shopify_app 16.1.0 → 17.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44ec6da287b58bdae2e84213de7ef0780078bd09c7c25558b75e738e7b1fe8ae
-  data.tar.gz: fc2e72d9c007933a42c45f286b259b2a27a425b0174aadd9095f140d2707922a
+  metadata.gz: b4760b55b5a05f6879b992c7292f99c51a50b3c080215b74c789214ebc467b5c
+  data.tar.gz: e67a45136ca74cbd6c3403f1e3a17577be621f0617a22c3f177f51e452dda369
 SHA512:
-  metadata.gz: cf8d2e8fda1d93bf9bee47491662d751be025f2f3dd80cf0e6bc92fc7a5577481dcf78fcba8e9dee1c03c0b5ebf34c686e062eb03313de9679ca3056f675b669
-  data.tar.gz: a71980adc7d070ba469e1fe1a15b69ebbadf8f4f871b3fb2ccc32d989df85cbb702df5101c5cc57b253416693530cd412011e227dc5aa9a24c96e2efddcdb506
+  metadata.gz: 7f5978d3ee4bd6cb553b30b57a50233d0d983fb8715a0e6fb272dbe9d5fb91b8a90ca3d04d97221a45035bf7c66b6cadd6c897fee548c0998c6c9323d4a1ec92
+  data.tar.gz: 62d60866c63e2b4ad3f70f1375fcfb3e7fda69edb4ef78a9e75cde872a909b5e8cc4ad764ec69225cbec3da42cd9a4556f6f473b863df3a403dfc7376e410af1

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+Unreleased
+----------
+
+17.0.0 (January 13, 2021)
+------
+* Rails 6.1 is not yet supported [#1134](https://github.com/Shopify/shopify_app/pull/1134)
+
 16.1.0
 ------
 * Use Session Token auth strategy by default for new embedded apps [#1111](https://github.com/Shopify/shopify_app/pull/1111)

data/Gemfile.lock

@@ -1,11 +1,11 @@
 PATH
   remote: .
   specs:
-    shopify_app (16.1.0)
+    shopify_app (17.0.0)
       browser_sniffer (~> 1.2.2)
       jwt (~> 2.2.1)
       omniauth-shopify-oauth2 (~> 2.2.2)
-      rails (> 5.2.1)
+      rails (> 5.2.1, < 6.1)
       redirect_safely (~> 1.0)
       shopify_api (~> 9.1)
 
@@ -89,9 +89,11 @@ GEM
     crass (1.0.6)
     debug_inspector (0.0.3)
     erubi (1.9.0)
-    faraday (1.1.0)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
       ruby2_keywords
+    faraday-net_http (1.0.1)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
     graphql (1.11.6)
@@ -113,15 +115,16 @@ GEM
     method_source (0.9.2)
     mimemagic (0.3.5)
     mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
+    mini_portile2 (2.5.0)
     minitest (5.14.2)
     mocha (1.11.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     nio4r (2.5.4)
-    nokogiri (1.10.10)
-      mini_portile2 (~> 2.4.0)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
@@ -149,6 +152,7 @@ GEM
       binding_of_caller (>= 0.7)
       pry (>= 0.9.11)
     public_suffix (4.0.6)
+    racc (1.5.2)
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)

data/README.md

@@ -8,6 +8,8 @@ Shopify App
 
 Shopify Application Rails engine and generator
 
+### NOTE: Rails 6.1 or above is not yet supported due to the new `cookies_same_site_protection` setting.
+
 #### NOTE: Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
 
 Table of Contents
@@ -72,19 +74,11 @@ The latest version of shopify_app is compatible with Rails `>= 5`. Use version `
 Generators
 ----------
 
-### Default Generator
-
-The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
-
-```sh
-$ rails generate shopify_app
-```
-
-After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
-
 ### API Keys
 
