RubyGems - shopify_app - Versions diffs - 18.1.3 → 19.0.0 - Mend

shopify_app 18.1.3 → 19.0.0

Files changed (88) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72f82b74b58afbd537a042ee0b4f662dfe0ff4ba3a3e50961ca5548d0faf949c
-  data.tar.gz: 57fc402338880daae022582fd94e3c7f7d504d7d63e93c62f708728f48c95baa
+  metadata.gz: 68bc78da7e88e7482f179b4d8ce4cf6734f3595631007e047c59a3a31cfcc7f3
+  data.tar.gz: 84e0a185dfc9e34e80749db04c1b1a218fb0aed3499379e532c9a5903da3706a
 SHA512:
-  metadata.gz: 4787465beea494d6711b9086a25d2dd73584b4be292b12e559b4f3b5bee74c13a8da215a341b28556a2749ab36537fe7855b1d6de766170a90f06d6dc02326bf
-  data.tar.gz: a97ea3bead071112b72eeeb49590f936c6cc39939acfa05e83fb425005422fba56c3dbb9ea5de404772c1daedc458b0f7d67dd1e116b2161110914465ed20e93
+  metadata.gz: fe5829d4783dcee78ae5141f51b1e177f65fcae58407101b25af7a83b467c9d3586e58a58785d7fb1730e8c7be34861c6f2cfc62e1e36c4527486e529da74910
+  data.tar.gz: e125dd848ea4faf473ea39d38dd186114dad9bf7ce1ebe4083bbf121fec18ba165936e28f7be0ee485b92426ed4f0cb76743a7cb014de5edbfdc85a4d8511489

data/.github/workflows/build.yml CHANGED Viewed

@@ -2,9 +2,9 @@ name: CI
 on:
   push:
-    branches: [ master, v18 ]
+    branches: [ main ]
   pull_request:
-    branches: [ master, v18 ]
+    branches: [ main ]
 jobs:
   build:

data/.gitignore CHANGED Viewed

@@ -7,6 +7,7 @@ doc/
 *.log
 *.sqlite3
 test/tmp/*
+test/.generated/*
 .idea
 # ignore sprockets cache
 /test/dummy/tmp/*

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,7 @@
-18.1.3 (Jun 2, 2022)
+19.0.0 (April 6, 2022)
 ----------
-* Update browser_sniffer to 2.0.0
+* Use v10 of the Shopify API (https://github.com/Shopify/shopify_api). This update requires changes to an app - please refer to the [migration guide](https://github.com/Shopify/shopify_app/blob/main/docs/Upgrading.md) for details.
+BREAKING, please see migration notes.
 18.1.2 (Mar 3, 2022)
 ----------

data/Gemfile CHANGED Viewed

@@ -1,11 +1,12 @@
 # frozen_string_literal: true
 source "https://rubygems.org"
 # Specify your gem's dependencies in shopify_app.gemspec
 gemspec
-gem 'rails-controller-testing', group: :test
+gem "rails-controller-testing", group: :test
 group :rubocop do
-  gem 'rubocop-shopify', require: false
+  gem "rubocop-shopify", require: false
 end

