Don't write API deprecations to a file about shopify-api-php HOT 28 CLOSED

The existence of this is so absolutely mind bogglingly absurd. We have a zoom call of 8 people trying to figure out how to get past this right now, it took us 3 days to figure out what was even happening. Because WHY, IN THE NAME OF ALL THE CHILDREN IN THE WORLD, would anyone do something so completely asinine as writing to /tmp/ from the web user out of a f@#$ing vendor/ package????????

If you don't understand why this is not a reasonable thing to do, I have a pamphlet for a high flying career in food service right here for you to peruse.

from shopify-api-php.

Answering my own question with a workaround I found:

1. Add the following to composer.json

    "autoload": {
        "psr-4": {
            "Shopify\\Clients\\": "app/Overrides/"
        },
        "exclude-from-classmap": ["vendor/shopify/shopify-api/src/Clients/Http.php"]
    },

2. Copy the Shopify implementation of the Http class to app/Overrides/ folder.
3. Remove the deprecation file writing code (below) from the logApiDeprecation function of the copied class (or modify in the way you prefer)

       $warningFilePath = $this->getApiDeprecationTimestampFilePath();

        $lastWarning = null;
        if (file_exists($warningFilePath)) {
            $lastWarning = (int)(file_get_contents($warningFilePath));
        }

        if (time() - $lastWarning < self::DEPRECATION_ALERT_SECONDS) {
            return;
        }

        file_put_contents($warningFilePath, time());

4. Fix the $version line in the request() function, since it relies on the class directory location

        $version = require dirname(__FILE__) . '/../../vendor/shopify/shopify-api/src/version.php';

You may need to run composer dump-autoload after fixing.

from shopify-api-php.

^ This
No composer library should be attempting to write to filesystem, especially a local directory. A simple deprecation warning now produces a fatal error for the entire application.

from shopify-api-php.

Same problem here. I don't understand why write a file in /vendor folder. 🤯

from shopify-api-php.

Is there any workaround for this besides forking the library?

This causes a fatal crash and means I can't fetch orders using Order::find() - despite using the most recent API and not requesting any deprecated fields/endpoints, I still get the deprecation warning.

from shopify-api-php.

This issue is stale because it has been open for 60 days with no activity. It will be closed if no further action occurs in 14 days.

from shopify-api-php.

The problem still exists in the latest version of this package, and the most recent commit to the default branch.
https://github.com/Shopify/shopify-api-php/blob/v5.0.0/src/Clients/Http.php#L288

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

Same issue since Oct 02. All the payments stopped working, so I had to comment out code in the library (file src/Clients/Http.php line 208-213) to get the app working

from shopify-api-php.

+1

from shopify-api-php.

From what I can tell, this was fixed in #263 (3ae0ed4) by moving the temporary file into sys_get_temp_dir() instead of writing to a path within vendor/. This was released as part of version 5.0.0 of this library. (My previous comment was wrong.)

@paulomarg, I think this issue can be closed now.

from shopify-api-php.

@paulomarg, I think this issue can be closed now.

It's up to the maintainers of course, but in all honesty I still don't get why a library has to write deprecations to a file. Even though it's just to the temp directory, there's still a file somewhere that can potentially grow to unknown sizes and can't be routed elsewhere.

from shopify-api-php.

there's still a file somewhere that can potentially grow to unknown sizes and can't be routed elsewhere.

The file contains only a unix timestamp.

from shopify-api-php.

… which then makes me wonder why we need it at all, or at least from a userland perspective.

It's now turning into a discussion of principles and I know that I am on the annoying end of the spectrum, but the cleaner and less surprises in code (especially code provided by a company such as Shopify), the better :)

from shopify-api-php.

It seems like an option to disable this is required, perhaps when doing Context::initialize.

The file .last_api_deprecation_warning makes it impossible to run 2 instances on the same server under different users (something we often do for prod and staging for small apps) because if one of the users creates the file, the other one will be unable to edit it due to lacking ownership.

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.

+1

from shopify-api-php.