shopify_app 12.0.0 → 12.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d7f75f25ebd3015036f89240acd78fb1d38bd85c6c61c361df564e0eaa1e2195
-  data.tar.gz: 5b91f6dd61dd686a9cce74123a3b6de0498f683488204768542aa128e312f90f
+  metadata.gz: e21696bedf0e9066e0363ffa54535563d57b04990c4fd8c39f61b24c9e7dd5a5
+  data.tar.gz: 0557a4eb040fe7dcc68b576ab90237902c4ec2a7e60f5352607a1753a2dc4d7b
 SHA512:
-  metadata.gz: 9119cf0bf9b9ad3a9f03c89877a7fc2337b99a98b36ec5ec01446b9a9ef15841e0bf7ba05631d15d827b5b32c535c1176f5b4b46227846ace43d27c9d55155cb
-  data.tar.gz: c084b5f9fd03727c865621a6615e2837179f262941b2ef3c5b083515d4e23b075e0d904f9cccee29140c78d117c2624fad4ef73c883aaa0ba087d0bc816a9685
+  metadata.gz: 4adc7c54f7662d8c4427012de16b9aa2bafd3c984ea4bf13d77c36722035f32ed3fe9a00b7d45c4dacad24a4d99d2b3939defcc7a0eeaea99efeed3be2f771a2
+  data.tar.gz: 2ae0baab7a365863bfc0530a4264b6397f59d447db24ba59fda93f455b44582fd432c2525fc064285b7c314f5bcbd6883568e2cd28460922911d14f340834228

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+12.0.1
+------
+* disable samesite cookie middleware in tests
+* middleware compatibility for ruby 2.3
+* samesite cookie fixes for javascript libraries
+* change generators to add AppBridge instead of EASDK
+* Fix for return_to in safari after enable_cookies/granted_storage_access
+
 12.0.0
 -----
 * Updating shopify_api gem to 9.0.0

data/app/assets/javascripts/shopify_app/itp_helper.js

@@ -4,31 +4,31 @@
     this.itpAction = document.getElementById('TopLevelInteractionButton');
     this.redirectUrl = opts.redirectUrl;
   }
-  
+
   ITPHelper.prototype.redirect = function() {
     sessionStorage.setItem('shopify.top_level_interaction', true);
     window.location.href = this.redirectUrl;
   }
-  
+
   ITPHelper.prototype.userAgentIsAffected = function() {
     return Boolean(document.hasStorageAccess);
   }
-  
+
   ITPHelper.prototype.canPartitionCookies = function() {
     var versionRegEx = /Version\/12\.0\.?\d? Safari/;
     return versionRegEx.test(navigator.userAgent);
   }
-  
+
   ITPHelper.prototype.setUpContent = function(onClick) {
     this.itpContent.style.display = 'block';
     this.itpAction.addEventListener('click', this.redirect.bind(this));
   }
-  
+
   ITPHelper.prototype.execute = function() {
     if (!this.itpContent) {
       return;
     }
-  
+
     if (this.userAgentIsAffected()) {
       this.setUpContent();
     } else {

data/app/assets/javascripts/shopify_app/storage_access.js

@@ -28,18 +28,47 @@
     window.parent.location.href = this.redirectData.myshopifyUrl + '/admin/apps';
   }
 
-  StorageAccessHelper.prototype.redirectToAppHome = function() {
-    window.location.href = this.redirectData.appHomeUrl;
+  StorageAccessHelper.prototype.redirectToAppTargetUrl = function() {
+    window.location.href = this.redirectData.appTargetUrl;
+  }
+
+  StorageAccessHelper.prototype.sameSiteNoneIncompatible = function(ua) {
+    return ua.includes("iPhone OS 12_") || ua.includes("iPad; CPU OS 12_") || //iOS 12
+    (ua.includes("UCBrowser/")
+        ? this.isOlderUcBrowser(ua) //UC Browser < 12.13.2
+        : (ua.includes("Chrome/5") || ua.includes("Chrome/6"))) ||
+    ua.includes("Chromium/5") || ua.includes("Chromium/6") ||
+    (ua.includes(" OS X 10_14_") &&
+        ((ua.includes("Version/") && ua.includes("Safari")) || //Safari on MacOS 10.14
+        ua.endsWith("(KHTML, like Gecko)"))); //Web view on MacOS 10.14
+  }
+
+  StorageAccessHelper.prototype.isOlderUcBrowser = function(ua) {
+    var match = ua.match(/UCBrowser\/(\d+)\.(\d+)\.(\d+)\./);
+    if (!match) return false;
+    var major = parseInt(match[1]);
+    var minor = parseInt(match[2]);
+    var build = parseInt(match[3]);
+    if (major != 12) return major < 12;
+    if (minor != 13) return minor < 13;
+    return build < 2;
+  }
+
+  StorageAccessHelper.prototype.setCookie = function(value) {
+    if(!this.sameSiteNoneIncompatible(navigator.userAgent)) {
+      value += '; secure; SameSite=None'
+    }
+    document.cookie = value;
   }
 
   StorageAccessHelper.prototype.grantedStorageAccess = function() {
     try {
       sessionStorage.setItem('shopify.granted_storage_access', true);
-      document.cookie = 'shopify.granted_storage_access=true';
+      this.setCookie('shopify.granted_storage_access=true');
       if (!document.cookie) {
         throw 'Cannot set third-party cookie.'
       }
-      this.redirectToAppHome();
+      this.redirectToAppTargetUrl();
     } catch (error) {
       console.warn('Third party cookies may be blocked.', error);
       this.redirectToAppTLD(ACCESS_DENIED_STATUS);
@@ -61,7 +90,7 @@
   StorageAccessHelper.prototype.handleHasStorageAccess = function() {
     if (sessionStorage.getItem('shopify.granted_storage_access')) {
       // If app was classified by ITP and used Storage Access API to acquire access
-      this.redirectToAppHome();
+      this.redirectToAppTargetUrl();
     } else {
       // If app has not been classified by ITP and still has storage access
       this.redirectToAppTLD(ACCESS_GRANTED_STATUS);
@@ -107,7 +136,7 @@
   }
 
   StorageAccessHelper.prototype.setCookieAndRedirect = function() {
-    document.cookie = "shopify.cookies_persist=true";
+    this.setCookie('shopify.cookies_persist=true');
     var helper = this.setUpHelper();
     helper.redirect();
   }

data/app/controllers/shopify_app/sessions_controller.rb

@@ -20,11 +20,12 @@ module ShopifyApp
 
       render(:enable_cookies, layout: false, locals: {
         does_not_have_storage_access_url: top_level_interaction_path(
-          shop: sanitized_shop_name
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
         ),
         has_storage_access_url: login_url_with_optional_shop(top_level: true),
-        app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
-        current_shopify_domain: current_shopify_domain,
+        app_target_url: params[:return_to] || granted_storage_access_path(shop: sanitized_shop_name),
+        current_shopify_domain: current_shopify_domain
       })
     end
 
@@ -133,11 +134,12 @@ module ShopifyApp
         layout: false,
         locals: {
           does_not_have_storage_access_url: top_level_interaction_path(
-            shop: sanitized_shop_name
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
           ),
           has_storage_access_url: login_url_with_optional_shop(top_level: true),
-          app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
-          current_shopify_domain: current_shopify_domain,
+          app_target_url: session[:return_to] || granted_storage_access_path(shop: sanitized_shop_name),
+          current_shopify_domain: current_shopify_domain
         }
       )
     end

data/app/views/shopify_app/sessions/enable_cookies.html.erb

@@ -32,7 +32,7 @@
           myshopifyUrl: "https://#{current_shopify_domain}",
           hasStorageAccessUrl: "#{has_storage_access_url}",
           doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
-          appHomeUrl: "#{app_home_url}"
+          appTargetUrl: "#{app_target_url}"
         },
       },
     )

data/app/views/shopify_app/sessions/request_storage_access.html.erb

@@ -24,7 +24,7 @@
                       myshopifyUrl: "https://#{current_shopify_domain}",
                       hasStorageAccessUrl: "#{has_storage_access_url}",
                       doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
-                      appHomeUrl: "#{app_home_url}"
+                      appTargetUrl: "#{app_target_url}"
                   },
               },
               )

