RubyGems - shopify_app - Versions diffs - 7.2.0 → 17.1.0 - Mend

shopify_app 7.2.0 → 17.1.0

Files changed (199) hide show

checksums.yaml +5 -5
data/.babelrc +5 -0
data/.github/CODEOWNERS +1 -0
data/.github/ISSUE_TEMPLATE/bug-report.md +63 -0
data/.github/ISSUE_TEMPLATE/config.yml +1 -0
data/.github/ISSUE_TEMPLATE/feature-request.md +33 -0
data/.github/PULL_REQUEST_TEMPLATE.md +22 -0
data/.github/probots.yml +2 -0
data/.github/workflows/build.yml +38 -0
data/.github/workflows/release.yml +24 -0
data/.github/workflows/rubocop.yml +22 -0
data/.gitignore +4 -1
data/.nvmrc +1 -0
data/.rubocop.yml +18 -0
data/.ruby-version +1 -0
data/CHANGELOG.md +465 -0
data/CONTRIBUTING.md +76 -0
data/Gemfile +7 -0
data/Gemfile.lock +256 -0
data/README.md +73 -288
data/Rakefile +1 -0
data/SECURITY.md +59 -0
data/app/assets/images/storage_access.svg +1 -0
data/app/assets/javascripts/shopify_app/enable_cookies.js +3 -0
data/app/assets/javascripts/shopify_app/itp_helper.js +40 -0
data/app/assets/javascripts/shopify_app/partition_cookies.js +8 -0
data/app/assets/javascripts/shopify_app/redirect.js +33 -0
data/app/assets/javascripts/shopify_app/request_storage_access.js +3 -0
data/app/assets/javascripts/shopify_app/storage_access.js +154 -0
data/app/assets/javascripts/shopify_app/storage_access_redirect.js +17 -0
data/app/assets/javascripts/shopify_app/top_level.js +2 -0
data/app/assets/javascripts/shopify_app/top_level_interaction.js +11 -0
data/app/controllers/concerns/shopify_app/authenticated.rb +16 -0
data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +26 -0
data/app/controllers/concerns/shopify_app/require_known_shop.rb +39 -0
data/app/controllers/concerns/shopify_app/shop_access_scopes_verification.rb +32 -0
data/app/controllers/shopify_app/authenticated_controller.rb +5 -5
data/app/controllers/shopify_app/callback_controller.rb +196 -0
data/app/controllers/shopify_app/extension_verification_controller.rb +15 -0
data/app/controllers/shopify_app/sessions_controller.rb +190 -2
data/app/controllers/shopify_app/webhooks_controller.rb +16 -7
data/app/views/shopify_app/partials/_button_styles.html.erb +109 -0
data/app/views/shopify_app/partials/_card_styles.html.erb +33 -0
data/app/views/shopify_app/partials/_empty_state_styles.html.erb +98 -0
data/app/views/shopify_app/partials/_form_styles.html.erb +56 -0
data/app/views/shopify_app/partials/_layout_styles.html.erb +182 -0
data/app/views/shopify_app/partials/_typography_styles.html.erb +35 -0
data/app/views/shopify_app/sessions/enable_cookies.html.erb +70 -0
data/app/views/shopify_app/sessions/new.html.erb +39 -83
data/app/views/shopify_app/sessions/request_storage_access.html.erb +68 -0
data/app/views/shopify_app/sessions/top_level_interaction.html.erb +63 -0
data/app/views/shopify_app/shared/redirect.html.erb +23 -0
data/config/locales/cs.yml +23 -0
data/config/locales/da.yml +20 -0
data/config/locales/de.yml +22 -0
data/config/locales/en.yml +12 -1
data/config/locales/es.yml +21 -3
data/config/locales/fi.yml +20 -0
data/config/locales/fr.yml +23 -0
data/config/locales/hi.yml +23 -0
data/config/locales/it.yml +21 -0
data/config/locales/ja.yml +17 -0
data/config/locales/ko.yml +19 -0
data/config/locales/ms.yml +22 -0
data/config/locales/nb.yml +21 -0
data/config/locales/nl.yml +21 -0
data/config/locales/pl.yml +21 -0
data/config/locales/pt-BR.yml +21 -0
data/config/locales/pt-PT.yml +22 -0
data/config/locales/sv.yml +21 -0
data/config/locales/th.yml +20 -0
data/config/locales/tr.yml +22 -0
data/config/locales/vi.yml +22 -0
data/config/locales/zh-CN.yml +16 -0
data/config/locales/zh-TW.yml +16 -0
data/config/routes.rb +12 -1
data/docs/Quickstart.md +31 -0
data/docs/Releasing.md +21 -0
