Skip to content
Luke Walsh edited this page Dec 18, 2022 · 1 revision

Please refer to the Upgrading doc as well.

17.1.0

  • Increase default Shopify API version from 2020-01 to 2021-01 (#880) @squatto
  • Use stricter assertions (#878) @lucasmichot
  • Remove unexpected arguments (#877) @lucasmichot
  • Fix many docblocks (#876) @lucasmichot
  • Turbolinks fixes (#873) @Enmaboya
  • Also cache laravel/legacy-factories and illuminate/contracts (#875) @lucasmichot
  • Enforce PSR12 standards (#879) @lucasmichot
  • Enable PHP-CS-Fixer in Github Action (#883) @lucasmichot
  • Reformat and clean-up service provider (#884) @lucasmichot
  • Simplify directory structure (#885) @lucasmichot
  • Optimize conditions (#889) @lucasmichot
  • Rename variables (#890) @lucasmichot
  • Exclude file from (#891) @lucasmichot
  • Update PHPUnit (#894) @lucasmichot
  • Uses codecov. (#899) @lucasmichot
  • Retain host parameter after successful install (#900) @stevesweets

17.0.1

  • Support for new GraphQL-style webhook topics (#868) @squatto

17.0.0

Warning: Breaking changes. Additionally, no per-user support

Overall

  • Removal of dependency on cookies
  • Removal of dependency on ITP support
  • Added first-class support for Shopify tokens for auth
  • Improved auth flow

Internal

  • Introduction of a Util class to replace global helper functions
  • Removal of ShopSession class
  • Introduction of a SessionContext object for shops to track token authentication
  • REST webhooks removed in-favour for GraphQL webhooks
  • Use of Laravel's Arr and Str helpers where-can
  • Removal of auth.token middleware in-favour of verify.shopify middleware
  • Removal of auth.shopify middleware in-favour of verify.shopify middleware
  • HMAC, SessionToken, SessionId, introduced as value objects to initialize and verify Shopify data
  • Removal of cappedTerms in-favour of terms for usage charges
  • Bugfix to isEmpty method for value objects
  • Added getShopFromRequest method to ShopDomain value object
  • Update to macros to use direct class for registration of macro instead of Facade
  • Changes to internal layout files to support Shopify tokens

Merged

  • TurboLinks support (#772) @Enmaboya Use ENV for TurboLinks (#774) @squatto
  • URL separator bugfix (#777) @squatto
  • Removal of "token" from query string in target URL handler (#779) @squatto
  • Ignore script tags for TurboLinks re-eval (#780) @Enmaboya
  • Reflash session when getting token (#783) @squatoo
  • Find shop domain from request object (#784) @squatto
  • Always pass the filtered query params to the token redirect (#785) @squatto
  • Update jQuery AJAX header Authorization setting (#790) @thang12l
  • Freemium mode uninstall flag added to uninstall webhook (#801) @mehulvadodariya2012
  • Retain host parameter (#808) @stevesweets
  • Add missing JSON extension (#809) @lucasmichot
  • Github Action adjustments (#810) @lucasmichot
  • Test message and exceptions (#811) @lucasmichot
  • Ensure all class names are PSR4-compliant (#812) @lucasmichot
  • Ensure that test files contain only one class (#813) @lucasmichot
  • Remove useless braces (#814) @lucasmichot
  • Add return types for functions in tests (#815) @lucasmichot
  • Use null coalescence (#816) @lucasmichot
  • Avoid using FQCN (#817) @lucasmichot
  • Remove PHPCS (#820) @lucasmichot
  • Replace abandoned Coveralls package (#821) @lucasmichot
  • Fix CI flags (#822) @lucasmichot
  • Cache composer dependencies in Actions (#824) @lucasmichot
  • Enforce PSR4 namespaces on tests (#825) @lucasmichot
  • Reformat fixture files (#826) @lucasmichot
  • Use getShopifyConfig() instead of env() (#827) @lucasmichot
  • Remove unneeded multiple condition check (#829) @lucasmichot
  • Simplify some condition checking (#830) @lucasmichot
  • Enforce time-safe string comparison with Carbon (#831) @lucasmichot
  • Set specific CI flags (#832) @lucasmichot
  • Improve code coverage on tests (#833) @lucasmichot
  • Introduce static analysis to Actions (#834) @lucasmichot
  • Remove useless dependencies (#835) @lucasmichot
  • Move issue template to Github folder (#836) @lucasmichot
  • Simplify and cleanup .gitignore file (#837) @lucasmichot
  • Simplify and clean up .gitattributes file (#838) @lucasmichot
  • Update composer.json (#839) @lucasmichot
  • Use ::class notations for route controller access (#841) @lucasmichot
  • Use CarbonImmutable for tests (#842) @lucasmichot
  • Remove useless methods (#843) @lucasmichot
  • Introduction of Util class, replace all helpers (#844) @lucasmichot
  • Use Util::getShopifyConfig() over env() (#846) @lucasmichot
  • Merged feature/cookieless (#847) @osiset
  • Remove and ignore /build folder (#848) @lucasmichot
  • Webhooks GraphQL support (#849) @onurkose

