shopify_app 21.2.0 → 21.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build.yml +7 -8
- data/.github/workflows/stale.yml +1 -0
- data/.spin/rails/prepare-application +8 -0
- data/CHANGELOG.md +19 -0
- data/Gemfile +1 -0
- data/Gemfile.lock +106 -91
- data/README.md +19 -15
- data/SECURITY.md +1 -1
- data/app/controllers/concerns/shopify_app/authenticated.rb +4 -9
- data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +3 -2
- data/app/controllers/concerns/shopify_app/ensure_has_session.rb +19 -0
- data/app/controllers/concerns/shopify_app/ensure_installed.rb +62 -0
- data/app/controllers/concerns/shopify_app/require_known_shop.rb +3 -38
- data/app/controllers/shopify_app/authenticated_controller.rb +1 -1
- data/app/controllers/shopify_app/callback_controller.rb +64 -27
- data/app/controllers/shopify_app/extension_verification_controller.rb +4 -1
- data/app/controllers/shopify_app/sessions_controller.rb +11 -2
- data/config/locales/ja.yml +1 -1
- data/docs/Troubleshooting.md +38 -2
- data/docs/Upgrading.md +40 -32
- data/docs/shopify_app/controller-concerns.md +48 -0
- data/docs/shopify_app/logging.md +21 -0
- data/docs/shopify_app/webhooks.md +13 -0
- data/lib/generators/shopify_app/add_app_uninstalled_job/add_app_uninstalled_job_generator.rb +15 -0
- data/lib/generators/shopify_app/add_app_uninstalled_job/templates/app_uninstalled_job.rb.tt +22 -0
- data/lib/generators/shopify_app/add_gdpr_jobs/add_gdpr_jobs_generator.rb +23 -0
- data/lib/generators/shopify_app/add_gdpr_jobs/templates/customers_data_request_job.rb.tt +22 -0
- data/lib/generators/shopify_app/add_gdpr_jobs/templates/customers_redact_job.rb.tt +22 -0
- data/lib/generators/shopify_app/add_gdpr_jobs/templates/shop_redact_job.rb.tt +22 -0
- data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +1 -0
- data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb +2 -1
- data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt +2 -1
- data/lib/generators/shopify_app/authenticated_controller/templates/authenticated_controller.rb +1 -1
- data/lib/generators/shopify_app/home_controller/templates/index.html.erb +1 -1
- data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb +1 -1
- data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +8 -2
- data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb +1 -1
- data/lib/generators/shopify_app/shopify_app_generator.rb +2 -0
- data/lib/shopify_app/access_scopes/noop_strategy.rb +4 -0
- data/lib/shopify_app/access_scopes/user_strategy.rb +5 -0
- data/lib/shopify_app/configuration.rb +11 -0
- data/lib/shopify_app/controller_concerns/ensure_billing.rb +3 -0
- data/lib/shopify_app/controller_concerns/itp.rb +5 -0
- data/lib/shopify_app/controller_concerns/login_protection.rb +52 -13
- data/lib/shopify_app/controller_concerns/redirect_for_embedded.rb +4 -1
- data/lib/shopify_app/controller_concerns/webhook_verification.rb +4 -1
- data/lib/shopify_app/logger.rb +28 -0
- data/lib/shopify_app/managers/scripttags_manager.rb +1 -0
- data/lib/shopify_app/managers/webhooks_manager.rb +6 -0
- data/lib/shopify_app/session/jwt.rb +1 -1
- data/lib/shopify_app/session/session_repository.rb +15 -4
- data/lib/shopify_app/utils.rb +9 -1
- data/lib/shopify_app/version.rb +1 -1
- data/lib/shopify_app.rb +2 -0
- data/package.json +1 -1
- data/shopify_app.gemspec +2 -1
- data/yarn.lock +5 -5
- metadata +30 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 00bf2ba9c43324a703b21367459c592b93d092f2926f2d6862bfb7efb9494853
|
4
|
+
