shopify_app 12.0.7 → 13.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/README.md +44 -19
  4. data/app/controllers/concerns/shopify_app/authenticated.rb +1 -1
  5. data/app/controllers/shopify_app/callback_controller.rb +14 -10
  6. data/app/controllers/shopify_app/sessions_controller.rb +27 -4
  7. data/lib/generators/shopify_app/home_controller/templates/index.html.erb +1 -1
  8. data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +1 -1
  9. data/lib/generators/shopify_app/install/templates/shopify_app.rb +1 -1
  10. data/lib/generators/shopify_app/install/templates/shopify_provider.rb +1 -1
  11. data/lib/generators/shopify_app/shop_model/shop_model_generator.rb +1 -1
  12. data/lib/generators/shopify_app/shop_model/templates/shop.rb +1 -1
  13. data/lib/generators/shopify_app/user_model/templates/user.rb +1 -1
  14. data/lib/generators/shopify_app/user_model/user_model_generator.rb +1 -1
  15. data/lib/shopify_app.rb +4 -2
  16. data/lib/shopify_app/configuration.rb +10 -7
  17. data/lib/shopify_app/controller_concerns/login_protection.rb +25 -20
  18. data/lib/shopify_app/session/in_memory_shop_session_store.rb +4 -0
  19. data/lib/shopify_app/session/in_memory_user_session_store.rb +4 -0
  20. data/lib/shopify_app/session/session_repository.rb +38 -13
  21. data/lib/shopify_app/session/session_storage.rb +0 -10
  22. data/lib/shopify_app/session/{storage_strategies/shop_storage_strategy.rb → shop_session_storage.rb} +9 -2
  23. data/lib/shopify_app/session/{storage_strategies/user_storage_strategy.rb → user_session_storage.rb} +10 -3
  24. data/lib/shopify_app/version.rb +1 -1
  25. data/package-lock.json +1228 -1207
  26. data/package.json +1 -1
  27. data/shopify_app.gemspec +2 -2
  28. metadata +10 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c5acb9f9fb1606515013edfda25f981c36cf5ab4323572764ba9715018056532
4
- data.tar.gz: e5499e7186fa12f37e01f975d7b67ed6a846d67679b580846a7191b53d81b3d3
3
+ metadata.gz: d4e2d37f9112725500d1a9f36fe76b743e8981920eea4838024cafd6a71cb5eb
4
+ data.tar.gz: 3c52a0ee9a7f40433ad01b82bda3a0c6d30dd9bb45c319f1d457a0bd13c30fc0
5
5
  SHA512:
6
- metadata.gz: c9e736b65bf5091c6ebdca30073653dde86abc131cd77747f872c0d42972bc35abdd406301e5a5eb0dd4f9273c66264c75b28e119d05d203e440038bb19250d3
7
- data.tar.gz: 264ed359e7e07cf7b0947cbafad738cabf220e470872c663f18c2507c17c7d994316af275f1d28820d5624df03fabadf6f213475fb793b4fd024de514b636cf0
6
+ metadata.gz: 19a445a22b25b01f860a84128551234313bc44e7acd1583ec90bc96f59d65a8fac208feb1d5a6899453935dd19458196c5253605d85e3ac346be2fa405a50b4c
7
+ data.tar.gz: 526354098526753ade6d30a346ffa75b2280707638b66dba61c89b34a771e72dd4c23cfae8bda319de58a7a373e7c05d233a13a4f2f8325c7754cda1ed58d835
@@ -1,3 +1,8 @@
1
+ 13.0.0
2
+ ------
3
+ + #887 Added concurrent user and shop session support (online/offline)
4
+ BREAKING, please see README for migration notes.
5
+
1
6
  12.0.7
2
7
  ------
3
8
  * Remove check for API_KEY in config that was throwing errors during install #919
data/README.md CHANGED
@@ -25,6 +25,7 @@ Table of Contents
25
25
  - [AppProxyVerification](#appproxyverification)
26
26
  - [Troubleshooting](#troubleshooting)
27
27
  - [Testing an embedded app outside the Shopify admin](#testing-an-embedded-app-outside-the-shopify-admin)
28
+ - [Migration to 13.0.0](#migrating-to-13)
28
29
  - [Questions or problems?](#questions-or-problems-)
29
30
  - [Rails 6 Compatibility](#rails-6-compatibility)
30
31
  - [Upgrading from 8.6 to 9.0.0](#upgrading-from-86-to-900)
@@ -43,9 +44,9 @@ Become a Shopify App Developer
43
44
  --------------------------------
44
45
  To become a Shopify App Developer you'll need a [Shopify Partner account.](http://shopify.com/partners) If you don't have a Shopify Partner account, head to http://shopify.com/partners to create one before you start.
45
46
 