data/Gemfile.lock CHANGED Viewed

@@ -1,80 +1,80 @@
 PATH
   remote: .
   specs:
-    shopify_app (18.1.3)
-      browser_sniffer (~> 2.0)
+    shopify_app (19.0.0)
+      activeresource
+      browser_sniffer (~> 1.4.0)
       jwt (>= 2.2.3)
-      omniauth-rails_csrf_protection
-      omniauth-shopify-oauth2 (~> 2.3)
       rails (> 5.2.1)
       redirect_safely (~> 1.0)
-      shopify_api (~> 9.4)
+      shopify_api (~> 10.0)
+      sprockets-rails (>= 2.0.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actioncable (6.1.5)
+      actionpack (= 6.1.5)
+      activesupport (= 6.1.5)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionmailbox (6.1.5)
+      actionpack (= 6.1.5)
+      activejob (= 6.1.5)
+      activerecord (= 6.1.5)
+      activestorage (= 6.1.5)
+      activesupport (= 6.1.5)
       mail (>= 2.7.1)
-    actionmailer (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      actionview (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionmailer (6.1.5)
+      actionpack (= 6.1.5)
+      actionview (= 6.1.5)
+      activejob (= 6.1.5)
+      activesupport (= 6.1.5)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.4.4)
-      actionview (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionpack (6.1.5)
+      actionview (= 6.1.5)
+      activesupport (= 6.1.5)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actiontext (6.1.5)
+      actionpack (= 6.1.5)
+      activerecord (= 6.1.5)
+      activestorage (= 6.1.5)
+      activesupport (= 6.1.5)
       nokogiri (>= 1.8.5)
-    actionview (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionview (6.1.5)
+      activesupport (= 6.1.5)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    activejob (6.1.5)
+      activesupport (= 6.1.5)
       globalid (>= 0.3.6)
-    activemodel (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    activemodel (6.1.5)
+      activesupport (= 6.1.5)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (6.1.4.4)
-      activemodel (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    activerecord (6.1.5)
+      activemodel (= 6.1.5)
+      activesupport (= 6.1.5)
     activeresource (6.0.0)
       activemodel (>= 6.0)
       activemodel-serializers-xml (~> 1.0)
       activesupport (>= 6.0)
-    activestorage (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
-      marcel (~> 1.0.0)
+    activestorage (6.1.5)
+      actionpack (= 6.1.5)
+      activejob (= 6.1.5)
+      activerecord (= 6.1.5)
+      activesupport (= 6.1.5)
+      marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.4.4)
+    activesupport (6.1.5)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -82,101 +82,80 @@ GEM
       zeitwerk (~> 2.3)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    ast (2.4.1)
-    binding_of_caller (0.8.0)
+    ast (2.4.2)
+    binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
-    browser_sniffer (2.0.0)
+    browser_sniffer (1.4.0)
     builder (3.2.4)
     byebug (11.1.3)
     coderay (1.1.3)
-    concurrent-ruby (1.1.9)
-    crack (0.4.4)
+    concurrent-ruby (1.1.10)
+    crack (0.4.5)
+      rexml
     crass (1.0.6)
-    debug_inspector (0.0.3)
+    debug_inspector (1.1.0)
     erubi (1.10.0)
-    faraday (2.3.0)
-      faraday-net_http (~> 2.0)
-      ruby2_keywords (>= 0.0.4)
-    faraday-net_http (2.0.3)
     globalid (1.0.0)
       activesupport (>= 5.0)
-    graphql (2.0.9)
-    graphql-client (0.18.0)
-      activesupport (>= 3.0)
-      graphql
+    hash_diff (1.0.0)
     hashdiff (1.0.1)
-    hashie (5.0.0)
-    i18n (1.9.1)
+    httparty (0.20.0)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     jwt (2.3.0)
-    loofah (2.13.0)
+    loofah (2.15.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     marcel (1.0.2)
-    method_source (0.9.2)
+    method_source (1.0.0)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2022.0105)
     mini_mime (1.1.2)
-    mini_portile2 (2.6.1)
-    minitest (5.14.4)
-    mocha (1.11.2)
-    multi_json (1.15.0)
+    mini_portile2 (2.8.0)
+    minitest (5.15.0)
+    mocha (1.13.0)
     multi_xml (0.6.0)
     nio4r (2.5.8)
-    nokogiri (1.12.5)
-      mini_portile2 (~> 2.6.1)
+    nokogiri (1.13.3)
+      mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
-    oauth2 (1.4.9)
-      faraday (>= 0.17.3, < 3.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    omniauth (2.1.0)
-      hashie (>= 3.4.6)
-      rack (>= 2.2.3)
-      rack-protection
-    omniauth-oauth2 (1.7.2)
-      oauth2 (~> 1.4)
-      omniauth (>= 1.9, < 3)
-    omniauth-rails_csrf_protection (1.0.1)
-      actionpack (>= 4.2)
-      omniauth (~> 2.0)
-    omniauth-shopify-oauth2 (2.3.2)
-      activesupport
-      omniauth-oauth2 (~> 1.5)
-    parallel (1.20.1)
-    parser (2.7.2.0)
+    oj (3.13.11)
+    openssl (3.0.0)
+    parallel (1.21.0)
+    parser (3.1.0.0)
       ast (~> 2.4.1)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    pry-nav (0.3.0)
-      pry (>= 0.9.10, < 0.13.0)
-    pry-stack_explorer (0.4.9.3)
-      binding_of_caller (>= 0.7)
-      pry (>= 0.9.11)
+    pry (0.14.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-nav (1.0.0)
+      pry (>= 0.9.10, < 0.15)
+    pry-stack_explorer (0.6.1)
+      binding_of_caller (~> 1.0)
+      pry (~> 0.13)
     public_suffix (4.0.6)
     racc (1.6.0)
     rack (2.2.3)
-    rack-protection (2.2.0)
-      rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.1.4.4)
-      actioncable (= 6.1.4.4)
-      actionmailbox (= 6.1.4.4)
-      actionmailer (= 6.1.4.4)
-      actionpack (= 6.1.4.4)
-      actiontext (= 6.1.4.4)
-      actionview (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activemodel (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    rails (6.1.5)
+      actioncable (= 6.1.5)
+      actionmailbox (= 6.1.5)
+      actionmailer (= 6.1.5)
+      actionpack (= 6.1.5)
+      actiontext (= 6.1.5)
+      actionview (= 6.1.5)
+      activejob (= 6.1.5)
+      activemodel (= 6.1.5)
+      activerecord (= 6.1.5)
+      activestorage (= 6.1.5)
+      activesupport (= 6.1.5)
       bundler (>= 1.15.0)
-      railties (= 6.1.4.4)
+      railties (= 6.1.5)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -187,38 +166,45 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.4.2)
       loofah (~> 2.3)
-    railties (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    railties (6.1.5)
+      actionpack (= 6.1.5)
+      activesupport (= 6.1.5)
       method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
       thor (~> 1.0)
-    rainbow (3.0.0)
-    rake (13.0.3)
+    rainbow (3.1.1)
+    rake (13.0.6)
     rb-readline (0.5.5)
     redirect_safely (1.0.0)
       activemodel
-    regexp_parser (2.0.0)
+    regexp_parser (2.2.0)
     rexml (3.2.5)
-    rubocop (1.5.2)
+    rubocop (1.25.1)
       parallel (~> 1.10)
-      parser (>= 2.7.1.5)
+      parser (>= 3.1.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml
-      rubocop-ast (>= 1.2.0, < 2.0)
+      rubocop-ast (>= 1.15.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (1.3.0)
-      parser (>= 2.7.1.5)
-    rubocop-shopify (1.0.7)
-      rubocop (~> 1.4)
-    ruby-progressbar (1.10.1)
-    ruby2_keywords (0.0.5)
-    shopify_api (9.5.1)
-      activeresource (>= 4.1.0)
-      graphql-client
-      rack
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.15.1)
+      parser (>= 3.0.1.1)
+    rubocop-shopify (2.4.0)
+      rubocop (~> 1.24)
+    ruby-progressbar (1.11.0)
+    securerandom (0.2.0)
+    shopify_api (10.0.0)
+      concurrent-ruby
+      hash_diff
+      httparty
+      jwt
+      oj
+      openssl
+      securerandom
+      sorbet-runtime
+      zeitwerk (~> 2.5)
+    sorbet-runtime (0.5.9854)
     sprockets (4.0.3)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -230,9 +216,9 @@ GEM
     thor (1.2.1)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (1.7.0)
-    webmock (3.9.1)
-      addressable (>= 2.3.6)
+    unicode-display_width (2.1.0)
+    webmock (3.14.0)
+      addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
     websocket-driver (0.7.5)
@@ -259,4 +245,4 @@ DEPENDENCIES
   webmock
 BUNDLED WITH
-   2.3.7
+   2.3.5

