shopify_app 7.2.0 → 8.5.0

data/app/assets/javascripts/shopify_app/storage_access_redirect.js

@@ -0,0 +1,17 @@
+(function() {
+  function redirect() {
+    var redirectTargetElement = document.getElementById("redirection-target");
+
+    var targetInfo = JSON.parse(redirectTargetElement.dataset.target)
+
+    if (window.top == window.self) {
+      // If the current window is the 'parent', change the URL by setting location.href
+      window.top.location.href = targetInfo.hasStorageAccessUrl;
+    } else {
+        var storageAccessHelper = new StorageAccessHelper(targetInfo);
+        storageAccessHelper.execute();
+    }
+  }
+
+  document.addEventListener("DOMContentLoaded", redirect);
+})();

data/app/assets/javascripts/shopify_app/top_level.js

@@ -0,0 +1,2 @@
+//= require ./itp_helper.js
+//= require ./top_level_interaction.js

data/app/assets/javascripts/shopify_app/top_level_interaction.js

@@ -0,0 +1,11 @@
+(function() {
+  function setUpTopLevelInteraction() {
+    var TopLevelInteraction = new ITPHelper({
+      redirectUrl: window.redirectUrl,
+    });
+
+    TopLevelInteraction.execute();
+  }
+
+  document.addEventListener("DOMContentLoaded", setUpTopLevelInteraction);
+})();

data/app/controllers/shopify_app/authenticated_controller.rb

@@ -1,8 +1,11 @@
 module ShopifyApp
-  class AuthenticatedController < ApplicationController
+  class AuthenticatedController < ActionController::Base
+    include ShopifyApp::Localization
     include ShopifyApp::LoginProtection
+    include ShopifyApp::EmbeddedApp
+
+    protect_from_forgery with: :exception
     before_action :login_again_if_different_shop
     around_action :shopify_session
-    layout ShopifyApp.configuration.embedded_app? ? 'embedded_app' : 'application'
   end
 end

data/app/controllers/shopify_app/callback_controller.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  # Performs login after OAuth completes
+  class CallbackController < ActionController::Base
+    include ShopifyApp::LoginProtection
+
+    def callback
+      if auth_hash
+        login_shop
+        install_webhooks
+        install_scripttags
+        perform_after_authenticate_job
+
+        redirect_to return_address
+      else
+        flash[:error] = I18n.t('could_not_log_in')
+        redirect_to login_url
+      end
+    end
+
+    private
+
+    def login_shop
+      reset_session_options
+      set_shopify_session
+    end
+
+    def auth_hash
+      request.env['omniauth.auth']
+    end
+
+    def shop_name
+      auth_hash.uid
+    end
+
+    def associated_user
+      return unless auth_hash['extra'].present?
+
+      auth_hash['extra']['associated_user']
+    end
+
+    def token
+      auth_hash['credentials']['token']
+    end
+
+    def reset_session_options
+      request.session_options[:renew] = true
+      session.delete(:_csrf_token)
+    end
+
+    def set_shopify_session
+      session_store = ShopifyAPI::Session.new(shop_name, token)
+
+      session[:shopify] = ShopifyApp::SessionRepository.store(session_store)
+      session[:shopify_domain] = shop_name
+      session[:shopify_user] = associated_user
+    end
+
+    def install_webhooks
+      return unless ShopifyApp.configuration.has_webhooks?
+
+      WebhooksManager.queue(
+        shop_name,
+        token,
+        ShopifyApp.configuration.webhooks
+      )
+    end
+
+    def install_scripttags
+      return unless ShopifyApp.configuration.has_scripttags?
+
+      ScripttagsManager.queue(
+        shop_name,
+        token,
+        ShopifyApp.configuration.scripttags
+      )
+    end
+
+    def perform_after_authenticate_job
+      config = ShopifyApp.configuration.after_authenticate_job
+
+      return unless config && config[:job].present?
+
+      if config[:inline] == true
+        config[:job].perform_now(shop_domain: session[:shopify_domain])
+      else
+        config[:job].perform_later(shop_domain: session[:shopify_domain])
+      end
+    end
+  end
+end

