shopify_app 6.4.2 → 7.0.0

data/lib/generators/shopify_app/install/templates/shopify_app.rb

@@ -1,7 +1,6 @@
 ShopifyApp.configure do |config|
-  config.api_key = "<%= opts[:api_key] %>"
-  config.secret = "<%= opts[:secret] %>"
-  config.redirect_uri = "<%= opts[:redirect_uri] %>"
-  config.scope = "<%= opts[:scope] %>"
+  config.api_key = "<%= @api_key %>"
+  config.secret = "<%= @secret %>"
+  config.scope = "<%= @scope %>"
   config.embedded_app = <%= embedded_app? %>
 end

data/lib/generators/shopify_app/install/templates/shopify_provider.rb

@@ -1,5 +1,4 @@
   provider :shopify,
     ShopifyApp.configuration.api_key,
     ShopifyApp.configuration.secret,
-    redirect_uri: ShopifyApp.configuration.redirect_uri,
     scope: ShopifyApp.configuration.scope

data/lib/generators/shopify_app/routes/templates/routes.rb

@@ -5,3 +5,7 @@
     get 'auth/shopify/callback' => :callback
     get 'logout' => :destroy, :as => :logout
   end
+
+  namespace :webhooks do
+    post ':type' => :receive
+  end

data/lib/generators/shopify_app/shopify_app_generator.rb

@@ -1,7 +1,6 @@
 module ShopifyApp
   module Generators
     class ShopifyAppGenerator < Rails::Generators::Base
-
       def initialize(args, *options)
         @opts = options.first
         super(args, *options)
@@ -9,14 +8,9 @@ module ShopifyApp
 
       def run_all_generators
         generate "shopify_app:install #{@opts.join(' ')}"
-        generate "shopify_app:home_controller"
         generate "shopify_app:shop_model"
-
-        generate "shopify_app:controllers"
-        generate "shopify_app:views"
-        generate "shopify_app:routes"
+        generate "shopify_app:home_controller"
       end
-
     end
   end
 end

data/lib/shopify_app.rb

@@ -16,11 +16,10 @@ require 'shopify_app/webhooks_manager_job'
 # helpers and concerns
 require 'shopify_app/shop'
 require 'shopify_app/session_storage'
-require 'shopify_app/controller'
-require 'shopify_app/sessions_controller'
+require 'shopify_app/sessions_concern'
 require 'shopify_app/login_protection'
 require 'shopify_app/webhooks_manager'
-require 'shopify_app/webhooks_controller'
+require 'shopify_app/webhook_verification'
 require 'shopify_app/utils'
 
 # session repository

data/lib/shopify_app/configuration.rb

@@ -6,7 +6,6 @@ module ShopifyApp
     # `config/initializers/shopify_app.rb`
     attr_accessor :api_key
     attr_accessor :secret
-    attr_accessor :redirect_uri
     attr_accessor :scope
     attr_accessor :embedded_app
     alias_method  :embedded_app?, :embedded_app

data/lib/shopify_app/engine.rb

@@ -1,5 +1,6 @@
 module ShopifyApp
   class Engine < Rails::Engine
     engine_name 'shopify_app'
+    isolate_namespace ShopifyApp
   end
 end

data/lib/shopify_app/login_protection.rb

@@ -39,21 +39,69 @@ module ShopifyApp
         head :unauthorized
       else
         session[:return_to] = request.fullpath if request.get?
-        redirect_to login_path(shop: params[:shop])
+        redirect_to_with_fallback main_or_engine_login_url(shop: params[:shop])
       end
     end
 
     def close_session
       session[:shopify] = nil
       session[:shopify_domain] = nil
-      redirect_to login_path
+      redirect_to_with_fallback login_url
     end
 
-    def login_path(params = {})
-      main_app.login_path(params)
+    def main_or_engine_login_url(params = {})
+      main_app.login_url(params)
     rescue NoMethodError => e
-      shopify_app.login_path(params)
+      shopify_app.login_url(params)
     end
 
