-
Notifications
You must be signed in to change notification settings - Fork 683
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect controller concern clash #1560
Conversation
5bbb403
to
422346c
Compare
@@ -1,5 +1,4 @@ | |||
# frozen_string_literal: true | |||
|
|||
class ApplicationController < ActionController::Base | |||
include ShopifyApp::LoginProtection |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(tests pass but need to do more digging here to see if this is valid)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this needs be removed, because the UnauthenticatedHomeController
template inherits from ApplicationController
and so would have both ShopifyApp::LoginProtection
and ShopifyApp::RequireKnownShop
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This sounds sane to me - we shouldn't be including LoginProtection
globally unless we have a separate "unauthenticated" app controller.
87febfe
to
480bf4b
Compare
@@ -1,6 +1,9 @@ | |||
# frozen_string_literal: true | |||
|
|||
class HomeController < ApplicationController | |||
include ShopifyApp::EmbeddedApp |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've updated this to better match what the generator outputs:
https://github.com/Shopify/shopify_app/blob/main/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb
557fee1
to
10b1f2b
Compare
CHANGELOG.md
Outdated
@@ -2,6 +2,7 @@ Unreleased | |||
---------- | |||
* Fixes a bug with `EnsureAuthenticatedLinks` causing deep links to not work [#1549](https://github.com/Shopify/shopify_app/pull/1549) | |||
* Ensure online token is properly used when using `current_shopify_session` [#1566](https://github.com/Shopify/shopify_app/pull/1566) | |||
* Detect the use of incompatible controller concerns [#1560](https://github.com/Shopify/shopify_app/pull/1560). Depending on how your app is structured, this may result in an error on startup even though the app was working correctly. However, it is helping exposing an existing flaw that may have caused issues in future. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this seeem clear?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It makes sense to me, but I wonder if we should just log a warning rather than blow up, so this doesn't become a breaking change. Could we switch it over to an error on a later major version?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does sound like it's a breaking change so we should follow our deprecation strategy
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense, I'll try switch it over to a deprecation, e.g.:
We detected the use of incompatible concerns (
RequireKnownShop
andLoginProtection
) in a controller, which may lead to unpredictable behavior. In a future release of this library this will raise an error.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we easily log the controller name to make debugging it easier?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The logs should already indicate the location, but I've added it just in case. Here's how it looks now:
DEPRECATION WARNING: We detected the use of incompatible concerns (RequireKnownShop and LoginProtection) in ProductsController,
which may lead to unpredictable behavior. In a future release of this library this will raise an error.
(called from include at /Users/andyw8/src/github.com/Shopify/shopify_app/my_shopify_app_clash/app/controllers/products_controller.rb:5)
10b1f2b
to
9d7e60a
Compare
I tested on a newly generated app with a intentional conflict in the class ProductsController < AuthenticatedController
include ShopifyApp::RequireKnownShop
# ...
|
bcc75be
to
bd1f046
Compare
* Detect controller concern clash * Deprecation warning instead of raising error Co-authored-by: Andy Waite <andyw8@users.noreply.github.com>
What this PR does
Closes https://github.com/Shopify/first-party-library-planning/issues/486
RequireKnownShop
andLoginProtection
both have a methodcurrent_shopify_domain
but with different implementations. If both these concerns are included, it can result in unintentional behaviour, since one method will overwrite the other.Reviewer's guide to testing
Things to focus on
Checklist
Before submitting the PR, please consider if any of the following are needed:
CHANGELOG.md
if the changes would impact usersREADME.md
, if appropriate./docs
, if necessary