shopify_api 4.3.4 → 4.3.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 386841f534181fd55d441707f8390b584eec290b
-  data.tar.gz: 6340fe9f3b19364404d631e2c2b5e0183ba393fe
+  metadata.gz: a735be75b2ea0f7c4762ee44ca3a8c2a2a2a4d22
+  data.tar.gz: 6a8927da2492a41f0c3454925cae1c4ab1d2caeb
 SHA512:
-  metadata.gz: 9fc10a61d17cb844293e3ab24b96164c6ed8b2a6c07df16ca92360886564122aaeea75326076fdbf056444753749b850c99bd5bfca44079cd13228ab1a5f8e0b
-  data.tar.gz: 1dba2ca970417275864f71ab97f136423801104c69f3e3c18a1643964564cf0520e1b35a41fdebf1cbbe8be8a3ea2d773f3215649ba780e99fe6616227d3833c
+  metadata.gz: 1d894337c5a7297f935866ad69749e118e68959402dfd8ec276241a2af31adab03c8937c074bb5b10360e3ddf05221cddb52d445989bcfab323667c5ab42c176
+  data.tar.gz: df8fec33376e1dc2b85660af9bd6d097fa251a15225011f0f840023ebc3be1125032dca99dc932250970a1f9754168e0b33ca3350e5c62f017b44d7a105b2b8a

data/CHANGELOG

@@ -1,3 +1,9 @@
+== Version 4.3.5
+
+* Added support for online mode access tokens, token expiry, and associated_user information.
+* Added `ShopifyAPI::DraftOrder`
+* Added `ShopifyAPI::DraftOrderInvoice`
+
 == Version 4.3.4
 
 * Added `ShopifyAPI::ProductListing`

data/README.md

@@ -67,9 +67,11 @@ ShopifyAPI uses ActiveResource to communicate with the REST web service. ActiveR
 
    For a partner app you will need to supply two parameters to the Session class before you instantiate it:
 
-  ```ruby
-  ShopifyAPI::Session.setup({:api_key => API_KEY, :secret => SHARED_SECRET})
-  ```
+   ```ruby
+   ShopifyAPI::Session.setup(api_key: API_KEY, secret: SHARED_SECRET)
+   ```
+
+   Shopify maintains [`omniauth-shopify-oauth2`](https://github.com/Shopify/omniauth-shopify-oauth2) which securely wraps the OAuth flow and interactions with Shopify (steps 3 and 4 above). Using this gem is the recommended way to use OAuth authentication in your application.
 
 3. In order to access a shop's data, apps need an access token from that specific shop. This is a two-stage process. Before interacting with a shop for the first time an app should redirect the user to the following URL:
 
@@ -79,10 +81,11 @@ ShopifyAPI uses ActiveResource to communicate with the REST web service. ActiveR
 
    with the following parameters:
 
-   * ``client_id``– Required – The API key for your app
-   * ``scope`` – Required – The list of required scopes (explained here: http://docs.shopify.com/api/tutorials/oauth)
+   * ``client_id`` – Required – The API key for your app
+   * ``scope`` – Required – The list of required scopes (explained here: https://help.shopify.com/api/guides/authentication/oauth#scopes)
    * ``redirect_uri`` – Required – The URL where you want to redirect the users after they authorize the client. The complete URL specified here must be identical to one of the Application Redirect URLs set in the App's section of the Partners dashboard. Note: in older applications, this parameter was optional, and redirected to the Application Callback URL when no other value was specified.
    * ``state`` – Optional – A randomly selected value provided by your application, which is unique for each authorization request. During the OAuth callback phase, your application must check that this value matches the one you provided during authorization. [This mechanism is important for the security of your application](https://tools.ietf.org/html/rfc6819#section-3.6).
+   * ``grant_options[]`` - Optional - Set this parameter to `per-user` to receive an access token that respects the user's permission level when making API requests (called online access). This is strongly recommended for embedded apps.
 
