Shopify · graygilmore · Jan 7, 2025 · jamesmengo · Jan 7, 2025 · graygilmore
@@ -33,7 +33,7 @@ import {describe, test, expect, beforeEach, vi} from 'vitest'
 import {ensureAuthenticatedAdmin, ensureAuthenticatedStorefront} from '@shopify/cli-kit/node/session'
 import {Config} from '@oclif/core'
 import {getEnvironmentVariables} from '@shopify/cli-kit/node/environment'
-import {isStorefrontPasswordProtected} from '@shopify/theme'
+import {isPasswordProtected} from '@shopify/theme'
 import {fetchTheme} from '@shopify/cli-kit/node/themes/api'
 
 vi.mock('../../context/identifiers.js')
@@ -59,7 +59,7 @@ beforeEach(() => {
   })
   vi.mocked(ensureAuthenticatedStorefront).mockResolvedValue('storefront-token')
   vi.mocked(getEnvironmentVariables).mockReturnValue({})
-  vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(false)
+  vi.mocked(isPasswordProtected).mockResolvedValue(false)
   vi.mocked(fetchTheme).mockResolvedValue({
     id: 1,
     name: 'Theme',

@@ -8,7 +8,7 @@ import {fetchTheme} from '@shopify/cli-kit/node/themes/api'
 import {AbortError} from '@shopify/cli-kit/node/error'
 import {Theme} from '@shopify/cli-kit/node/themes/types'
 import {renderInfo, renderTasks, Task} from '@shopify/cli-kit/node/ui'
-import {initializeDevelopmentExtensionServer, ensureValidPassword, isStorefrontPasswordProtected} from '@shopify/theme'
+import {initializeDevelopmentExtensionServer, ensureValidPassword, isPasswordProtected} from '@shopify/theme'
 import {partnersFqdn} from '@shopify/cli-kit/node/context/fqdn'
 
 interface ThemeAppExtensionServerOptions {
@@ -52,7 +52,7 @@ export async function setupPreviewThemeAppExtensionsProcess(
   ])
 
   const storeFqdn = adminSession.storeFqdn
-  const storefrontPassword = (await isStorefrontPasswordProtected(storeFqdn))
+  const storefrontPassword = (await isPasswordProtected(adminSession))
     ? await ensureValidPassword('', storeFqdn)
     : undefined
 

@@ -0,0 +1,45 @@
+/* eslint-disable @typescript-eslint/consistent-type-definitions */
+import * as Types from './types.js'
+
+import {TypedDocumentNode as DocumentNode} from '@graphql-typed-document-node/core'
+
+export type OnlineStorePasswordProtectionQueryVariables = Types.Exact<{[key: string]: never}>
+
+export type OnlineStorePasswordProtectionQuery = {onlineStore: {passwordProtection: {enabled: boolean}}}
+
+export const OnlineStorePasswordProtection = {
+  kind: 'Document',
+  definitions: [
+    {
+      kind: 'OperationDefinition',
+      operation: 'query',
+      name: {kind: 'Name', value: 'OnlineStorePasswordProtection'},
+      selectionSet: {
+        kind: 'SelectionSet',
+        selections: [
+          {
+            kind: 'Field',
+            name: {kind: 'Name', value: 'onlineStore'},
+            selectionSet: {
+              kind: 'SelectionSet',
+              selections: [
+                {
+                  kind: 'Field',
+                  name: {kind: 'Name', value: 'passwordProtection'},
+                  selectionSet: {
+                    kind: 'SelectionSet',
+                    selections: [
+                      {kind: 'Field', name: {kind: 'Name', value: 'enabled'}},
+                      {kind: 'Field', name: {kind: 'Name', value: '__typename'}},
+                    ],
+                  },
+                },
+                {kind: 'Field', name: {kind: 'Name', value: '__typename'}},
+              ],
+            },
+          },
+        ],
+      },
+    },
+  ],
+} as unknown as DocumentNode<OnlineStorePasswordProtectionQuery, OnlineStorePasswordProtectionQueryVariables>
@@ -0,0 +1,7 @@
+query OnlineStorePasswordProtection {
+  onlineStore {
+    passwordProtection {
+      enabled
+    }
+  }
+}
@@ -18,6 +18,7 @@ import {
 import {MetafieldDefinitionsByOwnerType} from '../../../cli/api/graphql/admin/generated/metafield_definitions_by_owner_type.js'
 import {GetThemes} from '../../../cli/api/graphql/admin/generated/get_themes.js'
 import {GetTheme} from '../../../cli/api/graphql/admin/generated/get_theme.js'
+import {OnlineStorePasswordProtection} from '../../../cli/api/graphql/admin/generated/online_store_password_protection.js'
 import {restRequest, RestResponse, adminRequestDoc} from '@shopify/cli-kit/node/api/admin'
 import {AdminSession} from '@shopify/cli-kit/node/session'
 import {AbortError} from '@shopify/cli-kit/node/error'
@@ -353,6 +354,17 @@ export async function metafieldDefinitionsByOwnerType(type: MetafieldOwnerType,
   }))
 }
 
