This repository has been archived by the owner on Nov 30, 2022. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 375
Changelog
Tyler King edited this page Jun 30, 2021
·
82 revisions
Please refer to the Upgrading doc as well.
Warning: Breaking changes.
Overall
- Removal of dependency on cookies
- Removal of dependency on ITP support
- Added first-class support for Shopify tokens for auth
- Improved auth flow
Internal
- Introduction of a Util class to replace global helper functions
- Removal of
ShopSession
class - Introduction of a
ShopContext
object for shops to track token authentication - REST webhooks removed in-favour for GraphQL webhooks
- Use of Laravel's
Arr
andStr
helpers where-can - Removal of
auth.token
middleware in-favour ofverify.shopify
middleware - Removal of
auth.shopify
middleware in-favour ofverify.shopify
middleware -
HMAC
,SessionToken
,SessionId
, introduced as value objects to initialize and verify Shopify data - Removal of
cappedTerms
in-favour ofterms
for usage charges - Bugfix to
isEmpty
method for value objects - Added
getShopFromRequest
method toShopDomain
value object - Update to macros to use direct class for registration of macro instead of Facade
- Changes to internal layout files to support Shopify tokens
Merged
- TurboLinks support (#772) @Enmaboya Use ENV for TurboLinks (#774) @squatto
- URL separator bugfix (#777) @squatto
- Removal of "token" from query string in target URL handler (#779) @squatto
- Ignore script tags for TurboLinks re-eval (#780) @Enmaboya
- Reflash session when getting token (#783) @squatoo
- Find shop domain from request object (#784) @squatto
- Always pass the filtered query params to the token redirect (#785) @squatto
- Update jQuery AJAX header Authorization setting (#790) @thang12l
- Freemium mode uninstall flag added to uninstall webhook (#801) @mehulvadodariya2012
- Retain host parameter (#808) @stevesweets
- Add missing JSON extension (#809) @lucasmichot
- Github Action adjustments (#810) @lucasmichot
- Test message and exceptions (#811) @lucasmichot
- Ensure all class names are PSR4-compliant (#812) @lucasmichot
- Ensure that test files contain only one class (#813) @lucasmichot
- Remove useless braces (#814) @lucasmichot
- Add return types for functions in tests (#815) @lucasmichot
- Use null coalescence (#816) @lucasmichot
- Avoid using FQCN (#817) @lucasmichot
- Remove PHPCS (#820) @lucasmichot
- Replace abandoned Coveralls package (#821) @lucasmichot
- Fix CI flags (#822) @lucasmichot
- Cache composer dependencies in Actions (#824) @lucasmichot
- Enforce PSR4 namespaces on tests (#825) @lucasmichot
- Reformat fixture files (#826) @lucasmichot
- Use getShopifyConfig() instead of env() (#827) @lucasmichot
- Remove unneeded multiple condition check (#829) @lucasmichot
- Simplify some condition checking (#830) @lucasmichot
- Enforce time-safe string comparison with Carbon (#831) @lucasmichot
- Set specific CI flags (#832) @lucasmichot
- Improve code coverage on tests (#833) @lucasmichot
- Introduce static analysis to Actions (#834) @lucasmichot
- Remove useless dependencies (#835) @lucasmichot
- Move issue template to Github folder (#836) @lucasmichot
- Simplify and cleanup .gitignore file (#837) @lucasmichot
- Simplify and clean up .gitattributes file (#838) @lucasmichot
- Update composer.json (#839) @lucasmichot
- Use ::class notations for route controller access (#841) @lucasmichot
- Use CarbonImmutable for tests (#842) @lucasmichot
- Remove useless methods (#843) @lucasmichot
- Introduction of Util class, replace all helpers (#844) @lucasmichot
- Use Util::getShopifyConfig() over env() (#846) @lucasmichot
- Merged feature/cookieless (#847) @osiset
- Remove and ignore /build folder (#848) @lucasmichot
- Webhooks GraphQL support (#849) @onurkose
- Ignore data sources on AuthShopify middleware when HMAC is not present (#732)
- Missing named routes to config (#730) by @squatto
- Fix high usage of memory during installation (#703)
- Fix make webhook stub use proper ShopDomain class (#681)
- Fix webhooks dispatch into specified queue (#682)
- Fix detection of offline token presence in shop model
- Fix for browsers without requestStorageAccess (#679)
- Excluded authentication and billing routes from ITP middleware to not disrupt the install flow (#678)
- Resolution for ITP issues (#522 / #664)
- Dropped support for Laravel 5.x and 6.x in GitHub Actions (#664)
- Added support for PHP 8 (#664)
- Removed
ConfigAccessible
trait andConfigHelper
service as they are no longer needed,getShopifyConfig
helper function is now the successor
- Use ShopId interface throughout code instead of direct reference to class (#643 / #646)
- Fix for config array being empty on fresh Laravel 8 install (#649)
- Fix to check for already-existing deleted_at column (soft delete) on migration install (#642)
- Added new config option
config_api_callback
(#629) to allow for having custom logic for accessingapi_*
config such asapi_key
,api_secret
etc
- Fix to all jobs (#624) so that they now use basic scalar values to prevent serialization errors
-
WebhookInstaller
andScripttagInstaller
jobs no longer inject the action class, the action class is resolved in thehandle
method
- Adjustment to use Request::all() instead of Request::instance() for
api_init
to prevent serialization errors
- Patch to add current request instance to be injected into
api_init
- Fix to route overrides (#619)
- Pass session object into
api_init
option (#620)
- Added JWT support (#601)
- Ability to override routes through config (#598)
- Add Laravel 8 support (#570)
- API library updated to support Laravel 8 / Guzzle 7 (#582)
- Removal of "login" route and view
- Unused script tags auto-deleted (#543)
- Unused webhooks auto-deleted
Internal:
- Always use proper assertions for testing (#581)
- Migrate PHPUnit configuration file against its new schema (#580)
- Enforce editorconfig settings on fixtures (#579)
- Exception is now thrown for bad signature instead of a redirect to "login" page
- Exception is now thrown for missing shop domain instead of redirect to "login" page
- BaseException render method removed
- Value objects migrated to use fromNative instead of new
- Adjustment to remove legecy-factories dependency (#576)
- Do not hardcode dev package in composer.json (#575)
- Removal of bin directory (#574)
- Updated composer.json to support legacy factories for Orchestra (#573)
- Normalize composer.json (#561)
- Fix all constructor return docblocks signatures (#560)
- Declare missing tests classes properties (#559)
- Always prefer stricter comparisons (#558)
- StyleCI integration (#557)
- .editorconfig support (#556)
- Fix shopDomain type in webhook generator (#555)
- Update the comment typos of shopify-app.php (#553)
- ShopModel trait boot method by @bilfeldt #517
- Fix for old authentication middleware by @bilfeldt #519
- Support for new annual subscriptions by @aepnat #516
- Updated type hints for underlying API library
Warning: Contains potential breaking changes to API access, see Upgrading for more information
- Upgrade to v9.0 of underlying API package
-
ApiSession
transfer object removed, replaced with underlying API package'sOsiset\BasicShopifyAPI\Session
- All return types for
Services/ApiHelper
which we'restdClass
are now changed toOsiset\BasicShopifyAPI\ResponseAccess
orarray
- Parse query strings the same as Shopify to support array parameters by @joelvh #469
- Fix for #424 by aliasing ONETIME to CHARGE for ChargeType enum
- Fix for #462 to ensure HMAC is passed if shop is guest
- ShopDomain object instead of string in webhook-job stub by @awebartisan #472
- 445 - Adds isRecurring check for activated_on by @awebartisan
- 449 - Fix 5.8 migration for big ints by @aaronlp
- Updated namespace of AppUninstalledJob #441 by @awebartisan
- Only process needed request values #430 by @andrewscofield
- Fix deleted charge #431 by @aepnat
- Fix #427 - Uninstall job should use shop domain value, not shop ID value
- Fix #425 - Mismapping of terms for charge
- Merged #429 to help issue #425 by @Enmaboya
- Merged #428 to help reinstall/restore of shop by @aepnat
- Per-user token expiration is now respected (#422); if token expires, re-auth is triggered
- Shopify session token is now tracked in a session cookie (#422); if token is different (most likely due to switching users), re-auth is triggered
- Fixed issue where "Test on Development Store" button from Shopify Partner Dashboard does not work (#417)
- Additional fixes for
object
tostdClass
for older PHP versions on #416
- Fix for #419 merged in #418 - Fix increment on user table linking.
- Fix for #416 to change all reference of
object
tostdClass
.
Warning: In no way can you move from 10.x.x t0 11.0.0, see Upgrading for more information.
- Complete package rewrite.
- Shops are now moved into native Laravel user table.
- Auth is now moved into native Laravel auth handling.
- New services to assist in API calls, cookie handling, and more.
- Code separated into comparments, Actions, Queriers, Commands, Contracts, Services, Traits, and more.
- Many thankful contributions and pull requests pulled into the code
- Adjusted exception handler to use
app.debug
.
