Module: ShopifyApp::LoginProtection
Defined Under Namespace
Classes: ShopifyDomainNotFound
Instance Method Summary
collapse
Instance Method Details
#login_again_if_different_user_or_shop ⇒ Object
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# File 'lib/shopify_app/controller_concerns/login_protection.rb', line 39
def login_again_if_different_user_or_shop
if ShopifyApp.configuration.per_user_tokens?
valid_session_data = session[:user_session].present? && params[:session].present? sessions_do_not_match = session[:user_session] != params[:session]
if valid_session_data && sessions_do_not_match
clear_session = true
end
end
if shop_session && params[:shop] && params[:shop].is_a?(String) && (shop_session.domain != params[:shop])
clear_session = true
end
if clear_session
clear_shop_session
redirect_to_login
end
end
|
#shopify_session ⇒ Object
17
18
19
20
21
22
23
24
25
26
27
|
# File 'lib/shopify_app/controller_concerns/login_protection.rb', line 17
def shopify_session
return redirect_to_login unless shop_session
clear_top_level_oauth_cookie
begin
ShopifyAPI::Base.activate_session(shop_session)
yield
ensure
ShopifyAPI::Base.clear_session
end
end
|