RubyGems - shopify_app - Versions diffs - 8.2.5 → 8.2.6 - Mend

shopify_app 8.2.5 → 8.2.6

Files changed (16) hide show

checksums.yaml +4 -4
data/.travis.yml +4 -1
data/CHANGELOG.md +5 -0
data/Gemfile +2 -0
data/README.md +2 -2
data/app/assets/javascripts/shopify_app/redirect.js +19 -0
data/app/controllers/shopify_app/sessions_controller.rb +1 -1
data/app/views/shopify_app/sessions/new.html.erb +3 -3
data/app/views/shopify_app/shared/redirect.html.erb +22 -0
data/docs/Quickstart.md +26 -23
data/lib/generators/shopify_app/install/install_generator.rb +0 -1
data/lib/generators/shopify_app/install/templates/_flash_messages.html.erb +11 -9
data/lib/shopify_app/controller_concerns/login_protection.rb +13 -37
data/lib/shopify_app/engine.rb +4 -0
data/lib/shopify_app/version.rb +1 -1
metadata +5 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7cb86cb83230251cb968831235d493374af72078
-  data.tar.gz: 9cc6298756b568b83a36bc223375687c9485e958
+  metadata.gz: d2646af06c48a37cfbb95b06b993a766bb71ee40
+  data.tar.gz: b5180bafe5d1a2dff0b504cc88d88dd2591b4ab9
 SHA512:
-  metadata.gz: 9d6537b2fc344d439964c58e92f18460315161183e9f197dedb958f2997c225a0cca0a09d17afd7c274d441638a0c9730c0913325def0550edcdec7e726c1e0d
-  data.tar.gz: b98fd48e225d0b1d8a0f93b290c21c91bf7b796e2dcc47a426b9825a4e3b644062327d2c6fe9b483f37362972afe9e0546233046c5cc7af896edb330cd9782b8
+  metadata.gz: f316a0447cb5bdcc47be2186183104b42767232e11eb3538b576479567fc930dfb24e17d911a1d1c6b5b5d56c6ffabf5e0b8891946b1f0b2506eefb0373dbf51
+  data.tar.gz: 10bfeabacdee5645f6d1ee04177aeefb893ec25a7ea505f564a2ed04f28abdb03e81d8796e9a5859505a8bf1458e43a4154f47d371a27b1da148cb3823925b2a

data/.travis.yml CHANGED

@@ -1,6 +1,9 @@
 language: ruby
+before_install: gem update --system
 cache: bundler
 sudo: false
 rvm:
-  - 2.3.1
+  - 2.3.6
+  - 2.4.3
+  - 2.5.0

data/CHANGELOG.md CHANGED

@@ -1,4 +1,9 @@
+8.2.6
+----
+* Sanitize the shop query param to include `.myshopify.com` if no domain was provided
 8.2.5
+----
 * fix iframe headers on session controller
 8.2.4

data/Gemfile CHANGED

@@ -2,3 +2,5 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in shopify_app.gemspec
 gemspec
+gem 'rails-controller-testing', group: :test

data/README.md CHANGED

@@ -54,7 +54,7 @@ Quickstart
 Check out this screencast on how to create and deploy a new Shopify App to Heroku in 5 minutes:
-[https://vimeo.com/130247240](https://vimeo.com/130247240)
+[https://www.youtube.com/watch?v=yGxeoAHlQOg](https://www.youtube.com/watch?v=yGxeoAHlQOg)
 Or if you prefer text instructions the steps in the video are written out [here](https://github.com/Shopify/shopify_app/blob/master/docs/Quickstart.md)
@@ -367,7 +367,7 @@ If you only run the install generator then by default you will have an in memory
 AuthenticatedController
 -----------------------
-The engine includes a controller called `ShopifyApp::AuthenticatedController` which inherits from `ApplicationController`. It adds some before_filters which ensure the user is authenticated and will redirect to the login page if not. It is best practice to have all controllers that belong to the Shopify part of your app inherit from this controller. The HomeController that is generated already inherits from AuthenticatedController.
+The engine includes a controller called `ShopifyApp::AuthenticatedController` which inherits from `ActionController::Base`. It adds some before_filters which ensure the user is authenticated and will redirect to the login page if not. It is best practice to have all controllers that belong to the Shopify part of your app inherit from this controller. The HomeController that is generated already inherits from AuthenticatedController.
 AppProxyVerification
 --------------------

data/app/assets/javascripts/shopify_app/redirect.js ADDED

@@ -0,0 +1,19 @@
+document.addEventListener("DOMContentLoaded", function() {
+  var redirectTargetElement = document.getElementById("redirection-target");
+  var targetInfo = JSON.parse(redirectTargetElement.dataset.target)
+  if (window.top == window.self) {
+    // If the current window is the 'parent', change the URL by setting location.href
+    window.top.location.href = targetInfo.url;
+  } else {
+    // If the current window is the 'child', change the parent's URL with postMessage
+    normalizedLink = document.createElement('a');
+    normalizedLink.href = targetInfo.url;
+    data = JSON.stringify({
+      message: 'Shopify.API.remoteRedirect',
+      data: { location: normalizedLink.href }
+    });
+    window.parent.postMessage(data, targetInfo.myshopifyUrl);
+  }
+});

