shopify_app 21.9.0 → 22.00.0

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -1,21 +1,18 @@
 # frozen_string_literal: true
 
-require "browser_sniffer"
-
 module ShopifyApp
   module LoginProtection
     extend ActiveSupport::Concern
     include ShopifyApp::SanitizedParams
 
     included do
-      if defined?(ShopifyApp::RequireKnownShop) &&
-          defined?(ShopifyApp::EnsureInstalled) &&
-          ancestors.include?(ShopifyApp::RequireKnownShop || ShopifyApp::EnsureInstalled)
+      if defined?(ShopifyApp::EnsureInstalled) &&
+          ancestors.include?(ShopifyApp::EnsureInstalled)
         message = <<~EOS
-          We detected the use of incompatible concerns (RequireKnownShop/EnsureInstalled and LoginProtection) in #{name},
-          which may lead to unpredictable behavior. In a future release of this library this will raise an error.
+          We detected the use of incompatible concerns (EnsureInstalled and LoginProtection) in #{name},
+          which leads to unpredictable behavior. You cannot include both concerns in the same controller.
         EOS
-        ShopifyApp::Logger.deprecated(message, "22.0.0")
+        raise message
       end
 
       rescue_from ShopifyAPI::Errors::HttpResponseError, with: :handle_http_error
@@ -30,6 +27,12 @@ module ShopifyApp
         return redirect_to_login
       end
 
+      if ShopifyApp.configuration.check_session_expiry_date && current_shopify_session.expired?
+        ShopifyApp::Logger.debug("Session expired, redirecting to login")
+        clear_shopify_session
+        return redirect_to_login
+      end
+
       if ShopifyApp.configuration.reauth_on_access_scope_changes &&
           !ShopifyApp.configuration.user_access_scopes_strategy.covers_scopes?(current_shopify_session)
         clear_shopify_session
@@ -141,10 +144,11 @@ module ShopifyApp
     end
 
     def close_session
-      clear_shopify_session
       ShopifyApp::Logger.debug("Closing session")
-      ShopifyApp::Logger.debug("Redirecting to #{login_url_with_optional_shop}")
-      redirect_to(login_url_with_optional_shop)
+      clear_shopify_session
+
+      ShopifyApp::Logger.debug("Redirecting to login")
+      redirect_to_login
     end
 
     def handle_http_error(error)

data/lib/shopify_app/engine.rb

@@ -5,7 +5,7 @@ module ShopifyApp
     private
 
     def args_info(job)
-      log_disabled_classes = ["ShopifyApp::ScripttagsManagerJob", "ShopifyApp::WebhooksManagerJob"]
+      log_disabled_classes = ["ShopifyApp::WebhooksManagerJob"]
       return "" if log_disabled_classes.include?(job.class.name)
 
       super
@@ -35,7 +35,6 @@ module ShopifyApp
       ActiveSupport.on_load(:active_job) do
         if ActiveJob::Base.respond_to?(:log_arguments?)
           WebhooksManagerJob.log_arguments = false
-          ScripttagsManagerJob.log_arguments = false
         elsif ActiveJob::Logging::LogSubscriber.private_method_defined?(:args_info)
           ActiveJob::Logging::LogSubscriber.prepend(RedactJobParams)
         end

data/lib/shopify_app/session/session_repository.rb

@@ -23,6 +23,14 @@ module ShopifyApp
         user_storage.retrieve_by_shopify_user_id(user_id)
       end
 
+      def destroy_shop_session_by_domain(shopify_domain)
+        shop_storage.destroy_by_shopify_domain(shopify_domain)
+      end
+
+      def destroy_user_session_by_shopify_user_id(user_id)
+        user_storage.destroy_by_shopify_user_id(user_id)
+      end
+
       def store_shop_session(session)
         shop_storage.store(session)
       end
@@ -73,18 +81,17 @@ module ShopifyApp
       def delete_session(id)
         match = id.match(/^offline_(.*)/)
 
