RubyGems - shopify_app - Versions diffs - 5.0.2 → 6.0.0 - Mend

shopify_app 5.0.2 → 6.0.0

Files changed (110) hide show

data/lib/shopify_app/controller.rb ADDED

@@ -0,0 +1,18 @@
+require 'shopify_app/login_protection'
+module ShopifyApp
+  module Controller
+    extend ActiveSupport::Concern
+    include ShopifyApp::LoginProtection
+    def fullpage_redirect_to(url)
+      if ShopifyApp.configuration.embedded_app?
+        render inline: %Q(<script type="text/javascript">window.top.location.href = #{url.to_json};</script>)
+      else
+        redirect_to url
+      end
+    end
+  end
+end

data/lib/shopify_app/engine.rb ADDED

@@ -0,0 +1,5 @@
+module ShopifyApp
+  class Engine < Rails::Engine
+    isolate_namespace ShopifyApp
+  end
+end

data/lib/shopify_app/login_protection.rb CHANGED

@@ -1,44 +1,46 @@
-module ShopifyApp::LoginProtection
-  extend ActiveSupport::Concern
+module ShopifyApp
+  module LoginProtection
+    extend ActiveSupport::Concern
-  included do
-    rescue_from ActiveResource::UnauthorizedAccess, :with => :close_session
-  end
+    included do
+      rescue_from ActiveResource::UnauthorizedAccess, :with => :close_session
+    end
-  def shopify_session
-    if shop_session
-      begin
-        # session[:shopify] set in LoginController#show
-        ShopifyAPI::Base.activate_session(shop_session)
-        yield
-      ensure
-        ShopifyAPI::Base.clear_session
+    def shopify_session
+      if shop_session
+        begin
+          ShopifyAPI::Base.activate_session(shop_session)
+          yield
+        ensure
+          ShopifyAPI::Base.clear_session
+        end
+      else
+        redirect_to_login
       end
-    else
-      redirect_to_login
     end
-  end
-  def shop_session
-    return unless session[:shopify]
-    @shop_session ||= ShopifySessionRepository.retrieve(session[:shopify])
-  end
+    def shop_session
+      return unless session[:shopify]
+      @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
+    end
-  def login_again_if_different_shop
-    if shop_session && params[:shop] && params[:shop].is_a?(String) && shop_session.url != params[:shop]
-      redirect_to_login
+    def login_again_if_different_shop
+      if shop_session && params[:shop] && params[:shop].is_a?(String) && shop_session.url != params[:shop]
+        redirect_to_login
+      end
     end
-  end
-  protected
+    protected
-  def redirect_to_login
-    session[:return_to] = request.fullpath if request.get?
-    redirect_to login_path(shop: params[:shop])
-  end
+    def redirect_to_login
+      session[:return_to] = request.fullpath if request.get?
+      redirect_to login_path(shop: params[:shop])
+    end
+    def close_session
+      session[:shopify] = nil
+      redirect_to login_path
+    end
-  def close_session
-    session[:shopify] = nil
-    redirect_to login_path
   end
 end

data/lib/shopify_app/sessions_controller.rb ADDED

@@ -0,0 +1,64 @@
+module ShopifyApp
+  module SessionsController
+    extend ActiveSupport::Concern
+    def new
+      authenticate if params[:shop].present?
+    end
+    def create
+      authenticate
+    end
+    def callback
+      if response = request.env['omniauth.auth']
+        sess = ShopifyAPI::Session.new(params[:shop], response['credentials']['token'])
+        session[:shopify] = ShopifyApp::SessionRepository.store(sess)
+        flash[:notice] = "Logged in"
+        redirect_to return_address
+      else
+        flash[:error] = "Could not log in to Shopify store."
+        redirect_to :action => 'new'
+      end
+    end
+    def destroy
+      session[:shopify] = nil
+      flash[:notice] = "Successfully logged out."
+      redirect_to :action => 'new'
+    end
+    protected
+    def authenticate
+      if shop_name = sanitize_shop_param(params)
+        fullpage_redirect_to "/auth/shopify?shop=#{shop_name}"
+      else
+        redirect_to return_address
+      end
+    end
+    def return_address
+      session[:return_to] || root_url
+    end
+    def sanitized_shop_name
+      @sanitized_shop_name ||= sanitize_shop_param(params)
+    end
+  def sanitize_shop_param(params)
+    return unless params[:shop].present?
+    name = params[:shop].to_s.strip
+    name += ".myshopify.com" if !name.include?("myshopify.com") && !name.include?(".")
+    name.sub!(%r|https?://|, '')
+    u = URI("http://#{name}")
+    u.host && u.host.ends_with?(".myshopify.com") ? u.host : nil
+  rescue URI::InvalidURIError
+    nil
+  end
+  end
+end

