shopify_app 12.0.7 → 13.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +44 -19
- data/app/controllers/concerns/shopify_app/authenticated.rb +1 -1
- data/app/controllers/shopify_app/callback_controller.rb +14 -10
- data/app/controllers/shopify_app/sessions_controller.rb +27 -4
- data/lib/generators/shopify_app/home_controller/templates/index.html.erb +1 -1
- data/lib/generators/shopify_app/install/templates/embedded_app.html.erb +1 -1
- data/lib/generators/shopify_app/install/templates/shopify_app.rb +1 -1
- data/lib/generators/shopify_app/install/templates/shopify_provider.rb +1 -1
- data/lib/generators/shopify_app/shop_model/shop_model_generator.rb +1 -1
- data/lib/generators/shopify_app/shop_model/templates/shop.rb +1 -1
- data/lib/generators/shopify_app/user_model/templates/user.rb +1 -1
- data/lib/generators/shopify_app/user_model/user_model_generator.rb +1 -1
- data/lib/shopify_app.rb +4 -2
- data/lib/shopify_app/configuration.rb +10 -7
- data/lib/shopify_app/controller_concerns/login_protection.rb +25 -20
- data/lib/shopify_app/session/in_memory_shop_session_store.rb +4 -0
- data/lib/shopify_app/session/in_memory_user_session_store.rb +4 -0
- data/lib/shopify_app/session/session_repository.rb +38 -13
- data/lib/shopify_app/session/session_storage.rb +0 -10
- data/lib/shopify_app/session/{storage_strategies/shop_storage_strategy.rb → shop_session_storage.rb} +9 -2
- data/lib/shopify_app/session/{storage_strategies/user_storage_strategy.rb → user_session_storage.rb} +10 -3
- data/lib/shopify_app/version.rb +1 -1
- data/package-lock.json +1228 -1207
- data/package.json +1 -1
- data/shopify_app.gemspec +2 -2
- metadata +10 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d4e2d37f9112725500d1a9f36fe76b743e8981920eea4838024cafd6a71cb5eb
|
|
4
|
+
data.tar.gz: 3c52a0ee9a7f40433ad01b82bda3a0c6d30dd9bb45c319f1d457a0bd13c30fc0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 19a445a22b25b01f860a84128551234313bc44e7acd1583ec90bc96f59d65a8fac208feb1d5a6899453935dd19458196c5253605d85e3ac346be2fa405a50b4c
|
|
7
|
+
data.tar.gz: 526354098526753ade6d30a346ffa75b2280707638b66dba61c89b34a771e72dd4c23cfae8bda319de58a7a373e7c05d233a13a4f2f8325c7754cda1ed58d835
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -25,6 +25,7 @@ Table of Contents
|
|
|
25
25
|
- [AppProxyVerification](#appproxyverification)
|
|
26
26
|
- [Troubleshooting](#troubleshooting)
|
|
27
27
|
- [Testing an embedded app outside the Shopify admin](#testing-an-embedded-app-outside-the-shopify-admin)
|
|
28
|
+
- [Migration to 13.0.0](#migrating-to-13)
|
|
28
29
|
- [Questions or problems?](#questions-or-problems-)
|
|
29
30
|
- [Rails 6 Compatibility](#rails-6-compatibility)
|
|
30
31
|
- [Upgrading from 8.6 to 9.0.0](#upgrading-from-86-to-900)
|
|
@@ -43,9 +44,9 @@ Become a Shopify App Developer
|
|
|
43
44
|
--------------------------------
|
|
44
45
|
To become a Shopify App Developer you'll need a [Shopify Partner account.](http://shopify.com/partners) If you don't have a Shopify Partner account, head to http://shopify.com/partners to create one before you start.
|
|
45
46
|
|
|
46
|
-
Once you have a Partner account, [create a new application in the Partner Dashboard](https://help.shopify.com/en/api/tools/partner-dashboard/your-apps) to get an API key and other API credentials.
|
|
47
|
+
Once you have a Partner account, [create a new application in the Partner Dashboard](https://help.shopify.com/en/api/tools/partner-dashboard/your-apps) to get an API key and other API credentials.
|
|
47
48
|
|
|
48
|
-
To create an application for development set your new app's `App URL` to the URL provided by [your tunnel](#app-tunneling), ensuring that you use `https://`. If you are not planning to embed your app inside the Shopify admin or receive webhooks, set your redirect URL to `http://localhost:3000/` and the `Whitelisted redirection URL(s)` to contain `<App URL>/auth/shopify/callback`.