data/docs/Troubleshooting.md +16 -0
data/docs/Upgrading.md +110 -0
data/docs/shopify_app/authentication.md +124 -0
data/docs/shopify_app/engine.md +82 -0
data/docs/shopify_app/generators.md +127 -0
data/docs/shopify_app/handling-access-scopes-changes.md +8 -0
data/docs/shopify_app/script-tags.md +28 -0
data/docs/shopify_app/session-repository.md +88 -0
data/docs/shopify_app/testing.md +38 -0
data/docs/shopify_app/webhooks.md +72 -0
data/karma.conf.js +44 -0
data/lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb +47 -0
data/lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb +11 -0
data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +40 -0
data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb +62 -0
data/lib/generators/shopify_app/add_webhook/add_webhook_generator.rb +5 -4
data/lib/generators/shopify_app/add_webhook/templates/{webhook_job.rb → webhook_job.rb.tt} +5 -0
data/lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb +4 -3
data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_controller.rb +3 -3
data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_route.rb +10 -9
data/lib/generators/shopify_app/app_proxy_controller/templates/index.html.erb +2 -2
data/lib/generators/shopify_app/authenticated_controller/authenticated_controller_generator.rb +15 -0
data/lib/generators/shopify_app/authenticated_controller/templates/authenticated_controller.rb +5 -0
data/lib/generators/shopify_app/controllers/controllers_generator.rb +2 -1
data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +31 -9
data/lib/generators/shopify_app/home_controller/templates/home_controller.rb +6 -1
data/lib/generators/shopify_app/home_controller/templates/index.html.erb +70 -6
data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb +11 -0
data/lib/generators/shopify_app/install/install_generator.rb +78 -27
data/lib/generators/shopify_app/install/templates/_flash_messages.html.erb +1 -13
data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +12 -11
data/lib/generators/shopify_app/install/templates/flash_messages.js +24 -0
data/lib/generators/shopify_app/install/templates/omniauth.rb +3 -1
data/lib/generators/shopify_app/install/templates/session_store.rb +4 -0
data/lib/generators/shopify_app/install/templates/shopify_app.js +15 -0
data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +25 -0
data/lib/generators/shopify_app/install/templates/shopify_app_index.js +2 -0
data/lib/generators/shopify_app/install/templates/shopify_provider.rb.tt +8 -0
data/lib/generators/shopify_app/install/templates/user_agent.rb +6 -0
data/lib/generators/shopify_app/products_controller/products_controller_generator.rb +19 -0
data/lib/generators/shopify_app/products_controller/templates/products_controller.rb +8 -0
data/lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb +16 -0
data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake +17 -0
data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb +42 -0
data/lib/generators/shopify_app/routes/routes_generator.rb +1 -0
data/lib/generators/shopify_app/routes/templates/routes.rb +10 -9
data/lib/generators/shopify_app/shop_model/shop_model_generator.rb +42 -14
data/lib/generators/shopify_app/shop_model/templates/db/migrate/add_shop_access_scopes_column.erb +5 -0
data/lib/generators/shopify_app/shop_model/templates/db/migrate/{create_shops.rb → create_shops.erb} +1 -1
data/lib/generators/shopify_app/shop_model/templates/shop.rb +6 -2
data/lib/generators/shopify_app/shopify_app_generator.rb +5 -3
data/lib/generators/shopify_app/user_model/templates/db/migrate/add_user_access_scopes_column.erb +5 -0
data/lib/generators/shopify_app/user_model/templates/db/migrate/create_users.erb +16 -0
