- Add support for per_user_authentication
- Pass the shop param in the session for authentication instead of a url param (prevents csrf)
- Removed the
shopify_session_repositoryinitializer. The SessionRepository is now configured through the main ShopifyApp configuration object and the generated initializer - Moved InMemorySessionStore into the ShopifyApp namespace
- Remove ShopifySession concern. This module made the code internal to this engine harder to follow and we want to discourage over-writing the auth code now that we have generic hooks for all extra tasks during install.
- Changed engine controllers to subclass ActionController::Base to avoid any possible conflict with the parent application
- Removed the
ShopifyApp::Shopconcern and added its methods toShopifyApp::SessionStorage. To update for this change just remove this concern anywhere it is being used in your application. - Add
ShopifyApp::EmbeddedAppcontroller concern which handles setting the required headers for the ESDK. Previously this was done by injecting configuration into applicaton.rb which affects the entire app. - Add webhooks to generated home controller. This should help new users debug issues.
- Add an after_authenticate job which will be run once the shop is authenticated. [#431]
- Bump required omniauth-shopify-oauth2 version to 1.2.0.
- Always expect params[:shop] to be a string.
- Remove 'Logged in' flash message [#425]
- Fix an issue with the create_shops generator template [#423]
- Remove support for Rails 4 [#417]
- Add i18n locale param support [#409]
- Require
shopify_app>= 4.3.2. This version relaxes the ruby version requirement from>= 2.3.0to>= 2.0 - Rails 5: ActionDispatch::Reloader#to_prepare is deprecated [#404]
- Update LoginProtection#fullpage_redirect_to to get shopify domain from session [#401]
- Update LoginProtection.redirection_javascript to work with absolute URLS [#389]
- Fix redirect issue by sanitizing shop name on sessions#new
- Use postMessage to redirect parent iframe during authentication [#366]
- Add support for dynamically generating scripttag URLs
- Bug-fix: Update scripttags_manager_job
- Bug-fix:
--application_nameand--scopegenerates proper Configuration even when options supplied to them contain whitespaces.
- Disable application layout rendering for the
/loginpage
- Lower required Ruby version to 2.2.2 to better match up with Rails 5.0
- Update login page copy
- Add application_name configuration option
- Add new optional App Proxy Controller Generator to the Engine. Refer README for details.
- Include ShopifyApp::LoginProtection in Authenticated and Session Controller directly instead of Application Controller.
- Loosen ShopifyAPI dependency requirements to
>= 4.2.2and allow ShopifyAPI 4.3.0 and above. - Move application.js to inside HEAD in Embedded App Template.
- Add ability to override the ActiveJob queue names in initializer file.
- Pass configured resources (like webhooks or scripttags) into the job rather than reading the config again. This allows for dynamically setting ShopifyApp config in a web request and having the job handle it correctly. This change does not affect the usage of webhooks or scripttags
- Loosen Rails dependency requirements to
>= 4.2.6and allow Rails 5.0 - Add support for App Proxies
- Remove http-equiv meta tag as it causes OAuth issues in Chrome
- Remove obtrusive “Continue” text in redirects
- Bump required shopify_api version to 4.x.
- Bump required Rails version to
>= 4.2.6since we are now usingActiveSupport::SecurityUtils:Module
- Fix CSRF redirect issue
- add support to i18n for flash messages (English and Spanish).
- rename WebhooksController module to WebhookVerification
- added a WebhooksController which automatically delegates to jobs
- moved all engine controllers under the ShopifyApp namespace
- rename SessionsController module to SessionsConcern
- more robust redirects, with valid HTML in HTTP response bodies
ShopifyApp::Controllerhas been removed. You’ll need to replace all includes ofShopifyApp::ControllerwithShopifyApp::LoginProtection- adds add_webhook generator to make it easier to add new webhooks to your app
- update the install generator to use standard rails generate arguments, usage has changed from
-api_key=your_keyto--api_key your_key - remove the redirect uri - this is done automatically inside omniauth now
- Update minimum required rails version to 4.2 to include active job
- More semantic and accessible markup in the sessions/new, embedded_app, and product index views.
- Moved all JavaScript to load at the bottom of the page instead of the head, for page loading better performance.
- Move SessionStorage from a generated class to a re-usable module. To migrate to the new module, delete the old generated SessionStorage class in the models directory and include the SessionStorage module in your Shop model.
- Adds a WebhooksManager class and allows you to configure what webhooks your app needs. The rest is taken care of by ShopifyApp provided you set up a backgroud queue with ActiveJob
- Adds a WebhooksController module which can be included to handle the boiler plate code for a controller receiving webhooks from Shopify
- add callback url to omniauth provider
- add default redirect_uri
- Return an HTTP 401 for XHRs that aren't logged in
- add redirect_uri which is now required
- fix login again with different shop
- Re-written as a proper rails engine
- New modular generators
- generates embedded apps by default
- can bootstrap your app with a standard shop table and model
- code now lives as concerns in the engine which are included in your controllers feel free to override anything you need in your app
- re-styled with Twitter Bootstrap css framework and updated docs [warren]
- Require shopify_api gem via proper railtie setup [willem]
- Don't require shopify.yml when using environment variables [cody]
- Renamed instances of current_shop to shop_session to maintain logic
- Replace old LoginController with a RESTful SessionsController