lib/shopify_app/controller_concerns/itp.rb
436
423
  - lib/shopify_app/controller_concerns/localization.rb
437
424
  - lib/shopify_app/controller_concerns/login_protection.rb
438
425
  - lib/shopify_app/controller_concerns/payload_verification.rb
@@ -441,10 +428,8 @@ files:
441
428
  - lib/shopify_app/controller_concerns/webhook_verification.rb
442
429
  - lib/shopify_app/engine.rb
443
430
  - lib/shopify_app/errors.rb
444
- - lib/shopify_app/jobs/scripttags_manager_job.rb
445
431
  - lib/shopify_app/jobs/webhooks_manager_job.rb
446
432
  - lib/shopify_app/logger.rb
447
- - lib/shopify_app/managers/scripttags_manager.rb
448
433
  - lib/shopify_app/managers/webhooks_manager.rb
449
434
  - lib/shopify_app/middleware/jwt_middleware.rb
450
435
  - lib/shopify_app/session/in_memory_session_store.rb
@@ -482,14 +467,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
482
467
  requirements:
483
468
  - - ">="
484
469
  - !ruby/object:Gem::Version
485
- version: '2.7'
470
+ version: '3.0'
486
471
  required_rubygems_version: !ruby/object:Gem::Requirement
487
472
  requirements:
488
473
  - - ">="
489
474
  - !ruby/object:Gem::Version
490
475
  version: '0'
491
476
  requirements: []
492
- rubygems_version: 3.5.4
477
+ rubygems_version: 3.5.6
493
478
  signing_key:
494
479
  specification_version: 4
495
480
  summary: This gem is used to get quickly started with the Shopify API
@@ -1,17 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ShopifyApp
4
- module Authenticated
5
- extend ActiveSupport::Concern
6
-
7
- included do
8
- ShopifyApp::Logger.deprecated(
9
- "Authenticated has been replaced by EnsureHasSession."\
10
- " Please use the EnsureHasSession controller concern for the same behavior",
11
- "22.0.0",
12
- )
13
- end
14
-
15
- include ShopifyApp::EnsureHasSession
16
- end
17
- end
@@ -1,16 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ShopifyApp
4
- module RequireKnownShop
5
- extend ActiveSupport::Concern
6
- include ShopifyApp::EnsureInstalled
7
-
8
- included do
9
- ShopifyApp::Logger.deprecated(
10
- "RequireKnownShop has been replaced by EnsureInstalled."\
11
- " Please use the EnsureInstalled controller concern for the same behavior",
12
- "22.0.0",
13
- )
14
- end
15
- end
16
- end
@@ -1,28 +0,0 @@
1
- # ScriptTags
2
-
3
- #### Table of contents
4
-
5
- [Manage ScriptTags using the Shopify App initializer](#manage-scripttags-using-the-shopify-app-initializer)
6
-
7
- ## Manage ScriptTags using the Shopify App initializer
8
-
9
- As with webhooks, ShopifyApp can manage your app's [ScriptTags](https://shopify-dev-staging.shopifycloud.com/docs/admin-api/graphql/reference/online-store/scripttag) for you by setting which scripttags you require in the initializer:
10
-
11
- ```ruby
12
- ShopifyApp.configure do |config|
13
- config.scripttags = [
14
- {event:'onload', src: 'https://example.com/fancy.js'},
15
- {event:'onload', src: ->(domain) { dynamic_tag_url(domain) } }
16
- ]
17
- end
18
- ```
19
-
20
- You also need to have write_script_tags permission in the config scope in order to add script tags automatically:
21
-
22
- ```ruby
23
- config.scope = '... , write_script_tags'
24
- ```
25
-
26
- Scripttags are created in the same way as the [Webhooks](/docs/shopify_app/webhooks.md), with a background job which will create the required scripttags.
27
-
28
- If `src` responds to `call` its return value will be used as the scripttag's source. It will be called on scripttag creation and deletion.
