shopify_app 9.0.4 → 11.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9b0c4f236ab9c71186ed3095ed7da95a10dbaa0fd89cb7e0e848bf04257c21ac
-  data.tar.gz: 6874836046e839e20e7e7d40f091cab488c4ac61c2fb492ab3044d05cb4c8d9d
+  metadata.gz: 5efea1849894001dd33e89e8beaab22dc7630f383a263b1638b2e316478c4927
+  data.tar.gz: f6b8fb40731e82c83ebb57548814a9ea6aa5691691606c50fa986191b00f092f
 SHA512:
-  metadata.gz: 256797e0845484538af23db0bf1bb90fae3398a5536e99d095d235bd9d812c3e5d00030b8f3c4cd36ef27a16a282317d341413da3d9fb5854309a06cf3af77ec
-  data.tar.gz: 4369be48e85023c76ea2a7ec05a189a17e8f7416e74e80186e4fb3b133687dd125ad7c40b0bfb808f39ac73a1cfaf5eca69d597d571b96882b0439f376d6c4ab
+  metadata.gz: 7d278a7a7dc385940cbfdaa832d7e05f69f31c5bb57ce007f0a776ed1d926682fb36f88de490b63d9208ccca50b39e30057c3c14d3056d80301fed95468484c4
+  data.tar.gz: ec1ebf4b962a4cfde1abf6d771caa0e7910ef04cbaade77961f97234799b3db4a21d799434bf20d12b3d00653b59f923871fe03d6132efa880d092d7f2ebb9be

data/CHANGELOG.md

@@ -1,3 +1,42 @@
+11.1.0
+-----
+
+* Add Webmock and Pry as development dependencies
+* Update install generator to leverage updates to ShopifyAPI::ApiVersion add in v8.0.0 of the shopify_api gem [#790](https://github.com/Shopify/shopify_app/pull/790)
+
+
+11.0.2
+-----
+
+* Lock shopify_api gem dependency to `~> 7.0` from `>= 7.0.0`.
+* Remove flakey JS Tests
+* bump sqlite3 development dependency to `~>1.4` from `~> 1.3.6`. [#789](https://github.com/Shopify/shopify_app/pull/789)
+
+11.0.1
+-----
+
+* Add dotenv-rails gem to install generator, so apps fetch credentials from `.env` by default: [#776](https://github.com/Shopify/shopify_app/pull/776)
+
+11.0.0
+-----
+
+* Rename `login_url` method to `login_url_with_optional_shop` to avoid ambiguity with Rails' route helper method of the
+  same name (see [#585](https://github.com/Shopify/shopify_app/pull/585)).
+
+10.0.0
+-----
+
+* Make sure OAuth-related redirects return user to originally requested URL once authenticated
+* Add/update translations
+* Update README to clarify nested routes
+* Remove example app. Users should instead use the generators to scaffold an example app.
+* Bump required Rails version to `> 5.2.1` to ensure `5.2.1.1` or greater is used. This ensures two things:
+  * Apps are not vulnerable to [CVE-2018-16476](https://nvd.nist.gov/vuln/detail/CVE-2018-16476)
+  * Webhook payloads, from Shopify for API version 2019-07, which are processed in ActiveJob background jobs (the
+    default behaviour of shopify_app's WebhooksController) are compatible, due to how ActiveJob versions prior to
+    5.2.1.1 process GlobalIDs encoded as string in job parameters. This prevents the
+    [exceptions reported previously](https://github.com/Shopify/shopify_app/issues/600).
+
 9.0.4
 -----
 

data/README.md

@@ -26,7 +26,6 @@ Table of Contents
  * [App Proxy Controller Generator](#app-proxy-controller-generator)
  * [Controllers, Routes and Views](#controllers-routes-and-views)
 * [**Mounting the Engine**](#mounting-the-engine)
-* [**Managing Api Keys**](#managing-api-keys)
 * [**WebhooksManager**](#webhooksmanager)
 * [**ScripttagsManager**](#scripttagsmanager)
 * [**AfterAuthenticate Job**](#afterauthenticate-job)
@@ -45,8 +44,6 @@ Description
 -----------
 This gem includes a Rails Engine and generators for writing Rails applications using the Shopify API. The Engine provides a SessionsController and all the required code for authenticating with a shop via Oauth (other authentication methods are not supported).
 