data/Rakefile CHANGED Viewed

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
-require 'bundler/gem_tasks'
-require 'rake/testtask'
-require File.expand_path('../test/dummy/config/application', __FILE__)
+require "bundler/gem_tasks"
+require "rake/testtask"
+require File.expand_path("../test/dummy/config/application", __FILE__)
 Rails.application.load_tasks

data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module ShopifyApp
       redirect_to(splash_page)
     rescue ShopifyApp::LoginProtection::ShopifyDomainNotFound => error
       Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
-                         "Could not determine current shop domain")
+        "Could not determine current shop domain")
       redirect_to(ShopifyApp.configuration.login_url)
     end

data/app/controllers/shopify_app/authenticated_controller.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 module ShopifyApp
   class AuthenticatedController < ActionController::Base
     include ShopifyApp::Authenticated

data/app/controllers/shopify_app/callback_controller.rb CHANGED Viewed

@@ -6,15 +6,28 @@ module ShopifyApp
     include ShopifyApp::LoginProtection
     def callback
-      return respond_with_error if invalid_request?
-      store_access_token_and_build_session
-      if start_user_token_flow?
-        return respond_with_user_token_flow
+      begin
+        filtered_params = request.parameters.symbolize_keys.slice(:code, :shop, :timestamp, :state, :host, :hmac)
+        auth_result = ShopifyAPI::Auth::Oauth.validate_auth_callback(
+          cookies: {
+            ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME =>
+              cookies.encrypted[ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME],
+          },
+          auth_query: ShopifyAPI::Auth::Oauth::AuthQuery.new(**filtered_params)
+        )
+      rescue
+        return respond_with_error
       end
-      perform_post_authenticate_jobs
+      cookies.encrypted[auth_result[:cookie].name] = {
+        expires: auth_result[:cookie].expires,
+        secure: true,
+        http_only: true,
+        value: auth_result[:cookie].value,
+      }
+      perform_post_authenticate_jobs(auth_result[:session])
       respond_successfully
     end
@@ -22,162 +35,37 @@ module ShopifyApp
     private
     def respond_successfully
-      if jwt_request?
-        head(:ok)
-      else
-        redirect_to(return_address)
-      end
-    end
-    def respond_with_user_token_flow
-      redirect_to(login_url_with_optional_shop)
-    end
-    def store_access_token_and_build_session
-      if native_browser_request?
-        reset_session_options
-      end
-      set_shopify_session
-    end
-    def invalid_request?
-      return true unless auth_hash
-      jwt_request? && !valid_jwt_auth?
-    end
-    def native_browser_request?
-      !jwt_request?
-    end
-    def perform_post_authenticate_jobs
-      install_webhooks
-      install_scripttags
-      perform_after_authenticate_job
+      redirect_to(return_address)
     end
     def respond_with_error
-      if jwt_request?
-        head(:unauthorized)
-      else
-        flash[:error] = I18n.t('could_not_log_in')
-        redirect_to(login_url_with_optional_shop)
-      end
-    end
-    # Override user_session_by_cookie from LoginProtection to bypass allow_cookie_authentication
-    # setting check because session cookies are justified at top level
-    def user_session_by_cookie
-      return unless session[:user_id].present?
-      ShopifyApp::SessionRepository.retrieve_user_session(session[:user_id])
-    end
-    def start_user_token_flow?
-      if jwt_request?
-        false
-      else
-        return false unless ShopifyApp::SessionRepository.user_storage.present?
-        update_user_access_scopes?
-      end
-    end
-    def update_user_access_scopes?
-      return true if user_session.blank?
-      user_access_scopes_strategy.update_access_scopes?(user_id: session[:user_id])
-    end
-    def user_access_scopes_strategy
-      ShopifyApp.configuration.user_access_scopes_strategy
-    end
-    def jwt_request?
-      jwt_shopify_domain || jwt_shopify_user_id
-    end
-    def valid_jwt_auth?
-      auth_hash && jwt_shopify_domain == shop_name && jwt_shopify_user_id == associated_user_id
-    end
-    def auth_hash
-      request.env['omniauth.auth']
-    end
-    def shop_name
-      auth_hash.uid
-    end
-    def offline_access_token
-      ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(shop_name)&.token
-    end
-    def online_access_token
-      ShopifyApp::SessionRepository.retrieve_user_session_by_shopify_user_id(associated_user_id)&.token
-    end
-    def associated_user
-      return unless auth_hash.dig('extra', 'associated_user').present?
-      auth_hash['extra']['associated_user'].merge('scope' => auth_hash['extra']['associated_user_scope'])
-    end
-    def associated_user_id
-      associated_user && associated_user['id']
-    end
-    def token
-      auth_hash['credentials']['token']
-    end
-    def access_scopes
-      auth_hash.dig('extra', 'scope')
-    end
-    def reset_session_options
-      request.session_options[:renew] = true
-      session.delete(:_csrf_token)
+      flash[:error] = I18n.t("could_not_log_in")
+      redirect_to(login_url_with_optional_shop)
     end
-    def set_shopify_session
-      session_store = ShopifyAPI::Session.new(
-        domain: shop_name,
-        token: token,
-        api_version: ShopifyApp.configuration.api_version,
-        access_scopes: access_scopes
-      )
-      session[:shopify_user] = associated_user
-      if session[:shopify_user].present?
-        session[:shop_id] = nil if shop_session && shop_session.domain != shop_name
-        session[:user_id] = ShopifyApp::SessionRepository.store_user_session(session_store, associated_user)
-      else
-        session[:shop_id] = ShopifyApp::SessionRepository.store_shop_session(session_store)
-        session[:user_id] = nil if user_session && user_session.domain != shop_name
-      end
-      session[:shopify_domain] = shop_name
-      session[:user_session] = auth_hash&.extra&.session
+    def perform_post_authenticate_jobs(session)
+      install_webhooks(session)
+      install_scripttags(session)
+      perform_after_authenticate_job(session)
     end
-    def install_webhooks
+    def install_webhooks(session)
       return unless ShopifyApp.configuration.has_webhooks?
-      WebhooksManager.queue(
-        shop_name,
-        offline_access_token || online_access_token,
-        ShopifyApp.configuration.webhooks
-      )
+      WebhooksManager.queue(session.shop, session.access_token)
     end
-    def install_scripttags
+    def install_scripttags(session)
       return unless ShopifyApp.configuration.has_scripttags?
       ScripttagsManager.queue(
-        shop_name,
-        offline_access_token || online_access_token,
+        session.shop,
+        session.access_token,
         ShopifyApp.configuration.scripttags
       )
     end
-    def perform_after_authenticate_job
+    def perform_after_authenticate_job(session)
       config = ShopifyApp.configuration.after_authenticate_job
       return unless config && config[:job].present?
@@ -186,9 +74,9 @@ module ShopifyApp
       job = job.constantize if job.is_a?(String)
       if config[:inline] == true
-        job.perform_now(shop_domain: session[:shopify_domain])
+        job.perform_now(shop_domain: session.shop)
       else
-        job.perform_later(shop_domain: session[:shopify_domain])
+        job.perform_later(shop_domain: session.shop)
       end
     end
   end