data/app/controllers/shopify_app/sessions_controller.rb CHANGED

@@ -2,7 +2,7 @@ module ShopifyApp
   class SessionsController < ActionController::Base
     include ShopifyApp::LoginProtection
     layout false, only: :new
-    after_action only: :new do |controller|
+    after_action only: [:new, :create] do |controller|
       controller.response.headers.except!('X-Frame-Options')
     end

data/app/views/shopify_app/sessions/new.html.erb CHANGED

@@ -110,13 +110,13 @@
       <label for="shop">Enter your shop domain to log in or install this app.</label>
     </p>
-    <form method="POST" action="login">
+    <%= form_tag login_path do %>
       <% if flash[:error] %>
-        <div class=error><%= flash[:error] %></div>
+        <div class="error"><%= flash[:error] %></div>
       <% end %>
       <input id="shop" name="shop" type="text" autofocus="autofocus" placeholder="example.myshopify.com" class="marketing-input">
       <button type="submit" class="marketing-button">Install</button>
-    </form>
+    <% end %>
   </main>
 </body>

data/app/views/shopify_app/shared/redirect.html.erb ADDED

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <base target="_top">
+  <title>Redirecting…</title>
+  <%= javascript_include_tag('shopify_app/redirect', crossorigin: 'anonymous', integrity: true) %>
+</head>
+<body>
+  <%=
+  content_tag(:div, nil,
+    id: 'redirection-target',
+    data: {
+      target: {
+        myshopifyUrl: "https://#{current_shopify_domain}",
+        url: url,
+      },
+    },
+  )
+  %>
+</body>
+</html>