data/lib/generators/shopify_app/user_model/templates/user.rb +8 -0
data/lib/generators/shopify_app/user_model/templates/users.yml +4 -0
data/lib/generators/shopify_app/user_model/user_model_generator.rb +70 -0
data/lib/generators/shopify_app/views/views_generator.rb +2 -1
data/lib/shopify_app/access_scopes/noop_strategy.rb +13 -0
data/lib/shopify_app/access_scopes/shop_strategy.rb +24 -0
data/lib/shopify_app/access_scopes/user_strategy.rb +41 -0
data/lib/shopify_app/configuration.rb +69 -5
data/lib/shopify_app/{app_proxy_verification.rb → controller_concerns/app_proxy_verification.rb} +4 -9
data/lib/shopify_app/controller_concerns/csrf_protection.rb +15 -0
data/lib/shopify_app/controller_concerns/embedded_app.rb +20 -0
data/lib/shopify_app/controller_concerns/itp.rb +45 -0
data/lib/shopify_app/controller_concerns/localization.rb +23 -0
data/lib/shopify_app/controller_concerns/login_protection.rb +244 -0
data/lib/shopify_app/controller_concerns/payload_verification.rb +24 -0
data/lib/shopify_app/controller_concerns/webhook_verification.rb +23 -0
data/lib/shopify_app/engine.rb +40 -0
data/lib/shopify_app/jobs/scripttags_manager_job.rb +16 -0
data/lib/shopify_app/{webhooks_manager_job.rb → jobs/webhooks_manager_job.rb} +3 -2
data/lib/shopify_app/{scripttags_manager.rb → managers/scripttags_manager.rb} +25 -8
data/lib/shopify_app/{webhooks_manager.rb → managers/webhooks_manager.rb} +6 -5
data/lib/shopify_app/middleware/jwt_middleware.rb +42 -0
data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +34 -0
data/lib/shopify_app/omniauth/omniauth_configuration.rb +64 -0
data/lib/shopify_app/session/in_memory_session_store.rb +31 -0
data/lib/shopify_app/session/in_memory_shop_session_store.rb +16 -0
data/lib/shopify_app/session/in_memory_user_session_store.rb +16 -0
data/lib/shopify_app/session/jwt.rb +63 -0
data/lib/shopify_app/session/null_user_session_store.rb +22 -0
data/lib/shopify_app/session/session_repository.rb +56 -0
data/lib/shopify_app/session/session_storage.rb +20 -0
data/lib/shopify_app/session/shop_session_storage.rb +42 -0
data/lib/shopify_app/session/shop_session_storage_with_scopes.rb +58 -0
data/lib/shopify_app/session/user_session_storage.rb +42 -0
data/lib/shopify_app/session/user_session_storage_with_scopes.rb +58 -0
data/lib/shopify_app/test_helpers/all.rb +2 -0
data/lib/shopify_app/test_helpers/webhook_verification_helper.rb +17 -0
data/lib/shopify_app/utils.rb +24 -4
data/lib/shopify_app/version.rb +2 -1
data/lib/shopify_app.rb +65 -24
data/package.json +27 -0
data/service.yml +7 -0
data/shipit.rubygems.yml +3 -0
data/shopify_app.gemspec +20 -9
data/translation.yml +7 -0
data/webpack.config.js +24 -0
data/yarn.lock +5215 -0
metadata +274 -43
data/.travis.yml +0 -17
data/Gemfile.rails50 +0 -5
data/Gemfile.ruby22 +0 -6
data/Gemfile.ruby22.rails50 +0 -9
data/ISSUE_TEMPLATE.md +0 -14
data/QUICKSTART.md +0 -72
data/RELEASING +0 -13
data/lib/generators/shopify_app/home_controller/templates/shopify_app_ready_script.html.erb +0 -11
data/lib/generators/shopify_app/install/templates/shopify_app.rb +0 -9
data/lib/generators/shopify_app/install/templates/shopify_provider.rb +0 -4
data/lib/generators/shopify_app/install/templates/shopify_session_repository.rb +0 -23
data/lib/generators/shopify_app/shop_model/templates/shopify_session_repository.rb +0 -7
data/lib/shopify_app/in_memory_session_store.rb +0 -25
data/lib/shopify_app/login_protection.rb +0 -103
data/lib/shopify_app/scripttags_manager_job.rb +0 -15
data/lib/shopify_app/session_storage.rb +0 -23
data/lib/shopify_app/sessions_concern.rb +0 -101
data/lib/shopify_app/shop.rb +0 -15
data/lib/shopify_app/shopify_session_repository.rb +0 -34
data/lib/shopify_app/webhook_verification.rb +0 -39