-The default and install generators have been updated to source Shopify API key and secret from an Environment (`.env`) variables file, which you will need to create with the following format:
+Before running the generators, you'll need to ensure your app can read the Shopify environment variables `SHOPIFY_API_KEY` and `SHOPIFY_API_SECRET`.
+
+A common approach is to use the [dotenv-rails](https://github.com/bkeepers/dotenv) gem, along with an `.env` file in the following format:
 
 ```
 SHOPIFY_API_KEY=your api key
@@ -93,7 +87,16 @@ SHOPIFY_API_SECRET=your api secret
 
 These values can be found on the "App Setup" page in the [Shopify Partners Dashboard][dashboard]. If you are checking your code into a code repository, ensure your `.gitignore` prevents your `.env` file from being checked into any publicly accessible code.
 
-**You will need to load the ENV variables into your environment, you can do this with the [dot-env](https://github.com/bkeepers/dotenv) gem or any other method you wish to.**
+### Default Generator
+
+The default generator will run the `install`, `shop`, `authenticated_controller`, and `home_controller` generators. This is the recommended way to start a new app from scratch:
+
+```sh
+$ rails generate shopify_app
+```
+
+After running the generator, you will need to run `rails db:migrate` to add new tables to your database. You can start your app with `bundle exec rails server` and install your app by visiting `http://localhost` in your web browser.
+
 
 ### Install Generator
 

data/app/controllers/shopify_app/callback_controller.rb

@@ -30,16 +30,12 @@ module ShopifyApp
     end
 
     def respond_with_user_token_flow
-      Rails.logger.debug("[ShopifyApp::CallbackController] Redirecting for user token...")
       redirect_to(login_url_with_optional_shop)
     end
 
     def store_access_token_and_build_session
       if native_browser_request?
-        Rails.logger.debug("[ShopifyApp::CallbackController] Not a JWT request. Resetting session options...")
         reset_session_options
-      else
-        Rails.logger.debug("[ShopifyApp::CallbackController] JWT request detected. Setting shopify session...")
       end
       set_shopify_session
     end
@@ -62,10 +58,8 @@ module ShopifyApp
 
     def respond_with_error
       if jwt_request?
-        Rails.logger.debug("[ShopifyApp::CallbackController] Invalid JWT auth detected.")
         head(:unauthorized)
       else
-        Rails.logger.debug("[ShopifyApp::CallbackController] Invalid non JWT auth detected.")
         flash[:error] = I18n.t('could_not_log_in')
         redirect_to(login_url_with_optional_shop)
       end

data/app/controllers/shopify_app/sessions_controller.rb

@@ -10,19 +10,14 @@ module ShopifyApp
     end
 
     def new
-      if sanitized_shop_name.present?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Sanitized shop name present. Authenticating...")
-        authenticate
-      end
+      authenticate if sanitized_shop_name.present?
     end
 
     def create
-      Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating...")
       authenticate
     end
 
     def enable_cookies
-      Rails.logger.debug("[ShopifyApp::SessionsController] Enabling cookies...")
       return unless validate_shop_presence
 
       render(:enable_cookies, layout: false, locals: {
@@ -45,7 +40,6 @@ module ShopifyApp
     end
 
     def granted_storage_access
-      Rails.logger.debug("[ShopifyApp::SessionsController] Granted storage access.")
       return unless validate_shop_presence
 
       session['shopify.granted_storage_access'] = true
@@ -56,7 +50,6 @@ module ShopifyApp
     end
 
     def destroy
-      Rails.logger.debug("[ShopifyApp::SessionsController] Resetting session.")
       reset_session
       flash[:notice] = I18n.t('.logged_out')
       redirect_to(login_url_with_optional_shop)
@@ -73,23 +66,18 @@ module ShopifyApp
       set_user_tokens_option
 
       if user_agent_can_partition_cookies
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating with partitioning...")
         authenticate_with_partitioning
       else
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating normally...")
         authenticate_normally
       end
     end
 
     def authenticate_normally
       if request_storage_access?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Redirecting to request storage access...")
