shopify_app 9.0.0 → 12.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f969c97f90fa13571a9e8af4b509148c1bd90a2f3c417e48c7beaa5d42f783c0
-  data.tar.gz: a99fd49067d47fd6362c79eeb92f7c3c904ac52e14f5c7b59cf77e12ae3fb9b1
+  metadata.gz: 3552d2c9437c900a3217f00b142d81d187cfad26a4a3ea84ca3e1b64cb03dc14
+  data.tar.gz: 6aa9bde06b9635c5d61c6c01271ee073f54b7473ee4dbce8c4cf3af9f776d1aa
 SHA512:
-  metadata.gz: 825cddcd43bb04d549a3ec295452283f55cccfda4d2608bb45f66c28548843af8c527a00ef2c49b1f9d44696634d669a6684909899f2012b0ed0e637a0559b9e
-  data.tar.gz: 8d4e54cef864888f554c64955feda1d03e9bfba3c2a237bbdb27f7a8364e12e4a3b2f49dfefa402b1799f5886539ca770aada0857e89a46c7098ab31ac3ee5d2
+  metadata.gz: 1b1c648bd6ecc8ed980b1f15354edb3a85856a4d80c5598b020cc4d9dd0bec1bfb90da82c01bcefeb9deb75376fc023d43f5b3b406aaecc77fab03061c63c8fb
+  data.tar.gz: e3647c88c1b956c6ec76c8f0414a4f4c9e4ae3f97b5502adbd9e9507b7dbd94559d6905a3175f9a45267d5b6cd165ad6394bce08cb91530f8c777624c5ba9522

data/.travis.yml

@@ -6,8 +6,6 @@ before_script:
     - "sudo chown root /opt/google/chrome/chrome-sandbox"
     - "sudo chmod 4755 /opt/google/chrome/chrome-sandbox"
 language: ruby
-before_install:
-  - gem update --system
 cache:
   bundler: true
   directories:

