60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
# File 'lib/shopify_api/auth/oauth.rb', line 60
def validate_auth_callback(cookies:, auth_query:)
unless Context.setup?
raise Errors::ContextNotSetupError, "ShopifyAPI::Context not setup, please call ShopifyAPI::Context.setup"
end
raise Errors::InvalidOauthError, "Invalid OAuth callback." unless Utils::HmacValidator.validate(auth_query)
raise Errors::UnsupportedOauthError, "Cannot perform OAuth for private apps." if Context.private?
state = cookies[SessionCookie::SESSION_COOKIE_NAME]
raise Errors::NoSessionCookieError unless state
raise Errors::InvalidOauthError,
"Invalid state in OAuth callback." unless state == auth_query.state
body = { client_id: Context.api_key, client_secret: Context.api_secret_key, code: auth_query.code }
response = HTTParty.post("https://#{auth_query.shop}/admin/oauth/access_token", body: body)
unless response.ok?
raise Errors::RequestAccessTokenError,
"Cannot complete OAuth process. Received a #{response.code} error while requesting access token."
end
session_params = response.to_h
session = create_new_session(session_params, auth_query.shop)
cookie = if Context.embedded?
SessionCookie.new(
value: "",
expires: Time.now,
)
else
SessionCookie.new(
value: session.id,
expires: session.online? ? session.expires : nil,
)
end
unless Context.session_storage.store_session(session)
raise Errors::SessionStorageError,
"Session could not be saved. Please check your session storage implementation."
end
{ session: session, cookie: cookie }
end
|