+export async function passwordProtected(session: AdminSession): Promise<boolean> {
+  const {onlineStore} = await adminRequestDoc(OnlineStorePasswordProtection, session)
+  if (!onlineStore) {
+    unexpectedGraphQLError("Unable to get details about the storefront's password protection")
+  }
+
+  const {passwordProtection} = onlineStore
+
+  return passwordProtection.enabled
+}
+
 async function request<T>(
   method: string,
   path: string,

@@ -1,8 +1,5 @@
 import {ensureReplEnv} from './console.js'
-import {
-  isStorefrontPasswordCorrect,
-  isStorefrontPasswordProtected,
-} from '../utilities/theme-environment/storefront-session.js'
+import {isStorefrontPasswordCorrect, isPasswordProtected} from '../utilities/theme-environment/storefront-session.js'
 import {ensureValidPassword} from '../utilities/theme-environment/storefront-password-prompt.js'
 import {beforeEach, describe, expect, test, vi} from 'vitest'
 import {AdminSession} from '@shopify/cli-kit/node/session'
@@ -30,7 +27,7 @@ describe('ensureReplEnv', () => {
 
   test('should prompt for password when storefront is password protected', async () => {
     // Given
-    vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(true)
+    vi.mocked(isPasswordProtected).mockResolvedValue(true)
     vi.mocked(isStorefrontPasswordCorrect).mockResolvedValue(true)
 
     // When
@@ -43,7 +40,7 @@ describe('ensureReplEnv', () => {
 
   test('should skip prompt and return undefined for password when storefront is not password protected', async () => {
     // Given
-    vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(false)
+    vi.mocked(isPasswordProtected).mockResolvedValue(false)
     vi.mocked(isStorefrontPasswordCorrect).mockResolvedValue(true)
 
     // When
@@ -56,7 +53,7 @@ describe('ensureReplEnv', () => {
 
   test('should return undefined for storePassword when password is provided but storefront is not password protected', async () => {
     // Given
-    vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(false)
+    vi.mocked(isPasswordProtected).mockResolvedValue(false)
     vi.mocked(isStorefrontPasswordCorrect).mockResolvedValue(true)
 
     // When

@@ -1,4 +1,4 @@
-import {isStorefrontPasswordProtected} from '../utilities/theme-environment/storefront-session.js'
+import {isPasswordProtected} from '../utilities/theme-environment/storefront-session.js'
 import {REPLThemeManager} from '../utilities/repl/repl-theme-manager.js'
 import {ensureValidPassword} from '../utilities/theme-environment/storefront-password-prompt.js'
 import {replLoop} from '../utilities/repl/repl.js'
@@ -9,7 +9,7 @@ import {consoleLog} from '@shopify/cli-kit/node/output'
 export async function ensureReplEnv(adminSession: AdminSession, storePasswordFlag?: string) {
   const themeId = await findOrCreateReplTheme(adminSession)
 
-  const storePassword = (await isStorefrontPasswordProtected(adminSession.storeFqdn))
+  const storePassword = (await isPasswordProtected(adminSession))
     ? await ensureValidPassword(storePasswordFlag, adminSession.storeFqdn)
     : undefined
 