data/CHANGELOG.md

@@ -1,3 +1,148 @@
+12.0.5
+-----
+* Updating shopify_api gem to 9.0.1
+
+12.0.4
+------
+* Reverts reverted PR (#895) #897
+
+12.0.3
+------
+* Moves samesite middleware higher in the stack #898
+* Fix issue where not redirecting user to granted storage page casues infinite loop #900
+
+12.0.2
+------
+* Reverts "Fix for return_to in safari after enable_cookies/granted_storage_access" introduced in 12.0.1
+
+12.0.1
+------
+* disable samesite cookie middleware in tests
+* middleware compatibility for ruby 2.3
+* samesite cookie fixes for javascript libraries
+* change generators to add AppBridge instead of EASDK
+* Fix for return_to in safari after enable_cookies/granted_storage_access
+
+12.0.0
+-----
+* Updating shopify_api gem to 9.0.0
+
+11.7.1
+-----
+* Fix to allow SessionStorage to be flexible on what model names that the are used for storing shop and user data
+
+11.7.0
+-----
+* Move ExtensionVerificationController from engine to app controllers, as being in the engine makes ActionController::Base get loaded before app initiates [#855](https://github.com/Shopify/shopify_app/pull/855)
+* Add back per-user token support (added in 11.5.0, reverted in 11.5.1)
+  * If you have an override on the `self.store(auth_session)` method on your `SessionRepository` model, the method signature must be changed as according to this [change](https://github.com/Shopify/shopify_app/pull/856/files#diff-deaed2b262ec885f4e36de05621e41eaR18)
+
+11.6.0
+-----
+* Enable SameSite=None; Secure by default on all cookies for embedded apps [#851](https://github.com/Shopify/shopify_app/pull/851)
+  * Ensures compatibility of embedded apps with upcoming Chrome version 80 changes to cookie behaviour
+  * Configurable via `ShopifyApp.configuration.enable_same_site_none` (default true for embedded apps)
+
+11.5.1
+-----
+* Revert per-user token support temporarily
+
+11.5.0
+-----
+* Modularizes durable session storage
+* Introduces per-user token support and user session management
+
+11.4.0
+-----
+* Remove `dotenv-rails` dependency. [#835](https://github.com/Shopify/shopify_app/pull/835)
+
+11.3.2
+-----
+* Fix hosts generator in Rails 5 [#823](https://github.com/Shopify/shopify_app/pull/823)
+
+11.3.1
+-----
+* Bump browser_sniffer version to 1.1.3 [#824](https://github.com/Shopify/shopify_app/pull/824)
+
+11.3.0
+-----
+* Update assets to be compatible with Rails 6 [#808](https://github.com/Shopify/shopify_app/pull/808)
+
+11.2.1
+-----
+* Adds ngrok whitelist in development [#802](https://github.com/Shopify/shopify_app/pull/802)
+
+11.2.0
+-----
+
+* Bump omniauth-shopify-oauth2 gem to v2.2.0
+
+11.1.0
+-----
+
+* Add Webmock and Pry as development dependencies
+* Update install generator to leverage updates to ShopifyAPI::ApiVersion add in v8.0.0 of the shopify_api gem [#790](https://github.com/Shopify/shopify_app/pull/790)
+
+
+11.0.2
+-----
+
+* Lock shopify_api gem dependency to `~> 7.0` from `>= 7.0.0`.
+* Remove flakey JS Tests
+* bump sqlite3 development dependency to `~>1.4` from `~> 1.3.6`. [#789](https://github.com/Shopify/shopify_app/pull/789)
+
+11.0.1
+-----
+
+* Add dotenv-rails gem to install generator, so apps fetch credentials from `.env` by default: [#776](https://github.com/Shopify/shopify_app/pull/776)
+
+11.0.0
+-----
+
+* Rename `login_url` method to `login_url_with_optional_shop` to avoid ambiguity with Rails' route helper method of the
+  same name (see [#585](https://github.com/Shopify/shopify_app/pull/585)).
+
+10.0.0
+-----
+
+* Make sure OAuth-related redirects return user to originally requested URL once authenticated
+* Add/update translations
+* Update README to clarify nested routes
+* Remove example app. Users should instead use the generators to scaffold an example app.
+* Bump required Rails version to `> 5.2.1` to ensure `5.2.1.1` or greater is used. This ensures two things:
+  * Apps are not vulnerable to [CVE-2018-16476](https://nvd.nist.gov/vuln/detail/CVE-2018-16476)
+  * Webhook payloads, from Shopify for API version 2019-07, which are processed in ActiveJob background jobs (the
+    default behaviour of shopify_app's WebhooksController) are compatible, due to how ActiveJob versions prior to
+    5.2.1.1 process GlobalIDs encoded as string in job parameters. This prevents the
+    [exceptions reported previously](https://github.com/Shopify/shopify_app/issues/600).
+
+9.0.4
+-----
+
+* Fix returning to a deep link after authentication [#746](https://github.com/Shopify/shopify_app/pull/746)
+
+9.0.3
+-----
+
+* Add `meta viewport` tags to fix mobile responsive problems
+* Remove outdated, extraneous `yarn.lock` file (and rely on existing `package-lock.json` instead)
+* Move inline js to a js asset file
+* Minor documentation corrections
+
+9.0.2
+-----
+
+* Update browser_sniffer to fix unnecessary ITP flows in Shopify Mobile
+* Add additional languages to translation.yml
+* Minor documentation corrections
+
+9.0.1
+-----
+
+* Minor documentation corrections
+* Handle `Webhook.all` returning `nil` and raising on `index_by`
+
+
 9.0.0
 -----
 

