omniauth-shopify-oauth2 2.2.0 → 2.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/omniauth/shopify/version.rb +1 -1
- data/lib/omniauth/strategies/shopify.rb +3 -1
- data/test/integration_test.rb +23 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8ce833c2725777b3827b0ab489eade910d3ef1998cd9b9bc16d9ec1f2492f3dd
|
|
4
|
+
data.tar.gz: cd0bb274266046f948c6ad3838394fc6392efac50567d488d0e1532e3fc165a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7f5223c3153f3bf188054fa647362575774abe5637bdeee8b8a6512bad3a33f5fa2d8ea4489b1f9174377a525483fbb7b47c2d39d6779c01b30fbe70a3b9b426
|
|
7
|
+
data.tar.gz: 844a9b2d387ba187117c2ef9aa7f06e624eb2ff1b4d0a35aa49e94a5d384fdfc86e40343b2ddca49847543b05dd341ce86c06da18b4f973a7d711693080b3de7
|
|
@@ -86,7 +86,7 @@ module OmniAuth
|
|
|
86
86
|
params = params.dup
|
|
87
87
|
params.delete('hmac')
|
|
88
88
|
params.delete('signature') # deprecated signature
|
|
89
|
-
|
|
89
|
+
Rack::Utils.build_query(params.sort)
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
def self.hmac_sign(encoded_params, secret)
|
|
@@ -127,6 +127,8 @@ module OmniAuth
|
|
|
127
127
|
end
|
|
128
128
|
|
|
129
129
|
super
|
|
130
|
+
rescue ::OAuth2::Error => e
|
|
131
|
+
fail!(:invalid_credentials, e)
|
|
130
132
|
end
|
|
131
133
|
|
|
132
134
|
def build_access_token
|
data/test/integration_test.rb
CHANGED
|
@@ -86,7 +86,7 @@ class IntegrationTest < Minitest::Test
|
|
|
86
86
|
|
|
87
87
|
now = Time.now.to_i
|
|
88
88
|
params = { shop: 'snowdevil.myshopify.com', code: code, timestamp: now, next: '/products?page=2&q=red%20shirt', state: opts["rack.session"]["omniauth.state"] }
|
|
89
|
-
encoded_params = "code=#{code}&next
|
|
89
|
+
encoded_params = "code=#{code}&next=%2Fproducts%3Fpage%3D2%26q%3Dred%2520shirt&shop=snowdevil.myshopify.com&state=#{opts["rack.session"]["omniauth.state"]}×tamp=#{now}"
|
|
90
90
|
params[:hmac] = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, @secret, encoded_params)
|
|
91
91
|
|
|
92
92
|
response = callback(params)
|
|
@@ -335,6 +335,28 @@ class IntegrationTest < Minitest::Test
|
|
|
335
335
|
assert_callback_success(response, access_token, code)
|
|
336
336
|
end
|
|
337
337
|
|
|
338
|
+
def test_callback_when_creds_are_invalid
|
|
339
|
+
build_app scope: OmniAuth::Strategies::Shopify::DEFAULT_SCOPE
|
|
340
|
+
|
|
341
|
+
FakeWeb.register_uri(
|
|
342
|
+
:post,
|
|
343
|
+
"https://snowdevil.myshopify.com/admin/oauth/access_token",
|
|
344
|
+
status: [ "401", "Invalid token" ],
|
|
345
|
+
body: "Token is invalid or has already been requested"
|
|
346
|
+
)
|
|
347
|
+
|
|
348
|
+
signed_params = sign_with_new_secret(
|
|
349
|
+
shop: 'snowdevil.myshopify.com',
|
|
350
|
+
code: SecureRandom.hex(16),
|
|
351
|
+
state: opts["rack.session"]["omniauth.state"]
|
|
352
|
+
)
|
|
353
|
+
|
|
354
|
+
response = callback(signed_params)
|
|
355
|
+
|
|
356
|
+
assert_equal 302, response.status
|
|
357
|
+
assert_equal '/auth/failure?message=invalid_credentials&strategy=shopify', response.location
|
|
358
|
+
end
|
|
359
|
+
|
|
338
360
|
private
|
|
339
361
|
|
|
340
362
|
def sign_with_old_secret(params)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-shopify-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Denis Odorcic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-02-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-oauth2
|