Module: ShopifyApp::LoginProtection

Extended by:
ActiveSupport::Concern
Includes:
Itp
Included in:
CallbackController, SessionsController
Defined in:
lib/shopify_app/controller_concerns/login_protection.rb

Defined Under Namespace

Classes: ShopifyDomainNotFound

Instance Method Summary collapse

Instance Method Details

#login_again_if_different_user_or_shopObject 



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/shopify_app/controller_concerns/login_protection.rb', line 39

def 
  if ShopifyApp.configuration.per_user_tokens?
    valid_session_data = session[:user_session].present? && params[:session].present? # session data was sent/stored correctly
    sessions_do_not_match = session[:user_session] != params[:session] # current user is different from stored user

    if valid_session_data && sessions_do_not_match
      clear_session = true
    end
  end

  if shop_session && params[:shop] && params[:shop].is_a?(String) && (shop_session.domain != params[:shop])
    clear_session = true
  end

  if clear_session
    clear_shop_session
    
  end
end

#shop_sessionObject 



29
30
31
32
33
34
35
36
37
 
# File 'lib/shopify_app/controller_concerns/login_protection.rb', line 29

def shop_session
  if ShopifyApp.configuration.per_user_tokens?
    return unless session[:shopify_user]
    @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify_user]['id'])
  else
    return unless session[:shopify]
    @shop_session ||= ShopifyApp::SessionRepository.retrieve(session[:shopify])
  end
end

#shopify_sessionObject 



17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/shopify_app/controller_concerns/login_protection.rb', line 17

def shopify_session
  return  unless shop_session
  clear_top_level_oauth_cookie

  begin
    ShopifyAPI::Base.activate_session(shop_session)
    yield
  ensure
    ShopifyAPI::Base.clear_session
  end
end