data/lib/generators/shopify_app/install/templates/omniauth.rb CHANGED Viewed

@@ -1,2 +1,4 @@
-Rails.application.config.middleware.use OmniAuth::Builder do
+# frozen_string_literal: true
+Rails.application.config.middleware.use(OmniAuth::Builder) do
 end

data/lib/generators/shopify_app/install/templates/session_store.rb ADDED Viewed

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+# Be sure to restart your server when you modify this file.
+Rails.application.config.session_store(:cookie_store, key: '_example_session', expire_after: 14.days)

data/lib/generators/shopify_app/install/templates/shopify_app.js ADDED Viewed

@@ -0,0 +1,15 @@
+document.addEventListener('DOMContentLoaded', () => {
+  var data = document.getElementById('shopify-app-init').dataset;
+  var AppBridge = window['app-bridge'];
+  var createApp = AppBridge.default;
+  window.app = createApp({
+    apiKey: data.apiKey,
+    shopOrigin: data.shopOrigin,
+  });
+  var actions = AppBridge.actions;
+  var TitleBar = actions.TitleBar;
+  TitleBar.create(app, {
+    title: data.page,
+  });
+});

data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt ADDED Viewed

@@ -0,0 +1,25 @@
+ShopifyApp.configure do |config|
+  config.application_name = "<%= @application_name %>"
+  config.old_secret = "<%= @old_secret %>"
+  config.scope = "<%= @scope %>" # Consult this page for more scope options:
+                                  # https://help.shopify.com/en/api/getting-started/authentication/oauth/scopes
+  config.embedded_app = <%= embedded_app? %>
+  config.after_authenticate_job = false
+  config.api_version = "<%= @api_version %>"
+  config.shop_session_repository = 'Shop'
+  config.reauth_on_access_scope_changes = true
+  config.allow_jwt_authentication = <%= !with_cookie_authentication? %>
+  config.allow_cookie_authentication = <%= with_cookie_authentication? %>
+  config.api_key = ENV.fetch('SHOPIFY_API_KEY', '').presence
+  config.secret = ENV.fetch('SHOPIFY_API_SECRET', '').presence
+  if defined? Rails::Server
+    raise('Missing SHOPIFY_API_KEY. See https://github.com/Shopify/shopify_app#requirements') unless config.api_key
+    raise('Missing SHOPIFY_API_SECRET. See https://github.com/Shopify/shopify_app#requirements') unless config.secret
+  end
+end
+# ShopifyApp::Utils.fetch_known_api_versions                        # Uncomment to fetch known api versions from shopify servers on boot
+# ShopifyAPI::ApiVersion.version_lookup_mode = :raise_on_unknown    # Uncomment to raise an error if attempting to use an api version that was not previously known

data/lib/generators/shopify_app/install/templates/shopify_app_index.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require('./shopify_app')
2	+ require('./flash_messages')

data/lib/generators/shopify_app/install/templates/shopify_provider.rb.tt ADDED Viewed

@@ -0,0 +1,8 @@
+  provider :shopify,
+      ShopifyApp.configuration.api_key,
+      ShopifyApp.configuration.secret,
+      scope: ShopifyApp.configuration.scope,
+      setup: lambda { |env|
+        configuration = ShopifyApp::OmniAuthConfiguration.new(env['omniauth.strategy'], Rack::Request.new(env))
+        configuration.build_options
+      }

data/lib/generators/shopify_app/install/templates/user_agent.rb ADDED Viewed

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+module ShopifyAPI
+  class Base < ActiveResource::Base
+    headers['User-Agent'] << " | ShopifyApp/#{ShopifyApp::VERSION}"
+  end
+end

data/lib/generators/shopify_app/products_controller/products_controller_generator.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+require 'rails/generators/base'
+module ShopifyApp
+  module Generators
+    class ProductsControllerGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      def create_products_controller
+        template('products_controller.rb', 'app/controllers/products_controller.rb')
+      end
+      def add_products_route
+        route("get '/products', :to => 'products#index'")
+      end
+    end
+  end
+end

data/lib/generators/shopify_app/products_controller/templates/products_controller.rb ADDED Viewed

