shopify_app 17.1.1 → 17.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b7c85212f0a947dfc426afa1c06eec9330bfd47ff42794f05d070e7e01cdbe42
-  data.tar.gz: f919606ea20ae9b7626983783dc99aa1fc7776fc0cc2fe1f87b35653847f86ee
+  metadata.gz: 88d5209cb72a9fd96ac20c09e3a253625e1b4bb0d3984ec3d492e14a9752cb06
+  data.tar.gz: 6b322c48546fcf069a949f44acf1e39649948233ed1f06076037883d2037a0e5
 SHA512:
-  metadata.gz: 0ed7553a6e6c0397668e7897bb42871bc96375f2773d017f18c3ef60572fb3979cd7ce101c3ffcf601057134676b4881aa96097123438ba83275c20086a9d4aa
-  data.tar.gz: 2a37f8439ad82010abddbc9108e08de3d8ef3c574a7ee24b67eb3ec36cfd36856563658f2f5014815a9cbea7210f495f8672337b6cd2c0ce5445e61a46753ce8
+  metadata.gz: 03c81a3c3bb325970ffeea7dcf1d238b3558260dfd48f8a1fb30bd75328444a19d6493847c83c8314f596e66881129a5965d10c74612eb9fa0703ab0b86c0c42
+  data.tar.gz: 55e7b76c79faa4599c9b6b35392ebe9be03c9300401655aa92443c43f4c7ba9cd8fca2f896a153852e4ef0a9de28e764f9d001a729d93408b17f3898de0ea17a

data/.github/CODEOWNERS

@@ -1 +1,2 @@
 *       @shopify/platform-dev-tools-education
+*       @shopify/app-foundations

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased
 ----------
 
+17.2.0 (April 1, 2021)
+----------
+* Support Rails `v6.1` [#1221](https://github.com/Shopify/shopify_app/pull/1221)
+  * Check out [Upgrading to `v17.2.0`](/docs/Upgrading.md#upgrading-to-v1720) in the Upgrading.md guide for the changes needed to support Rails `v6.1`
+
 17.1.1 (March 12, 2021)
 ----------
 * Fix issues with mocking OmniAuth callback controller tests [#1210](https://github.com/Shopify/shopify_app/pull/1210)