@@ -1,42 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "rails/generators/base"
4
-
5
- module ShopifyApp
6
- module Generators
7
- class AddMarketingActivityExtensionGenerator < Rails::Generators::Base
8
- source_root File.expand_path("../templates", __FILE__)
9
-
10
- def generate_app_extension
11
- ShopifyApp::Logger.deprecated("MarketingActivitiesController will be removed in an upcoming version", "22.0.0")
12
- template("marketing_activities_controller.rb", "app/controllers/marketing_activities_controller.rb")
13
- generate_routes
14
- end
15
-
16
- private
17
-
18
- def generate_routes
19
- inject_into_file(
20
- "config/routes.rb",
21
- optimize_indentation(routes, 2),
22
- after: "root :to => 'home#index'\n",
23
- )
24
- end
25
-
26
- def routes
27
- <<~EOS
28
-
29
- resource :marketing_activities, only: [:create, :update] do
30
- patch :resume
31
- patch :pause
32
- patch :delete
33
- post :republish
34
- post :preload_form_data
35
- post :preview
36
- post :errors
37
- end
38
- EOS
39
- end
40
- end
41
- end
42
- end
@@ -1,63 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class MarketingActivitiesController < ShopifyApp::ExtensionVerificationController
4
- def preload_form_data
5
- preload_data = {
6
- "form_data": {},
7
- }
8
- render(json: preload_data, status: :ok)
9
- end
10
-
11
- def update
12
- render(json: {}, status: :accepted)
13
- end
14
-
15
- def pause
16
- render(json: {}, status: :accepted)
17
- end
18
-
19
- def resume
20
- render(json: {}, status: :accepted)
21
- end
22
-
23
- def delete
24
- render(json: {}, status: :accepted)
25
- end
26
-
27
- def preview
28
- placeholder_img = "https://cdn.shopify.com/s/files/1/0533/2089/files/placeholder-images-image_small.png"
29
- preview_response = {
30
- "desktop": {
31
- "preview_url": placeholder_img,
32
- "content_type": "text/html",
33
- "width": 360,
34
- "height": 200,
35
- },
36
- "mobile": {
37
- "preview_url": placeholder_img,
38
- "content_type": "text/html",
39
- "width": 360,
40
- "height": 200,
41
- },
42
- }
43
- render(json: preview_response, status: :ok)
44
- end
45
-
46
- def create
47
- render(json: {}, status: :ok)
48
- end
49
-
50
- def republish
51
- render(json: {}, status: :accepted)
52
- end
53
-
54
- def errors
55
- request_id = params[:request_id]
56
- message = params[:message]
57
-
58
- ShopifyApp::Logger.info("[Marketing Activity App Error Feedback]"\
59
- "Request id: #{request_id}, message: #{message}")
60
-
61
- render(json: {}, status: :ok)
62
- end
63
- end
@@ -1,50 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ShopifyApp
4
- # Cookie management helpers required for ITP implementation
5
- module Itp
6
- extend ActiveSupport::Concern
7
- included do
8
- ShopifyApp::Logger.deprecated("Itp will be removed in an upcoming version", "22.0.0")
9
- end
10
-
11
- private
12
-
13
- def set_test_cookie
14
- return unless ShopifyApp.configuration.embedded_app?
