Merge branch 'main' into 08-27-fix_url_generation_for_release_message

isaacroldan · isaacroldan · commit b9396906518f · 2025-08-27T13:05:15.000+02:00
diff --git a/.changeset/dull-cycles-brush.md b/.changeset/dull-cycles-brush.md
@@ -0,0 +1,5 @@
+---
+'@shopify/theme': patch
+---
+
+No longer raise password errors when users use custom app passwords on `shopify theme pull/push` commands
diff --git a/.changeset/flat-schools-dance.md b/.changeset/flat-schools-dance.md
@@ -0,0 +1,5 @@
+---
+'@shopify/cli-kit': patch
+---
+
+Remove redundant calls to normalizeStoreFqdn in requests
diff --git a/.changeset/wild-moles-help.md b/.changeset/wild-moles-help.md
@@ -0,0 +1,5 @@
+---
+'@shopify/app': patch
+---
+
+Fix deeplink URL after a deploy
diff --git a/packages/app/src/cli/api/graphql/business-platform-organizations/generated/types.d.ts b/packages/app/src/cli/api/graphql/business-platform-organizations/generated/types.d.ts
@@ -48,6 +48,8 @@ export type Scalars = {
   OrganizationID: {input: any; output: any}
   /** The ID for a OrganizationUser. */
   OrganizationUserID: {input: any; output: any}
+  /** The ID for a PersonAlias. */
+  PersonAliasID: {input: any; output: any}
   /** The ID for a Person. */
   PersonID: {input: any; output: any}
   /** The ID for a Principal. */
diff --git a/packages/app/src/cli/utilities/developer-platform-client/app-management-client.ts b/packages/app/src/cli/utilities/developer-platform-client/app-management-client.ts
@@ -1230,11 +1230,12 @@ async function appDeepLink({
   id,
   organizationId,
 }: Pick<MinimalAppIdentifiers, 'id' | 'organizationId'>): Promise<string> {
-  return `https://${await developerDashboardFqdn()}/dashboard/${organizationId}/apps/${numberFromGid(id)}`
+  const orgId = numberFromGid(organizationId).toString()
+  return `https://${await developerDashboardFqdn()}/dashboard/${orgId}/apps/${numberFromGid(id)}`
 }
 
 export async function versionDeepLink(organizationId: string, appId: string, versionId: string): Promise<string> {
-  const appLink = await appDeepLink({organizationId: numberFromGid(organizationId).toString(), id: appId})
+  const appLink = await appDeepLink({organizationId, id: appId})
   return `${appLink}/versions/${numberFromGid(versionId)}`
 }
 
diff --git a/packages/cli-kit/src/public/node/api/admin.test.ts b/packages/cli-kit/src/public/node/api/admin.test.ts
@@ -28,7 +28,7 @@ const mockedResult = {
 }
 
 const token = 'token'
-const Session: AdminSession = {token, storeFqdn: 'store'}
+const Session: AdminSession = {token, storeFqdn: 'store.myshopify.com'}
 
 describe('admin-graphql-api', () => {
   test('calls the graphql client twice: get api version and then execute the request', async () => {
@@ -83,7 +83,7 @@ describe('admin-graphql-api', () => {
       api: 'Admin',
       addedHeaders: {
         'X-Shopify-Access-Token': 'shptka_token',
-        'X-Shopify-Shop': 'store',
+        'X-Shopify-Shop': 'store.myshopify.com',
       },
       url: `https://${defaultThemeKitAccessDomain}/cli/admin/api/2022-01/graphql.json`,
       token: themeAccessToken,
@@ -131,7 +131,7 @@ describe('admin-rest-api', () => {
     await admin.restRequest('GET', '/themes', Session)
 