|
|
49
|
+
To create an application for development set your new app's `App URL` to the URL provided by [your tunnel](#app-tunneling), ensuring that you use `https://`. If you are not planning to embed your app inside the Shopify admin or receive webhooks, set your redirect URL to `http://localhost:3000/` and the `Whitelisted redirection URL(s)` to contain `<App URL>/auth/shopify/callback`.
|
|
49
50
|
|
|
50
51
|
Installation
|
|
51
52
|
------------
|
|
@@ -80,7 +81,7 @@ The default generator will run the `install`, `shop`, and `home_controller` gene
|
|
|
80
81
|
$ rails generate shopify_app
|
|
81
82
|
```
|
|
82
83
|
|
|
83
|
-
After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
|
|
84
|
+
After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
|
|
84
85
|
|
|
85
86
|
### API Keys
|
|
86
87
|
|
|
@@ -228,8 +229,6 @@ Upon completing the authentication flow Shopify calls the app at the `callback_p
|
|
|
228
229
|
|
|
229
230
|
`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session, *args)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. These methods are already implemented as part of the `ShopifyApp::SessionStorage` concern, but can be overridden for custom implementation.
|
|
230
231
|
|
|
231
|
-
If you only run the install generator then by default you will have an in memory store but it **won't work** on multi-server environments including Heroku. For multi-server environments, implement one of the following token-storage strategies.
|
|
232
|
-
|
|
233
232
|
#### Shop-based token storage
|
|
234
233
|
Storing tokens on the store model means that any user login associated to the store will have equal access levels to whatever the original user granted the app.
|
|
235
234
|
```sh
|
|
@@ -238,32 +237,35 @@ $ rails generate shopify_app:shop_model
|
|
|
238
237
|
This will generate a shop model which will be the storage for the tokens necessary for authentication.
|
|
239
238
|
|
|
240
239
|
#### User-based token storage
|
|
241
|
-
A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed.
|
|
240
|
+
A more granular control over level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed. Shop tokens must still be maintained if you are running background jobs so that you can make use of them when necessary.
|
|
242
241
|
```sh
|
|
242
|
+
$ rails generate shopify_app:shop_model
|
|
243
243
|
$ rails generate shopify_app:user_model
|
|
244
244
|
```
|
|
245
|
-
This will generate a user model which will be the storage for the tokens necessary for authentication.
|
|
245
|
+
This will generate a shop model and user model which will be the storage for the tokens necessary for authentication.
|
|
246
246
|
|
|
247
247
|
The current Shopify user will be stored in the rails session at `session[:shopify_user]`
|
|
248
248
|
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
This will change the type of token that Shopify returns and it will only be valid for a short time. Read more about `Online access` [here](https://help.shopify.com/api/getting-started/authentication/oauth). Note that this means you won't be able to use this token to respond to Webhooks.
|
|
249
|
+
Read more about Online vs. Offline access [here](https://help.shopify.com/api/getting-started/authentication/oauth).
|
|
252
250
|
|
|
253
251
|
#### Migrating from shop-based to user-based token strategy
|
|
254
|
-
|
|
255
|
-
|
|
252
|
+
1. Run the `user_model` generator as mentioned above.
|
|
253
|
+
2. Ensure that both your `Shop` model and `User` model includes the necessary concerns `ShopifyApp::ShopSessionStorage` and `ShopifyApp::UserSessionStorage`.
|
|
254
|
+
3. Make changes to 2 initializer files as shown below:
|
|
256
255
|
```ruby
|
|
257
256
|
# In the `omniauth.rb` initializer:
|
|
258
257
|
provider :shopify,
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
258
|
+
...
|
|
259
|
+
setup: lambda { |env|
|
|
260
|
+
...
|
|
261
|
+
# Add this line
|
|
262
|
+
strategy.options[:per_user_permissions] = strategy.session[:user_tokens]
|
|
263
|
+
...
|
|
264
|
+
}
|
|
263
265
|
|
|
264
266
|
# In the `shopify_app.rb` initializer:
|
|
265
|
-
config.
|
|
266
|
-
config.
|
|
267
|
+
config.shop_session_repository = {YOUR_SHOP_MODEL_CLASS}
|
|
268
|
+
config.user_session_repository = {YOUR_USER_MODEL_CLASS}
|
|
267
269
|
```
|
|
268
270
|
|
|
269
271
|
### Authenticated
|
|
@@ -429,7 +431,7 @@ strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
|
|
|
429
431
|
App Tunneling
|
|
430
432
|
-------------
|
|
431
433
|
|
|
432
|
-
Your local app needs to be accessible from the public Internet in order to install it on a Shopify store, to use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks.