46
- Once you have a Partner account, [create a new application in the Partner Dashboard](https://help.shopify.com/en/api/tools/partner-dashboard/your-apps) to get an API key and other API credentials.
47
+ Once you have a Partner account, [create a new application in the Partner Dashboard](https://help.shopify.com/en/api/tools/partner-dashboard/your-apps) to get an API key and other API credentials.
47
48
 
48
- To create an application for development set your new app's `App URL` to the URL provided by [your tunnel](#app-tunneling), ensuring that you use `https://`. If you are not planning to embed your app inside the Shopify admin or receive webhooks, set your redirect URL to `http://localhost:3000/` and the `Whitelisted redirection URL(s)` to contain `<App URL>/auth/shopify/callback`.
49
+ To create an application for development set your new app's `App URL` to the URL provided by [your tunnel](#app-tunneling), ensuring that you use `https://`. If you are not planning to embed your app inside the Shopify admin or receive webhooks, set your redirect URL to `http://localhost:3000/` and the `Whitelisted redirection URL(s)` to contain `<App URL>/auth/shopify/callback`.
49
50
 
50
51
  Installation
51
52
  ------------
@@ -80,7 +81,7 @@ The default generator will run the `install`, `shop`, and `home_controller` gene
80
81
  $ rails generate shopify_app
81
82
  ```
82
83
 
83
- After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
84
+ After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
84
85
 
85
86
  ### API Keys
86
87
 
@@ -228,8 +229,6 @@ Upon completing the authentication flow Shopify calls the app at the `callback_p
228
229
 
229
230
  `ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session, *args)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. These methods are already implemented as part of the `ShopifyApp::SessionStorage` concern, but can be overridden for custom implementation.
230
231
 
231
- If you only run the install generator then by default you will have an in memory store but it **won't work** on multi-server environments including Heroku. For multi-server environments, implement one of the following token-storage strategies.
232
-
233
232
  #### Shop-based token storage
234
233
  Storing tokens on the store model means that any user login associated to the store will have equal access levels to whatever the original user granted the app.
235
234
  ```sh
@@ -238,32 +237,35 @@ $ rails generate shopify_app:shop_model
238
237
  This will generate a shop model which will be the storage for the tokens necessary for authentication.
239
238
 
240
239
  #### User-based token storage
241
- A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed.
240
+ A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed. Shop tokens must still be maintained if you are running background jobs so that you can make use of them when necessary.
242
241
  ```sh
242
+ $ rails generate shopify_app:shop_model
243
243
  $ rails generate shopify_app:user_model
244
244
  ```
245
- This will generate a user model which will be the storage for the tokens necessary for authentication.
245
+ This will generate a shop model and user model which will be the storage for the tokens necessary for authentication.
246
246
 
247
247
  The current Shopify user will be stored in the rails session at `session[:shopify_user]`
248
248
 
249
- In this mode, The `self.store(auth_session, *args)` will be invoked with a Shopify User object hash, which is then used to store the token as part of a user record, rather than a store record.
250
-
251
- This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
249
+ Read more about Online vs. Offline access [here](https://help.shopify.com/api/getting-started/authentication/oauth).
252
250
 
253
251
  #### Migrating from shop-based to user-based token strategy
254
- After running the generator, ensure that configuration settings are successfully changed:
255
-
252
+ 1. Run the `user_model` generator as mentioned above.
253
+ 2. Ensure that both your `Shop` model and `User` model includes the necessary concerns `ShopifyApp::ShopSessionStorage` and `ShopifyApp::UserSessionStorage`.
254
+ 3. Make changes to 2 initializer files as shown below:
256
255
  ```ruby
257
256
  # In the `omniauth.rb` initializer:
258
257
  provider :shopify,
259
- ShopifyApp.configuration.api_key,
260
- ShopifyApp.configuration.secret,
261
- scope: ShopifyApp.configuration.scope,
262
- per_user_permissions: true
258
+ ...
259
+ setup: lambda { |env|
260
+ ...
261
+ # Add this line
262
+ strategy.options[:per_user_permissions] = strategy.session[:user_tokens]
263
+ ...
264
+ }
263
265
 
264
266
  # In the `shopify_app.rb` initializer:
265
- config.session_repository = 'User'
266
- config.per_user_tokens = true
267
+ config.shop_session_repository = {YOUR_SHOP_MODEL_CLASS}
268
+ config.user_session_repository = {YOUR_USER_MODEL_CLASS}
267
269
  ```
268
270
 
269
271
  ### Authenticated
@@ -429,7 +431,7 @@ strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
429
431
  App Tunneling
430
432
  -------------
431
433
 
432
- Your local app needs to be accessible from the public Internet in order to install it on a Shopify store, to use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks.
434
+ Your local app needs to be accessible from the public Internet in order to install it on a Shopify store, to use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks.
433
435
 
434
436
  Use a tunneling service like [ngrok](https://ngrok.com/), [Forward](https://forwardhq.com/), [Beeceptor](https://beeceptor.com/), [Mockbin](http://mockbin.org/), or [Hookbin](https://hookbin.com/) to make your development environment accessible to the internet.
435
437
 