data.tar.gz: 7792d5fd3f1a5af452357c0c6f26b8c245e471171e86a95dad5559bdb87ab6d8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f963fc4af5645f47d072aff3d0aa9cf47b7f1c20d422fcf43ec4466804d24a18916864d96372c407c1ef7c2e8963a3b5946763534bde5070ebd767ce1da3957d
|
7
|
+
data.tar.gz: 79cd7bd816b1b9759d6531f9c9a65fe81d6d7c9ed1e671c127c44b2f74a2b962d27d0eb5ac9b8c48378f012aec88451d9c533bfca345d14a6c8f0193993378a4
|
data/.github/workflows/build.yml
CHANGED
@@ -28,13 +28,12 @@ jobs:
|
|
28
28
|
ruby-version: ${{ matrix.version }}
|
29
29
|
bundler-cache: true
|
30
30
|
- name: Set up Node
|
31
|
-
uses: actions/setup-node@
|
31
|
+
uses: actions/setup-node@v3
|
32
32
|
with:
|
33
33
|
node-version: '12'
|
34
|
-
- name: Install Dependencies
|
35
|
-
run:
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
bundle exec rake test
|
34
|
+
- name: Install Yarn Dependencies
|
35
|
+
run: yarn
|
36
|
+
- name: Run Yarn Tests
|
37
|
+
run: yarn test
|
38
|
+
- name: Run Ruby Tests
|
39
|
+
run: bundle exec rake test
|
data/.github/workflows/stale.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,25 @@
|
|
1
1
|
Unreleased
|
2
2
|
----------
|
3
3
|
|
4
|
+
21.3.1 (Dec 12, 2022)
|
5
|
+
----------
|
6
|
+
* Fix bug with stores using the new unified admin that were falsely being flagged as phishing attempts [#1608](https://github.com/Shopify/shopify_app/pull/1608)
|
7
|
+
|
8
|
+
21.3.0 (Dec 9, 2022)
|
9
|
+
----------
|
10
|
+
* Move covered scopes check into user access strategy [#1600](https://github.com/Shopify/shopify_app/pull/1600)
|
11
|
+
* Add configuration option for user access strategy [#1599](https://github.com/Shopify/shopify_app/pull/1599)
|
12
|
+
* Fixes a bug with `EnsureAuthenticatedLinks` causing deep links to not work [#1549](https://github.com/Shopify/shopify_app/pull/1549)
|
13
|
+
* Ensure online token is properly used when using `current_shopify_session` [#1566](https://github.com/Shopify/shopify_app/pull/1566)
|
14
|
+
* Added debug logs, you can read more about logging [here](./docs/logging.md). [#1545](https://github.com/Shopify/shopify_app/pull/1545)
|
15
|
+
* Emit a deprecation notice for wrongly-rescued exceptions [#1530](https://github.com/Shopify/shopify_app/pull/1530)
|
16
|
+
* Log a deprecation warning for the use of incompatible controller concerns [#1560](https://github.com/Shopify/shopify_app/pull/1560)
|
17
|
+
* Fixes bug with expired sessions for embedded apps returning a 500 instead of 401 [#1580](https://github.com/Shopify/shopify_app/pull/1580)
|
18
|
+
* Generator properly handles uninstall [#1597](https://github.com/Shopify/shopify_app/pull/1597)
|
19
|
+
* Move ownership for session persistence from library to this gem [#1563](https://github.com/Shopify/shopify_app/pull/1563)
|
20
|
+
* Patch phishing vulnerability [#1605](https://github.com/Shopify/shopify_app/pull/1605)
|
21
|
+
* Remove `Itp` from `LoginProtection`. See the [upgrading docs](https://github.com/Shopify/shopify_app/blob/main/docs/Upgrading.md) for more information. [#1604](https://github.com/Shopify/shopify_app/pull/1604)
|
22
|
+
|
4
23
|
21.2.0 (Oct 25, 2022)
|
5
24
|
----------
|
6
25
|
* Pass access scopes on query string [#1540](https://github.com/Shopify/shopify_app/pull/1540)
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,97 +1,91 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
shopify_app (21.
|
4
|
+
shopify_app (21.3.1)
|
5
5
|
activeresource
|
6
6
|
browser_sniffer (~> 2.0)
|
7
7
|
jwt (>= 2.2.3)
|
8
8
|
rails (> 5.2.1)
|
9
9
|
redirect_safely (~> 1.0)
|
10
|
-
shopify_api (~> 12.