    We've added the create_permission_url method to make this easier, first instantiate your session object:
 
@@ -133,10 +136,28 @@ ShopifyAPI uses ActiveResource to communicate with the REST web service. ActiveR
    token = session.request_token(params)
    ```
 
-   This method will save the token to the session object and return it. For future sessions simply pass the token in when creating the session object:
+   This method will save the token to the session object and return it. All fields returned by Shopify, other than the access token itself, are stored in the session's `extra` attribute. For a list of all fields returned by Shopify, read [our OAuth documentation](https://help.shopify.com/api/guides/authentication/oauth#confirming-installation). If you requested an access token that is associated with a specific user, you can retreive information about this user from the `extra` hash:
+
+   ```ruby
+   # a list of all granted scopes
+   granted_scopes = session.extra['scope']
+   # a hash containing the user information
+   user = session.extra['associated_user']
+   # the access scopes available to this user, which may be a subset of the access scopes granted to this app.
+   active_scopes = session.extra['associated_user_scope']
+   # the time at which this token expires; this is automatically converted from 'expires_in' returned by Shopify
+   expires_at = session.extra['expires_at']
+   ```
+
+   For the security of your application, after retrieving an access token you must validate the following:
+   1) The list of scopes in `session.extra['scope']` is the same as you requested.
+   2) If you requested an online-mode access token, `session.extra['associated_user']` must be present.
+   Failing either of these tests means the end-user may have tampered with the url parameters during the OAuth authentication phase. You should avoid using this access token and revoke it immediately. If you use the [`omniauth-shopify-oauth2`](https://github.com/Shopify/omniauth-shopify-oauth2) gem these checks are done automatically for you.
+
+   For future sessions simply pass in the `token` and `extra` hash (optional) when creating the session object:
 
    ```ruby
-   session = ShopifyAPI::Session.new("SHOP_NAME.myshopify.com", token)
+   session = ShopifyAPI::Session.new("SHOP_NAME.myshopify.com", token, extra)
    ```
 
 5. The session must be activated before use:
@@ -177,7 +198,6 @@ ShopifyAPI uses ActiveResource to communicate with the REST web service. ActiveR
    ShopifyAPI::Base.clear_session
    ```
 
-
 ### Console
 
 This package also supports the ``shopify-cli`` executable to make it easy to open up an interactive console to use the API with a shop.

data/lib/shopify_api/resources/draft_order.rb

@@ -0,0 +1,10 @@
+module ShopifyAPI
+  class DraftOrder < Base
+    include Metafields
+
+    def send_invoice(draft_order_invoice = ShopifyAPI::DraftOrderInvoice.new)
+      resource = post(:send_invoice, {}, draft_order_invoice.encode)
+      ShopifyAPI::DraftOrderInvoice.new(ShopifyAPI::DraftOrder.format.decode(resource.body))
+    end
+  end
+end

data/lib/shopify_api/resources/draft_order_invoice.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class DraftOrderInvoice < Base
+  end
+end

data/lib/shopify_api/session.rb

@@ -11,7 +11,7 @@ module ShopifyAPI
     self.protocol = 'https'
     self.myshopify_domain = 'myshopify.com'
 
-    attr_accessor :url, :token, :name
+    attr_accessor :url, :token, :name, :extra
 
     class << self
 
@@ -67,9 +67,10 @@ module ShopifyAPI
       end
     end
 
-    def initialize(url, token = nil)
+    def initialize(url, token = nil, extra = {})
       self.url = self.class.prepare_url(url)
       self.token = token
+      self.extra = extra
     end
 
     def create_permission_url(scope, redirect_uri = nil)
@@ -85,12 +86,15 @@ module ShopifyAPI
         raise ShopifyAPI::ValidationException, "Invalid Signature: Possible malicious login"
       end
 
-      code = params['code']
-
-      response = access_token_request(code)
-
+      response = access_token_request(params['code'])
       if response.code == "200"
-        token = JSON.parse(response.body)['access_token']
+        self.extra = JSON.parse(response.body)
+        self.token = extra.delete('access_token')
+
+        if expires_in = extra.delete('expires_in')
+          extra['expires_at'] = Time.now.utc.to_i + expires_in
+        end
+        token
       else
         raise RuntimeError, response.msg
       end
@@ -108,6 +112,21 @@ module ShopifyAPI
       url.present? && token.present?
     end
 
