RubyGems - shopify_app - Versions diffs - 12.0.3 → 12.0.4 - Mend

shopify_app 12.0.3 → 12.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/app/assets/javascripts/shopify_app/storage_access.js +4 -4
data/app/controllers/shopify_app/sessions_controller.rb +22 -9
data/app/views/shopify_app/sessions/enable_cookies.html.erb +1 -1
data/app/views/shopify_app/sessions/request_storage_access.html.erb +1 -1
data/lib/shopify_app/controller_concerns/login_protection.rb +14 -2
data/lib/shopify_app/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5dcd45c8f2586d1be89322c54d902eb7f9d91d28969725d7ba10e332d3165e29
-  data.tar.gz: ac7e290930adff81933a9dac3a2b212a0b2d579018cca043ed01f9c54dd78b35
+  metadata.gz: 97b51956c46bc3fa2f253b3a2a949bb65f338999b46cd28ec182c4774f6d2b01
+  data.tar.gz: 1f8199a550dfd21035e620e052b636c3c8956ae820c47385a80cc58981a78802
 SHA512:
-  metadata.gz: 47e1984dd4168715a3b0698f41cfe76fa989121be1f915dde626bd18e769a535431e78694b1e7b5eaac86324e0bfef89e47289fcbf0d1ab8927c1ed5ead6fb66
-  data.tar.gz: 3226cfe6d9001f37b2349f039dfe5a860693ef2bf84d2ca4386c7b0c6024d13ac4a998abfbf4ad331cd190f187b95fe7f3069365d08fcc1466627ed528050c66
+  metadata.gz: 10004812203cadeaa93607ef0726bb0f96d541b363da568bb379260b9861773392050a42ab99fbabca69517d0851deb4263ba2de7f4f8c33865c6e83b2f71772
+  data.tar.gz: a777827c69680e90cf514cd0409039d393c1f7a6c0c523f6d3a61b6dd01cd2e3bfcfbe5ea67aa42bd9e4c8b2a57cd53d9d27a6378833055d47bf4745c155fc2f

data/CHANGELOG.md CHANGED

@@ -1,3 +1,7 @@
+12.0.4
+------
+* Reverts reverted PR (#895) #897
 12.0.3
 ------
 * Moves samesite middleware higher in the stack #898

data/app/assets/javascripts/shopify_app/storage_access.js CHANGED

@@ -28,8 +28,8 @@
     window.parent.location.href = this.redirectData.myshopifyUrl + '/admin/apps';
   }
-  StorageAccessHelper.prototype.redirectToAppHome = function() {
-    window.location.href = this.redirectData.appHomeUrl;
+  StorageAccessHelper.prototype.redirectToAppTargetUrl = function() {
+    window.location.href = this.redirectData.appTargetUrl;
   }
   StorageAccessHelper.prototype.sameSiteNoneIncompatible = function(ua) {
@@ -68,7 +68,7 @@
       if (!document.cookie) {
         throw 'Cannot set third-party cookie.'
       }
-      this.redirectToAppHome();
+      this.redirectToAppTargetUrl();
     } catch (error) {
       console.warn('Third party cookies may be blocked.', error);
       this.redirectToAppTLD(ACCESS_DENIED_STATUS);
@@ -90,7 +90,7 @@
   StorageAccessHelper.prototype.handleHasStorageAccess = function() {
     if (sessionStorage.getItem('shopify.granted_storage_access')) {
       // If app was classified by ITP and used Storage Access API to acquire access
-      this.redirectToAppHome();
+      this.redirectToAppTargetUrl();
     } else {
       // If app has not been classified by ITP and still has storage access
       this.redirectToAppTLD(ACCESS_GRANTED_STATUS);