-        record = if match
+        if match
           domain = match[1]
           ShopifyApp::Logger.debug("Destroying session by domain - domain: #{domain}")
-          Shop.find_by(shopify_domain: match[1])
+          destroy_shop_session_by_domain(domain)
+
         else
           shopify_user_id = id.split("_").last
           ShopifyApp::Logger.debug("Destroying session by user - user_id: #{shopify_user_id}")
-          User.find_by(shopify_user_id: shopify_user_id)
+          destroy_user_session_by_shopify_user_id(shopify_user_id)
         end
 
-        record.destroy
-
         true
       end
 

data/lib/shopify_app/session/shop_session_storage.rb

@@ -27,6 +27,10 @@ module ShopifyApp
         construct_session(shop)
       end
 
+      def destroy_by_shopify_domain(domain)
+        destroy_by(shopify_domain: domain)
+      end
+
       private
 
       def construct_session(shop)

data/lib/shopify_app/session/shop_session_storage_with_scopes.rb

@@ -29,6 +29,10 @@ module ShopifyApp
         construct_session(shop)
       end
 
+      def destroy_by_shopify_domain(domain)
+        destroy_by(shopify_domain: domain)
+      end
+
       private
 
       def construct_session(shop)

data/lib/shopify_app/session/user_session_storage.rb

@@ -28,6 +28,10 @@ module ShopifyApp
         construct_session(user)
       end
 
+      def destroy_by_shopify_user_id(user_id)
+        destroy_by(shopify_user_id: user_id)
+      end
+
       private
 
       def construct_session(user)

data/lib/shopify_app/session/user_session_storage_with_scopes.rb

@@ -15,6 +15,7 @@ module ShopifyApp
         user.shopify_token = auth_session.access_token
         user.shopify_domain = auth_session.shop
         user.access_scopes = auth_session.scope.to_s
+        user.expires_at = auth_session.expires
 
         user.save!
         user.id
@@ -30,6 +31,10 @@ module ShopifyApp
         construct_session(user)
       end
 
+      def destroy_by_shopify_user_id(user_id)
+        destroy_by(shopify_user_id: user_id)
+      end
+
       private
 
       def construct_session(user)
@@ -52,6 +57,7 @@ module ShopifyApp
           scope: user.access_scopes,
           associated_user_scope: user.access_scopes,
           associated_user: associated_user,
+          expires: user.expires_at,
         )
       end
     end
@@ -67,5 +73,24 @@ module ShopifyApp
     rescue NotImplementedError, NoMethodError
       raise NotImplementedError, "#access_scopes= must be defined to hook into stored access scopes"
     end
+
+    def expires_at=(expires_at)
+      super
+    rescue NotImplementedError, NoMethodError
+      if ShopifyApp.configuration.check_session_expiry_date
+        raise NotImplementedError,
+          "#expires_at= must be defined to handle storing the session expiry date"
+      end
+    end
+
+    def expires_at
+      super
+    rescue NotImplementedError, NoMethodError
+      if ShopifyApp.configuration.check_session_expiry_date
+        raise NotImplementedError, "#expires_at must be defined to check the session expiry date"
+      end
+
+      nil
+    end
   end
 end

data/lib/shopify_app/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShopifyApp
-  VERSION = "21.9.0"
+  VERSION = "22.00.0"
 end

data/lib/shopify_app.rb

@@ -44,7 +44,6 @@ module ShopifyApp
   require "shopify_app/controller_concerns/csrf_protection"
   require "shopify_app/controller_concerns/localization"
   require "shopify_app/controller_concerns/frame_ancestors"
-  require "shopify_app/controller_concerns/itp"
   require "shopify_app/controller_concerns/sanitized_params"
   require "shopify_app/controller_concerns/redirect_for_embedded"
   require "shopify_app/controller_concerns/login_protection"
@@ -56,11 +55,9 @@ module ShopifyApp
 
   # jobs
   require "shopify_app/jobs/webhooks_manager_job"
-  require "shopify_app/jobs/scripttags_manager_job"
 
   # managers
   require "shopify_app/managers/webhooks_manager"
-  require "shopify_app/managers/scripttags_manager"
 
   # middleware
   require "shopify_app/middleware/jwt_middleware"

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "21.9.0",
+  "version": "22.00.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -10,17 +10,16 @@ Gem::Specification.new do |s|
   s.author      = "Shopify"
   s.summary     = "This gem is used to get quickly started with the Shopify API"
 