+    def expires_in
+      return unless expires_at.present?
+      [0, expires_at.to_i - Time.now.utc.to_i].max
+    end
+
+    def expires_at
+      return unless extra.present?
+      @expires_at ||= Time.at(extra['expires_at']).utc
+    end
+
+    def expired?
+      return false if expires_in.nil?
+      expires_in <= 0
+    end
+
     private
       def parameterize(params)
         URI.escape(params.collect{|k,v| "#{k}=#{v}"}.join('&'))

data/lib/shopify_api/version.rb

@@ -1,3 +1,3 @@
 module ShopifyAPI
-  VERSION = "4.3.4"
+  VERSION = "4.3.5"
 end

data/shopify_api.gemspec

@@ -32,4 +32,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency("fakeweb")
   s.add_development_dependency("minitest", ">= 4.0")
   s.add_development_dependency("rake")
+  s.add_development_dependency("timecop")
 end

data/test/draft_order_test.rb

@@ -0,0 +1,114 @@
+require 'test_helper'
+
+class DraftOrderTest < Test::Unit::TestCase
+  def setup
+    super
+
+    fake 'draft_orders/517119332', body: load_fixture('draft_order')
+
+    @draft_order = ShopifyAPI::DraftOrder.find(517119332)
+  end
+
+  def test_get_draft_order
+    fake 'draft_orders/517119332', method: :get, status: 200, body: load_fixture('draft_order')
+
+    draft_order = ShopifyAPI::DraftOrder.find(517119332)
+
+    assert_equal 517119332, draft_order.id
+  end
+
+  def test_get_all_draft_orders
+    fake 'draft_orders', method: :get, status: 200, body: load_fixture('draft_orders')
+
+    draft_orders = ShopifyAPI::DraftOrder.all
+
+    assert_equal 1, draft_orders.length
+    assert_equal 517119332, draft_orders.first.id
+  end
+
+  def test_get_count_draft_orders
+    fake 'draft_orders/count', method: :get, status: 200, body: '{"count": 16}'
+
+    draft_orders_count = ShopifyAPI::DraftOrder.count
+
+    assert_equal 16, draft_orders_count
+  end
+
+  def test_create_draft_order
+    fake 'draft_orders', method: :post, status: 201, body: load_fixture('draft_order')
+
+    draft_order = ShopifyAPI::DraftOrder.create(line_items: [{ quantity: 1, variant_id: 39072856 }])
+
+    assert_equal '{"draft_order":{"line_items":[{"quantity":1,"variant_id":39072856}]}}', FakeWeb.last_request.body
+    assert_equal 39072856, draft_order.line_items.first.variant_id
+  end
+
+  def test_create_draft_order_202
+    fake 'draft_orders', method: :post, status: 202, body: load_fixture('draft_order')
+
+    draft_order = ShopifyAPI::DraftOrder.create(line_items: [{ quantity: 1, variant_id: 39072856 }])
+
+    assert_equal 39072856, draft_order.line_items.first.variant_id
+  end
+
+  def test_update_draft_order
+    draft_order_response = ActiveSupport::JSON.decode(load_fixture('draft_order'))
+    draft_order_response['draft_order']['note'] = 'Test new note'