|
10
|
+
shopify_api (~> 12.3)
|
11
11
|
sprockets-rails (>= 2.0.0)
|
12
12
|
|
13
13
|
GEM
|
14
14
|
remote: https://rubygems.org/
|
15
15
|
specs:
|
16
|
-
actioncable (
|
17
|
-
actionpack (=
|
18
|
-
activesupport (=
|
16
|
+
actioncable (6.1.7)
|
17
|
+
actionpack (= 6.1.7)
|
18
|
+
activesupport (= 6.1.7)
|
19
19
|
nio4r (~> 2.0)
|
20
20
|
websocket-driver (>= 0.6.1)
|
21
|
-
actionmailbox (
|
22
|
-
actionpack (=
|
23
|
-
activejob (=
|
24
|
-
activerecord (=
|
25
|
-
activestorage (=
|
26
|
-
activesupport (=
|
21
|
+
actionmailbox (6.1.7)
|
22
|
+
actionpack (= 6.1.7)
|
23
|
+
activejob (= 6.1.7)
|
24
|
+
activerecord (= 6.1.7)
|
25
|
+
activestorage (= 6.1.7)
|
26
|
+
activesupport (= 6.1.7)
|
27
27
|
mail (>= 2.7.1)
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
actionview (= 7.0.4)
|
34
|
-
activejob (= 7.0.4)
|
35
|
-
activesupport (= 7.0.4)
|
28
|
+
actionmailer (6.1.7)
|
29
|
+
actionpack (= 6.1.7)
|
30
|
+
actionview (= 6.1.7)
|
31
|
+
activejob (= 6.1.7)
|
32
|
+
activesupport (= 6.1.7)
|
36
33
|
mail (~> 2.5, >= 2.5.4)
|
37
|
-
net-imap
|
38
|
-
net-pop
|
39
|
-
net-smtp
|
40
34
|
rails-dom-testing (~> 2.0)
|
41
|
-
actionpack (
|
42
|
-
actionview (=
|
43
|
-
activesupport (=
|
44
|
-
rack (~> 2.0, >= 2.
|
35
|
+
actionpack (6.1.7)
|
36
|
+
actionview (= 6.1.7)
|
37
|
+
activesupport (= 6.1.7)
|
38
|
+
rack (~> 2.0, >= 2.0.9)
|
45
39
|
rack-test (>= 0.6.3)
|
46
40
|
rails-dom-testing (~> 2.0)
|
47
41
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
48
|
-
actiontext (
|
49
|
-
actionpack (=
|
50
|
-
activerecord (=
|
51
|
-
activestorage (=
|
52
|
-
activesupport (=
|
53
|
-
globalid (>= 0.6.0)
|
42
|
+
actiontext (6.1.7)
|
43
|
+
actionpack (= 6.1.7)
|
44
|
+
activerecord (= 6.1.7)
|
45
|
+
activestorage (= 6.1.7)
|
46
|
+
activesupport (= 6.1.7)
|
54
47
|
nokogiri (>= 1.8.5)
|
55
|
-
actionview (
|
56
|
-
activesupport (=
|
48
|
+
actionview (6.1.7)
|
49
|
+
activesupport (= 6.1.7)
|
57
50
|
builder (~> 3.1)
|
58
51
|
erubi (~> 1.4)
|
59
52
|
rails-dom-testing (~> 2.0)
|
60
53
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
61
|
-
activejob (
|
62
|
-
activesupport (=
|
54
|
+
activejob (6.1.7)
|
55
|
+
activesupport (= 6.1.7)
|
63
56
|
globalid (>= 0.3.6)
|
64
|
-
activemodel (
|
65
|
-
activesupport (=
|
57
|
+
activemodel (6.1.7)
|
58
|
+
activesupport (= 6.1.7)
|
66
59
|
activemodel-serializers-xml (1.0.2)
|
67
60
|
activemodel (> 5.x)
|
68
61
|
activesupport (> 5.x)
|
69
62
|
builder (~> 3.1)
|
70
|
-
activerecord (
|
71
|
-
activemodel (=
|
72
|
-
activesupport (=
|
63
|
+
activerecord (6.1.7)
|
64
|
+
activemodel (= 6.1.7)
|
65
|
+
activesupport (= 6.1.7)
|
73
66
|
activeresource (6.0.0)
|
74
67
|
activemodel (>= 6.0)
|
75
68
|
activemodel-serializers-xml (~> 1.0)
|
76
69
|
activesupport (>= 6.0)
|
77
|
-
activestorage (
|
78
|
-
actionpack (=
|
79
|
-
activejob (=
|
80
|
-
activerecord (=
|
81
|
-
activesupport (=
|
70
|
+
activestorage (6.1.7)
|
71
|
+
actionpack (= 6.1.7)
|
72
|
+
activejob (= 6.1.7)
|
73
|
+
activerecord (= 6.1.7)
|
74
|
+
activesupport (= 6.1.7)
|
82
75
|
marcel (~> 1.0)
|
83
76
|
mini_mime (>= 1.1.0)
|
84
|
-
activesupport (
|
77
|
+
activesupport (6.1.7)
|
85
78
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
86
79
|
i18n (>= 1.6, < 2)
|
87
80
|
minitest (>= 5.1)
|
88
81
|
tzinfo (~> 2.0)
|
82
|
+
zeitwerk (~> 2.3)
|
89
83
|
addressable (2.8.1)
|
90
84
|
public_suffix (>= 2.0.2, < 6.0)
|
91
85
|
ast (2.4.2)
|
92
86
|
binding_of_caller (1.0.0)
|
93
87
|
debug_inspector (>= 0.0.1)
|
94
|
-
browser_sniffer (2.
