shopify_app 21.3.0 → 21.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/Gemfile.lock +1 -1
  4. data/lib/shopify_app/utils.rb +9 -1
  5. data/lib/shopify_app/version.rb +1 -1
  6. data/package.json +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 89cc2a310a1182a7efc057933dafe337c0ba070732f40d920245741be7666c17
4
- data.tar.gz: 2f981c756c218d2971687cd7e3f86a62b69b77fb49e343610523c8d8c77bb143
3
+ metadata.gz: 00bf2ba9c43324a703b21367459c592b93d092f2926f2d6862bfb7efb9494853
4
+ data.tar.gz: 7792d5fd3f1a5af452357c0c6f26b8c245e471171e86a95dad5559bdb87ab6d8
5
5
  SHA512:
6
- metadata.gz: db13b7a1991ef855604d7734a79b4812f010bddc4937636c7c96594f8cbecd8daafd562ea3be6cd137887d799bb1d654eb951509334d04e17056b8c4582d4c14
7
- data.tar.gz: 386345a2947c3e0c42f2ad9f2433e2702a823ede57bdd4efe73899703141c1fc58855bb451b3785c07536177f997385f6513a60e8fa1808a8de146cc33b1a294
6
+ metadata.gz: f963fc4af5645f47d072aff3d0aa9cf47b7f1c20d422fcf43ec4466804d24a18916864d96372c407c1ef7c2e8963a3b5946763534bde5070ebd767ce1da3957d
7
+ data.tar.gz: 79cd7bd816b1b9759d6531f9c9a65fe81d6d7c9ed1e671c127c44b2f74a2b962d27d0eb5ac9b8c48378f012aec88451d9c533bfca345d14a6c8f0193993378a4
data/CHANGELOG.md CHANGED
@@ -1,6 +1,10 @@
1
1
  Unreleased
2
2
  ----------
3
3
 
4
+ 21.3.1 (Dec 12, 2022)
5
+ ----------
6
+ * Fix bug with stores using the new unified admin that were falsely being flagged as phishing attempts [#1608](https://github.com/Shopify/shopify_app/pull/1608)
7
+
4
8
  21.3.0 (Dec 9, 2022)
5
9
  ----------
6
10
  * Move covered scopes check into user access strategy [#1600](https://github.com/Shopify/shopify_app/pull/1600)
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- shopify_app (21.3.0)
4
+ shopify_app (21.3.1)
5
5
  activeresource
6
6
  browser_sniffer (~> 2.0)
7
7
  jwt (>= 2.2.3)
data/lib/shopify_app/utils.rb CHANGED
@@ -2,14 +2,22 @@
2
2
 
3
3
  module ShopifyApp
4
4
  module Utils
5
+ TRUSTED_SHOPIFY_DOMAINS = [
6
+ "shopify.com",
7
+ "myshopify.io",
8
+ "myshopify.com",
9
+ ].freeze
10
+
5
11
  def self.sanitize_shop_domain(shop_domain)
6
12
  myshopify_domain = ShopifyApp.configuration.myshopify_domain
7
13
  name = shop_domain.to_s.downcase.strip
8
14
  name += ".#{myshopify_domain}" if !name.include?(myshopify_domain.to_s) && !name.include?(".")
9
15
  name.sub!(%r|https?://|, "")
16
+ trusted_domains = TRUSTED_SHOPIFY_DOMAINS.dup.push(myshopify_domain)
10
17
 
11
18
  u = URI("http://#{name}")
12
- u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(myshopify_domain)}$/)
19
+ regex = /^[a-z0-9][a-z0-9\-]*[a-z0-9]\.(#{trusted_domains.join("|")})$/
20
+ u.host if u.host&.match(regex)
13
21
  rescue URI::InvalidURIError
14
22
  nil
15
23
  end
data/lib/shopify_app/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ShopifyApp
4
- VERSION = "21.3.0"
4
+ VERSION = "21.3.1"
5
5
  end
data/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shopify_app",
3
- "version": "21.0.0",
3
+ "version": "21.3.1",
4
4
  "repository": "git@github.com:Shopify/shopify_app.git",
5
5
  "author": "Shopify",
6
6
  "license": "MIT",
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 21.3.0
4
+ version: 21.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-09 00:00:00.000000000 Z
11
+ date: 2022-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activeresource