-The [example](https://github.com/Shopify/shopify_app/tree/master/example) directory contains an app that was generated with this gem. It also contains sample code demonstrating the usage of the embedded app sdk.
-
 *Note: It's recommended to use this on a new Rails project, so that the generator won't overwrite/delete some of your files.*
 
 
@@ -106,11 +103,22 @@ Generators
 The default generator will run the `install`, `shop`, and `home_controller` generators. This is the recommended way to start your app.
 
 ```sh
-$ rails generate shopify_app --api_key <your_api_key> --secret <your_app_secret>
+$ rails generate shopify_app
 ```
 
 After running the generator, you will need to run `rake db:migrate` to add tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting localhost.
 
+### API Keys
+
+The default and install generators have been updated to source Shopify API key and secret from a `.env` file, which you will need to create with the following format:
+
+```
+SHOPIFY_API_KEY=your api key
+SHOPIFY_API_SECRET=your api secret
+```
+
+These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard].
+
 ### Install Generator
 
 ```sh
@@ -118,7 +126,7 @@ $ rails generate shopify_app:install
 
 # or optionally with arguments:
 
-$ rails generate shopify_app:install --api_key <your_api_key> --secret <your_app_secret>
+$ rails generate shopify_app:install
 ```
 
 Other options include:
@@ -207,6 +215,19 @@ provider :shopify,
   callback_path: '/nested/auth/shopify/callback'
 ```
 
+You may also need to change your `config/routes.rb` to render a view for `/nested`, since this is what will be rendered in the Shopify Admin of any shops that have installed your app.  The engine itself doesn't have a view for this, so you'll need something like this:
+
+```ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  root :to => 'something_else#index'
+  get "/nested", to: "home#index"
+  mount ShopifyApp::Engine, at: '/nested'
+end
+```
+
+Finally, note that if you do this, to add your app to a store, you must navigate to `/nested` in order to render the `Enter your shop domain to log in or install this app.` UI.
+
 ### Custom login URL
 
 While you can customize the login view by creating a `/app/views/shopify_app/sessions/new.html.erb` file, you may also want to customize the URL entirely. You can modify your `shopify_app.rb` initializer to provide a custom `login_url` e.g.:
@@ -233,21 +254,6 @@ The current Shopify user will be stored in the rails session at `session[:shopif
 
 This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
 
-Managing Api Keys
------------------
-
-The `install` generator places your Api credentials directly into the shopify_app initializer which is convenient and fine for development but once your app goes into production **your api credentials should not be in source control**. When we develop apps we keep our keys in environment variables so a production shopify_app initializer would look like this:
-
-```ruby
-ShopifyApp.configure do |config|
-  config.application_name = 'Your app name' # Optional
-  config.api_key = ENV['SHOPIFY_CLIENT_API_KEY']
-  config.secret = ENV['SHOPIFY_CLIENT_API_SECRET']
-  config.scope = 'read_customers, write_products'
-  config.embedded_app = true
-end
-```
-
 
 WebhooksManager
 ---------------
@@ -428,7 +434,7 @@ class ReviewsController < ApplicationController
 end
 ```
 
-Create your app proxy url in the [Shopify Partners' Dashboard](https://app.shopify.com/services/partners/api_clients), making sure to point it to `https://your_app_website.com/app_proxy`.
+Create your app proxy url in the [Shopify Partners' Dashboard][dashboard], making sure to point it to `https://your_app_website.com/app_proxy`.
 ![Creating an App Proxy](/images/app-proxy-screenshot.png)
 
 Troubleshooting
@@ -465,7 +471,7 @@ config.api_version = '2019-04'
 
 ### Session storage change
 
-You will need to add an `api_version` method to you session storage object.  The default implmentation for this is.
+You will need to add an `api_version` method to you session storage object.  The default implementation for this is.
 ```ruby
 def api_version
   ShopifyApp.configuration.api_version
@@ -474,7 +480,7 @@ end
 
 ### Generated file change
 
-`embedded_app.html.erb` the useage of `shop_session.url` needs to be changed to `shop_session.domain`
+`embedded_app.html.erb` the usage of `shop_session.url` needs to be changed to `shop_session.domain`
 ```erb
 <script type="text/javascript">
   ShopifyApp.init({
@@ -504,3 +510,5 @@ is changed to
 ### ShopifyAPI changes
 
 You will need to also follow the ShopifyAPI [upgrade guide](https://github.com/Shopify/shopify_api/blob/master/README.md#-breaking-change-notice-for-version-700-) to ensure your app is ready to work with api versioning.
+
+[dashboard]:https://partners.shopify.com

data/app/assets/javascripts/shopify_app/storage_access.js

@@ -103,7 +103,7 @@
 
   /* ITP 2.0 solution: handles cookie partitioning */
   StorageAccessHelper.prototype.setUpHelper = function() {
-    return new ITPHelper({redirectUrl: window.shopOrigin + "/admin/apps/" + window.apiKey});
+    return new ITPHelper({redirectUrl: window.shopOrigin + "/admin/apps/" + window.apiKey + window.returnTo});
   }
 
   StorageAccessHelper.prototype.setCookieAndRedirect = function() {

data/app/controllers/shopify_app/callback_controller.rb

@@ -15,7 +15,7 @@ module ShopifyApp
         redirect_to return_address
       else
         flash[:error] = I18n.t('could_not_log_in')
-        redirect_to login_url
+        redirect_to(login_url_with_optional_shop)
       end
     end
 

data/app/controllers/shopify_app/sessions_controller.rb

@@ -22,14 +22,14 @@ module ShopifyApp
         does_not_have_storage_access_url: top_level_interaction_path(
           shop: sanitized_shop_name
         ),
-        has_storage_access_url: login_url(top_level: true),
+        has_storage_access_url: login_url_with_optional_shop(top_level: true),
         app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
         current_shopify_domain: current_shopify_domain,
       })
     end
 
     def top_level_interaction
-      @url = login_url(top_level: true)
+      @url = login_url_with_optional_shop(top_level: true)
       validate_shop
     end
 
@@ -45,7 +45,7 @@ module ShopifyApp
     def destroy
       reset_session
       flash[:notice] = I18n.t('.logged_out')
-      redirect_to login_url
+      redirect_to(login_url_with_optional_shop)
     end
 
     private
@@ -54,6 +54,8 @@ module ShopifyApp
       return render_invalid_shop_error unless sanitized_shop_name.present?
       session['shopify.omniauth_params'] = { shop: sanitized_shop_name }
 
+      session[:return_to] = params[:return_to] if params[:return_to]
+
       if user_agent_can_partition_cookies
         authenticate_with_partitioning
       else
@@ -77,7 +79,7 @@ module ShopifyApp
         authenticate_in_context
       else
         set_top_level_oauth_cookie
-        fullpage_redirect_to enable_cookies_path(shop: sanitized_shop_name)
+        enable_cookie_access
       end
     end
 
@@ -96,12 +98,19 @@ module ShopifyApp
       redirect_to return_address
     end
 
+    def enable_cookie_access
+      fullpage_redirect_to(enable_cookies_path(
+        shop: sanitized_shop_name,
+        return_to: session[:return_to]
+      ))
+    end
+
     def authenticate_in_context
       redirect_to "#{main_app.root_path}auth/shopify"
     end
 
     def authenticate_at_top_level
-      fullpage_redirect_to login_url(top_level: true)
+      fullpage_redirect_to(login_url_with_optional_shop(top_level: true))
     end
 
