shopify_app 21.3.0 → 21.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/Gemfile.lock +1 -1
  4. data/lib/shopify_app/utils.rb +9 -1
  5. data/lib/shopify_app/version.rb +1 -1
  6. data/package.json +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 89cc2a310a1182a7efc057933dafe337c0ba070732f40d920245741be7666c17
4
- data.tar.gz: 2f981c756c218d2971687cd7e3f86a62b69b77fb49e343610523c8d8c77bb143
3
+ metadata.gz: 00bf2ba9c43324a703b21367459c592b93d092f2926f2d6862bfb7efb9494853
4
+ data.tar.gz: 7792d5fd3f1a5af452357c0c6f26b8c245e471171e86a95dad5559bdb87ab6d8
5
5
  SHA512:
6
- metadata.gz: db13b7a1991ef855604d7734a79b4812f010bddc4937636c7c96594f8cbecd8daafd562ea3be6cd137887d799bb1d654eb951509334d04e17056b8c4582d4c14
7
- data.tar.gz: 386345a2947c3e0c42f2ad9f2433e2702a823ede57bdd4efe73899703141c1fc58855bb451b3785c07536177f997385f6513a60e8fa1808a8de146cc33b1a294
6
+ metadata.gz: f963fc4af5645f47d072aff3d0aa9cf47b7f1c20d422fcf43ec4466804d24a18916864d96372c407c1ef7c2e8963a3b5946763534bde5070ebd767ce1da3957d
7
+ data.tar.gz: 79cd7bd816b1b9759d6531f9c9a65fe81d6d7c9ed1e671c127c44b2f74a2b962d27d0eb5ac9b8c48378f012aec88451d9c533bfca345d14a6c8f0193993378a4
data/CHANGELOG.md CHANGED
@@ -1,6 +1,10 @@
1
1
  Unreleased
2
2
  ----------
3
3
 
4
+ 21.3.1 (Dec 12, 2022)
5
+ ----------
6
+ * Fix bug with stores using the new unified admin that were falsely being flagged as phishing attempts [#1608](https://github.com/Shopify/shopify_app/pull/1608)
7
+
4
8
  21.3.0 (Dec 9, 2022)
5
9
  ----------
6
10
  * Move covered scopes check into user access strategy [#1600](https://github.com/Shopify/shopify_app/pull/1600)
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- shopify_app (21.3.0)
4
+ shopify_app (21.3.1)
5
5
  activeresource
6
6
  browser_sniffer (~> 2.0)
7
7
  jwt (>= 2.2.3)
data/lib/shopify_app/utils.rb CHANGED
@@ -2,14 +2,22 @@
2
2
 
3
3
  module ShopifyApp
4
4
  module Utils
5
+ TRUSTED_SHOPIFY_DOMAINS = [
6
+ "shopify.com",
7
+ "myshopify.io",
8
+ "myshopify.com",
9
+ ].freeze
10
+
5
11
  def self.sanitize_shop_domain(shop_domain)
6
12
  myshopify_domain = ShopifyApp.configuration.myshopify_domain
7
13
  name = shop_domain.to_s.downcase.strip
8
14
  name += ".#{myshopify_domain}" if !name.include?(myshopify_domain.to_s) && !name.include?(".")
9
15
  name.sub!(%r|https?://|, "")
16
+ trusted_domains = TRUSTED_SHOPIFY_DOMAINS.dup.push(myshopify_domain)
10
17
 
11
18
  u = URI("http://#{name}")
12
- u.host if u.host&.match(/^[a-z0-9][a-z0-9\-]*[a-z0-9]\.#{Regexp.escape(myshopify_domain)}$/)
19
+ regex = /^[a-z0-9][a-z0-9\-]*[a-z0-9]\.(#{trusted_domains.join("|")})$/
20
+ u.host if u.host&.match(regex)
13
21
  rescue URI::InvalidURIError
14
22
  nil
15
23
  end
data/lib/shopify_app/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ShopifyApp
4
- VERSION = "21.3.0"
4
+ VERSION = "21.3.1"
5
5
  end
data/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "shopify_app",
3
- "version": "21.0.0",
3
+ "version": "21.3.1",
4
4
  "repository": "git@github.com:Shopify/shopify_app.git",
5
5
  "author": "Shopify",
6
6
  "license": "MIT",
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 21.3.0
4
+ version: 21.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-09 00:00:00.000000000 Z
11
+ date: 2022-12-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activeresource