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+class ProductsController < AuthenticatedController
+  def index
+    @products = ShopifyAPI::Product.find(:all, params: { limit: 10 })
+    render(json: { products: @products })
+  end
+end

data/lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb ADDED Viewed

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require 'rails/generators/base'
+module ShopifyApp
+  module Generators
+    class RotateShopifyTokenJobGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      def add_rotate_shopify_token_job
+        copy_file('rotate_shopify_token_job.rb', "app/jobs/shopify/rotate_shopify_token_job.rb")
+        copy_file('rotate_shopify_token.rake', "lib/tasks/shopify/rotate_shopify_token.rake")
+      end
+    end
+  end
+end

data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake ADDED Viewed

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+namespace :shopify do
+  desc "Rotate shopify tokens for all active shops"
+  task :rotate_shopify_tokens, [:refresh_token] => :environment do |_t, args|
+    all_active_shops.find_each do |shop|
+      Shopify::RotateShopifyTokenJob.perform_later(
+        shop_domain: shop.shopify_domain,
+        refresh_token: args[:refresh_token]
+      )
+    end
+  end
+  # Its implementation will depend on the app configuration. Change accordingly.
+  def all_active_shops
+    Shop.all
+  end
+end

data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb ADDED Viewed

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+module Shopify
+  class RotateShopifyTokenJob < ActiveJob::Base
+    def perform(params)
+      @shop = Shop.find_by(shopify_domain: params[:shop_domain])
+      return unless @shop
+      config = ShopifyApp.configuration
+      uri = URI("https://#{@shop.shopify_domain}/admin/oauth/access_token")
+      post_data = {
+        client_id: config.api_key,
+        client_secret: config.secret,
+        refresh_token: params[:refresh_token],
+        access_token: @shop.shopify_token,
+      }
+      @response = Net::HTTP.post_form(uri, post_data)
+      return log_error(response_exception_error_message) unless @response.is_a?(Net::HTTPSuccess)
+      access_token = JSON.parse(@response.body)['access_token']
+      return log_error(no_access_token_error_message) unless access_token
+      @shop.update(shopify_token: access_token)
+    end
+    private
+    def log_error(message)
+      Rails.logger.error(message)
+    end
+    def no_access_token_error_message
+      "RotateShopifyTokenJob response returned no access token for shop: #{@shop.shopify_domain}"
+    end
+    def response_exception_error_message
+      "RotateShopifyTokenJob failed for shop: #{@shop.shopify_domain}." \
+        "Response returned status: #{@response.code}. Error message: #{@response.message}. "
+    end
+  end
+end

data/lib/generators/shopify_app/routes/routes_generator.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 module ShopifyApp

data/lib/generators/shopify_app/routes/templates/routes.rb CHANGED Viewed

@@ -1,11 +1,12 @@
+# frozen_string_literal: true
-  controller :sessions do
-    get 'login' => :new, :as => :login
-    post 'login' => :create, :as => :authenticate
-    get 'auth/shopify/callback' => :callback
-    get 'logout' => :destroy, :as => :logout
-  end
+controller :sessions do
+  get 'login' => :new, :as => :login
+  post 'login' => :create, :as => :authenticate
+  get 'auth/shopify/callback' => :callback
+  get 'logout' => :destroy, :as => :logout
+end
-  namespace :webhooks do
-    post ':type' => :receive
-  end
+namespace :webhooks do
+  post ':type' => :receive
+end