- Basic Shopify API bumped to 6.0.0 to allow for async
- Fix for #336 Allow for bulk actions
- Merged #330 to auto append "Job" to webhook job creation if missing
- Merged #335 to allow for App Bridge version through
- Fix for #337 to rely on debug value for throwing exception (previously environment was used)
- Adds support to redirect user to login page with nice exception message instead of a 500 error (#277)
- #328 for Laravel 6 support
- #322 for removing partial flow (only full auth flow now)
- #320 for specific exception messaging
- Several changes to auth middleware to improve past issues
- Fixes to charges/plans to ensure trial days are adjusted on reinstall during trial period
- Merged #318 For a new and improved app install page
- Merged #310, #309 for specific cases on optional params and improvement to hmac checks
- Merged #305 Security Fix for A4 IDOR Vulnerability
- Merged #301 Refactors the functionality to get the flow type
- Merged #301 to better assist in cleaning up and determining the flow type (AuthShop Middleware)
- Merged #299 to add support for SPA apps (AuthShop Middleware)
- Merged #298 to assist in session clashes as well as sniff headers for the shop if applicable (AuthShop Middleware)
- Added
shop_route
for Blade templates which extendsroute
, this adds the shop to the URL automatically (see Usage) - Added
shop_url
for Blade templates which allows for use of custom URLs which will also append the shop to the URL automatically (see Usage)
- Adds #283 to introduce prefixable routes
- Merges in #284 to assist with partial auth flow so merchant does not have to go through the full auth process when only the session expires
- Change from ESDK to AppBridge
- Upgrade in underlying API package (Basic-Shopify-API) to support versioned API calls
- Upgrade in underlying API package (Basic-Shopify-API) to support per-user authentication
- Support for per-user authentication added
-
AuthShopHandler
was split into two to formAuthShopHandler
to simple handle common authentication functions andShopSession
to handle storing and getting session values (domain, token, user, etc). - Middleware for
AuthShop
adjusted to handle per-user authentication case - Shop model now has a
session()
method which returns the session instance
- This release simply introduces a new major version bump to the underlying Shopify API library, Basic-Shopify-API. This package was bumped as well in case some of you are are handling errors with API calls through try/catch. The difference is, the underlying package now internally catches 4XX-500 errors for you and provides the error and messaging in the response object, so your catch block will not fire for these issues.
- Added ability to specify which queue channel each job (webhooks, scripttags, and after_authenticate) should use (with a default of null) (#177)
- Cleaned up AuthShop middleware to check for any existence of the response being based upon Symfony response (in case someone is using a custom response)
- Merged #168 to make asset tags unique.
- Fix pushed for #175 for edge-case of charge being re-accessed and attempting to save to database.
firstorNew
was changed to only scope toshop_id
andcharge_id
instead ofshop_id
,charge_id
,type
, andstatus
all in one.
- Merged #173 for #164 (Allow for JSON response).
- Support for additional cases in issue #164, now checks for AJAX and JSON.
- Fix to support for AJAX requests to not modify header information (issue #164)
- New service (WebhookManager) now houses logic for webhook creation, deletion, recreation, existance checks and more
- WebhookInstallerJob now uses WebhookManager directly
- Fix to handle redirect responses on middleware for authshop, this caused an issue with issuing headers.
-
manual_migrations
config option added allowing you to publish migrations to your app's migration folder before running migrations (by default its automatic).
Possible breaking changes if you've extended the package
- All code has been refactored to make use of Laravel more "properly"
- Code moved to use Facades
- Tests re-wrote to use Facades and factories
- Services created to aide in re-use (BillingPlan, UsageCharge, AuthShopHandler)
- Controller code thinned out to interact with services and provide responses
- Request validators added (AuthShop, StoreUsageCharge)
Internally (missing some information):
- Error view/pages removed, redirects and exceptions take its place since Shopify now does not support it
- Services/BillingPlan,
getConfirmationUrl()
is nowconfirmationUrl()
- Services/BillingPlan,
getChargeParams()
is nowchargeParams()
- Services/BillingPlan, now has
save()
method - Controllers/BillingController, logic moved to Services/BillingPlan
-
Facades/ShopifyApp::shop()
now accepts a shopify domain param - Controllers/AuthController, moved all logic to
Services/AuthShopHandler
andRequests/AuthShop
(including dispatch of jobs) - Controllers/Webhook, no longer checks if job exists, will now just throw error.
- Merged PR #140 to allow for any shop object to use the jobs
- Moved Shop model logic into a trait (issue #137). The base shop model now uses a trait from Traits/ShopModelTrait
- ShopObserver was changed to accept any object due to the above change as well
- Through BasicShopifyAPI library, added abilities to handle built-in rate limiting. See usage for more information.
- Fixed
charge_id
casting to string - Merged #129 to solve #128
- Fixed issue #122 where plan_id was not being cleared on uninstall of app (through the AppUninstalledJob), which caused re-installs to not show the billing screen.
- Patch for #115 to allow for string or int of Shopify charge ID.
- Merged PR #119 to fix POST requests to proxy apps
- Fix for charge_id returning from Shopify being cast as a string, #115
- Ability for multiple after-authenticate jobs, #106
- Fix for #105 where extended Shop Model does not use observer class
Breaking release
- Ability for multi-plan billing and usage charhes built-in
- Plans are now stored in database (new
plans
table) - New
freemium
flag onshops
table allowing a shop to use the app for "free" - New
plan_id
added toshops
andcharges
tables so a charge and shop can be tied to a plan - Config entries modified for
config/shopify-app.php
to support new billing features - Charge creation on
BillingController
moved tofirstOrNew
instead of a new instance directly, solving #94 - Default view added for declined charges or issues with charges, solving #96
- Addition of
usageCharge
route onBillingController
to automatically handle creation of usgae charges on a recurring charge, given values passed by get/post -
BillingPlan
modified to work with multiple plans - Added ability to define a default plan on install
- Added ability for namespacing apps as per issue #91, multiple apps can now be installed for the same database
- Migration was added to support namespacing,
namespace
is added to shops table - Observer (global) added to shop model to support namespacing so all new shops created automatically get assigned a namespace
- Scope (global) added to the shop model to support namespacing so all calls on the model append a
where namespace = ?
- Removing
shopify_token
on app uninstall to fix issue #90
- Ability to retrieve charge data from Shopify for a charge via
$charge->retrieve()
for single/recurring/credit type charges - Set previous charge to cancelled on new charge #79
- Auto discovery support for provider and facade #81
- Tracking previous request URL to prevent always redirecting to home app route for every auth #85
- Full page redirect for auth now uses non-escaped Blade variables to prevent double encoding
- Merged PR #75 by @paulcanning to force auth redirect URLs to be secure for issue #68
- Fix for issue #65 where
charge_id
wasint
and needed to bebigint
- Fix for issue #60 where Laravel defaults to 120 minute cookie expire, is now set to expire on browser close
- Added ability to use
ShopifyApp:shop
to fix issue #56
Breaking release
- Focused release on tracking charges (for trial purposes mainly) for issues #25
-
charge_id
is removed from the Shop table and instead, acharges
tables is created which is a many-to-one relation to the shop - Charges can now be tracked to the shop, if a shop uninstalls during a trial period and attempts to reinstall, they will get adjusted dates
- Soft deleting of shops and charges is now supported
- New webhook (not enabled by default) is setup to support soft delete and the charges, as well as mark the current charge (if one) as cancelled
- Several other improvements
- Added backport fix for issue #56 to allow for
ShopifyApp::shop
to be used in proxy requests.
- Modified
AuthShop
middleware to check for a missing shop access token, and redirect to auth process if missing. Fix for issue #29.
- Updates underlying Shopify API to allow for both REST and GraphQL calls (which is in BETA by Shopify) (ohmybrew/[email protected] -> ohmybrew/[email protected])
- No breaking changes should occur as the underlying library for the Shopify API remains the same
- Adds support for passing UsageCharge API details (capped_amount, terms) to the billing screen (issue #21)
- Solves edge cases for items like issue #18 where session authentication gets axed before the redirection, it is now moved to use HTTP params instead of session
- Added ability to disable ESDK (which is enabled by default) (see configuration for disabling) (issue #16)
- Automatic header handling for ESDK mode through the middleware
- Fix for issue #14 for webhook causing CSRF issue (moved route to API group)
- Fix to allow for 5.6 of Laravel to be installed through Composer from pull #13 (@c4l3b)
- Added ability for billable applications through simple configuration
- Apps can now easily charge either single or recurring applications charges
- Updated tests to be cleaner by using new fixtures
- StyleCI integrated to correct code styling
- Fix to use base64 encoding for checking webhook HMAC strings
- Added support for Laravel 5.5 release
- Added ability for a user-defined job to run after shop authentication
- Added support for application proxies via middleware
- All features implemented and tested for which includes:
- Provide assistance in developing Shopify apps with Laravel
- Integration with Shopify API
- Authentication & installation for shops
- Auto install app webhooks and scripttags thorugh background jobs
- Provide basic ESDK views
- Handles and processes incoming webhooks
- Fixed issue with build causing 500 error
- Initial working code release
road map
Welcome to the wiki!
Please see the homepage for a list of relevant pages.