+    def redirect_to_with_fallback(url)
+      url_json = url.to_json
+      url_json_no_quotes = url_json.gsub(/\A"|"\Z/, '')
+
+      render inline: %Q(
+        <!DOCTYPE html>
+        <html lang="en">
+          <head>
+            <meta charset="utf-8" />
+            <meta http-equiv="refresh" content="0; url=#{url_json_no_quotes}">
+            <title>Redirecting…</title>
+            <script type="text/javascript">
+              window.location.href = #{url_json};
+            </script>
+          </head>
+          <body>
+            <a href=#{url_json}>Continue</a>
+          </body>
+        </html>
+      ), status: 302, location: url
+    end
+
+    def fullpage_redirect_to(url)
+      url_json = url.to_json
+      url_json_no_quotes = url_json.gsub(/\A"|"\Z/, '')
+
+      if ShopifyApp.configuration.embedded_app?
+        render inline: %Q(
+          <!DOCTYPE html>
+          <html lang="en">
+            <head>
+              <meta charset="utf-8" />
+              <meta http-equiv="refresh" content="0; url=#{url_json_no_quotes}">
+              <base target="_top">
+              <title>Redirecting…</title>
+              <script type="text/javascript">
+                window.top.location.href = #{url_json};
+              </script>
+            </head>
+            <body>
+              <a href=#{url_json} target="_top">Continue</a>
+            </body>
+          </html>
+        )
+      else
+        redirect_to_with_fallback url
+      end
+    end
   end
 end

data/lib/shopify_app/{sessions_controller.rb → sessions_concern.rb}

@@ -1,5 +1,5 @@
 module ShopifyApp
-  module SessionsController
+  module SessionsConcern
     extend ActiveSupport::Concern
 
     def new
@@ -22,10 +22,10 @@ module ShopifyApp
         WebhooksManager.queue(shop_name, token) if ShopifyApp.configuration.has_webhooks?
 
         flash[:notice] = "Logged in"
-        redirect_to return_address
+        redirect_to_with_fallback return_address
       else
         flash[:error] = "Could not log in to Shopify store."
-        redirect_to login_url
+        redirect_to_with_fallback login_url
       end
     end
 
@@ -33,7 +33,7 @@ module ShopifyApp
       session[:shopify] = nil
       session[:shopify_domain] = nil
       flash[:notice] = "Successfully logged out."
-      redirect_to login_url
+      redirect_to_with_fallback login_url
     end
 
     protected
@@ -42,7 +42,7 @@ module ShopifyApp
       if shop_name = sanitize_shop_param(params)
         fullpage_redirect_to "#{main_app.root_path}auth/shopify?shop=#{shop_name}"
       else
-        redirect_to return_address
+        redirect_to_with_fallback return_address
       end
     end
 

data/lib/shopify_app/version.rb

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '6.4.2'
+  VERSION = '7.0.0'
 end

data/lib/shopify_app/webhook_verification.rb

@@ -0,0 +1,35 @@
+module ShopifyApp
+  module WebhookVerification
+    extend ActiveSupport::Concern
+
+    included do
+      skip_before_action :verify_authenticity_token
+      before_action :verify_request
+    end
+
+    private
+
+    def verify_request
+      data = request.raw_post
+      return head :unauthorized unless hmac_valid?(data)
+    end
+
+    def hmac_valid?(data)
+      secret = ShopifyApp.configuration.secret
+      digest = OpenSSL::Digest.new('sha256')
+      ActiveSupport::SecurityUtils.variable_size_secure_compare(
+        shopify_hmac,
+        Base64.encode64(OpenSSL::HMAC.digest(digest, secret, data)).strip
+      )
+    end
+
+    def shop_domain
+      request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
+    end
+
+    def shopify_hmac
+      request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
+    end
+
+  end
+end

data/shopify_app.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency('minitest')
   s.add_development_dependency('mocha')
 