     // Then
-    expect(spyFetch).toHaveBeenLastCalledWith('https://store/admin/api/unstable/themes.json', {
+    expect(spyFetch).toHaveBeenLastCalledWith('https://store.myshopify.com/admin/api/unstable/themes.json', {
       headers,
       method: 'GET',
     })
@@ -164,7 +164,7 @@ describe('admin-rest-api', () => {
         headers: {
           'Content-Type': 'application/json',
           'X-Shopify-Access-Token': 'shptka_token',
-          'X-Shopify-Shop': 'store',
+          'X-Shopify-Shop': 'store.myshopify.com',
         },
         method: 'GET',
       },
diff --git a/packages/cli-kit/src/public/node/api/admin.ts b/packages/cli-kit/src/public/node/api/admin.ts
@@ -16,7 +16,7 @@ import {
 } from '../../../private/node/api/rest.js'
 import {RequestModeInput, shopifyFetch} from '../http.js'
 import {PublicApiVersions} from '../../../cli/api/graphql/admin/generated/public_api_versions.js'
-import {normalizeStoreFqdn} from '../context/fqdn.js'
+
 import {themeKitAccessDomain} from '../../../private/node/constants.js'
 import {serviceEnvironment} from '../../../private/node/context/service.js'
 import {DevServerCore} from '../vendor/dev_server/index.js'
@@ -36,7 +36,7 @@ const LatestApiVersionByFQDN = new Map<string, string>()
 export async function adminRequest<T>(query: string, session: AdminSession, variables?: GraphQLVariables): Promise<T> {
   const api = 'Admin'
   const version = await fetchLatestSupportedApiVersion(session)
-  let storeDomain = await normalizeStoreFqdn(session.storeFqdn)
+  let storeDomain = session.storeFqdn
   const addedHeaders = themeAccessHeaders(session)
 
   if (serviceEnvironment() === 'local') {
@@ -78,7 +78,7 @@ export async function adminRequestDoc<TResult, TVariables extends Variables>(
   if (!apiVersion) {
     apiVersion = await fetchLatestSupportedApiVersion(session, preferredBehaviour)
   }
-  let storeDomain = await normalizeStoreFqdn(session.storeFqdn)
+  let storeDomain = session.storeFqdn
   const addedHeaders = themeAccessHeaders(session)
 
   if (serviceEnvironment() === 'local') {
diff --git a/packages/cli-kit/src/public/node/session.test.ts b/packages/cli-kit/src/public/node/session.test.ts
@@ -173,7 +173,7 @@ describe('ensureAuthenticatedTheme', () => {
 
   test('returns the password when is provided and custom_app_token', async () => {
     // When
-    const got = await ensureAuthenticatedThemes('mystore', 'password')
+    const got = await ensureAuthenticatedThemes('mystore.myshopify.com', 'password')
 
     // Then
     expect(got).toEqual({token: 'password', storeFqdn: 'mystore.myshopify.com'})
@@ -183,7 +183,7 @@ describe('ensureAuthenticatedTheme', () => {
 
   test('returns the password when is provided and theme_access_token', async () => {
     // When
-    const got = await ensureAuthenticatedThemes('mystore', 'shptka_password')
+    const got = await ensureAuthenticatedThemes('mystore.myshopify.com', 'shptka_password')
 
     // Then
     expect(got).toEqual({token: 'shptka_password', storeFqdn: 'mystore.myshopify.com'})
diff --git a/packages/cli-kit/src/public/node/session.ts b/packages/cli-kit/src/public/node/session.ts
@@ -1,4 +1,3 @@
-import {normalizeStoreFqdn} from './context/fqdn.js'
 import {BugError} from './error.js'
 import {getPartnersToken} from './environment.js'
 import {nonRandomUUID} from './crypto.js'
@@ -190,7 +189,7 @@ export async function ensureAuthenticatedThemes(
 ${outputToken.json(scopes)}
 `)
   if (password) {
-    const session = {token: password, storeFqdn: await normalizeStoreFqdn(store)}
+    const session = {token: password, storeFqdn: store}
     const authMethod = isThemeAccessSession(session) ? 'theme_access_token' : 'custom_app_token'
     setLastSeenAuthMethod(authMethod)
     setLastSeenUserIdAfterAuth(nonRandomUUID(password))
diff --git a/packages/theme/src/cli/commands/theme/console.ts b/packages/theme/src/cli/commands/theme/console.ts
@@ -2,6 +2,7 @@ import {themeFlags} from '../../flags.js'
 import ThemeCommand from '../../utilities/theme-command.js'
 import {ensureThemeStore} from '../../utilities/theme-store.js'
 import {ensureReplEnv, initializeRepl} from '../../services/console.js'
+import {validateThemePassword} from '../../services/flags-validation.js'
 import {globalFlags} from '@shopify/cli-kit/node/cli'
 import {ensureAuthenticatedThemes} from '@shopify/cli-kit/node/session'
 import {Flags} from '@oclif/core'
@@ -33,6 +34,9 @@ export default class Console extends ThemeCommand {
 