|
88
|
+
browser_sniffer (2.2.0)
|
95
89
|
builder (3.2.4)
|
96
90
|
byebug (11.1.3)
|
97
91
|
coderay (1.1.3)
|
@@ -110,40 +104,48 @@ GEM
|
|
110
104
|
multi_xml (>= 0.5.2)
|
111
105
|
i18n (1.12.0)
|
112
106
|
concurrent-ruby (~> 1.0)
|
113
|
-
json (2.6.
|
107
|
+
json (2.6.3)
|
114
108
|
jwt (2.5.0)
|
109
|
+
language_server-protocol (3.17.0.2)
|
115
110
|
loofah (2.19.0)
|
116
111
|
crass (~> 1.0.2)
|
117
112
|
nokogiri (>= 1.5.9)
|
118
|
-
mail (2.
|
113
|
+
mail (2.8.0)
|
119
114
|
mini_mime (>= 0.1.1)
|
115
|
+
net-imap
|
116
|
+
net-pop
|
117
|
+
net-smtp
|
120
118
|
marcel (1.0.2)
|
121
119
|
method_source (1.0.0)
|
122
120
|
mime-types (3.4.1)
|
123
121
|
mime-types-data (~> 3.2015)
|
124
122
|
mime-types-data (3.2022.0105)
|
125
123
|
mini_mime (1.1.2)
|
126
|
-
mini_portile2 (2.8.0)
|
127
124
|
minitest (5.16.3)
|
128
|
-
mocha (
|
125
|
+
mocha (2.0.2)
|
126
|
+
ruby2_keywords (>= 0.0.5)
|
129
127
|
multi_xml (0.6.0)
|
130
128
|
net-imap (0.3.1)
|
131
129
|
net-protocol
|
132
130
|
net-pop (0.1.2)
|
133
131
|
net-protocol
|
134
|
-
net-protocol (0.
|
132
|
+
net-protocol (0.2.0)
|
135
133
|
timeout
|
136
|
-
net-smtp (0.3.
|
134
|
+
net-smtp (0.3.3)
|
137
135
|
net-protocol
|
138
136
|
nio4r (2.5.8)
|
139
|
-
nokogiri (1.13.9)
|
140
|
-
|
137
|
+
nokogiri (1.13.9-arm64-darwin)
|
138
|
+
racc (~> 1.4)
|
139
|
+
nokogiri (1.13.9-x86_64-darwin)
|
141
140
|
racc (~> 1.4)
|
142
|
-
|
141
|
+
nokogiri (1.13.9-x86_64-linux)
|
142
|
+
racc (~> 1.4)
|
143
|
+
oj (3.13.23)
|
143
144
|
openssl (3.0.1)
|
144
145
|
parallel (1.22.1)
|
145
|
-
parser (3.1.
|
146
|
+
parser (3.1.3.0)
|
146
147
|
ast (~> 2.4.1)
|
148
|
+
prettier_print (1.1.0)
|
147
149
|
pry (0.14.1)
|
148
150
|
coderay (~> 1.1)
|
149
151
|
method_source (~> 1.0)
|
@@ -152,25 +154,26 @@ GEM
|
|
152
154
|
pry-stack_explorer (0.6.1)
|
153
155
|
binding_of_caller (~> 1.0)
|
154
156
|
pry (~> 0.13)
|
155
|
-
public_suffix (5.0.
|
156
|
-
racc (1.6.
