omniauth-shopify-oauth2 1.1.13 → 1.1.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/omniauth/shopify/version.rb +1 -1
- data/lib/omniauth/strategies/shopify.rb +10 -3
- data/test/integration_test.rb +28 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e88a21bce303e6c6d637d58c50a2bfa7d75dfe86
|
|
4
|
+
data.tar.gz: bced14c2fffa27c843425fe95dd088dbb5866c28
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 575588b874c8c8d1774070ed66fbf55e8d70f9b82f9097c6f97e1ccb3423e792b82b400c2c3e481527eb60f5f54a69092aebd5715a5211845033bdc3a3be974c
|
|
7
|
+
data.tar.gz: 3aa7bb0263d3c262f6c93aa39ce8729d92225fe712c9f0acc46560aed468f8c9dc125b4820a20273add6d4490b424215ba89565ac8c9fd8488d74dcc4dbe0f17
|
|
@@ -6,6 +6,7 @@ module OmniAuth
|
|
|
6
6
|
# Available scopes: content themes products customers orders script_tags shipping
|
|
7
7
|
# read_* or write_*
|
|
8
8
|
DEFAULT_SCOPE = 'read_products'
|
|
9
|
+
SCOPE_DELIMITER = ','
|
|
9
10
|
MINUTE = 60
|
|
10
11
|
CODE_EXPIRES_AFTER = 10 * MINUTE
|
|
11
12
|
|
|
@@ -49,8 +50,14 @@ module OmniAuth
|
|
|
49
50
|
def valid_scope?(token)
|
|
50
51
|
params = options.authorize_params.merge(options_for("authorize"))
|
|
51
52
|
return false unless token && params[:scope] && token['scope']
|
|
52
|
-
expected_scope = params[:scope]
|
|
53
|
-
(expected_scope == token['scope'].split(
|
|
53
|
+
expected_scope = normalized_scopes(params[:scope]).sort
|
|
54
|
+
(expected_scope == token['scope'].split(SCOPE_DELIMITER).sort)
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def normalized_scopes(scopes)
|
|
58
|
+
scope_list = scopes.to_s.split(SCOPE_DELIMITER).map(&:strip).reject(&:empty?).uniq
|
|
59
|
+
ignore_scopes = scope_list.map { |scope| scope =~ /\Awrite_(.*)\z/ && "read_#{$1}" }.compact
|
|
60
|
+
scope_list - ignore_scopes
|
|
54
61
|
end
|
|
55
62
|
|
|
56
63
|
def self.encoded_params_for_signature(params)
|
|
@@ -99,7 +106,7 @@ module OmniAuth
|
|
|
99
106
|
|
|
100
107
|
def authorize_params
|
|
101
108
|
super.tap do |params|
|
|
102
|
-
params[:scope]
|
|
109
|
+
params[:scope] = normalized_scopes(params[:scope] || DEFAULT_SCOPE).join(SCOPE_DELIMITER)
|
|
103
110
|
end
|
|
104
111
|
end
|
|
105
112
|
|
data/test/integration_test.rb
CHANGED
|
@@ -148,6 +148,22 @@ class IntegrationTest < Minitest::Test
|
|
|
148
148
|
assert_equal 'https://app.example.com/admin/auth/legacy/callback', redirect_params['redirect_uri']
|
|
149
149
|
end
|
|
150
150
|
|
|
151
|
+
def test_unnecessary_read_scopes_are_removed
|
|
152
|
+
build_app scope: 'read_content,read_products,write_products',
|
|
153
|
+
callback_path: '/admin/auth/legacy/callback',
|
|
154
|
+
myshopify_domain: 'myshopify.dev:3000',
|
|
155
|
+
setup: lambda { |env|
|
|
156
|
+
shop = Rack::Request.new(env).GET['shop']
|
|
157
|
+
shop += ".myshopify.dev:3000" unless shop.include?(".")
|
|
158
|
+
env['omniauth.strategy'].options[:client_options][:site] = "https://#{shop}"
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
response = authorize('snowdevil')
|
|
162
|
+
assert_equal 302, response.status
|
|
163
|
+
redirect_params = Rack::Utils.parse_query(URI(response.location).query)
|
|
164
|
+
assert_equal 'read_content,write_products', redirect_params['scope']
|
|
165
|
+
end
|
|
166
|
+
|
|
151
167
|
def test_callback_with_invalid_state_fails
|
|
152
168
|
access_token = SecureRandom.hex(16)
|
|
153
169
|
code = SecureRandom.hex(16)
|
|
@@ -219,6 +235,18 @@ class IntegrationTest < Minitest::Test
|
|
|
219
235
|
assert_callback_success(response, access_token, code)
|
|
220
236
|
end
|
|
221
237
|
|
|
238
|
+
def test_callback_with_extra_coma_works
|
|
239
|
+
build_app scope: 'read_content,,write_products,'
|
|
240
|
+
|
|
241
|
+
access_token = SecureRandom.hex(16)
|
|
242
|
+
code = SecureRandom.hex(16)
|
|
243
|
+
expect_access_token_request(access_token, 'read_content,write_products')
|
|
244
|
+
|
|
245
|
+
response = callback(sign_params(shop: 'snowdevil.myshopify.com', code: code, state: opts["rack.session"]["omniauth.state"]))
|
|
246
|
+
|
|
247
|
+
assert_callback_success(response, access_token, code)
|
|
248
|
+
end
|
|
249
|
+
|
|
222
250
|
private
|
|
223
251
|
|
|
224
252
|
def sign_params(params)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-shopify-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.14
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Denis Odorcic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-02-
|
|
11
|
+
date: 2016-02-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: omniauth-oauth2
|