RubyGems - shopify_app - Versions diffs - 7.2.0 → 17.1.0 - Mend

shopify_app 7.2.0 → 17.1.0

Files changed (199) hide show

checksums.yaml +5 -5
data/.babelrc +5 -0
data/.github/CODEOWNERS +1 -0
data/.github/ISSUE_TEMPLATE/bug-report.md +63 -0
data/.github/ISSUE_TEMPLATE/config.yml +1 -0
data/.github/ISSUE_TEMPLATE/feature-request.md +33 -0
data/.github/PULL_REQUEST_TEMPLATE.md +22 -0
data/.github/probots.yml +2 -0
data/.github/workflows/build.yml +38 -0
data/.github/workflows/release.yml +24 -0
data/.github/workflows/rubocop.yml +22 -0
data/.gitignore +4 -1
data/.nvmrc +1 -0
data/.rubocop.yml +18 -0
data/.ruby-version +1 -0
data/CHANGELOG.md +465 -0
data/CONTRIBUTING.md +76 -0
data/Gemfile +7 -0
data/Gemfile.lock +256 -0
data/README.md +73 -288
data/Rakefile +1 -0
data/SECURITY.md +59 -0
data/app/assets/images/storage_access.svg +1 -0
data/app/assets/javascripts/shopify_app/enable_cookies.js +3 -0
data/app/assets/javascripts/shopify_app/itp_helper.js +40 -0
data/app/assets/javascripts/shopify_app/partition_cookies.js +8 -0
data/app/assets/javascripts/shopify_app/redirect.js +33 -0
data/app/assets/javascripts/shopify_app/request_storage_access.js +3 -0
data/app/assets/javascripts/shopify_app/storage_access.js +154 -0
data/app/assets/javascripts/shopify_app/storage_access_redirect.js +17 -0
data/app/assets/javascripts/shopify_app/top_level.js +2 -0
data/app/assets/javascripts/shopify_app/top_level_interaction.js +11 -0
data/app/controllers/concerns/shopify_app/authenticated.rb +16 -0
data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +26 -0
data/app/controllers/concerns/shopify_app/require_known_shop.rb +39 -0
data/app/controllers/concerns/shopify_app/shop_access_scopes_verification.rb +32 -0
data/app/controllers/shopify_app/authenticated_controller.rb +5 -5
data/app/controllers/shopify_app/callback_controller.rb +196 -0
data/app/controllers/shopify_app/extension_verification_controller.rb +15 -0
data/app/controllers/shopify_app/sessions_controller.rb +190 -2
data/app/controllers/shopify_app/webhooks_controller.rb +16 -7
data/app/views/shopify_app/partials/_button_styles.html.erb +109 -0
data/app/views/shopify_app/partials/_card_styles.html.erb +33 -0
data/app/views/shopify_app/partials/_empty_state_styles.html.erb +98 -0
data/app/views/shopify_app/partials/_form_styles.html.erb +56 -0
data/app/views/shopify_app/partials/_layout_styles.html.erb +182 -0
data/app/views/shopify_app/partials/_typography_styles.html.erb +35 -0
data/app/views/shopify_app/sessions/enable_cookies.html.erb +70 -0
data/app/views/shopify_app/sessions/new.html.erb +39 -83
data/app/views/shopify_app/sessions/request_storage_access.html.erb +68 -0
data/app/views/shopify_app/sessions/top_level_interaction.html.erb +63 -0
data/app/views/shopify_app/shared/redirect.html.erb +23 -0
data/config/locales/cs.yml +23 -0
data/config/locales/da.yml +20 -0
data/config/locales/de.yml +22 -0
data/config/locales/en.yml +12 -1
data/config/locales/es.yml +21 -3
data/config/locales/fi.yml +20 -0
data/config/locales/fr.yml +23 -0
data/config/locales/hi.yml +23 -0
data/config/locales/it.yml +21 -0
data/config/locales/ja.yml +17 -0
data/config/locales/ko.yml +19 -0
data/config/locales/ms.yml +22 -0
data/config/locales/nb.yml +21 -0
data/config/locales/nl.yml +21 -0
data/config/locales/pl.yml +21 -0
data/config/locales/pt-BR.yml +21 -0
data/config/locales/pt-PT.yml +22 -0
data/config/locales/sv.yml +21 -0
data/config/locales/th.yml +20 -0
data/config/locales/tr.yml +22 -0
data/config/locales/vi.yml +22 -0
data/config/locales/zh-CN.yml +16 -0
data/config/locales/zh-TW.yml +16 -0
data/config/routes.rb +12 -1
data/docs/Quickstart.md +31 -0
data/docs/Releasing.md +21 -0
data/docs/Troubleshooting.md +16 -0
data/docs/Upgrading.md +110 -0
