shopify_app 9.0.3 → 11.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df66bdb58e5fd652cbd0465fd8b556e1c758b69f161ae2b2d9085d86f9ec0ffc
-  data.tar.gz: 260638d5df7371f25c953684bc326dd999270473211d361ec95d721aecabef90
+  metadata.gz: 8f0170c03ef99e998f8f72f402e5030ff5a10bdbb2ab32c7a3256116491942cb
+  data.tar.gz: fdbac9da84bd4154fbbfacbb99b3b2839514c6850a2ec9d118c431e7ac28d160
 SHA512:
-  metadata.gz: 74de73555bac65d91d3a1d6333bec5284738752de73151cb075e58c4f6669cad703d126d7a9937a4e1e040753983b50f9981f782c622b2ff080fa91dc98e9c6c
-  data.tar.gz: 68b83622ed0253ba4e607dbe3257de879d3f11d9f610224ffe700935bffc3e8c3c6bff33501201e37bee777ac0adb574bef72c9168e73631d3570474ecd3ba3a
+  metadata.gz: 6d5bbbeee0bd987e50845b1798de6114dc7921c186cfe371addc5530311dbb0d8332123302349e7ac85f711f6fc427f4992cf454622a0542b543a70705c140d5
+  data.tar.gz: d80715be9995c0e9e0f732a269f77f3931794f84fc95689c1103ad785eaa675fd213f6b13af0f6e35bf7dbbfc23ee0c202cd5510ac3851367fe1fd2913cfd184

data/CHANGELOG.md

@@ -1,3 +1,40 @@
+11.0.2
+-----
+
+* Lock shopify_api gem dependency to `~> 7.0` from `>= 7.0.0`.
+* Remove flakey JS Tests
+* bump sqlite3 development dependency to `~>1.4` from `~> 1.3.6`. [#789](https://github.com/Shopify/shopify_app/pull/789)
+
+11.0.1
+-----
+
+* Add dotenv-rails gem to install generator, so apps fetch credentials from `.env` by default: [#776](https://github.com/Shopify/shopify_app/pull/776)
+
+11.0.0
+-----
+
+* Rename `login_url` method to `login_url_with_optional_shop` to avoid ambiguity with Rails' route helper method of the
+  same name (see [#585](https://github.com/Shopify/shopify_app/pull/585)).
+
+10.0.0
+-----
+
+* Make sure OAuth-related redirects return user to originally requested URL once authenticated
+* Add/update translations
+* Update README to clarify nested routes
+* Remove example app. Users should instead use the generators to scaffold an example app.
+* Bump required Rails version to `> 5.2.1` to ensure `5.2.1.1` or greater is used. This ensures two things:
+  * Apps are not vulnerable to [CVE-2018-16476](https://nvd.nist.gov/vuln/detail/CVE-2018-16476)
+  * Webhook payloads, from Shopify for API version 2019-07, which are processed in ActiveJob background jobs (the
+    default behaviour of shopify_app's WebhooksController) are compatible, due to how ActiveJob versions prior to
+    5.2.1.1 process GlobalIDs encoded as string in job parameters. This prevents the
+    [exceptions reported previously](https://github.com/Shopify/shopify_app/issues/600).
+
+9.0.4
+-----
+
+* Fix returning to a deep link after authentication [#746](https://github.com/Shopify/shopify_app/pull/746)
+
 9.0.3
 -----
 

data/README.md

@@ -26,7 +26,6 @@ Table of Contents
  * [App Proxy Controller Generator](#app-proxy-controller-generator)
  * [Controllers, Routes and Views](#controllers-routes-and-views)
 * [**Mounting the Engine**](#mounting-the-engine)
-* [**Managing Api Keys**](#managing-api-keys)
 * [**WebhooksManager**](#webhooksmanager)
 * [**ScripttagsManager**](#scripttagsmanager)
 * [**AfterAuthenticate Job**](#afterauthenticate-job)
@@ -45,8 +44,6 @@ Description
 -----------
 This gem includes a Rails Engine and generators for writing Rails applications using the Shopify API. The Engine provides a SessionsController and all the required code for authenticating with a shop via Oauth (other authentication methods are not supported).
 