data/lib/shopify_app/shop.rb ADDED

@@ -0,0 +1,15 @@
+module ShopifyApp
+  module Shop
+    extend ActiveSupport::Concern
+    included do
+      validates :shopify_domain, presence: true, uniqueness: true
+      validates :shopify_token, presence: true
+    end
+    def with_shopify_session(&block)
+      ShopifyAPI::Session.temp(shopify_domain, shopify_token, &block)
+    end
+  end
+end

data/lib/shopify_app/shopify_session_repository.rb CHANGED

@@ -1,32 +1,34 @@
-class ShopifySessionRepository
-  class ConfigurationError < StandardError; end
+module ShopifyApp
+  class SessionRepository
+    class ConfigurationError < StandardError; end
-  class << self
-    def storage=(storage)
-      @storage = storage
+    class << self
+      def storage=(storage)
+        @storage = storage
-      unless storage.nil? || self.storage.respond_to?(:store) && self.storage.respond_to?(:retrieve)
-        raise ArgumentError, "storage must respond to :store and :retrieve"
+        unless storage.nil? || self.storage.respond_to?(:store) && self.storage.respond_to?(:retrieve)
+          raise ArgumentError, "storage must respond to :store and :retrieve"
+        end
       end
-    end
-    def retrieve(id)
-      storage.retrieve(id)
-    end
+      def retrieve(id)
+        storage.retrieve(id)
+      end
-    def store(session)
-      storage.store(session)
-    end
+      def store(session)
+        storage.store(session)
+      end
-    def storage
-      load_storage || raise(ConfigurationError.new("ShopifySessionRepository.storage is not configured!"))
-    end
+      def storage
+        load_storage || raise(ConfigurationError.new("ShopifySessionRepository.storage is not configured!"))
+      end
-    private
+      private
-    def load_storage
-      return unless @storage
-      @storage.respond_to?(:safe_constantize) ? @storage.safe_constantize : @storage
+      def load_storage
+        return unless @storage
+        @storage.respond_to?(:safe_constantize) ? @storage.safe_constantize : @storage
+      end
     end
   end
 end

data/lib/shopify_app/version.rb CHANGED

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = "5.0.2"
+  VERSION = "6.0.0"
 end

data/shopify_app.gemspec CHANGED

@@ -1,5 +1,4 @@
-# -*- encoding: utf-8 -*-
-$:.push File.expand_path("../lib", __FILE__)
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
 require "shopify_app/version"
 Gem::Specification.new do |s|
@@ -7,24 +6,20 @@ Gem::Specification.new do |s|
   s.version     = ShopifyApp::VERSION
   s.platform    = Gem::Platform::RUBY
   s.author      = "Shopify"
-  s.email       = ["edward@shopify.com", "willem@shopify.com", "david.underwood@shopify.com"]
-  s.homepage    = "http://www.shopify.com/developers"
   s.summary     = %q{This gem is used to get quickly started with the Shopify API}
-  s.description = %q{Creates a basic sessions controller for authenticating with your Shop and also a product controller which lets your edit your products easily.}
-  s.rubyforge_project = "shopify-api"
+  s.add_dependency('rails', '>= 3.1', '< 5.0')
-  s.add_runtime_dependency('rails', '>= 3.1', '< 5.0')
   s.add_runtime_dependency('shopify_api', '~> 3.2.0')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 1.1.4')
-  s.add_runtime_dependency('less-rails-bootstrap', '~> 2.0')
   s.add_development_dependency('rake')
+  s.add_development_dependency('byebug')
+  s.add_development_dependency('sqlite3')
   s.add_development_dependency('minitest')
   s.add_development_dependency('mocha')
   s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.test_files    = `git ls-files -- {test}/*`.split("\n")
   s.require_paths = ["lib"]
 end

data/test/app_templates/app/controllers/application_controller.rb ADDED

	@@ -0,0 +1,2 @@
1	+ class ApplicationController < ActionController::Base
2	+ end

data/test/app_templates/config/application.rb ADDED

@@ -0,0 +1,24 @@
+require File.expand_path('../boot', __FILE__)
+require 'rails/all'
+Bundler.require(*Rails.groups)
+module AppTemplate
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+    # Do not swallow errors in after_commit/after_rollback callbacks.
+    config.active_record.raise_in_transactional_callbacks = true
+  end
+end