data/docs/shopify_app/authentication.md +124 -0
data/docs/shopify_app/engine.md +82 -0
data/docs/shopify_app/generators.md +127 -0
data/docs/shopify_app/handling-access-scopes-changes.md +8 -0
data/docs/shopify_app/script-tags.md +28 -0
data/docs/shopify_app/session-repository.md +88 -0
data/docs/shopify_app/testing.md +38 -0
data/docs/shopify_app/webhooks.md +72 -0
data/karma.conf.js +44 -0
data/lib/generators/shopify_app/add_after_authenticate_job/add_after_authenticate_job_generator.rb +47 -0
data/lib/generators/shopify_app/add_after_authenticate_job/templates/after_authenticate_job.rb +11 -0
data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +40 -0
data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb +62 -0
data/lib/generators/shopify_app/add_webhook/add_webhook_generator.rb +5 -4
data/lib/generators/shopify_app/add_webhook/templates/{webhook_job.rb → webhook_job.rb.tt} +5 -0
data/lib/generators/shopify_app/app_proxy_controller/app_proxy_controller_generator.rb +4 -3
data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_controller.rb +3 -3
data/lib/generators/shopify_app/app_proxy_controller/templates/app_proxy_route.rb +10 -9
data/lib/generators/shopify_app/app_proxy_controller/templates/index.html.erb +2 -2
data/lib/generators/shopify_app/authenticated_controller/authenticated_controller_generator.rb +15 -0
data/lib/generators/shopify_app/authenticated_controller/templates/authenticated_controller.rb +5 -0
data/lib/generators/shopify_app/controllers/controllers_generator.rb +2 -1
data/lib/generators/shopify_app/home_controller/home_controller_generator.rb +31 -9
data/lib/generators/shopify_app/home_controller/templates/home_controller.rb +6 -1
data/lib/generators/shopify_app/home_controller/templates/index.html.erb +70 -6
data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb +11 -0
data/lib/generators/shopify_app/install/install_generator.rb +78 -27
data/lib/generators/shopify_app/install/templates/_flash_messages.html.erb +1 -13
data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +12 -11
data/lib/generators/shopify_app/install/templates/flash_messages.js +24 -0
data/lib/generators/shopify_app/install/templates/omniauth.rb +3 -1
data/lib/generators/shopify_app/install/templates/session_store.rb +4 -0
data/lib/generators/shopify_app/install/templates/shopify_app.js +15 -0
data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +25 -0
data/lib/generators/shopify_app/install/templates/shopify_app_index.js +2 -0
data/lib/generators/shopify_app/install/templates/shopify_provider.rb.tt +8 -0
data/lib/generators/shopify_app/install/templates/user_agent.rb +6 -0
data/lib/generators/shopify_app/products_controller/products_controller_generator.rb +19 -0
data/lib/generators/shopify_app/products_controller/templates/products_controller.rb +8 -0
data/lib/generators/shopify_app/rotate_shopify_token_job/rotate_shopify_token_job_generator.rb +16 -0
data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token.rake +17 -0
data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb +42 -0
data/lib/generators/shopify_app/routes/routes_generator.rb +1 -0
data/lib/generators/shopify_app/routes/templates/routes.rb +10 -9
data/lib/generators/shopify_app/shop_model/shop_model_generator.rb +42 -14
data/lib/generators/shopify_app/shop_model/templates/db/migrate/add_shop_access_scopes_column.erb +5 -0
data/lib/generators/shopify_app/shop_model/templates/db/migrate/{create_shops.rb → create_shops.erb} +1 -1
data/lib/generators/shopify_app/shop_model/templates/shop.rb +6 -2
data/lib/generators/shopify_app/shopify_app_generator.rb +5 -3
data/lib/generators/shopify_app/user_model/templates/db/migrate/add_user_access_scopes_column.erb +5 -0
data/lib/generators/shopify_app/user_model/templates/db/migrate/create_users.erb +16 -0
data/lib/generators/shopify_app/user_model/templates/user.rb +8 -0
data/lib/generators/shopify_app/user_model/templates/users.yml +4 -0
data/lib/generators/shopify_app/user_model/user_model_generator.rb +70 -0
data/lib/generators/shopify_app/views/views_generator.rb +2 -1
data/lib/shopify_app/access_scopes/noop_strategy.rb +13 -0
data/lib/shopify_app/access_scopes/shop_strategy.rb +24 -0
data/lib/shopify_app/access_scopes/user_strategy.rb +41 -0
data/lib/shopify_app/configuration.rb +69 -5
data/lib/shopify_app/{app_proxy_verification.rb → controller_concerns/app_proxy_verification.rb} +4 -9
data/lib/shopify_app/controller_concerns/csrf_protection.rb +15 -0
data/lib/shopify_app/controller_concerns/embedded_app.rb +20 -0
data/lib/shopify_app/controller_concerns/itp.rb +45 -0
data/lib/shopify_app/controller_concerns/localization.rb +23 -0
data/lib/shopify_app/controller_concerns/login_protection.rb +244 -0
data/lib/shopify_app/controller_concerns/payload_verification.rb +24 -0
data/lib/shopify_app/controller_concerns/webhook_verification.rb +23 -0
data/lib/shopify_app/engine.rb +40 -0
data/lib/shopify_app/jobs/scripttags_manager_job.rb +16 -0
data/lib/shopify_app/{webhooks_manager_job.rb → jobs/webhooks_manager_job.rb} +3 -2
data/lib/shopify_app/{scripttags_manager.rb → managers/scripttags_manager.rb} +25 -8
data/lib/shopify_app/{webhooks_manager.rb → managers/webhooks_manager.rb} +6 -5
data/lib/shopify_app/middleware/jwt_middleware.rb +42 -0
data/lib/shopify_app/middleware/same_site_cookie_middleware.rb +34 -0
data/lib/shopify_app/omniauth/omniauth_configuration.rb +64 -0
data/lib/shopify_app/session/in_memory_session_store.rb +31 -0
data/lib/shopify_app/session/in_memory_shop_session_store.rb +16 -0
data/lib/shopify_app/session/in_memory_user_session_store.rb +16 -0
data/lib/shopify_app/session/jwt.rb +63 -0
data/lib/shopify_app/session/null_user_session_store.rb +22 -0
data/lib/shopify_app/session/session_repository.rb +56 -0
data/lib/shopify_app/session/session_storage.rb +20 -0
data/lib/shopify_app/session/shop_session_storage.rb +42 -0
data/lib/shopify_app/session/shop_session_storage_with_scopes.rb +58 -0
data/lib/shopify_app/session/user_session_storage.rb +42 -0
data/lib/shopify_app/session/user_session_storage_with_scopes.rb +58 -0
data/lib/shopify_app/test_helpers/all.rb +2 -0
data/lib/shopify_app/test_helpers/webhook_verification_helper.rb +17 -0
data/lib/shopify_app/utils.rb +24 -4
data/lib/shopify_app/version.rb +2 -1
data/lib/shopify_app.rb +65 -24
data/package.json +27 -0
data/service.yml +7 -0
data/shipit.rubygems.yml +3 -0
data/shopify_app.gemspec +20 -9
data/translation.yml +7 -0
data/webpack.config.js +24 -0
data/yarn.lock +5215 -0
metadata +274 -43
data/.travis.yml +0 -17
data/Gemfile.rails50 +0 -5
data/Gemfile.ruby22 +0 -6
data/Gemfile.ruby22.rails50 +0 -9
data/ISSUE_TEMPLATE.md +0 -14
data/QUICKSTART.md +0 -72
data/RELEASING +0 -13
data/lib/generators/shopify_app/home_controller/templates/shopify_app_ready_script.html.erb +0 -11
data/lib/generators/shopify_app/install/templates/shopify_app.rb +0 -9
data/lib/generators/shopify_app/install/templates/shopify_provider.rb +0 -4
data/lib/generators/shopify_app/install/templates/shopify_session_repository.rb +0 -23
data/lib/generators/shopify_app/shop_model/templates/shopify_session_repository.rb +0 -7
data/lib/shopify_app/in_memory_session_store.rb +0 -25
data/lib/shopify_app/login_protection.rb +0 -103
data/lib/shopify_app/scripttags_manager_job.rb +0 -15
data/lib/shopify_app/session_storage.rb +0 -23
data/lib/shopify_app/sessions_concern.rb +0 -101
data/lib/shopify_app/shop.rb +0 -15
data/lib/shopify_app/shopify_session_repository.rb +0 -34
data/lib/shopify_app/webhook_verification.rb +0 -39

data/lib/shopify_app/login_protection.rb DELETED Viewed

@@ -1,103 +0,0 @@
-module ShopifyApp
-  module LoginProtection
-    extend ActiveSupport::Concern
-    included do
-      rescue_from ActiveResource::UnauthorizedAccess, :with => :close_session
-    end
-    def shopify_session
-      if shop_session
-        begin
-          ShopifyAPI::Base.activate_session(shop_session)
-          yield
-        ensure
-          ShopifyAPI::Base.clear_session
-        end
-      else
-        redirect_to_login
-      end
-    end
-    def shop_session
-      return unless session[:shopify]
-      @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
-    end
-    def login_again_if_different_shop
-      if shop_session && params[:shop] && params[:shop].is_a?(String) && shop_session.url != params[:shop]
-        session[:shopify] = nil
-        session[:shopify_domain] = nil
-        redirect_to_login
-      end
-    end
-    protected
-    def redirect_to_login
-      if request.xhr?
-        head :unauthorized
-      else
-        session[:return_to] = request.fullpath if request.get?
-        redirect_to_with_fallback main_or_engine_login_url(shop: params[:shop])
-      end
-    end
-    def close_session
-      session[:shopify] = nil
-      session[:shopify_domain] = nil
-      redirect_to_with_fallback main_or_engine_login_url(shop: params[:shop])
-    end
-    def main_or_engine_login_url(params = {})
-      main_app.login_url(params)
-    rescue NoMethodError => e
-      shopify_app.login_url(params)
-    end
-    def redirect_to_with_fallback(url)
-      url_json = url.to_json
-      url_json_no_quotes = url_json.gsub(/\A"|"\Z/, '')
-      render inline: %Q(
-        <!DOCTYPE html>
-        <html lang="en">
-          <head>
-            <meta charset="utf-8" />
-            <title>Redirecting…</title>
-            <script type="text/javascript">
-              window.location.href = #{url_json};
-            </script>
-          </head>
-          <body>
-          </body>
-        </html>
-      ), status: 302, location: url
-    end
-    def fullpage_redirect_to(url)
-      url_json = url.to_json
-      url_json_no_quotes = url_json.gsub(/\A"|"\Z/, '')
-      if ShopifyApp.configuration.embedded_app?
-        render inline: %Q(
-          <!DOCTYPE html>
-          <html lang="en">
-            <head>
-              <meta charset="utf-8" />
-              <base target="_top">
-              <title>Redirecting…</title>
-              <script type="text/javascript">
-                window.top.location.href = #{url_json};
-              </script>
-            </head>
-            <body>
-            </body>
-          </html>
-        )
-      else
-        redirect_to_with_fallback url
-      end
-    end
-  end
-end

data/lib/shopify_app/scripttags_manager_job.rb DELETED Viewed

@@ -1,15 +0,0 @@
-module ShopifyApp
-  class ScripttagsManagerJob < ActiveJob::Base
-    queue_as do
-      ShopifyApp.configuration.webhooks_manager_queue_name
-    end
-    def perform(shop_domain:, shop_token:, scripttags:)
-      ShopifyAPI::Session.temp(shop_domain, shop_token) do
-        manager = ScripttagsManager.new(scripttags)
-        manager.create_scripttags
-      end
-    end
-  end
-end

data/lib/shopify_app/session_storage.rb DELETED Viewed

@@ -1,23 +0,0 @@
-module ShopifyApp
-  module SessionStorage
-    extend ActiveSupport::Concern
-    class_methods do
-      def store(session)
-        shop = self.find_or_initialize_by(shopify_domain: session.url)
-        shop.shopify_token = session.token
-        shop.save!
-        shop.id
-      end
-      def retrieve(id)
-        return unless id
-        if shop = self.find_by(id: id)
-          ShopifyAPI::Session.new(shop.shopify_domain, shop.shopify_token)
-        end
-      end
-    end
-  end
-end

data/lib/shopify_app/sessions_concern.rb DELETED Viewed

@@ -1,101 +0,0 @@
-module ShopifyApp
-  module SessionsConcern
-    extend ActiveSupport::Concern
-    included do
-      include ShopifyApp::LoginProtection
-      layout false, only: :new
-    end
-    def new
-      authenticate if params[:shop].present?
-    end
-    def create
-      authenticate
-    end
-    def callback
-      if auth_hash
-        login_shop
-        install_webhooks
-        install_scripttags
-        flash[:notice] = I18n.t('.logged_in')
-        redirect_to_with_fallback return_address
-      else
-        flash[:error] = I18n.t('could_not_log_in')
-        redirect_to_with_fallback login_url
-      end
-    end
-    def destroy
-      session[:shopify] = nil
-      session[:shopify_domain] = nil
-      flash[:notice] = I18n.t('.logged_out')
-      redirect_to_with_fallback login_url
-    end
-    protected
-    def authenticate
-      if shop_name = sanitize_shop_param(params)
-        fullpage_redirect_to "#{main_app.root_path}auth/shopify?shop=#{shop_name}"
-      else
-        redirect_to_with_fallback return_address
-      end
-    end
-    def login_shop
-      sess = ShopifyAPI::Session.new(shop_name, token)
-      session[:shopify] = ShopifyApp::SessionRepository.store(sess)
-      session[:shopify_domain] = shop_name
-    end
-    def auth_hash
-      request.env['omniauth.auth']
-    end
-    def shop_name
-      auth_hash.uid
-    end
-    def token
-      auth_hash['credentials']['token']
-    end
-    def install_webhooks
-      return unless ShopifyApp.configuration.has_webhooks?
-      WebhooksManager.queue(
-        shop_name,
-        token,
-        ShopifyApp.configuration.webhooks
-      )
-    end
-    def install_scripttags
-      return unless ShopifyApp.configuration.has_scripttags?
-      ScripttagsManager.queue(
-        shop_name,
-        token,
-        ShopifyApp.configuration.scripttags
-      )
-    end
-    def return_address
-      session.delete(:return_to) || main_app.root_url
-    end
-    def sanitized_shop_name
-      @sanitized_shop_name ||= sanitize_shop_param(params)
-    end
-    def sanitize_shop_param(params)
-      return unless params[:shop].present?
-      ShopifyApp::Utils.sanitize_shop_domain(params[:shop])
-    end
-  end
-end

data/lib/shopify_app/shop.rb DELETED Viewed

@@ -1,15 +0,0 @@
-module ShopifyApp
-  module Shop
-    extend ActiveSupport::Concern
-    included do
-      validates :shopify_domain, presence: true, uniqueness: true
-      validates :shopify_token, presence: true
-    end
-    def with_shopify_session(&block)
-      ShopifyAPI::Session.temp(shopify_domain, shopify_token, &block)
-    end
-  end
-end

data/lib/shopify_app/shopify_session_repository.rb DELETED Viewed

@@ -1,34 +0,0 @@
-module ShopifyApp
-  class SessionRepository
-    class ConfigurationError < StandardError; end
-    class << self
-      def storage=(storage)
-        @storage = storage
-        unless storage.nil? || self.storage.respond_to?(:store) && self.storage.respond_to?(:retrieve)
-          raise ArgumentError, "storage must respond to :store and :retrieve"
-        end
-      end
-      def retrieve(id)
-        storage.retrieve(id)
-      end
-      def store(session)
-        storage.store(session)
-      end
-      def storage
-        load_storage || raise(ConfigurationError.new("ShopifySessionRepository.storage is not configured!"))
-      end
-      private
-      def load_storage
-        return unless @storage
-        @storage.respond_to?(:safe_constantize) ? @storage.safe_constantize : @storage
-      end
-    end
-  end
-end

data/lib/shopify_app/webhook_verification.rb DELETED Viewed

@@ -1,39 +0,0 @@
-module ShopifyApp
-  module WebhookVerification
-    extend ActiveSupport::Concern
-    included do
-      if Rails.version >= '5.0'
-        skip_before_action :verify_authenticity_token, raise: false
-      else
-        skip_before_action :verify_authenticity_token
-      end
-      before_action :verify_request
-    end
-    private
-    def verify_request
-      data = request.raw_post
-      return head :unauthorized unless hmac_valid?(data)
-    end
-    def hmac_valid?(data)
-      secret = ShopifyApp.configuration.secret
-      digest = OpenSSL::Digest.new('sha256')
-      ActiveSupport::SecurityUtils.variable_size_secure_compare(
-        shopify_hmac,
-        Base64.encode64(OpenSSL::HMAC.digest(digest, secret, data)).strip
-      )
-    end
-    def shop_domain
-      request.headers['HTTP_X_SHOPIFY_SHOP_DOMAIN']
-    end
-    def shopify_hmac
-      request.headers['HTTP_X_SHOPIFY_HMAC_SHA256']
-    end
-  end
-end