Skip to content
This repository has been archived by the owner on Nov 30, 2022. It is now read-only.

feature/cookieless #847

Merged
merged 94 commits into from Jun 25, 2021
Merged

feature/cookieless #847

merged 94 commits into from Jun 25, 2021

Conversation

gnikyt
Copy link
Owner

@gnikyt gnikyt commented Jun 24, 2021

  • Removes dependency on cookies
  • Enables JWT as first-class
  • Several internal adjustments for auth flow
  • Support for XHR, jQuery, Axios, TurboLinks and others for session tokens
  • Includes recent updates from master such as helpers moved Utils, CI and analysis improvements, and more

Many months of work from various contributors! PR is ready to be reviewed and merged if all is well.

gnikyt added 30 commits April 7, 2021 13:42
@gnikyt
Work on new middleware for cookieless
b2cecce 
* Combining AuthShopify, AuthToken into new VerifyShopify middleware
* SessionToken value object created to verify and validate all aspects of the JWT
* New unauthenticated route and view added
@gnikyt
Adjustments to check for HMAC on VerifyShopify
625a31b
@gnikyt
GET or POST value for token
0f27f4a
@gnikyt
Handle cases where no token and no HMAC are present
eaae8ef
@gnikyt
Return request
27ac534
@gnikyt
More completion to middleware
f647b0e
@gnikyt
Full redirect if malformed or invalid token
9d9ed70
@gnikyt
More completed work
7de729e
@gnikyt
Remove shop domain from verifySessionToken
38a383b
@gnikyt
Utilize array helper for parse_url
b7615f7
@gnikyt
Note
d7e6a54
@gnikyt
Clean up of VerifyShopify middleware
1c2290d
@gnikyt
More work on VerifyShopify.
df80db0 
* VerifyShopify: Cleaned up methods to be smaller and clearer
* VerifyShopify: Handle cases for no token, no hmac
* VerifyShopify: Adjusted to not rely on ShopSession service anymore.
@gnikyt
Removal of ITP, cookie helper, shop session
eacc1dc
@gnikyt
Removal of ITP, cookie helper, shop session
14d43cd
@gnikyt
Added Polaris skeleton to token view
69ac667
@gnikyt
Revised initial landing page
77ab51e
@gnikyt
Added session ID support
e6e8971
@gnikyt
Install flow modifications
4f1146c 
* Moved AuthorizeShop to InstallShop
* Condensed InstallShop and modified to return an array
* Modified InstallShop to track access token update time
* Modified Shop command to track access token update time
@gnikyt
Support for other routes and token usage
a058b4e
@gnikyt
Auth flow and install flow refactoring
13e0a68 
* Removed authenticate.oauth route
* Removed oauthfailure method on authenticate controller
* Removed ShopSession class
* Updated shopify-config to reference new authenticate routes (install, token)
* Updated shopify-config to remove old authenticate routes
* Updated ShopModel's getToken to getAccessToken for naming conflict purposes
* Removed old ITP and authenticate routes from built-in route provider
@gnikyt
Updated SHOPIFY_API_REDRIECT to use /install instead of old /authenti…
c55d0e6 
…cate
@gnikyt
Revert authenticate route back to authenticate instead of 'install'
3d8e035
@gnikyt
Revert authenticate route back to authenticate instead of 'install'
5dc0053
@gnikyt
Install flow corrected
e5fe494
@gnikyt
Blade support for token URLs with helper (tokenUrl)
4c08d1f
@gnikyt
Added example Blade usage to tokenUrl helper
657707a
@gnikyt
Tests updated for InstallShop action
43b3cc5
@gnikyt
Updated test class naming for DeleteWebhooks action
5642e0e
@gnikyt
Started new tests for verify shop middleware
8ac298f
@lucasmichot lucasmichot mentioned this pull request Jun 24, 2021
Merged
@gnikyt gnikyt self-assigned this Jun 25, 2021
@gnikyt gnikyt linked an issue Jun 25, 2021 that may be closed by this pull request
Auth Flow Refactoring #744
Closed
@gnikyt
Resolve static method not found for tests on tokenRedirect and tokenR…
edf3608 
…oute
@gnikyt
StyleCI fixes
8ea7ad0
@gnikyt
PHPStan additions
f1f9ef6 
* Ignore `factory()` in tests
* Ignore `tokenRoute` static method in src as it is dynamic macro
* Ignore `tokenRedirect` static method in src as it is dynamic macro
@gnikyt
Remove factory PHPStan error check
11fb2fd
@gnikyt
Copy link
Owner Author

gnikyt commented Jun 25, 2021
edited

@lucasmichot I am fine with all the changes currently.

  • Things seem to be in a working state
  • Items can of course be refactored down the road if need-be, unless it's something urgent
  • Tests are passing
  • I've left one comment about query string generation

Only thing missing from this branch is the "per-user" auth abilities... I think this can be a minor release to add the feature after this big release is out.

@lucasmichot
Copy link
Collaborator

@lucasmichot I am fine with all the changes currently.

  • Things seem to be in a working state
  • Items can of course be refactored down the road if need-be, unless it's something urgent
  • Tests are passing
  • I've left one comment about query string generation

Only thing missing from this branch is the "per-user" auth abilities... I think this can be a minor release to add the feature after this big release is out.

Hey @osiset, yes I would totally merge this and create a new major release, as lots of BC have been introduced.

Also I very agree with you on adding "per-user" auth ability later

Plenty of things can also be added/improved later - but at least the new release would have a fresh new codebase to work on 👍

lucasmichot
lucasmichot approved these changes Jun 25, 2021
View reviewed changes
Copy link
Collaborator

@lucasmichot lucasmichot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A comment added on URL generation, other than that GTM 🚀

@gnikyt @lucasmichot
Update src/ShopifyApp/Services/ChargeHelper.php
bb7e82c 
Co-authored-by: Lucas Michot <lucas@semalead.com>
@gnikyt
Copy link
Owner Author

gnikyt commented Jun 25, 2021

A comment added on URL generation, other than that GTM

Solid. Yeah good suggestion. Going for the merge!

@gnikyt gnikyt merged commit 4efa931 into master Jun 25, 2021
@gnikyt gnikyt deleted the feature/cookieless branch June 25, 2021 14:21
@squatto
Copy link
Contributor

squatto commented Jun 30, 2021

@osiset On the v17.0.0 release in the "Internal" section you mention ShopContext - should that be SessionContext?

@gnikyt
Copy link
Owner Author

gnikyt commented Jun 30, 2021

@osiset On the v17.0.0 release in the "Internal" section you mention ShopContext - should that be SessionContext?

Your correct, will update :)

@squatto
Copy link
Contributor

squatto commented Jun 30, 2021

OK great, thank you! I just wanted to make sure I wasn't missing something I wasn't aware of 😬

@Kyon147 Kyon147 mentioned this pull request Nov 3, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lucasmichot lucasmichot lucasmichot approved these changes

Assignees

@gnikyt gnikyt

Labels
feature Enhancement to the code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Auth Flow Refactoring
5 participants
@gnikyt @lucasmichot @squatto @stevesweets @thang12l