   async run() {
     const {flags} = await this.parse(Console)
+
+    validateThemePassword(flags.password)
+
     const store = ensureThemeStore(flags)
     const {url, password: themeAccessPassword} = flags
 
diff --git a/packages/theme/src/cli/commands/theme/dev.ts b/packages/theme/src/cli/commands/theme/dev.ts
@@ -5,6 +5,7 @@ import {dev} from '../../services/dev.js'
 import {DevelopmentThemeManager} from '../../utilities/development-theme-manager.js'
 import {findOrSelectTheme} from '../../utilities/theme-selector.js'
 import {metafieldsPull} from '../../services/metafields-pull.js'
+import {validateThemePassword} from '../../services/flags-validation.js'
 import {Flags} from '@oclif/core'
 import {globalFlags} from '@shopify/cli-kit/node/cli'
 import {Theme} from '@shopify/cli-kit/node/themes/types'
@@ -126,6 +127,8 @@ You can run this command only in a directory that matches the [default Shopify t
     let flags = parsed.flags as typeof parsed.flags & FlagValues
     const {ignore = [], only = []} = flags
 
+    validateThemePassword(flags.password)
+
     const store = ensureThemeStore(flags)
     const adminSession = await ensureAuthenticatedThemes(store, flags.password)
 
diff --git a/packages/theme/src/cli/commands/theme/profile.ts b/packages/theme/src/cli/commands/theme/profile.ts
@@ -4,6 +4,7 @@ import {profile} from '../../services/profile.js'
 import {ensureThemeStore} from '../../utilities/theme-store.js'
 import {findOrSelectTheme} from '../../utilities/theme-selector.js'
 import {renderTasksToStdErr} from '../../utilities/theme-ui.js'
+import {validateThemePassword} from '../../services/flags-validation.js'
 import {ensureAuthenticatedThemes} from '@shopify/cli-kit/node/session'
 import {Flags} from '@oclif/core'
 import {globalFlags, jsonFlag} from '@shopify/cli-kit/node/cli'
@@ -42,6 +43,9 @@ export default class Profile extends ThemeCommand {
 
   async run(): Promise<void> {
     const {flags} = await this.parse(Profile)
+
+    validateThemePassword(flags.password)
+
     const store = ensureThemeStore(flags)
     const {password: themeAccessPassword} = flags
 
diff --git a/packages/theme/src/cli/flags.ts b/packages/theme/src/cli/flags.ts
@@ -1,6 +1,5 @@
 import {Flags} from '@oclif/core'
 import {normalizeStoreFqdn} from '@shopify/cli-kit/node/context/fqdn'
-import {AbortError} from '@shopify/cli-kit/node/error'
 import {resolvePath, cwd} from '@shopify/cli-kit/node/path'
 