     def authenticate_in_context?
@@ -119,14 +128,18 @@ module ShopifyApp
     end
 
     def redirect_to_request_storage_access
-      render :request_storage_access, layout: false, locals: {
-        does_not_have_storage_access_url: top_level_interaction_path(
-          shop: sanitized_shop_name
-        ),
-        has_storage_access_url: login_url(top_level: true),
-        app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
-        current_shopify_domain: current_shopify_domain
-      }
+      render(
+        :request_storage_access,
+        layout: false,
+        locals: {
+          does_not_have_storage_access_url: top_level_interaction_path(
+            shop: sanitized_shop_name
+          ),
+          has_storage_access_url: login_url_with_optional_shop(top_level: true),
+          app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
+          current_shopify_domain: current_shopify_domain,
+        }
+      )
     end
   end
 end

data/app/views/shopify_app/sessions/enable_cookies.html.erb

@@ -17,6 +17,7 @@
   <script>
     window.apiKey = "<%= ShopifyApp.configuration.api_key %>";
     window.shopOrigin = "https://<%= @shop %>";
+    window.returnTo = "<%= params[:return_to] %>"
   </script>
 
   <%= javascript_include_tag('shopify_app/enable_cookies', crossorigin: 'anonymous', integrity: true) %>

data/config/locales/cs.yml

@@ -0,0 +1,23 @@
+---
+cs:
+  logged_out: Odhlášení proběhlo úspěšně
+  could_not_log_in: Nelze se přihlásit do obchodu Shopify
+  invalid_shop_url: Neplatná doména obchodu
+  enable_cookies_heading: Zapnout soubory cookie z aplikace %{app}
+  enable_cookies_body: Pokud chceš v Shopify používat aplikaci %{app}, musíš soubory
+    cookie v tomto prohlížeči povolit ručně.
+  enable_cookies_footer: Soubory cookie umožňují, aby tě aplikace ověřila pomocí dočasného
+    uchování preferencí a osobních údajů. Jejich platnost vyprší po 30 dnech.
+  enable_cookies_action: Povolit soubory cookie
+  top_level_interaction_heading: Tvůj prohlížeč potřebuje ověřit aplikaci %{app}
+  top_level_interaction_body: Tvůj prohlížeč vyžaduje, aby si od tebe aplikace, jako
+    je %{app}, nejdřív vyžádaly přístup k souborům cookie, než je pro tebe Shopify
+    otevře.
+  top_level_interaction_action: Pokračovat
+  request_storage_access_heading: Aplikace %{app} potřebuje získat přístup k souborům
+    cookie
+  request_storage_access_body: Tato aplikace ti umožní ověření prostřednictvím dočasného
+    uchování tvých osobních údajů. Pokud chceš používat tuto aplikaci, klikni na tlačítko
+    Pokračovat a povol soubory cookie.
+  request_storage_access_footer: Platnost souborů cookie vyprší po 30 dnech.
+  request_storage_access_action: Pokračovat

data/config/locales/da.yml

@@ -0,0 +1,20 @@
+---
+da:
+  logged_out: Logget ud
+  could_not_log_in: Kunne ikke logge ind på Shopify-butik
+  invalid_shop_url: Ugyldig butiksdomæne
+  enable_cookies_heading: Aktivér cookies fra %{app}
+  enable_cookies_body: Du skal manuelt aktivere cookies i denne browser for at kunne
+    bruge %{app} i Shopify.
+  enable_cookies_footer: Cookies lader appen godkende dig ved at gemme dine præferencer
+    og personlige oplysninger midlertidigt. De udløber efter 30 dage.
+  enable_cookies_action: Aktivér cookies
+  top_level_interaction_heading: Din browser skal godkende %{app}
+  top_level_interaction_body: Din browser kræver, at apps som f.eks. %{app} spørger
+    dig om adgang til cookies, inden Shopify kan åbne den for dig.
+  top_level_interaction_action: Fortsæt
+  request_storage_access_heading: "%{app} skal have adgang til cookies"
+  request_storage_access_body: Det lader appen godkende dig ved at gemme dine personlige
+    oplysninger midlertidigt. Klik på forsæt, og tillad cookies for at bruge appen.
+  request_storage_access_footer: Cookies udløber efter 30 dage.
+  request_storage_access_action: Fortsæt