-  s.required_ruby_version = ">= 2.7"
+  s.required_ruby_version = ">= 3.0"
 
   s.metadata["allowed_push_host"] = "https://rubygems.org"
 
   s.add_runtime_dependency("activeresource") # TODO: Remove this once all active resource dependencies are removed
   s.add_runtime_dependency("addressable", "~> 2.7")
-  s.add_runtime_dependency("browser_sniffer", "~> 2.0")
   s.add_runtime_dependency("jwt", ">= 2.2.3")
   s.add_runtime_dependency("rails", "> 5.2.1")
   s.add_runtime_dependency("redirect_safely", "~> 1.0")
-  s.add_runtime_dependency("shopify_api", "~> 13.4")
+  s.add_runtime_dependency("shopify_api", "~> 14")
   s.add_runtime_dependency("sprockets-rails", ">= 2.0.0")
 
   s.add_development_dependency("byebug")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 21.9.0
+  version: 22.00.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-01-16 00:00:00.000000000 Z
+date: 2024-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activeresource
@@ -38,20 +38,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.7'
-- !ruby/object:Gem::Dependency
-  name: browser_sniffer
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.4'
+        version: '14'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.4'
+        version: '14'
 - !ruby/object:Gem::Dependency
   name: sprockets-rails
   requirement: !ruby/object:Gem::Requirement
@@ -301,6 +287,7 @@ files:
 - ".ruby-version"
 - ".spin/rails/prepare-application"
 - CHANGELOG.md
+- CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - Gemfile
 - Gemfile.lock
@@ -312,11 +299,9 @@ files:
 - app/assets/javascripts/shopify_app/app_bridge_3.7.8.js
 - app/assets/javascripts/shopify_app/app_bridge_redirect.js
 - app/assets/javascripts/shopify_app/redirect.js
-- app/controllers/concerns/shopify_app/authenticated.rb
 - app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
 - app/controllers/concerns/shopify_app/ensure_has_session.rb
 - app/controllers/concerns/shopify_app/ensure_installed.rb
-- app/controllers/concerns/shopify_app/require_known_shop.rb
 - app/controllers/concerns/shopify_app/shop_access_scopes_verification.rb
 - app/controllers/shopify_app/authenticated_controller.rb
 - app/controllers/shopify_app/callback_controller.rb
@@ -364,7 +349,6 @@ files:
 - docs/shopify_app/generators.md
 - docs/shopify_app/handling-access-scopes-changes.md
 - docs/shopify_app/logging.md
-- docs/shopify_app/script-tags.md
 - docs/shopify_app/sessions.md
 - docs/shopify_app/testing.md
 - docs/shopify_app/webhooks.md
@@ -374,8 +358,6 @@ files:
 - lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb
 - lib/generators/shopify_app/add_app_uninstalled_job/add_app_uninstalled_job_generator.rb
 - lib/generators/shopify_app/add_app_uninstalled_job/templates/app_uninstalled_job.rb.tt
-- lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb
-- lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb
 - lib/generators/shopify_app/add_privacy_jobs/add_privacy_jobs_generator.rb
 - lib/generators/shopify_app/add_privacy_jobs/templates/customers_data_request_job.rb.tt
 - lib/generators/shopify_app/add_privacy_jobs/templates/customers_redact_job.rb.tt
@@ -416,6 +398,7 @@ files:
 - lib/generators/shopify_app/shop_model/templates/shops.yml
 - lib/generators/shopify_app/shopify_app_generator.rb
 - lib/generators/shopify_app/user_model/templates/db/migrate/add_user_access_scopes_column.erb
+- lib/generators/shopify_app/user_model/templates/db/migrate/add_user_expires_at_column.erb
 - lib/generators/shopify_app/user_model/templates/db/migrate/create_users.erb
 - lib/generators/shopify_app/user_model/templates/user.rb
 - lib/generators/shopify_app/user_model/templates/users.yml
@@ -431,7 +414,6 @@ files:
 - lib/shopify_app/controller_concerns/embedded_app.rb
 - lib/shopify_app/controller_concerns/ensure_billing.rb
 - lib/shopify_app/controller_concerns/frame_ancestors.rb
-- lib/shopify_app/controller_concerns/itp.rb
 - lib/shopify_app/controller_concerns/localization.rb
 - lib/shopify_app/controller_concerns/login_protection.rb
 - lib/shopify_app/controller_concerns/payload_verification.rb
@@ -440,10 +422,8 @@ files:
 - lib/shopify_app/controller_concerns/webhook_verification.rb
 - lib/shopify_app/engine.rb
 - lib/shopify_app/errors.rb
-- lib/shopify_app/jobs/scripttags_manager_job.rb
 - lib/shopify_app/jobs/webhooks_manager_job.rb
 - lib/shopify_app/logger.rb
-- lib/shopify_app/managers/scripttags_manager.rb
 - lib/shopify_app/managers/webhooks_manager.rb
 - lib/shopify_app/middleware/jwt_middleware.rb
 - lib/shopify_app/session/in_memory_session_store.rb
@@ -481,14 +461,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '3.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.4
+rubygems_version: 3.5.6
 signing_key: 
 specification_version: 4
 summary: This gem is used to get quickly started with the Shopify API