|
|
434
|
+
Your local app needs to be accessible from the public Internet in order to install it on a Shopify store, to use the [App Proxy Controller](#app-proxy-controller-generator) or receive Webhooks.
|
|
433
435
|
|
|
434
436
|
Use a tunneling service like [ngrok](https://ngrok.com/), [Forward](https://forwardhq.com/), [Beeceptor](https://beeceptor.com/), [Mockbin](http://mockbin.org/), or [Hookbin](https://hookbin.com/) to make your development environment accessible to the internet.
|
|
435
437
|
|
|
@@ -479,6 +481,29 @@ By default, loading your embedded app will redirect to the Shopify admin, with t
|
|
|
479
481
|
forceRedirect: <%= Rails.env.development? || Rails.env.test? ? 'false' : 'true' %>
|
|
480
482
|
```
|
|
481
483
|
|
|
484
|
+
Migrating to 13.0.0
|
|
485
|
+
-------------------
|
|
486
|
+
|
|
487
|
+
Version 13.0.0 adds the ability to use both user and shop sessions, concurrently. This however involved a large
|
|
488
|
+
change to how session stores work. Here are the steps to migrate to 13.x
|
|
489
|
+
|
|
490
|
+
### Changes to `config/initializers/shopify_app.rb`
|
|
491
|
+
- *REMOVE* `config.per_user_tokens = [true|false]` this is no longer needed
|
|
492
|
+
- *CHANGE* `config.session_repository = 'Shop'` To `config.shop_session_repository = 'Shop'`
|
|
493
|
+
- *ADD (optional)* User Session Storage `config.user_session_repository = 'User'`
|
|
494
|
+
|
|
495
|
+
### Shop Model Changes (normally `app/models/shop.rb`)
|
|
496
|
+
- *CHANGE* `include ShopifyApp::SessionStorage` to `include ShopifyApp::ShopSessionStorage`
|
|
497
|
+
|
|
498
|
+
### Changes to `ShopifyApp::LoginProtection`
|
|
499
|
+
`ShopifyApp::LoginProtection`
|
|
500
|
+
|
|
501
|
+
if you are using `ShopifyApp::LoginProtection#shop_session` in your code, it will need to be
|
|
502
|
+
changed to `ShopifyApp::LoginProtection#activate_shopify_session`
|
|
503
|
+
|
|
504
|
+
### Notes
|
|
505
|
+
You do not need a user model, a shop session is fine for most applications.
|
|
506
|
+
|
|
482
507
|
Questions or problems?
|
|
483
508
|
----------------------
|
|
484
509
|
|
|
@@ -8,6 +8,11 @@ module ShopifyApp
|
|
|
8
8
|
def callback
|
|
9
9
|
if auth_hash
|
|
10
10
|
login_shop
|
|
11
|
+
|
|
12
|
+
if ShopifyApp::SessionRepository.user_storage.present? && user_session.blank?
|
|
13
|
+
return redirect_to(login_url_with_optional_shop)
|
|
14
|
+
end
|
|
15
|
+
|
|
11
16
|
install_webhooks
|
|
12
17
|
install_scripttags
|
|
13
18
|
perform_after_authenticate_job
|
|
@@ -55,16 +60,15 @@ module ShopifyApp
|
|
|
55
60
|
token: token,
|
|
56
61
|
api_version: ShopifyApp.configuration.api_version
|
|
57
62
|
)
|
|
58
|
-
session[:shopify] = ShopifyApp::SessionRepository.store(session_store, user: associated_user)
|
|
59
|
-
session[:shopify_domain] = shop_name
|
|
60
|
-
session[:shopify_user] = associated_user
|
|
61
63
|
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
session[:
|
|
64
|
+
session[:shopify_user] = associated_user
|
|
65
|
+
if session[:shopify_user].present?