@@ -479,6 +481,29 @@ By default, loading your embedded app will redirect to the Shopify admin, with t
479
481
  forceRedirect: <%= Rails.env.development? || Rails.env.test? ? 'false' : 'true' %>
480
482
  ```
481
483
 
484
+ Migrating to 13.0.0
485
+ -------------------
486
+
487
+ Version 13.0.0 adds the ability to use both user and shop sessions, concurrently. This however involved a large
488
+ change to how session stores work. Here are the steps to migrate to 13.x
489
+
490
+ ### Changes to `config/initializers/shopify_app.rb`
491
+ - *REMOVE* `config.per_user_tokens = [true|false]` this is no longer needed
492
+ - *CHANGE* `config.session_repository = 'Shop'` To `config.shop_session_repository = 'Shop'`
493
+ - *ADD (optional)* User Session Storage `config.user_session_repository = 'User'`
494
+
495
+ ### Shop Model Changes (normally `app/models/shop.rb`)
496
+ - *CHANGE* `include ShopifyApp::SessionStorage` to `include ShopifyApp::ShopSessionStorage`
497
+
498
+ ### Changes to `ShopifyApp::LoginProtection`
499
+ `ShopifyApp::LoginProtection`
500
+
501
+ if you are using `ShopifyApp::LoginProtection#shop_session` in your code, it will need to be
502
+ changed to `ShopifyApp::LoginProtection#activate_shopify_session`
503
+
504
+ ### Notes
505
+ You do not need a user model, a shop session is fine for most applications.
506
+
482
507
  Questions or problems?
483
508
  ----------------------
484
509
 
@@ -9,7 +9,7 @@ module ShopifyApp
9
9
  include ShopifyApp::LoginProtection
10
10
  include ShopifyApp::EmbeddedApp
11
11
  before_action :login_again_if_different_user_or_shop
12
- around_action :shopify_session
12
+ around_action :activate_shopify_session
13
13
  end
14
14
  end
15
15
  end
@@ -8,6 +8,11 @@ module ShopifyApp
8
8
  def callback
9
9
  if auth_hash
10
10
  login_shop
11
+
12
+ if ShopifyApp::SessionRepository.user_storage.present? && user_session.blank?
13
+ return redirect_to(login_url_with_optional_shop)
14
+ end
15
+
11
16
  install_webhooks
12
17
  install_scripttags
13
18
  perform_after_authenticate_job
@@ -55,16 +60,15 @@ module ShopifyApp
55
60
  token: token,
56
61
  api_version: ShopifyApp.configuration.api_version
57
62
  )
58
- session[:shopify] = ShopifyApp::SessionRepository.store(session_store, user: associated_user)
59
- session[:shopify_domain] = shop_name
60
- session[:shopify_user] = associated_user
61
63
 
62
- if ShopifyApp.configuration.per_user_tokens?
63
- # Adds the user_session to the session to determine if the logged in user has changed
64
- user_session = auth_hash&.extra&.session
65
- raise IndexError, "Missing user session signature" if user_session.nil?
66
- session[:user_session] = user_session
64
+ session[:shopify_user] = associated_user
65
+ if session[:shopify_user].present?
66
+ session[:user_id] = ShopifyApp::SessionRepository.store_user_session(session_store, associated_user)
67
+ else
68
+ session[:shop_id] = ShopifyApp::SessionRepository.store_shop_session(session_store)
67
69
  end
70
+ session[:shopify_domain] = shop_name
71
+ session[:user_session] = auth_hash&.extra&.session
68
72
  end
69
73
 
70
74
  def install_webhooks
@@ -72,7 +76,7 @@ module ShopifyApp
72
76
 
73
77
  WebhooksManager.queue(
74
78
  shop_name,
75
- token,
79
+ shop_session&.token || user_session.token,
76
80
  ShopifyApp.configuration.webhooks
77
81
  )
78
82
  end
@@ -82,7 +86,7 @@ module ShopifyApp
82
86
 
83
87
  ScripttagsManager.queue(
84
88
  shop_name,
85
- token,
89
+ shop_session&.token || user_session.token,
86
90
  ShopifyApp.configuration.scripttags
87
91
  )
88
92
  end
@@ -3,6 +3,7 @@ module ShopifyApp
3
3
  include ShopifyApp::LoginProtection
4
4
 
5
5
  layout false, only: :new
6
+
6
7
  after_action only: [:new, :create] do |controller|
7
8
  controller.response.headers.except!('X-Frame-Options')
8
9
  end
@@ -16,7 +17,7 @@ module ShopifyApp
16
17
  end
17
18
 
18
19
  def enable_cookies
19
- return unless validate_shop
20
+ return unless validate_shop_presence
20
21
 
21
22
  render(:enable_cookies, layout: false, locals: {
22
23
  does_not_have_storage_access_url: top_level_interaction_path(
@@ -34,11 +35,11 @@ module ShopifyApp
34
35
 
35
36
  def top_level_interaction
36
37
  @url = login_url_with_optional_shop(top_level: true)
37
- validate_shop
38
+ validate_shop_presence
38
39
  end
39
40
 
40
41
  def granted_storage_access
41
- return unless validate_shop
42
+ return unless validate_shop_presence
42
43
 
43
44
  session['shopify.granted_storage_access'] = true
44
45
 
@@ -61,6 +62,8 @@ module ShopifyApp
61
62
 
62
63
  copy_return_to_param_to_session
63
64
 
65
+ set_user_tokens_option
66
+
64
67
  if user_agent_can_partition_cookies
65
68
  authenticate_with_partitioning
66
69
  else
@@ -88,7 +91,27 @@ module ShopifyApp
88
91
  end
89
92
  end
90
93
 
91
- def validate_shop
94
+ def set_user_tokens_option
95
+ if shop_session.blank?
96
+ session[:user_tokens] = false
97
+ return
98
+ end
99
+
100
+ session[:user_tokens] = ShopifyApp::SessionRepository.user_storage.present?
101
+
102
+ ShopifyAPI::Session.temp(
103
+ domain: shop_session.domain,
104
+ token: shop_session.token,
105
+ api_version: shop_session.api_version
106
+ ) do
107
+ ShopifyAPI::Metafield.find(:token_validity_bogus_check)
108
+ end
109
+ rescue ActiveResource::UnauthorizedAccess
110
+ session[:user_tokens] = false
111
+ rescue StandardError
112
+ end
113
+
114
+ def validate_shop_presence
92
115
  @shop = sanitized_shop_name
93
116
  unless @shop
94
117
  render_invalid_shop_error
@@ -2,7 +2,7 @@
2
2
 
3
3
  <ul>
4
4
  <% @products.each do |product| %>
5
- <li><%= link_to product.title, "https://#{@shop_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
5
+ <li><%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
6
6
  <% end %>
7
7
  </ul>
8
8
 
@@ -28,7 +28,7 @@
28
28
 
29
29
  <%= content_tag(:div, nil, id: 'shopify-app-init', data: {
30
30
  api_key: ShopifyApp.configuration.api_key,
31
- shop_origin: (@shop_session.domain if @shop_session),
31
+ shop_origin: (@current_shopify_session.domain if @current_shopify_session),
32
32
  debug: Rails.env.development?
33
33
  } ) %>
34
34
 
@@ -8,7 +8,7 @@ ShopifyApp.configure do |config|
8
8
  config.embedded_app = <%= embedded_app? %>
9
9
  config.after_authenticate_job = false
10
10
  config.api_version = "<%= @api_version %>"
11
- config.session_repository = 'ShopifyApp::InMemorySessionStore'
11
+ config.shop_session_repository = 'ShopifyApp::InMemoryShopSessionStore'
12
12
  end
13
13
 
14
14
  # ShopifyApp::Utils.fetch_known_api_versions # Uncomment to fetch known api versions from shopify servers on boot
@@ -4,7 +4,6 @@ provider :shopify,
4
4
  ShopifyApp.configuration.api_key,
5
5
  ShopifyApp.configuration.secret,
6
6
  scope: ShopifyApp.configuration.scope,
7
- per_user_permissions: ShopifyApp.configuration.per_user_tokens,
8
7
  setup: lambda { |env|
9
8
  strategy = env['omniauth.strategy']
10
9
 
@@ -17,4 +16,5 @@ provider :shopify,
17
16
 
18
17
  strategy.options[:client_options][:site] = shop
19
18
  strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
19
+ strategy.options[:per_user_permissions] = strategy.session[:user_tokens]
20
20
  }
@@ -16,7 +16,7 @@ module ShopifyApp
16
16
  end
17
17
 
18
18
  def update_shopify_app_initializer
19
- gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemorySessionStore', 'Shop'
19
+ gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryShopSessionStore', 'Shop'
20
20
  end
21
21
 
22
22
  def create_shop_fixtures
@@ -1,5 +1,5 @@
1
1
  class Shop < ActiveRecord::Base
2
- include ShopifyApp::SessionStorage
2
+ include ShopifyApp::ShopSessionStorage
3
3
 
4
4
  def api_version
5
5
  ShopifyApp.configuration.api_version
@@ -1,5 +1,5 @@
1
1
  class User < ActiveRecord::Base
2
- include ShopifyApp::SessionStorage
2
+ include ShopifyApp::UserSessionStorage
3
3
 
4
4
  def api_version
5
5
  ShopifyApp.configuration.api_version
@@ -16,7 +16,7 @@ module ShopifyApp
16
16
  end
17
17
 
18
18
  def update_shopify_app_initializer
19
- gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemorySessionStore', 'User'
19
+ gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryUserSessionStore', 'User'
20
20
  end
21
21
 
22
22
  def create_user_fixtures
@@ -44,9 +44,11 @@ module ShopifyApp
44
44
  require 'shopify_app/middleware/same_site_cookie_middleware'
45
45
 
46
46
  # session
47
- require 'shopify_app/session/storage_strategies/shop_storage_strategy'
48
- require 'shopify_app/session/storage_strategies/user_storage_strategy'
49
47
  require 'shopify_app/session/session_storage'
48
+ require 'shopify_app/session/shop_session_storage'
49
+ require 'shopify_app/session/user_session_storage'
50
50
  require 'shopify_app/session/session_repository'
51
51
  require 'shopify_app/session/in_memory_session_store'
52
+ require 'shopify_app/session/in_memory_shop_session_store'
53
+ require 'shopify_app/session/in_memory_user_session_store'
52
54
  end
@@ -14,9 +14,8 @@ module ShopifyApp
14
14
  attr_accessor :webhooks
15
15
  attr_accessor :scripttags
16
16
  attr_accessor :after_authenticate_job
17
- attr_reader :session_repository
18
- attr_accessor :per_user_tokens
19
- alias_method :per_user_tokens?, :per_user_tokens
17
+ attr_reader :shop_session_repository
18
+ attr_reader :user_session_repository
20
19
  attr_accessor :api_version
21
20
 
22
21
  # customise urls
@@ -44,7 +43,6 @@ module ShopifyApp
44
43
  @myshopify_domain = 'myshopify.com'
45
44
  @scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
46
45
  @webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
47
- @per_user_tokens = false
48
46
  @disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
49
47
  end
50
48
 
@@ -52,9 +50,14 @@ module ShopifyApp
52
50
  @login_url || File.join(@root_url, 'login')
53
51
  end
54
52
 
55
- def session_repository=(klass)
56
- @session_repository = klass
57
- ShopifyApp::SessionRepository.storage = klass
53
+ def user_session_repository=(klass)
54
+ @user_session_repository = klass
55
+ ShopifyApp::SessionRepository.user_storage = klass
56
+ end
57
+
58
+ def shop_session_repository=(klass)
59
+ @shop_session_repository = klass
60
+ ShopifyApp::SessionRepository.shop_storage = klass
58
61
  end
59
62
 
60
63
  def has_webhooks?
@@ -14,44 +14,48 @@ module ShopifyApp
14
14
  rescue_from ActiveResource::UnauthorizedAccess, :with => :close_session
15
15
  end
16
16
 
17
- def shopify_session
18
- return redirect_to_login unless shop_session
17
+ def activate_shopify_session
18
+ return redirect_to_login if current_shopify_session.blank?
19
19
  clear_top_level_oauth_cookie
20
20
 
21
21
  begin
22
- ShopifyAPI::Base.activate_session(shop_session)
22
+ ShopifyAPI::Base.activate_session(current_shopify_session)
23
23
  yield
24
24
  ensure
25
25
  ShopifyAPI::Base.clear_session
26
26
  end
27
27
  end
28
28
 
29
- def shop_session
30
- if ShopifyApp.configuration.per_user_tokens?
31
- return unless session[:shopify_user]
32
- @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify_user]['id'])
29
+ def current_shopify_session
30
+ if session[:user_id].present?
31
+ @current_shopify_session ||= user_session
33
32
  else
34
- return unless session[:shopify]
35
- @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
33
+ @current_shopify_session ||= shop_session
36
34
  end
37
35
  end
38
36
 
37
+ def user_session
38
+ return if session[:user_id].blank?
39
+ ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
40
+ end
41
+
42
+ def shop_session
43
+ return if session[:shop_id].blank?
44
+ ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
45
+ end
46
+
39
47
  def login_again_if_different_user_or_shop
40
- if ShopifyApp.configuration.per_user_tokens?
41
- valid_session_data = session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
42
- sessions_do_not_match = session[:user_session] != params[:session] # current user is different from stored user
48
+ if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
49
+ clear_session = session[:user_session] != params[:session] # current user is different from stored user
43
50
 
44
- if valid_session_data && sessions_do_not_match
45
- clear_session = true
46
- end
47
51
  end
48
52
 
49
- if shop_session && params[:shop] && params[:shop].is_a?(String) && (shop_session.domain != params[:shop])
53
+ if current_shopify_session && params[:shop] && params[:shop].is_a?(String) && (current_shopify_session.domain != params[:shop])
50
54
  clear_session = true
51
55
  end
52
56
 
53
57
  if clear_session
54
- clear_shop_session
58
+ clear_shopify_session
55
59
  redirect_to_login
56
60
  end
57
61
  end
@@ -76,12 +80,13 @@ module ShopifyApp
76
80
  end
77
81
 
78
82
  def close_session
79
- clear_shop_session
83
+ clear_shopify_session
80
84
  redirect_to(login_url_with_optional_shop)
81
85
  end
82
86
 
83
- def clear_shop_session
84
- session[:shopify] = nil
87
+ def clear_shopify_session
88
+ session[:shop_id] = nil
89
+ session[:user_id] = nil
85
90
  session[:shopify_domain] = nil
86
91
  session[:shopify_user] = nil
87
92
  session[:user_session] = nil