 /**
@@ -18,13 +17,6 @@ export const themeFlags = {
   password: Flags.string({
     description: 'Password generated from the Theme Access app.',
     env: 'SHOPIFY_CLI_THEME_TOKEN',
-    parse: async (input) => {
-      if (input.startsWith('shptka_')) {
-        return input
-      }
-
-      throw new AbortError('Invalid password. Please generate a new password from the Theme Access app.')
-    },
   }),
   store: Flags.string({
     char: 's',
diff --git a/packages/theme/src/cli/services/flags-validation.test.ts b/packages/theme/src/cli/services/flags-validation.test.ts
@@ -0,0 +1,37 @@
+import {validateThemePassword} from './flags-validation.js'
+import {describe, expect, test} from 'vitest'
+import {AbortError} from '@shopify/cli-kit/node/error'
+
+describe('validateThemePassword', () => {
+  describe('valid cases', () => {
+    test('should not throw when password is undefined or empty string', () => {
+      expect(() => validateThemePassword(undefined)).not.toThrow()
+      expect(() => validateThemePassword('')).not.toThrow()
+    })
+
+    test('should not throw when password starts with shptka_', () => {
+      expect(() => validateThemePassword('shptka_valid_token')).not.toThrow()
+      expect(() => validateThemePassword('shptka_')).not.toThrow()
+      expect(() => validateThemePassword('shptka_abc123')).not.toThrow()
+    })
+  })
+
+  describe('invalid cases', () => {
+    test('should throw AbortError when password does not start with shptka_', () => {
+      expect(() => validateThemePassword('valid-password')).toThrow(AbortError)
+      expect(() => validateThemePassword('theme_token_123')).toThrow(AbortError)
+      expect(() => validateThemePassword('shpat_abc123def456')).toThrow(AbortError)
+    })
+
+    test('should throw when shptka_ appears but not at the start', () => {
+      expect(() => validateThemePassword('prefix_shptka_suffix')).toThrow(AbortError)
+      expect(() => validateThemePassword('some_shptka_token')).toThrow(AbortError)
+    })
+
+    test('should throw correct error message for non-shptka_ passwords', () => {
+      expect(() => validateThemePassword('invalid_token')).toThrow(
+        'Invalid password. Please generate a new password from the Theme Access app.',
+      )
+    })
+  })
+})
diff --git a/packages/theme/src/cli/services/flags-validation.ts b/packages/theme/src/cli/services/flags-validation.ts
@@ -0,0 +1,23 @@
+import {AbortError} from '@shopify/cli-kit/node/error'
+
+/**
+ * Validates that a theme password uses the required shptka_ format.
+ *
+ * Commands like `shopify theme dev`, `shopify theme console`, and
+ * `shopify theme profile` require passwords from the Theme Access app or
+ * standard authentication, as these commands rely on Storefront APIs that only
+ * work with Theme Access authentication.
+ *
+ * Legacy authentication methods are still supported in `shopify theme pull`
+ * and `shopify theme push` for backwards compatibility.
+ *
+ * @param password - the password to validate
+ * @throws AbortError when password doesn't start with 'shptka_'
+ */
+export function validateThemePassword(password?: string): void {
+  if (!password) return
+
+  if (password.startsWith('shptka_')) return
+
+  throw new AbortError('Invalid password. Please generate a new password from the Theme Access app.')
+}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@shopify/theme': patch
 +---
++
 +No longer raise password errors when users use custom app passwords on `shopify theme pull/push` commands
Original file line number	Diff line number	Diff line change
`@@ -1230,11 +1230,12 @@ async function appDeepLink({`
`1230`	`1230`	`id,`
`1231`	`1231`	`organizationId,`
`1232`	`1232`	`}: Pick<MinimalAppIdentifiers, 'id' \| 'organizationId'>): Promise<string> {`
`1233`		- return `https://${await developerDashboardFqdn()}/dashboard/${organizationId}/apps/${numberFromGid(id)}`
	`1233`	`+ const orgId = numberFromGid(organizationId).toString()`
	`1234`	+ return `https://${await developerDashboardFqdn()}/dashboard/${orgId}/apps/${numberFromGid(id)}`
`1234`	`1235`	`}`
`1235`	`1236`
`1236`	`1237`	`export async function versionDeepLink(organizationId: string, appId: string, versionId: string): Promise<string> {`
`1237`		`- const appLink = await appDeepLink({organizationId: numberFromGid(organizationId).toString(), id: appId})`
	`1238`	`+ const appLink = await appDeepLink({organizationId, id: appId})`
`1238`	`1239`	return `${appLink}/versions/${numberFromGid(versionId)}`
`1239`	`1240`	`}`
`1240`	`1241`