16.0.5

  • Ignore data sources on AuthShopify middleware when HMAC is not present (#732)
  • Missing named routes to config (#730) by @squatto

16.0.4

  • Fix high usage of memory during installation (#703)

16.0.3

  • Fix make webhook stub use proper ShopDomain class (#681)
  • Fix webhooks dispatch into specified queue (#682)
  • Fix detection of offline token presence in shop model

16.0.2

  • Fix for browsers without requestStorageAccess (#679)

16.0.1

  • Excluded authentication and billing routes from ITP middleware to not disrupt the install flow (#678)

16.0.0

  • Resolution for ITP issues (#522 / #664)
  • Dropped support for Laravel 5.x and 6.x in GitHub Actions (#664)
  • Added support for PHP 8 (#664)
  • Removed ConfigAccessible trait and ConfigHelper service as they are no longer needed, getShopifyConfig helper function is now the successor

15.1.1

  • Use ShopId interface throughout code instead of direct reference to class (#643 / #646)
  • Fix for config array being empty on fresh Laravel 8 install (#649)
  • Fix to check for already-existing deleted_at column (soft delete) on migration install (#642)

15.1.0

  • Added new config option config_api_callback (#629) to allow for having custom logic for accessing api_* config such as api_key, api_secret etc

15.0.0

  • Fix to all jobs (#624) so that they now use basic scalar values to prevent serialization errors
  • WebhookInstaller and ScripttagInstaller jobs no longer inject the action class, the action class is resolved in the handle method

14.0.3

  • Adjustment to use Request::all() instead of Request::instance() for api_init to prevent serialization errors

14.0.2

  • Patch to add current request instance to be injected into api_init

14.0.1

  • Fix to route overrides (#619)
  • Pass session object into api_init option (#620)

14.0.0

  • Added JWT support (#601)

13.1.0

  • Ability to override routes through config (#598)

13.0.0

  • Add Laravel 8 support (#570)
  • API library updated to support Laravel 8 / Guzzle 7 (#582)
  • Removal of "login" route and view
  • Unused script tags auto-deleted (#543)
  • Unused webhooks auto-deleted

Internal:

  • Always use proper assertions for testing (#581)
  • Migrate PHPUnit configuration file against its new schema (#580)
  • Enforce editorconfig settings on fixtures (#579)
  • Exception is now thrown for bad signature instead of a redirect to "login" page
  • Exception is now thrown for missing shop domain instead of redirect to "login" page
  • BaseException render method removed
  • Value objects migrated to use fromNative instead of new
  • Adjustment to remove legecy-factories dependency (#576)
  • Do not hardcode dev package in composer.json (#575)
  • Removal of bin directory (#574)
  • Updated composer.json to support legacy factories for Orchestra (#573)
  • Normalize composer.json (#561)
  • Fix all constructor return docblocks signatures (#560)
  • Declare missing tests classes properties (#559)
  • Always prefer stricter comparisons (#558)
  • StyleCI integration (#557)
  • .editorconfig support (#556)
  • Fix shopDomain type in webhook generator (#555)
  • Update the comment typos of shopify-app.php (#553)

12.1.0

  • ShopModel trait boot method by @bilfeldt #517
  • Fix for old authentication middleware by @bilfeldt #519
  • Support for new annual subscriptions by @aepnat #516

