shopify_app 7.2.0 → 17.1.0

data/app/controllers/shopify_app/extension_verification_controller.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  class ExtensionVerificationController < ActionController::Base
+    include ShopifyApp::PayloadVerification
+    protect_from_forgery with: :null_session
+    before_action :verify_request
+
+    private
+
+    def verify_request
+      head(:unauthorized) unless hmac_valid?(request.body.read)
+    end
+  end
+end

data/app/controllers/shopify_app/sessions_controller.rb

@@ -1,5 +1,193 @@
+# frozen_string_literal: true
 module ShopifyApp
-  class SessionsController < ApplicationController
-    include ShopifyApp::SessionsConcern
+  class SessionsController < ActionController::Base
+    include ShopifyApp::LoginProtection
+
+    layout false, only: :new
+
+    after_action only: [:new, :create] do |controller|
+      controller.response.headers.except!('X-Frame-Options')
+    end
+
+    def new
+      authenticate if sanitized_shop_name.present?
+    end
+
+    def create
+      authenticate
+    end
+
+    def enable_cookies
+      return unless validate_shop_presence
+
+      render(:enable_cookies, layout: false, locals: {
+        does_not_have_storage_access_url: top_level_interaction_path(
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
+        ),
+        has_storage_access_url: login_url_with_optional_shop(top_level: true),
+        app_target_url: granted_storage_access_path(
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
+        ),
+        current_shopify_domain: current_shopify_domain,
+      })
+    end
+
+    def top_level_interaction
+      @url = login_url_with_optional_shop(top_level: true)
+      validate_shop_presence
+    end
+
+    def granted_storage_access
+      return unless validate_shop_presence
+
+      session['shopify.granted_storage_access'] = true
+
+      copy_return_to_param_to_session
+
+      redirect_to(return_address_with_params({ shop: @shop }))
+    end
+
+    def destroy
+      reset_session
+      flash[:notice] = I18n.t('.logged_out')
+      redirect_to(login_url_with_optional_shop)
+    end
+
+    private
+
+    def authenticate
+      return render_invalid_shop_error unless sanitized_shop_name.present?
+      session['shopify.omniauth_params'] = { shop: sanitized_shop_name }
+
+      copy_return_to_param_to_session
+
+      set_user_tokens_option
+
+      if user_agent_can_partition_cookies
+        authenticate_with_partitioning
+      else
+        authenticate_normally
+      end
+    end
+
+    def authenticate_normally
+      if request_storage_access?
+        redirect_to_request_storage_access
+      elsif authenticate_in_context?
+        authenticate_in_context
+      else
+        authenticate_at_top_level
+      end
+    end
+
+    def authenticate_with_partitioning
+      if session['shopify.cookies_persist']
+        clear_top_level_oauth_cookie
+        authenticate_in_context
+      else
+        set_top_level_oauth_cookie
+        enable_cookie_access
+      end
+    end
+
+    # Override shop_session_by_cookie from LoginProtection to bypass allow_cookie_authentication
+    # setting check because session cookies are justified at top level
+    def shop_session_by_cookie
+      return unless session[:shop_id].present?
+      ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
+    end
+
+    # rubocop:disable Lint/SuppressedException
+    def set_user_tokens_option
+      current_shop_session = shop_session
+
+      if current_shop_session.blank?
+        session[:user_tokens] = false
+        return
+      end
+
+      session[:user_tokens] = ShopifyApp::SessionRepository.user_storage.present?
+
+      ShopifyAPI::Session.temp(
+        domain: current_shop_session.domain,
+        token: current_shop_session.token,
+        api_version: current_shop_session.api_version
+      ) do
+        ShopifyAPI::Metafield.find(:token_validity_bogus_check)
+      end
+    rescue ActiveResource::UnauthorizedAccess
+      session[:user_tokens] = false
+    rescue StandardError
+    end
+    # rubocop:enable Lint/SuppressedException
+
+    def validate_shop_presence
+      @shop = sanitized_shop_name
+      unless @shop
+        render_invalid_shop_error
+        return false
+      end
+
+      true
+    end
+
+    def copy_return_to_param_to_session
+      session[:return_to] = RedirectSafely.make_safe(params[:return_to], '/') if params[:return_to]
+    end
+
+    def render_invalid_shop_error
+      flash[:error] = I18n.t('invalid_shop_url')
+      redirect_to(return_address)
+    end
+
+    def enable_cookie_access
+      fullpage_redirect_to(enable_cookies_path(
+        shop: sanitized_shop_name,
+        return_to: session[:return_to]
+      ))
+    end
+
+    def authenticate_in_context
+      redirect_to("#{main_app.root_path}auth/shopify")
+    end
+
+    def authenticate_at_top_level
+      fullpage_redirect_to(login_url_with_optional_shop(top_level: true))
+    end
+
+    def authenticate_in_context?
+      return true unless ShopifyApp.configuration.embedded_app?
+      params[:top_level]
+    end
+
+    def request_storage_access?
+      return false unless ShopifyApp.configuration.embedded_app?
+      return false if params[:top_level]
+      return false if user_agent_is_mobile
+      return false if user_agent_is_pos
+
+      !session['shopify.granted_storage_access']
+    end
+
+    def redirect_to_request_storage_access
+      render(
+        :request_storage_access,
+        layout: false,
+        locals: {
+          does_not_have_storage_access_url: top_level_interaction_path(
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
+          ),
+          has_storage_access_url: login_url_with_optional_shop(top_level: true),
+          app_target_url: granted_storage_access_path(
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
+          ),
+          current_shopify_domain: current_shopify_domain,
+        }
+      )
+    end
   end
 end