-The [example](https://github.com/Shopify/shopify_app/tree/master/example) directory contains an app that was generated with this gem. It also contains sample code demonstrating the usage of the embedded app sdk.
-
 *Note: It's recommended to use this on a new Rails project, so that the generator won't overwrite/delete some of your files.*
 
 
@@ -106,11 +103,22 @@ Generators
 The default generator will run the `install`, `shop`, and `home_controller` generators. This is the recommended way to start your app.
 
 ```sh
-$ rails generate shopify_app --api_key <your_api_key> --secret <your_app_secret>
+$ rails generate shopify_app
 ```
 
 After running the generator, you will need to run `rake db:migrate` to add tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting localhost.
 
+### API Keys
+
+The default and install generators have been updated to source Shopify API key and secret from a `.env` file, which you will need to create with the following format:
+
+```
+SHOPIFY_API_KEY=your api key
+SHOPIFY_API_SECRET=your api secret
+```
+
+These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard].
+
 ### Install Generator
 
 ```sh
@@ -118,7 +126,7 @@ $ rails generate shopify_app:install
 
 # or optionally with arguments:
 
-$ rails generate shopify_app:install --api_key <your_api_key> --secret <your_app_secret>
+$ rails generate shopify_app:install
 ```
 
 Other options include:
@@ -207,6 +215,19 @@ provider :shopify,
   callback_path: '/nested/auth/shopify/callback'
 ```
 
+You may also need to change your `config/routes.rb` to render a view for `/nested`, since this is what will be rendered in the Shopify Admin of any shops that have installed your app.  The engine itself doesn't have a view for this, so you'll need something like this:
+
+```ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  root :to => 'something_else#index'
+  get "/nested", to: "home#index"
+  mount ShopifyApp::Engine, at: '/nested'
+end
+```
+
+Finally, note that if you do this, to add your app to a store, you must navigate to `/nested` in order to render the `Enter your shop domain to log in or install this app.` UI.
+
 ### Custom login URL
 
 While you can customize the login view by creating a `/app/views/shopify_app/sessions/new.html.erb` file, you may also want to customize the URL entirely. You can modify your `shopify_app.rb` initializer to provide a custom `login_url` e.g.:
@@ -233,21 +254,6 @@ The current Shopify user will be stored in the rails session at `session[:shopif
 
 This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
 
-Managing Api Keys
------------------
-
-The `install` generator places your Api credentials directly into the shopify_app initializer which is convenient and fine for development but once your app goes into production **your api credentials should not be in source control**. When we develop apps we keep our keys in environment variables so a production shopify_app initializer would look like this:
-
-```ruby
-ShopifyApp.configure do |config|
-  config.application_name = 'Your app name' # Optional
-  config.api_key = ENV['SHOPIFY_CLIENT_API_KEY']
-  config.secret = ENV['SHOPIFY_CLIENT_API_SECRET']
-  config.scope = 'read_customers, write_products'
-  config.embedded_app = true
-end
-```
-
 
 WebhooksManager
 ---------------
@@ -347,10 +353,12 @@ If your app needs to perform specific actions after the user is authenticated su
 
 ```ruby
 ShopifyApp.configure do |config|
-  config.after_authenticate_job = { job: Shopify::AfterAuthenticateJob }
+  config.after_authenticate_job = { job: "Shopify::AfterAuthenticateJob" }
 end
 ```
 
+The job can be configured as either a class or a class name string.
+
 If you need the job to run synchronously add the `inline` flag:
 