12.0.1

  • Updated type hints for underlying API library

12.0.0

Warning: Contains potential breaking changes to API access, see Upgrading for more information

  • Upgrade to v9.0 of underlying API package
  • ApiSession transfer object removed, replaced with underlying API package's Osiset\BasicShopifyAPI\Session
  • All return types for Services/ApiHelper which we're stdClass are now changed to Osiset\BasicShopifyAPI\ResponseAccess or array

11.5.0

  • Parse query strings the same as Shopify to support array parameters by @joelvh #469
  • Fix for #424 by aliasing ONETIME to CHARGE for ChargeType enum
  • Fix for #462 to ensure HMAC is passed if shop is guest
  • ShopDomain object instead of string in webhook-job stub by @awebartisan #472

11.4.0

  • 445 - Adds isRecurring check for activated_on by @awebartisan
  • 449 - Fix 5.8 migration for big ints by @aaronlp

11.3.0

  • Updated namespace of AppUninstalledJob #441 by @awebartisan
  • Only process needed request values #430 by @andrewscofield
  • Fix deleted charge #431 by @aepnat

11.2.0

  • Fix #427 - Uninstall job should use shop domain value, not shop ID value
  • Fix #425 - Mismapping of terms for charge
  • Merged #429 to help issue #425 by @Enmaboya
  • Merged #428 to help reinstall/restore of shop by @aepnat

11.1.0

  • Per-user token expiration is now respected (#422); if token expires, re-auth is triggered
  • Shopify session token is now tracked in a session cookie (#422); if token is different (most likely due to switching users), re-auth is triggered
  • Fixed issue where "Test on Development Store" button from Shopify Partner Dashboard does not work (#417)

11.0.2

  • Additional fixes for object to stdClass for older PHP versions on #416

11.0.1

  • Fix for #419 merged in #418 - Fix increment on user table linking.
  • Fix for #416 to change all reference of object to stdClass.

11.0.0

Warning: In no way can you move from 10.x.x t0 11.0.0, see Upgrading for more information.

  • Complete package rewrite.
  • Shops are now moved into native Laravel user table.
  • Auth is now moved into native Laravel auth handling.
  • New services to assist in API calls, cookie handling, and more.
  • Code separated into comparments, Actions, Queriers, Commands, Contracts, Services, Traits, and more.
  • Many thankful contributions and pull requests pulled into the code

10.2.1

  • Adjusted exception handler to use app.debug.

10.2.0

  • Basic Shopify API bumped to 6.0.0 to allow for async
  • Fix for #336 Allow for bulk actions
  • Merged #330 to auto append "Job" to webhook job creation if missing
  • Merged #335 to allow for App Bridge version through
  • Fix for #337 to rely on debug value for throwing exception (previously environment was used)

10.1.0

  • Adds support to redirect user to login page with nice exception message instead of a 500 error (#277)

10.0.0

  • #328 for Laravel 6 support
  • #322 for removing partial flow (only full auth flow now)
  • #320 for specific exception messaging
  • Several changes to auth middleware to improve past issues
  • Fixes to charges/plans to ensure trial days are adjusted on reinstall during trial period

9.2.0

  • Merged #318 For a new and improved app install page
  • Merged #310, #309 for specific cases on optional params and improvement to hmac checks
  • Merged #305 Security Fix for A4 IDOR Vulnerability
  • Merged #301 Refactors the functionality to get the flow type

9.1.0

  • Merged #301 to better assist in cleaning up and determining the flow type (AuthShop Middleware)
  • Merged #299 to add support for SPA apps (AuthShop Middleware)
  • Merged #298 to assist in session clashes as well as sniff headers for the shop if applicable (AuthShop Middleware)
  • Added shop_route for Blade templates which extends route, this adds the shop to the URL automatically (see Usage)
  • Added shop_url for Blade templates which allows for use of custom URLs which will also append the shop to the URL automatically (see Usage)

9.0.0

  • Adds #283 to introduce prefixable routes
  • Merges in #284 to assist with partial auth flow so merchant does not have to go through the full auth process when only the session expires