data/README.md

@@ -12,73 +12,44 @@ Shopify Application Rails engine and generator
 
 Table of Contents
 -----------------
-* [**Description**](#description)
-* [**Quickstart**](#quickstart)
-* [**Becoming a Shopify App Developer**](#becoming-a-shopify-app-developer)
-* [**App Tunneling**](#app-tunneling)
-* [**Installation**](#installation)
-  * [Rails Compatibility](#rails-compatibility)
-* [**Generators**](#generators)
- * [Default Generator](#default-generator)
- * [Install Generator](#install-generator)
- * [Shop Model Generator](#shop-model-generator)
- * [Home Controller Generator](#home-controller-generator)
- * [App Proxy Controller Generator](#app-proxy-controller-generator)
- * [Controllers, Routes and Views](#controllers-routes-and-views)
-* [**Mounting the Engine**](#mounting-the-engine)
-* [**Managing Api Keys**](#managing-api-keys)
-* [**WebhooksManager**](#webhooksmanager)
-* [**ScripttagsManager**](#scripttagsmanager)
-* [**AfterAuthenticate Job**](#afterauthenticate-job)
-* [**ShopifyApp::SessionRepository**](#shopifyappsessionrepository)
-* [**Authenticated**](#authenticated)
-* [**AppProxyVerification**](#appproxyverification)
- * [Recommended Usage](#recommended-usage)
-* [**Upgrading from 8.6 to 9.0.0**](#upgrading-from-86-to-900)
-* [**Troubleshooting**](#troubleshooting)
- * [Generator shopify_app:install hangs](#generator-shopify_appinstall-hangs)
-* [**Testing an embedded app outside the Shopify admin**](#testing-an-embedded-app-outside-the-shopify-admin)
-* [**Questions or problems?**](#questions-or-problems)
-
-
-Description
+- [Introduction](#introduction)
+- [Become a Shopify App Developer](#become-a-shopify-app-developer)
+- [Installation](#installation)
+- [Generators](#generators)
+- [Mounting the Engine](#mounting-the-engine)
+- [Authentication](#authentication)
+- [WebhooksManager](#webhooksmanager)
+- [ScripttagsManager](#scripttagsmanager)
+- [RotateShopifyTokenJob](#rotateshopifytokenjob)
+- [App Tunneling](#app-tunneling)
+- [AppProxyVerification](#appproxyverification)
+- [Troubleshooting](#troubleshooting)
+- [Testing an embedded app outside the Shopify admin](#testing-an-embedded-app-outside-the-shopify-admin)
+- [Questions or problems?](#questions-or-problems-)
+- [Rails 6 Compatibility](#rails-6-compatibility)
+- [Upgrading from 8.6 to 9.0.0](#upgrading-from-86-to-900)
+
+Introduction
 -----------
-This gem includes a Rails Engine and generators for writing Rails applications using the Shopify API. The Engine provides a SessionsController and all the required code for authenticating with a shop via Oauth (other authentication methods are not supported).
+Get started with the [Shopify Admin API](https://help.shopify.com/en/api/getting-started) faster; This gem includes a Rails Engine and generators for writing Rails applications using the Shopify API. The Engine provides a SessionsController and all the required code for authenticating with a shop via Oauth (other authentication methods are not supported).
 
-The [example](https://github.com/Shopify/shopify_app/tree/master/example) directory contains an app that was generated with this gem. It also contains sample code demonstrating the usage of the embedded app sdk.
+*Note: It's recommended to use this on a new Rails project, so that the generator won't overwrite/delete your files.*
 
-*Note: It's recommended to use this on a new Rails project, so that the generator won't overwrite/delete some of your files.*
-
-
-Quickstart
-----------
-
-Check out this screencast on how to create and deploy a new Shopify App to Heroku in 5 minutes:
+Learn how to create and deploy a new Shopify App to Heroku with our [quickstart guide](https://github.com/Shopify/shopify_app/blob/master/docs/Quickstart.md), or dive in in less than 5 minutes with this quickstart video:
 
 [https://www.youtube.com/watch?v=yGxeoAHlQOg](https://www.youtube.com/watch?v=yGxeoAHlQOg)
 
-Or if you prefer text instructions the steps in the video are written out [here](https://github.com/Shopify/shopify_app/blob/master/docs/Quickstart.md)
-
-App Tunneling
--------------
-
-Your local app needs to be accessible from the public Internet in order to install it on a shop, use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks. Use a tunneling service like [ngrok](https://ngrok.com/), [Forward](https://forwardhq.com/), [Beeceptor](https://beeceptor.com/), [Mockbin](http://mockbin.org/), [Hookbin](https://hookbin.com/), etc.
-
-For example with [ngrok](https://ngrok.com/), run this command to set up proxying to Rails' default port:
-
-```sh
-ngrok http 3000
-```
-
-Becoming a Shopify App Developer
+Become a Shopify App Developer
 --------------------------------
-If you don't have a Shopify Partner account yet head over to http://shopify.com/partners to create one, you'll need it before you can start developing apps.
+To become a Shopify App Developer you'll need a [Shopify Partner account.](http://shopify.com/partners) If you don't have a Shopify Partner account, head to http://shopify.com/partners to create one before you start.
+
+Once you have a Partner account, [create a new application in the Partner Dashboard](https://help.shopify.com/en/api/tools/partner-dashboard/your-apps) to get an API key and other API credentials. 
 