+    @draft_order.note = 'Test new note'
+    fake 'draft_orders/517119332', method: :put, status: 200, body: ActiveSupport::JSON.encode(draft_order_response)
+
+    @draft_order.save
+
+    assert_equal draft_order_response['draft_order']['note'], @draft_order.note
+  end
+
+  def test_send_invoice_with_no_params
+    draft_order_invoice_fixture = load_fixture('draft_order_invoice')
+    draft_order_invoice = ActiveSupport::JSON.decode(draft_order_invoice_fixture)
+    fake 'draft_orders/517119332/send_invoice', method: :post, body: draft_order_invoice_fixture
+
+    draft_order_invoice_response = @draft_order.send_invoice
+
+    assert_equal '{"draft_order_invoice":{}}', FakeWeb.last_request.body
+    assert_kind_of ShopifyAPI::DraftOrderInvoice, draft_order_invoice_response
+    assert_equal draft_order_invoice['draft_order_invoice']['to'], draft_order_invoice_response.to
+  end
+
+  def test_send_invoice_with_params
+    draft_order_invoice_fixture = load_fixture('draft_order_invoice')
+    draft_order_invoice = ActiveSupport::JSON.decode(draft_order_invoice_fixture)
+    fake 'draft_orders/517119332/send_invoice', method: :post, body: draft_order_invoice_fixture
+
+    draft_order_invoice_response = @draft_order.send_invoice(ShopifyAPI::DraftOrderInvoice.new(draft_order_invoice['draft_order_invoice']))
+
+    assert_equal draft_order_invoice, ActiveSupport::JSON.decode(FakeWeb.last_request.body)
+    assert_kind_of ShopifyAPI::DraftOrderInvoice, draft_order_invoice_response
+    assert_equal draft_order_invoice['draft_order_invoice']['to'], draft_order_invoice_response.to
+  end
+
+  def test_delete_draft_order
+    fake 'draft_orders/517119332', method: :delete, body: 'destroyed'
+    assert @draft_order.destroy
+  end
+
+  def test_add_metafields_to_draft_order
+    fake 'draft_orders/517119332/metafields', method: :post, status: 201, body: load_fixture('metafield')
+
+    field = @draft_order.add_metafield(ShopifyAPI::Metafield.new(namespace: 'contact', key: 'email', value: '123@example.com', value_type: 'string'))
+
+    assert_equal ActiveSupport::JSON.decode('{"metafield":{"namespace":"contact","key":"email","value":"123@example.com","value_type":"string"}}'), ActiveSupport::JSON.decode(FakeWeb.last_request.body)
+    assert !field.new_record?
+    assert_equal 'contact', field.namespace
+    assert_equal 'email', field.key
+    assert_equal '123@example.com', field.value
+  end
+
+  def test_get_metafields_for_draft_order
+    fake 'draft_orders/517119332/metafields', body: load_fixture('metafields')
+
+    metafields = @draft_order.metafields
+
+    assert_equal 2, metafields.length
+    assert metafields.all? { |m| m.is_a?(ShopifyAPI::Metafield) }
+  end
+end

