omniauth-shopify-oauth2 2.2.0 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/omniauth/shopify/version.rb +1 -1
- data/lib/omniauth/strategies/shopify.rb +3 -1
- data/test/integration_test.rb +23 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8ce833c2725777b3827b0ab489eade910d3ef1998cd9b9bc16d9ec1f2492f3dd
|
|
4
|
+
data.tar.gz: cd0bb274266046f948c6ad3838394fc6392efac50567d488d0e1532e3fc165a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7f5223c3153f3bf188054fa647362575774abe5637bdeee8b8a6512bad3a33f5fa2d8ea4489b1f9174377a525483fbb7b47c2d39d6779c01b30fbe70a3b9b426
|
|
7
|
+
data.tar.gz: 844a9b2d387ba187117c2ef9aa7f06e624eb2ff1b4d0a35aa49e94a5d384fdfc86e40343b2ddca49847543b05dd341ce86c06da18b4f973a7d711693080b3de7
|
|
@@ -86,7 +86,7 @@ module OmniAuth
|
|
|
86
86
|
params = params.dup
|
|
87
87
|
params.delete('hmac')
|
|
88
88
|
params.delete('signature') # deprecated signature
|
|
89
|
-
|
|
89
|
+
Rack::Utils.build_query(params.sort)
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
def self.hmac_sign(encoded_params, secret)
|
|
@@ -127,6 +127,8 @@ module OmniAuth
|
|
|
127
127
|
end
|
|
128
128
|
|
|
129
129
|
super
|
|
130
|
+
rescue ::OAuth2::Error => e
|
|
131
|
+
fail!(:invalid_credentials, e)
|
|
130
132
|
end
|
|
131
133
|
|
|
132
134
|
def build_access_token
|
data/test/integration_test.rb
CHANGED
|
@@ -86,7 +86,7 @@ class IntegrationTest < Minitest::Test
|
|
|
86
86
|
|
|
87
87
|
now = Time.now.to_i
|
|
88
88
|
params = { shop: 'snowdevil.myshopify.com', code: code, timestamp: now, next: '/products?page=2&q=red%20shirt', state: opts["rack.session"]["omniauth.state"] }
|
|
89
|
-
encoded_params = "code=#{code}&next
|
|
89
|
+
encoded_params = "code=#{code}&next=%2Fproducts%3Fpage%3D2%26q%3Dred%2520shirt&shop=snowdevil.myshopify.com&state=#{opts["rack.session"]["omniauth.state"]}×tamp=#{now}"
|
|
90
90
|
params[:hmac] = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, @secret, encoded_params)
|
|
91
91
|
|
|
92
92
|
response = callback(params)
|
|
@@ -335,6 +335,28 @@ class IntegrationTest < Minitest::Test
|
|
|
335
335
|
assert_callback_success(response, access_token, code)
|
|
336
336
|
end
|
|
337
337
|
|
|
338
|
+
def test_callback_when_creds_are_invalid
|
|
339
|
+
build_app scope: OmniAuth::Strategies::Shopify::DEFAULT_SCOPE
|
|
340
|
+
|
|
341
|
+
FakeWeb.register_uri(
|
|
342
|
+
:post,
|
|
343
|
+
"https://snowdevil.myshopify.com/admin/oauth/access_token",
|
|
344
|
+
status: [ "401", "Invalid token" ],
|
|
345
|
+
body: "Token is invalid or has already been requested"
|
|
346
|
+
)
|
|
347
|
+
|
|
348
|
+
signed_params = sign_with_new_secret(
|
|
349
|
+
shop: 'snowdevil.myshopify.com',
|
|
350
|
+
code: SecureRandom.hex(16),
|
|
351
|
+
state: opts["rack.session"]["omniauth.state"]
|
|
352
|
+
)
|
|
353
|
+
|
|
354
|
+
response = callback(signed_params)
|
|
355
|
+
|
|
356
|
+
assert_equal 302, response.status
|
|
357
|
+
assert_equal '/auth/failure?message=invalid_credentials&strategy=shopify', response.location
|
|
358
|
+
end
|
|
359
|
+
|
|
338
360
|
private
|
|
339
361
|
|
|
340
362
|
def sign_with_old_secret(params)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-shopify-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2.
|
|
4
|
+
version: 2.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Denis Odorcic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-02-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-oauth2
|