Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix user session storing without scopes #1516

Merged
merged 1 commit into from
Sep 23, 2022
Merged

Fix user session storing without scopes #1516

merged 1 commit into from
Sep 23, 2022

Conversation

paulomarg
Copy link
Contributor

What this PR does

We had updated the UserSessionStorageWithScopes class to fix an issue where the type of the user param was incorrect, but the same issue was present in UserSessionStorage. This PR fixes that to properly call user.id to access the AssociatedUser property.

Reviewer's guide to testing

You'll need to create an app with a few conditions:

  • It has User sessions (rails g shopify_app:user_model)
    • Answer n when prompted if you want to add user scopes
  • Make sure the User model is using the include ShopifyApp::UserSessionStorage concern (not ShopifyApp::UserSessionStorageWithScopes
  • Set config.reauth_on_access_scope_changes = false in the shopify_app initializer
  • Set config.user_session_repository = "User"

Things to focus on

Before this branch, that would lead into an infinite auth loop. With this fix, the app should authenticate normally, and there should be an entry in both the users and shops tables.

Checklist

Before submitting the PR, please consider if any of the following are needed:

  • Update CHANGELOG.md if the changes would impact users

@paulomarg paulomarg requested a review from a team September 22, 2022 20:34
@paulomarg paulomarg force-pushed the fix_user_session_storing_without_scopes branch from c372bd3 to e60c00a Compare September 22, 2022 20:35
lilypustovyk
lilypustovyk approved these changes Sep 23, 2022
View reviewed changes
Copy link

@lilypustovyk lilypustovyk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😍
Thank you for addressing this!

nelsonwittwer
nelsonwittwer approved these changes Sep 23, 2022
View reviewed changes
Copy link
Contributor

@nelsonwittwer nelsonwittwer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 for finding this hidden bug!

@paulomarg paulomarg force-pushed the fix_user_session_storing_without_scopes branch from e60c00a to d2d5c2f Compare September 23, 2022 14:01
@paulomarg paulomarg merged commit 9468503 into main Sep 23, 2022
@paulomarg paulomarg deleted the fix_user_session_storing_without_scopes branch September 23, 2022 14:20
@shopify-shipit shopify-shipit bot temporarily deployed to rubygems October 3, 2022 13:04 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nelsonwittwer nelsonwittwer nelsonwittwer approved these changes

@lilypustovyk lilypustovyk lilypustovyk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@paulomarg @nelsonwittwer @lilypustovyk