data/app/controllers/shopify_app/sessions_controller.rb CHANGED

@@ -20,11 +20,15 @@ module ShopifyApp
       render(:enable_cookies, layout: false, locals: {
         does_not_have_storage_access_url: top_level_interaction_path(
-          shop: sanitized_shop_name
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
         ),
         has_storage_access_url: login_url_with_optional_shop(top_level: true),
-        app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
-        current_shopify_domain: current_shopify_domain,
+        app_target_url: granted_storage_access_path(
+          shop: sanitized_shop_name,
+          return_to: params[:return_to]
+        ),
+        current_shopify_domain: current_shopify_domain
       })
     end
@@ -38,8 +42,9 @@ module ShopifyApp
       session['shopify.granted_storage_access'] = true
-      params = { shop: @shop }
-      redirect_to("#{return_address}?#{params.to_query}")
+      copy_return_to_param_to_session
+      redirect_to(return_address_with_params({ shop: @shop }))
     end
     def destroy
@@ -54,7 +59,7 @@ module ShopifyApp
       return render_invalid_shop_error unless sanitized_shop_name.present?
       session['shopify.omniauth_params'] = { shop: sanitized_shop_name }
-      session[:return_to] = params[:return_to] if params[:return_to]
+      copy_return_to_param_to_session
       if user_agent_can_partition_cookies
         authenticate_with_partitioning
@@ -93,6 +98,10 @@ module ShopifyApp
       true
     end
+    def copy_return_to_param_to_session
+      session[:return_to] = params[:return_to] if params[:return_to]
+    end
     def render_invalid_shop_error
       flash[:error] = I18n.t('invalid_shop_url')
       redirect_to return_address
@@ -133,11 +142,15 @@ module ShopifyApp
         layout: false,
         locals: {
           does_not_have_storage_access_url: top_level_interaction_path(
-            shop: sanitized_shop_name
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
           ),
           has_storage_access_url: login_url_with_optional_shop(top_level: true),
-          app_home_url: granted_storage_access_path(shop: sanitized_shop_name),
-          current_shopify_domain: current_shopify_domain,
+          app_target_url: granted_storage_access_path(
+            shop: sanitized_shop_name,
+            return_to: session[:return_to]
+          ),
+          current_shopify_domain: current_shopify_domain
         }
       )
     end

data/app/views/shopify_app/sessions/enable_cookies.html.erb CHANGED

@@ -32,7 +32,7 @@
           myshopifyUrl: "https://#{current_shopify_domain}",
           hasStorageAccessUrl: "#{has_storage_access_url}",
           doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
-          appHomeUrl: "#{app_home_url}"
+          appTargetUrl: "#{app_target_url}"
         },
       },
     )

data/app/views/shopify_app/sessions/request_storage_access.html.erb CHANGED

@@ -24,7 +24,7 @@
                       myshopifyUrl: "https://#{current_shopify_domain}",
                       hasStorageAccessUrl: "#{has_storage_access_url}",
                       doesNotHaveStorageAccessUrl: "#{does_not_have_storage_access_url}",
-                      appHomeUrl: "#{app_home_url}"
+                      appTargetUrl: "#{app_target_url}"
                   },
               },
               )

data/lib/shopify_app/controller_concerns/login_protection.rb CHANGED

@@ -100,8 +100,10 @@ module ShopifyApp
       query_params = {}
       query_params[:shop] = sanitized_params[:shop] if params[:shop].present?
-      if session[:return_to] && return_to_param_required?
-        query_params[:return_to] = session[:return_to]
+      return_to = session[:return_to] || params[:return_to]
+      if return_to.present? && return_to_param_required?
+        query_params[:return_to] = return_to
       end
       has_referer_shop_name = referer_sanitized_shop_name.present?
@@ -165,5 +167,15 @@ module ShopifyApp
     def return_address
       session.delete(:return_to) || ShopifyApp.configuration.root_url
     end
+    def return_address_with_params(params)
+      uri = URI(return_address)
+      uri.query = CGI.parse(uri.query.to_s)
+        .symbolize_keys
+        .transform_values { |v| v.one? ? v.first : v }
+        .merge(params)
+        .to_query
+      uri.to_s
+    end
   end
 end

data/lib/shopify_app/version.rb CHANGED

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = '12.0.3'.freeze
+  VERSION = '12.0.4'.freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 12.0.3
+  version: 12.0.4
 platform: ruby
 authors:
 - Shopify
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-13 00:00:00.000000000 Z
+date: 2020-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer