Changelog

Please refer to the Upgrading doc as well.

17.1.0

Increase default Shopify API version from 2020-01 to 2021-01 (#880) @squatto
Use stricter assertions (#878) @lucasmichot
Remove unexpected arguments (#877) @lucasmichot
Fix many docblocks (#876) @lucasmichot
Turbolinks fixes (#873) @Enmaboya
Also cache laravel/legacy-factories and illuminate/contracts (#875) @lucasmichot
Enforce PSR12 standards (#879) @lucasmichot
Enable PHP-CS-Fixer in Github Action (#883) @lucasmichot
Reformat and clean-up service provider (#884) @lucasmichot
Simplify directory structure (#885) @lucasmichot
Optimize conditions (#889) @lucasmichot
Rename variables (#890) @lucasmichot
Exclude file from (#891) @lucasmichot
Update PHPUnit (#894) @lucasmichot
Uses codecov. (#899) @lucasmichot
Retain host parameter after successful install (#900) @stevesweets

17.0.1

Support for new GraphQL-style webhook topics (#868) @squatto

17.0.0

Warning: Breaking changes. Additionally, no per-user support

Overall

Removal of dependency on cookies
Removal of dependency on ITP support
Added first-class support for Shopify tokens for auth
Improved auth flow

Internal

Introduction of a Util class to replace global helper functions
Removal of ShopSession class
Introduction of a SessionContext object for shops to track token authentication
REST webhooks removed in-favour for GraphQL webhooks
Use of Laravel's Arr and Str helpers where-can
Removal of auth.token middleware in-favour of verify.shopify middleware
Removal of auth.shopify middleware in-favour of verify.shopify middleware
HMAC, SessionToken, SessionId, introduced as value objects to initialize and verify Shopify data
Removal of cappedTerms in-favour of terms for usage charges
Bugfix to isEmpty method for value objects
Added getShopFromRequest method to ShopDomain value object
Update to macros to use direct class for registration of macro instead of Facade
Changes to internal layout files to support Shopify tokens

Merged

TurboLinks support (#772) @Enmaboya Use ENV for TurboLinks (#774) @squatto
URL separator bugfix (#777) @squatto
Removal of "token" from query string in target URL handler (#779) @squatto
Ignore script tags for TurboLinks re-eval (#780) @Enmaboya
Reflash session when getting token (#783) @squatoo
Find shop domain from request object (#784) @squatto
Always pass the filtered query params to the token redirect (#785) @squatto
Update jQuery AJAX header Authorization setting (#790) @thang12l
Freemium mode uninstall flag added to uninstall webhook (#801) @mehulvadodariya2012
Retain host parameter (#808) @stevesweets
Add missing JSON extension (#809) @lucasmichot
Github Action adjustments (#810) @lucasmichot
Test message and exceptions (#811) @lucasmichot
Ensure all class names are PSR4-compliant (#812) @lucasmichot
Ensure that test files contain only one class (#813) @lucasmichot
Remove useless braces (#814) @lucasmichot
Add return types for functions in tests (#815) @lucasmichot
Use null coalescence (#816) @lucasmichot
Avoid using FQCN (#817) @lucasmichot
Remove PHPCS (#820) @lucasmichot
Replace abandoned Coveralls package (#821) @lucasmichot
Fix CI flags (#822) @lucasmichot
Cache composer dependencies in Actions (#824) @lucasmichot
Enforce PSR4 namespaces on tests (#825) @lucasmichot
Reformat fixture files (#826) @lucasmichot
Use getShopifyConfig() instead of env() (#827) @lucasmichot
Remove unneeded multiple condition check (#829) @lucasmichot
Simplify some condition checking (#830) @lucasmichot
Enforce time-safe string comparison with Carbon (#831) @lucasmichot
Set specific CI flags (#832) @lucasmichot
Improve code coverage on tests (#833) @lucasmichot
Introduce static analysis to Actions (#834) @lucasmichot
Remove useless dependencies (#835) @lucasmichot
Move issue template to Github folder (#836) @lucasmichot
Simplify and cleanup .gitignore file (#837) @lucasmichot
Simplify and clean up .gitattributes file (#838) @lucasmichot
Update composer.json (#839) @lucasmichot
Use ::class notations for route controller access (#841) @lucasmichot
Use CarbonImmutable for tests (#842) @lucasmichot
Remove useless methods (#843) @lucasmichot
Introduction of Util class, replace all helpers (#844) @lucasmichot
Use Util::getShopifyConfig() over env() (#846) @lucasmichot
Merged feature/cookieless (#847) @osiset
Remove and ignore /build folder (#848) @lucasmichot
Webhooks GraphQL support (#849) @onurkose