 ```ruby
@@ -426,7 +434,7 @@ class ReviewsController < ApplicationController
 end
 ```
 
-Create your app proxy url in the [Shopify Partners' Dashboard](https://app.shopify.com/services/partners/api_clients), making sure to point it to `https://your_app_website.com/app_proxy`.
+Create your app proxy url in the [Shopify Partners' Dashboard][dashboard], making sure to point it to `https://your_app_website.com/app_proxy`.
 ![Creating an App Proxy](/images/app-proxy-screenshot.png)
 
 Troubleshooting
@@ -502,3 +510,5 @@ is changed to
 ### ShopifyAPI changes
 
 You will need to also follow the ShopifyAPI [upgrade guide](https://github.com/Shopify/shopify_api/blob/master/README.md#-breaking-change-notice-for-version-700-) to ensure your app is ready to work with api versioning.
+
+[dashboard]:https://partners.shopify.com

data/app/assets/javascripts/shopify_app/storage_access.js

@@ -103,7 +103,7 @@
 
   /* ITP 2.0 solution: handles cookie partitioning */
   StorageAccessHelper.prototype.setUpHelper = function() {
-    return new ITPHelper({redirectUrl: window.shopOrigin + "/admin/apps/" + window.apiKey});
+    return new ITPHelper({redirectUrl: window.shopOrigin + "/admin/apps/" + window.apiKey + window.returnTo});
   }
 
   StorageAccessHelper.prototype.setCookieAndRedirect = function() {

data/app/controllers/shopify_app/callback_controller.rb

@@ -15,7 +15,7 @@ module ShopifyApp
         redirect_to return_address
       else
         flash[:error] = I18n.t('could_not_log_in')
-        redirect_to login_url
+        redirect_to(login_url_with_optional_shop)
       end
     end
 
@@ -86,10 +86,13 @@ module ShopifyApp
 
       return unless config && config[:job].present?
 
+      job = config[:job]
+      job = job.constantize if job.is_a?(String)
+
       if config[:inline] == true
-        config[:job].perform_now(shop_domain: session[:shopify_domain])
+        job.perform_now(shop_domain: session[:shopify_domain])
       else
-        config[:job].perform_later(shop_domain: session[:shopify_domain])
+        job.perform_later(shop_domain: session[:shopify_domain])
       end
     end
   end

data/app/controllers/shopify_app/sessions_controller.rb

@@ -22,14 +22,14 @@ module ShopifyApp
         does_not_have_storage_access_url: top_level_interaction_path(
           shop: sanitized_shop_name
         ),
-        has_storage_access_url: login_url(top_level: true),
+        has_storage_access_url: login_url_with_optional_shop(top_level: true),
         app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
         current_shopify_domain: current_shopify_domain,
       })
     end
 
     def top_level_interaction
-      @url = login_url(top_level: true)
+      @url = login_url_with_optional_shop(top_level: true)
       validate_shop
     end
 
@@ -39,13 +39,13 @@ module ShopifyApp
       session['shopify.granted_storage_access'] = true
 
       params = { shop: @shop }
-      redirect_to "#{ShopifyApp.configuration.root_url}?#{params.to_query}"
+      redirect_to("#{return_address}?#{params.to_query}")
     end
 
     def destroy
       reset_session
       flash[:notice] = I18n.t('.logged_out')
-      redirect_to login_url
+      redirect_to(login_url_with_optional_shop)
     end
 
     private
@@ -54,6 +54,8 @@ module ShopifyApp
       return render_invalid_shop_error unless sanitized_shop_name.present?
       session['shopify.omniauth_params'] = { shop: sanitized_shop_name }
 
+      session[:return_to] = params[:return_to] if params[:return_to]