data/app/controllers/concerns/shopify_app/authenticated.rb

@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-module ShopifyApp
-  module Authenticated
-    extend ActiveSupport::Concern
-
-    included do
-      ShopifyApp::Logger.deprecated(
-        "Authenticated has been replaced by EnsureHasSession."\
-          " Please use the EnsureHasSession controller concern for the same behavior",
-        "22.0.0",
-      )
-    end
-
-    include ShopifyApp::EnsureHasSession
-  end
-end

data/app/controllers/concerns/shopify_app/require_known_shop.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-module ShopifyApp
-  module RequireKnownShop
-    extend ActiveSupport::Concern
-    include ShopifyApp::EnsureInstalled
-
-    included do
-      ShopifyApp::Logger.deprecated(
-        "RequireKnownShop has been replaced by EnsureInstalled."\
-          " Please use the EnsureInstalled controller concern for the same behavior",
-        "22.0.0",
-      )
-    end
-  end
-end

data/docs/shopify_app/script-tags.md

@@ -1,28 +0,0 @@
-# ScriptTags
-
-#### Table of contents
-
-[Manage ScriptTags using the Shopify App initializer](#manage-scripttags-using-the-shopify-app-initializer)
-
-## Manage ScriptTags using the Shopify App initializer
-
-As with webhooks, ShopifyApp can manage your app's [ScriptTags](https://shopify-dev-staging.shopifycloud.com/docs/admin-api/graphql/reference/online-store/scripttag) for you by setting which scripttags you require in the initializer:
-
-```ruby
-ShopifyApp.configure do |config|
-  config.scripttags = [
-    {event:'onload', src: 'https://example.com/fancy.js'},
-    {event:'onload', src: ->(domain) { dynamic_tag_url(domain) } }
-  ]
-end
-```
-
-You also need to have write_script_tags permission in the config scope in order to add script tags automatically:
-
-```ruby
- config.scope = '... , write_script_tags'
-```
-
-Scripttags are created in the same way as the [Webhooks](/docs/shopify_app/webhooks.md), with a background job which will create the required scripttags.
-
-If `src` responds to `call` its return value will be used as the scripttag's source. It will be called on scripttag creation and deletion.