data/app/controllers/shopify_app/sessions_controller.rb

@@ -1,5 +1,123 @@
 module ShopifyApp
-  class SessionsController < ApplicationController
-    include ShopifyApp::SessionsConcern
+  class SessionsController < ActionController::Base
+    include ShopifyApp::LoginProtection
+
+    layout false, only: :new
+    after_action only: [:new, :create] do |controller|
+      controller.response.headers.except!('X-Frame-Options')
+    end
+
+    def new
+      authenticate if sanitized_shop_name.present?
+    end
+
+    def create
+      authenticate
+    end
+
+    def enable_cookies
+      validate_shop
+    end
+
+    def top_level_interaction
+      @url = login_url(top_level: true)
+      validate_shop
+    end
+
+    def granted_storage_access
+      return unless validate_shop
+
+      session['shopify.granted_storage_access'] = true
+
+      params = { shop: @shop }
+      redirect_to "#{ShopifyApp.configuration.root_url}?#{params.to_query}"
+    end
+
+    def destroy
+      reset_session
+      flash[:notice] = I18n.t('.logged_out')
+      redirect_to login_url
+    end
+
+    private
+
+    def authenticate
+      return render_invalid_shop_error unless sanitized_shop_name.present?
+      session['shopify.omniauth_params'] = { shop: sanitized_shop_name }
+
+      if user_agent_can_partition_cookies
+        authenticate_with_partitioning
+      else
+        authenticate_normally
+      end
+    end
+
+    def authenticate_normally
+      if request_storage_access?
+        redirect_to_request_storage_access
+      elsif authenticate_in_context?
+        authenticate_in_context
+      else
+        authenticate_at_top_level
+      end
+    end
+
+    def authenticate_with_partitioning
+      if session['shopify.cookies_persist']
+        clear_top_level_oauth_cookie
+        authenticate_in_context
+      else
+        set_top_level_oauth_cookie
+        fullpage_redirect_to enable_cookies_path(shop: sanitized_shop_name)
+      end
+    end
+
+    def validate_shop
+      @shop = sanitized_shop_name
+      unless @shop
+        render_invalid_shop_error
+        return false
+      end
+
+      true
+    end
+
+    def render_invalid_shop_error
+      flash[:error] = I18n.t('invalid_shop_url')
+      redirect_to return_address
+    end
+
+    def authenticate_in_context
+      redirect_to "#{main_app.root_path}auth/shopify"
+    end
+
+    def authenticate_at_top_level
+      fullpage_redirect_to login_url(top_level: true)
+    end
+
+    def authenticate_in_context?
+      return true unless ShopifyApp.configuration.embedded_app?
+      params[:top_level]
+    end
+
+    def request_storage_access?
+      return false unless ShopifyApp.configuration.embedded_app?
+      return false if params[:top_level]
+      return false if user_agent_is_mobile
+      return false if user_agent_is_pos
+
+      !session['shopify.granted_storage_access']
+    end
+
+    def redirect_to_request_storage_access
+      render :request_storage_access, layout: false, locals: {
+        does_not_have_storage_access_url: top_level_interaction_path(
+          shop: sanitized_shop_name
+        ),
+        has_storage_access_url: login_url(top_level: true),
+        app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
+        current_shopify_domain: current_shopify_domain
+      }
+    end
   end
 end

data/app/controllers/shopify_app/webhooks_controller.rb

@@ -1,11 +1,11 @@
 module ShopifyApp
-  class WebhooksController < ApplicationController
+  class WebhooksController < ActionController::Base
     include ShopifyApp::WebhookVerification
 
     class ShopifyApp::MissingWebhookJobError < StandardError; end
 
     def receive
-      params.try(:permit!)
+      params.permit!
       job_args = {shop_domain: shop_domain, webhook: webhook_params.to_h}
       webhook_job_klass.perform_later(job_args)
       head :no_content
@@ -18,11 +18,19 @@ module ShopifyApp
     end
 
     def webhook_job_klass
-      "#{webhook_type.classify}Job".safe_constantize or raise ShopifyApp::MissingWebhookJobError
+      webhook_job_klass_name.safe_constantize or raise ShopifyApp::MissingWebhookJobError
+    end
+
+    def webhook_job_klass_name(type = webhook_type)
+      [webhook_namespace, "#{type}_job"].compact.join('/').classify
     end
 