|
157
|
+
public_suffix (5.0.1)
|
158
|
+
racc (1.6.1)
|
157
159
|
rack (2.2.4)
|
158
160
|
rack-test (2.0.2)
|
159
161
|
rack (>= 1.3)
|
160
|
-
rails (
|
161
|
-
actioncable (=
|
162
|
-
actionmailbox (=
|
163
|
-
actionmailer (=
|
164
|
-
actionpack (=
|
165
|
-
actiontext (=
|
166
|
-
actionview (=
|
167
|
-
activejob (=
|
168
|
-
activemodel (=
|
169
|
-
activerecord (=
|
170
|
-
activestorage (=
|
171
|
-
activesupport (=
|
162
|
+
rails (6.1.7)
|
163
|
+
actioncable (= 6.1.7)
|
164
|
+
actionmailbox (= 6.1.7)
|
165
|
+
actionmailer (= 6.1.7)
|
166
|
+
actionpack (= 6.1.7)
|
167
|
+
actiontext (= 6.1.7)
|
168
|
+
actionview (= 6.1.7)
|
169
|
+
activejob (= 6.1.7)
|
170
|
+
activemodel (= 6.1.7)
|
171
|
+
activerecord (= 6.1.7)
|
172
|
+
activestorage (= 6.1.7)
|
173
|
+
activesupport (= 6.1.7)
|
172
174
|
bundler (>= 1.15.0)
|
173
|
-
railties (=
|
175
|
+
railties (= 6.1.7)
|
176
|
+
sprockets-rails (>= 2.0.0)
|
174
177
|
rails-controller-testing (1.0.5)
|
175
178
|
actionpack (>= 5.0.1.rc1)
|
176
179
|
actionview (>= 5.0.1.rc1)
|
@@ -180,37 +183,42 @@ GEM
|
|
180
183
|
nokogiri (>= 1.6)
|
181
184
|
rails-html-sanitizer (1.4.3)
|
182
185
|
loofah (~> 2.3)
|
183
|
-
railties (
|
184
|
-
actionpack (=
|
185
|
-
activesupport (=
|
186
|
+
railties (6.1.7)
|
187
|
+
actionpack (= 6.1.7)
|
188
|
+
activesupport (= 6.1.7)
|
186
189
|
method_source
|
187
190
|
rake (>= 12.2)
|
188
191
|
thor (~> 1.0)
|
189
|
-
zeitwerk (~> 2.5)
|
190
192
|
rainbow (3.1.1)
|
191
193
|
rake (13.0.6)
|
192
194
|
rb-readline (0.5.5)
|
193
195
|
redirect_safely (1.0.0)
|
194
196
|
activemodel
|
195
|
-
regexp_parser (2.6.
|
197
|
+
regexp_parser (2.6.1)
|
196
198
|
rexml (3.2.5)
|
197
|
-
rubocop (1.
|
199
|
+
rubocop (1.39.0)
|
198
200
|
json (~> 2.3)
|
199
201
|
parallel (~> 1.10)
|
200
202
|
parser (>= 3.1.2.1)
|
201
203
|
rainbow (>= 2.2.2, < 4.0)
|
202
204
|
regexp_parser (>= 1.8, < 3.0)
|
203
205
|
rexml (>= 3.2.5, < 4.0)
|
204
|
-
rubocop-ast (>= 1.
|
206
|
+
rubocop-ast (>= 1.23.0, < 2.0)
|
205
207
|
ruby-progressbar (~> 1.7)
|
206
208
|
unicode-display_width (>= 1.4.0, < 3.0)
|
207
|
-
rubocop-ast (1.
|
209
|
+
rubocop-ast (1.24.0)
|
208
210
|
parser (>= 3.1.1.0)
|
209
211
|
rubocop-shopify (2.10.1)
|
210
212
|
rubocop (~> 1.35)
|
213
|
+
ruby-lsp (0.3.6)
|
214
|
+
language_server-protocol (~> 3.17.0)
|
215
|
+
sorbet-runtime
|
216
|
+
syntax_tree (>= 4.0.2, < 5.0.0)
|
211
217
|
ruby-progressbar (1.11.0)
|
212
|
-
|
213
|
-
|
218
|
+
ruby2_keywords (0.0.5)
|
219
|
+
securerandom (0.2.1)
|
220
|
+
shopify_api (12.3.0)
|
221
|
+
activesupport
|
214
222
|
concurrent-ruby
|
215
223
|
hash_diff
|
216
224
|
httparty
|
@@ -219,8 +227,8 @@ GEM
|
|
219
227
|
openssl
|
220
228
|
securerandom
|
221
229
|
sorbet-runtime
|
222
|
-
zeitwerk (~> 2.5)
|
223
|
-
sorbet-runtime (0.5.