@@ -2,7 +2,7 @@ import {dev, DevOptions, openURLSafely, renderLinks} from './dev.js'
 import {setupDevServer} from '../utilities/theme-environment/theme-environment.js'
 import {mountThemeFileSystem} from '../utilities/theme-fs.js'
 import {fakeThemeFileSystem} from '../utilities/theme-fs/theme-fs-mock-factory.js'
-import {isStorefrontPasswordProtected} from '../utilities/theme-environment/storefront-session.js'
+import {isPasswordProtected} from '../utilities/theme-environment/storefront-session.js'
 import {ensureValidPassword} from '../utilities/theme-environment/storefront-password-prompt.js'
 import {emptyThemeExtFileSystem} from '../utilities/theme-fs-empty.js'
 import {initializeDevServerSession} from '../utilities/theme-environment/dev-server-session.js'
@@ -69,7 +69,7 @@ describe('dev', () => {
     test('calls startDevServer with the correct arguments when the `legacy` option is false', async () => {
       // Given
       vi.mocked(initializeDevServerSession).mockResolvedValue(session)
-      vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(true)
+      vi.mocked(isPasswordProtected).mockResolvedValue(true)
       vi.mocked(ensureValidPassword).mockResolvedValue('valid-password')
       vi.mocked(fetchChecksums).mockResolvedValue([])
       vi.mocked(mountThemeFileSystem).mockReturnValue(localThemeFileSystem)

@@ -2,7 +2,7 @@ import {hasRequiredThemeDirectories, mountThemeFileSystem} from '../utilities/th
 import {ensureDirectoryConfirmed} from '../utilities/theme-ui.js'
 import {setupDevServer} from '../utilities/theme-environment/theme-environment.js'
 import {DevServerContext, LiveReload} from '../utilities/theme-environment/types.js'
-import {isStorefrontPasswordProtected} from '../utilities/theme-environment/storefront-session.js'
+import {isPasswordProtected} from '../utilities/theme-environment/storefront-session.js'
 import {ensureValidPassword} from '../utilities/theme-environment/storefront-password-prompt.js'
 import {emptyThemeExtFileSystem} from '../utilities/theme-fs-empty.js'
 import {initializeDevServerSession} from '../utilities/theme-environment/dev-server-session.js'
@@ -42,9 +42,8 @@ export async function dev(options: DevOptions) {
     return
   }
 
-  const storefrontPasswordPromise = isStorefrontPasswordProtected(options.adminSession.storeFqdn).then(
-    (needsPassword) =>
-      needsPassword ? ensureValidPassword(options.storePassword, options.adminSession.storeFqdn) : undefined,
+  const storefrontPasswordPromise = await isPasswordProtected(options.adminSession).then((needsPassword) =>
+    needsPassword ? ensureValidPassword(options.storePassword, options.adminSession.storeFqdn) : undefined,
   )
 
   const localThemeExtensionFileSystem = emptyThemeExtFileSystem()

@@ -1,5 +1,5 @@
 import {ensureValidPassword} from './storefront-password-prompt.js'
-import {isStorefrontPasswordProtected, isStorefrontPasswordCorrect} from './storefront-session.js'
+import {isPasswordProtected, isStorefrontPasswordCorrect} from './storefront-session.js'
 import {
   getStorefrontPassword,
   getThemeStore,
@@ -33,7 +33,7 @@ describe('ensureValidPassword', () => {
 
   test('should skip prompt for password when correct storefront password is provided', async () => {
     // Given
-    vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(true)
+    vi.mocked(isPasswordProtected).mockResolvedValue(true)
     vi.mocked(isStorefrontPasswordCorrect).mockResolvedValue(true)
 
     // When
@@ -45,7 +45,7 @@ describe('ensureValidPassword', () => {
 
   test('should prompt for correct password when incorrect password is provided', async () => {
     // Given
-    vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(true)
+    vi.mocked(isPasswordProtected).mockResolvedValue(true)
     vi.mocked(isStorefrontPasswordCorrect)
       .mockResolvedValueOnce(false)
       .mockResolvedValueOnce(false)
@@ -60,7 +60,7 @@ describe('ensureValidPassword', () => {
 
   test('should read the password from local storage when no password is provided', async () => {
     // Given
-    vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(true)
+    vi.mocked(isPasswordProtected).mockResolvedValue(true)
     vi.mocked(isStorefrontPasswordCorrect).mockResolvedValue(true)
     vi.mocked(getStorefrontPassword).mockReturnValue('testPassword')
 
@@ -73,7 +73,7 @@ describe('ensureValidPassword', () => {
 
   test('should set the password in local storage when a password is validated', async () => {
     // Given
-    vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(true)
+    vi.mocked(isPasswordProtected).mockResolvedValue(true)
     vi.mocked(isStorefrontPasswordCorrect).mockResolvedValue(true)
 
