omniauth-shopify-oauth2 1.1.13 → 1.1.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/omniauth/shopify/version.rb +1 -1
- data/lib/omniauth/strategies/shopify.rb +10 -3
- data/test/integration_test.rb +28 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e88a21bce303e6c6d637d58c50a2bfa7d75dfe86
|
|
4
|
+
data.tar.gz: bced14c2fffa27c843425fe95dd088dbb5866c28
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 575588b874c8c8d1774070ed66fbf55e8d70f9b82f9097c6f97e1ccb3423e792b82b400c2c3e481527eb60f5f54a69092aebd5715a5211845033bdc3a3be974c
|
|
7
|
+
data.tar.gz: 3aa7bb0263d3c262f6c93aa39ce8729d92225fe712c9f0acc46560aed468f8c9dc125b4820a20273add6d4490b424215ba89565ac8c9fd8488d74dcc4dbe0f17
|
|
@@ -6,6 +6,7 @@ module OmniAuth
|
|
|
6
6
|
# Available scopes: content themes products customers orders script_tags shipping
|
|
7
7
|
# read_* or write_*
|
|
8
8
|
DEFAULT_SCOPE = 'read_products'
|
|
9
|
+
SCOPE_DELIMITER = ','
|
|
9
10
|
MINUTE = 60
|
|
10
11
|
CODE_EXPIRES_AFTER = 10 * MINUTE
|
|
11
12
|
|
|
@@ -49,8 +50,14 @@ module OmniAuth
|
|
|
49
50
|
def valid_scope?(token)
|
|
50
51
|
params = options.authorize_params.merge(options_for("authorize"))
|
|
51
52
|
return false unless token && params[:scope] && token['scope']
|
|
52
|
-
expected_scope = params[:scope]
|
|
53
|
-
(expected_scope == token['scope'].split(
|
|
53
|
+
expected_scope = normalized_scopes(params[:scope]).sort
|
|
54
|
+
(expected_scope == token['scope'].split(SCOPE_DELIMITER).sort)
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def normalized_scopes(scopes)
|
|
58
|
+
scope_list = scopes.to_s.split(SCOPE_DELIMITER).map(&:strip).reject(&:empty?).uniq
|
|
59
|
+
ignore_scopes = scope_list.map { |scope| scope =~ /\Awrite_(.*)\z/ && "read_#{$1}" }.compact
|
|
60
|
+
scope_list - ignore_scopes
|
|
54
61
|
end
|
|
55
62
|
|
|
56
63
|
def self.encoded_params_for_signature(params)
|
|
@@ -99,7 +106,7 @@ module OmniAuth
|
|
|
99
106
|
|
|
100
107
|
def authorize_params
|
|
101
108
|
super.tap do |params|
|
|
102
|
-
params[:scope]
|
|
109
|
+
params[:scope] = normalized_scopes(params[:scope] || DEFAULT_SCOPE).join(SCOPE_DELIMITER)
|
|
103
110
|
end
|
|
104
111
|
end
|
|
105
112
|
|
data/test/integration_test.rb
CHANGED
|
@@ -148,6 +148,22 @@ class IntegrationTest < Minitest::Test
|
|
|
148
148
|
assert_equal 'https://app.example.com/admin/auth/legacy/callback', redirect_params['redirect_uri']
|
|
149
149
|
end
|
|
150
150
|
|
|
151
|
+
def test_unnecessary_read_scopes_are_removed
|
|
152
|
+
build_app scope: 'read_content,read_products,write_products',
|
|
153
|
+
callback_path: '/admin/auth/legacy/callback',
|
|
154
|
+
myshopify_domain: 'myshopify.dev:3000',
|
|
155
|
+
setup: lambda { |env|
|
|
156
|
+
shop = Rack::Request.new(env).GET['shop']
|
|
157
|
+
shop += ".myshopify.dev:3000" unless shop.include?(".")
|
|
158
|
+
env['omniauth.strategy'].options[:client_options][:site] = "https://#{shop}"
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
response = authorize('snowdevil')
|
|
162
|
+
assert_equal 302, response.status
|
|
163
|
+
redirect_params = Rack::Utils.parse_query(URI(response.location).query)
|
|
164
|
+
assert_equal 'read_content,write_products', redirect_params['scope']
|
|
165
|
+
end
|
|
166
|
+
|
|
151
167
|
def test_callback_with_invalid_state_fails
|
|
152
168
|
access_token = SecureRandom.hex(16)
|
|
153
169
|
code = SecureRandom.hex(16)
|
|
@@ -219,6 +235,18 @@ class IntegrationTest < Minitest::Test
|
|
|
219
235
|
assert_callback_success(response, access_token, code)
|
|
220
236
|
end
|
|
221
237
|
|
|
238
|
+
def test_callback_with_extra_coma_works
|
|
239
|
+
build_app scope: 'read_content,,write_products,'
|
|
240
|
+
|
|
241
|
+
access_token = SecureRandom.hex(16)
|
|
242
|
+
code = SecureRandom.hex(16)
|
|
243
|
+
expect_access_token_request(access_token, 'read_content,write_products')
|
|
244
|
+
|
|
245
|
+
response = callback(sign_params(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
|
|
246
|
+
|
|
247
|
+
assert_callback_success(response, access_token, code)
|
|
248
|
+
end
|
|
249
|
+
|
|
222
250
|
private
|
|
223
251
|
|
|
224
252
|
def sign_params(params)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-shopify-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.14
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Denis Odorcic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-02-
|
|
11
|
+
date: 2016-02-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-oauth2
|