+
       if user_agent_can_partition_cookies
         authenticate_with_partitioning
       else
@@ -77,7 +79,7 @@ module ShopifyApp
         authenticate_in_context
       else
         set_top_level_oauth_cookie
-        fullpage_redirect_to enable_cookies_path(shop: sanitized_shop_name)
+        enable_cookie_access
       end
     end
 
@@ -96,12 +98,19 @@ module ShopifyApp
       redirect_to return_address
     end
 
+    def enable_cookie_access
+      fullpage_redirect_to(enable_cookies_path(
+        shop: sanitized_shop_name,
+        return_to: session[:return_to]
+      ))
+    end
+
     def authenticate_in_context
       redirect_to "#{main_app.root_path}auth/shopify"
     end
 
     def authenticate_at_top_level
-      fullpage_redirect_to login_url(top_level: true)
+      fullpage_redirect_to(login_url_with_optional_shop(top_level: true))
     end
 
     def authenticate_in_context?
@@ -119,14 +128,18 @@ module ShopifyApp
     end
 
     def redirect_to_request_storage_access
-      render :request_storage_access, layout: false, locals: {
-        does_not_have_storage_access_url: top_level_interaction_path(
-          shop: sanitized_shop_name
-        ),
-        has_storage_access_url: login_url(top_level: true),
-        app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
-        current_shopify_domain: current_shopify_domain
-      }
+      render(
+        :request_storage_access,
+        layout: false,
+        locals: {
+          does_not_have_storage_access_url: top_level_interaction_path(
+            shop: sanitized_shop_name
+          ),
+          has_storage_access_url: login_url_with_optional_shop(top_level: true),
+          app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
+          current_shopify_domain: current_shopify_domain,
+        }
+      )
     end
   end
 end

data/app/views/shopify_app/sessions/enable_cookies.html.erb

@@ -17,6 +17,7 @@
   <script>
     window.apiKey = "<%= ShopifyApp.configuration.api_key %>";
     window.shopOrigin = "https://<%= @shop %>";
+    window.returnTo = "<%= params[:return_to] %>"
   </script>
 
   <%= javascript_include_tag('shopify_app/enable_cookies', crossorigin: 'anonymous', integrity: true) %>

data/config/locales/cs.yml

@@ -0,0 +1,23 @@
+---
+cs:
+  logged_out: Odhlášení proběhlo úspěšně
+  could_not_log_in: Nelze se přihlásit do obchodu Shopify
+  invalid_shop_url: Neplatná doména obchodu
+  enable_cookies_heading: Zapnout soubory cookie z aplikace %{app}
+  enable_cookies_body: Pokud chceš v Shopify používat aplikaci %{app}, musíš soubory
+    cookie v tomto prohlížeči povolit ručně.
+  enable_cookies_footer: Soubory cookie umožňují, aby tě aplikace ověřila pomocí dočasného
+    uchování preferencí a osobních údajů. Jejich platnost vyprší po 30 dnech.
+  enable_cookies_action: Povolit soubory cookie
+  top_level_interaction_heading: Tvůj prohlížeč potřebuje ověřit aplikaci %{app}
+  top_level_interaction_body: Tvůj prohlížeč vyžaduje, aby si od tebe aplikace, jako
+    je %{app}, nejdřív vyžádaly přístup k souborům cookie, než je pro tebe Shopify
+    otevře.
+  top_level_interaction_action: Pokračovat
+  request_storage_access_heading: Aplikace %{app} potřebuje získat přístup k souborům
+    cookie
+  request_storage_access_body: Tato aplikace ti umožní ověření prostřednictvím dočasného
+    uchování tvých osobních údajů. Pokud chceš používat tuto aplikaci, klikni na tlačítko