data/docs/Quickstart.md CHANGED

@@ -6,12 +6,12 @@ Build and deploy a new Shopify App to Heroku in minutes
 1. New Rails App (with postgres)
 --------------------------------
-```
-rails new test-app --database=postgresql
-cd test-app
-git init
-git add .
-git commit -m 'new rails app'
+```sh
+$ rails new test-app --database=postgresql
+$ cd test-app
+$ git init
+$ git add .
+$ git commit -m 'new rails app'
 ```
 2. Create a new Heroku app
@@ -20,17 +20,17 @@ git commit -m 'new rails app'
 The next step is to create a new heroku app. Pull up your heroku dashboard and make a new app!
 cli:
+```sh
+$ heroku create name
+$ heroku git:remote -a name
 ```
-heroku create name
-heroku git:remote -a name
-  ```
 now we need to let git know where the remote server is so we'll be able to deploy later
 web:
-```
-https://dashboard.heroku.com/new
-git remote add heroku git@heroku.com:appinfive.git
+```sh
+# https://dashboard.heroku.com/new
+$ git remote add heroku git@heroku.com:appinfive.git
 ```
 3. Create a new App in the partners area
@@ -43,28 +43,31 @@ git remote add heroku git@heroku.com:appinfive.git
 4. Add ShopifyApp to gemfile
 ----------------------------
-```
+```sh
 $ echo "gem 'shopify_app'" >> Gemfile
-bundle install
+$ bundle install
 ```
 Note - its recommended to use the latest released version. Check the git tags to see the latest release and then add it to your Gemfile e.g `gem 'shopify_app', '~> 7.0.0'`
 5. Run the ShopifyApp generator
 -------------------------------
+```sh
+# use the keys from your app in the partners area
+$ rails generate shopify_app --api_key <shopify_api_key> --secret <shopify_api_secret>
+$ git add .
+$ git commit -m 'generated shopify app'
 ```
-use the keys from your app in the partners area
-rails generate shopify_app --api_key a366cbafaccebd2f615aebdfc932fa1c --secret 8750306a895b3dbc7f4136c2ae2ea293
-git add .
-git commit -m 'generated shopify app'
-```
+If you forget to set your keys or redirect uri above, you will find them in the shopify_app initializer at: `/config/initializers/shopify_app.rb`.
+We recommend adding a gem or utilizing ENV variables to handle your keys before releasing your app.
 6. Deploy
 ---------
-```
-git push heroku
-heroku run rake db:migrate
+```sh
+$ git push heroku
+$ heroku run rake db:migrate
 ```
 7. Install the App!

data/lib/generators/shopify_app/install/install_generator.rb CHANGED

@@ -1,5 +1,4 @@
 require 'rails/generators/base'
-require 'rails/generators/active_record'
 module ShopifyApp
   module Generators

data/lib/generators/shopify_app/install/templates/_flash_messages.html.erb CHANGED

@@ -2,16 +2,18 @@
 <script type="text/javascript">
   var eventName = typeof(Turbolinks) !== 'undefined' ? 'turbolinks:load' : 'DOMContentLoaded';
-  document.addEventListener(eventName, function flash() {
-    <% if flash[:notice] %>
-      ShopifyApp.flashNotice("<%= j flash[:notice].html_safe %>");
-    <% end %>
+  if (!document.documentElement.hasAttribute("data-turbolinks-preview")) {
+    document.addEventListener(eventName, function flash() {
+      <% if flash[:notice] %>
+        ShopifyApp.flashNotice("<%= j flash[:notice].html_safe %>");
+      <% end %>
-    <% if flash[:error] %>
-      ShopifyApp.flashError("<%= j flash[:error].html_safe %>");
-    <% end %>
+      <% if flash[:error] %>
+        ShopifyApp.flashError("<%= j flash[:error].html_safe %>");
+      <% end %>
-    document.removeEventListener(eventName, flash)
-  });
+      document.removeEventListener(eventName, flash)
+    });
+  }
 </script>
 <% end %>

data/lib/shopify_app/controller_concerns/login_protection.rb CHANGED

@@ -40,7 +40,9 @@ module ShopifyApp
       if request.xhr?
         head :unauthorized
       else
-        session[:return_to] = request.fullpath if request.get?
+        if request.get?
+          session[:return_to] = "#{request.path}?#{sanitized_params.to_query}"
+        end
         redirect_to login_url
       end
     end
@@ -55,7 +57,7 @@ module ShopifyApp
       url = ShopifyApp.configuration.login_url
       if params[:shop].present?
-        query = { shop: params[:shop] }.to_query
+        query = { shop: sanitized_params[:shop] }.to_query
         url = "#{url}?#{query}"
       end
@@ -64,46 +66,12 @@ module ShopifyApp
     def fullpage_redirect_to(url)
       if ShopifyApp.configuration.embedded_app?
-        render inline: redirection_javascript(url)
+        render 'shopify_app/shared/redirect', locals: { url: url, current_shopify_domain: current_shopify_domain }
       else
         redirect_to url
       end
     end
-    def redirection_javascript(url)
-      %(
-        <!DOCTYPE html>
-        <html lang="en">
-          <head>
-            <meta charset="utf-8" />
-            <base target="_top">
-            <title>Redirecting…</title>
-            <script type="text/javascript">
-              // If the current window is the 'parent', change the URL by setting location.href
-              if (window.top == window.self) {
-                window.top.location.href = #{url.to_json};
-              // If the current window is the 'child', change the parent's URL with postMessage
-              } else {
-                normalizedLink = document.createElement('a');
-                normalizedLink.href = #{url.to_json};
-                data = JSON.stringify({
-                  message: 'Shopify.API.remoteRedirect',
-                  data: { location: normalizedLink.href }
-                });
-                window.parent.postMessage(data, "https://#{current_shopify_domain}");
-              }
-            </script>
-          </head>
-          <body>
-          </body>
-        </html>
-      )
-    end
     def current_shopify_domain
       shopify_domain = sanitized_shop_name || session[:shopify_domain]
       return shopify_domain if shopify_domain.present?
@@ -119,5 +87,13 @@ module ShopifyApp
       return unless params[:shop].present?
       ShopifyApp::Utils.sanitize_shop_domain(params[:shop])
     end
+    def sanitized_params
+      request.query_parameters.clone.tap do |query_params|
+        if params[:shop].is_a?(String)
+          query_params[:shop] = sanitize_shop_param(params)
+        end
+      end
+    end
   end
 end

data/lib/shopify_app/engine.rb CHANGED

@@ -2,5 +2,9 @@ module ShopifyApp
   class Engine < Rails::Engine
     engine_name 'shopify_app'
     isolate_namespace ShopifyApp
+    initializer "shopify_app.assets.precompile" do |app|
+      app.config.assets.precompile += %w( shopify_app/redirect.js )
+    end
   end
 end

data/lib/shopify_app/version.rb CHANGED

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '8.2.5'
+  VERSION = '8.2.6'.freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 8.2.5
+  version: 8.2.6
 platform: ruby
 authors:
 - Shopify
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-12-05 00:00:00.000000000 Z
+date: 2018-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -136,10 +136,12 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- app/assets/javascripts/shopify_app/redirect.js
 - app/controllers/shopify_app/authenticated_controller.rb
 - app/controllers/shopify_app/sessions_controller.rb
 - app/controllers/shopify_app/webhooks_controller.rb
 - app/views/shopify_app/sessions/new.html.erb
+- app/views/shopify_app/shared/redirect.html.erb
 - config/locales/de.yml
 - config/locales/en.yml
 - config/locales/es.yml
@@ -215,7 +217,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.2.1
+rubygems_version: 2.6.14
 signing_key:
 specification_version: 4
 summary: This gem is used to get quickly started with the Shopify API