shopify_app 14.4.3 → 14.4.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4943d62d694b896b3459f7c120ad33e05a71826af48c30c8449e0b213f8792c3
4
- data.tar.gz: c12f15a9ca8e94f03e6c00dbac9d1e1d6651571cd96991318ec533db069d6fe6
3
+ metadata.gz: a3962aefcffacf58b7e57836a66b40a7689d5fe64d754fe1b236081cfeefcda2
4
+ data.tar.gz: 3f7200abedcd9598e08e7fcc816009acd236093c5a3ca011fa1d05684b31a1ed
5
5
  SHA512:
6
- metadata.gz: 0fb092bd7b4085ea4f9fafe196c4f56f09a709120e2ae206fb174f8858bb39324335cbfb0b066ad24d131f37d31ec872887899a074436fa6f2290e72dc4f1f43
7
- data.tar.gz: 1f77669706cd7ad0065bc6b5bc30744a2b9e4da61190266cfb7efc9f2127f1b0c0cd030d968dca1c80ce6bde4c842ed16b9d38bff899e50f63b11e74159572a6
6
+ metadata.gz: a3c2eaf95a630a628de9252be8f1802b35ce57be387a5e5ae3e8047484432b5ed7b1af98b739911c1f6afa74b09c44b5f8589481ad699c6595ef95d5332952de
7
+ data.tar.gz: 312ef3c7dd4013c17696289e9b8890e359d24753501468155cdb3ae63a7ff5a577d4b5f1a3f0606d438e78be655b0df791ccd45406d88485f5386db1a563d9af
@@ -12,3 +12,8 @@ Authentication Issues
12
12
  A great deal of the issues surrounding this repo are around authenticating (installing) the generated app with Shopify.
13
13
 
14
14
  If you are experiencing issues with your app authenticating/installing the best way to get help fast is to create a repo with the minimal amount of code to demonstrate the issue and a clearly documented set of steps you took to arrive there. This will help us solve your problem quicker since we won't need to spend any time figuring out how to reproduce the bug. Please also include your operating system and browser.
15
+
16
+ Security
17
+ --------
18
+
19
+ Please be certain to redact any private information from your logs or code snippets such as Api Keys, Api Secrets, and any authentication tokens such as shop_tokens.
@@ -10,6 +10,7 @@ AllCops:
10
10
  Style/MethodCallWithArgsParentheses:
11
11
  Exclude:
12
12
  - '**/Gemfile'
13
+ - 'test/**/*'
13
14
 
14
15
  Style/ClassAndModuleChildren:
15
16
  Exclude:
@@ -1,3 +1,7 @@
1
+ 14.4.4
2
+ ------
3
+ * Patch to not log params in ShopifyApp jobs [#1086](https://github.com/Shopify/shopify_app/pull/1086)
4
+
1
5
  14.4.3
2
6
  ------
3
7
  * Fix to ensure post authenticate jobs are run after callback requests [#1079](https://github.com/Shopify/shopify_app/pull/1079)
data/README.md CHANGED
@@ -26,7 +26,7 @@ Table of Contents
26
26
  - [Troubleshooting](#troubleshooting)
27
27
  - [Testing an embedded app outside the Shopify admin](#testing-an-embedded-app-outside-the-shopify-admin)
28
28
  - [Migration to 13.0.0](#migrating-to-1300)
29
- - [Questions or problems?](#questions-or-problems-)
29
+ - [Questions or problems?](#questions-or-problems)
30
30
  - [Rails 6 Compatibility](#rails-6-compatibility)
31
31
  - [Upgrading from 8.6 to 9.0.0](#upgrading-from-86-to-900)
32
32
 
@@ -105,7 +105,7 @@ Options include:
105
105
  * `application_name` - the name of your app, it can be supplied with or without double-quotes if a whitespace is present. (e.g. `--application_name Example App` or `--application_name "Example App"`)
106
106
  * `scope` - the OAuth access scope required for your app, e.g. **read_products, write_orders**. *Multiple options* need to be delimited by a comma-space and can be supplied with or without double-quotes
107
107
  (e.g. `--scope read_products, write_orders, write_products` or `--scope "read_products, write_orders, write_products"`)
108
- For more information, refer the [docs](http://docs.shopify.com/api/tutorials/oauth).
108
+ For more information, refer to the [docs](http://docs.shopify.com/api/tutorials/oauth).
109
109
  * `embedded` - the default is to generate an [embedded app](http://docs.shopify.com/embedded-app-sdk), if you want a legacy non-embedded app then set this to false, `--embedded false`
110
110
 