+    Pokračovat a povol soubory cookie.
+  request_storage_access_footer: Platnost souborů cookie vyprší po 30 dnech.
+  request_storage_access_action: Pokračovat

data/config/locales/da.yml

@@ -0,0 +1,20 @@
+---
+da:
+  logged_out: Logget ud
+  could_not_log_in: Kunne ikke logge ind på Shopify-butik
+  invalid_shop_url: Ugyldig butiksdomæne
+  enable_cookies_heading: Aktivér cookies fra %{app}
+  enable_cookies_body: Du skal manuelt aktivere cookies i denne browser for at kunne
+    bruge %{app} i Shopify.
+  enable_cookies_footer: Cookies lader appen godkende dig ved at gemme dine præferencer
+    og personlige oplysninger midlertidigt. De udløber efter 30 dage.
+  enable_cookies_action: Aktivér cookies
+  top_level_interaction_heading: Din browser skal godkende %{app}
+  top_level_interaction_body: Din browser kræver, at apps som f.eks. %{app} spørger
+    dig om adgang til cookies, inden Shopify kan åbne den for dig.
+  top_level_interaction_action: Fortsæt
+  request_storage_access_heading: "%{app} skal have adgang til cookies"
+  request_storage_access_body: Det lader appen godkende dig ved at gemme dine personlige
+    oplysninger midlertidigt. Klik på forsæt, og tillad cookies for at bruge appen.
+  request_storage_access_footer: Cookies udløber efter 30 dage.
+  request_storage_access_action: Fortsæt

data/config/locales/de.yml

@@ -11,8 +11,8 @@ de:
     Sie laufen nach 30 Tagen ab.
   enable_cookies_action: Cookies aktivieren
   top_level_interaction_heading: Ihr Browser muss %{app} authentifizieren
-  top_level_interaction_body: Ihr Browser verlangt, dass Apps von Drittanbietern wie
-    %{app} Sie um Zugriff auf Cookies bitten, bevor Shopify sie für Sie öffnen kann.
+  top_level_interaction_body: Ihr Browser verlangt, dass Apps wie %{app} Sie um Zugriff
+    auf Cookies bitten, bevor Shopify sie für Sie öffnen kann.
   top_level_interaction_action: Weiter
   request_storage_access_heading: "%{app} braucht Zugriff auf Cookies"
   request_storage_access_body: Damit kann die App Sie authentifizieren, indem Ihre

data/config/locales/es.yml

@@ -11,8 +11,8 @@ es:
     de 30 días.
   enable_cookies_action: Habilitar cookies
   top_level_interaction_heading: Tu navegador necesita autenticar %{app}
-  top_level_interaction_body: Tu navegador requiere aplicaciones externas como %{app}
-    para solicitarte acceso a cookies antes de que Shopify pueda abrirlo por ti.
+  top_level_interaction_body: Tu navegador requiere aplicaciones como %{app} para
+    solicitarte acceso a cookies antes de que Shopify pueda abrirlo por ti.
   top_level_interaction_action: Continuar
   request_storage_access_heading: "%{app} necesita acceso a las cookies"
   request_storage_access_body: Esto permite que la aplicación te autentique almacenando

data/config/locales/fi.yml

@@ -0,0 +1,20 @@
+---
+fi:
+  logged_out: Olet kirjautunut ulos
+  could_not_log_in: Kirjautuminen Shopify-kauppaan ei onnistunut
+  invalid_shop_url: Virheellinen kaupan verkkotunnus
+  enable_cookies_heading: Ota käyttöön sovelluksen %{app} evästeet
+  enable_cookies_body: Sinun on otettava evästeet käyttöön manuaalisesti tässä selaimessa,
+    jotta voit käyttää sovellusta %{app} Shopifyssa.
+  enable_cookies_footer: Evästeiden avulla sovellus voi todentaa sinut tallentamalla
+    asetuksesi ja henkilötietosi tilapäisesti. Ne vanhenevat 30 päivän kuluttua.
+  enable_cookies_action: Ota evästeet käyttöön
+  top_level_interaction_heading: Selaimesi täytyy todentaa %{app}
