Replace isStorefrontPasswordProtected with API call

[graygilmore]

WHY are these changes introduced?

We were previously determining whether or not a storefront was password protected by making a HTTP request to the storefront and checking the response status. This worked for us in the past but is a known fragile piece.

We've now shipped the ability to query whether the storefront is password protected directly in the Admin API so we no longer need to guess. This replaces all instances of isStorefrontPasswordProtected with the updated API call.

WHAT is this pull request doing?

Replaces a fragile process of guessing the meaning of an HTTP status code with making an explicit call to the Admin API to determine whether or not a storefront is password protected.

How to test your changes?

1. Pull down gg-query-password-setting and run pnpm install && pnpm run build
2. Ensure the Online Store that you're auth'd against has password protection enabled
3. Run shopify theme dev --path <local theme path>
4. Ensure you are prompted to enter your storefront's password
5. Ensure after entering the password the dev server is correctly running
6. Stop the process
7. Disable password protection for your store
8. Run shopify theme dev --path <local theme path>
9. Ensure you are not prompted to provide a password

Checklist

• I've considered possible cross-platform impacts (Mac, Linux, Windows)
• I've considered possible documentation changes

[github-actions]

Differences in type declarations

We detected differences in the type declarations generated by Typescript for this branch compared to the baseline ('main' branch). Please, review them to ensure they are backward-compatible. Here are some important things to keep in mind:

• Some seemingly private modules might be re-exported through public modules.
• If the branch is behind main you might see odd diffs, rebase main into this branch.

New type declarations

packages/cli-kit/dist/cli/api/graphql/admin/generated/online_store_password_protection.d.ts

import * as Types from './types.js';
import { TypedDocumentNode as DocumentNode } from '@graphql-typed-document-node/core';
export type OnlineStorePasswordProtectionQueryVariables = Types.Exact<{
    [key: string]: never;
}>;
export type OnlineStorePasswordProtectionQuery = {
    onlineStore: {
        passwordProtection: {
            enabled: boolean;
        };
    };
};
export declare const OnlineStorePasswordProtection: DocumentNode<OnlineStorePasswordProtectionQuery, Types.Exact<{
    [key: string]: never;
}>>;

Existing type declarations

packages/cli-kit/dist/public/node/themes/api.d.ts

@@ -22,4 +22,5 @@ export declare function metafieldDefinitionsByOwnerType(type: MetafieldOwnerType
         name: string;
         category: string;
     };
-}[]>;
\ No newline at end of file
+}[]>;
+export declare function passwordProtected(session: AdminSession): Promise<boolean>;
\ No newline at end of file

[github-actions]

Coverage report

St.❔	Category	Percentage	Covered / Total
🟡	Statements	75.2% (-0% 🔻)	8851/11770
🟡	Branches	70.47% (+0.02% 🔼)	4294/6093
🟡	Functions	75.12% (+0.04% 🔼)	2316/3083
🟡	Lines	75.75% (+0.01% 🔼)	8368/11047

Show new covered files 🐣

St.❔	File	Statements	Branches	Functions	Lines
🟢	... / online_store_password_protection.ts	100%	100%	100%	100%

Show files with reduced coverage 🔻

St.❔	File	Statements	Branches	Functions	Lines
🟡	... / dev.ts	77.78% (-0.22% 🔻)	65% (-0.22% 🔻)	81.25% (+3.47% 🔼)	74.36% (-0.64% 🔻)
🟢	... / app-event-watcher.ts	93.83% (-1.23% 🔻)	86.49% (-2.7% 🔻)	90.48%	98.61%
🔴	... / api.ts	57.63% (-1.68% 🔻)	44.05% (-1.07% 🔻)	58.54% (-1.46% 🔻)	58.93% (-1.81% 🔻)

Test suite run success

1996 tests passing in 903 suites.

Report generated by 🧪jest coverage report action from 222bc76

[jamesmengo]

I wish we had a better distinction internally between the theme-access password and the storefront password.

I've gotten confused by this before, which is why I chose the extremely verbose name. I'm ok with this name.

I'll leave this comment for future devs for the case that someone else is reading this in the future due to naming confusion,

[graygilmore]

I think using "Password Protected" makes it clear to me but I see what you mean. Ideally anytime we're referring to the --password flag we're calling it more like a "token".