Merge pull request #5166 from Shopify/gg-query-password-setting

Replace isStorefrontPasswordProtected with API call

Author: graygilmore

.changeset/young-windows-deliver.md

@@ -0,0 +1,7 @@
+---
+'@shopify/cli-kit': patch
+'@shopify/theme': patch
+'@shopify/app': patch
+---
+
+Utilize Admin API to determine if a storefront is password protected

packages/app/src/cli/services/dev/processes/theme-app-extension.ts

@@ -52,7 +52,7 @@ export async function setupPreviewThemeAppExtensionsProcess(
   ])
 
   const storeFqdn = adminSession.storeFqdn
-  const storefrontPassword = (await isStorefrontPasswordProtected(storeFqdn))
+  const storefrontPassword = (await isStorefrontPasswordProtected(adminSession))
     ? await ensureValidPassword('', storeFqdn)
     : undefined
 

packages/cli-kit/src/cli/api/graphql/admin/generated/online_store_password_protection.ts

@@ -0,0 +1,45 @@
+/* eslint-disable @typescript-eslint/consistent-type-definitions */
+import * as Types from './types.js'
+
+import {TypedDocumentNode as DocumentNode} from '@graphql-typed-document-node/core'
+
+export type OnlineStorePasswordProtectionQueryVariables = Types.Exact<{[key: string]: never}>
+
+export type OnlineStorePasswordProtectionQuery = {onlineStore: {passwordProtection: {enabled: boolean}}}
+
+export const OnlineStorePasswordProtection = {
+  kind: 'Document',
+  definitions: [
+    {
+      kind: 'OperationDefinition',
+      operation: 'query',
+      name: {kind: 'Name', value: 'OnlineStorePasswordProtection'},
+      selectionSet: {
+        kind: 'SelectionSet',
+        selections: [
+          {
+            kind: 'Field',
+            name: {kind: 'Name', value: 'onlineStore'},
+            selectionSet: {
+              kind: 'SelectionSet',
+              selections: [
+                {
+                  kind: 'Field',
+                  name: {kind: 'Name', value: 'passwordProtection'},
+                  selectionSet: {
+                    kind: 'SelectionSet',
+                    selections: [
+                      {kind: 'Field', name: {kind: 'Name', value: 'enabled'}},
+                      {kind: 'Field', name: {kind: 'Name', value: '__typename'}},
+                    ],
+                  },
+                },
+                {kind: 'Field', name: {kind: 'Name', value: '__typename'}},
+              ],
+            },
+          },
+        ],
+      },
+    },
+  ],
+} as unknown as DocumentNode<OnlineStorePasswordProtectionQuery, OnlineStorePasswordProtectionQueryVariables>

packages/cli-kit/src/cli/api/graphql/admin/generated/types.d.ts

@@ -250,7 +250,7 @@ export type ThemeRole =
    * publishing are restricted until the merchant resolves the licensing issue.
    */
   | 'LOCKED'
-  /** TThe currently published theme. There can only be one main theme at any time. */
+  /** The currently published theme. There can only be one main theme at any time. */
   | 'MAIN'
   /** The currently published theme that is only accessible to a mobile client. */
   | 'MOBILE'

packages/cli-kit/src/cli/api/graphql/admin/queries/online_store_password_protection.graphql

@@ -0,0 +1,7 @@
+query OnlineStorePasswordProtection {
+  onlineStore {
+    passwordProtection {
+      enabled
+    }
+  }
+}

packages/cli-kit/src/public/node/themes/api.ts

@@ -18,6 +18,7 @@ import {
 import {MetafieldDefinitionsByOwnerType} from '../../../cli/api/graphql/admin/generated/metafield_definitions_by_owner_type.js'
 import {GetThemes} from '../../../cli/api/graphql/admin/generated/get_themes.js'
 import {GetTheme} from '../../../cli/api/graphql/admin/generated/get_theme.js'
+import {OnlineStorePasswordProtection} from '../../../cli/api/graphql/admin/generated/online_store_password_protection.js'
 import {restRequest, RestResponse, adminRequestDoc} from '@shopify/cli-kit/node/api/admin'
 import {AdminSession} from '@shopify/cli-kit/node/session'
 import {AbortError} from '@shopify/cli-kit/node/error'
@@ -356,6 +357,17 @@ export async function metafieldDefinitionsByOwnerType(type: MetafieldOwnerType,
   }))
 }
 
+export async function passwordProtected(session: AdminSession): Promise<boolean> {
+  const {onlineStore} = await adminRequestDoc(OnlineStorePasswordProtection, session)
+  if (!onlineStore) {
+    unexpectedGraphQLError("Unable to get details about the storefront's password protection")
+  }
+
+  const {passwordProtection} = onlineStore
+
+  return passwordProtection.enabled
+}
+
 async function request<T>(
   method: string,
   path: string,

packages/theme/src/cli/services/console.ts

@@ -9,7 +9,7 @@ import {consoleLog} from '@shopify/cli-kit/node/output'
 export async function ensureReplEnv(adminSession: AdminSession, storePasswordFlag?: string) {
   const themeId = await findOrCreateReplTheme(adminSession)
 