-  s.files         = `git ls-files`.split("\n")
+  s.files         = `git ls-files`.split("\n").reject { |f| f.match(%r{^(test|example)/}) }
   s.test_files    = `git ls-files -- {test}/*`.split("\n")
   s.require_paths = ["lib"]
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 6.4.2
+  version: 7.0.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-29 00:00:00.000000000 Z
+date: 2016-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -137,17 +137,20 @@ files:
 - ".gitignore"
 - ".travis.yml"
 - CHANGELOG
-- CONTRIBUTING.md
 - Gemfile
+- ISSUE_TEMPLATE.md
 - LICENSE
 - QUICKSTART.md
 - README.md
 - RELEASING
 - Rakefile
-- app/controllers/authenticated_controller.rb
-- app/controllers/sessions_controller.rb
-- app/views/sessions/new.html.erb
+- app/controllers/shopify_app/authenticated_controller.rb
+- app/controllers/shopify_app/sessions_controller.rb
+- app/controllers/shopify_app/webhooks_controller.rb
+- app/views/shopify_app/sessions/new.html.erb
 - config/routes.rb
+- lib/generators/shopify_app/add_webhook/add_webhook_generator.rb
+- lib/generators/shopify_app/add_webhook/templates/webhook_job.rb
 - lib/generators/shopify_app/controllers/controllers_generator.rb
 - lib/generators/shopify_app/home_controller/home_controller_generator.rb
 - lib/generators/shopify_app/home_controller/templates/home_controller.rb
@@ -171,55 +174,20 @@ files:
 - lib/generators/shopify_app/views/views_generator.rb
 - lib/shopify_app.rb
 - lib/shopify_app/configuration.rb
-- lib/shopify_app/controller.rb
 - lib/shopify_app/engine.rb
 - lib/shopify_app/in_memory_session_store.rb
 - lib/shopify_app/login_protection.rb
 - lib/shopify_app/session_storage.rb
-- lib/shopify_app/sessions_controller.rb
+- lib/shopify_app/sessions_concern.rb
 - lib/shopify_app/shop.rb
 - lib/shopify_app/shopify_session_repository.rb
 - lib/shopify_app/utils.rb
 - lib/shopify_app/version.rb
-- lib/shopify_app/webhooks_controller.rb
+- lib/shopify_app/webhook_verification.rb
 - lib/shopify_app/webhooks_manager.rb
 - lib/shopify_app/webhooks_manager_job.rb
 - shipit.rubygems.yml
 - shopify_app.gemspec
-- test/app_templates/app/controllers/application_controller.rb
-- test/app_templates/config/application.rb
-- test/app_templates/config/initializers/shopify_app.rb
-- test/app_templates/config/routes.rb
-- test/controllers/sessions_controller_test.rb
-- test/controllers/sessions_routes_test.rb
-- test/dummy/Rakefile
-- test/dummy/app/controllers/application_controller.rb
-- test/dummy/app/controllers/home_controller.rb
-- test/dummy/config.ru
-- test/dummy/config/application.rb
-- test/dummy/config/boot.rb
-- test/dummy/config/database.yml
-- test/dummy/config/environment.rb
-- test/dummy/config/environments/test.rb
-- test/dummy/config/initializers/shopify_app.rb
-- test/dummy/config/routes.rb
-- test/dummy/config/secrets.yml
-- test/generators/controllers_generator_test.rb
-- test/generators/home_controller_generator_test.rb
-- test/generators/install_generator_test.rb
-- test/generators/routes_generator_test.rb
-- test/generators/shop_model_generator_test.rb
-- test/generators/shopify_app_generator.rb
-- test/generators/views_generator_test.rb
-- test/shopify_app/configuration_test.rb
-- test/shopify_app/in_memory_session_store_test.rb
-- test/shopify_app/login_protection_test.rb
-- test/shopify_app/shopify_session_repository_test.rb
-- test/shopify_app/utils_test.rb
-- test/shopify_app/webhooks_controller_test.rb
-- test/shopify_app/webhooks_manager_test.rb
-- test/support/generator_test_helpers.rb
-- test/test_helper.rb
 homepage: 
 licenses: []
 metadata: {}