data/test/fixtures/draft_order.json

@@ -0,0 +1,159 @@
+{
+  "draft_order": {
+    "id": 517119332,
+    "note": "This is a note",
+    "email": "montana_hilpert@example.com",
+    "taxes_included": false,
+    "currency": "CAD",
+    "subtotal_price": "1007.41",
+    "total_tax": "0.00",
+    "total_price": "1027.41",
+    "invoice_sent_at": null,
+    "created_at": "2017-02-02T13:14:38-05:00",
+    "updated_at": "2017-02-02T13:14:38-05:00",
+    "tax_exempt": false,
+    "completed_at": null,
+    "name": "#D1",
+    "status": "open",
+    "line_items": [
+      {
+        "variant_id": 39072856,
+        "product_id": 632910392,
+        "title": "IPod Nano - 8gb",
+        "variant_title": "green",
+        "sku": "IPOD2008GREEN",
+        "vendor": null,
+        "price": "199.00",
+        "grams": 200,
+        "quantity": 1,
+        "requires_shipping": true,
+        "taxable": true,
+        "gift_card": false,
+        "fulfillment_service": "manual",
+        "tax_lines": [],
+        "applied_discount": null,
+        "name": "IPod Nano - 8gb - green",
+        "properties": [
+          {
+            "name": "Custom Engraving",
+            "value": "Happy Birthday"
+          }
+        ],
+        "custom": false
+      },
+      {
+        "variant_id": null,
+        "product_id": null,
+        "title": "Custom Item",
+        "variant_title": null,
+        "sku": null,
+        "vendor": null,
+        "price": "494.14",
+        "grams": 0,
+        "quantity": 2,
+        "requires_shipping": false,
+        "taxable": false,
+        "gift_card": false,
+        "fulfillment_service": "manual",
+        "tax_lines": [],
+        "applied_discount": {
+          "description": "A percentage discount for a custom line item",
+          "value": "3.58",
+          "title": "Custom",
+          "amount": "35.38",
+          "value_type": "percentage"
+        },
+        "name": "Custom item",
+        "properties": [],
+        "custom": true
+      }
+    ],
+    "shipping_address": {
+      "first_name": "Jan",
+      "address1": "512 Ernestina Forks",
+      "phone": "(639) 372 1289",
+      "city": "Lakefurt",
+      "zip": "24093",
+      "province": "Virginia",
+      "country": "United States",
+      "last_name": "Fisher",
+      "address2": "Apt. 702",
+      "company": "Steuber and Sons",
+      "latitude": 45.416311,
+      "longitude": -75.68683,
+      "name": "Jan Fisher",
+      "country_code": "US",
+      "province_code": "VA"
+    },
+    "billing_address": {
+      "first_name": "Jan",
+      "address1": "512 Ernestina Forks",
+      "phone": "(639) 372 1289",
+      "city": "Lakefurt",
+      "zip": "24093",
+      "province": "Virginia",
+      "country": "United States",
+      "last_name": "Fisher",
+      "address2": "Apt. 702",
+      "company": "Steuber and Sons",
+      "latitude": 45.416311,
+      "longitude": -75.68683,
+      "name": "Jan Fisher",
+      "country_code": "US",
+      "province_code": "VA"
+    },
+    "invoice_url": "https://checkout.myshopify.io/1/invoices/8e72bdccd0ac51067b947ac68c6f3804",
+    "applied_discount": {
+      "description": "A discount on the entire order",
+      "value": "1.48",
+      "title": "Custom",
+      "amount": "1.48",
+      "value_type": "fixed_amount"
+    },
+    "order_id": null,
+    "shipping_line": {
+      "title": "Custom shipping",
+      "price": "20.00",
+      "custom": true,
+      "handle": null
+    },
+    "tax_lines": [],
+    "tags": "",
+    "customer": {
+      "accepts_marketing": false,
+      "created_at": "2014-03-07T16:14:08-05:00",
+      "email": "bob.norman@hostmail.com",
+      "first_name": "Bob",
+      "id": 207119551,
+      "last_name": "Norman",
+      "last_order_id": null,
+      "multipass_identifier": null,
+      "note": null,
+      "orders_count": 0,
+      "state": "disabled",
+      "total_spent": "0.00",
+      "updated_at": "2014-03-07T16:14:08-05:00",
+      "verified_email": true,
+      "tags": "",
+      "last_order_name": null,
+      "default_address": {
+        "address1": "Chestnut Street 92",
+        "address2": "",
+        "city": "Louisville",
+        "company": null,
+        "country": "United States",
+        "first_name": null,
+        "id": 207119551,
+        "last_name": null,
+        "phone": "555-625-1199",
+        "province": "Kentucky",
+        "zip": "40202",
+        "name": null,
+        "province_code": "KY",
+        "country_code": "US",
+        "country_name": "United States",
+        "default": true
+      }
+    }
+  }
+}

data/test/fixtures/draft_order_invoice.json

@@ -0,0 +1,9 @@
+{
+  "draft_order_invoice": {
+    "to": "paul.norman@example.com",
+    "from": "steve@apple.com",
+    "subject": "Here is your new order invoice!",
+    "custom_message": "This is a test custom message.",
+    "bcc": [ ]
+  }
+}

