shopify_app 19.0.1 → 19.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72e23179bc96ee7554d430caf9f65f2825da96666a0624151aa179b6382a6268
-  data.tar.gz: f1f3ec37cf00854d29994e8c2c1bdec45703e17af36df0aee08b64e2f2cd5e76
+  metadata.gz: d047c2c86697b849fa77f14bf2d264f752d25e8756254f2bd87f1f788b1a71e4
+  data.tar.gz: c8f75825dbfefb68fb068d21b794fe6b1f7a07fe43c6a875810fe9f9207ca970
 SHA512:
-  metadata.gz: 11e539a05f8c56e0dc9c63a0fbd0eb8d6f691802379f8a3882af4884eb7e4c6b855966cca2d524a28668121fd8f44e11cb6f0848103299ab481dcdbd630ce581
-  data.tar.gz: 60ff179a629a53fc5f9a7ebfeeea7459f3e4c5d31d7242d463e8a6443c104f660362a42c00eb503dfa63dddff8fe650ed75d803b50cf3a00a3a565674df070d2
+  metadata.gz: ccca162565545b8edf66dd3dc336df29b75f54020ade68f20f691aaf6c583d473a5c0b2af83cfd45f3ddfcdeee06c923ba82b023792f0865dc99ea721930130a
+  data.tar.gz: e7ba37bf6451e51bf9a4d848b0466808c2c89caca5581f9685fa1e14c6b0c06b8c9cfa0f4fd4631b10d7d13efd056592a73eb02e822b69679f7b752fad404ec9

data/CHANGELOG.md

@@ -1,3 +1,12 @@
+Unreleased
+----------
+
+19.0.2 (April 27, 2022)
+----------
+
+* Fix regression in apps using online tokens. [#1413](https://github.com/Shopify/shopify_app/pull/1413)
+* Bump [Shopify API](https://github.com/Shopify/shopify_api) to version 10.0.3. It includes [these fixes](https://github.com/Shopify/shopify_api/blob/main/CHANGELOG.md#version-1003).
+
 19.0.1 (April 11, 2022)
 ----------
 * Bump Shopify API (https://github.com/Shopify/shopify_api) to version 10.0.2. This update includes patch fixes since the initial v10 release.

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    shopify_app (19.0.1)
+    shopify_app (19.0.2)
       activeresource
       browser_sniffer (~> 1.4.0)
       jwt (>= 2.2.3)
@@ -121,7 +121,7 @@ GEM
     mocha (1.13.0)
     multi_xml (0.6.0)
     nio4r (2.5.8)
-    nokogiri (1.13.3)
+    nokogiri (1.13.4)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     oj (3.13.11)
@@ -194,7 +194,7 @@ GEM
       rubocop (~> 1.24)
     ruby-progressbar (1.11.0)
     securerandom (0.2.0)
-    shopify_api (10.0.2)
+    shopify_api (10.0.3)
       concurrent-ruby
       hash_diff
       httparty
@@ -204,7 +204,7 @@ GEM
       securerandom
       sorbet-runtime
       zeitwerk (~> 2.5)
-    sorbet-runtime (0.5.9874)
+    sorbet-runtime (0.5.9944)
     sprockets (4.0.3)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)

data/app/controllers/shopify_app/callback_controller.rb

@@ -27,6 +27,12 @@ module ShopifyApp
         value: auth_result[:cookie].value,
       }
 
+      session[:shopify_user_id] = auth_result[:session].associated_user.id if auth_result[:session].online?
+
+      if start_user_token_flow?(auth_result[:session])
+        return respond_with_user_token_flow
+      end
+
       perform_post_authenticate_jobs(auth_result[:session])
 
       respond_successfully
@@ -43,6 +49,25 @@ module ShopifyApp
       redirect_to(login_url_with_optional_shop)
     end
 
+    def respond_with_user_token_flow
+      redirect_to(login_url_with_optional_shop)
+    end
+
+    def start_user_token_flow?(shopify_session)
+      return false unless ShopifyApp::SessionRepository.user_storage.present?
+      return false if shopify_session.online?
+      update_user_access_scopes?
+    end
+
+    def update_user_access_scopes?
+      return true if session[:shopify_user_id].nil?
+      user_access_scopes_strategy.update_access_scopes?(shopify_user_id: session[:shopify_user_id])
+    end
+
+    def user_access_scopes_strategy
+      ShopifyApp.configuration.user_access_scopes_strategy
+    end
+
     def perform_post_authenticate_jobs(session)
       install_webhooks(session)
       install_scripttags(session)

data/docs/Upgrading.md

@@ -31,7 +31,7 @@ gem.
   `config/initializers/shopify_app.rb` as the decision logic for which authentication method to use is now handled
   internally by the `shopify_api` gem, using the `ShopifyAPI::Context.embedded_app` setting.
 * `v19.0.0` updates the `shopify_api` dependency to `10.0.0`. This version of `shopify_api` has breaking changes. See
-  the documentation for addressing these breaking changes on GitHub [here](https://github.com/Shopify/shopify_api/blob/add_breaking_change_log_v10/README.md#breaking-change-notice-for-version-1000).
+  the documentation for addressing these breaking changes on GitHub [here](https://github.com/Shopify/shopify_api#breaking-change-notice-for-version-1000).
 
 ### Specific cases
 

data/lib/shopify_app/controller_concerns/login_protection.rb

@@ -232,7 +232,13 @@ module ShopifyApp
       current_shopify_session && params[:shop].is_a?(String) && current_shopify_session.shop != params[:shop]
     end
 
+    def shop_session
+      ShopifyApp::SessionRepository.retrieve_shop_session_by_shopify_domain(sanitize_shop_param(params))
+    end
+
     def user_session_expected?
+      return false if shop_session.nil?
+      return false if ShopifyApp.configuration.shop_access_scopes_strategy.update_access_scopes?(shop_session.shop)
       !ShopifyApp.configuration.user_session_repository.blank? && ShopifyApp::SessionRepository.user_storage.present?
     end
   end

data/lib/shopify_app/session/session_repository.rb

@@ -46,7 +46,7 @@ module ShopifyApp
       # ShopifyAPI::Auth::SessionStorage override
       def store_session(session)
         if session.online?
-          user_storage.store(session, session.associated_user.id.to_s)
+          user_storage.store(session, session.associated_user)
         else
           shop_storage.store(session)
         end

data/lib/shopify_app/session/user_session_storage_with_scopes.rb

@@ -11,7 +11,7 @@ module ShopifyApp
 
     class_methods do
       def store(auth_session, user)
-        user = find_or_initialize_by(shopify_user_id: user[:id])
+        user = find_or_initialize_by(shopify_user_id: user.id)
         user.shopify_token = auth_session.access_token
         user.shopify_domain = auth_session.shop
         user.access_scopes = auth_session.scope.to_s

data/lib/shopify_app/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ShopifyApp
-  VERSION = "19.0.1"
+  VERSION = "19.0.2"
 end

data/yarn.lock

@@ -3515,9 +3515,9 @@ minimatch@3.0.4, minimatch@^3.0.4:
     brace-expansion "^1.1.7"
 
 minimist@^1.2.0, minimist@^1.2.3, minimist@^1.2.5:
-  version "1.2.5"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
-  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
+  version "1.2.6"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44"
+  integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
 
 mississippi@^3.0.0:
   version "3.0.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 19.0.1
+  version: 19.0.2
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-11 00:00:00.000000000 Z
+date: 2022-04-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activeresource