         redirect_to_request_storage_access
       elsif authenticate_in_context?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating in context...")
         authenticate_in_context
       else
-        Rails.logger.debug("[ShopifyApp::SessionsController] Authenticating at top level...")
         authenticate_at_top_level
       end
     end
@@ -107,7 +95,6 @@ module ShopifyApp
     # rubocop:disable Lint/SuppressedException
     def set_user_tokens_option
       if shop_session.blank?
-        Rails.logger.debug("[ShopifyApp::SessionsController] Shop session is blank.")
         session[:user_tokens] = false
         return
       end
@@ -130,7 +117,6 @@ module ShopifyApp
     def validate_shop_presence
       @shop = sanitized_shop_name
       unless @shop
-        Rails.logger.debug("[ShopifyApp::SessionsController] Invalid shop detected.")
         render_invalid_shop_error
         return false
       end

data/config/locales/de.yml

@@ -4,19 +4,19 @@ de:
   could_not_log_in: Shopify Store Login fehlgeschlagen
   invalid_shop_url: Ungültige Shop-Domain
   enable_cookies_heading: Cookies von %{app} aktivieren
-  enable_cookies_body: Sie müssen Cookies in diesem Browser manuell aktivieren, um
-    %{app} in Shopify verwenden zu können.
-  enable_cookies_footer: Mithilfe von Cookies kann die App Sie authentifizieren, indem
-    Ihre Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden.
-    Sie laufen nach 30 Tagen ab.
+  enable_cookies_body: Du musst Cookies in diesem Browser manuell aktivieren, um %{app}
+    in Shopify verwenden zu können.
+  enable_cookies_footer: Mithilfe von Cookies kann die App dich authentifizieren,
+    indem deine Einstellungen und personenbezogenen Daten vorübergehend gespeichert
+    werden. Sie laufen nach 30 Tagen ab.
   enable_cookies_action: Cookies aktivieren
-  top_level_interaction_heading: Ihr Browser muss %{app} authentifizieren
-  top_level_interaction_body: Ihr Browser verlangt, dass Apps wie %{app} Sie um Zugriff
-    auf Cookies bitten, bevor Shopify sie für Sie öffnen kann.
+  top_level_interaction_heading: Dein Browser muss %{app} authentifizieren
+  top_level_interaction_body: Dein Browser verlangt, dass Apps wie %{app} dich um
+    Zugriff auf Cookies bitten, bevor Shopify sie für dich öffnen kann.
   top_level_interaction_action: Weiter
   request_storage_access_heading: "%{app} braucht Zugriff auf Cookies"
-  request_storage_access_body: Damit kann die App Sie authentifizieren, indem Ihre
-    Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden. Klicken
-    Sie auf "Weiter" und erlauben Sie den Cookies, die App zu verwenden.
+  request_storage_access_body: Damit kann die App dich authentifizieren, indem deine
+    Einstellungen und personenbezogenen Daten vorübergehend gespeichert werden. Klicke
+    auf "Weiter" und erlaube Cookies, um die App zu verwenden.
   request_storage_access_footer: Cookies laufen nach 30 Tagen ab.
   request_storage_access_action: Weiter

data/config/locales/vi.yml

@@ -0,0 +1,22 @@
+---
+vi:
+  logged_out: Đã đăng xuất thành công
+  could_not_log_in: Không thể đăng nhập vào cửa hàng trên Shopify
+  invalid_shop_url: Miền cửa hàng không hợp lệ
+  enable_cookies_heading: Bật cookie từ %{app}
+  enable_cookies_body: Bạn phải bật cookie trong trình duyệt này theo cách thủ công
+    để sử dụng %{app} trong Shopify.
+  enable_cookies_footer: Cookie cho phép ứng dụng xác thực bạn bằng cách tạm thời
+    lưu trữ tùy chọn và thông tin cá nhân của bạn. Những thông tin này sẽ hết hạn
+    sau 30 ngày.
+  enable_cookies_action: Bật cookie
+  top_level_interaction_heading: Trình duyệt của bạn cần xác thực %{app}
+  top_level_interaction_body: Trình duyệt của bạn cần các ứng dụng như %{app} để yêu
+    cầu quyền truy cập vào cookie thì Shopify mới có thể mở giúp bạn.
+  top_level_interaction_action: Tiếp tục
+  request_storage_access_heading: "%{app} cần quyền truy cập cookie"
+  request_storage_access_body: Nhờ vậy, ứng dụng có thể xác thực bạn bằng cách tạm
+    thời lưu trữ thông tin cá nhân của bạn. Nhấp vào tiếp tục và cho phép cookie sử
+    dụng ứng dụng.
+  request_storage_access_footer: Cookie sẽ hết hạn sau 30 ngày.
+  request_storage_access_action: Tiếp tục

data/config/locales/zh-CN.yml

@@ -8,7 +8,7 @@ zh-CN:
   enable_cookies_footer: Cookie 使此应用能够通过暂时存储您的偏好设置和个人信息来验证您的身份。这些信息将在 30 天后过期。
