RubyGems - shopify_app - Versions diffs - 18.1.3 → 19.0.0 - Mend

shopify_app 18.1.3 → 19.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72f82b74b58afbd537a042ee0b4f662dfe0ff4ba3a3e50961ca5548d0faf949c
-  data.tar.gz: 57fc402338880daae022582fd94e3c7f7d504d7d63e93c62f708728f48c95baa
+  metadata.gz: 68bc78da7e88e7482f179b4d8ce4cf6734f3595631007e047c59a3a31cfcc7f3
+  data.tar.gz: 84e0a185dfc9e34e80749db04c1b1a218fb0aed3499379e532c9a5903da3706a
 SHA512:
-  metadata.gz: 4787465beea494d6711b9086a25d2dd73584b4be292b12e559b4f3b5bee74c13a8da215a341b28556a2749ab36537fe7855b1d6de766170a90f06d6dc02326bf
-  data.tar.gz: a97ea3bead071112b72eeeb49590f936c6cc39939acfa05e83fb425005422fba56c3dbb9ea5de404772c1daedc458b0f7d67dd1e116b2161110914465ed20e93
+  metadata.gz: fe5829d4783dcee78ae5141f51b1e177f65fcae58407101b25af7a83b467c9d3586e58a58785d7fb1730e8c7be34861c6f2cfc62e1e36c4527486e529da74910
+  data.tar.gz: e125dd848ea4faf473ea39d38dd186114dad9bf7ce1ebe4083bbf121fec18ba165936e28f7be0ee485b92426ed4f0cb76743a7cb014de5edbfdc85a4d8511489

data/.github/workflows/build.yml CHANGED Viewed

@@ -2,9 +2,9 @@ name: CI
 on:
   push:
-    branches: [ master, v18 ]
+    branches: [ main ]
   pull_request:
-    branches: [ master, v18 ]
+    branches: [ main ]
 jobs:
   build:

data/.gitignore CHANGED Viewed

@@ -7,6 +7,7 @@ doc/
 *.log
 *.sqlite3
 test/tmp/*
+test/.generated/*
 .idea
 # ignore sprockets cache
 /test/dummy/tmp/*

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,7 @@
-18.1.3 (Jun 2, 2022)
+19.0.0 (April 6, 2022)
 ----------
-* Update browser_sniffer to 2.0.0
+* Use v10 of the Shopify API (https://github.com/Shopify/shopify_api). This update requires changes to an app - please refer to the [migration guide](https://github.com/Shopify/shopify_app/blob/main/docs/Upgrading.md) for details.
+BREAKING, please see migration notes.
 18.1.2 (Mar 3, 2022)
 ----------

data/Gemfile CHANGED Viewed

@@ -1,11 +1,12 @@
 # frozen_string_literal: true
 source "https://rubygems.org"
 # Specify your gem's dependencies in shopify_app.gemspec
 gemspec
-gem 'rails-controller-testing', group: :test
+gem "rails-controller-testing", group: :test
 group :rubocop do
-  gem 'rubocop-shopify', require: false
+  gem "rubocop-shopify", require: false
 end

