RubyGems - shopify_app - Versions diffs - 17.0.4 → 17.0.5 - Mend

shopify_app 17.0.4 → 17.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/Gemfile.lock +3 -3
data/app/controllers/shopify_app/callback_controller.rb +7 -0
data/app/controllers/shopify_app/sessions_controller.rb +13 -4
data/lib/shopify_app/version.rb +1 -1
data/package.json +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7cab2299a543318d0a7d39fafcfa16a1067222041eeaa5e7c02563dd0d5ed80a
-  data.tar.gz: 9f7dcc292f0f98c28e458f519cea464ae00925f770c7a065aca12c1579ecbbc5
+  metadata.gz: 41c18b0e92a08c6f1ddf4b172e6eacc71392222f7c50cf894f63a7e2d05a5420
+  data.tar.gz: 4110f9c21b060325cde47a9fac5cb60f4417b3279219a650585c719214b7dd7c
 SHA512:
-  metadata.gz: f60af66dbfa84fc2a185bb733967124633acc0cbad22b0de805e89d10a6d2863651973ba91cbc3cc026c3d987a3eedfaba4796f97a8e68c0ee1e28bb920dff39
-  data.tar.gz: 1d03e4fecbdfcc1bfb46c5495b3c3f58c071ba7128fdd6d99db43a5920816a18d8fb4b2d4404058bf8c62f9d04f4d57cebb388b37fe864b7246a127d37f109e0
+  metadata.gz: 04ee583382594207dbe63962b72c31ff0ca973453d89840552425443758c767f501772c50c27d31436505b4e2891bdaca58fe3aca731bd9c56c3edda05d88e2f
+  data.tar.gz: beff89c7a9c01e3a9becedace07f2d22ef10182425693c1244b997e350f19916e74faa2873f2bef8d00b6ed32444f09fac75b6b14cfbbabe5239ed7baccb1752

data/CHANGELOG.md CHANGED

@@ -1,6 +1,10 @@
 Unreleased
 ----------
+17.0.5 (January 27, 2021)
+----------
+* Fix omniauth strategy not being set correctly for apps using session tokens [#1164](https://github.com/Shopify/shopify_app/pull/1164)
 17.0.4 (January 25, 2021)
 ----------
 * Redirect user to login page if shopify domain is not found in the `EnsureAuthenticatedLinks` concern [#1158](https://github.com/Shopify/shopify_app/pull/1158)

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    shopify_app (17.0.4)
+    shopify_app (17.0.5)
       browser_sniffer (~> 1.2.2)
       jwt (~> 2.2.1)
       omniauth-shopify-oauth2 (~> 2.2.2)
@@ -96,7 +96,7 @@ GEM
     faraday-net_http (1.0.1)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    graphql (1.12.1)
+    graphql (1.12.3)
     graphql-client (0.16.0)
       activesupport (>= 3.0)
       graphql (~> 1.8)
@@ -208,7 +208,7 @@ GEM
       rubocop (~> 1.4)
     ruby-progressbar (1.10.1)
     ruby2_keywords (0.0.4)
-    shopify_api (9.2.0)
+    shopify_api (9.3.0)
       activeresource (>= 4.1.0, < 6.0.0)
       graphql-client
       rack

data/app/controllers/shopify_app/callback_controller.rb CHANGED

@@ -65,6 +65,13 @@ module ShopifyApp
       end
     end
+    # Override user_session_by_cookie from LoginProtection to bypass allow_cookie_authentication
+    # setting check because session cookies are justified at top level
+    def user_session_by_cookie
+      return unless session[:user_id].present?
+      ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
+    end
     def start_user_token_flow?
       if jwt_request?
         false

data/app/controllers/shopify_app/sessions_controller.rb CHANGED

@@ -92,9 +92,18 @@ module ShopifyApp
       end
     end
+    # Override shop_session_by_cookie from LoginProtection to bypass allow_cookie_authentication
+    # setting check because session cookies are justified at top level
+    def shop_session_by_cookie
+      return unless session[:shop_id].present?
+      ShopifyApp::SessionRepository.retrieve_shop_session(session[:shop_id])
+    end
     # rubocop:disable Lint/SuppressedException
     def set_user_tokens_option
-      if shop_session.blank?
+      current_shop_session = shop_session
+      if current_shop_session.blank?
         session[:user_tokens] = false
         return
       end
@@ -102,9 +111,9 @@ module ShopifyApp
       session[:user_tokens] = ShopifyApp::SessionRepository.user_storage.present?
       ShopifyAPI::Session.temp(
-        domain: shop_session.domain,
-        token: shop_session.token,
-        api_version: shop_session.api_version
+        domain: current_shop_session.domain,
+        token: current_shop_session.token,
+        api_version: current_shop_session.api_version
       ) do
         ShopifyAPI::Metafield.find(:token_validity_bogus_check)
       end

data/lib/shopify_app/version.rb CHANGED

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '17.0.4'
+  VERSION = '17.0.5'
 end

data/package.json CHANGED

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "17.0.4",
+  "version": "17.0.5",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 17.0.4
+  version: 17.0.5
 platform: ruby
 authors:
 - Shopify
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-25 00:00:00.000000000 Z
+date: 2021-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer