Localhost by default - remove https:// assumption throughout codeba…

…se (#1518)

* use ShopifyAPI::Context.host instead of assume https://

* use host scheme correctly

* use ShopifyAPI::Context.host instead of composition

* restore domain_host pattern

* always tls with current_shopify_domain

* typo + revert to tls default with cookies

* 12.0 shopify_api dependency

* update 12.1.0 API

* rubocop updates

* docs, readme, and changelog for localhost

.rubocop.yml

@@ -16,3 +16,5 @@ Style/ClassAndModuleChildren:
   Exclude:
     - 'test/**/*'
 
+Style/ClassMethodsDefinitions:
+  Enabled: false

CHANGELOG.md

@@ -1,5 +1,6 @@
 Unreleased
 ----------
+* Removes assumed `https` required to run locally. Support both `http` and `https` in backward compatible way. [#1518](https://github.com/Shopify/shopify_app/pull/1518)
 
 21.0.0 (Oct 3, 2022)
 ----------

Gemfile.lock

@@ -7,81 +7,87 @@ PATH
       jwt (>= 2.2.3)
       rails (> 5.2.1)
       redirect_safely (~> 1.0)
-      shopify_api (~> 12.0.0)
+      shopify_api (~> 12.1)
       sprockets-rails (>= 2.0.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.5)
-      actionpack (= 6.1.5)
-      activesupport (= 6.1.5)
+    actioncable (7.0.4)
+      actionpack (= 7.0.4)
+      activesupport (= 7.0.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.5)
-      actionpack (= 6.1.5)
-      activejob (= 6.1.5)
-      activerecord (= 6.1.5)
-      activestorage (= 6.1.5)
-      activesupport (= 6.1.5)
+    actionmailbox (7.0.4)
+      actionpack (= 7.0.4)
+      activejob (= 7.0.4)
+      activerecord (= 7.0.4)
+      activestorage (= 7.0.4)
+      activesupport (= 7.0.4)
       mail (>= 2.7.1)
-    actionmailer (6.1.5)
-      actionpack (= 6.1.5)
-      actionview (= 6.1.5)
-      activejob (= 6.1.5)
-      activesupport (= 6.1.5)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.0.4)
+      actionpack (= 7.0.4)
+      actionview (= 7.0.4)
+      activejob (= 7.0.4)
+      activesupport (= 7.0.4)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.5)
-      actionview (= 6.1.5)
-      activesupport (= 6.1.5)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.0.4)
+      actionview (= 7.0.4)
+      activesupport (= 7.0.4)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.5)
-      actionpack (= 6.1.5)
-      activerecord (= 6.1.5)
-      activestorage (= 6.1.5)
-      activesupport (= 6.1.5)
+    actiontext (7.0.4)
+      actionpack (= 7.0.4)
+      activerecord (= 7.0.4)
+      activestorage (= 7.0.4)
+      activesupport (= 7.0.4)
+      globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (6.1.5)
-      activesupport (= 6.1.5)
+    actionview (7.0.4)
+      activesupport (= 7.0.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.5)
-      activesupport (= 6.1.5)
+    activejob (7.0.4)
+      activesupport (= 7.0.4)
       globalid (>= 0.3.6)
-    activemodel (6.1.5)
-      activesupport (= 6.1.5)
+    activemodel (7.0.4)
+      activesupport (= 7.0.4)
     activemodel-serializers-xml (1.0.2)
       activemodel (> 5.x)
       activesupport (> 5.x)
       builder (~> 3.1)
-    activerecord (6.1.5)
-      activemodel (= 6.1.5)
-      activesupport (= 6.1.5)
+    activerecord (7.0.4)
+      activemodel (= 7.0.4)
+      activesupport (= 7.0.4)
     activeresource (6.0.0)
       activemodel (>= 6.0)
       activemodel-serializers-xml (~> 1.0)
       activesupport (>= 6.0)
-    activestorage (6.1.5)
-      actionpack (= 6.1.5)
-      activejob (= 6.1.5)
-      activerecord (= 6.1.5)
-      activesupport (= 6.1.5)
+    activestorage (7.0.4)
+      actionpack (= 7.0.4)
+      activejob (= 7.0.4)
+      activerecord (= 7.0.4)
+      activesupport (= 7.0.4)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.5)
+    activesupport (7.0.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
     binding_of_caller (1.0.0)
       debug_inspector (>= 0.0.1)
@@ -94,18 +100,19 @@ GEM
       rexml
     crass (1.0.6)
     debug_inspector (1.1.0)