-Once you have a Partner account create a new application to get an API key and other API credentials. To create a development application set the `App URL` to the URL provided by [your tunnel](#app-tunneling) or `http://localhost:3000/` if you are not embeddeding your app inside the admin or receiving webhooks and the `Whitelisted redirection URL(s)` to contain `<App URL>/auth/shopify/callback`. Ensure you are using `https://` URLs if you are using tunneling.
+To create an application for development set your new app's `App URL` to the URL provided by [your tunnel](#app-tunneling), ensuring that you use `https://`. If you are not planning to embed your app inside the Shopify admin or receive webhooks, set your redirect URL to `http://localhost:3000/` and the `Whitelisted redirection URL(s)` to contain `<App URL>/auth/shopify/callback`. 
 
 Installation
 ------------
-To get started add shopify_app to your Gemfile and bundle install
+To get started add `shopify_app` to your Gemfile and run `bundle install`:
 
 ``` sh
 # Create a new rails app
@@ -90,7 +61,7 @@ $ echo "gem 'shopify_app'" >> Gemfile
 $ bundle install
 ```
 
-Now we are ready to run any of the shopify_app generators. The following section explains the generators and what they can do.
+Now we are ready to run any of the [generators](#generators) included with `shopify_app`. The following section explains the generators and what you can do with them.
 
 
 #### Rails Compatibility
@@ -103,13 +74,26 @@ Generators
 
 ### Default Generator
 
-The default generator will run the `install`, `shop`, and `home_controller` generators. This is the recommended way to start your app.
+The default generator will run the `install`, `shop`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
 
 ```sh
-$ rails generate shopify_app --api_key <your_api_key> --secret <your_app_secret>
+$ rails generate shopify_app
 ```
 
-After running the generator, you will need to run `rake db:migrate` to add tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting localhost.
+After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser. 
+
+### API Keys
+
+The default and install generators have been updated to source Shopify API key and secret from an Environment (`.env`) variables file, which you will need to create with the following format:
+
+```
+SHOPIFY_API_KEY=your api key
+SHOPIFY_API_SECRET=your api secret
+```
+
+These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard]. If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
+
+**You will need to load the ENV variables into your enviroment, you can do this with the [dot-env](https://github.com/bkeepers/dotenv) gem or any other method you wish to.**
 
 ### Install Generator
 
@@ -118,7 +102,7 @@ $ rails generate shopify_app:install
 
 # or optionally with arguments:
 
-$ rails generate shopify_app:install --api_key <your_api_key> --secret <your_app_secret>
+$ rails generate shopify_app:install
 ```
 
 Other options include:
@@ -135,24 +119,13 @@ The generator adds ShopifyApp and the required initializers to the host Rails ap
 After running the `install` generator, you can start your app with `bundle exec rails server` and install your app by visiting localhost.
 
 
-### Shop Model Generator
-
-```sh
-$ rails generate shopify_app:shop_model
-```
-
-The `install` generator doesn't create any database tables or models for you. If you are starting a new app its quite likely that you will want a shops table and model to store the tokens when your app is installed (most of our internally developed apps do!). This generator creates a shop model and a migration. This model includes the `ShopifyApp::SessionStorage` concern which adds two methods to make it compatible as a `SessionRepository`. After running this generator you'll notice the `session_repository` in your `config/initializers/shopify_app.rb` will be set to the `Shop` model. This means that internally ShopifyApp will try and load tokens from this model.
-
-*Note that you will need to run rake db:migrate after this generator*
-
-
 ### Home Controller Generator
 
 ```sh
 $ rails generate shopify_app:home_controller
 ```
 
-This generator creates an example home controller and view which fetches and displays products using the ShopifyAPI
+This generator creates an example home controller and view which fetches and displays products using the Shopify API
 
 
 ### App Proxy Controller Generator
@@ -163,6 +136,13 @@ $ rails generate shopify_app:app_proxy_controller
 
 This optional generator, not included with the default generator, creates the app proxy controller to handle proxy requests to the app from your shop storefront, modifies 'config/routes.rb' with a namespace route, and an example view which displays current shop information using the LiquidAPI
 
+### Marketing Extension Generator
+
+```sh
+$ rails generate shopify_app:add_marketing_activity_extension
+```
+
+This will create a controller with the endpoints required to build a [marketing activities extension](https://help.shopify.com/en/api/embedded-apps/app-extensions/shopify-admin/marketing-activities). The extension will be generated with a base url at `/marketing_activities`, which should also be configured in partners.
 
 ### Controllers, Routes and Views
 
@@ -207,6 +187,19 @@ provider :shopify,
   callback_path: '/nested/auth/shopify/callback'
 ```
 