8.0.0

  • Change from ESDK to AppBridge

7.0.0

  • Upgrade in underlying API package (Basic-Shopify-API) to support versioned API calls
  • Upgrade in underlying API package (Basic-Shopify-API) to support per-user authentication
  • Support for per-user authentication added
  • AuthShopHandler was split into two to form AuthShopHandler to simple handle common authentication functions and ShopSession to handle storing and getting session values (domain, token, user, etc).
  • Middleware for AuthShop adjusted to handle per-user authentication case
  • Shop model now has a session() method which returns the session instance

6.0.0

  • This release simply introduces a new major version bump to the underlying Shopify API library, Basic-Shopify-API. This package was bumped as well in case some of you are are handling errors with API calls through try/catch. The difference is, the underlying package now internally catches 4XX-500 errors for you and provides the error and messaging in the response object, so your catch block will not fire for these issues.

5.3.0

  • Added ability to specify which queue channel each job (webhooks, scripttags, and after_authenticate) should use (with a default of null) (#177)
  • Cleaned up AuthShop middleware to check for any existence of the response being based upon Symfony response (in case someone is using a custom response)

5.2.0

  • Merged #168 to make asset tags unique.
  • Fix pushed for #175 for edge-case of charge being re-accessed and attempting to save to database. firstorNew was changed to only scope to shop_id and charge_id instead of shop_id, charge_id, type, and status all in one.

5.1.2

  • Merged #173 for #164 (Allow for JSON response).

5.1.1

  • Support for additional cases in issue #164, now checks for AJAX and JSON.

5.1.0

  • Fix to support for AJAX requests to not modify header information (issue #164)
  • New service (WebhookManager) now houses logic for webhook creation, deletion, recreation, existance checks and more
  • WebhookInstallerJob now uses WebhookManager directly

5.0.1

  • Fix to handle redirect responses on middleware for authshop, this caused an issue with issuing headers.
  • manual_migrations config option added allowing you to publish migrations to your app's migration folder before running migrations (by default its automatic).

5.0.0

Possible breaking changes if you've extended the package

  • All code has been refactored to make use of Laravel more "properly"
  • Code moved to use Facades
  • Tests re-wrote to use Facades and factories
  • Services created to aide in re-use (BillingPlan, UsageCharge, AuthShopHandler)
  • Controller code thinned out to interact with services and provide responses
  • Request validators added (AuthShop, StoreUsageCharge)

Internally (missing some information):

  • Error view/pages removed, redirects and exceptions take its place since Shopify now does not support it
  • Services/BillingPlan, getConfirmationUrl() is now confirmationUrl()
  • Services/BillingPlan, getChargeParams() is now chargeParams()
  • Services/BillingPlan, now has save() method
  • Controllers/BillingController, logic moved to Services/BillingPlan
  • Facades/ShopifyApp::shop() now accepts a shopify domain param
  • Controllers/AuthController, moved all logic to Services/AuthShopHandler and Requests/AuthShop (including dispatch of jobs)
  • Controllers/Webhook, no longer checks if job exists, will now just throw error.

4.2.1

  • Merged PR #140 to allow for any shop object to use the jobs

4.2.0

  • Moved Shop model logic into a trait (issue #137). The base shop model now uses a trait from Traits/ShopModelTrait
  • ShopObserver was changed to accept any object due to the above change as well

4.1.0

  • Through BasicShopifyAPI library, added abilities to handle built-in rate limiting. See usage for more information.

4.0.6

  • Fixed charge_id casting to string
  • Merged #129 to solve #128

4.0.5

  • Fixed issue #122 where plan_id was not being cleared on uninstall of app (through the AppUninstalledJob), which caused re-installs to not show the billing screen.

4.0.4

  • Patch for #115 to allow for string or int of Shopify charge ID.
  • Merged PR #119 to fix POST requests to proxy apps

4.0.3

  • Fix for charge_id returning from Shopify being cast as a string, #115

4.0.2

  • Ability for multiple after-authenticate jobs, #106

4.0.1

  • Fix for #105 where extended Shop Model does not use observer class

4.0.0

Breaking release

  • Ability for multi-plan billing and usage charhes built-in
  • Plans are now stored in database (new plans table)
  • New freemium flag on shops table allowing a shop to use the app for "free"
  • New plan_id added to shops and charges tables so a charge and shop can be tied to a plan
  • Config entries modified for config/shopify-app.php to support new billing features
  • Charge creation on BillingController moved to firstOrNew instead of a new instance directly, solving #94
  • Default view added for declined charges or issues with charges, solving #96
  • Addition of usageCharge route on BillingController to automatically handle creation of usgae charges on a recurring charge, given values passed by get/post
  • BillingPlan modified to work with multiple plans
  • Added ability to define a default plan on install