16.0.5

Ignore data sources on AuthShopify middleware when HMAC is not present (#732)
Missing named routes to config (#730) by @squatto

16.0.4

Fix high usage of memory during installation (#703)

16.0.3

Fix make webhook stub use proper ShopDomain class (#681)
Fix webhooks dispatch into specified queue (#682)
Fix detection of offline token presence in shop model

16.0.2

Fix for browsers without requestStorageAccess (#679)

16.0.1

Excluded authentication and billing routes from ITP middleware to not disrupt the install flow (#678)

16.0.0

Resolution for ITP issues (#522 / #664)
Dropped support for Laravel 5.x and 6.x in GitHub Actions (#664)
Added support for PHP 8 (#664)
Removed ConfigAccessible trait and ConfigHelper service as they are no longer needed, getShopifyConfig helper function is now the successor

15.1.1

Use ShopId interface throughout code instead of direct reference to class (#643 / #646)
Fix for config array being empty on fresh Laravel 8 install (#649)
Fix to check for already-existing deleted_at column (soft delete) on migration install (#642)

15.1.0

Added new config option config_api_callback (#629) to allow for having custom logic for accessing api_* config such as api_key, api_secret etc

15.0.0

Fix to all jobs (#624) so that they now use basic scalar values to prevent serialization errors
WebhookInstaller and ScripttagInstaller jobs no longer inject the action class, the action class is resolved in the handle method

14.0.3

Adjustment to use Request::all() instead of Request::instance() for api_init to prevent serialization errors

14.0.2

Patch to add current request instance to be injected into api_init

14.0.1

Fix to route overrides (#619)
Pass session object into api_init option (#620)

14.0.0

Added JWT support (#601)

13.1.0

Ability to override routes through config (#598)

13.0.0

Add Laravel 8 support (#570)
API library updated to support Laravel 8 / Guzzle 7 (#582)
Removal of "login" route and view
Unused script tags auto-deleted (#543)
Unused webhooks auto-deleted

Internal:

Always use proper assertions for testing (#581)
Migrate PHPUnit configuration file against its new schema (#580)
Enforce editorconfig settings on fixtures (#579)
Exception is now thrown for bad signature instead of a redirect to "login" page
Exception is now thrown for missing shop domain instead of redirect to "login" page
BaseException render method removed
Value objects migrated to use fromNative instead of new
Adjustment to remove legecy-factories dependency (#576)
Do not hardcode dev package in composer.json (#575)
Removal of bin directory (#574)
Updated composer.json to support legacy factories for Orchestra (#573)
Normalize composer.json (#561)
Fix all constructor return docblocks signatures (#560)
Declare missing tests classes properties (#559)
Always prefer stricter comparisons (#558)
StyleCI integration (#557)
.editorconfig support (#556)
Fix shopDomain type in webhook generator (#555)
Update the comment typos of shopify-app.php (#553)

12.1.0

ShopModel trait boot method by @bilfeldt #517
Fix for old authentication middleware by @bilfeldt #519
Support for new annual subscriptions by @aepnat #516

12.0.1

Updated type hints for underlying API library

12.0.0

Warning: Contains potential breaking changes to API access, see Upgrading for more information

Upgrade to v9.0 of underlying API package
ApiSession transfer object removed, replaced with underlying API package's Osiset\BasicShopifyAPI\Session
All return types for Services/ApiHelper which we're stdClass are now changed to Osiset\BasicShopifyAPI\ResponseAccess or array

11.5.0

Parse query strings the same as Shopify to support array parameters by @joelvh #469
Fix for #424 by aliasing ONETIME to CHARGE for ChargeType enum
Fix for #462 to ensure HMAC is passed if shop is guest
ShopDomain object instead of string in webhook-job stub by @awebartisan #472

11.4.0

445 - Adds isRecurring check for activated_on by @awebartisan
449 - Fix 5.8 migration for big ints by @aaronlp