data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb

@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-require "rails/generators/base"
-
-module ShopifyApp
-  module Generators
-    class AddMarketingActivityExtensionGenerator < Rails::Generators::Base
-      source_root File.expand_path("../templates", __FILE__)
-
-      def generate_app_extension
-        ShopifyApp::Logger.deprecated("MarketingActivitiesController will be removed in an upcoming version", "22.0.0")
-        template("marketing_activities_controller.rb", "app/controllers/marketing_activities_controller.rb")
-        generate_routes
-      end
-
-      private
-
-      def generate_routes
-        inject_into_file(
-          "config/routes.rb",
-          optimize_indentation(routes, 2),
-          after: "root :to => 'home#index'\n",
-        )
-      end
-
-      def routes
-        <<~EOS
-
-          resource :marketing_activities, only: [:create, :update] do
-            patch :resume
-            patch :pause
-            patch :delete
-            post :republish
-            post :preload_form_data
-            post :preview
-            post :errors
-          end
-        EOS
-      end
-    end
-  end
-end

data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb

@@ -1,63 +0,0 @@
-# frozen_string_literal: true
-
-class MarketingActivitiesController < ShopifyApp::ExtensionVerificationController
-  def preload_form_data
-    preload_data = {
-      "form_data": {},
-    }
-    render(json: preload_data, status: :ok)
-  end
-
-  def update
-    render(json: {}, status: :accepted)
-  end
-
-  def pause
-    render(json: {}, status: :accepted)
-  end
-
-  def resume
-    render(json: {}, status: :accepted)
-  end
-
-  def delete
-    render(json: {}, status: :accepted)
-  end
-
-  def preview
-    placeholder_img = "https://cdn.shopify.com/s/files/1/0533/2089/files/placeholder-images-image_small.png"
-    preview_response = {
-      "desktop": {
-        "preview_url": placeholder_img,
-        "content_type": "text/html",
-        "width": 360,
-        "height": 200,
-      },
-      "mobile": {
-        "preview_url": placeholder_img,
-        "content_type": "text/html",
-        "width": 360,
-        "height": 200,
-      },
-    }
-    render(json: preview_response, status: :ok)
-  end
-
-  def create
-    render(json: {}, status: :ok)
-  end
-
-  def republish
-    render(json: {}, status: :accepted)
-  end
-
-  def errors
-    request_id = params[:request_id]
-    message = params[:message]
-
-    ShopifyApp::Logger.info("[Marketing Activity App Error Feedback]"\
-      "Request id: #{request_id}, message: #{message}")
-
-    render(json: {}, status: :ok)
-  end
-end

data/lib/shopify_app/controller_concerns/itp.rb

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-module ShopifyApp
-  # Cookie management helpers required for ITP implementation
-  module Itp
-    extend ActiveSupport::Concern
-    included do
-      ShopifyApp::Logger.deprecated("Itp will be removed in an upcoming version", "22.0.0")
-    end
-
-    private
-
-    def set_test_cookie
-      return unless ShopifyApp.configuration.embedded_app?
-      return unless user_agent_can_partition_cookies
-
-      session["shopify.cookies_persist"] = true
-    end
-
-    def set_top_level_oauth_cookie
-      session["shopify.top_level_oauth"] = true
-    end
-
-    def clear_top_level_oauth_cookie
-      session.delete("shopify.top_level_oauth")
-    end
-
-    def user_agent_is_mobile
-      user_agent = BrowserSniffer.new(request.user_agent).browser_info
-
-      user_agent[:name].to_s.match(/Shopify\sMobile/)
-    end
-
-    def user_agent_is_pos
-      user_agent = BrowserSniffer.new(request.user_agent).browser_info
-
-      user_agent[:name].to_s.match(/Shopify\sPOS/)
-    end
-
-    def user_agent_can_partition_cookies
-      user_agent = BrowserSniffer.new(request.user_agent).browser_info
-
-      is_safari = user_agent[:name].to_s.match(/Safari/)
-
-      return false unless is_safari
-
-      user_agent[:version].to_s.match(/12\.0/)
-    end
-  end
-end

data/lib/shopify_app/jobs/scripttags_manager_job.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-module ShopifyApp
-  class ScripttagsManagerJob < ActiveJob::Base
-    queue_as do
-      ShopifyApp.configuration.scripttags_manager_queue_name
-    end
-
-    def perform(shop_domain:, shop_token:, scripttags:)
-      ShopifyAPI::Auth::Session.temp(shop: shop_domain, access_token: shop_token) do
-        manager = ScripttagsManager.new(scripttags, shop_domain)
-        manager.create_scripttags
-      end
-    end
-  end
-end