data/Gemfile.lock CHANGED Viewed

@@ -1,80 +1,80 @@
 PATH
   remote: .
   specs:
-    shopify_app (18.1.3)
-      browser_sniffer (~> 2.0)
+    shopify_app (19.0.0)
+      activeresource
+      browser_sniffer (~> 1.4.0)
       jwt (>= 2.2.3)
-      omniauth-rails_csrf_protection
-      omniauth-shopify-oauth2 (~> 2.3)
       rails (> 5.2.1)
       redirect_safely (~> 1.0)
-      shopify_api (~> 9.4)
+      shopify_api (~> 10.0)
+      sprockets-rails (>= 2.0.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actioncable (6.1.5)
+      actionpack (= 6.1.5)
+      activesupport (= 6.1.5)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionmailbox (6.1.5)
+      actionpack (= 6.1.5)
+      activejob (= 6.1.5)
+      activerecord (= 6.1.5)
+      activestorage (= 6.1.5)
+      activesupport (= 6.1.5)
       mail (>= 2.7.1)
-    actionmailer (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      actionview (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionmailer (6.1.5)
+      actionpack (= 6.1.5)
+      actionview (= 6.1.5)
+      activejob (= 6.1.5)
+      activesupport (= 6.1.5)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.4.4)
-      actionview (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionpack (6.1.5)
+      actionview (= 6.1.5)
+      activesupport (= 6.1.5)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actiontext (6.1.5)
+      actionpack (= 6.1.5)
+      activerecord (= 6.1.5)
+      activestorage (= 6.1.5)
+      activesupport (= 6.1.5)
       nokogiri (>= 1.8.5)
-    actionview (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionview (6.1.5)
+      activesupport (= 6.1.5)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    activejob (6.1.5)
+      activesupport (= 6.1.5)
       globalid (>= 0.3.6)
-    activemodel (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    activemodel (6.1.5)
+      activesupport (= 6.1.5)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (6.1.4.4)
-      activemodel (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    activerecord (6.1.5)
+      activemodel (= 6.1.5)
+      activesupport (= 6.1.5)
     activeresource (6.0.0)
       activemodel (>= 6.0)
       activemodel-serializers-xml (~> 1.0)
       activesupport (>= 6.0)
-    activestorage (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
-      marcel (~> 1.0.0)
+    activestorage (6.1.5)
+      actionpack (= 6.1.5)
+      activejob (= 6.1.5)
+      activerecord (= 6.1.5)
+      activesupport (= 6.1.5)
+      marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.4.4)
+    activesupport (6.1.5)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -82,101 +82,80 @@ GEM
       zeitwerk (~> 2.3)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    ast (2.4.1)
-    binding_of_caller (0.8.0)
+    ast (2.4.2)
+    binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
-    browser_sniffer (2.0.0)
+    browser_sniffer (1.4.0)
     builder (3.2.4)
     byebug (11.1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.1.9)
-    crack (0.4.4)
+    concurrent-ruby (1.1.10)
+    crack (0.4.5)
+      rexml
     crass (1.0.6)
-    debug_inspector (0.0.3)
+    debug_inspector (1.1.0)
     erubi (1.10.0)
-    faraday (2.3.0)
-      faraday-net_http (~> 2.0)
-      ruby2_keywords (>= 0.0.4)
-    faraday-net_http (2.0.3)
     globalid (1.0.0)
       activesupport (>= 5.0)
-    graphql (2.0.9)
-    graphql-client (0.18.0)
-      activesupport (>= 3.0)
-      graphql
+    hash_diff (1.0.0)
     hashdiff (1.0.1)
-    hashie (5.0.0)
-    i18n (1.9.1)
+    httparty (0.20.0)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     jwt (2.3.0)
-    loofah (2.13.0)
+    loofah (2.15.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     marcel (1.0.2)
-    method_source (0.9.2)
+    method_source (1.0.0)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2022.0105)
     mini_mime (1.1.2)
-    mini_portile2 (2.6.1)
-    minitest (5.14.4)
-    mocha (1.11.2)
-    multi_json (1.15.0)
+    mini_portile2 (2.8.0)
+    minitest (5.15.0)
+    mocha (1.13.0)
     multi_xml (0.6.0)
     nio4r (2.5.8)
-    nokogiri (1.12.5)
-      mini_portile2 (~> 2.6.1)
+    nokogiri (1.13.3)
+      mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
-    oauth2 (1.4.9)
-      faraday (>= 0.17.3, < 3.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (2.1.0)
-      hashie (>= 3.4.6)
-      rack (>= 2.2.3)
-      rack-protection
-    omniauth-oauth2 (1.7.2)
-      oauth2 (~> 1.4)
-      omniauth (>= 1.9, < 3)
-    omniauth-rails_csrf_protection (1.0.1)
-      actionpack (>= 4.2)
-      omniauth (~> 2.0)
-    omniauth-shopify-oauth2 (2.3.2)
-      activesupport
-      omniauth-oauth2 (~> 1.5)
-    parallel (1.20.1)
-    parser (2.7.2.0)
+    oj (3.13.11)
+    openssl (3.0.0)
+    parallel (1.21.0)
+    parser (3.1.0.0)
       ast (~> 2.4.1)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    pry-nav (0.3.0)
-      pry (>= 0.9.10, < 0.13.0)
-    pry-stack_explorer (0.4.9.3)
-      binding_of_caller (>= 0.7)
-      pry (>= 0.9.11)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-nav (1.0.0)
+      pry (>= 0.9.10, < 0.15)
+    pry-stack_explorer (0.6.1)
+      binding_of_caller (~> 1.0)
+      pry (~> 0.13)
     public_suffix (4.0.6)
     racc (1.6.0)
     rack (2.2.3)
-    rack-protection (2.2.0)
-      rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.1.4.4)
-      actioncable (= 6.1.4.4)
-      actionmailbox (= 6.1.4.4)
-      actionmailer (= 6.1.4.4)
-      actionpack (= 6.1.4.4)
-      actiontext (= 6.1.4.4)
-      actionview (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activemodel (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    rails (6.1.5)
+      actioncable (= 6.1.5)
+      actionmailbox (= 6.1.5)
+      actionmailer (= 6.1.5)
+      actionpack (= 6.1.5)
+      actiontext (= 6.1.5)
+      actionview (= 6.1.5)
+      activejob (= 6.1.5)
+      activemodel (= 6.1.5)
+      activerecord (= 6.1.5)
+      activestorage (= 6.1.5)
+      activesupport (= 6.1.5)
       bundler (>= 1.15.0)
-      railties (= 6.1.4.4)
+      railties (= 6.1.5)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -187,38 +166,45 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.4.2)
       loofah (~> 2.3)
-    railties (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    railties (6.1.5)
+      actionpack (= 6.1.5)
+      activesupport (= 6.1.5)
       method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
       thor (~> 1.0)
-    rainbow (3.0.0)
-    rake (13.0.3)
+    rainbow (3.1.1)
+    rake (13.0.6)
     rb-readline (0.5.5)
     redirect_safely (1.0.0)
       activemodel
-    regexp_parser (2.0.0)
+    regexp_parser (2.2.0)
     rexml (3.2.5)
-    rubocop (1.5.2)
+    rubocop (1.25.1)
       parallel (~> 1.10)
-      parser (>= 2.7.1.5)
+      parser (>= 3.1.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 1.2.0, < 2.0)
+      rubocop-ast (>= 1.15.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (1.3.0)
-      parser (>= 2.7.1.5)
-    rubocop-shopify (1.0.7)
-      rubocop (~> 1.4)
-    ruby-progressbar (1.10.1)
-    ruby2_keywords (0.0.5)
-    shopify_api (9.5.1)
-      activeresource (>= 4.1.0)
-      graphql-client
-      rack
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.15.1)
+      parser (>= 3.0.1.1)
+    rubocop-shopify (2.4.0)
+      rubocop (~> 1.24)
+    ruby-progressbar (1.11.0)
+    securerandom (0.2.0)
+    shopify_api (10.0.0)
+      concurrent-ruby
+      hash_diff
+      httparty
+      jwt
+      oj
+      openssl
+      securerandom
+      sorbet-runtime
+      zeitwerk (~> 2.5)
+    sorbet-runtime (0.5.9854)
     sprockets (4.0.3)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -230,9 +216,9 @@ GEM
     thor (1.2.1)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (1.7.0)
-    webmock (3.9.1)
-      addressable (>= 2.3.6)
+    unicode-display_width (2.1.0)
+    webmock (3.14.0)
+      addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
     websocket-driver (0.7.5)
@@ -259,4 +245,4 @@ DEPENDENCIES
   webmock
 BUNDLED WITH
-   2.3.7
+   2.3.5

data/Rakefile CHANGED Viewed

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
-require 'bundler/gem_tasks'
-require 'rake/testtask'
-require File.expand_path('../test/dummy/config/application', __FILE__)
+require "bundler/gem_tasks"
+require "rake/testtask"
+require File.expand_path("../test/dummy/config/application", __FILE__)
 Rails.application.load_tasks

data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module ShopifyApp
       redirect_to(splash_page)
     rescue ShopifyApp::LoginProtection::ShopifyDomainNotFound => error
       Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
-                         "Could not determine current shop domain")
+        "Could not determine current shop domain")
       redirect_to(ShopifyApp.configuration.login_url)
     end

data/app/controllers/shopify_app/authenticated_controller.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   class AuthenticatedController < ActionController::Base
     include ShopifyApp::Authenticated

data/app/controllers/shopify_app/callback_controller.rb CHANGED Viewed

@@ -6,15 +6,28 @@ module ShopifyApp
     include ShopifyApp::LoginProtection
     def callback
-      return respond_with_error if invalid_request?
-      store_access_token_and_build_session
-      if start_user_token_flow?
-        return respond_with_user_token_flow
+      begin
+        filtered_params = request.parameters.symbolize_keys.slice(:code, :shop, :timestamp, :state, :host, :hmac)
+        auth_result = ShopifyAPI::Auth::Oauth.validate_auth_callback(
+          cookies: {
+            ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME =>
+              cookies.encrypted[ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME],
+          },
+          auth_query: ShopifyAPI::Auth::Oauth::AuthQuery.new(**filtered_params)
+        )
+      rescue
+        return respond_with_error
       end
-      perform_post_authenticate_jobs
+      cookies.encrypted[auth_result[:cookie].name] = {
+        expires: auth_result[:cookie].expires,
+        secure: true,
+        http_only: true,
+        value: auth_result[:cookie].value,
+      }
+      perform_post_authenticate_jobs(auth_result[:session])
       respond_successfully
     end
@@ -22,162 +35,37 @@ module ShopifyApp
     private
     def respond_successfully
-      if jwt_request?
-        head(:ok)
-      else
-        redirect_to(return_address)
-      end
-    end
-    def respond_with_user_token_flow
-      redirect_to(login_url_with_optional_shop)
-    end
-    def store_access_token_and_build_session
-      if native_browser_request?
-        reset_session_options
-      end
-      set_shopify_session
-    end
-    def invalid_request?
-      return true unless auth_hash
-      jwt_request? && !valid_jwt_auth?
-    end
-    def native_browser_request?
-      !jwt_request?
-    end
-    def perform_post_authenticate_jobs
-      install_webhooks
-      install_scripttags
-      perform_after_authenticate_job
+      redirect_to(return_address)
     end
     def respond_with_error
-      if jwt_request?
-        head(:unauthorized)
-      else
-        flash[:error] = I18n.t('could_not_log_in')
-        redirect_to(login_url_with_optional_shop)
-      end
-    end
-    # Override user_session_by_cookie from LoginProtection to bypass allow_cookie_authentication
-    # setting check because session cookies are justified at top level
-    def user_session_by_cookie
-      return unless session[:user_id].present?
-      ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
-    end
-    def start_user_token_flow?
-      if jwt_request?
-        false
-      else
-        return false unless ShopifyApp::SessionRepository.user_storage.present?
-        update_user_access_scopes?
-      end
-    end
-    def update_user_access_scopes?
-      return true if user_session.blank?
-      user_access_scopes_strategy.update_access_scopes?(user_id: session[:user_id])
-    end
-    def user_access_scopes_strategy
-      ShopifyApp.configuration.user_access_scopes_strategy
-    end
-    def jwt_request?
-      jwt_shopify_domain || jwt_shopify_user_id
-    end
-    def valid_jwt_auth?
-      auth_hash && jwt_shopify_domain == shop_name && jwt_shopify_user_id == associated_user_id
-    end
-    def auth_hash
-      request.env['omniauth.auth']
-    end
-    def shop_name
-      auth_hash.uid
-    end
-    def offline_access_token
-      ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(shop_name)&.token
-    end
-    def online_access_token
-      ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(associated_user_id)&.token
-    end
-    def associated_user
-      return unless auth_hash.dig('extra', 'associated_user').present?
-      auth_hash['extra']['associated_user'].merge('scope' => auth_hash['extra']['associated_user_scope'])
-    end
-    def associated_user_id
-      associated_user && associated_user['id']
-    end
-    def token
-      auth_hash['credentials']['token']
-    end
-    def access_scopes
-      auth_hash.dig('extra', 'scope')
-    end
-    def reset_session_options
-      request.session_options[:renew] = true
-      session.delete(:_csrf_token)
+      flash[:error] = I18n.t("could_not_log_in")
+      redirect_to(login_url_with_optional_shop)
     end
-    def set_shopify_session
-      session_store = ShopifyAPI::Session.new(
-        domain: shop_name,
-        token: token,
-        api_version: ShopifyApp.configuration.api_version,
-        access_scopes: access_scopes
-      )
-      session[:shopify_user] = associated_user
-      if session[:shopify_user].present?
-        session[:shop_id] = nil if shop_session && shop_session.domain != shop_name
-        session[:user_id] = ShopifyApp::SessionRepository.store_user_session(session_store, associated_user)
-      else
-        session[:shop_id] = ShopifyApp::SessionRepository.store_shop_session(session_store)
-        session[:user_id] = nil if user_session && user_session.domain != shop_name
-      end
-      session[:shopify_domain] = shop_name
-      session[:user_session] = auth_hash&.extra&.session
+    def perform_post_authenticate_jobs(session)
+      install_webhooks(session)
+      install_scripttags(session)
+      perform_after_authenticate_job(session)
     end
-    def install_webhooks
+    def install_webhooks(session)
       return unless ShopifyApp.configuration.has_webhooks?
-      WebhooksManager.queue(
-        shop_name,
-        offline_access_token || online_access_token,
-        ShopifyApp.configuration.webhooks
-      )
+      WebhooksManager.queue(session.shop, session.access_token)
     end
-    def install_scripttags
+    def install_scripttags(session)
       return unless ShopifyApp.configuration.has_scripttags?
       ScripttagsManager.queue(
-        shop_name,
-        offline_access_token || online_access_token,
+        session.shop,
+        session.access_token,
         ShopifyApp.configuration.scripttags
       )
     end
-    def perform_after_authenticate_job
+    def perform_after_authenticate_job(session)
       config = ShopifyApp.configuration.after_authenticate_job
       return unless config && config[:job].present?
@@ -186,9 +74,9 @@ module ShopifyApp
       job = job.constantize if job.is_a?(String)
       if config[:inline] == true
-        job.perform_now(shop_domain: session[:shopify_domain])
+        job.perform_now(shop_domain: session.shop)
       else
-        job.perform_later(shop_domain: session[:shopify_domain])
+        job.perform_later(shop_domain: session.shop)
       end
     end
   end