|
230
|
+
zeitwerk (~> 2.5, < 2.6.5)
|
231
|
+
sorbet-runtime (0.5.10576)
|
224
232
|
sprockets (4.1.1)
|
225
233
|
concurrent-ruby (~> 1.0)
|
226
234
|
rack (> 1, < 3)
|
@@ -228,10 +236,13 @@ GEM
|
|
228
236
|
actionpack (>= 5.2)
|
229
237
|
activesupport (>= 5.2)
|
230
238
|
sprockets (>= 3.0.0)
|
231
|
-
sqlite3 (1.5.
|
232
|
-
|
239
|
+
sqlite3 (1.5.4-arm64-darwin)
|
240
|
+
sqlite3 (1.5.4-x86_64-darwin)
|
241
|
+
sqlite3 (1.5.4-x86_64-linux)
|
242
|
+
syntax_tree (4.3.0)
|
243
|
+
prettier_print (>= 1.0.2)
|
233
244
|
thor (1.2.1)
|
234
|
-
timeout (0.3.
|
245
|
+
timeout (0.3.1)
|
235
246
|
tzinfo (2.0.5)
|
236
247
|
concurrent-ruby (~> 1.0)
|
237
248
|
unicode-display_width (2.3.0)
|
@@ -242,10 +253,12 @@ GEM
|
|
242
253
|
websocket-driver (0.7.5)
|
243
254
|
websocket-extensions (>= 0.1.0)
|
244
255
|
websocket-extensions (0.1.5)
|
245
|
-
zeitwerk (2.6.
|
256
|
+
zeitwerk (2.6.4)
|
246
257
|
|
247
258
|
PLATFORMS
|
248
|
-
|
259
|
+
arm64-darwin-21
|
260
|
+
x86_64-darwin-19
|
261
|
+
x86_64-linux
|
249
262
|
|
250
263
|
DEPENDENCIES
|
251
264
|
byebug
|
@@ -254,13 +267,15 @@ DEPENDENCIES
|
|
254
267
|
pry
|
255
268
|
pry-nav
|
256
269
|
pry-stack_explorer
|
270
|
+
rails (< 7)
|
257
271
|
rails-controller-testing
|
258
272
|
rake
|
259
273
|
rb-readline
|
260
274
|
rubocop-shopify
|
275
|
+
ruby-lsp
|
261
276
|
shopify_app!
|
262
277
|
sqlite3 (~> 1.4)
|
263
278
|
webmock
|
264
279
|
|
265
280
|
BUNDLED WITH
|
266
|
-
2.3.
|
281
|
+
2.3.4
|
data/README.md
CHANGED
@@ -7,10 +7,10 @@
|
|
7
7
|
|
8
8
|
This gem builds Rails applications that can be embedded in the Shopify Admin.
|
9
9
|
|
10
|
-
[Introduction](#introduction) |
|
11
|
-
[Requirements](#requirements) |
|
12
|
-
[Usage](#usage) |
|
13
|
-
[Documentation](#documentation) |
|
10
|
+
[Introduction](#introduction) |
|
11
|
+
[Requirements](#requirements) |
|
12
|
+
[Usage](#usage) |
|
13
|
+
[Documentation](#documentation) |
|
14
14
|
[Contributing](/CONTRIBUTING.md) |
|
15
15
|
[License](/LICENSE)
|
16
16
|
|
@@ -22,15 +22,12 @@ This gem includes a Rails engine, generators, modules, and mixins that help crea
|
|
22
22
|
<!-- This section is linked to in `templates/shopify_app.rb.tt`. Be careful renaming this heading. -->
|
23
23
|
## Requirements
|
24
24
|
|
25
|
-
> **Rails compatibility**
|
26
|
-
> * Use Shopify App `<= v7.2.8` if you need to work with Rails 4.
|
27
|
-
|
28
25
|
To become a Shopify app developer, you will need a [Shopify Partners](https://www.shopify.com/partners) account. Explore the [Shopify dev docs](https://shopify.dev/concepts/shopify-introduction) to learn more about [building Shopify apps](https://shopify.dev/concepts/apps).
|
29
26
|
|
30
27
|
This gem requires that you have the following credentials:
|
31
28
|
|
32
|
-
- **Shopify API key:** The API key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
|
33
|
-
- **Shopify API secret:** The API secret key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
|
29
|
+
- **Shopify API key:** The API key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
|
30
|
+
- **Shopify API secret:** The API secret key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
|
34
31
|
|
35
32
|
## Usage
|
36
33
|
|
@@ -40,13 +37,15 @@ This gem requires that you have the following credentials:
|
|
40
37
|
rails new my_shopify_app
|
41
38
|
```
|
42
39
|
|
43
|
-
2. Add the Shopify App gem to
|
40
|
+
2. Add the Shopify App gem to the app's Gemfile:
|
44
41
|
|
45
42
|
```sh
|
46
43
|
bundle add shopify_app
|
47
44
|
```
|
48
45
|
|
49
|
-
3.