     // When
@@ -85,7 +85,7 @@ describe('ensureValidPassword', () => {
 
   test('should prompt user for password if local storage password is no longer correct', async () => {
     // Given
-    vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(true)
+    vi.mocked(isPasswordProtected).mockResolvedValue(true)
     vi.mocked(isStorefrontPasswordCorrect).mockResolvedValueOnce(false).mockResolvedValue(true)
     vi.mocked(getStorefrontPassword).mockReturnValue('incorrectPassword')
     vi.mocked(renderTextPrompt).mockResolvedValue('correctPassword')
@@ -101,7 +101,7 @@ describe('ensureValidPassword', () => {
 
   test('should call ensureThemeStore with the store URL', async () => {
     // Given
-    vi.mocked(isStorefrontPasswordProtected).mockResolvedValue(true)
+    vi.mocked(isPasswordProtected).mockResolvedValue(true)
     vi.mocked(isStorefrontPasswordCorrect).mockResolvedValue(true)
     vi.mocked(getThemeStore).mockReturnValue(undefined as any)
 

@@ -1,105 +1,11 @@
-import {
-  getStorefrontSessionCookies,
-  isStorefrontPasswordCorrect,
-  isStorefrontPasswordProtected,
-  ShopifyEssentialError,
-} from './storefront-session.js'
+import {getStorefrontSessionCookies, isStorefrontPasswordCorrect, ShopifyEssentialError} from './storefront-session.js'
 import {describe, expect, test, vi} from 'vitest'
 import {fetch} from '@shopify/cli-kit/node/http'
 import {AbortError} from '@shopify/cli-kit/node/error'
 
 vi.mock('@shopify/cli-kit/node/http')
 
 describe('Storefront API', () => {
-  describe('isStorefrontPasswordProtected', () => {
-    test('returns true when the request is redirected to the password page', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com/password'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(true)
-      expect(fetch).toBeCalledWith('https://store.myshopify.com', {
-        method: 'GET',
-      })
-    })
-
-    test('returns false when request is not redirected', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(false)
-      expect(fetch).toBeCalledWith('https://store.myshopify.com', {
-        method: 'GET',
-      })
-    })
-
-    test('returns false when store redirects to a different domain', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.se'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(false)
-    })
-
-    test('returns false when store redirects to a different URI', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com/random'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(false)
-    })
-
-    test('return true when store redirects to /<locale>/password', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com/fr-CA/password'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(true)
-    })
-
-    test('returns false if response is not a 302', async () => {
-      // Given
-      vi.mocked(fetch).mockResolvedValue(response({status: 200, url: 'https://store.myshopify.com/random'}))
-
-      // When
-      const isProtected = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(isProtected).toBe(false)
-    })
-
-    test('ignores query params', async () => {
-      // Given
-      vi.mocked(fetch)
-        .mockResolvedValueOnce(response({status: 200, url: 'https://store.myshopify.com/random?a=b'}))
-        .mockResolvedValueOnce(response({status: 200, url: 'https://store.myshopify.com/password?a=b'}))
-
-      // When
-      const redirectToRandomPath = await isStorefrontPasswordProtected('store.myshopify.com')
-      const redirectToPasswordPath = await isStorefrontPasswordProtected('store.myshopify.com')
-
-      // Then
-      expect(redirectToRandomPath).toBe(false)
-      expect(redirectToPasswordPath).toBe(true)
-    })
-  })
-
   describe('getStorefrontSessionCookies', () => {
     test('retrieves only _shopify_essential cookie when no password is provided', async () => {
       // Given

@@ -3,16 +3,13 @@ import {defaultHeaders} from './storefront-utils.js'
 import {fetch} from '@shopify/cli-kit/node/http'
 import {AbortError} from '@shopify/cli-kit/node/error'
 import {outputDebug} from '@shopify/cli-kit/node/output'
+import {type AdminSession} from '@shopify/cli-kit/node/session'
+import {passwordProtected} from '@shopify/cli-kit/node/themes/api'
 
 export class ShopifyEssentialError extends Error {}
 
-export async function isStorefrontPasswordProtected(storeURL: string): Promise<boolean> {
-  const response = await fetch(prependHttps(storeURL), {
-    method: 'GET',
-  })
-
-  const redirectLocation = new URL(response.url)
-  return redirectLocation.pathname.endsWith('/password')
+export async function isPasswordProtected(session: AdminSession): Promise<boolean> {
+  return passwordProtected(session)
 }
 
 /**