data/test/fixtures/draft_orders.json

@@ -0,0 +1,161 @@
+{
+  "draft_orders": [
+    {
+      "id": 517119332,
+      "note": "This is a note",
+      "email": "montana_hilpert@example.com",
+      "taxes_included": false,
+      "currency": "CAD",
+      "subtotal_price": "1007.41",
+      "total_tax": "0.00",
+      "total_price": "1027.41",
+      "invoice_sent_at": null,
+      "created_at": "2017-02-02T13:14:38-05:00",
+      "updated_at": "2017-02-02T13:14:38-05:00",
+      "tax_exempt": false,
+      "completed_at": null,
+      "name": "#D1",
+      "status": "open",
+      "line_items": [
+        {
+          "variant_id": 39072856,
+          "product_id": 632910392,
+          "title": "IPod Nano - 8gb",
+          "variant_title": "green",
+          "sku": "IPOD2008GREEN",
+          "vendor": null,
+          "price": "199.00",
+          "grams": 200,
+          "quantity": 1,
+          "requires_shipping": true,
+          "taxable": true,
+          "gift_card": false,
+          "fulfillment_service": "manual",
+          "tax_lines": [],
+          "applied_discount": null,
+          "name": "IPod Nano - 8gb - green",
+          "properties": [
+            {
+              "name": "Custom Engraving",
+              "value": "Happy Birthday"
+            }
+          ],
+          "custom": false
+        },
+        {
+          "variant_id": null,
+          "product_id": null,
+          "title": "Custom Item",
+          "variant_title": null,
+          "sku": null,
+          "vendor": null,
+          "price": "494.14",
+          "grams": 0,
+          "quantity": 2,
+          "requires_shipping": false,
+          "taxable": false,
+          "gift_card": false,
+          "fulfillment_service": "manual",
+          "tax_lines": [],
+          "applied_discount": {
+            "description": "A percentage discount for a custom line item",
+            "value": "3.58",
+            "title": "Custom",
+            "amount": "35.38",
+            "value_type": "percentage"
+          },
+          "name": "Custom item",
+          "properties": [],
+          "custom": true
+        }
+      ],
+      "shipping_address": {
+        "first_name": "Jan",
+        "address1": "512 Ernestina Forks",
+        "phone": "(639) 372 1289",
+        "city": "Lakefurt",
+        "zip": "24093",
+        "province": "Virginia",
+        "country": "United States",
+        "last_name": "Fisher",
+        "address2": "Apt. 702",
+        "company": "Steuber and Sons",
+        "latitude": 45.416311,
+        "longitude": -75.68683,
+        "name": "Jan Fisher",
+        "country_code": "US",
+        "province_code": "VA"
+      },
+      "billing_address": {
+        "first_name": "Jan",
+        "address1": "512 Ernestina Forks",
+        "phone": "(639) 372 1289",
+        "city": "Lakefurt",
+        "zip": "24093",
+        "province": "Virginia",
+        "country": "United States",
+        "last_name": "Fisher",
+        "address2": "Apt. 702",
+        "company": "Steuber and Sons",
+        "latitude": 45.416311,
+        "longitude": -75.68683,
+        "name": "Jan Fisher",
+        "country_code": "US",
+        "province_code": "VA"
+      },
+      "invoice_url": "https://checkout.myshopify.io/1/invoices/8e72bdccd0ac51067b947ac68c6f3804",
+      "applied_discount": {
+        "description": "A discount on the entire order",
+        "value": "1.48",
+        "title": "Custom",
+        "amount": "1.48",
+        "value_type": "fixed_amount"
+      },
+      "order_id": null,
+      "shipping_line": {
+        "title": "Custom shipping",
+        "price": "20.00",
+        "custom": true,
+        "handle": null
+      },
+      "tax_lines": [],
+      "tags": "",
+      "customer": {
+        "accepts_marketing": false,
+        "created_at": "2014-03-07T16:14:08-05:00",
+        "email": "bob.norman@hostmail.com",
+        "first_name": "Bob",
+        "id": 207119551,
+        "last_name": "Norman",
+        "last_order_id": null,
+        "multipass_identifier": null,
+        "note": null,
+        "orders_count": 0,
+        "state": "disabled",
+        "total_spent": "0.00",
+        "updated_at": "2014-03-07T16:14:08-05:00",
+        "verified_email": true,
+        "tags": "",
+        "last_order_name": null,
+        "default_address": {
+          "address1": "Chestnut Street 92",
+          "address2": "",
+          "city": "Louisville",
+          "company": null,
+          "country": "United States",
+          "first_name": null,
+          "id": 207119551,
+          "last_name": null,
+          "phone": "555-625-1199",
+          "province": "Kentucky",
+          "zip": "40202",
+          "name": null,
+          "province_code": "KY",
+          "country_code": "US",
+          "country_name": "United States",
+          "default": true
+        }
+      }
+    }
+  ]
+}

data/test/fulfillment_request_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 
 class FulFillmentRequestTest < Test::Unit::TestCase
   def setup
-    fake "orders/450789469/fulfillment_requests/695890229", method: :get, body: load_fixture('fulfillment_request')
+    fake "orders/450789469/fulfillment_requests/255858046", method: :get, body: load_fixture('fulfillment_request')
   end
 