data/Gemfile.lock

@@ -1,80 +1,84 @@
 PATH
   remote: .
   specs:
-    shopify_app (17.1.1)
+    shopify_app (17.2.0)
       browser_sniffer (~> 1.2.2)
       jwt (~> 2.2.1)
       omniauth-shopify-oauth2 (~> 2.2.2)
-      rails (> 5.2.1, < 6.1)
+      rails (> 5.2.1, < 6.2)
       redirect_safely (~> 1.0)
       shopify_api (~> 9.4)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.0.3.5)
-      actionpack (= 6.0.3.5)
+    actioncable (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.3.5)
-      actionpack (= 6.0.3.5)
-      activejob (= 6.0.3.5)
-      activerecord (= 6.0.3.5)
-      activestorage (= 6.0.3.5)
-      activesupport (= 6.0.3.5)
+    actionmailbox (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activejob (= 6.1.3.1)
+      activerecord (= 6.1.3.1)
+      activestorage (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
       mail (>= 2.7.1)
-    actionmailer (6.0.3.5)
-      actionpack (= 6.0.3.5)
-      actionview (= 6.0.3.5)
-      activejob (= 6.0.3.5)
+    actionmailer (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      actionview (= 6.1.3.1)
+      activejob (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.5)
-      actionview (= 6.0.3.5)
-      activesupport (= 6.0.3.5)
-      rack (~> 2.0, >= 2.0.8)
+    actionpack (6.1.3.1)
+      actionview (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.3.5)
-      actionpack (= 6.0.3.5)
-      activerecord (= 6.0.3.5)
-      activestorage (= 6.0.3.5)
-      activesupport (= 6.0.3.5)
+    actiontext (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activerecord (= 6.1.3.1)
+      activestorage (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
       nokogiri (>= 1.8.5)
-    actionview (6.0.3.5)
-      activesupport (= 6.0.3.5)
+    actionview (6.1.3.1)
+      activesupport (= 6.1.3.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.5)
-      activesupport (= 6.0.3.5)
+    activejob (6.1.3.1)
+      activesupport (= 6.1.3.1)
       globalid (>= 0.3.6)
-    activemodel (6.0.3.5)
-      activesupport (= 6.0.3.5)
+    activemodel (6.1.3.1)
+      activesupport (= 6.1.3.1)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (6.0.3.5)
-      activemodel (= 6.0.3.5)
-      activesupport (= 6.0.3.5)
+    activerecord (6.1.3.1)
+      activemodel (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
     activeresource (5.1.1)
       activemodel (>= 5.0, < 7)
       activemodel-serializers-xml (~> 1.0)
       activesupport (>= 5.0, < 7)
-    activestorage (6.0.3.5)
-      actionpack (= 6.0.3.5)
-      activejob (= 6.0.3.5)
-      activerecord (= 6.0.3.5)
-      marcel (~> 0.3.1)
-    activesupport (6.0.3.5)
+    activestorage (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activejob (= 6.1.3.1)
+      activerecord (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      marcel (~> 1.0.0)
+      mini_mime (~> 1.0.2)
+    activesupport (6.1.3.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2, >= 2.2.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.1)
@@ -88,7 +92,7 @@ GEM
     crack (0.4.4)
     crass (1.0.6)
     debug_inspector (0.0.3)
-    erubi (1.9.0)
+    erubi (1.10.0)
     faraday (1.3.0)
       faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
@@ -96,7 +100,7 @@ GEM
     faraday-net_http (1.0.1)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    graphql (1.12.5)
+    graphql (1.12.6)
     graphql-client (0.16.0)
       activesupport (>= 3.0)
       graphql (~> 1.8)
@@ -105,16 +109,14 @@ GEM
     i18n (1.8.9)
       concurrent-ruby (~> 1.0)
     jwt (2.2.2)
-    loofah (2.7.0)
+    loofah (2.9.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
+    marcel (1.0.0)
     method_source (0.9.2)
-    mimemagic (0.3.5)
-    mini_mime (1.0.2)
+    mini_mime (1.0.3)
     mini_portile2 (2.5.0)
     minitest (5.14.4)
     mocha (1.11.2)
@@ -122,10 +124,10 @@ GEM
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     nio4r (2.5.7)
-    nokogiri (1.11.1)
+    nokogiri (1.11.2)
       mini_portile2 (~> 2.5.0)
       racc (~> 1.4)
-    oauth2 (1.4.4)
+    oauth2 (1.4.7)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
@@ -156,20 +158,20 @@ GEM
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.0.3.5)
-      actioncable (= 6.0.3.5)
-      actionmailbox (= 6.0.3.5)
-      actionmailer (= 6.0.3.5)
-      actionpack (= 6.0.3.5)
-      actiontext (= 6.0.3.5)
-      actionview (= 6.0.3.5)
-      activejob (= 6.0.3.5)
-      activemodel (= 6.0.3.5)
-      activerecord (= 6.0.3.5)
-      activestorage (= 6.0.3.5)
-      activesupport (= 6.0.3.5)
-      bundler (>= 1.3.0)
-      railties (= 6.0.3.5)
+    rails (6.1.3.1)
+      actioncable (= 6.1.3.1)
+      actionmailbox (= 6.1.3.1)
+      actionmailer (= 6.1.3.1)
+      actionpack (= 6.1.3.1)
+      actiontext (= 6.1.3.1)
+      actionview (= 6.1.3.1)
+      activejob (= 6.1.3.1)
+      activemodel (= 6.1.3.1)
+      activerecord (= 6.1.3.1)
+      activestorage (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      bundler (>= 1.15.0)
+      railties (= 6.1.3.1)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -180,12 +182,12 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.3.5)
-      actionpack (= 6.0.3.5)
-      activesupport (= 6.0.3.5)
+    railties (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.20.3, < 2.0)
+      thor (~> 1.0)
     rainbow (3.0.0)
     rake (13.0.3)
     rb-readline (0.5.5)
@@ -208,7 +210,7 @@ GEM
       rubocop (~> 1.4)
     ruby-progressbar (1.10.1)
     ruby2_keywords (0.0.4)
-    shopify_api (9.4.0)
+    shopify_api (9.4.1)
       activeresource (>= 4.1.0, < 6.0.0)
       graphql-client
       rack
@@ -221,9 +223,8 @@ GEM
       sprockets (>= 3.0.0)
     sqlite3 (1.4.2)
     thor (1.1.0)
-    thread_safe (0.3.6)
-    tzinfo (1.2.9)
-      thread_safe (~> 0.1)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
     unicode-display_width (1.7.0)
     webmock (3.9.1)
       addressable (>= 2.3.6)