-  const storePassword = (await isStorefrontPasswordProtected(adminSession.storeFqdn))
+  const storePassword = (await isStorefrontPasswordProtected(adminSession))
     ? await ensureValidPassword(storePasswordFlag, adminSession.storeFqdn)
     : undefined
 

packages/theme/src/cli/services/dev.ts

@@ -42,9 +42,8 @@ export async function dev(options: DevOptions) {
     return
   }
 
-  const storefrontPasswordPromise = isStorefrontPasswordProtected(options.adminSession.storeFqdn).then(
-    (needsPassword) =>
-      needsPassword ? ensureValidPassword(options.storePassword, options.adminSession.storeFqdn) : undefined,
+  const storefrontPasswordPromise = await isStorefrontPasswordProtected(options.adminSession).then((needsPassword) =>
+    needsPassword ? ensureValidPassword(options.storePassword, options.adminSession.storeFqdn) : undefined,
   )
 
   const localThemeExtensionFileSystem = emptyThemeExtFileSystem()

packages/theme/src/cli/utilities/theme-environment/storefront-session.test.ts

@@ -7,96 +7,29 @@ import {
 import {describe, expect, test, vi} from 'vitest'
 import {fetch} from '@shopify/cli-kit/node/http'
 import {AbortError} from '@shopify/cli-kit/node/error'
+import {passwordProtected} from '@shopify/cli-kit/node/themes/api'
+import {type AdminSession} from '@shopify/cli-kit/node/session'
 
 vi.mock('@shopify/cli-kit/node/http')
+vi.mock('@shopify/cli-kit/node/themes/api')
 
 describe('Storefront API', () => {
   describe('isStorefrontPasswordProtected', () => {
-    test('returns true when the request is redirected to the password page', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com/password'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(true)
-      expect(fetch).toBeCalledWith('https://store.myshopify.com', {
-        method: 'GET',
-      })
-    })
-
-    test('returns false when request is not redirected', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(false)
-      expect(fetch).toBeCalledWith('https://store.myshopify.com', {
-        method: 'GET',
-      })
-    })
-
-    test('returns false when store redirects to a different domain', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.se'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(false)
-    })
+    const adminSession: AdminSession = {
+      storeFqdn: 'example-store.myshopify.com',
+      token: '123456',
+    }
 
-    test('returns false when store redirects to a different URI', async () => {
+    test('makes an API call to check if the storefront is password protected', async () => {
       // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com/random'}))
+      vi.mocked(passwordProtected).mockResolvedValueOnce(true)
 
       // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(false)
-    })
-
-    test('return true when store redirects to /<locale>/password', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com/fr-CA/password'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
+      const isProtected = await isStorefrontPasswordProtected(adminSession)
 
       // Then
       expect(isProtected).toBe(true)
-    })
-
-    test('returns false if response is not a 302', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com/random'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(false)
-    })
-
-    test('ignores query params', async () => {
-      // Given
-      vi.mocked(fetch)
-        .mockResolvedValueOnce(response({status: 200, url: 'https://store.myshopify.com/random?a=b'}))
-        .mockResolvedValueOnce(response({status: 200, url: 'https://store.myshopify.com/password?a=b'}))
-
-      // When
-      const redirectToRandomPath = await isStorefrontPasswordProtected('store.myshopify.com')
-      const redirectToPasswordPath = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(redirectToRandomPath).toBe(false)
-      expect(redirectToPasswordPath).toBe(true)
+      expect(passwordProtected).toHaveBeenCalledWith(adminSession)
     })
   })
 

packages/theme/src/cli/utilities/theme-environment/storefront-session.ts

@@ -3,16 +3,13 @@ import {defaultHeaders} from './storefront-utils.js'
 import {fetch} from '@shopify/cli-kit/node/http'
 import {AbortError} from '@shopify/cli-kit/node/error'
 import {outputDebug} from '@shopify/cli-kit/node/output'
+import {type AdminSession} from '@shopify/cli-kit/node/session'
+import {passwordProtected} from '@shopify/cli-kit/node/themes/api'
 
 export class ShopifyEssentialError extends Error {}
 
-export async function isStorefrontPasswordProtected(storeURL: string): Promise<boolean> {
-  const response = await fetch(prependHttps(storeURL), {
-    method: 'GET',
-  })
-
-  const redirectLocation = new URL(response.url)
-  return redirectLocation.pathname.endsWith('/password')
+export async function isStorefrontPasswordProtected(session: AdminSession): Promise<boolean> {
+  return passwordProtected(session)
 }
 
 /**