-    erubi (1.10.0)
+    erubi (1.11.0)
     globalid (1.0.0)
       activesupport (>= 5.0)
     hash_diff (1.1.1)
     hashdiff (1.0.1)
     httparty (0.20.0)
       mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
-    i18n (1.10.0)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
+    json (2.6.2)
     jwt (2.5.0)
-    loofah (2.15.0)
+    loofah (2.19.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -117,17 +124,25 @@ GEM
     mime-types-data (3.2022.0105)
     mini_mime (1.1.2)
     mini_portile2 (2.8.0)
-    minitest (5.15.0)
-    mocha (1.13.0)
+    minitest (5.16.3)
+    mocha (1.15.0)
     multi_xml (0.6.0)
+    net-imap (0.3.1)
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.1.3)
+      timeout
+    net-smtp (0.3.2)
+      net-protocol
     nio4r (2.5.8)
-    nokogiri (1.13.4)
+    nokogiri (1.13.8)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     oj (3.13.21)
     openssl (3.0.1)
-    parallel (1.21.0)
-    parser (3.1.0.0)
+    parallel (1.22.1)
+    parser (3.1.2.1)
       ast (~> 2.4.1)
     pry (0.14.1)
       coderay (~> 1.1)
@@ -137,64 +152,65 @@ GEM
     pry-stack_explorer (0.6.1)
       binding_of_caller (~> 1.0)
       pry (~> 0.13)
-    public_suffix (4.0.6)
+    public_suffix (5.0.0)
     racc (1.6.0)
-    rack (2.2.3)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (6.1.5)
-      actioncable (= 6.1.5)
-      actionmailbox (= 6.1.5)
-      actionmailer (= 6.1.5)
-      actionpack (= 6.1.5)
-      actiontext (= 6.1.5)
-      actionview (= 6.1.5)
-      activejob (= 6.1.5)
-      activemodel (= 6.1.5)
-      activerecord (= 6.1.5)
-      activestorage (= 6.1.5)
-      activesupport (= 6.1.5)
+    rack (2.2.4)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rails (7.0.4)
+      actioncable (= 7.0.4)
+      actionmailbox (= 7.0.4)
+      actionmailer (= 7.0.4)
+      actionpack (= 7.0.4)
+      actiontext (= 7.0.4)
+      actionview (= 7.0.4)
+      activejob (= 7.0.4)
+      activemodel (= 7.0.4)
+      activerecord (= 7.0.4)
+      activestorage (= 7.0.4)
+      activesupport (= 7.0.4)
       bundler (>= 1.15.0)
-      railties (= 6.1.5)
-      sprockets-rails (>= 2.0.0)
+      railties (= 7.0.4)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
-    railties (6.1.5)
-      actionpack (= 6.1.5)
-      activesupport (= 6.1.5)
+    railties (7.0.4)
+      actionpack (= 7.0.4)
+      activesupport (= 7.0.4)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
+      zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.0.6)
     rb-readline (0.5.5)
     redirect_safely (1.0.0)
       activemodel
-    regexp_parser (2.2.0)
+    regexp_parser (2.6.0)
     rexml (3.2.5)
-    rubocop (1.25.1)
+    rubocop (1.36.0)
+      json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.1.2.1)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.15.1, < 2.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.20.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.15.1)
-      parser (>= 3.0.1.1)
-    rubocop-shopify (2.4.0)
-      rubocop (~> 1.24)
+    rubocop-ast (1.21.0)
+      parser (>= 3.1.1.0)
+    rubocop-shopify (2.10.1)
+      rubocop (~> 1.35)
     ruby-progressbar (1.11.0)
     securerandom (0.2.0)
-    shopify_api (12.0.0)
+    shopify_api (12.1.0)
       concurrent-ruby
       hash_diff
       httparty
@@ -204,20 +220,22 @@ GEM
       securerandom
       sorbet-runtime
       zeitwerk (~> 2.5)
-    sorbet-runtime (0.5.10477)
+    sorbet-runtime (0.5.10486)
     sprockets (4.1.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.4.2)
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
-    sqlite3 (1.4.2)
+    sqlite3 (1.5.3)
+      mini_portile2 (~> 2.8.0)
     thor (1.2.1)
-    tzinfo (2.0.4)
+    timeout (0.3.0)
+    tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.1.0)
-    webmock (3.14.0)
+    unicode-display_width (2.3.0)
+    webmock (3.18.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)