data/lib/generators/shopify_app/shop_model/shop_model_generator.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 require 'rails/generators/active_record'
@@ -7,35 +8,62 @@ module ShopifyApp
       include Rails::Generators::Migration
       source_root File.expand_path('../templates', __FILE__)
+      class_option :new_shopify_cli_app, type: :boolean, default: false
       def create_shop_model
-        copy_file 'shop.rb', 'app/models/shop.rb'
+        copy_file('shop.rb', 'app/models/shop.rb')
       end
       def create_shop_migration
-        copy_migration 'create_shops.rb'
+        migration_template('db/migrate/create_shops.erb', 'db/migrate/create_shops.rb')
       end
-      def create_session_storage_initializer
-        copy_file 'shopify_session_repository.rb', 'config/initializers/shopify_session_repository.rb', force: true
+      def create_shop_with_access_scopes_migration
+        scopes_column_prompt = <<~PROMPT
+          It is highly recommended that apps record the access scopes granted by \
+          merchants during app installation. See app/models/shop.rb to modify how \
+          access scopes are stored and retrieved.
+          [WARNING] You will need to update the access_scopes accessors in the Shop model \
+          to allow shopify_app to store and retrieve scopes when going through OAuth.
+          The following migration will add an `access_scopes` column to the Shop model. \
+          Do you want to include this migration? [y/n]
+        PROMPT
+        if new_shopify_cli_app? || Rails.env.test? || yes?(scopes_column_prompt)
+          migration_template(
+            'db/migrate/add_shop_access_scopes_column.erb',
+            'db/migrate/add_shop_access_scopes_column.rb'
+          )
+        end
+      end
+      def update_shopify_app_initializer
+        gsub_file('config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryShopSessionStore', 'Shop')
       end
       def create_shop_fixtures
-        copy_file 'shops.yml', 'test/fixtures/shops.yml'
+        copy_file('shops.yml', 'test/fixtures/shops.yml')
       end
       private
-      def copy_migration(migration_name, config = {})
-        migration_template(
-          "db/migrate/#{migration_name}",
-          "db/migrate/#{migration_name}",
-          config
-        )
+      def new_shopify_cli_app?
+        options['new_shopify_cli_app']
+      end
+      def rails_migration_version
+        Rails.version.match(/\d\.\d/)[0]
       end
-      # for generating a timestamp when using `create_migration`
-      def self.next_migration_number(dir)
-        ActiveRecord::Generators::Base.next_migration_number(dir)
+      class << self
+        private :next_migration_number
+        # for generating a timestamp when using `create_migration`
+        def next_migration_number(dir)
+          ActiveRecord::Generators::Base.next_migration_number(dir)
+        end
       end
     end
   end

data/lib/generators/shopify_app/shop_model/templates/db/migrate/add_shop_access_scopes_column.erb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddShopAccessScopesColumn < ActiveRecord::Migration[<%= rails_migration_version %>]
+  def change
+    add_column :shops, :access_scopes, :string
+  end
+end

data/lib/generators/shopify_app/shop_model/templates/db/migrate/{create_shops.rb → create_shops.erb} RENAMED Viewed

@@ -1,4 +1,4 @@
-class CreateShops < ActiveRecord::Migration
+class CreateShops < ActiveRecord::Migration[<%= rails_migration_version %>]
   def self.up
     create_table :shops  do |t|
       t.string :shopify_domain, null: false

data/lib/generators/shopify_app/shop_model/templates/shop.rb CHANGED Viewed

@@ -1,4 +1,8 @@
+# frozen_string_literal: true
 class Shop < ActiveRecord::Base
-  include ShopifyApp::Shop
-  include ShopifyApp::SessionStorage
+  include ShopifyApp::ShopSessionStorageWithScopes
+  def api_version
+    ShopifyApp.configuration.api_version
+  end
 end

data/lib/generators/shopify_app/shopify_app_generator.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module ShopifyApp
   module Generators
     class ShopifyAppGenerator < Rails::Generators::Base
@@ -7,9 +8,10 @@ module ShopifyApp
       end
       def run_all_generators
-        generate "shopify_app:install #{@opts.join(' ')}"
-        generate "shopify_app:shop_model"
-        generate "shopify_app:home_controller"
+        generate("shopify_app:install #{@opts.join(' ')}")
+        generate("shopify_app:shop_model #{@opts.join(' ')}")
+        generate("shopify_app:authenticated_controller")
+        generate("shopify_app:home_controller #{@opts.join(' ')}")
       end
     end
   end

data/lib/generators/shopify_app/user_model/templates/db/migrate/add_user_access_scopes_column.erb ADDED Viewed

@@ -0,0 +1,5 @@
+class AddUserAccessScopesColumn < ActiveRecord::Migration[<%= rails_migration_version %>]
+  def change
+    add_column :users, :access_scopes, :string
+  end
+end

data/lib/generators/shopify_app/user_model/templates/db/migrate/create_users.erb ADDED Viewed