data/README.md

@@ -4,7 +4,7 @@
 
 [gem]: https://img.shields.io/gem/v/shopify_app.svg
 [gem_url]: https://rubygems.org/gems/shopify_app
-[supported_rails_version]: https://img.shields.io/badge/rails-%3C6.1.0-orange
+[supported_rails_version]: https://img.shields.io/badge/rails-%3C6.2.0-orange
 
 This gem builds Rails applications that can be embedded in the Shopify Admin.
 

data/config/locales/nl.yml

@@ -1,7 +1,7 @@
 ---
 nl:
   logged_out: Je bent afgemeld
-  could_not_log_in: Kon niet aanmelden bij Shopify-winkel
+  could_not_log_in: Kon niet inloggen bij Shopify-winkel
   invalid_shop_url: Ongeldig winkeldomein
   enable_cookies_heading: Schakel cookies in van %{app}
   enable_cookies_body: Je moet cookies in deze browser handmatig inschakelen om %{app}

data/docs/Troubleshooting.md

@@ -5,8 +5,12 @@
 [Generators](#generators)
   * [The `shopify_app:install` generator hangs](#the-shopifyappinstall-generator-hangs)
 
+[Rails](#rails)
+  * [Known issues with Rails `v6.1`](#known-issues-with-rails-v61)
+
 [App installation](#app-installation)
   * [My app won't install](#my-app-wont-install)
+  * [My app keeps redirecting to login](#my-app-keeps-redirecting-to-login)
 
 [JWT session tokens](#jwt-session-tokens)
   * [My app is still using cookies to authenticate](#my-app-is-still-using-cookies-to-authenticate)
@@ -24,6 +28,35 @@ $ bundle exec spring stop
 
 Run shopify_app generator again.
 
+## Rails
+
+### Known issues with Rails `v6.1`
+
+If you recently upgraded your application's `Rails::Application` configuration to load the default configuration for Rails `v6.1`, then you will need to update the following `cookies_same_site_protection` ActionDispatch configuration.
+
+```diff
+# config/application.rb
+
+require_relative 'boot'
+
+require 'rails/all'
+
+Bundler.require(*Rails.groups)
+
+module AppName
+  class Application < Rails::Application
++    config.load_defaults 6.1
+
++    config.action_dispatch.cookies_same_site_protection = :none
+    ...
+  end
+end
+```
+
+As of Rails `v6.1`, the same-site cookie protection setting defaults  to `Lax`. This does not allow an embedded app to make cross-domain requests in the Shopify Admin.
+
+Alternatively, you can upgrade to [`v17.2.0` of the shopify_app gem](/docs/Upgrading.md#upgrading-to-v1720).
+
 ## App installation
 
 ### My app won't install

data/docs/Upgrading.md

@@ -4,12 +4,28 @@ This file documents important changes needed to upgrade your app's Shopify App v
 
 #### Table of contents
 
+[Upgrading to `v17.2.0`](#upgrading-to-v1720)
+
 [Upgrading to `v13.0.0`](#upgrading-to-v1300)
 
 [Upgrading to `v11.7.0`](#upgrading-to-v1170)
 
 [Upgrading from `v8.6` to `v9.0.0`](#upgrading-from-v86-to-v900)
 