README.md

@@ -46,9 +46,10 @@ rails new my_shopify_app
 bundle add shopify_app
 ```
 
-3. Create a `.env` file in the root of `my_shopify_app` to specify your Shopify API credentials:
+3. Create a `.env` file in the root of `my_shopify_app` to specify your full host and Shopify API credentials:
 
 ```sh
+HOST=http://localhost:3000
 SHOPIFY_API_KEY=<Your Shopify API key>
 SHOPIFY_API_SECRET=<Your Shopify API secret>
 ```
@@ -67,17 +68,15 @@ rails generate shopify_app
 rails db:migrate
 ```
 
-6. Setup a SSH tunnel to allow the OAuth redirect to work. See how in the [Setup SSH tunnel for development](/docs/Quickstart.md#setup-ssh-tunnel-for-development) section in [Quickstart](/docs/Quickstart.md)
-
-7. Run the app:
+6. Run the app:
 
 ```sh
 rails server
 ```
 
-8. Install the app by visiting the server's URL (e.g. http://127.0.0.1:3000) and specifying the subdomain of the shop where you want it to be installed to.
+7. Install the app by visiting the server's URL (e.g. http://127.0.0.1:3000) and specifying the subdomain of the shop where you want it to be installed to.
 
-9. After the app is installed, you're redirected to the embedded app.
+8. After the app is installed, you're redirected to the embedded app.
 
 This app implements [OAuth 2.0](https://shopify.dev/tutorials/authenticate-with-oauth) with Shopify to authenticate requests made to Shopify APIs. By default, this app is configured to use [session tokens](https://shopify.dev/concepts/apps/building-embedded-apps-using-session-tokens) to authenticate merchants when embedded in the Shopify Admin.
 

app/controllers/concerns/shopify_app/ensure_authenticated_links.rb

@@ -14,7 +14,7 @@ def splash_page
       splash_page_with_params(
         return_to: request.fullpath,
         shop: current_shopify_domain,
-        host: params[:host]
+        host: params[:host],
       )
     end
 

app/controllers/shopify_app/callback_controller.rb

@@ -15,7 +15,7 @@ def callback
             ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME =>
               cookies.encrypted[ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME],
           },
-          auth_query: ShopifyAPI::Auth::Oauth::AuthQuery.new(**filtered_params)
+          auth_query: ShopifyAPI::Auth::Oauth::AuthQuery.new(**filtered_params),
         )
       rescue
         return respond_with_error
@@ -95,7 +95,7 @@ def install_scripttags(session)
       ScripttagsManager.queue(
         session.shop,
         session.access_token,
-        ShopifyApp.configuration.scripttags
+        ShopifyApp.configuration.scripttags,
       )
     end
 

app/controllers/shopify_app/sessions_controller.rb

@@ -56,7 +56,7 @@ def start_oauth
       auth_attributes = ShopifyAPI::Auth::Oauth.begin_auth(
         shop: sanitized_shop_name,
         redirect_path: "/#{callback_url}",
-        is_online: user_session_expected?
+        is_online: user_session_expected?,
       )
       cookies.encrypted[auth_attributes[:cookie].name] = {
         expires: auth_attributes[:cookie].expires,