@@ -0,0 +1,16 @@
+class CreateUsers < ActiveRecord::Migration[<%= rails_migration_version %>]
+  def self.up
+    create_table :users do |t|
+      t.bigint :shopify_user_id, null: false
+      t.string :shopify_domain, null: false
+      t.string :shopify_token, null: false
+      t.timestamps
+    end
+    add_index :users, :shopify_user_id, unique: true
+  end
+  def self.down
+    drop_table :users
+  end
+end

data/lib/generators/shopify_app/user_model/templates/user.rb ADDED Viewed

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+class User < ActiveRecord::Base
+  include ShopifyApp::UserSessionStorageWithScopes
+  def api_version
+    ShopifyApp.configuration.api_version
+  end
+end

data/lib/generators/shopify_app/user_model/templates/users.yml ADDED Viewed

@@ -0,0 +1,4 @@
+regular_user:
+  shopify_domain: 'regular-shop.myshopify.com'
+  shopify_token: 'token'
+  shopify_user_id: 1

data/lib/generators/shopify_app/user_model/user_model_generator.rb ADDED Viewed

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+require 'rails/generators/base'
+require 'rails/generators/active_record'
+module ShopifyApp
+  module Generators
+    class UserModelGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path('../templates', __FILE__)
+      class_option :new_shopify_cli_app, type: :boolean, default: false
+      def create_user_model
+        copy_file('user.rb', 'app/models/user.rb')
+      end
+      def create_user_migration
+        migration_template('db/migrate/create_users.erb', 'db/migrate/create_users.rb')
+      end
+      def create_scopes_storage_in_user_model
+        scopes_column_prompt = <<~PROMPT
+          It is highly recommended that apps record the access scopes granted by \
+          merchants during app installation. See app/models/user.rb to modify how \
+          access scopes are stored and retrieved.
+          [WARNING] You will need to update the access_scopes accessors in the User model \
+          to allow shopify_app to store and retrieve scopes when going through OAuth.
+          The following migration will add an `access_scopes` column to the User model. \
+          Do you want to include this migration? [y/n]
+        PROMPT
+        if new_shopify_cli_app? || Rails.env.test? || yes?(scopes_column_prompt)
+          migration_template(
+            'db/migrate/add_user_access_scopes_column.erb',
+            'db/migrate/add_user_access_scopes_column.rb'
+          )
+        end
+      end
+      def update_shopify_app_initializer
+        gsub_file('config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryUserSessionStore', 'User')
+      end
+      def create_user_fixtures
+        copy_file('users.yml', 'test/fixtures/users.yml')
+      end
+      private
+      def new_shopify_cli_app?
+        options['new_shopify_cli_app']
+      end
+      def rails_migration_version
+        Rails.version.match(/\d\.\d/)[0]
+      end
+      class << self
+        private :next_migration_number
+        # for generating a timestamp when using `create_migration`
+        def next_migration_number(dir)
+          ActiveRecord::Generators::Base.next_migration_number(dir)
+        end
+      end
+    end
+  end
+end

data/lib/generators/shopify_app/views/views_generator.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'rails/generators/base'
 module ShopifyApp
@@ -7,7 +8,7 @@ module ShopifyApp
       def create_views
         views.each do |view|
-          copy_file view
+          copy_file(view)
         end
       end

data/lib/shopify_app/access_scopes/noop_strategy.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+module ShopifyApp
+  module AccessScopes
+    class NoopStrategy
+      class << self
+        def update_access_scopes?(*_args)
+          false
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/access_scopes/shop_strategy.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module ShopifyApp
+  module AccessScopes
+    class ShopStrategy
+      class << self
+        def update_access_scopes?(shop_domain)
+          shop_access_scopes = shop_access_scopes(shop_domain)
+          configuration_access_scopes != shop_access_scopes
+        end
+        private
+        def shop_access_scopes(shop_domain)
+          ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(shop_domain)&.access_scopes
+        end
+        def configuration_access_scopes
+          ShopifyAPI::ApiAccess.new(ShopifyApp.configuration.shop_access_scopes)
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/access_scopes/user_strategy.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+module ShopifyApp
+  module AccessScopes
+    class UserStrategy
+      class InvalidInput < StandardError; end
+      class << self
+        def update_access_scopes?(user_id: nil, shopify_user_id: nil)
+          return update_access_scopes_for_user_id?(user_id) if user_id
+          return update_access_scopes_for_shopify_user_id?(shopify_user_id) if shopify_user_id
+          raise(InvalidInput, '#update_access_scopes? requires user_id or shopify_user_id parameter inputs')
+        end
+        private
+        def update_access_scopes_for_user_id?(user_id)
+          user_access_scopes = user_access_scopes_by_user_id(user_id)
+          configuration_access_scopes != user_access_scopes
+        end
+        def update_access_scopes_for_shopify_user_id?(shopify_user_id)
+          user_access_scopes = user_access_scopes_by_shopify_user_id(shopify_user_id)
+          configuration_access_scopes != user_access_scopes
+        end
+        def user_access_scopes_by_user_id(user_id)
+          ShopifyApp::SessionRepository.retrieve_user_session(user_id)&.access_scopes
+        end
+        def user_access_scopes_by_shopify_user_id(shopify_user_id)
+          ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(shopify_user_id)&.access_scopes
+        end
+        def configuration_access_scopes
+          ShopifyAPI::ApiAccess.new(ShopifyApp.configuration.user_access_scopes)
+        end
+      end
+    end
+  end
+end