data/CONTRIBUTING.md

@@ -1,14 +0,0 @@
-Submitting Issues
------------------
-
-Please open an issue here if you encounter a specific bug with this gem or the generators
-
-General questions about the Shopify API should be posted on the [Shopify forums](https://ecommerce.shopify.com/c/shopify-apis-and-technology).
-
-
-Authentication Issues
----------------------
-
-A great deal of the issues surrounding this repo are around authenticating the generated app with Shopify. 
-
-If you are experiencing issues with your app authenticating the best way to get help fast is to create a repo with the minimal amount of code to demonstrate the issue and a clearly documented set of steps you took to arrive there. This will help us solve your problem quicker since we won't need to spend any time figuring out how to reproduce the bug.

data/app/controllers/authenticated_controller.rb

@@ -1,5 +0,0 @@
-class AuthenticatedController < ApplicationController
-  before_action :login_again_if_different_shop
-  around_filter :shopify_session
-  layout ShopifyApp.configuration.embedded_app? ? 'embedded_app' : 'application'
-end

data/app/controllers/sessions_controller.rb

@@ -1,3 +0,0 @@
-class SessionsController < ApplicationController
-  include ShopifyApp::SessionsController
-end

data/lib/shopify_app/controller.rb

@@ -1,18 +0,0 @@
-require 'shopify_app/login_protection'
-
-module ShopifyApp
-  module Controller
-    extend ActiveSupport::Concern
-
-    include ShopifyApp::LoginProtection
-
-    def fullpage_redirect_to(url)
-      if ShopifyApp.configuration.embedded_app?
-        render inline: %Q(<script type="text/javascript">window.top.location.href = #{url.to_json};</script>)
-      else
-        redirect_to url
-      end
-    end
-
-  end
-end

data/lib/shopify_app/webhooks_controller.rb

@@ -1,35 +0,0 @@
-module ShopifyApp
-  module WebhooksController
-    extend ActiveSupport::Concern
-
-    included do
-      skip_before_action :verify_authenticity_token
-      before_action :verify_request
-    end
-
-    private
-
-    def verify_request
-      request.body.rewind
-      data = request.body.read
-
-      unless validate_hmac(ShopifyApp.configuration.secret, data)
-        head :unauthorized
-      end
-    end
-
-    def validate_hmac(secret, data)
-      digest  = OpenSSL::Digest.new('sha256')
-      shopify_hmac == Base64.encode64(OpenSSL::HMAC.digest(digest, secret, data)).strip
-    end
-
-    def shop_domain
-      request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
-    end
-
-    def shopify_hmac
-      request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
-    end
-
-  end
-end

data/test/app_templates/app/controllers/application_controller.rb

@@ -1,2 +0,0 @@
-class ApplicationController < ActionController::Base
-end

data/test/app_templates/config/application.rb

@@ -1,24 +0,0 @@
-require File.expand_path('../boot', __FILE__)
-
-require 'rails/all'
-
-Bundler.require(*Rails.groups)
-
-module AppTemplate
-  class Application < Rails::Application
-    # Settings in config/environments/* take precedence over those specified here.
-    # Application configuration should go into files in config/initializers
-    # -- all .rb files in that directory are automatically loaded.
-
-    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
-    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
-    # config.time_zone = 'Central Time (US & Canada)'
-
-    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
-    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
-    # config.i18n.default_locale = :de
-
-    # Do not swallow errors in after_commit/after_rollback callbacks.
-    config.active_record.raise_in_transactional_callbacks = true
-  end
-end