+You may also need to change your `config/routes.rb` to render a view for `/nested`, since this is what will be rendered in the Shopify Admin of any shops that have installed your app.  The engine itself doesn't have a view for this, so you'll need something like this:
+
+```ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  root :to => 'something_else#index'
+  get "/nested", to: "home#index"
+  mount ShopifyApp::Engine, at: '/nested'
+end
+```
+
+Finally, note that if you do this, to add your app to a store, you must navigate to `/nested` in order to render the `Enter your shop domain to log in or install this app.` UI.
+
 ### Custom login URL
 
 While you can customize the login view by creating a `/app/views/shopify_app/sessions/new.html.erb` file, you may also want to customize the URL entirely. You can modify your `shopify_app.rb` initializer to provide a custom `login_url` e.g.:
@@ -217,37 +210,93 @@ ShopifyApp.configure do |config|
 end
 ```
 
-Per User Authentication
------------------------
-To enable per user authentication you need to update the `omniauth.rb` initializer:
+Authentication
+--------------
+
+### ShopifyApp::SessionRepository
+
+`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session, *args)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. These methods are already implemented as part of the `ShopifyApp::SessionStorage` concern, but can be overridden for custom implementation.
+
+If you only run the install generator then by default you will have an in memory store but it **won't work** on multi-server environments including Heroku. For multi-server environments, implement one of the following token-storage strategies.
+
+#### Shop-based token storage
+Storing tokens on the store model means that any user login associated to the store will have equal access levels to whatever the original user granted the app.
+```sh
+$ rails generate shopify_app:shop_model
+```
+This will generate a shop model which will be the storage for the tokens necessary for authentication.
+
+#### User-based token storage
+A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed.
+```sh
+$ rails generate shopify_app:user_model
+```
+This will generate a user model which will be the storage for the tokens necessary for authentication.
+
+The current Shopify user will be stored in the rails session at `session[:shopify_user]`
+
+In this mode, The `self.store(auth_session, *args)` will be invoked with a Shopify User object hash, which is then used to store the token as part of a user record, rather than a store record.
+
+This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
+
+#### Migrating from shop-based to user-based token strategy
+After running the generator, ensure that configuration settings are successfully changed:
 
 ```ruby
+# In the `omniauth.rb` initializer:
 provider :shopify,
   ShopifyApp.configuration.api_key,
   ShopifyApp.configuration.secret,
   scope: ShopifyApp.configuration.scope,
   per_user_permissions: true
+
+# In the `shopify_app.rb` initializer:
+config.session_repository = 'User'
+config.per_user_tokens = true
 ```
 
-The current Shopify user will be stored in the rails session at `session[:shopify_user]`
+### Authenticated
 
-This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
+The engine provides a `ShopifyApp::Authenticated` concern which should be included in any controller that is intended to be behind Shopify OAuth. It adds `before_action`s to ensure that the user is authenticated and will redirect to the Shopify login page if not. It is best practice to include this concern in a base controller inheriting from your `ApplicationController`, from which all controllers that require Shopify authentication inherit.
 
-Managing Api Keys
------------------
+For backwards compatibility, the engine still provides a controller called `ShopifyApp::AuthenticatedController` which includes the `ShopifyApp::Authenticated` concern. Note that it inherits directly from `ActionController::Base`, so you will not be able to share functionality between it and your application's `ApplicationController`.
+
+### AfterAuthenticate Job
 
-The `install` generator places your Api credentials directly into the shopify_app initializer which is convenient and fine for development but once your app goes into production **your api credentials should not be in source control**. When we develop apps we keep our keys in environment variables so a production shopify_app initializer would look like this:
+If your app needs to perform specific actions after the user is authenticated successfully (i.e. every time a new session is created), ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job update your initializer as follows:
 
