omniauth-shopify-oauth2 2.3.2 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/cla.yml +22 -0
- data/lib/omniauth/shopify/version.rb +1 -1
- data/lib/omniauth/strategies/shopify.rb +0 -10
- data/omniauth-shopify-oauth2.gemspec +1 -0
- data/test/integration_test.rb +14 -17
- data/test/test_helper.rb +1 -0
- metadata +18 -4
- data/.github/probots.yml +0 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 54de0b5a3ad4038eb3f6a177b2f28fb84c290eea3a0f93b54ea7d69508cef842
|
|
4
|
+
data.tar.gz: 0d0ac92de98c0bea72679be7d4e50bb66091fb9b03743eb355b2dc03888234eb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: be2ce4be2845b55b5c72660362e7ed970000ab7cca3e2be6a360b4c6d1951f4392bbfc4ded53f5de52179499a0db9962c01984c11c8c93c43cdc2366a4a68ef3
|
|
7
|
+
data.tar.gz: e3b210c2b1d14d5f05ca2f8d64d03e7b7297ead9fd6193956a5a20e843dac72bc1be97c8f9e7c411750604093c1c49faef0052223fafe7ab0f0d5fa2e04e14aa
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
name: Contributor License Agreement (CLA)
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request_target:
|
|
5
|
+
types: [opened, synchronize]
|
|
6
|
+
issue_comment:
|
|
7
|
+
types: [created]
|
|
8
|
+
|
|
9
|
+
jobs:
|
|
10
|
+
cla:
|
|
11
|
+
runs-on: ubuntu-latest
|
|
12
|
+
if: |
|
|
13
|
+
(github.event.issue.pull_request
|
|
14
|
+
&& !github.event.issue.pull_request.merged_at
|
|
15
|
+
&& contains(github.event.comment.body, 'signed')
|
|
16
|
+
)
|
|
17
|
+
|| (github.event.pull_request && !github.event.pull_request.merged)
|
|
18
|
+
steps:
|
|
19
|
+
- uses: Shopify/shopify-cla-action@v1
|
|
20
|
+
with:
|
|
21
|
+
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
22
|
+
cla-token: ${{ secrets.CLA_TOKEN }}
|
|
@@ -73,13 +73,6 @@ module OmniAuth
|
|
|
73
73
|
validate_signature(new_secret) || (old_secret && validate_signature(old_secret))
|
|
74
74
|
end
|
|
75
75
|
|
|
76
|
-
def valid_scope?(token)
|
|
77
|
-
params = options.authorize_params.merge(options_for("authorize"))
|
|
78
|
-
return false unless token && params[:scope] && token['scope']
|
|
79
|
-
expected_scope = normalized_scopes(params[:scope]).sort
|
|
80
|
-
(expected_scope == token['scope'].split(SCOPE_DELIMITER).sort)
|
|
81
|
-
end
|
|
82
|
-
|
|
83
76
|
def normalized_scopes(scopes)
|
|
84
77
|
scope_list = scopes.to_s.split(SCOPE_DELIMITER).map(&:strip).reject(&:empty?).uniq
|
|
85
78
|
ignore_scopes = scope_list.map { |scope| scope =~ /\A(unauthenticated_)?write_(.*)\z/ && "#{$1}read_#{$2}" }.compact
|
|
@@ -128,9 +121,6 @@ module OmniAuth
|
|
|
128
121
|
return fail!(:invalid_signature, CallbackError.new(:invalid_signature, "Signature does not match, it may have been tampered with.")) unless valid_signature?
|
|
129
122
|
|
|
130
123
|
token = build_access_token
|
|
131
|
-
unless valid_scope?(token)
|
|
132
|
-
return fail!(:invalid_scope, CallbackError.new(:invalid_scope, "Scope does not match, it may have been tampered with."))
|
|
133
|
-
end
|
|
134
124
|
unless valid_permissions?(token)
|
|
135
125
|
return fail!(:invalid_permissions, CallbackError.new(:invalid_permissions, "Requested API access mode does not match."))