111
111
  You can update any of these settings later on easily; the arguments are simply for convenience.
@@ -427,7 +427,7 @@ bin/rails g shopify_app:rotate_shopify_token_job
427
427
 
428
428
  The generated rake task will be found at `lib/tasks/shopify/rotate_shopify_token.rake` and is provided strictly for example purposes. It might not work with your application out of the box without some configuration.
429
429
 
430
- ⚠️ Note: if you are updating `shopify_app` from a version prior to 8.4.2 (and do not wish to run the default/install generator again), you will need to add [the following line](https://github.com/Shopify/shopify_app/blob/4f7e6cca2a472d8f7af44b938bd0fcafe4d8e88a/lib/generators/shopify_app/install/templates/shopify_provider.rb#L18) to `config/intializers/omniauth.rb`:
430
+ ⚠️ Note: if you are updating `shopify_app` from a version prior to 8.4.2 (and do not wish to run the default/install generator again), you will need to add [the following line](https://github.com/Shopify/shopify_app/blob/4f7e6cca2a472d8f7af44b938bd0fcafe4d8e88a/lib/generators/shopify_app/install/templates/shopify_provider.rb#L18) to `config/initializers/omniauth.rb`:
431
431
 
432
432
  ```ruby
433
433
  strategy.options[:old_client_secret] = ShopifyApp.configuration.old_secret
@@ -8,7 +8,7 @@ Releasing ShopifyApp
8
8
  - Change the title of the PR to something like: "Packaging for release X.Y.Z"
9
9
  1. Merge your pull request
10
10
  1. Checkout and pull from master so you have the latest version of the shopify_app
11
- 1. Tag the HEAD with the version
11
+ 1. Tag the HEAD with the version
12
12
  ```bash
13
13
  $ git tag -f vX.Y.Z && git push --tags --force
14
14
  ```
@@ -8,7 +8,7 @@ module ShopifyApp
8
8
 
9
9
  def create_controllers
10
10
  controllers.each do |controller|
11
- copy_file controller
11
+ copy_file(controller)
12
12
  end
13
13
  end
14
14
 
@@ -8,7 +8,7 @@ module ShopifyApp
8
8
 
9
9
  def create_views
10
10
  views.each do |view|
11
- copy_file view
11
+ copy_file(view)
12
12
  end
13
13
  end
14
14
 
@@ -1,5 +1,15 @@
1
1
  # frozen_string_literal: true
2
2
  module ShopifyApp
3
+ module RedactJobParams
4
+ private
5
+
6
+ def args_info(job)
7
+ log_disabled_classes = %w(ShopifyApp::ScripttagsManagerJob ShopifyApp::WebhooksManagerJob)
8
+ return "" if log_disabled_classes.include?(job.class.name)
9
+ super
10
+ end
11
+ end
12
+
3
13
  class Engine < Rails::Engine
4
14
  engine_name 'shopify_app'
5
15
  isolate_namespace ShopifyApp
@@ -21,5 +31,16 @@ module ShopifyApp
21
31
  app.config.middleware.insert_after(ShopifyApp::SameSiteCookieMiddleware, ShopifyApp::JWTMiddleware)
22
32
  end
23
33
  end
34
+
35
+ initializer "shopify_app.redact_job_params" do
36
+ ActiveSupport.on_load(:active_job) do
37
+ if ActiveJob::Base.respond_to?(:log_arguments?)
38
+ WebhooksManagerJob.log_arguments = false
39
+ ScripttagsManagerJob.log_arguments = false
40
+ elsif ActiveJob::Logging::LogSubscriber.private_method_defined?(:args_info)
41
+ ActiveJob::Logging::LogSubscriber.prepend(RedactJobParams)
42
+ end
43
+ end
44
+ end
24
45
  end
25
46
  end
@@ -1,4 +1,4 @@
1
1
  # frozen_string_literal: true
2
2
  module ShopifyApp
3
- VERSION = '14.4.3'
3
+ VERSION = '14.4.4'
4
4
  end
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shopify_app",
3
- "version": "14.4.3",
3
+ "version": "14.4.4",
4
4
  "repository": "git@github.com:Shopify/shopify_app.git",
5
5
  "author": "Shopify",
6
6
  "license": "MIT",
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 14.4.3
4
+ version: 14.4.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-23 00:00:00.000000000 Z
11
+ date: 2020-09-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: browser_sniffer