data/app/controllers/shopify_app/webhooks_controller.rb

@@ -1,14 +1,15 @@
+# frozen_string_literal: true
 module ShopifyApp
-  class WebhooksController < ApplicationController
-    include ShopifyApp::WebhookVerification
+  class MissingWebhookJobError < StandardError; end
 
-    class ShopifyApp::MissingWebhookJobError < StandardError; end
+  class WebhooksController < ActionController::Base
+    include ShopifyApp::WebhookVerification
 
     def receive
-      params.try(:permit!)
-      job_args = {shop_domain: shop_domain, webhook: webhook_params.to_h}
+      params.permit!
+      job_args = { shop_domain: shop_domain, webhook: webhook_params.to_h }
       webhook_job_klass.perform_later(job_args)
-      head :no_content
+      head(:ok)
     end
 
     private
@@ -18,11 +19,19 @@ module ShopifyApp
     end
 
     def webhook_job_klass
-      "#{webhook_type.classify}Job".safe_constantize or raise ShopifyApp::MissingWebhookJobError
+      webhook_job_klass_name.safe_constantize || raise(ShopifyApp::MissingWebhookJobError)
+    end
+
+    def webhook_job_klass_name(type = webhook_type)
+      [webhook_namespace, "#{type}_job"].compact.join('/').classify
     end
 
     def webhook_type
       params[:type]
     end
+
+    def webhook_namespace
+      ShopifyApp.configuration.webhook_jobs_namespace
+    end
   end
 end

data/app/views/shopify_app/partials/_button_styles.html.erb

@@ -0,0 +1,109 @@
+<style>
+  .Polaris-Button {
+    position:relative;
+    display:-webkit-inline-box;
+    display:-ms-inline-flexbox;
+    display:inline-flex;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    -webkit-box-pack:center;
+    -ms-flex-pack:center;
+    justify-content:center;
+    min-height:3.6rem;
+    min-width:3.6rem;
+    margin:0;
+    padding:0.7rem 1.6rem;
+    background-color:#ffffff;
+    border:1px solid #babfc3;
+    border-top-color: #c9cccf;
+    border-bottom-color: #babfc4;
+    box-shadow:0 1px 0 0 rgba(0, 0, 0, 0.05);
+    border-radius:4px;
+    line-height:1;
+    color:#202223;
+    text-align:center;
+    cursor:pointer;
+    -webkit-user-select:none;
+    -moz-user-select:none;
+    -ms-user-select:none;
+    user-select:none;
+    text-decoration:none;
+    transition-property:background, border, box-shadow;
+    transition-duration:100ms;
+    transition-timing-function:cubic-bezier(0.64, 0, 0.35, 1);
+  }
+
+  .Polaris-Button:hover {
+    background-color:#f6f6f7;
+  }
+
+  .Polaris-Button:focus {
+    outline:0;
+  }
+
+  .Polaris-Button:focus:after {
+    box-shadow:0 0 0 .2rem #448fff;
+  }
+
+  .Polaris-Button:after {
+    content:'';
+    position:absolute;
+    z-index:1;
+    top:-.2rem;
+    right:-.2rem;
+    bottom:-.2rem;
+    left:-.2rem;
+    display:block;
+    pointer-events:none;
+    box-shadow:0 0 0 -.2rem #448fff;
+    transition:box-shadow 100ms cubic-bezier(0.64, 0, 0.35, 1);
+    border-radius:5px;
+  }
+
+  .Polaris-Button:active {
+    background-color:#f1f2f3);
+  }
+
+  .Polaris-Button__Content {
+    font-size:1.4rem;
+    font-weight:500;
+    line-height:1.6rem;
+    text-transform:initial;
+    letter-spacing:initial;
+    position:relative;
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display:flex;
+    -webkit-box-pack:center;
+    -ms-flex-pack:center;
+    justify-content:center;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    min-width:1px;
+    min-height:1px;
+  }
+
+  .Polaris-Button--primary {
+    background-color:#008060;
+    border-color:transparent;
+    border-width:0;
+    color:white;
+  }
+
+  .Polaris-Button--primary:hover {
+    background-color:#006e52;
+    border-color:transparent;
+    color:white;
+  }
+
+  .Polaris-Button--primary:active {
+    background-color:#005e46;
+    border-color:transparent;
+  }
+
+  .Polaris-Button--sizeLarge {
+    padding:1.1rem 2.4rem;
+  }
+</style>