|
46
|
+
3. You will need to provide several environment variables to the app.
|
47
|
+
There are a variety of way of doing this, but for a development environment we recommended the [`dotenv-rails`](https://github.com/bkeepers/dotenv) gem.
|
48
|
+
Create a `.env` file in the root of your Rails app to specify the full host and Shopify API credentials:
|
50
49
|
|
51
50
|
```sh
|
52
51
|
HOST=http://localhost:3000
|
@@ -54,8 +53,6 @@ SHOPIFY_API_KEY=<Your Shopify API key>
|
|
54
53
|
SHOPIFY_API_SECRET=<Your Shopify API secret>
|
55
54
|
```
|
56
55
|
|
57
|
-
> In a development environment, you can use a gem like `dotenv-rails` to manage environment variables.
|
58
|
-
|
59
56
|
4. Run the default Shopify App generator to create an app that can be embedded in the Shopify Admin:
|
60
57
|
|
61
58
|
```sh
|
@@ -74,9 +71,14 @@ rails db:migrate
|
|
74
71
|
rails server
|
75
72
|
```
|
76
73
|
|
77
|
-
7.
|
74
|
+
7. Within [Shopify Partners](https://www.shopify.com/partners), navigate to your App, then App Setup, and configure the URLs, e.g.:
|
75
|
+
|
76
|
+
* App URL: http://localhost:3000/
|
77
|
+
* Allowed redirection URL(s): http://localhost:3000/auth/shopify/callback
|
78
|
+
|
79
|
+
8. Install the app by visiting the server's URL (e.g. http://localhost:3000) and specifying the subdomain of the shop where you want it to be installed to.
|
78
80
|
|
79
|
-
|
81
|
+
9. After the app is installed, you're redirected to the embedded app.
|
80
82
|
|
81
83
|
This app implements [OAuth 2.0](https://shopify.dev/tutorials/authenticate-with-oauth) with Shopify to authenticate requests made to Shopify APIs. By default, this app is configured to use [session tokens](https://shopify.dev/concepts/apps/building-embedded-apps-using-session-tokens) to authenticate merchants when embedded in the Shopify Admin.
|
82
84
|
|
@@ -102,6 +104,7 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor
|
|
102
104
|
[Shopify App](/docs/shopify_app)
|
103
105
|
* [Authentication](/docs/shopify_app/authentication.md)
|
104
106
|
* [Engine](/docs/shopify_app/engine.md)
|
107
|
+
* [Controller Concerns](/docs/shopify_app/controller-concerns.md)
|
105
108
|
* [Generators](/docs/shopify_app/generators.md)
|
106
109
|
* [ScriptTags](/docs/shopify_app/script-tags.md)
|
107
110
|
* [Session repository](/docs/shopify_app/session-repository.md)
|
@@ -109,6 +112,7 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor
|
|
109
112
|
* [Testing](/docs/shopify_app/testing.md)
|
110
113
|
* [Webhooks](/docs/shopify_app/webhooks.md)
|
111
114
|
* [Content Security Policy](/docs/shopify_app/content-security-policy.md)
|
115
|
+
* [Logging](/docs/shopify_app/logging.md)
|
112
116
|
|
113
117
|
### Engine
|
114
118
|
|
data/SECURITY.md
CHANGED
@@ -56,4 +56,4 @@ We look forward to working with all security researchers and strive to be respec
|
|
56
56
|
|
57
57
|
## Receiving Security Updates
|
58
58
|
|
59
|
-
To
|
59
|
+
To receive all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)
|
@@ -5,15 +5,10 @@ module ShopifyApp
|
|
5
5
|
extend ActiveSupport::Concern
|
6
6
|
|
7
7
|
included do
|
8
|
-
|
9
|
-
|
10
|
-
include ShopifyApp::CsrfProtection
|
11
|
-
include ShopifyApp::EmbeddedApp
|
12
|
-
include ShopifyApp::EnsureBilling
|
13
|
-
|
14
|
-
before_action :login_again_if_different_user_or_shop
|
15
|
-
around_action :activate_shopify_session
|
16
|
-
after_action :add_top_level_redirection_headers
|
8
|
+
ShopifyApp::Logger.deprecated("Authenticated has been replaced by EnsureHasSession."\
|
9
|
+
" Please use the EnsureHasSession controller concern for the same behavior", "22.0.0")
|
17
10
|
end
|
11
|
+
|
12
|
+
include ShopifyApp::EnsureHasSession
|
18
13
|
end
|
19
14
|
end
|
@@ -15,6 +15,7 @@ module ShopifyApp
|
|
15
15
|
return_to: request.fullpath,
|
16
16
|
shop: current_shopify_domain,
|
17
17
|
host: params[:host],
|
18
|
+
embedded: params[:embedded],
|
18
19
|
)
|
19
20
|
end
|
20
21
|
|
@@ -27,8 +28,8 @@ module ShopifyApp
|
|
27
28
|
def redirect_to_splash_page
|
28
29
|
redirect_to(splash_page)
|
29
30
|
rescue ::ShopifyApp::ShopifyDomainNotFound => error
|
30
|
-
|
31
|
-
"Could not determine current shop domain")
|
31
|
+
ShopifyApp::Logger.warn("Redirecting to login: [#{error.class}]"\
|
32
|
+
" Could not determine current shop domain")
|
32
33
|
redirect_to(ShopifyApp.configuration.login_url)
|
33
34
|
end
|
34
35
|
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ShopifyApp
|
4
|
+
module EnsureHasSession
|
5
|
+
extend ActiveSupport::Concern
|
6
|
+
|
7
|
+
included do
|
8
|
+
include ShopifyApp::Localization
|
9
|
+
include ShopifyApp::LoginProtection
|
10
|
+
include ShopifyApp::CsrfProtection
|
11
|
+
include ShopifyApp::EmbeddedApp
|
12
|
+
include ShopifyApp::EnsureBilling
|
13
|
+
|
14
|
+
before_action :login_again_if_different_user_or_shop
|
15
|
+
around_action :activate_shopify_session
|
16
|
+
after_action :add_top_level_redirection_headers
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module ShopifyApp
|
4
|
+
module EnsureInstalled
|
5
|
+
extend ActiveSupport::Concern
|
6
|
+
include ShopifyApp::RedirectForEmbedded
|
7
|
+
|
8
|
+
included do
|
9
|
+
if ancestors.include?(ShopifyApp::LoginProtection)
|
10
|
+
message = <<~EOS
|
11
|
+
We detected the use of incompatible concerns (EnsureInstalled and LoginProtection) in #{name},
|
12
|
+
which may lead to unpredictable behavior. In a future release of this library this will raise an error.
|
13
|
+
EOS
|
14
|
+
|
15
|
+
ShopifyApp::Logger.deprecated(message, "22.0.0")
|
16
|
+
end
|
17
|
+
|
18
|
+
before_action :check_shop_domain
|
19
|
+
before_action :check_shop_known
|
20
|
+
end
|
21
|
+
|
22
|
+
def current_shopify_domain
|
23
|
+
if params[:shop].blank?
|
24
|
+
ShopifyApp::Logger.info("Could not identify installed store from current_shopify_domain")
|
25
|
+
return
|
26
|
+
end
|
27
|
+
|
28
|
+
@shopify_domain ||= ShopifyApp::Utils.sanitize_shop_domain(params[:shop])
|
29
|
+
ShopifyApp::Logger.info("Installed store: #{@shopify_domain} - deduced from Shopify Admin params")
|
30
|
+
@shopify_domain
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
|
35
|
+
def check_shop_domain
|
36
|
+
redirect_to(ShopifyApp.configuration.login_url) unless current_shopify_domain
|
37
|
+
end
|
38
|
+
|
39
|
+
def check_shop_known
|
40
|
+
@shop = SessionRepository.retrieve_shop_session_by_shopify_domain(current_shopify_domain)
|
41
|
+
unless @shop
|
42
|
+
if embedded_param?
|
43
|
+
redirect_for_embedded
|
44
|
+
else
|
45
|
+
redirect_to(shop_login)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
def shop_login
|
51
|
+
url = URI(ShopifyApp.configuration.login_url)
|
52
|
+
|
53
|
+
url.query = URI.encode_www_form(
|
54
|
+
shop: params[:shop],
|
55
|
+
host: params[:host],
|
56
|
+
return_to: request.fullpath,
|
57
|
+
)
|
58
|
+
|
59
|
+
url.to_s
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|