15
- return unless user_agent_can_partition_cookies
16
-
17
- session["shopify.cookies_persist"] = true
18
- end
19
-
20
- def set_top_level_oauth_cookie
21
- session["shopify.top_level_oauth"] = true
22
- end
23
-
24
- def clear_top_level_oauth_cookie
25
- session.delete("shopify.top_level_oauth")
26
- end
27
-
28
- def user_agent_is_mobile
29
- user_agent = BrowserSniffer.new(request.user_agent).browser_info
30
-
31
- user_agent[:name].to_s.match(/Shopify\sMobile/)
32
- end
33
-
34
- def user_agent_is_pos
35
- user_agent = BrowserSniffer.new(request.user_agent).browser_info
36
-
37
- user_agent[:name].to_s.match(/Shopify\sPOS/)
38
- end
39
-
40
- def user_agent_can_partition_cookies
41
- user_agent = BrowserSniffer.new(request.user_agent).browser_info
42
-
43
- is_safari = user_agent[:name].to_s.match(/Safari/)
44
-
45
- return false unless is_safari
46
-
47
- user_agent[:version].to_s.match(/12\.0/)
48
- end
49
- end
50
- end
@@ -1,16 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ShopifyApp
4
- class ScripttagsManagerJob < ActiveJob::Base
5
- queue_as do
6
- ShopifyApp.configuration.scripttags_manager_queue_name
7
- end
8
-
9
- def perform(shop_domain:, shop_token:, scripttags:)
10
- ShopifyAPI::Auth::Session.temp(shop: shop_domain, access_token: shop_token) do
11
- manager = ScripttagsManager.new(scripttags, shop_domain)
12
- manager.create_scripttags
13
- end
14
- end
15
- end
16
- end
@@ -1,85 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module ShopifyApp
4
- class ScripttagsManager
5
- def self.queue(shop_domain, shop_token, scripttags)
6
- ShopifyApp::ScripttagsManagerJob.perform_later(
7
- shop_domain: shop_domain,
8
- shop_token: shop_token,
9
- # Procs cannot be serialized so we interpolate now, if necessary
10
- scripttags: build_src(scripttags, shop_domain),
11
- )
12
- end
13
-
14
- def self.build_src(scripttags, domain)
15
- scripttags.map do |tag|
16
- next tag unless tag[:src].respond_to?(:call)
17
-
18
- tag = tag.dup
19
- tag[:src] = tag[:src].call(domain)
20
- tag
21
- end
22
- end
23
-
24
- attr_reader :required_scripttags, :shop_domain
25
-
26
- def initialize(scripttags, shop_domain)
27
- ShopifyApp::Logger.deprecated("The ScripttagsManager will become deprecated in an upcoming version", "22.0.0")
28
- @required_scripttags = scripttags
29
- @shop_domain = shop_domain
30
- end
31
-
32
- def recreate_scripttags!
33
- destroy_scripttags
34
- create_scripttags
35
- end
36
-
37
- def create_scripttags
38
- return unless required_scripttags.present?
39
-
40
- expanded_scripttags.each do |scripttag|
41
- create_scripttag(scripttag) unless scripttag_exists?(scripttag[:src])
42
- end
43
- end
44
-
45
- def destroy_scripttags
46
- scripttags = expanded_scripttags
47
- ShopifyAPI::ScriptTag.all.each do |tag|
48
- tag.delete if required_scripttag?(scripttags, tag)
49
- end
50
-
51
- @current_scripttags = nil
52
- end
53
-
54
- private
55
-
56
- def expanded_scripttags
57
- self.class.build_src(required_scripttags, shop_domain)
58
- end
59
-
60
- def required_scripttag?(scripttags, tag)
61
- scripttags.map { |w| w[:src] }.include?(tag.src)
62
- end
63
-
64
- def create_scripttag(attributes)
65
- scripttag = ShopifyAPI::ScriptTag.new
66
- attributes.each { |key, value| scripttag.public_send("#{key}=", value) }
67
-
68
- begin
69
- scripttag.save!
70
- rescue ShopifyAPI::Errors::HttpResponseError => e
71
- raise ::ShopifyApp::CreationFailed, e.message
72
- end
73
-
74
- scripttag
75
- end
76
-
77
- def scripttag_exists?(src)
78
- current_scripttags[src]
79
- end
80
-
81
- def current_scripttags
82
- @current_scripttags ||= ShopifyAPI::ScriptTag.all.index_by(&:src)
83
- end
84
- end
85
- end