data/config/locales/pt-BR.yml

@@ -4,7 +4,7 @@ pt-BR:
   could_not_log_in: Não foi possível fazer login na Shopify store
   invalid_shop_url: Domínio de loja inválido
   enable_cookies_heading: Habilitar cookies de %{app}
-  enable_cookies_body: Você deve habilitar manualmente os cookies neste navegador
+  enable_cookies_body: Você precisa habilitar manualmente os cookies neste navegador
     para usar %{app} dentro da Shopify.
   enable_cookies_footer: Os cookies permitem que o app o autentique armazenando temporariamente
     suas preferências e dados pessoais. Eles expiram depois de 30 dias.

data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb

@@ -3,11 +3,7 @@
 class MarketingActivitiesController < ShopifyApp::ExtensionVerificationController
   def preload_form_data
     preload_data = {
-      "form_data": {
-        "budget": {
-          "currency": "USD",
-        }
-      }
+      "form_data": {}
     }
     render(json: preload_data, status: :ok)
   end

data/lib/shopify_app/configuration.rb

@@ -66,7 +66,7 @@ module ShopifyApp
     end
 
     def enable_same_site_none
-      @enable_same_site_none.nil? ? embedded_app? : @enable_same_site_none
+      !Rails.env.test? && (@enable_same_site_none.nil? ? embedded_app? : @enable_same_site_none)
     end
   end
 

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -100,8 +100,10 @@ module ShopifyApp
       query_params = {}
       query_params[:shop] = sanitized_params[:shop] if params[:shop].present?
 
-      if session[:return_to] && return_to_param_required?
-        query_params[:return_to] = session[:return_to]
+      return_to = session[:return_to] || params[:return_to]
+
+      if return_to.present? && return_to_param_required?
+        query_params[:return_to] = return_to
       end
 
       has_referer_shop_name = referer_sanitized_shop_name.present?

data/lib/shopify_app/middleware/same_site_cookie_middleware.rb

@@ -16,7 +16,7 @@ module ShopifyApp
 
         cookies.each do |cookie|
           unless cookie.include?("; SameSite")
-            headers['Set-Cookie'] = headers['Set-Cookie'].gsub("#{cookie}", "#{cookie}; secure; SameSite=None")
+            headers['Set-Cookie'] = headers['Set-Cookie'].gsub(cookie, "#{cookie}; secure; SameSite=None")
           end
         end
       end
@@ -31,8 +31,8 @@ module ShopifyApp
     end
 
     def self.webkit_same_site_bug?(sniffer)
-      (sniffer.os == :ios && sniffer.os_version.match?(/^([0-9]|1[12])[\.\_]/)) ||
-        (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match?(/^10[\.\_]14/))
+      (sniffer.os == :ios && sniffer.os_version.match(/^([0-9]|1[12])[\.\_]/)) ||
+        (sniffer.os == :mac && sniffer.browser == :safari && sniffer.os_version.match(/^10[\.\_]14/))
     end
 
     def self.drops_unrecognized_same_site_cookies?(sniffer)
@@ -41,11 +41,11 @@ module ShopifyApp
     end
 
     def self.chromium_based?(sniffer)
-      sniffer.browser_name.downcase.match?(/chrom(e|ium)/)
+      sniffer.browser_name.downcase.match(/chrom(e|ium)/)
     end
 
     def self.uc_browser?(sniffer)
-      sniffer.user_agent.downcase.match?(/uc\s?browser/)
+      sniffer.user_agent.downcase.match(/uc\s?browser/)
     end
 
     def self.uc_browser_version_at_least?(sniffer:, major:, minor:, build:)

data/lib/shopify_app/version.rb

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '12.0.0'.freeze
+  VERSION = '12.0.1'.freeze
 end

data/package.json

@@ -1,5 +1,6 @@
 {
   "name": "shopify_app",
+  "version": "12.0.1",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",
@@ -23,6 +24,5 @@
   },
   "scripts": {
     "test": "./node_modules/.bin/karma start --browsers ChromeHeadless --single-run"
-  },
-  "version": "12.0.0"
+  }
 }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 12.0.0
+  version: 12.0.1
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-29 00:00:00.000000000 Z
+date: 2020-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer