From d1a2d22d924afdef7d53e3796d01719df2a78085 Mon Sep 17 00:00:00 2001 From: Paulo Margarido <64600052+paulomarg@users.noreply.github.com> Date: Tue, 11 Jul 2023 14:27:42 -0400 Subject: [PATCH 1/5] Update shopify_api gem dependency --- Gemfile.lock | 6 +++--- shopify_app.gemspec | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 4150ff7f3..e5551647f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -8,7 +8,7 @@ PATH jwt (>= 2.2.3) rails (> 5.2.1) redirect_safely (~> 1.0) - shopify_api (~> 13.0) + shopify_api (~> 13.1) sprockets-rails (>= 2.0.0) GEM @@ -217,7 +217,7 @@ GEM ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) securerandom (0.2.2) - shopify_api (13.0.0) + shopify_api (13.1.0) activesupport concurrent-ruby hash_diff @@ -227,7 +227,7 @@ GEM openssl securerandom sorbet-runtime - zeitwerk (~> 2.5, < 2.6.5) + zeitwerk (~> 2.5) sorbet-runtime (0.5.10835) sprockets (4.2.0) concurrent-ruby (~> 1.0) diff --git a/shopify_app.gemspec b/shopify_app.gemspec index 78575ae65..3ee3308e2 100644 --- a/shopify_app.gemspec +++ b/shopify_app.gemspec @@ -20,7 +20,7 @@ Gem::Specification.new do |s| s.add_runtime_dependency("jwt", ">= 2.2.3") s.add_runtime_dependency("rails", "> 5.2.1") s.add_runtime_dependency("redirect_safely", "~> 1.0") - s.add_runtime_dependency("shopify_api", "~> 13.0") + s.add_runtime_dependency("shopify_api", "~> 13.1") s.add_runtime_dependency("sprockets-rails", ">= 2.0.0") s.add_development_dependency("byebug") From b584d5ae47ec874b8cb8e748d0371ca75fb5992d Mon Sep 17 00:00:00 2001 From: Paulo Margarido <64600052+paulomarg@users.noreply.github.com> Date: Tue, 11 Jul 2023 14:42:52 -0400 Subject: [PATCH 2/5] Packaging for release 21.6.0 --- CHANGELOG.md | 3 +++ Gemfile.lock | 2 +- lib/shopify_app/version.rb | 2 +- package.json | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d89f18563..d8da48265 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,10 @@ Unreleased ---------- +21.6.0 (July 11, 2023) +---------- * Adds support for toggling test charges within `EnsureBilling` by adding `test` field to `BillingConfiguration` and pulling in environment variable [#1688](https://github.com/Shopify/shopify_app/pull/1688) +* Adds support for 2023-07 API version [#1706](https://github.com/Shopify/shopify_app/pull/1706) 21.5.0 (May 18, 2023) ---------- diff --git a/Gemfile.lock b/Gemfile.lock index e5551647f..bfc0b4bfc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - shopify_app (21.5.0) + shopify_app (21.6.0) activeresource addressable (~> 2.7) browser_sniffer (~> 2.0) diff --git a/lib/shopify_app/version.rb b/lib/shopify_app/version.rb index 586f4f742..6b7121287 100644 --- a/lib/shopify_app/version.rb +++ b/lib/shopify_app/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module ShopifyApp - VERSION = "21.5.0" + VERSION = "21.6.0" end diff --git a/package.json b/package.json index e12fb8f35..afddb53bf 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "shopify_app", - "version": "21.4.1", + "version": "21.6.0", "repository": "git@github.com:Shopify/shopify_app.git", "author": "Shopify", "license": "MIT", From 2f90af43173041d145f578dcd6448f238b69f9fe Mon Sep 17 00:00:00 2001 From: Nelson Date: Wed, 19 Jul 2023 14:43:08 -0400 Subject: [PATCH 3/5] Loading session docs (#1700) * Loading session docs * more detailed docs * update to renamed controller concern --- README.md | 2 +- .../{session-repository.md => sessions.md} | 48 +++++++++++++++---- 2 files changed, 39 insertions(+), 11 deletions(-) rename docs/shopify_app/{session-repository.md => sessions.md} (59%) diff --git a/README.md b/README.md index 50eb22ed3..cf05573b4 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ You can find documentation on gem usage, concepts, mixins, installation, and mor * [Controller Concerns](/docs/shopify_app/controller-concerns.md) * [Generators](/docs/shopify_app/generators.md) * [ScriptTags](/docs/shopify_app/script-tags.md) - * [Session repository](/docs/shopify_app/session-repository.md) + * [Sessions](/docs/shopify_app/sessions.md) * [Handling changes in access scopes](/docs/shopify_app/handling-access-scopes-changes.md) * [Testing](/docs/shopify_app/testing.md) * [Webhooks](/docs/shopify_app/webhooks.md) diff --git a/docs/shopify_app/session-repository.md b/docs/shopify_app/sessions.md similarity index 59% rename from docs/shopify_app/session-repository.md rename to docs/shopify_app/sessions.md index 84f2e79af..ac866e9ef 100644 --- a/docs/shopify_app/session-repository.md +++ b/docs/shopify_app/sessions.md @@ -1,10 +1,14 @@ -# Session repository +# Sessions + +Sessions are used to make contextual API calls for either a shop (offline session) or a user (online session). This gem has ownership of session persistence. #### Table of contents -[`ShopifyApp::SessionRepository`](#shopifyappsessionrepository) +[Sessions](#sessions) * [Shop-based token storage](#shop-based-token-storage) * [User-based token storage](#user-based-token-storage) + * [`ShopifyApp::SessionRepository`](#shopifyappsessionrepository) + * [Loading Sessions](#loading-sessions) [Access scopes](#access-scopes) * [`ShopifyApp::ShopSessionStorageWithScopes`](#shopifyappshopsessionstoragewithscopes) @@ -12,31 +16,54 @@ [Migrating from shop-based to user-based token strategy](#migrating-from-shop-based-to-user-based-token-strategy) -## ShopifyApp::SessionRepository - -`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session, *args)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. These methods are already implemented as part of the `ShopifyApp::SessionStorage` concern but can be overridden for custom implementation. - -### Shop-based token storage +### Shop-based token storage (offline token) Storing tokens on the store model means that any user login associated with the store will have equal access levels to whatever the original user granted the app. ```sh rails generate shopify_app:shop_model ``` -This will generate a shop model which will be the storage for the tokens necessary for authentication. +This will generate a shop model which will be the storage for the tokens necessary for authentication. To enable session persistance, you'll need to configure your `/initializers/shopify_app.rb` accordingly: + +```ruby +config.shop_session_repository = 'Shop' +``` -### User-based token storage +### User-based token storage (online token) A more granular control over the level of access per user on an app might be necessary, to which the shop-based token strategy is not sufficient. Shopify supports a user-based token storage strategy where a unique token to each user can be managed. Shop tokens must still be maintained if you are running background jobs so that you can make use of them when necessary. ```sh rails generate shopify_app:shop_model rails generate shopify_app:user_model ``` -This will generate a shop model and user model, which will be the storage for the tokens necessary for authentication. + +This will generate a user and shop model which will be the storage for the tokens necessary for authentication. To enable session persistance, you'll need to configure your `/initializers/shopify_app.rb` accordingly: + +```ruby +config.shop_session_repository = 'Shop' +config.user_session_repository = 'User' +``` The current Shopify user will be stored in the rails session at `session[:shopify_user]` Read more about Online vs. Offline access [here](https://shopify.dev/apps/auth/oauth/access-modes). +### Customized Session Storage - ShopifyApp::SessionRepository + +`ShopifyApp::SessionRepository` allows you as a developer to define how your sessions are stored and retrieved for shops. The `SessionRepository` is configured in the `config/initializers/shopify_app.rb` file and can be set to any object that implements `self.store(auth_session, *args)` which stores the session and returns a unique identifier and `self.retrieve(id)` which returns a `ShopifyAPI::Session` for the passed id. These methods are already implemented as part of the `ShopifyApp::SessionStorage` concern but can be overridden for custom implementation. + +### Loading Sessions +By using the appropriate controller concern, sessions are loaded for you. Note -- these controller concerns cannot both be included in the same controller. + +#### Shop Sessions - `EnsureInstalled` +`EnsureInstalled` controller concern will load a shop session with the `installed_shop_session` helper. If a shop session is not found, meaning the app wasn't installed for this shop, the request will be redirected to be installed. + +This controller concern should NOT be used if you don't need your app to make calls on behalf of a user. + +#### User Sessions - `EnsureHasSession` + `EnsureHasSession` controller concern will load a user session via `current_shopify_session`. As part of loading this session, this concern will also ensure that the user session has the appropriate scopes needed for the application. If the user isn't found or has fewer permitted scopes than are required, they will be prompted to authorize the application. + +This controller concern should be used if you don't need your app to make calls on behalf of a user. With that in mind, there are a few other embedded concerns that are mixed in to ensure that embedding, CSRF, localization, and billing allow the action for the user. + ## Access scopes If you want to customize how access scopes are stored for shops and users, you can implement the `access_scopes` getters and setters in the models that include `ShopifyApp::ShopSessionStorageWithScopes` and `ShopifyApp::UserSessionStorageWithScopes` as shown: @@ -68,6 +95,7 @@ class User < ActiveRecord::Base end end ``` + ## Migrating from shop-based to user-based token strategy 1. Run the `user_model` generator as mentioned above. From 5e712734a124485fc5be1f8d1ccde23965ebedde Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Jul 2023 15:46:46 -0400 Subject: [PATCH 4/5] Bump semver from 5.7.1 to 5.7.2 (#1705) Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v5.7.1...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nelson --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index fe1fcf2fa..31e5163ac 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4321,9 +4321,9 @@ semver@7.0.0: integrity sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A== semver@^5.4.1, semver@^5.5.0, semver@^5.6.0: - version "5.7.1" - resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7" - integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ== + version "5.7.2" + resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" + integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== serialize-javascript@4.0.0, serialize-javascript@^4.0.0: version "4.0.0" From 73b2863c792e3c62fe01831aac28f21c83d3feca Mon Sep 17 00:00:00 2001 From: flavio-b Date: Fri, 21 Jul 2023 11:42:11 -0700 Subject: [PATCH 5/5] Fix typo in customers/redact webhook topic (#1704) * Update shopify_app.rb.tt Fix typo. Webhook topic should be "customers/redact". * Update CHANGELOG.md * Update CHANGELOG.md --------- Co-authored-by: Nelson --- CHANGELOG.md | 1 + lib/generators/shopify_app/install/templates/shopify_app.rb.tt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d8da48265..2d3c0e50c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ Unreleased ---------- +* Fixes typo in webhook generator [#1704](https://github.com/Shopify/shopify_app/pull/1704) 21.6.0 (July 11, 2023) ---------- diff --git a/lib/generators/shopify_app/install/templates/shopify_app.rb.tt b/lib/generators/shopify_app/install/templates/shopify_app.rb.tt index 5dae1b65e..176477f7a 100644 --- a/lib/generators/shopify_app/install/templates/shopify_app.rb.tt +++ b/lib/generators/shopify_app/install/templates/shopify_app.rb.tt @@ -12,7 +12,7 @@ ShopifyApp.configure do |config| config.webhooks = [ { topic: "app/uninstalled", address: "webhooks/app_uninstalled"}, { topic: "customers/data_request", address: "webhooks/customers_data_request" }, - { topic: "customer/redact", address: "webhooks/customers_redact"}, + { topic: "customers/redact", address: "webhooks/customers_redact"}, { topic: "shop/redact", address: "webhooks/shop_redact"} ]