Class: OmniAuth::Strategies::Shopify
- Inherits:
-
OAuth2
- Object
- OAuth2
- OmniAuth::Strategies::Shopify
- Defined in:
- lib/omniauth/strategies/shopify.rb
Constant Summary collapse
- DEFAULT_SCOPE =
Available scopes: content themes products customers orders script_tags shipping read_* or write_*
'read_products'- MINUTE =
60- CODE_EXPIRES_AFTER =
10 * MINUTE
Class Method Summary collapse
Instance Method Summary collapse
- #authorize_params ⇒ Object
- #build_access_token ⇒ Object
- #callback_phase ⇒ Object
- #callback_url ⇒ Object
- #fix_https ⇒ Object
- #request_phase ⇒ Object
- #setup_phase ⇒ Object
- #valid_scope?(token) ⇒ Boolean
- #valid_signature? ⇒ Boolean
- #valid_site? ⇒ Boolean
Class Method Details
.encoded_params_for_signature(params) ⇒ Object
56 57 58 59 60 61 |
# File 'lib/omniauth/strategies/shopify.rb', line 56 def self.encoded_params_for_signature(params) params = params.dup params.delete('hmac') params.delete('signature') # deprecated signature params.map{|k,v| "#{URI.escape(k.to_s, '&=%')}=#{URI.escape(v.to_s, '&%')}"}.sort.join('&') end |
.hmac_sign(encoded_params, secret) ⇒ Object
63 64 65 |
# File 'lib/omniauth/strategies/shopify.rb', line 63 def self.hmac_sign(encoded_params, secret) OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, encoded_params) end |
Instance Method Details
#authorize_params ⇒ Object
100 101 102 103 104 |
# File 'lib/omniauth/strategies/shopify.rb', line 100 def super.tap do |params| params[:scope] ||= DEFAULT_SCOPE end end |
#build_access_token ⇒ Object
96 97 98 |
# File 'lib/omniauth/strategies/shopify.rb', line 96 def build_access_token @built_access_token ||= super end |
#callback_phase ⇒ Object
84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/omniauth/strategies/shopify.rb', line 84 def callback_phase return fail!(:invalid_site, CallbackError.new(:invalid_site, "OAuth endpoint is not a myshopify site.")) unless valid_site? return fail!(:invalid_signature, CallbackError.new(:invalid_signature, "Signature does not match, it may have been tampered with.")) unless valid_signature? token = build_access_token unless valid_scope?(token) return fail!(:invalid_scope, CallbackError.new(:invalid_scope, "Scope does not match, it may have been tampered with.")) end super end |
#callback_url ⇒ Object
106 107 108 |
# File 'lib/omniauth/strategies/shopify.rb', line 106 def callback_url [:callback_url] || full_host + script_name + callback_path end |
#fix_https ⇒ Object
67 68 69 |
# File 'lib/omniauth/strategies/shopify.rb', line 67 def fix_https [:client_options][:site].gsub!(/\Ahttp\:/, 'https:') end |
#request_phase ⇒ Object
76 77 78 79 80 81 82 |
# File 'lib/omniauth/strategies/shopify.rb', line 76 def request_phase if valid_site? super else fail!(:invalid_site) end end |
#setup_phase ⇒ Object
71 72 73 74 |
# File 'lib/omniauth/strategies/shopify.rb', line 71 def setup_phase super fix_https end |
#valid_scope?(token) ⇒ Boolean
49 50 51 52 53 54 |
# File 'lib/omniauth/strategies/shopify.rb', line 49 def valid_scope?(token) params = ..merge(("authorize")) return false unless token && params[:scope] && token['scope'] expected_scope = params[:scope].split(',').map(&:strip).reject(&:empty?).uniq.sort (expected_scope == token['scope'].split(',').sort) end |
#valid_signature? ⇒ Boolean
35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/omniauth/strategies/shopify.rb', line 35 def valid_signature? return false unless request.POST.empty? params = request.GET signature = params['hmac'] = params['timestamp'] return false unless signature && return false unless .to_i > Time.now.to_i - CODE_EXPIRES_AFTER calculated_signature = self.class.hmac_sign(self.class.encoded_params_for_signature(params), .client_secret) Rack::Utils.secure_compare(calculated_signature, signature) end |
#valid_site? ⇒ Boolean
31 32 33 |
# File 'lib/omniauth/strategies/shopify.rb', line 31 def valid_site? !!(/\A(https|http)\:\/\/[a-zA-Z0-9][a-zA-Z0-9\-]*\.#{Regexp.quote(options[:myshopify_domain])}[\/]?\z/ =~ [:client_options][:site]) end |