     def webhook_type
       params[:type]
     end
+
+    def webhook_namespace
+      ShopifyApp.configuration.webhook_jobs_namespace
+    end
   end
 end

data/app/views/shopify_app/partials/_button_styles.html.erb

@@ -0,0 +1,104 @@
+<style>
+  .Polaris-Button {
+    fill:#637381;
+    position:relative;
+    display:-webkit-inline-box;
+    display:-ms-inline-flexbox;
+    display:inline-flex;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    -webkit-box-pack:center;
+    -ms-flex-pack:center;
+    justify-content:center;
+    min-height:3.6rem;
+    min-width:3.6rem;
+    margin:0;
+    padding:0.7rem 1.6rem;
+    background:linear-gradient(to bottom, white, #f9fafb);
+    border:1px solid #c4cdd5;
+    box-shadow:0 1px 0 0 rgba(22, 29, 37, 0.05);
+    border-radius:3px;
+    line-height:1;
+    color:#212b36;
+    text-align:center;
+    cursor:pointer;
+    -webkit-user-select:none;
+    -moz-user-select:none;
+    -ms-user-select:none;
+    user-select:none;
+    text-decoration:none;
+    transition-property:background, border, box-shadow;
+    transition-duration:200ms;
+    transition-timing-function:cubic-bezier(0.64, 0, 0.35, 1);
+  }
+
+  .Polaris-Button:hover {
+    background:linear-gradient(to bottom, #f9fafb, #f4f6f8);
+    border-color:#c4cdd5;
+  }
+
+  .Polaris-Button:focus {
+    border-color:#5c6ac4;
+    outline:0;
+    box-shadow:0 0 0 1px #5c6ac4;
+  }
+
+  .Polaris-Button:active {
+    background:linear-gradient(to bottom, #f4f6f8, #f4f6f8);
+    border-color:#c4cdd5;
+    box-shadow:0 0 0 0 transparent, inset 0 1px 1px 0 rgba(99, 115, 129, 0.1), inset 0 1px 4px 0 rgba(99, 115, 129, 0.2);
+  }
+
+  .Polaris-Button__Content {
+    font-size:1.5rem;
+    font-weight:400;
+    line-height:1.6rem;
+    text-transform:initial;
+    letter-spacing:initial;
+    position:relative;
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display:flex;
+    -webkit-box-pack:center;
+    -ms-flex-pack:center;
+    justify-content:center;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    min-width:1px;
+    min-height:1px;
+  }
+
+  @media (min-width: 40em) {
+    .Polaris-Button__Content {
+      font-size:1.4rem;
+    }
+  }
+
+  .Polaris-Button--primary {
+    background:linear-gradient(to bottom, #6371c7, #5563c1);
+    border-color:#3f4eae;
+    box-shadow:inset 0 1px 0 0 #6774c8, 0 1px 0 0 rgba(22, 29, 37, 0.05), 0 0 0 0 transparent;
+    color:white;
+    fill:white;
+  }
+
+  .Polaris-Button--primary:hover {
+    background:linear-gradient(to bottom, #5c6ac4, #4959bd);
+    border-color:#3f4eae;
+    color:white;
+    text-decoration:none;
+  }
+
+  .Polaris-Button--primary:focus {
+    border-color:#202e78;
+    box-shadow:inset 0 1px 0 0 #6f7bcb, 0 1px 0 0 rgba(22, 29, 37, 0.05), 0 0 0 1px #202e78;
+  }
+
+  .Polaris-Button--primary:active {
+    background:linear-gradient(to bottom, #3f4eae, #3f4eae);
+    border-color:#38469b;
+    box-shadow:inset 0 0 0 0 transparent, 0 1px 0 0 rgba(22, 29, 37, 0.05), 0 0 1px 0 #38469b;
+  }
+</style>