   context "#mark_as_failed" do
@@ -11,7 +11,11 @@ class FulFillmentRequestTest < Test::Unit::TestCase
 
       cancelled = ActiveSupport::JSON.decode(load_fixture('fulfillment_request'))
       cancelled['failure_message'] = 'failure reason'
-      fake "orders/450789469/fulfillment_requests/695890229/mark_as_failed", method: :put, body: ActiveSupport::JSON.encode(cancelled)
+      cancelled['message'] = nil
+      fake "orders/450789469/fulfillment_requests/695890229/mark_as_failed.json?message=",
+        method: :put,
+        body: ActiveSupport::JSON.encode(cancelled),
+        extension: false
 
       assert fulfillment_request.failure_message.blank?
       assert fulfillment_request.mark_as_failed

data/test/session_test.rb

@@ -1,4 +1,5 @@
 require 'test_helper'
+require 'timecop'
 
 class SessionTest < Test::Unit::TestCase
 
@@ -141,19 +142,59 @@ class SessionTest < Test::Unit::TestCase
   end
 
   test "return_token_if_signature_is_valid" do
-    params = {:code => 'any-code', :timestamp => Time.now}
-    sorted_params = make_sorted_params(params)
-    signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new(), ShopifyAPI::Session.secret, sorted_params)
-    fake nil, :url => 'https://testshop.myshopify.com/admin/oauth/access_token',:method => :post, :body => '{"access_token" : "any-token"}'
+    fake nil,
+      url: 'https://testshop.myshopify.com/admin/oauth/access_token',
+      method: :post,
+      body: '{"access_token":"any-token"}'
     session = ShopifyAPI::Session.new("testshop.myshopify.com")
-    token = session.request_token(params.merge(:hmac => signature))
+
+    params = { code: 'any-code', timestamp: Time.now }
+    token = session.request_token(params.merge(hmac: generate_signature(params)))
+
     assert_equal "any-token", token
+    assert_equal "any-token", session.token
+  end
+
+  test "extra parameters are stored in session" do
+    fake nil,
+      url: 'https://testshop.myshopify.com/admin/oauth/access_token',
+      method: :post,
+      body: '{"access_token":"any-token","foo":"example"}'
+    session = ShopifyAPI::Session.new("testshop.myshopify.com")
+
+    params = { code: 'any-code', timestamp: Time.now }
+    assert session.request_token(params.merge(hmac: generate_signature(params)))
+
+    assert_equal ({ "foo" => "example" }), session.extra
+  end
+
+  test "expires_in is automatically converted in expires_at" do
+    fake nil,
+      url: 'https://testshop.myshopify.com/admin/oauth/access_token',
+      method: :post,
+      body: '{"access_token":"any-token","expires_in":86393}'
+    session = ShopifyAPI::Session.new("testshop.myshopify.com")
+
+    Timecop.freeze do
+      params = { code: 'any-code', timestamp: Time.now }
+      assert session.request_token(params.merge(hmac: generate_signature(params)))
+
+      expires_at = Time.now.utc + 86393
+      assert_equal ({ "expires_at" => expires_at.to_i }), session.extra
+      assert session.expires_at.is_a?(Time)
+      assert_equal expires_at.to_i, session.expires_at.to_i
+      assert_equal 86393, session.expires_in
+      assert_equal false, session.expired?
+
+      Timecop.travel(session.expires_at) do
+        assert_equal true, session.expired?
+      end
+    end
   end
 
   test "raise error if signature does not match expected" do
     params = {:code => "any-code", :timestamp => Time.now}
-    sorted_params = make_sorted_params(params)
-    signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new(), ShopifyAPI::Session.secret, sorted_params)
+    signature = generate_signature(params)
     params[:foo] = 'world'
     assert_raises(ShopifyAPI::ValidationException) do
       session = ShopifyAPI::Session.new("testshop.myshopify.com")
@@ -163,8 +204,7 @@ class SessionTest < Test::Unit::TestCase
 