 ```ruby
 ShopifyApp.configure do |config|
-  config.application_name = 'Your app name' # Optional
-  config.api_key = ENV['SHOPIFY_CLIENT_API_KEY']
-  config.secret = ENV['SHOPIFY_CLIENT_API_SECRET']
-  config.scope = 'read_customers, write_products'
-  config.embedded_app = true
+  config.after_authenticate_job = { job: "Shopify::AfterAuthenticateJob" }
 end
 ```
 
+The job can be configured as either a class or a class name string.
+
+If you need the job to run synchronously add the `inline` flag:
+
+```ruby
+ShopifyApp.configure do |config|
+  config.after_authenticate_job = { job: Shopify::AfterAuthenticateJob, inline: true }
+end
+```
+
+We've also provided a generator which creates a skeleton job and updates the initializer for you:
+
+```
+bin/rails g shopify_app:add_after_authenticate_job
+```
+
+If you want to perform that action only once, e.g. send a welcome email to the user when they install the app, you should make sure that this action is idempotent, meaning that it won't have an impact if run multiple times.
+
+API Versioning
+--------------
+
+Shopify's API is versioned, and you can [read about that process in the Shopify Developers documentation page](https://shopify.dev/concepts/about-apis/versioning).
+
+Since shopify_app gem version 1.11.0, the included shopify_api gem has also been updated to allow you to easily set and switch what version of the Shopify API you want your app or service to use, as well as surface warnings to Rails apps about [deprecated endpoints, GraphQL fields and more](https://shopify.dev/concepts/about-apis/versioning#deprecation-practices).
+
+See the [shopify_api gem README](https://github.com/Shopify/shopify_api/) for more details.
 
 WebhooksManager
 ---------------
@@ -284,7 +333,7 @@ ShopifyApp.configure do |config|
 end
 ```
 
-If you'd rather implement your own controller then you'll want to use the WebhookVerfication module to verify your webhooks, example:
+If you'd rather implement your own controller then you'll want to use the WebhookVerification module to verify your webhooks, example:
 
 ```ruby
 class CustomWebhooksController < ApplicationController
@@ -340,31 +389,6 @@ Scripttags are created in the same way as the Webhooks, with a background job wh
 
 If `src` responds to `call` its return value will be used as the scripttag's source. It will be called on scripttag creation and deletion.
 
-AfterAuthenticate Job
----------------------
-
-If your app needs to perform specific actions after it is installed ShopifyApp can queue or run a job of your choosing (note that we already provide support for automatically creating Webhooks and Scripttags). To configure the after authenticate job update your initializer as follows:
-
-```ruby
-ShopifyApp.configure do |config|
-  config.after_authenticate_job = { job: Shopify::AfterAuthenticateJob }
-end
-```
-
-If you need the job to run synchronously add the `inline` flag:
-
-```ruby
-ShopifyApp.configure do |config|
-  config.after_authenticate_job = { job: Shopify::AfterAuthenticateJob, inline: true }
-end
-```
-
-We've also provided a generator which creates a skeleton job and updates the initializer for you:
-
-```
-bin/rails g shopify_app:add_after_authenticate_job
-```
-
 RotateShopifyTokenJob
 ---------------------
 
@@ -391,19 +415,18 @@ The generated rake task will be found at `lib/tasks/shopify/rotate_shopify_token
 strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
 ```
 
-ShopifyApp::SessionRepository
------------------------------
-
-`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are retrieved and stored for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(shopify_session)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. See either the `ShopifyApp::InMemorySessionStore` class or the `ShopifyApp::SessionStorage` concern for examples.
+App Tunneling
+-------------
 
-If you only run the install generator then by default you will have an in memory store but it **won't work** on multi-server environments including Heroku. If you ran all the generators including the shop_model generator then the `Shop` model itself will be the `SessionRepository`. If you look at the implementation of the generated shop model you'll see that this gem provides a concern for the `SessionRepository`. You can use this concern on any model that responds to `shopify_domain`, `shopify_token` and `api_version`.
+Your local app needs to be accessible from the public Internet in order to install it on a Shopify store, to use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks. 
 
-Authenticated
--------------
+Use a tunneling service like [ngrok](https://ngrok.com/), [Forward](https://forwardhq.com/), [Beeceptor](https://beeceptor.com/), [Mockbin](http://mockbin.org/), or [Hookbin](https://hookbin.com/) to make your development environment accessible to the internet.
 