data/app/views/shopify_app/partials/_card_styles.html.erb

@@ -0,0 +1,33 @@
+<style>
+  .Polaris-Card {
+    overflow:hidden;
+    background-color:white;
+    box-shadow:0 0 0 1px rgba(63, 63, 68, 0.05), 0 1px 3px 0 rgba(63, 63, 68, 0.15);
+  }
+
+  .Polaris-Card + .Polaris-Card {
+    margin-top:2rem;
+  }
+
+  @media (min-width: 30.625em) {
+    .Polaris-Card {
+      border-radius:8px;
+    }
+  }
+
+  .Polaris-Card__Header {
+    padding:2rem 2rem 0;
+  }
+
+  .Polaris-Card__Section {
+    padding:2rem;
+  }
+
+  .Polaris-Card__Section + .Polaris-Card__Section {
+    border-top:.1rem solid #e4e5e7;
+  }
+
+  .Polaris-Card__Section--subdued {
+    background-color:#fafbfb;
+  }
+</style>

data/app/views/shopify_app/partials/_empty_state_styles.html.erb

@@ -0,0 +1,98 @@
+<style>
+  .Polaris-EmptyState {
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display:flex;
+    -webkit-box-orient:vertical;
+    -webkit-box-direction:normal;
+    -ms-flex-direction:column;
+    flex-direction:column;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    width:100%;
+    margin:0 auto;
+    padding:2rem 0 6rem;
+    max-width:99.8rem;
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState--imageContained .Polaris-EmptyState__Image {
+      position:initial;
+      width:100%;
+    }
+  }
+
+  .Polaris-EmptyState__Section {
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display:flex;
+    -webkit-box-orient:vertical;
+    -webkit-box-direction:reverse;
+    -ms-flex-direction:column-reverse;
+    flex-direction:column-reverse;
+    -webkit-box-flex:1;
+    -ms-flex:1 1 auto;
+    flex:1 1 auto;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    width:100%;
+  }
+
+  .Polaris-EmptyState__ImageContainer,
+  .Polaris-EmptyState__DetailsContainer {
+    -webkit-box-flex:1;
+    -ms-flex:1 1 auto;
+    flex:1 1 auto;
+    padding:0;
+    margin:0; 
+    text-align:center;
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState__ImageContainer,
+    .Polaris-EmptyState__DetailsContainer {
+      -ms-flex-preferred-size:50%;
+      flex-basis:50%;
+    }
+  }
+
+  .Polaris-EmptyState__Details {
+    max-width:40rem;
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display: flex;
+    -webkit-box-orient:vertical;
+    -webkit-box-direction:normal;
+    -ms-flex-direction:column;
+    flex-direction: column;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items: center;
+  }
+
+  .Polaris-EmptyState__Content {
+    margin-top: 1.6rem;
+    font-size:1.5rem;
+    font-weight:400;
+    line-height:2rem;
+    color:#6d7175;
+    padding-bottom: .8rem;
+  }
+
+  @media (min-width: 40em) {
+    .Polaris-EmptyState__Content {
+      font-size:1.4rem;
+    }
+  }
+
+  .Polaris-EmptyState__Actions {
+    margin-top:1.6rem;
+  }
+
+  .Polaris-EmptyState__Image {
+    margin: 0;
+    width: auto;
+  }
+</style>

data/app/views/shopify_app/partials/_form_styles.html.erb

@@ -0,0 +1,56 @@
+<style>
+  .Polaris-Label {
+    margin-bottom:.4rem;
+  }
+
+  .Polaris-Label__Text {
+    -webkit-tap-highlight-color:transparent;
+  }
+
+  .Polaris-TextField {
+    position:relative;
+    margin-bottom:1.6rem;
+  }
+
+  .Polaris-TextField--InlineError {
+    margin-bottom:.4rem;
+  }
+
+  .Polaris-TextField__Input {
+    width:100%;
+    padding:.5rem 1.2rem;
+    border:1px solid #c9cccf;
+    border-top-color:#aeb4b9;
+    border-radius:4px;
+    box-shadow:none;
+    line-height:2.4rem;
+  }
+
+  .Polaris-TextField__Input:focus {
+    outline:none;
+  }
+
+  .Polaris-TextField__Backdrop:after {
+    content:'';
+    position:absolute;
+    z-index:1;
+    top:-.2rem;
+    right:-.2rem;
+    bottom:-.2rem;
+    left:-.2rem;
+    display:block;
+    pointer-events:none;
+    box-shadow:0 0 0 -.2rem #448fff;
+    transition:box-shadow .1s cubic-bezier(0.64, 0, 0.35, 1);
+    border-radius:5px;
+  }
+
+  .Polaris-TextField__Input:focus~.Polaris-TextField__Backdrop:after {
+    box-shadow:0 0 0 .2rem #448fff;
+  }
+
+ .Polaris-InlineError {
+   color:#d72c0d;
+   margin-bottom:1.6rem;
+ }
+</style>