+## Upgrading to `v17.2.0`
+
+### Different SameSite cookie attribute behaviour
+
+To support Rails  `v6.1`, the [`SameSiteCookieMiddleware`](/lib/shopify_app/middleware/same_site_cookie_middleware.rb) was updated to configure cookies to `SameSite=None` if the app is embedded. Before this release, cookies were configured to `SameSite=None` only if this attribute had not previously been set before.
+
+```diff
+# same_site_cookie_middleware.rb
+- cookie << '; SameSite=None' unless cookie =~ /;\s*samesite=/i
++ cookie << '; SameSite=None' if ShopifyApp.configuration.embedded_app?
+```
+
+By default, Rails `v6.1` configures `SameSite=Lax` on all cookies that don't specify this attribute.
+
 ## Upgrading to `v13.0.0`
 
 Version 13.0.0 adds the ability to use both user and shop sessions, concurrently. This however involved a large

data/docs/shopify_app/handling-access-scopes-changes.md

@@ -1,8 +1,14 @@
 # Handling changes in access scopes
-The Shopify App gem provides handling changes to scopes for both shop/offline and user/online tokens. To enable your app to login via OAuth on scope changes, you can set the following configuration flag:
+The Shopify App gem provides handling changes to scopes for both shop/offline and user/online tokens. To enable your app to login via OAuth on scope changes, you can set the following configuration flag in your `config/initializers/shopify_app.rb`:
 ```ruby
-ShopifyApp.configuration.reauth_on_access_scope_changes = true
+config.reauth_on_access_scope_changes = true
 ```
 
 ## ShopAccessScopesVerification
 The `ShopifyApp::ShopAccessScopesVerification` concern helps merchants grant new access scopes requested by the app. The concern compares the current access scopes granted by the shop and compares them with the scopes requested by the app. If there is a mismatch in configuration, the merchant is redirected to login via OAuth and grant the net new scopes.
+
+To activate the `ShopAccessScopesVerification` for a controller add `include ShopifyApp::ShopAccessScopesVerification`:
+```ruby
+class HomeController < AuthenticatedController
+  include ShopifyApp::ShopAccessScopesVerification
+```

data/docs/shopify_app/session-repository.md

@@ -78,7 +78,7 @@ end
 provider :shopify,
   ...
   setup: lambda { |env|
-    configuration = ShopifyApp::OmniauthConfiguration.new(env['omniauth.strategy'], Rack::Request.new(env))
+    configuration = ShopifyApp::OmniAuthConfiguration.new(env['omniauth.strategy'], Rack::Request.new(env))
     configuration.build_options
   }
 

data/lib/shopify_app/middleware/same_site_cookie_middleware.rb

@@ -21,7 +21,7 @@ module ShopifyApp
           .compact
           .map do |cookie|
             cookie << '; Secure' unless cookie =~ /;\s*secure/i
-            cookie << '; SameSite=None' unless cookie =~ /;\s*samesite=/i
+            cookie << '; SameSite=None' if ShopifyApp.configuration.embedded_app?
             cookie
           end
 

data/lib/shopify_app/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module ShopifyApp
-  VERSION = '17.1.1'
+  VERSION = '17.2.0'
 end

data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shopify_app",
-  "version": "17.1.1",
+  "version": "17.2.0",
   "repository": "git@github.com:Shopify/shopify_app.git",
   "author": "Shopify",
   "license": "MIT",

data/shopify_app.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
   s.metadata['allowed_push_host'] = 'https://rubygems.org'
 
   s.add_runtime_dependency('browser_sniffer', '~> 1.2.2')
-  s.add_runtime_dependency('rails', '> 5.2.1', '< 6.1')
+  s.add_runtime_dependency('rails', '> 5.2.1', '< 6.2')
   s.add_runtime_dependency('shopify_api', '~> 9.4')
   s.add_runtime_dependency('omniauth-shopify-oauth2', '~> 2.2.2')
   s.add_runtime_dependency('jwt', '~> 2.2.1')

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 17.1.1
+  version: 17.2.0
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-12 00:00:00.000000000 Z
+date: 2021-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: browser_sniffer
@@ -33,7 +33,7 @@ dependencies:
         version: 5.2.1
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -43,7 +43,7 @@ dependencies:
         version: 5.2.1
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: shopify_api
   requirement: !ruby/object:Gem::Requirement