-The engine provides a `ShopifyApp::Authenticated` concern which should be included in any controller that is intended to be behind Shopify OAuth. It adds `before_action`s to ensure that the user is authenticated and will redirect to the Shopify login page if not. It is best practice to include this concern in a base controller inheriting from your `ApplicationController`, from which all controllers that require Shopify authentication inherit.
+For example with [ngrok](https://ngrok.com/), run this command to set up a tunnel proxy to Rails' default port:
 
-For backwards compatibility, the engine still provides a controller called `ShopifyApp::AuthenticatedController` which includes the `ShopifyApp::Authenticated` concern. Note that it inherits directly from `ActionController::Base`, so you will not be able to share functionality between it and your application's `ApplicationController`.
+```sh
+ngrok http 3000
+```
 
 AppProxyVerification
 --------------------
@@ -423,9 +446,14 @@ class ReviewsController < ApplicationController
 end
 ```
 
-Create your app proxy url in the [Shopify Partners' Dashboard](https://app.shopify.com/services/partners/api_clients), making sure to point it to `https://your_app_website.com/app_proxy`.
+Create your app proxy url in the [Shopify Partners' Dashboard][dashboard], making sure to point it to `https://your_app_website.com/app_proxy`.
 ![Creating an App Proxy](/images/app-proxy-screenshot.png)
 
+App Bridge
+---
+
+A basic example of using [App Bridge][app-bridge] is included in the install generator. An app instance is automatically initialized in [shopify_app.js](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/shopify_app.js) and [flash_messages.js](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/flash_messages.js) converts Rails [flash messages](https://api.rubyonrails.org/classes/ActionDispatch/Flash.html) to App Bridge Toast actions automatically. By default, this library is included via [unpkg in the embedded_app layout](https://github.com/Shopify/shopify_app/blob/master/lib/generators/shopify_app/install/templates/embedded_app.html.erb#L27). For more advanced uses it is recommended to [install App Bridge via npm or yarn](https://help.shopify.com/en/api/embedded-apps/app-bridge/getting-started#set-up-shopify-app-bridge-in-your-app).
+
 Troubleshooting
 ---------------
 
@@ -446,6 +474,29 @@ Questions or problems?
 - [Ask questions!](https://ecommerce.shopify.com/c/shopify-apis-and-technology)
 - [Read the docs!](https://help.shopify.com/api/guides)
 
+Upgrading to 11.7.0
+---------------------------
+
+### Session storage method signature breaking change
+If you override `def self.store(auth_session)` method in your session storage model (e.g. Shop), the method signature has changed to `def self.store(auth_session, *args)` in order to support user-based token storage. Please update your method signature to include the second argument.
+
+Rails 6 Compatibility
+---------------------
+
+### Disable Webpacker
+If you are using sprockets in rails 6 or want to generate a shopify_app without webpacker run the install task by running
+
+```
+SHOPIFY_APP_DISABLE_WEBPACKER=1 rails generate shopify_app
+```
+
+and then in your ShopifyApp configuration block, add
+
+```
+ShopifyApp.configure do |config|
+  config.disable_webpacker = true
+end
+```
 
 Upgrading from 8.6 to 9.0.0
 ---------------------------
@@ -453,14 +504,14 @@ Upgrading from 8.6 to 9.0.0
 ### Configuration change
 
 Add an api version configuration in `config/initializers/shopify_app.rb`
-Set this to the version you want to run against by default see [url] for what versions are currently availabe
+Set this to the version you want to run against by default. See [Shopify API docs](https://help.shopify.com/en/api/versioning) for versions available.
 ```ruby
 config.api_version = '2019-04'
 ```
 
 ### Session storage change
 
-You will need to add an `api_version` method to you session storage object.  The default implmentation for this is.
+You will need to add an `api_version` method to you session storage object.  The default implementation for this is.
 ```ruby
 def api_version
   ShopifyApp.configuration.api_version
@@ -469,7 +520,7 @@ end
 
 ### Generated file change
 
-`embedded_app.html.erb` the useage of `shop_session.url` needs to be changed to `shop_session.domain`
+`embedded_app.html.erb` the usage of `shop_session.url` needs to be changed to `shop_session.domain`
 ```erb
 <script type="text/javascript">
   ShopifyApp.init({
@@ -498,4 +549,7 @@ is changed to
 
 ### ShopifyAPI changes
 
-You will need to also follow the ShopifyAPI [upgrade guide](https://github.com/shopify/shopify_api/README.md#-breaking-change-notice-for-version-700-) to ensure your app is ready to work with api versioning.
+You will need to also follow the ShopifyAPI [upgrade guide](https://github.com/Shopify/shopify_api/blob/master/README.md#-breaking-change-notice-for-version-700-) to ensure your app is ready to work with api versioning.
+
+[dashboard]:https://partners.shopify.com
+[app-bridge]:https://help.shopify.com/en/api/embedded-apps/app-bridge