shopify_app 21.2.0 → 21.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build.yml +7 -8
  3. data/.github/workflows/stale.yml +1 -0
  4. data/.spin/rails/prepare-application +8 -0
  5. data/CHANGELOG.md +15 -0
  6. data/Gemfile +1 -0
  7. data/Gemfile.lock +106 -91
  8. data/README.md +19 -15
  9. data/SECURITY.md +1 -1
  10. data/app/controllers/concerns/shopify_app/authenticated.rb +4 -9
  11. data/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb +3 -2
  12. data/app/controllers/concerns/shopify_app/ensure_has_session.rb +19 -0
  13. data/app/controllers/concerns/shopify_app/ensure_installed.rb +62 -0
  14. data/app/controllers/concerns/shopify_app/require_known_shop.rb +3 -38
  15. data/app/controllers/shopify_app/authenticated_controller.rb +1 -1
  16. data/app/controllers/shopify_app/callback_controller.rb +64 -27
  17. data/app/controllers/shopify_app/extension_verification_controller.rb +4 -1
  18. data/app/controllers/shopify_app/sessions_controller.rb +11 -2
  19. data/config/locales/ja.yml +1 -1
  20. data/docs/Troubleshooting.md +38 -2
  21. data/docs/Upgrading.md +40 -32
  22. data/docs/shopify_app/controller-concerns.md +48 -0
  23. data/docs/shopify_app/logging.md +21 -0
  24. data/docs/shopify_app/webhooks.md +13 -0
  25. data/lib/generators/shopify_app/add_app_uninstalled_job/add_app_uninstalled_job_generator.rb +15 -0
  26. data/lib/generators/shopify_app/add_app_uninstalled_job/templates/app_uninstalled_job.rb.tt +22 -0
  27. data/lib/generators/shopify_app/add_gdpr_jobs/add_gdpr_jobs_generator.rb +23 -0
  28. data/lib/generators/shopify_app/add_gdpr_jobs/templates/customers_data_request_job.rb.tt +22 -0
  29. data/lib/generators/shopify_app/add_gdpr_jobs/templates/customers_redact_job.rb.tt +22 -0
  30. data/lib/generators/shopify_app/add_gdpr_jobs/templates/shop_redact_job.rb.tt +22 -0
  31. data/lib/generators/shopify_app/add_marketing_activity_extension/add_marketing_activity_extension_generator.rb +1 -0
  32. data/lib/generators/shopify_app/add_marketing_activity_extension/templates/marketing_activities_controller.rb +2 -1
  33. data/lib/generators/shopify_app/add_webhook/templates/webhook_job.rb.tt +2 -1
  34. data/lib/generators/shopify_app/authenticated_controller/templates/authenticated_controller.rb +1 -1
  35. data/lib/generators/shopify_app/home_controller/templates/index.html.erb +1 -1
  36. data/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb +1 -1
  37. data/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +8 -2
  38. data/lib/generators/shopify_app/rotate_shopify_token_job/templates/rotate_shopify_token_job.rb +1 -1
  39. data/lib/generators/shopify_app/shopify_app_generator.rb +2 -0
  40. data/lib/shopify_app/access_scopes/noop_strategy.rb +4 -0
  41. data/lib/shopify_app/access_scopes/user_strategy.rb +5 -0
  42. data/lib/shopify_app/configuration.rb +11 -0
  43. data/lib/shopify_app/controller_concerns/ensure_billing.rb +3 -0
  44. data/lib/shopify_app/controller_concerns/itp.rb +5 -0
  45. data/lib/shopify_app/controller_concerns/login_protection.rb +52 -13
  46. data/lib/shopify_app/controller_concerns/redirect_for_embedded.rb +4 -1
  47. data/lib/shopify_app/controller_concerns/webhook_verification.rb +4 -1
  48. data/lib/shopify_app/logger.rb +28 -0
  49. data/lib/shopify_app/managers/scripttags_manager.rb +1 -0
  50. data/lib/shopify_app/managers/webhooks_manager.rb +6 -0
  51. data/lib/shopify_app/session/jwt.rb +1 -1
  52. data/lib/shopify_app/session/session_repository.rb +15 -4
  53. data/lib/shopify_app/version.rb +1 -1
  54. data/lib/shopify_app.rb +2 -0
  55. data/shopify_app.gemspec +2 -1
  56. data/yarn.lock +5 -5
  57. metadata +30 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9c7c689ea4654dcf93dc5f933b05f72977a330728aaf84ec7cd8ab8bc0f3c4e1
4
- data.tar.gz: 10931771d0548d1652d43eac26cc6600a6196489c18ca0b114b9f7031787d366
3
+ metadata.gz: 89cc2a310a1182a7efc057933dafe337c0ba070732f40d920245741be7666c17
4
+ data.tar.gz: 2f981c756c218d2971687cd7e3f86a62b69b77fb49e343610523c8d8c77bb143
5
5
  SHA512:
6
- metadata.gz: 2928dea2f397750d74f206be9389f2bb4bc4680310109f2ede4822bbc58ea4e8a0177a1404a6701759dbaf366f0b6d634606c0f580a1572a5d0dfaa5ed02ec1c
7
- data.tar.gz: b3c6cdb2c899a3211d4c5bb492855bd528de06825366426b26d4899e7860fcd35438a9ba521d57a9a903c62e8ddf827fc6da0ca5b60ba430ee583380324a475f
6
+ metadata.gz: db13b7a1991ef855604d7734a79b4812f010bddc4937636c7c96594f8cbecd8daafd562ea3be6cd137887d799bb1d654eb951509334d04e17056b8c4582d4c14
7
+ data.tar.gz: 386345a2947c3e0c42f2ad9f2433e2702a823ede57bdd4efe73899703141c1fc58855bb451b3785c07536177f997385f6513a60e8fa1808a8de146cc33b1a294
@@ -28,13 +28,12 @@ jobs:
28
28
  ruby-version: ${{ matrix.version }}
29
29
  bundler-cache: true
30
30
  - name: Set up Node
31
- uses: actions/setup-node@v2-beta
31
+ uses: actions/setup-node@v3
32
32
  with:
33
33
  node-version: '12'
34
- - name: Install Dependencies
35
- run: |
36
- yarn
37
- - name: Run Tests
38
- run: |
39
- yarn test
40
- bundle exec rake test
34
+ - name: Install Yarn Dependencies
35
+ run: yarn
36
+ - name: Run Yarn Tests
37
+ run: yarn test
38
+ - name: Run Ruby Tests
39
+ run: bundle exec rake test
@@ -29,3 +29,4 @@ jobs:
29
29
  days-before-pr-close: -1
30
30
  repo-token: ${{ secrets.GITHUB_TOKEN }}
31
31
  exempt-issue-labels: "feature request"
32
+ close-issue-reason: "not_planned"
@@ -0,0 +1,8 @@
1
+ #!/bin/bash
2
+
3
+ # This file exists to prevent the Spin infrastucture from infering that this is a Rails application:
4
+ # https://github.com/Shopify/wave/issues/244
5
+
6
+ set -ex
7
+
8
+ bundle install
data/CHANGELOG.md CHANGED
@@ -1,6 +1,21 @@
1
1
  Unreleased
2
2
  ----------
3
3
 
4
+ 21.3.0 (Dec 9, 2022)
5
+ ----------
6
+ * Move covered scopes check into user access strategy [#1600](https://github.com/Shopify/shopify_app/pull/1600)
7
+ * Add configuration option for user access strategy [#1599](https://github.com/Shopify/shopify_app/pull/1599)
8
+ * Fixes a bug with `EnsureAuthenticatedLinks` causing deep links to not work [#1549](https://github.com/Shopify/shopify_app/pull/1549)
9
+ * Ensure online token is properly used when using `current_shopify_session` [#1566](https://github.com/Shopify/shopify_app/pull/1566)
10
+ * Added debug logs, you can read more about logging [here](./docs/logging.md). [#1545](https://github.com/Shopify/shopify_app/pull/1545)
11
+ * Emit a deprecation notice for wrongly-rescued exceptions [#1530](https://github.com/Shopify/shopify_app/pull/1530)
12
+ * Log a deprecation warning for the use of incompatible controller concerns [#1560](https://github.com/Shopify/shopify_app/pull/1560)
13
+ * Fixes bug with expired sessions for embedded apps returning a 500 instead of 401 [#1580](https://github.com/Shopify/shopify_app/pull/1580)
14
+ * Generator properly handles uninstall [#1597](https://github.com/Shopify/shopify_app/pull/1597)
15
+ * Move ownership for session persistence from library to this gem [#1563](https://github.com/Shopify/shopify_app/pull/1563)
16
+ * Patch phishing vulnerability [#1605](https://github.com/Shopify/shopify_app/pull/1605)
17
+ * Remove `Itp` from `LoginProtection`. See the [upgrading docs](https://github.com/Shopify/shopify_app/blob/main/docs/Upgrading.md) for more information. [#1604](https://github.com/Shopify/shopify_app/pull/1604)
18
+
4
19
  21.2.0 (Oct 25, 2022)
5
20
  ----------
6
21
  * Pass access scopes on query string [#1540](https://github.com/Shopify/shopify_app/pull/1540)
data/Gemfile CHANGED
@@ -6,6 +6,7 @@ source "https://rubygems.org"
6
6
  gemspec
7
7
 
8
8
  gem "rails-controller-testing", group: :test
9
+ gem "rails", "< 7" # temporary: https://github.com/Shopify/shopify_app/pull/1561
9
10
 
10
11
  group :rubocop do
11
12
  gem "rubocop-shopify", require: false
data/Gemfile.lock CHANGED
@@ -1,97 +1,91 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- shopify_app (21.2.0)
4
+ shopify_app (21.3.0)
5
5
  activeresource
6
6
  browser_sniffer (~> 2.0)
7
7
  jwt (>= 2.2.3)
8
8
  rails (> 5.2.1)
9
9
  redirect_safely (~> 1.0)
10
- shopify_api (~> 12.2)
10
+ shopify_api (~> 12.3)
11
11
  sprockets-rails (>= 2.0.0)
12
12
 
13
13
  GEM
14
14
  remote: https://rubygems.org/
15
15
  specs:
16
- actioncable (7.0.4)
17
- actionpack (= 7.0.4)
18
- activesupport (= 7.0.4)
16
+ actioncable (6.1.7)
17
+ actionpack (= 6.1.7)
18
+ activesupport (= 6.1.7)
19
19
  nio4r (~> 2.0)
20
20
  websocket-driver (>= 0.6.1)
21
- actionmailbox (7.0.4)
22
- actionpack (= 7.0.4)
23
- activejob (= 7.0.4)
24
- activerecord (= 7.0.4)
25
- activestorage (= 7.0.4)
26
- activesupport (= 7.0.4)
21
+ actionmailbox (6.1.7)
22
+ actionpack (= 6.1.7)
23
+ activejob (= 6.1.7)
24
+ activerecord (= 6.1.7)
25
+ activestorage (= 6.1.7)
26
+ activesupport (= 6.1.7)
27
27
  mail (>= 2.7.1)
28
- net-imap
29
- net-pop
30
- net-smtp
31
- actionmailer (7.0.4)
32
- actionpack (= 7.0.4)
33
- actionview (= 7.0.4)
34
- activejob (= 7.0.4)
35
- activesupport (= 7.0.4)
28
+ actionmailer (6.1.7)
29
+ actionpack (= 6.1.7)
30
+ actionview (= 6.1.7)
31
+ activejob (= 6.1.7)
32
+ activesupport (= 6.1.7)
36
33
  mail (~> 2.5, >= 2.5.4)
37
- net-imap
38
- net-pop
39
- net-smtp
40
34
  rails-dom-testing (~> 2.0)
41
- actionpack (7.0.4)
42
- actionview (= 7.0.4)
43
- activesupport (= 7.0.4)
44
- rack (~> 2.0, >= 2.2.0)
35
+ actionpack (6.1.7)
36
+ actionview (= 6.1.7)
37
+ activesupport (= 6.1.7)
38
+ rack (~> 2.0, >= 2.0.9)
45
39
  rack-test (>= 0.6.3)
46
40
  rails-dom-testing (~> 2.0)
47
41
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
48
- actiontext (7.0.4)
49
- actionpack (= 7.0.4)
50
- activerecord (= 7.0.4)
51
- activestorage (= 7.0.4)
52
- activesupport (= 7.0.4)
53
- globalid (>= 0.6.0)
42
+ actiontext (6.1.7)
43
+ actionpack (= 6.1.7)
44
+ activerecord (= 6.1.7)
45
+ activestorage (= 6.1.7)
46
+ activesupport (= 6.1.7)
54
47
  nokogiri (>= 1.8.5)
55
- actionview (7.0.4)
56
- activesupport (= 7.0.4)
48
+ actionview (6.1.7)
49
+ activesupport (= 6.1.7)
57
50
  builder (~> 3.1)
58
51
  erubi (~> 1.4)
59
52
  rails-dom-testing (~> 2.0)
60
53
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
61
- activejob (7.0.4)
62
- activesupport (= 7.0.4)
54
+ activejob (6.1.7)
55
+ activesupport (= 6.1.7)
63
56
  globalid (>= 0.3.6)
64
- activemodel (7.0.4)
65
- activesupport (= 7.0.4)
57
+ activemodel (6.1.7)
58
+ activesupport (= 6.1.7)
66
59
  activemodel-serializers-xml (1.0.2)
67
60
  activemodel (> 5.x)
68
61
  activesupport (> 5.x)
69
62
  builder (~> 3.1)
70
- activerecord (7.0.4)
71
- activemodel (= 7.0.4)
72
- activesupport (= 7.0.4)
63
+ activerecord (6.1.7)
64
+ activemodel (= 6.1.7)
65
+ activesupport (= 6.1.7)
73
66
  activeresource (6.0.0)
74
67
  activemodel (>= 6.0)
75
68
  activemodel-serializers-xml (~> 1.0)
76
69
  activesupport (>= 6.0)
77
- activestorage (7.0.4)
78
- actionpack (= 7.0.4)
79
- activejob (= 7.0.4)
80
- activerecord (= 7.0.4)
81
- activesupport (= 7.0.4)
70
+ activestorage (6.1.7)
71
+ actionpack (= 6.1.7)
72
+ activejob (= 6.1.7)
73
+ activerecord (= 6.1.7)
74
+ activesupport (= 6.1.7)
82
75
  marcel (~> 1.0)
83
76
  mini_mime (>= 1.1.0)
84
- activesupport (7.0.4)
77
+ activesupport (6.1.7)
85
78
  concurrent-ruby (~> 1.0, >= 1.0.2)
86
79
  i18n (>= 1.6, < 2)
87
80
  minitest (>= 5.1)
88
81
  tzinfo (~> 2.0)
82
+ zeitwerk (~> 2.3)
89
83
  addressable (2.8.1)
90
84
  public_suffix (>= 2.0.2, < 6.0)
91
85
  ast (2.4.2)
92
86
  binding_of_caller (1.0.0)
93
87
  debug_inspector (>= 0.0.1)
94
- browser_sniffer (2.1.0)
88
+ browser_sniffer (2.2.0)
95
89
  builder (3.2.4)
96
90
  byebug (11.1.3)
97
91
  coderay (1.1.3)
@@ -110,40 +104,48 @@ GEM
110
104
  multi_xml (>= 0.5.2)
111
105
  i18n (1.12.0)
112
106
  concurrent-ruby (~> 1.0)
113
- json (2.6.2)
107
+ json (2.6.3)
114
108
  jwt (2.5.0)
109
+ language_server-protocol (3.17.0.2)
115
110
  loofah (2.19.0)
116
111
  crass (~> 1.0.2)
117
112
  nokogiri (>= 1.5.9)
118
- mail (2.7.1)
113
+ mail (2.8.0)
119
114
  mini_mime (>= 0.1.1)
115
+ net-imap
116
+ net-pop
117
+ net-smtp
120
118
  marcel (1.0.2)
121
119
  method_source (1.0.0)
122
120
  mime-types (3.4.1)
123
121
  mime-types-data (~> 3.2015)
124
122
  mime-types-data (3.2022.0105)
125
123
  mini_mime (1.1.2)
126
- mini_portile2 (2.8.0)
127
124
  minitest (5.16.3)
128
- mocha (1.16.0)
125
+ mocha (2.0.2)
126
+ ruby2_keywords (>= 0.0.5)
129
127
  multi_xml (0.6.0)
130
128
  net-imap (0.3.1)
131
129
  net-protocol
132
130
  net-pop (0.1.2)
133
131
  net-protocol
134
- net-protocol (0.1.3)
132
+ net-protocol (0.2.0)
135
133
  timeout
136
- net-smtp (0.3.2)
134
+ net-smtp (0.3.3)
137
135
  net-protocol
138
136
  nio4r (2.5.8)
139
- nokogiri (1.13.9)
140
- mini_portile2 (~> 2.8.0)
137
+ nokogiri (1.13.9-arm64-darwin)
138
+ racc (~> 1.4)
139
+ nokogiri (1.13.9-x86_64-darwin)
141
140
  racc (~> 1.4)
142
- oj (3.13.21)
141
+ nokogiri (1.13.9-x86_64-linux)
142
+ racc (~> 1.4)
143
+ oj (3.13.23)
143
144
  openssl (3.0.1)
144
145
  parallel (1.22.1)
145
- parser (3.1.2.1)
146
+ parser (3.1.3.0)
146
147
  ast (~> 2.4.1)
148
+ prettier_print (1.1.0)
147
149
  pry (0.14.1)
148
150
  coderay (~> 1.1)
149
151
  method_source (~> 1.0)
@@ -152,25 +154,26 @@ GEM
152
154
  pry-stack_explorer (0.6.1)
153
155
  binding_of_caller (~> 1.0)
154
156
  pry (~> 0.13)
155
- public_suffix (5.0.0)
156
- racc (1.6.0)
157
+ public_suffix (5.0.1)
158
+ racc (1.6.1)
157
159
  rack (2.2.4)
158
160
  rack-test (2.0.2)
159
161
  rack (>= 1.3)
160
- rails (7.0.4)
161
- actioncable (= 7.0.4)
162
- actionmailbox (= 7.0.4)
163
- actionmailer (= 7.0.4)
164
- actionpack (= 7.0.4)
165
- actiontext (= 7.0.4)
166
- actionview (= 7.0.4)
167
- activejob (= 7.0.4)
168
- activemodel (= 7.0.4)
169
- activerecord (= 7.0.4)
170
- activestorage (= 7.0.4)
171
- activesupport (= 7.0.4)
162
+ rails (6.1.7)
163
+ actioncable (= 6.1.7)
164
+ actionmailbox (= 6.1.7)
165
+ actionmailer (= 6.1.7)
166
+ actionpack (= 6.1.7)
167
+ actiontext (= 6.1.7)
168
+ actionview (= 6.1.7)
169
+ activejob (= 6.1.7)
170
+ activemodel (= 6.1.7)
171
+ activerecord (= 6.1.7)
172
+ activestorage (= 6.1.7)
173
+ activesupport (= 6.1.7)
172
174
  bundler (>= 1.15.0)
173
- railties (= 7.0.4)
175
+ railties (= 6.1.7)
176
+ sprockets-rails (>= 2.0.0)
174
177
  rails-controller-testing (1.0.5)
175
178
  actionpack (>= 5.0.1.rc1)
176
179
  actionview (>= 5.0.1.rc1)
@@ -180,37 +183,42 @@ GEM
180
183
  nokogiri (>= 1.6)
181
184
  rails-html-sanitizer (1.4.3)
182
185
  loofah (~> 2.3)
183
- railties (7.0.4)
184
- actionpack (= 7.0.4)
185
- activesupport (= 7.0.4)
186
+ railties (6.1.7)
187
+ actionpack (= 6.1.7)
188
+ activesupport (= 6.1.7)
186
189
  method_source
187
190
  rake (>= 12.2)
188
191
  thor (~> 1.0)
189
- zeitwerk (~> 2.5)
190
192
  rainbow (3.1.1)
191
193
  rake (13.0.6)
192
194
  rb-readline (0.5.5)
193
195
  redirect_safely (1.0.0)
194
196
  activemodel
195
- regexp_parser (2.6.0)
197
+ regexp_parser (2.6.1)
196
198
  rexml (3.2.5)
197
- rubocop (1.37.0)
199
+ rubocop (1.39.0)
198
200
  json (~> 2.3)
199
201
  parallel (~> 1.10)
200
202
  parser (>= 3.1.2.1)
201
203
  rainbow (>= 2.2.2, < 4.0)
202
204
  regexp_parser (>= 1.8, < 3.0)
203
205
  rexml (>= 3.2.5, < 4.0)
204
- rubocop-ast (>= 1.22.0, < 2.0)
206
+ rubocop-ast (>= 1.23.0, < 2.0)
205
207
  ruby-progressbar (~> 1.7)
206
208
  unicode-display_width (>= 1.4.0, < 3.0)
207
- rubocop-ast (1.22.0)
209
+ rubocop-ast (1.24.0)
208
210
  parser (>= 3.1.1.0)
209
211
  rubocop-shopify (2.10.1)
210
212
  rubocop (~> 1.35)
213
+ ruby-lsp (0.3.6)
214
+ language_server-protocol (~> 3.17.0)
215
+ sorbet-runtime
216
+ syntax_tree (>= 4.0.2, < 5.0.0)
211
217
  ruby-progressbar (1.11.0)
212
- securerandom (0.2.0)
213
- shopify_api (12.2.1)
218
+ ruby2_keywords (0.0.5)
219
+ securerandom (0.2.1)
220
+ shopify_api (12.3.0)
221
+ activesupport
214
222
  concurrent-ruby
215
223
  hash_diff
216
224
  httparty
@@ -219,8 +227,8 @@ GEM
219
227
  openssl
220
228
  securerandom
221
229
  sorbet-runtime
222
- zeitwerk (~> 2.5)
223
- sorbet-runtime (0.5.10514)
230
+ zeitwerk (~> 2.5, < 2.6.5)
231
+ sorbet-runtime (0.5.10576)
224
232
  sprockets (4.1.1)
225
233
  concurrent-ruby (~> 1.0)
226
234
  rack (> 1, < 3)
@@ -228,10 +236,13 @@ GEM
228
236
  actionpack (>= 5.2)
229
237
  activesupport (>= 5.2)
230
238
  sprockets (>= 3.0.0)
231
- sqlite3 (1.5.3)
232
- mini_portile2 (~> 2.8.0)
239
+ sqlite3 (1.5.4-arm64-darwin)
240
+ sqlite3 (1.5.4-x86_64-darwin)
241
+ sqlite3 (1.5.4-x86_64-linux)
242
+ syntax_tree (4.3.0)
243
+ prettier_print (>= 1.0.2)
233
244
  thor (1.2.1)
234
- timeout (0.3.0)
245
+ timeout (0.3.1)
235
246
  tzinfo (2.0.5)
236
247
  concurrent-ruby (~> 1.0)
237
248
  unicode-display_width (2.3.0)
@@ -242,10 +253,12 @@ GEM
242
253
  websocket-driver (0.7.5)
243
254
  websocket-extensions (>= 0.1.0)
244
255
  websocket-extensions (0.1.5)
245
- zeitwerk (2.6.1)
256
+ zeitwerk (2.6.4)
246
257
 
247
258
  PLATFORMS
248
- ruby
259
+ arm64-darwin-21
260
+ x86_64-darwin-19
261
+ x86_64-linux
249
262
 
250
263
  DEPENDENCIES
251
264
  byebug
@@ -254,13 +267,15 @@ DEPENDENCIES
254
267
  pry
255
268
  pry-nav
256
269
  pry-stack_explorer
270
+ rails (< 7)
257
271
  rails-controller-testing
258
272
  rake
259
273
  rb-readline
260
274
  rubocop-shopify
275
+ ruby-lsp
261
276
  shopify_app!
262
277
  sqlite3 (~> 1.4)
263
278
  webmock
264
279
 
265
280
  BUNDLED WITH
266
- 2.3.22
281
+ 2.3.4
data/README.md CHANGED
@@ -7,10 +7,10 @@
7
7
 
8
8
  This gem builds Rails applications that can be embedded in the Shopify Admin.
9
9
 
10
- [Introduction](#introduction) |
11
- [Requirements](#requirements) |
12
- [Usage](#usage) |
13
- [Documentation](#documentation) |
10
+ [Introduction](#introduction) |
11
+ [Requirements](#requirements) |
12
+ [Usage](#usage) |
13
+ [Documentation](#documentation) |
14
14
  [Contributing](/CONTRIBUTING.md) |
15
15
  [License](/LICENSE)
16
16
 
@@ -22,15 +22,12 @@ This gem includes a Rails engine, generators, modules, and mixins that help crea
22
22
  <!-- This section is linked to in `templates/shopify_app.rb.tt`. Be careful renaming this heading. -->
23
23
  ## Requirements
24
24
 
25
- > **Rails compatibility**
26
- > * Use Shopify App `<= v7.2.8` if you need to work with Rails 4.
27
-
28
25
  To become a Shopify app developer, you will need a [Shopify Partners](https://www.shopify.com/partners) account. Explore the [Shopify dev docs](https://shopify.dev/concepts/shopify-introduction) to learn more about [building Shopify apps](https://shopify.dev/concepts/apps).
29
26
 
30
27
  This gem requires that you have the following credentials:
31
28
 
32
- - **Shopify API key:** The API key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
33
- - **Shopify API secret:** The API secret key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
29
+ - **Shopify API key:** The API key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
30
+ - **Shopify API secret:** The API secret key app credential specified in your [Shopify Partners dashboard](https://partners.shopify.com/organizations).
34
31
 
35
32
  ## Usage
36
33
 
@@ -40,13 +37,15 @@ This gem requires that you have the following credentials:
40
37
  rails new my_shopify_app
41
38
  ```
42
39
 
43
- 2. Add the Shopify App gem to `my_shopify_app`'s Gemfile.
40
+ 2. Add the Shopify App gem to the app's Gemfile:
44
41
 
45
42
  ```sh
46
43
  bundle add shopify_app
47
44
  ```
48
45
 
49
- 3. Create a `.env` file in the root of `my_shopify_app` to specify your full host and Shopify API credentials:
46
+ 3. You will need to provide several environment variables to the app.
47
+ There are a variety of way of doing this, but for a development environment we recommended the [`dotenv-rails`](https://github.com/bkeepers/dotenv) gem.
48
+ Create a `.env` file in the root of your Rails app to specify the full host and Shopify API credentials:
50
49
 
51
50
  ```sh
52
51
  HOST=http://localhost:3000
@@ -54,8 +53,6 @@ SHOPIFY_API_KEY=<Your Shopify API key>
54
53
  SHOPIFY_API_SECRET=<Your Shopify API secret>
55
54
  ```
56
55
 
57
- > In a development environment, you can use a gem like `dotenv-rails` to manage environment variables.
58
-
59
56
  4. Run the default Shopify App generator to create an app that can be embedded in the Shopify Admin:
60
57
 
61
58
  ```sh
@@ -74,9 +71,14 @@ rails db:migrate
74
71
  rails server
75
72
  ```
76
73
 
77
- 7. Install the app by visiting the server's URL (e.g. http://127.0.0.1:3000) and specifying the subdomain of the shop where you want it to be installed to.
74
+ 7. Within [Shopify Partners](https://www.shopify.com/partners), navigate to your App, then App Setup, and configure the URLs, e.g.:
75
+
76
+ * App URL: http://localhost:3000/
77
+ * Allowed redirection URL(s): http://localhost:3000/auth/shopify/callback
78
+
79
+ 8. Install the app by visiting the server's URL (e.g. http://localhost:3000) and specifying the subdomain of the shop where you want it to be installed to.
78
80
 
79
- 8. After the app is installed, you're redirected to the embedded app.
81
+ 9. After the app is installed, you're redirected to the embedded app.
80
82
 
81
83
  This app implements [OAuth 2.0](https://shopify.dev/tutorials/authenticate-with-oauth) with Shopify to authenticate requests made to Shopify APIs. By default, this app is configured to use [session tokens](https://shopify.dev/concepts/apps/building-embedded-apps-using-session-tokens) to authenticate merchants when embedded in the Shopify Admin.
82
84
 
@@ -102,6 +104,7 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor
102
104
  [Shopify App](/docs/shopify_app)
103
105
  * [Authentication](/docs/shopify_app/authentication.md)
104
106
  * [Engine](/docs/shopify_app/engine.md)
107
+ * [Controller Concerns](/docs/shopify_app/controller-concerns.md)
105
108
  * [Generators](/docs/shopify_app/generators.md)
106
109
  * [ScriptTags](/docs/shopify_app/script-tags.md)
107
110
  * [Session repository](/docs/shopify_app/session-repository.md)
@@ -109,6 +112,7 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor
109
112
  * [Testing](/docs/shopify_app/testing.md)
110
113
  * [Webhooks](/docs/shopify_app/webhooks.md)
111
114
  * [Content Security Policy](/docs/shopify_app/content-security-policy.md)
115
+ * [Logging](/docs/shopify_app/logging.md)
112
116
 
113
117
  ### Engine
114
118
 
data/SECURITY.md CHANGED
@@ -56,4 +56,4 @@ We look forward to working with all security researchers and strive to be respec
56
56
 
57
57
  ## Receiving Security Updates
58
58
 
59
- To recieve all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)
59
+ To receive all general updates to vulnerabilities, please subscribe to our hackerone [Hacktivity](https://hackerone.com/shopify/hacktivity)
@@ -5,15 +5,10 @@ module ShopifyApp
5
5
  extend ActiveSupport::Concern
6
6
 
7
7
  included do
8
- include ShopifyApp::Localization
9
- include ShopifyApp::LoginProtection
10
- include ShopifyApp::CsrfProtection
11
- include ShopifyApp::EmbeddedApp
12
- include ShopifyApp::EnsureBilling
13
-
14
- before_action :login_again_if_different_user_or_shop
15
- around_action :activate_shopify_session
16
- after_action :add_top_level_redirection_headers
8
+ ShopifyApp::Logger.deprecated("Authenticated has been replaced by EnsureHasSession."\
9
+ " Please use the EnsureHasSession controller concern for the same behavior", "22.0.0")
17
10
  end
11
+
12
+ include ShopifyApp::EnsureHasSession
18
13
  end
19
14
  end
@@ -15,6 +15,7 @@ module ShopifyApp
15
15
  return_to: request.fullpath,
16
16
  shop: current_shopify_domain,
17
17
  host: params[:host],
18
+ embedded: params[:embedded],
18
19
  )
19
20
  end
20
21
 
@@ -27,8 +28,8 @@ module ShopifyApp
27
28
  def redirect_to_splash_page
28
29
  redirect_to(splash_page)
29
30
  rescue ::ShopifyApp::ShopifyDomainNotFound => error
30
- Rails.logger.warn("[ShopifyApp::EnsureAuthenticatedLinks] Redirecting to login: [#{error.class}] "\
31
- "Could not determine current shop domain")
31
+ ShopifyApp::Logger.warn("Redirecting to login: [#{error.class}]"\
32
+ " Could not determine current shop domain")
32
33
  redirect_to(ShopifyApp.configuration.login_url)
33
34
  end
34
35
 
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+
3
+ module ShopifyApp
4
+ module EnsureHasSession
5
+ extend ActiveSupport::Concern
6
+
7
+ included do
8
+ include ShopifyApp::Localization
9
+ include ShopifyApp::LoginProtection
10
+ include ShopifyApp::CsrfProtection
11
+ include ShopifyApp::EmbeddedApp
12
+ include ShopifyApp::EnsureBilling
13
+
14
+ before_action :login_again_if_different_user_or_shop
15
+ around_action :activate_shopify_session
16
+ after_action :add_top_level_redirection_headers
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,62 @@
1
+ # frozen_string_literal: true
2
+
3
+ module ShopifyApp
4
+ module EnsureInstalled
5
+ extend ActiveSupport::Concern
6
+ include ShopifyApp::RedirectForEmbedded
7
+
8
+ included do
9
+ if ancestors.include?(ShopifyApp::LoginProtection)
10
+ message = <<~EOS
11
+ We detected the use of incompatible concerns (EnsureInstalled and LoginProtection) in #{name},
12
+ which may lead to unpredictable behavior. In a future release of this library this will raise an error.
13
+ EOS
14
+
15
+ ShopifyApp::Logger.deprecated(message, "22.0.0")
16
+ end
17
+
18
+ before_action :check_shop_domain
19
+ before_action :check_shop_known
20
+ end
21
+
22
+ def current_shopify_domain
23
+ if params[:shop].blank?
24
+ ShopifyApp::Logger.info("Could not identify installed store from current_shopify_domain")
25
+ return
26
+ end
27
+
28
+ @shopify_domain ||= ShopifyApp::Utils.sanitize_shop_domain(params[:shop])
29
+ ShopifyApp::Logger.info("Installed store: #{@shopify_domain} - deduced from Shopify Admin params")
30
+ @shopify_domain
31
+ end
32
+
33
+ private
34
+
35
+ def check_shop_domain
36
+ redirect_to(ShopifyApp.configuration.login_url) unless current_shopify_domain
37
+ end
38
+
39
+ def check_shop_known
40
+ @shop = SessionRepository.retrieve_shop_session_by_shopify_domain(current_shopify_domain)
41
+ unless @shop
42
+ if embedded_param?
43
+ redirect_for_embedded
44
+ else
45
+ redirect_to(shop_login)
46
+ end
47
+ end
48
+ end
49
+
50
+ def shop_login
51
+ url = URI(ShopifyApp.configuration.login_url)
52
+
53
+ url.query = URI.encode_www_form(
54
+ shop: params[:shop],
55
+ host: params[:host],
56
+ return_to: request.fullpath,
57
+ )
58
+
59
+ url.to_s
60
+ end
61
+ end
62
+ end