omniauth-shopify-oauth2 2.3.2 → 2.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 56ba61ca0360e6355277b3ef8d07e3014af91c6a2f0367029ad85c398d0c4d71
4
- data.tar.gz: 739537485b2fa781786ec76d7f6ed31a6a926f8985c70c87e8fca3bcfff01c23
3
+ metadata.gz: 54de0b5a3ad4038eb3f6a177b2f28fb84c290eea3a0f93b54ea7d69508cef842
4
+ data.tar.gz: 0d0ac92de98c0bea72679be7d4e50bb66091fb9b03743eb355b2dc03888234eb
5
5
  SHA512:
6
- metadata.gz: 4c947f136bedc9f7bdbf70c16f1af70a918f813992ba159f4c9a644c1775d93aa71d0faf67791faac6cd54403723d2a0e89303ed2a900ebee66ec0f32599ee65
7
- data.tar.gz: 48258842cfac090f993d60e65d9db9067ada0d18b449f36d0313452540680b013e1f10eddda257b0447c7e5e74cb08850024a11c355b3c428cfd90d4eb6c39c5
6
+ metadata.gz: be2ce4be2845b55b5c72660362e7ed970000ab7cca3e2be6a360b4c6d1951f4392bbfc4ded53f5de52179499a0db9962c01984c11c8c93c43cdc2366a4a68ef3
7
+ data.tar.gz: e3b210c2b1d14d5f05ca2f8d64d03e7b7297ead9fd6193956a5a20e843dac72bc1be97c8f9e7c411750604093c1c49faef0052223fafe7ab0f0d5fa2e04e14aa
@@ -0,0 +1,22 @@
1
+ name: Contributor License Agreement (CLA)
2
+
3
+ on:
4
+ pull_request_target:
5
+ types: [opened, synchronize]
6
+ issue_comment:
7
+ types: [created]
8
+
9
+ jobs:
10
+ cla:
11
+ runs-on: ubuntu-latest
12
+ if: |
13
+ (github.event.issue.pull_request
14
+ && !github.event.issue.pull_request.merged_at
15
+ && contains(github.event.comment.body, 'signed')
16
+ )
17
+ || (github.event.pull_request && !github.event.pull_request.merged)
18
+ steps:
19
+ - uses: Shopify/shopify-cla-action@v1
20
+ with:
21
+ github-token: ${{ secrets.GITHUB_TOKEN }}
22
+ cla-token: ${{ secrets.CLA_TOKEN }}
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Shopify
3
- VERSION = "2.3.2"
3
+ VERSION = "2.4.0"
4
4
  end
5
5
  end
@@ -73,13 +73,6 @@ module OmniAuth
73
73
  validate_signature(new_secret) || (old_secret && validate_signature(old_secret))
74
74
  end
75
75
 
76
- def valid_scope?(token)
77
- params = options.authorize_params.merge(options_for("authorize"))
78
- return false unless token && params[:scope] && token['scope']
79
- expected_scope = normalized_scopes(params[:scope]).sort
80
- (expected_scope == token['scope'].split(SCOPE_DELIMITER).sort)
81
- end
82
-
83
76
  def normalized_scopes(scopes)
84
77
  scope_list = scopes.to_s.split(SCOPE_DELIMITER).map(&:strip).reject(&:empty?).uniq
85
78
  ignore_scopes = scope_list.map { |scope| scope =~ /\A(unauthenticated_)?write_(.*)\z/ && "#{$1}read_#{$2}" }.compact
@@ -128,9 +121,6 @@ module OmniAuth
128
121
  return fail!(:invalid_signature, CallbackError.new(:invalid_signature, "Signature does not match, it may have been tampered with.")) unless valid_signature?
129
122
 
130
123
  token = build_access_token
131
- unless valid_scope?(token)
132
- return fail!(:invalid_scope, CallbackError.new(:invalid_scope, "Scope does not match, it may have been tampered with."))
133
- end
134
124
  unless valid_permissions?(token)
135
125
  return fail!(:invalid_permissions, CallbackError.new(:invalid_permissions, "Requested API access mode does not match."))
136
126
  end
@@ -25,5 +25,6 @@ Gem::Specification.new do |s|
25
25
  s.add_development_dependency 'minitest', '~> 5.6'
26
26
  s.add_development_dependency 'rspec', '~> 3.9.0'
27
27
  s.add_development_dependency 'fakeweb', '~> 1.3'
28
+ s.add_development_dependency 'rack-session', '~> 2.0'
28
29
  s.add_development_dependency 'rake'
29
30
  end
@@ -206,29 +206,27 @@ class IntegrationTest < Minitest::Test
206
206
  assert_equal '/auth/failure?message=csrf_detected&strategy=shopify', response.location
207
207
  end
208
208
 
209
- def test_callback_with_mismatching_scope_fails
209
+ def test_callback_with_mismatching_scope_succeeds
210
210
  access_token = SecureRandom.hex(16)
211
211
  code = SecureRandom.hex(16)
212
212
  expect_access_token_request(access_token, 'some_invalid_scope', nil)
213
213
 
214
214
  response = callback(sign_with_new_secret(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
215
215
 
216
- assert_equal 302, response.status
217
- assert_equal '/auth/failure?message=invalid_scope&strategy=shopify', response.location
216
+ assert_callback_success(response, access_token, code)
218
217
  end
219
218
 
220
- def test_callback_with_no_scope_fails
219
+ def test_callback_with_no_scope_succeeds
221
220
  access_token = SecureRandom.hex(16)
222
221
  code = SecureRandom.hex(16)
223
222
  expect_access_token_request(access_token, nil)
224
223
 
225
224
  response = callback(sign_with_new_secret(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
226
225
 
227
- assert_equal 302, response.status
228
- assert_equal '/auth/failure?message=invalid_scope&strategy=shopify', response.location
226
+ assert_callback_success(response, access_token, code)
229
227
  end
230
228
 
231
- def test_callback_with_missing_access_scope_fails
229
+ def test_callback_with_missing_access_scope_succeeds
232
230
  build_app scope: 'first_scope,second_scope'
233
231
 
234
232
  access_token = SecureRandom.hex(16)
@@ -237,11 +235,10 @@ class IntegrationTest < Minitest::Test
237
235
 
238
236
  response = callback(sign_with_new_secret(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
239
237
 
240
- assert_equal 302, response.status
241
- assert_equal '/auth/failure?message=invalid_scope&strategy=shopify', response.location
238
+ assert_callback_success(response, access_token, code)
242
239
  end
243
240
 
244
- def test_callback_with_extra_access_scope_fails
241
+ def test_callback_with_extra_access_scope_succeeds
245
242
  build_app scope: 'first_scope,second_scope'
246
243
 
247
244
  access_token = SecureRandom.hex(16)
@@ -250,8 +247,7 @@ class IntegrationTest < Minitest::Test
250
247
 
251
248
  response = callback(sign_with_new_secret(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
252
249
 
253
- assert_equal 302, response.status
254
- assert_equal '/auth/failure?message=invalid_scope&strategy=shopify', response.location
250
+ assert_callback_success(response, access_token, code)
255
251
  end
256
252
 
257
253
  def test_callback_with_scopes_out_of_order_works
@@ -375,7 +371,7 @@ class IntegrationTest < Minitest::Test
375
371
 
376
372
  FakeWeb.register_uri(
377
373
  :post,
378
- "https://snowdevil.myshopify.com/admin/oauth/access_token",
374
+ %r{snowdevil.myshopify.com/admin/oauth/access_token},
379
375
  status: [ "401", "Invalid token" ],
380
376
  body: "Token is invalid or has already been requested"
381
377
  )
@@ -415,7 +411,7 @@ class IntegrationTest < Minitest::Test
415
411
  end
416
412
 
417
413
  def expect_access_token_request(access_token, scope, associated_user=nil, session=nil)
418
- FakeWeb.register_uri(:post, "https://snowdevil.myshopify.com/admin/oauth/access_token",
414
+ FakeWeb.register_uri(:post, %r{snowdevil.myshopify.com/admin/oauth/access_token},
419
415
  body: JSON.dump(
420
416
  access_token: access_token,
421
417
  scope: scope,
@@ -426,10 +422,11 @@ class IntegrationTest < Minitest::Test
426
422
  end
427
423
 
428
424
  def assert_callback_success(response, access_token, code)
425
+ credentials = ::Base64.decode64(FakeWeb.last_request['authorization'].split(" ", 2)[1] || "")
426
+ assert_equal "123:#{@secret}", credentials
427
+
429
428
  token_request_params = Rack::Utils.parse_query(FakeWeb.last_request.body)
430
- assert_equal token_request_params['client_id'], '123'
431
- assert_equal token_request_params['client_secret'], @secret
432
- assert_equal token_request_params['code'], code
429
+ assert_equal code, token_request_params['code']
433
430
 
434
431
  assert_equal 'snowdevil.myshopify.com', @omniauth_result.uid
435
432
  assert_equal access_token, @omniauth_result.credentials.token
data/test/test_helper.rb CHANGED
@@ -3,6 +3,7 @@ require 'bundler/setup'
3
3
  require 'omniauth-shopify-oauth2'
4
4
 
5
5
  require 'minitest/autorun'
6
+ require 'rack/session'
6
7
  require 'fakeweb'
7
8
  require 'json'
8
9
  require 'active_support/core_ext/hash'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-shopify-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.2
4
+ version: 2.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Denis Odorcic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-02 00:00:00.000000000 Z
11
+ date: 2023-06-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth-oauth2
@@ -80,6 +80,20 @@ dependencies:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: '1.3'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rack-session
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '2.0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '2.0'
83
97
  - !ruby/object:Gem::Dependency
84
98
  name: rake
85
99
  requirement: !ruby/object:Gem::Requirement
@@ -101,8 +115,8 @@ executables: []
101
115
  extensions: []
102
116
  extra_rdoc_files: []
103
117
  files:
104
- - ".github/probots.yml"
105
118
  - ".github/workflows/build.yml"
119
+ - ".github/workflows/cla.yml"
106
120
  - ".gitignore"
107
121
  - Gemfile
108
122
  - README.md
@@ -139,7 +153,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
139
153
  - !ruby/object:Gem::Version
140
154
  version: '0'
141
155
  requirements: []
142
- rubygems_version: 3.0.3
156
+ rubygems_version: 3.4.14
143
157
  signing_key:
144
158
  specification_version: 4
145
159
  summary: Shopify strategy for OmniAuth
data/.github/probots.yml DELETED
@@ -1,2 +0,0 @@
1
- enabled:
2
- - cla