|
|
66
|
+
session[:user_id] = ShopifyApp::SessionRepository.store_user_session(session_store, associated_user)
|
|
67
|
+
else
|
|
68
|
+
session[:shop_id] = ShopifyApp::SessionRepository.store_shop_session(session_store)
|
|
67
69
|
end
|
|
70
|
+
session[:shopify_domain] = shop_name
|
|
71
|
+
session[:user_session] = auth_hash&.extra&.session
|
|
68
72
|
end
|
|
69
73
|
|
|
70
74
|
def install_webhooks
|
|
@@ -72,7 +76,7 @@ module ShopifyApp
|
|
|
72
76
|
|
|
73
77
|
WebhooksManager.queue(
|
|
74
78
|
shop_name,
|
|
75
|
-
token,
|
|
79
|
+
shop_session&.token || user_session.token,
|
|
76
80
|
ShopifyApp.configuration.webhooks
|
|
77
81
|
)
|
|
78
82
|
end
|
|
@@ -82,7 +86,7 @@ module ShopifyApp
|
|
|
82
86
|
|
|
83
87
|
ScripttagsManager.queue(
|
|
84
88
|
shop_name,
|
|
85
|
-
token,
|
|
89
|
+
shop_session&.token || user_session.token,
|
|
86
90
|
ShopifyApp.configuration.scripttags
|
|
87
91
|
)
|
|
88
92
|
end
|
|
@@ -3,6 +3,7 @@ module ShopifyApp
|
|
|
3
3
|
include ShopifyApp::LoginProtection
|
|
4
4
|
|
|
5
5
|
layout false, only: :new
|
|
6
|
+
|
|
6
7
|
after_action only: [:new, :create] do |controller|
|
|
7
8
|
controller.response.headers.except!('X-Frame-Options')
|
|
8
9
|
end
|
|
@@ -16,7 +17,7 @@ module ShopifyApp
|
|
|
16
17
|
end
|
|
17
18
|
|
|
18
19
|
def enable_cookies
|
|
19
|
-
return unless
|
|
20
|
+
return unless validate_shop_presence
|
|
20
21
|
|
|
21
22
|
render(:enable_cookies, layout: false, locals: {
|
|
22
23
|
does_not_have_storage_access_url: top_level_interaction_path(
|
|
@@ -34,11 +35,11 @@ module ShopifyApp
|
|
|
34
35
|
|
|
35
36
|
def top_level_interaction
|
|
36
37
|
@url = login_url_with_optional_shop(top_level: true)
|
|
37
|
-
|
|
38
|
+
validate_shop_presence
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
def granted_storage_access
|
|
41
|
-
return unless
|
|
42
|
+
return unless validate_shop_presence
|
|
42
43
|
|
|
43
44
|
session['shopify.granted_storage_access'] = true
|
|
44
45
|
|
|
@@ -61,6 +62,8 @@ module ShopifyApp
|
|
|
61
62
|
|
|
62
63
|
copy_return_to_param_to_session
|
|
63
64
|
|
|
65
|
+
set_user_tokens_option
|
|
66
|
+
|
|
64
67
|
if user_agent_can_partition_cookies
|
|
65
68
|
authenticate_with_partitioning
|
|
66
69
|
else
|
|
@@ -88,7 +91,27 @@ module ShopifyApp
|
|
|
88
91
|
end
|
|
89
92
|
end
|
|
90
93
|
|
|
91
|
-
def
|
|
94
|
+
def set_user_tokens_option
|
|
95
|
+
if shop_session.blank?
|
|
96
|
+
session[:user_tokens] = false
|
|
97
|
+
return
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
session[:user_tokens] = ShopifyApp::SessionRepository.user_storage.present?
|
|
101
|
+
|
|
102
|
+
ShopifyAPI::Session.temp(
|
|
103
|
+
domain: shop_session.domain,
|
|
104
|
+
token: shop_session.token,
|
|
105
|
+
api_version: shop_session.api_version
|
|
106
|
+
) do
|
|
107
|
+
ShopifyAPI::Metafield.find(:token_validity_bogus_check)
|
|
108
|
+
end
|
|
109
|
+
rescue ActiveResource::UnauthorizedAccess
|
|
110
|
+
session[:user_tokens] = false
|
|
111
|
+
rescue StandardError
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
def validate_shop_presence
|
|
92
115
|
@shop = sanitized_shop_name
|
|
93
116
|
unless @shop
|
|
94
117
|
render_invalid_shop_error
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
<ul>
|
|
4
4
|
<% @products.each do |product| %>
|
|
5
|
-
<li><%= link_to product.title, "https://#{@
|
|
5
|
+
<li><%= link_to product.title, "https://#{@current_shopify_session.domain}/admin/products/#{product.id}", target: "_top" %></li>
|
|
6
6
|
<% end %>
|
|
7
7
|
</ul>
|
|
8
8
|
|
|
@@ -28,7 +28,7 @@
|
|
|
28
28
|
|
|
29
29
|
<%= content_tag(:div, nil, id: 'shopify-app-init', data: {
|
|
30
30
|
api_key: ShopifyApp.configuration.api_key,
|
|
31
|
-
shop_origin: (@
|
|
31
|
+
shop_origin: (@current_shopify_session.domain if @current_shopify_session),
|
|
32
32
|
debug: Rails.env.development?