data/app/views/shopify_app/partials/_card_styles.html.erb

@@ -0,0 +1,33 @@
+<style>
+  .Polaris-Card {
+    overflow:hidden;
+    background-color:white;
+    box-shadow:0 0 0 1px rgba(63, 63, 68, 0.05), 0 1px 3px 0 rgba(63, 63, 68, 0.15);
+  }
+
+  .Polaris-Card + .Polaris-Card {
+    margin-top:2rem;
+  }
+
+  @media (min-width: 30.625em) {
+    .Polaris-Card {
+      border-radius:3px;
+    }
+  }
+
+  .Polaris-Card__Header {
+    padding:2rem 2rem 0;
+  }
+
+  .Polaris-Card__Section {
+    padding:2rem;
+  }
+
+  .Polaris-Card__Section + .Polaris-Card__Section {
+    border-top:1px solid #dfe3e8;
+  }
+
+  .Polaris-Card__Section--subdued {
+    background-color:#f9fafb;
+  }
+</style>

data/app/views/shopify_app/partials/_empty_state_styles.html.erb

@@ -0,0 +1,129 @@
+<style>
+  .Polaris-EmptyState {
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display:flex;
+    -webkit-box-orient:vertical;
+    -webkit-box-direction:normal;
+    -ms-flex-direction:column;
+    flex-direction:column;
+    -webkit-box-align:center;
+    -ms-flex-align:center;
+    align-items:center;
+    width:100%;
+    margin:2rem auto 0 auto;
+    padding:2rem 0;
+    max-width:99.8rem;
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState--imageContained .Polaris-EmptyState__Image {
+      position:initial;
+      width:100%;
+    }
+  }
+
+  .Polaris-EmptyState__Section {
+    position:relative;
+    display:-webkit-box;
+    display:-ms-flexbox;
+    display:flex;
+    -webkit-box-orient:vertical;
+    -webkit-box-direction:normal;
+    -ms-flex-direction:column;
+    flex-direction:column;
+    -webkit-box-flex:1;
+    -ms-flex:1 1 auto;
+    flex:1 1 auto;
+    width:100%;
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState__Section {
+      left:2rem;
+      -webkit-box-orient:horizontal;
+      -webkit-box-direction:normal;
+      -ms-flex-direction:row;
+      flex-direction:row;
+      -webkit-box-align:center;
+      -ms-flex-align:center;
+      align-items:center;
+    }
+  }
+
+  .Polaris-EmptyState__ImageContainer,
+  .Polaris-EmptyState__DetailsContainer {
+    -webkit-box-flex:1;
+    -ms-flex:1 1 auto;
+    flex:1 1 auto;
+    padding:0;
+    margin:0; 
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState__ImageContainer,
+    .Polaris-EmptyState__DetailsContainer {
+      -ms-flex-preferred-size:50%;
+      flex-basis:50%;
+    }
+  }
+
+  @media (max-width: 30.625em) {
+    .Polaris-EmptyState__ImageContainer,
+    .Polaris-EmptyState__DetailsContainer {
+      overflow-x:hidden;
+    }
+  }
+
+  .Polaris-EmptyState__Details {
+    position:relative;
+    z-index:10;
+    padding:0 1.6rem;
+    width:33.6rem;
+  }
+
+  @media (min-width: 30.625em) {
+    .Polaris-EmptyState__Details {
+      padding:0;
+    }
+  }
+
+  .Polaris-EmptyState__Content {
+    font-size:1.6rem;
+    font-weight:400;
+    line-height:2.4rem;
+    color:#637381;
+  }
+
+  @media (min-width: 40em) {
+    .Polaris-EmptyState__Content {
+      font-size:2rem;
+      line-height:2.8rem;
+    }
+  }
+
+  .Polaris-EmptyState__Actions {
+    margin-top:1.6rem;
+  }
+
+  .Polaris-EmptyState__Image {
+    display: none;
+  }
+
+  @media (min-width: 30.625em) {
+    .Polaris-EmptyState__Image {
+      display: block;
+      margin-left:-60%;
+      margin-top:-30%;
+      width:200%;
+    }
+  }
+
+  @media (min-width: 46.5em) {
+    .Polaris-EmptyState__Image {
+      margin-top:0;
+      margin-left:-90%;
+      width:200%;
+    } 
+  }
+</style>