   test "raise error if timestamp is too old" do
     params = {:code => "any-code", :timestamp => Time.now - 2.days}
-    sorted_params = make_sorted_params(params)
-    signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new(), ShopifyAPI::Session.secret, sorted_params)
+    signature = generate_signature(params)
     params[:foo] = 'world'
     assert_raises(ShopifyAPI::ValidationException) do
       session = ShopifyAPI::Session.new("testshop.myshopify.com")
@@ -173,18 +213,16 @@ class SessionTest < Test::Unit::TestCase
   end
 
   test "return true when the signature is valid and the keys of params are strings" do
-    now = Time.now
-    params = {"code" => "any-code", "timestamp" => now}
-    sorted_params = make_sorted_params(params)
-    signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new(), ShopifyAPI::Session.secret, sorted_params)
-    params = {"code" => "any-code", "timestamp" => now, "hmac" => signature}
+    params = {"code" => "any-code", "timestamp" => Time.now}
+    params["hmac"] = generate_signature(params)
+    assert_equal true, ShopifyAPI::Session.validate_signature(params)
   end
 
   test "return true when validating signature of params with ampersand and equal sign characters" do
     ShopifyAPI::Session.secret = 'secret'
     params = {'a' => '1&b=2', 'c=3&d' => '4'}
     to_sign = "a=1%26b=2&c%3D3%26d=4"
-    params['hmac'] = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), ShopifyAPI::Session.secret, to_sign)
+    params['hmac'] = generate_signature(to_sign)
 
     assert_equal true, ShopifyAPI::Session.validate_signature(params)
   end
@@ -193,7 +231,7 @@ class SessionTest < Test::Unit::TestCase
     ShopifyAPI::Session.secret = 'secret'
     params = {'a%3D1%26b' => '2%26c%3D3'}
     to_sign = "a%253D1%2526b=2%2526c%253D3"
-    params['hmac'] = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), ShopifyAPI::Session.secret, to_sign)
+    params['hmac'] = generate_signature(to_sign)
 
     assert_equal true, ShopifyAPI::Session.validate_signature(params)
   end
@@ -203,4 +241,9 @@ class SessionTest < Test::Unit::TestCase
   def make_sorted_params(params)
     sorted_params = params.with_indifferent_access.except(:signature, :hmac, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join('&')
   end
+
+  def generate_signature(params)
+    params = make_sorted_params(params) if params.is_a?(Hash)
+    OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, ShopifyAPI::Session.secret, params)
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_api
 version: !ruby/object:Gem::Version
-  version: 4.3.4
+  version: 4.3.5
 platform: ruby
 authors:
 - Shopify
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-12 00:00:00.000000000 Z
+date: 2017-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activeresource
@@ -94,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: The Shopify API gem allows Ruby developers to programmatically access
   the admin section of Shopify stores. The API is implemented as JSON or XML over
   HTTP using all four verbs (GET/POST/PUT/DELETE). Each resource, like Order, Product,
@@ -159,6 +173,8 @@ files:
 - lib/shopify_api/resources/customer_group.rb
 - lib/shopify_api/resources/customer_saved_search.rb
 - lib/shopify_api/resources/discount.rb
+- lib/shopify_api/resources/draft_order.rb
+- lib/shopify_api/resources/draft_order_invoice.rb
 - lib/shopify_api/resources/event.rb
 - lib/shopify_api/resources/fulfillment.rb
 - lib/shopify_api/resources/fulfillment_event.rb
@@ -223,6 +239,7 @@ files:
 - test/customer_test.rb
 - test/detailed_log_subscriber_test.rb
 - test/discount_test.rb
+- test/draft_order_test.rb
 - test/fixtures/access_token_delegate.json
 - test/fixtures/application_charge.json
 - test/fixtures/application_charges.json
@@ -251,6 +268,9 @@ files:
 - test/fixtures/discount.json
 - test/fixtures/discount_disabled.json
 - test/fixtures/discounts.json
+- test/fixtures/draft_order.json
+- test/fixtures/draft_order_invoice.json
+- test/fixtures/draft_orders.json
 - test/fixtures/events.json
 - test/fixtures/fulfillment.json
 - test/fixtures/fulfillment_event.json