data/config/locales/de.yml

@@ -11,8 +11,8 @@ de:
     Sie laufen nach 30 Tagen ab.
   enable_cookies_action: Cookies aktivieren
   top_level_interaction_heading: Ihr Browser muss %{app} authentifizieren
-  top_level_interaction_body: Ihr Browser verlangt, dass Apps von Drittanbietern wie
-    %{app} Sie um Zugriff auf Cookies bitten, bevor Shopify sie für Sie öffnen kann.
+  top_level_interaction_body: Ihr Browser verlangt, dass Apps wie %{app} Sie um Zugriff
+    auf Cookies bitten, bevor Shopify sie für Sie öffnen kann.
   top_level_interaction_action: Weiter
   request_storage_access_heading: "%{app} braucht Zugriff auf Cookies"
   request_storage_access_body: Damit kann die App Sie authentifizieren, indem Ihre

data/config/locales/es.yml

@@ -11,8 +11,8 @@ es:
     de 30 días.
   enable_cookies_action: Habilitar cookies
   top_level_interaction_heading: Tu navegador necesita autenticar %{app}
-  top_level_interaction_body: Tu navegador requiere aplicaciones externas como %{app}
-    para solicitarte acceso a cookies antes de que Shopify pueda abrirlo por ti.
+  top_level_interaction_body: Tu navegador requiere aplicaciones como %{app} para
+    solicitarte acceso a cookies antes de que Shopify pueda abrirlo por ti.
   top_level_interaction_action: Continuar
   request_storage_access_heading: "%{app} necesita acceso a las cookies"
   request_storage_access_body: Esto permite que la aplicación te autentique almacenando

data/config/locales/fi.yml

@@ -0,0 +1,20 @@
+---
+fi:
+  logged_out: Olet kirjautunut ulos
+  could_not_log_in: Kirjautuminen Shopify-kauppaan ei onnistunut
+  invalid_shop_url: Virheellinen kaupan verkkotunnus
+  enable_cookies_heading: Ota käyttöön sovelluksen %{app} evästeet
+  enable_cookies_body: Sinun on otettava evästeet käyttöön manuaalisesti tässä selaimessa,
+    jotta voit käyttää sovellusta %{app} Shopifyssa.
+  enable_cookies_footer: Evästeiden avulla sovellus voi todentaa sinut tallentamalla
+    asetuksesi ja henkilötietosi tilapäisesti. Ne vanhenevat 30 päivän kuluttua.
+  enable_cookies_action: Ota evästeet käyttöön
+  top_level_interaction_heading: Selaimesi täytyy todentaa %{app}
+  top_level_interaction_body: Selaimesi vaatii sovelluksia, kuten %{app}, pyytämään
+    sinulta luvan evästeiden käyttöön, ennen kuin Shopify voi avata sovelluksen.
+  top_level_interaction_action: Jatka
+  request_storage_access_heading: "%{app} edellyttää evästeiden käyttöä"
+  request_storage_access_body: Näin sovellus voi todentaa sinut tallentamalla henkilötietosi
+    tilapäisesti. Napsauta Jatka ja salli evästeet sovelluksen käyttämiseksi.
+  request_storage_access_footer: Evästeet vanhenevat 30 päivän kuluttua.
+  request_storage_access_action: Jatka

data/config/locales/fr.yml

@@ -11,9 +11,9 @@ fr:
     expirent après 30 jours.
   enable_cookies_action: Activer les cookies
   top_level_interaction_heading: Votre navigateur doit s'authentifier %{app}
-  top_level_interaction_body: Votre navigateur nécessite des applications tierces
-    telles que %{app} pour vous demander l'accès aux cookies avant que Shopify ne
-    puisse l'ouvrir pour vous.
+  top_level_interaction_body: Votre navigateur nécessite des applications telles que
+    %{app} pour vous demander l'accès aux cookies avant que Shopify ne puisse l'ouvrir
+    pour vous.
   top_level_interaction_action: Continuer
   request_storage_access_heading: "%{app} a besoin d'accéder aux cookies"
   request_storage_access_body: Cela permet à l'application de vous authentifier en

data/config/locales/hi.yml

@@ -0,0 +1,23 @@
+---
+hi:
+  logged_out: सफलतापूर्वक लॉग आउट कर दिया
+  could_not_log_in: Shopify स्टोर में लॉग इन नहीं किया जा सका
+  invalid_shop_url: अमान्य शॉप डोमेन
+  enable_cookies_heading: "%{app} के कुकीज़ सक्षम करें"
+  enable_cookies_body: आपको %{app} का उपयोग Shopify में करने के लिए इस ब्राउज़र में
+    कुकीज़ मैन्युअल रूप से सक्षम करने चाहिए.
+  enable_cookies_footer: कुकीज़ अस्थायी रूप से आपकी वरीयताएं और व्यक्तिगत जानकारी स्टोर
+    कर ऐप को आपको प्रमाणित करने देते हैं. इनकी समय-सीमा 30 दिनों बाद समाप्त हो जाती
+    है.
+  enable_cookies_action: कुकीज़ को सक्षम करें
+  top_level_interaction_heading: आपके ब्राउज़र को %{app} प्रमाणित करने की आवश्यकता
+    है
+  top_level_interaction_body: आपके ब्राउज़र को %{app} जैसे ऐप की ज़रूरत होती है, जो
+    Shopify द्वारा आपके लिए उसे खोलने से पहले कुकीज़ पर पहुंचने करने की अनुमति मांगे.
+  top_level_interaction_action: जारी रखें
+  request_storage_access_heading: "%{app} को कुकीज़ पर पहुंच करने की आवश्यकता है"
+  request_storage_access_body: यह आपकी व्यक्तिगत जानकारी अस्थायी रूप से स्टोर कर ऐप
+    को आपको प्रमाणित करने देता है. जारी रखें पर क्लिक करें और कुकीज़ को ऐप उपयोग करने
+    की अनुमति दें.
+  request_storage_access_footer: कुकीज़ की समय-सीमा 30 दिनों बाद समाप्त हो जाती है.
+  request_storage_access_action: जारी रखें

data/config/locales/it.yml

@@ -10,9 +10,8 @@ it:
     temporaneamente le tue preferenze e informazioni personali. Scadono dopo 30 giorni.
   enable_cookies_action: Abilita i cookie
   top_level_interaction_heading: Il tuo browser deve autenticare %{app}
-  top_level_interaction_body: Il tuo browser richiede che app di terze parti come
-    %{app} ti chiedano l'accesso ai cookie prima dell'apertura automatica da parte
-    di Shopify.
+  top_level_interaction_body: Il tuo browser richiede che app come %{app} ti chiedano
+    l'accesso ai cookie prima dell'apertura automatica da parte di Shopify.
   top_level_interaction_action: Continua
   request_storage_access_heading: "%{app} deve accedere ai cookie"
   request_storage_access_body: L'app potrà così autenticarti memorizzando temporaneamente

data/config/locales/ja.yml

@@ -8,7 +8,7 @@ ja:
   enable_cookies_footer: Cookieを使用すると、各種設定や個人情報を一時的に保存することで、アプリ認証を受けることができます。30日後に有効期限が切れます。
   enable_cookies_action: Cookieを有効にする
   top_level_interaction_heading: お使いのブラウザを更新する必要があります%{app}
-  top_level_interaction_body: Shopifyがアプリを開けるように、ブラウザーはCookie にアクセスするための%{app}のような外部アプリが必要です。
+  top_level_interaction_body: Shopifyがアプリを開けるように、ブラウザーはCookieにアクセスするための%{app}のようなアプリが必要です。
   top_level_interaction_action: 続ける
   request_storage_access_heading: "%{app}クッキーにアクセスする必要がある"
   request_storage_access_body: Cookieを使用すると、個人情報を一時的に保存することで、アプリ認証を受けることができます。[続行]