3.2.0

  • Added ability for namespacing apps as per issue #91, multiple apps can now be installed for the same database
  • Migration was added to support namespacing, namespace is added to shops table
  • Observer (global) added to shop model to support namespacing so all new shops created automatically get assigned a namespace
  • Scope (global) added to the shop model to support namespacing so all calls on the model append a where namespace = ?

3.1.1

  • Removing shopify_token on app uninstall to fix issue #90

3.1.0

  • Ability to retrieve charge data from Shopify for a charge via $charge->retrieve() for single/recurring/credit type charges
  • Set previous charge to cancelled on new charge #79
  • Auto discovery support for provider and facade #81
  • Tracking previous request URL to prevent always redirecting to home app route for every auth #85
  • Full page redirect for auth now uses non-escaped Blade variables to prevent double encoding

3.0.2

  • Merged PR #75 by @paulcanning to force auth redirect URLs to be secure for issue #68
  • Fix for issue #65 where charge_id was int and needed to be bigint
  • Fix for issue #60 where Laravel defaults to 120 minute cookie expire, is now set to expire on browser close

3.0.1

  • Added ability to use ShopifyApp:shop to fix issue #56

3.0.0

Breaking release

  • Focused release on tracking charges (for trial purposes mainly) for issues #25
  • charge_id is removed from the Shop table and instead, a charges tables is created which is a many-to-one relation to the shop
  • Charges can now be tracked to the shop, if a shop uninstalls during a trial period and attempts to reinstall, they will get adjusted dates
  • Soft deleting of shops and charges is now supported
  • New webhook (not enabled by default) is setup to support soft delete and the charges, as well as mark the current charge (if one) as cancelled
  • Several other improvements

2.3.2

  • Added backport fix for issue #56 to allow for ShopifyApp::shop to be used in proxy requests.

2.3.1

  • Modified AuthShop middleware to check for a missing shop access token, and redirect to auth process if missing. Fix for issue #29.

2.3.0

  • Updates underlying Shopify API to allow for both REST and GraphQL calls (which is in BETA by Shopify) (ohmybrew/[email protected] -> ohmybrew/[email protected])
  • No breaking changes should occur as the underlying library for the Shopify API remains the same

2.2.0

  • Adds support for passing UsageCharge API details (capped_amount, terms) to the billing screen (issue #21)

v2.1.1

  • Solves edge cases for items like issue #18 where session authentication gets axed before the redirection, it is now moved to use HTTP params instead of session

v2.1.0

  • Added ability to disable ESDK (which is enabled by default) (see configuration for disabling) (issue #16)
  • Automatic header handling for ESDK mode through the middleware

v2.0.1

  • Fix for issue #14 for webhook causing CSRF issue (moved route to API group)
  • Fix to allow for 5.6 of Laravel to be installed through Composer from pull #13 (@c4l3b)

v2.0.0

  • Added ability for billable applications through simple configuration
  • Apps can now easily charge either single or recurring applications charges
  • Updated tests to be cleaner by using new fixtures
  • StyleCI integrated to correct code styling

v1.3.1

  • Fix to use base64 encoding for checking webhook HMAC strings

v1.3.0

  • Added support for Laravel 5.5 release

v1.2.0

  • Added ability for a user-defined job to run after shop authentication

v1.1.0

  • Added support for application proxies via middleware

v1.0.0

  • All features implemented and tested for which includes:
    • Provide assistance in developing Shopify apps with Laravel
    • Integration with Shopify API
    • Authentication & installation for shops
    • Auto install app webhooks and scripttags thorugh background jobs
    • Provide basic ESDK views
    • Handles and processes incoming webhooks

v0.1.1

  • Fixed issue with build causing 500 error

v0.1.0

  • Initial working code release

Welcome to the wiki!

Please see the homepage for a list of relevant pages.

Clone this wiki locally