data/lib/shopify_app/configuration.rb CHANGED Viewed

@@ -1,17 +1,28 @@
+# frozen_string_literal: true
 module ShopifyApp
   class Configuration
     # Shopify App settings. These values should match the configuration
     # for the app in your Shopify Partners page. Change your settings in
     # `config/initializers/shopify_app.rb`
     attr_accessor :application_name
     attr_accessor :api_key
     attr_accessor :secret
+    attr_accessor :old_secret
     attr_accessor :scope
+    attr_writer :shop_access_scopes
+    attr_writer :user_access_scopes
     attr_accessor :embedded_app
     alias_method  :embedded_app?, :embedded_app
     attr_accessor :webhooks
     attr_accessor :scripttags
+    attr_accessor :after_authenticate_job
+    attr_accessor :api_version
+    attr_accessor :reauth_on_access_scope_changes
+    # customise urls
+    attr_accessor :root_url
+    attr_writer :login_url
     # customise ActiveJob queue names
     attr_accessor :scripttags_manager_queue_name
@@ -20,8 +31,57 @@ module ShopifyApp
     # configure myshopify domain for local shopify development
     attr_accessor :myshopify_domain
+    # ability to have webpacker installed but not used in this gem and the generators
+    attr_accessor :disable_webpacker
+    # allow namespacing webhook jobs
+    attr_accessor :webhook_jobs_namespace
+    # allow enabling of same site none on cookies
+    attr_writer :enable_same_site_none
+    # allow enabling jwt headers for authentication
+    attr_accessor :allow_jwt_authentication
+    attr_accessor :allow_cookie_authentication
     def initialize
+      @root_url = '/'
       @myshopify_domain = 'myshopify.com'
+      @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
+      @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
+      @disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
+      @allow_cookie_authentication = true
+    end
+    def login_url
+      @login_url || File.join(@root_url, 'login')
+    end
+    def user_session_repository=(klass)
+      ShopifyApp::SessionRepository.user_storage = klass
+    end
+    def user_session_repository
+      ShopifyApp::SessionRepository.user_storage
+    end
+    def shop_session_repository=(klass)
+      ShopifyApp::SessionRepository.shop_storage = klass
+    end
+    def shop_session_repository
+      ShopifyApp::SessionRepository.shop_storage
+    end
+    def shop_access_scopes_strategy
+      return ShopifyApp::AccessScopes::NoopStrategy unless reauth_on_access_scope_changes
+      ShopifyApp::AccessScopes::ShopStrategy
+    end
+    def user_access_scopes_strategy
+      return ShopifyApp::AccessScopes::NoopStrategy unless reauth_on_access_scope_changes
+      ShopifyApp::AccessScopes::UserStrategy
     end
     def has_webhooks?
@@ -32,12 +92,16 @@ module ShopifyApp
       scripttags.present?
     end
-    def scripttags_manager_queue_name
-      @scripttags_manager_queue_name ||= Rails.application.config.active_job.queue_name
+    def enable_same_site_none
+      !Rails.env.test? && (@enable_same_site_none.nil? ? embedded_app? : @enable_same_site_none)
+    end
+    def shop_access_scopes
+      @shop_access_scopes || scope
     end
-    def webhooks_manager_queue_name
-      @webhooks_manager_queue_name ||= Rails.application.config.active_job.queue_name
+    def user_access_scopes
+      @user_access_scopes || scope
     end
   end