11.3.0

Updated namespace of AppUninstalledJob #441 by @awebartisan
Only process needed request values #430 by @andrewscofield
Fix deleted charge #431 by @aepnat

11.2.0

Fix #427 - Uninstall job should use shop domain value, not shop ID value
Fix #425 - Mismapping of terms for charge
Merged #429 to help issue #425 by @Enmaboya
Merged #428 to help reinstall/restore of shop by @aepnat

11.1.0

Per-user token expiration is now respected (#422); if token expires, re-auth is triggered
Shopify session token is now tracked in a session cookie (#422); if token is different (most likely due to switching users), re-auth is triggered
Fixed issue where "Test on Development Store" button from Shopify Partner Dashboard does not work (#417)

11.0.2

Additional fixes for object to stdClass for older PHP versions on #416

11.0.1

Fix for #419 merged in #418 - Fix increment on user table linking.
Fix for #416 to change all reference of object to stdClass.

11.0.0

Warning: In no way can you move from 10.x.x t0 11.0.0, see Upgrading for more information.

Complete package rewrite.
Shops are now moved into native Laravel user table.
Auth is now moved into native Laravel auth handling.
New services to assist in API calls, cookie handling, and more.
Code separated into comparments, Actions, Queriers, Commands, Contracts, Services, Traits, and more.
Many thankful contributions and pull requests pulled into the code

10.2.1

Adjusted exception handler to use app.debug.

10.2.0

Basic Shopify API bumped to 6.0.0 to allow for async
Fix for #336 Allow for bulk actions
Merged #330 to auto append "Job" to webhook job creation if missing
Merged #335 to allow for App Bridge version through
Fix for #337 to rely on debug value for throwing exception (previously environment was used)

10.1.0

Adds support to redirect user to login page with nice exception message instead of a 500 error (#277)

10.0.0

#328 for Laravel 6 support
#322 for removing partial flow (only full auth flow now)
#320 for specific exception messaging
Several changes to auth middleware to improve past issues
Fixes to charges/plans to ensure trial days are adjusted on reinstall during trial period

9.2.0

Merged #318 For a new and improved app install page
Merged #310, #309 for specific cases on optional params and improvement to hmac checks
Merged #305 Security Fix for A4 IDOR Vulnerability
Merged #301 Refactors the functionality to get the flow type

9.1.0

Merged #301 to better assist in cleaning up and determining the flow type (AuthShop Middleware)
Merged #299 to add support for SPA apps (AuthShop Middleware)
Merged #298 to assist in session clashes as well as sniff headers for the shop if applicable (AuthShop Middleware)
Added shop_route for Blade templates which extends route, this adds the shop to the URL automatically (see Usage)
Added shop_url for Blade templates which allows for use of custom URLs which will also append the shop to the URL automatically (see Usage)

9.0.0

Adds #283 to introduce prefixable routes
Merges in #284 to assist with partial auth flow so merchant does not have to go through the full auth process when only the session expires

8.0.0

Change from ESDK to AppBridge

7.0.0

Upgrade in underlying API package (Basic-Shopify-API) to support versioned API calls
Upgrade in underlying API package (Basic-Shopify-API) to support per-user authentication
Support for per-user authentication added
AuthShopHandler was split into two to form AuthShopHandler to simple handle common authentication functions and ShopSession to handle storing and getting session values (domain, token, user, etc).
Middleware for AuthShop adjusted to handle per-user authentication case
Shop model now has a session() method which returns the session instance

6.0.0

This release simply introduces a new major version bump to the underlying Shopify API library, Basic-Shopify-API. This package was bumped as well in case some of you are are handling errors with API calls through try/catch. The difference is, the underlying package now internally catches 4XX-500 errors for you and provides the error and messaging in the response object, so your catch block will not fire for these issues.

5.3.0

Added ability to specify which queue channel each job (webhooks, scripttags, and after_authenticate) should use (with a default of null) (#177)
Cleaned up AuthShop middleware to check for any existence of the response being based upon Symfony response (in case someone is using a custom response)

5.2.0

Merged #168 to make asset tags unique.
Fix pushed for #175 for edge-case of charge being re-accessed and attempting to save to database. firstorNew was changed to only scope to shop_id and charge_id instead of shop_id, charge_id, type, and status all in one.

