Detect controller concern clash #1560
Conversation
andyw8
force-pushed
the
andyw8/detect-controller-concern-clash
branch
6 times, most recently
from
5bbb403
to
422346c
Compare
| @@ -1,5 +1,4 @@ | |||
| # frozen_string_literal: true | |||
|
|
|||
| class ApplicationController < ActionController::Base | |||
| include ShopifyApp::LoginProtection | |||
There was a problem hiding this comment.
(tests pass but need to do more digging here to see if this is valid)
There was a problem hiding this comment.
I believe this needs be removed, because the UnauthenticatedHomeController template inherits from ApplicationController and so would have both ShopifyApp::LoginProtection and ShopifyApp::RequireKnownShop.
There was a problem hiding this comment.
This sounds sane to me - we shouldn't be including LoginProtection globally unless we have a separate "unauthenticated" app controller.
andyw8
force-pushed
the
andyw8/detect-controller-concern-clash
branch
2 times, most recently
from
87febfe
to
480bf4b
Compare
| @@ -1,6 +1,9 @@ | |||
| # frozen_string_literal: true | |||
|
|
|||
| class HomeController < ApplicationController | |||
| include ShopifyApp::EmbeddedApp | |||
There was a problem hiding this comment.
I've updated this to better match what the generator outputs:
https://github.com/Shopify/shopify_app/blob/main/lib/generators/shopify_app/home_controller/templates/unauthenticated_home_controller.rb
andyw8
force-pushed
the
andyw8/detect-controller-concern-clash
branch
2 times, most recently
from
557fee1
to
10b1f2b
Compare
CHANGELOG.md
Outdated
| @@ -2,6 +2,7 @@ Unreleased | |||
| ---------- | |||
| * Fixes a bug with `EnsureAuthenticatedLinks` causing deep links to not work [#1549](https://github.com/Shopify/shopify_app/pull/1549) | |||
| * Ensure online token is properly used when using `current_shopify_session` [#1566](https://github.com/Shopify/shopify_app/pull/1566) | |||
| * Detect the use of incompatible controller concerns [#1560](https://github.com/Shopify/shopify_app/pull/1560). Depending on how your app is structured, this may result in an error on startup even though the app was working correctly. However, it is helping exposing an existing flaw that may have caused issues in future. | |||
There was a problem hiding this comment.
Does this seeem clear?
There was a problem hiding this comment.
It makes sense to me, but I wonder if we should just log a warning rather than blow up, so this doesn't become a breaking change. Could we switch it over to an error on a later major version?
There was a problem hiding this comment.
This does sound like it's a breaking change so we should follow our deprecation strategy
There was a problem hiding this comment.
Makes sense, I'll try switch it over to a deprecation, e.g.:
We detected the use of incompatible concerns (
RequireKnownShopandLoginProtection) in a controller, which may lead to unpredictable behavior. In a future release of this library this will raise an error.
There was a problem hiding this comment.
Can we easily log the controller name to make debugging it easier?
There was a problem hiding this comment.
The logs should already indicate the location, but I've added it just in case. Here's how it looks now:
DEPRECATION WARNING: We detected the use of incompatible concerns (RequireKnownShop and LoginProtection) in ProductsController,
which may lead to unpredictable behavior. In a future release of this library this will raise an error.
(called from include at /Users/andyw8/src/github.com/Shopify/shopify_app/my_shopify_app_clash/app/controllers/products_controller.rb:5)
andyw8
force-pushed
the
andyw8/detect-controller-concern-clash
branch
from
10b1f2b
to
9d7e60a
Compare
andyw8
requested review from
paulomarg,
teddyhwang and
nelsonwittwer
and removed request for
teddyhwang
|
I tested on a newly generated app with a intentional conflict in the class ProductsController < AuthenticatedController
include ShopifyApp::RequireKnownShop
# ...
|
andyw8
force-pushed
the
andyw8/detect-controller-concern-clash
branch
from
bcc75be
to
bd1f046
Compare
* Detect controller concern clash * Deprecation warning instead of raising error Co-authored-by: Andy Waite <andyw8@users.noreply.github.com>
What this PR does
Closes https://github.com/Shopify/first-party-library-planning/issues/486
RequireKnownShopandLoginProtectionboth have a methodcurrent_shopify_domainbut with different implementations. If both these concerns are included, it can result in unintentional behaviour, since one method will overwrite the other.Reviewer's guide to testing
Things to focus on
Checklist
Before submitting the PR, please consider if any of the following are needed:
CHANGELOG.mdif the changes would impact usersREADME.md, if appropriate./docs, if necessary