data/test/app_templates/config/initializers/shopify_app.rb ADDED

@@ -0,0 +1,6 @@
+ShopifyApp.configure do |config|
+  config.api_key = "key"
+  config.secret = "secret"
+  config.scope = 'read_orders, read_products'
+  config.embedded_app = true
+end

data/test/app_templates/config/routes.rb ADDED

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  root to: "application#show"
+end

data/test/controllers/sessions_controller_test.rb ADDED

@@ -0,0 +1,82 @@
+require 'test_helper'
+class SessionsControllerTest < ActionController::TestCase
+  setup do
+    ShopifyApp::SessionRepository.storage = InMemorySessionStore
+  end
+  test "#new should authenticate the shop if the shop param exists" do
+    auth_url = '/auth/shopify?shop=my-shop.myshopify.com'
+    get :new, shop: 'my-shop'
+    assert response.body.match(/window\.top\.location\.href = "#{Regexp.escape(auth_url)}"/)
+  end
+  test "#new should authenticate the shop if the shop param exists non embedded" do
+    ShopifyApp.configuration.stubs(:embedded_app?).returns(false)
+    auth_url = '/auth/shopify?shop=my-shop.myshopify.com'
+    get :new, shop: 'my-shop'
+    assert_match "http://test.host/auth/shopify?shop=my-shop.myshopify.com", response.body
+  end
+  test "#new should trust the shop param over the current session" do
+    previously_logged_in_shop_id = 1
+    session[:shopify] = previously_logged_in_shop_id
+    new_shop_domain = "new-shop.myshopify.com"
+    auth_url = "/auth/shopify?shop=#{new_shop_domain}"
+    get :new, shop: new_shop_domain
+    assert response.body.match(/window\.top\.location\.href = "#{Regexp.escape(auth_url)}"/)
+  end
+  test "#new should render a full-page if the shop param doesn't exist" do
+    get :new
+    assert_response :ok
+    assert_template :new
+  end
+  ['my-shop', 'my-shop.myshopify.com', 'https://my-shop.myshopify.com', 'http://my-shop.myshopify.com'].each do |good_url|
+    test "#create should authenticate the shop for the URL (#{good_url})" do
+      auth_url = '/auth/shopify?shop=my-shop.myshopify.com'
+      post :create, shop: good_url
+      assert response.body.match(/window\.top\.location\.href = "#{Regexp.escape(auth_url)}"/)
+    end
+  end
+  ['myshop.com', 'myshopify.com', 'shopify.com', 'two words', 'store.myshopify.com.evil.com', '/foo/bar'].each do |bad_url|
+    test "#create should return an error for a non-myshopify URL (#{bad_url})" do
+      post :create, shop: bad_url
+      assert_redirected_to root_url
+    end
+  end
+  test "#create should render the login page if the shop param doesn't exist" do
+    post :create
+    assert_redirected_to root_url
+  end
+  test "#callback should setup a shopify session" do
+    mock_shopify_omniauth
+    get :callback, shop: 'shop'
+    assert_not_nil session[:shopify]
+  end
+  test "#destroy should clear shopify from session and redirect to login with notice" do
+    shop_id = 1
+    session[:shopify] = shop_id
+    get :destroy
+    assert_nil session[:shopify]
+    assert_redirected_to login_path
+    refute flash[:notice].empty?
+  end
+  private
+  def mock_shopify_omniauth
+    OmniAuth.config.add_mock(:shopify, provider: :shopify, credentials: {token: '1234'})
+    request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:shopify] if request
+    request.env['omniauth.params'] = { shop: 'shop.myshopify.com' } if request
+  end
+end

data/test/dummy/app/controllers/application_controller.rb ADDED

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  include ShopifyApp::Controller
+end

data/test/dummy/app/controllers/home_controller.rb ADDED

@@ -0,0 +1,7 @@
+class HomeController < ApplicationController
+  def index
+    'index'
+  end
+end

data/test/dummy/config.ru ADDED

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+require ::File.expand_path('../config/environment', __FILE__)
+run Rails.application

data/test/dummy/config/application.rb ADDED

@@ -0,0 +1,26 @@
+require File.expand_path('../boot', __FILE__)
+require 'rails/all'
+Bundler.require(*Rails.groups)
+require "shopify_app"
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+    # Do not swallow errors in after_commit/after_rollback callbacks.
+    config.active_record.raise_in_transactional_callbacks = true
+  end
+end