5.1.2

Merged #173 for #164 (Allow for JSON response).

5.1.1

Support for additional cases in issue #164, now checks for AJAX and JSON.

5.1.0

Fix to support for AJAX requests to not modify header information (issue #164)
New service (WebhookManager) now houses logic for webhook creation, deletion, recreation, existance checks and more
WebhookInstallerJob now uses WebhookManager directly

5.0.1

Fix to handle redirect responses on middleware for authshop, this caused an issue with issuing headers.
manual_migrations config option added allowing you to publish migrations to your app's migration folder before running migrations (by default its automatic).

5.0.0

Possible breaking changes if you've extended the package

All code has been refactored to make use of Laravel more "properly"
Code moved to use Facades
Tests re-wrote to use Facades and factories
Services created to aide in re-use (BillingPlan, UsageCharge, AuthShopHandler)
Controller code thinned out to interact with services and provide responses
Request validators added (AuthShop, StoreUsageCharge)

Internally (missing some information):

Error view/pages removed, redirects and exceptions take its place since Shopify now does not support it
Services/BillingPlan, getConfirmationUrl() is now confirmationUrl()
Services/BillingPlan, getChargeParams() is now chargeParams()
Services/BillingPlan, now has save() method
Controllers/BillingController, logic moved to Services/BillingPlan
Facades/ShopifyApp::shop() now accepts a shopify domain param
Controllers/AuthController, moved all logic to Services/AuthShopHandler and Requests/AuthShop (including dispatch of jobs)
Controllers/Webhook, no longer checks if job exists, will now just throw error.

4.2.1

Merged PR #140 to allow for any shop object to use the jobs

4.2.0

Moved Shop model logic into a trait (issue #137). The base shop model now uses a trait from Traits/ShopModelTrait
ShopObserver was changed to accept any object due to the above change as well

4.1.0

Through BasicShopifyAPI library, added abilities to handle built-in rate limiting. See usage for more information.

4.0.6

Fixed charge_id casting to string
Merged #129 to solve #128

4.0.5

Fixed issue #122 where plan_id was not being cleared on uninstall of app (through the AppUninstalledJob), which caused re-installs to not show the billing screen.

4.0.4

Patch for #115 to allow for string or int of Shopify charge ID.
Merged PR #119 to fix POST requests to proxy apps

4.0.3

Fix for charge_id returning from Shopify being cast as a string, #115

4.0.2

Ability for multiple after-authenticate jobs, #106

4.0.1

Fix for #105 where extended Shop Model does not use observer class

4.0.0

Breaking release

Ability for multi-plan billing and usage charhes built-in
Plans are now stored in database (new plans table)
New freemium flag on shops table allowing a shop to use the app for "free"
New plan_id added to shops and charges tables so a charge and shop can be tied to a plan
Config entries modified for config/shopify-app.php to support new billing features
Charge creation on BillingController moved to firstOrNew instead of a new instance directly, solving #94
Default view added for declined charges or issues with charges, solving #96
Addition of usageCharge route on BillingController to automatically handle creation of usgae charges on a recurring charge, given values passed by get/post
BillingPlan modified to work with multiple plans
Added ability to define a default plan on install

3.2.0

Added ability for namespacing apps as per issue #91, multiple apps can now be installed for the same database
Migration was added to support namespacing, namespace is added to shops table
Observer (global) added to shop model to support namespacing so all new shops created automatically get assigned a namespace
Scope (global) added to the shop model to support namespacing so all calls on the model append a where namespace = ?

3.1.1

Removing shopify_token on app uninstall to fix issue #90

3.1.0

Ability to retrieve charge data from Shopify for a charge via $charge->retrieve() for single/recurring/credit type charges
Set previous charge to cancelled on new charge #79
Auto discovery support for provider and facade #81
Tracking previous request URL to prevent always redirecting to home app route for every auth #85
Full page redirect for auth now uses non-escaped Blade variables to prevent double encoding

3.0.2

Merged PR #75 by @paulcanning to force auth redirect URLs to be secure for issue #68
Fix for issue #65 where charge_id was int and needed to be bigint
Fix for issue #60 where Laravel defaults to 120 minute cookie expire, is now set to expire on browser close

3.0.1

Added ability to use ShopifyApp:shop to fix issue #56

3.0.0