+  top_level_interaction_body: Selaimesi vaatii sovelluksia, kuten %{app}, pyytämään
+    sinulta luvan evästeiden käyttöön, ennen kuin Shopify voi avata sovelluksen.
+  top_level_interaction_action: Jatka
+  request_storage_access_heading: "%{app} edellyttää evästeiden käyttöä"
+  request_storage_access_body: Näin sovellus voi todentaa sinut tallentamalla henkilötietosi
+    tilapäisesti. Napsauta Jatka ja salli evästeet sovelluksen käyttämiseksi.
+  request_storage_access_footer: Evästeet vanhenevat 30 päivän kuluttua.
+  request_storage_access_action: Jatka

data/config/locales/fr.yml

@@ -11,9 +11,9 @@ fr:
     expirent après 30 jours.
   enable_cookies_action: Activer les cookies
   top_level_interaction_heading: Votre navigateur doit s'authentifier %{app}
-  top_level_interaction_body: Votre navigateur nécessite des applications tierces
-    telles que %{app} pour vous demander l'accès aux cookies avant que Shopify ne
-    puisse l'ouvrir pour vous.
+  top_level_interaction_body: Votre navigateur nécessite des applications telles que
+    %{app} pour vous demander l'accès aux cookies avant que Shopify ne puisse l'ouvrir
+    pour vous.
   top_level_interaction_action: Continuer
   request_storage_access_heading: "%{app} a besoin d'accéder aux cookies"
   request_storage_access_body: Cela permet à l'application de vous authentifier en

data/config/locales/hi.yml

@@ -0,0 +1,23 @@
+---
+hi:
+  logged_out: सफलतापूर्वक लॉग आउट कर दिया
+  could_not_log_in: Shopify स्टोर में लॉग इन नहीं किया जा सका
+  invalid_shop_url: अमान्य शॉप डोमेन
+  enable_cookies_heading: "%{app} के कुकीज़ सक्षम करें"
+  enable_cookies_body: आपको %{app} का उपयोग Shopify में करने के लिए इस ब्राउज़र में
+    कुकीज़ मैन्युअल रूप से सक्षम करने चाहिए.
+  enable_cookies_footer: कुकीज़ अस्थायी रूप से आपकी वरीयताएं और व्यक्तिगत जानकारी स्टोर
+    कर ऐप को आपको प्रमाणित करने देते हैं. इनकी समय-सीमा 30 दिनों बाद समाप्त हो जाती
+    है.
+  enable_cookies_action: कुकीज़ को सक्षम करें
+  top_level_interaction_heading: आपके ब्राउज़र को %{app} प्रमाणित करने की आवश्यकता
+    है
+  top_level_interaction_body: आपके ब्राउज़र को %{app} जैसे ऐप की ज़रूरत होती है, जो
+    Shopify द्वारा आपके लिए उसे खोलने से पहले कुकीज़ पर पहुंचने करने की अनुमति मांगे.
+  top_level_interaction_action: जारी रखें
+  request_storage_access_heading: "%{app} को कुकीज़ पर पहुंच करने की आवश्यकता है"
+  request_storage_access_body: यह आपकी व्यक्तिगत जानकारी अस्थायी रूप से स्टोर कर ऐप
+    को आपको प्रमाणित करने देता है. जारी रखें पर क्लिक करें और कुकीज़ को ऐप उपयोग करने
+    की अनुमति दें.
+  request_storage_access_footer: कुकीज़ की समय-सीमा 30 दिनों बाद समाप्त हो जाती है.
+  request_storage_access_action: जारी रखें

data/config/locales/it.yml

@@ -10,9 +10,8 @@ it:
     temporaneamente le tue preferenze e informazioni personali. Scadono dopo 30 giorni.
   enable_cookies_action: Abilita i cookie
   top_level_interaction_heading: Il tuo browser deve autenticare %{app}
-  top_level_interaction_body: Il tuo browser richiede che app di terze parti come
-    %{app} ti chiedano l'accesso ai cookie prima dell'apertura automatica da parte
-    di Shopify.
+  top_level_interaction_body: Il tuo browser richiede che app come %{app} ti chiedano
+    l'accesso ai cookie prima dell'apertura automatica da parte di Shopify.
   top_level_interaction_action: Continua
   request_storage_access_heading: "%{app} deve accedere ai cookie"
   request_storage_access_body: L'app potrà così autenticarti memorizzando temporaneamente