|
|
136
126
|
end
|
|
@@ -25,5 +25,6 @@ Gem::Specification.new do |s|
|
|
|
25
25
|
s.add_development_dependency 'minitest', '~> 5.6'
|
|
26
26
|
s.add_development_dependency 'rspec', '~> 3.9.0'
|
|
27
27
|
s.add_development_dependency 'fakeweb', '~> 1.3'
|
|
28
|
+
s.add_development_dependency 'rack-session', '~> 2.0'
|
|
28
29
|
s.add_development_dependency 'rake'
|
|
29
30
|
end
|
data/test/integration_test.rb
CHANGED
|
@@ -206,29 +206,27 @@ class IntegrationTest < Minitest::Test
|
|
|
206
206
|
assert_equal '/auth/failure?message=csrf_detected&strategy=shopify', response.location
|
|
207
207
|
end
|
|
208
208
|
|
|
209
|
-
def
|
|
209
|
+
def test_callback_with_mismatching_scope_succeeds
|
|
210
210
|
access_token = SecureRandom.hex(16)
|
|
211
211
|
code = SecureRandom.hex(16)
|
|
212
212
|
expect_access_token_request(access_token, 'some_invalid_scope', nil)
|
|
213
213
|
|
|
214
214
|
response = callback(sign_with_new_secret(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
|
|
215
215
|
|
|
216
|
-
|
|
217
|
-
assert_equal '/auth/failure?message=invalid_scope&strategy=shopify', response.location
|
|
216
|
+
assert_callback_success(response, access_token, code)
|
|
218
217
|
end
|
|
219
218
|
|
|
220
|
-
def
|
|
219
|
+
def test_callback_with_no_scope_succeeds
|
|
221
220
|
access_token = SecureRandom.hex(16)
|
|
222
221
|
code = SecureRandom.hex(16)
|
|
223
222
|
expect_access_token_request(access_token, nil)
|
|
224
223
|
|
|
225
224
|
response = callback(sign_with_new_secret(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
|
|
226
225
|
|
|
227
|
-
|
|
228
|
-
assert_equal '/auth/failure?message=invalid_scope&strategy=shopify', response.location
|
|
226
|
+
assert_callback_success(response, access_token, code)
|
|
229
227
|
end
|
|
230
228
|
|
|
231
|
-
def
|
|
229
|
+
def test_callback_with_missing_access_scope_succeeds
|
|
232
230
|
build_app scope: 'first_scope,second_scope'
|
|
233
231
|
|
|
234
232
|
access_token = SecureRandom.hex(16)
|
|
@@ -237,11 +235,10 @@ class IntegrationTest < Minitest::Test
|
|
|
237
235
|
|
|
238
236
|
response = callback(sign_with_new_secret(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
|
|
239
237
|
|
|
240
|
-
|
|
241
|
-
assert_equal '/auth/failure?message=invalid_scope&strategy=shopify', response.location
|
|
238
|
+
assert_callback_success(response, access_token, code)
|
|
242
239
|
end
|
|
243
240
|
|
|
244
|
-
def
|
|
241
|
+
def test_callback_with_extra_access_scope_succeeds
|
|
245
242
|
build_app scope: 'first_scope,second_scope'
|
|
246
243
|
|
|
247
244
|
access_token = SecureRandom.hex(16)
|
|
@@ -250,8 +247,7 @@ class IntegrationTest < Minitest::Test
|
|
|
250
247
|
|
|
251
248
|
response = callback(sign_with_new_secret(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
|
|
252
249
|
|
|
253
|
-
|
|
254
|
-
assert_equal '/auth/failure?message=invalid_scope&strategy=shopify', response.location
|
|
250
|
+
assert_callback_success(response, access_token, code)
|
|
255
251
|
end
|
|
256
252
|
|
|
257
253
|
def test_callback_with_scopes_out_of_order_works
|
|
@@ -375,7 +371,7 @@ class IntegrationTest < Minitest::Test
|
|
|
375
371
|
|
|
376
372
|
FakeWeb.register_uri(
|
|
377
373
|
:post,
|
|
378
|
-
|
|
374
|
+
%r{snowdevil.myshopify.com/admin/oauth/access_token},
|
|
379
375
|
status: [ "401", "Invalid token" ],
|
|
380
376
|
body: "Token is invalid or has already been requested"
|
|
381
377
|
)
|
|
@@ -415,7 +411,7 @@ class IntegrationTest < Minitest::Test
|
|
|
415
411
|
end
|
|
416
412
|
|
|
417
413
|
def expect_access_token_request(access_token, scope, associated_user=nil, session=nil)
|
|
418
|
-
FakeWeb.register_uri(:post,
|
|
414
|
+
FakeWeb.register_uri(:post, %r{snowdevil.myshopify.com/admin/oauth/access_token},
|
|
419
415
|
body: JSON.dump(
|
|
420
416
|
access_token: access_token,
|
|
421
417
|
scope: scope,
|
|
@@ -426,10 +422,11 @@ class IntegrationTest < Minitest::Test
|
|
|
426
422
|
end
|
|
427
423
|
|
|
428
424
|
def assert_callback_success(response, access_token, code)
|
|
425
|
+
credentials = ::Base64.decode64(FakeWeb.last_request['authorization'].split(" ", 2)[1] || "")
|
|
426
|
+
assert_equal "123:#{@secret}", credentials
|
|
427
|
+
|
|
429
428
|
token_request_params = Rack::Utils.parse_query(FakeWeb.last_request.body)
|
|
430
|
-
assert_equal token_request_params['
|
|
431
|
-
assert_equal token_request_params['client_secret'], @secret
|
|
432
|
-
assert_equal token_request_params['code'], code
|
|
429
|
+
assert_equal code, token_request_params['code']
|
|
433
430
|
|
|
434
431
|
assert_equal 'snowdevil.myshopify.com', @omniauth_result.uid
|
|
435
432
|
assert_equal access_token, @omniauth_result.credentials.token
|
data/test/test_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-shopify-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Denis Odorcic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-06-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-oauth2
|
|
@@ -80,6 +80,20 @@ dependencies:
|
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '1.3'
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: rack-session
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - "~>"
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '2.0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - "~>"
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '2.0'
|
|
83
97
|
- !ruby/object:Gem::Dependency
|
|
84
98
|
name: rake
|
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -101,8 +115,8 @@ executables: []
|
|
|
101
115
|
extensions: []
|
|
102
116
|
extra_rdoc_files: []
|
|
103
117
|
files:
|
|
104
|
-
- ".github/probots.yml"
|
|
105
118
|
- ".github/workflows/build.yml"
|
|
119
|
+
- ".github/workflows/cla.yml"
|
|
106
120
|
- ".gitignore"
|
|
107
121
|
- Gemfile
|
|
108
122
|
- README.md
|
|
@@ -139,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
139
153
|
- !ruby/object:Gem::Version
|
|
140
154
|
version: '0'
|
|
141
155
|
requirements: []
|
|
142
|
-
rubygems_version: 3.
|
|
156
|
+
rubygems_version: 3.4.14
|
|
143
157
|
signing_key:
|
|
144
158
|
specification_version: 4
|
|
145
159
|
summary: Shopify strategy for OmniAuth
|
data/.github/probots.yml
DELETED