Class: OmniAuth::Strategies::Shopify
- Inherits:
-
OAuth2
- Object
- OAuth2
- OmniAuth::Strategies::Shopify
- Defined in:
- lib/omniauth/strategies/shopify.rb
Constant Summary collapse
- DEFAULT_SCOPE =
Available scopes: content themes products customers orders script_tags shipping read_* or write_*
'read_products'
- SCOPE_DELIMITER =
','
- MINUTE =
60
- CODE_EXPIRES_AFTER =
10 * MINUTE
Class Method Summary collapse
Instance Method Summary collapse
- #authorize_params ⇒ Object
- #build_access_token ⇒ Object
- #callback_phase ⇒ Object
- #callback_url ⇒ Object
- #fix_https ⇒ Object
- #normalized_scopes(scopes) ⇒ Object
- #request_phase ⇒ Object
- #setup_phase ⇒ Object
- #valid_permissions?(token) ⇒ Boolean
- #valid_scope?(token) ⇒ Boolean
- #valid_signature? ⇒ Boolean
- #valid_site? ⇒ Boolean
Class Method Details
.encoded_params_for_signature(params) ⇒ Object
89 90 91 92 93 94 |
# File 'lib/omniauth/strategies/shopify.rb', line 89 def self.encoded_params_for_signature(params) params = params.dup params.delete('hmac') params.delete('signature') # deprecated signature Rack::Utils.build_query(params.sort) end |
.hmac_sign(encoded_params, secret) ⇒ Object
96 97 98 |
# File 'lib/omniauth/strategies/shopify.rb', line 96 def self.hmac_sign(encoded_params, secret) OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, encoded_params) end |
Instance Method Details
#authorize_params ⇒ Object
147 148 149 150 151 152 |
# File 'lib/omniauth/strategies/shopify.rb', line 147 def super.tap do |params| params[:scope] = normalized_scopes(params[:scope] || DEFAULT_SCOPE).join(SCOPE_DELIMITER) params[:grant_options] = ['per-user'] if [:per_user_permissions] end end |
#build_access_token ⇒ Object
143 144 145 |
# File 'lib/omniauth/strategies/shopify.rb', line 143 def build_access_token @built_access_token ||= super end |
#callback_phase ⇒ Object
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
# File 'lib/omniauth/strategies/shopify.rb', line 126 def callback_phase return fail!(:invalid_site, CallbackError.new(:invalid_site, "OAuth endpoint is not a myshopify site.")) unless valid_site? return fail!(:invalid_signature, CallbackError.new(:invalid_signature, "Signature does not match, it may have been tampered with.")) unless valid_signature? token = build_access_token unless valid_scope?(token) return fail!(:invalid_scope, CallbackError.new(:invalid_scope, "Scope does not match, it may have been tampered with.")) end unless (token) return fail!(:invalid_permissions, CallbackError.new(:invalid_permissions, "Requested API access mode does not match.")) end super rescue ::OAuth2::Error => e fail!(:invalid_credentials, e) end |
#callback_url ⇒ Object
154 155 156 |
# File 'lib/omniauth/strategies/shopify.rb', line 154 def callback_url [:callback_url] || full_host + script_name + callback_path end |
#fix_https ⇒ Object
109 110 111 |
# File 'lib/omniauth/strategies/shopify.rb', line 109 def fix_https [:client_options][:site] = [:client_options][:site].gsub(/\Ahttp\:/, 'https:') end |
#normalized_scopes(scopes) ⇒ Object
83 84 85 86 87 |
# File 'lib/omniauth/strategies/shopify.rb', line 83 def normalized_scopes(scopes) scope_list = scopes.to_s.split(SCOPE_DELIMITER).map(&:strip).reject(&:empty?).uniq ignore_scopes = scope_list.map { |scope| scope =~ /\A(unauthenticated_)?write_(.*)\z/ && "#{$1}read_#{$2}" }.compact scope_list - ignore_scopes end |
#request_phase ⇒ Object
118 119 120 121 122 123 124 |
# File 'lib/omniauth/strategies/shopify.rb', line 118 def request_phase if valid_site? super else fail!(:invalid_site) end end |
#setup_phase ⇒ Object
113 114 115 116 |
# File 'lib/omniauth/strategies/shopify.rb', line 113 def setup_phase super fix_https end |
#valid_permissions?(token) ⇒ Boolean
100 101 102 103 104 105 106 107 |
# File 'lib/omniauth/strategies/shopify.rb', line 100 def (token) return false unless token return true if [:per_user_permissions] && token['associated_user'] return true if ![:per_user_permissions] && !token['associated_user'] false end |
#valid_scope?(token) ⇒ Boolean
76 77 78 79 80 81 |
# File 'lib/omniauth/strategies/shopify.rb', line 76 def valid_scope?(token) params = ..merge(("authorize")) return false unless token && params[:scope] && token['scope'] expected_scope = normalized_scopes(params[:scope]).sort (expected_scope == token['scope'].split(SCOPE_DELIMITER).sort) end |
#valid_signature? ⇒ Boolean
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/omniauth/strategies/shopify.rb', line 60 def valid_signature? return false unless request.POST.empty? params = request.GET signature = params['hmac'] = params['timestamp'] return false unless signature && return false unless .to_i > Time.now.to_i - CODE_EXPIRES_AFTER new_secret = .client_secret old_secret = .old_client_secret validate_signature(new_secret) || (old_secret && validate_signature(old_secret)) end |
#valid_site? ⇒ Boolean
56 57 58 |
# File 'lib/omniauth/strategies/shopify.rb', line 56 def valid_site? !!(/\A(https|http)\:\/\/[a-zA-Z0-9][a-zA-Z0-9\-]*\.#{Regexp.quote([:myshopify_domain])}[\/]?\z/ =~ [:client_options][:site]) end |