|
|
33
33
|
} ) %>
|
|
34
34
|
|
|
@@ -8,7 +8,7 @@ ShopifyApp.configure do |config|
|
|
|
8
8
|
config.embedded_app = <%= embedded_app? %>
|
|
9
9
|
config.after_authenticate_job = false
|
|
10
10
|
config.api_version = "<%= @api_version %>"
|
|
11
|
-
config.
|
|
11
|
+
config.shop_session_repository = 'ShopifyApp::InMemoryShopSessionStore'
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
# ShopifyApp::Utils.fetch_known_api_versions # Uncomment to fetch known api versions from shopify servers on boot
|
|
@@ -4,7 +4,6 @@ provider :shopify,
|
|
|
4
4
|
ShopifyApp.configuration.api_key,
|
|
5
5
|
ShopifyApp.configuration.secret,
|
|
6
6
|
scope: ShopifyApp.configuration.scope,
|
|
7
|
-
per_user_permissions: ShopifyApp.configuration.per_user_tokens,
|
|
8
7
|
setup: lambda { |env|
|
|
9
8
|
strategy = env['omniauth.strategy']
|
|
10
9
|
|
|
@@ -17,4 +16,5 @@ provider :shopify,
|
|
|
17
16
|
|
|
18
17
|
strategy.options[:client_options][:site] = shop
|
|
19
18
|
strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
|
|
19
|
+
strategy.options[:per_user_permissions] = strategy.session[:user_tokens]
|
|
20
20
|
}
|
|
@@ -16,7 +16,7 @@ module ShopifyApp
|
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
def update_shopify_app_initializer
|
|
19
|
-
gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::
|
|
19
|
+
gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryShopSessionStore', 'Shop'
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def create_shop_fixtures
|
|
@@ -16,7 +16,7 @@ module ShopifyApp
|
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
def update_shopify_app_initializer
|
|
19
|
-
gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::
|
|
19
|
+
gsub_file 'config/initializers/shopify_app.rb', 'ShopifyApp::InMemoryUserSessionStore', 'User'
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def create_user_fixtures
|
data/lib/shopify_app.rb
CHANGED
|
@@ -44,9 +44,11 @@ module ShopifyApp
|
|
|
44
44
|
require 'shopify_app/middleware/same_site_cookie_middleware'
|
|
45
45
|
|
|
46
46
|
# session
|
|
47
|
-
require 'shopify_app/session/storage_strategies/shop_storage_strategy'
|
|
48
|
-
require 'shopify_app/session/storage_strategies/user_storage_strategy'
|
|
49
47
|
require 'shopify_app/session/session_storage'
|
|
48
|
+
require 'shopify_app/session/shop_session_storage'
|
|
49
|
+
require 'shopify_app/session/user_session_storage'
|
|
50
50
|
require 'shopify_app/session/session_repository'
|
|
51
51
|
require 'shopify_app/session/in_memory_session_store'
|
|
52
|
+
require 'shopify_app/session/in_memory_shop_session_store'
|
|
53
|
+
require 'shopify_app/session/in_memory_user_session_store'
|
|
52
54
|
end
|
|
@@ -14,9 +14,8 @@ module ShopifyApp
|
|
|
14
14
|
attr_accessor :webhooks
|
|
15
15
|
attr_accessor :scripttags
|
|
16
16
|
attr_accessor :after_authenticate_job
|
|
17
|
-
attr_reader :
|
|
18
|
-
|
|
19
|
-
alias_method :per_user_tokens?, :per_user_tokens
|
|
17
|
+
attr_reader :shop_session_repository
|
|
18
|
+
attr_reader :user_session_repository
|
|
20
19
|
attr_accessor :api_version
|
|
21
20
|
|
|
22
21
|
# customise urls
|
|
@@ -44,7 +43,6 @@ module ShopifyApp
|
|
|
44
43
|
@myshopify_domain = 'myshopify.com'
|
|
45
44
|
@scripttags_manager_queue_name = Rails.application.config.active_job.queue_name
|
|
46
45
|
@webhooks_manager_queue_name = Rails.application.config.active_job.queue_name
|
|
47
|
-
@per_user_tokens = false
|
|
48
46
|
@disable_webpacker = ENV['SHOPIFY_APP_DISABLE_WEBPACKER'].present?
|
|
49
47
|
end
|
|
50
48
|
|
|
@@ -52,9 +50,14 @@ module ShopifyApp
|
|
|
52
50
|
@login_url || File.join(@root_url, 'login')
|
|
53
51
|
end
|
|
54
52
|
|
|
55
|
-
def
|
|
56
|
-
@
|
|
57
|
-
ShopifyApp::SessionRepository.
|
|
53
|
+
def user_session_repository=(klass)
|
|
54
|
+
@user_session_repository = klass
|
|
55
|
+
ShopifyApp::SessionRepository.user_storage = klass
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def shop_session_repository=(klass)
|
|
59
|
+
@shop_session_repository = klass
|
|
60
|
+
ShopifyApp::SessionRepository.shop_storage = klass
|
|
58
61
|
end
|
|
59
62
|
|
|
60
63
|
def has_webhooks?
|
|
@@ -14,44 +14,48 @@ module ShopifyApp
|
|
|
14
14
|
rescue_from ActiveResource::UnauthorizedAccess, :with => :close_session
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
def
|
|
18
|
-
return redirect_to_login
|
|
17
|
+
def activate_shopify_session
|
|
18
|
+
return redirect_to_login if current_shopify_session.blank?
|
|
19
19
|
clear_top_level_oauth_cookie
|
|
20
20
|
|
|
21
21
|
begin
|
|
22
|
-
ShopifyAPI::Base.activate_session(
|
|
22
|
+
ShopifyAPI::Base.activate_session(current_shopify_session)
|
|
23
23
|
yield
|
|
24
24
|
ensure
|
|
25
25
|
ShopifyAPI::Base.clear_session
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
def
|
|
30
|
-
if
|
|
31
|
-
|
|
32
|
-
@shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify_user]['id'])
|
|
29
|
+
def current_shopify_session
|
|
30
|
+
if session[:user_id].present?
|
|
31
|
+
@current_shopify_session ||= user_session
|
|
33
32
|
else
|
|
34
|
-
|
|
35
|
-
@shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
|
|
33
|
+
@current_shopify_session ||= shop_session
|
|
36
34
|
end
|
|
37
35
|
end
|
|
38
36
|
|
|
37
|
+
def user_session
|
|
38
|
+
return if session[:user_id].blank?
|
|
39
|
+
ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def shop_session
|
|
43
|
+
return if session[:shop_id].blank?
|
|
44
|
+
ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
|
|
45
|
+
end
|
|
46
|
+
|
|
39
47
|
def login_again_if_different_user_or_shop
|
|
40
|
-
if
|
|
41
|
-
|
|
42
|
-
sessions_do_not_match = session[:user_session] != params[:session] # current user is different from stored user
|
|
48
|
+
if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
|
|
49
|
+
clear_session = session[:user_session] != params[:session] # current user is different from stored user
|
|
43
50
|
|
|
44
|
-
if valid_session_data && sessions_do_not_match
|
|
45
|
-
clear_session = true
|
|
46
|
-
end
|
|
47
51
|
end
|
|
48
52
|
|
|
49
|
-
if
|
|
53
|
+
if current_shopify_session && params[:shop] && params[:shop].is_a?(String) && (current_shopify_session.domain != params[:shop])
|
|
50
54
|
clear_session = true
|
|
51
55
|
end
|
|
52
56
|
|
|
53
57
|
if clear_session
|
|
54
|
-
|
|
58
|
+
clear_shopify_session
|
|
55
59
|
redirect_to_login
|
|
56
60
|
end
|
|
57
61
|
end
|
|
@@ -76,12 +80,13 @@ module ShopifyApp
|
|
|
76
80
|
end
|
|
77
81
|
|
|
78
82
|
def close_session
|
|
79
|
-
|
|
83
|
+
clear_shopify_session
|
|
80
84
|
redirect_to(login_url_with_optional_shop)
|
|
81
85
|
end
|
|
82
86
|
|
|
83
|
-
def
|
|
84
|
-
session[:
|
|
87
|
+
def clear_shopify_session
|
|
88
|
+
session[:shop_id] = nil
|
|
89
|
+
session[:user_id] = nil
|
|
85
90
|
session[:shopify_domain] = nil
|
|
86
91
|
session[:shopify_user] = nil
|
|
87
92
|
session[:user_session] = nil
|