   enable_cookies_action: 启用 Cookie
   top_level_interaction_heading: 您的浏览器需要对 %{app} 进行验证
-  top_level_interaction_body: 您的浏览器要求类似 %{app} 的应用向您请求访问 Cookie，之后 Shopify 才能为您打开它。
+  top_level_interaction_body: 您的浏览器要求类似 %{app} 的应用向您申请访问 Cookie，之后 Shopify 才能为您打开它。
   top_level_interaction_action: 继续
   request_storage_access_heading: "%{app} 需要访问 Cookie"
   request_storage_access_body: 这使此应用能够通过暂时存储您的个人信息来验证您的身份。单击继续并启用 Cookie 以使用此应用。

data/lib/shopify_app/controller_concerns/itp.rb

@@ -13,12 +13,10 @@ module ShopifyApp
     end
 
     def set_top_level_oauth_cookie
-      Rails.logger.debug("[ShopifyApp::Itp] Setting top level oauth cookie...")
       session['shopify.top_level_oauth'] = true
     end
 
     def clear_top_level_oauth_cookie
-      Rails.logger.debug("[ShopifyApp::Itp] Clearing top level oauth cookie...")
       session.delete('shopify.top_level_oauth')
     end
 

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -18,24 +18,18 @@ module ShopifyApp
 
     def activate_shopify_session
       if user_session_expected? && user_session.blank?
-        Rails.logger.debug("[ShopifyApp::LoginProtection] User session required. Redirecting to login...")
         signal_access_token_required
         return redirect_to_login
       end
 
-      if current_shopify_session.blank?
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Current shopify session is blank. Redirecting to login...")
-        return redirect_to_login
-      end
+      return redirect_to_login if current_shopify_session.blank?
 
       clear_top_level_oauth_cookie
 
       begin
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Activating session...")
         ShopifyAPI::Base.activate_session(current_shopify_session)
         yield
       ensure
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing session...")
         ShopifyAPI::Base.clear_session
       end
     end
@@ -80,12 +74,7 @@ module ShopifyApp
 
     def login_again_if_different_user_or_shop
       if session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Session data was sent/stored correctly.")
         clear_session = session[:user_session] != params[:session] # current user is different from stored user
-        if clear_session
-          Rails.logger.debug("[ShopifyApp::LoginProtection] Current user is different from stored user.")
-        end
-        clear_session
       end
 
       if current_shopify_session &&
@@ -95,7 +84,6 @@ module ShopifyApp
       end
 
       if clear_session
-        Rails.logger.debug("[ShopifyApp::LoginProtection] Clearing shopify session and redirecting to login...")
         clear_shopify_session
         redirect_to_login
       end

data/lib/shopify_app/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '16.1.0'
+  VERSION = '17.0.0'
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "16.1.0",
+  "version": "17.0.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
   s.metadata['allowed_push_host'] = 'https://rubygems.org'
 
   s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
-  s.add_runtime_dependency('rails', '> 5.2.1')
+  s.add_runtime_dependency('rails', '> 5.2.1', '< 6.1')
   s.add_runtime_dependency('shopify_api', '~> 9.1')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
   s.add_runtime_dependency('jwt', '~> 2.2.1')

data/translation.yml

@@ -1,5 +1,5 @@
 source_language: en
-target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, zh-CN, zh-TW]
+target_languages: [cs, da, de, es, fi, fr, hi, it, ja, ko, ms, nb, nl, pl, pt-BR, pt-PT, sv, th, tr, vi, zh-CN, zh-TW]
 components:
   - name: 'merchant'
     paths:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 16.1.0
+  version: 17.0.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-15 00:00:00.000000000 Z
+date: 2021-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -31,6 +31,9 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: 5.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -38,6 +41,9 @@ dependencies:
     - - ">"
       - !ruby/object:Gem::Version
         version: 5.2.1
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: shopify_api
   requirement: !ruby/object:Gem::Requirement
@@ -307,6 +313,7 @@ files:
 - config/locales/sv.yml
 - config/locales/th.yml
 - config/locales/tr.yml
+- config/locales/vi.yml
 - config/locales/zh-CN.yml
 - config/locales/zh-TW.yml
 - config/routes.rb