shopify_api 2.3.0 → 3.0.0

data/RELEASING

@@ -1,7 +1,7 @@
 Releasing ShopifyAPI
 
 1. Check the Semantic Versioning page for info on how to version the new release: http://semver.org
-2. Update the version of ShopifyAPI in shopify_api.gemspec
+2. Update the version of ShopifyAPI in lib/shopify_api/version.rb
 3. Add a CHANGELOG entry for the new release with the date
 4. Commit the changes with a commit message like "Packaging for release X.Y.Z"
 5. Tag the release with the version (Leave REV blank for HEAD or provide a SHA)

data/lib/active_resource/base_ext.rb

@@ -0,0 +1,14 @@
+module ActiveResource
+  class Base
+    # Backported from ActiveResource master branch
+    def self.headers
+      @headers ||= {}
+
+      if superclass != Object && superclass.headers
+        @headers = superclass.headers.merge(@headers)
+      else
+        @headers
+      end
+    end
+  end
+end

data/lib/shopify_api.rb

@@ -10,6 +10,7 @@ require 'shopify_api/limits'
 require 'shopify_api/json_format'
 require 'active_resource/json_errors'
 require 'active_resource/disable_prefix_check'
+require 'active_resource/base_ext'
 
 module ShopifyAPI
   include Limits

data/lib/shopify_api/cli.rb

@@ -25,6 +25,7 @@ module ShopifyAPI
         config = {'protocol' => 'https'}
         config['domain']   = ask("Domain? (leave blank for #{connection}.myshopify.com)")
         config['domain']   = "#{connection}.myshopify.com" if config['domain'].blank?
+        config['domain']   = "#{config['domain']}.myshopify.com" unless config['domain'].match(/[.:]/)
         puts "\nopen https://#{config['domain']}/admin/api in your browser to get API credentials\n"
         config['api_key']  = ask("API key?")
         config['password'] = ask("Password?")

data/lib/shopify_api/resources.rb

@@ -5,6 +5,7 @@ require 'shopify_api/resources/article'
 require 'shopify_api/resources/asset'
 require 'shopify_api/resources/billing_address'
 require 'shopify_api/resources/blog'
+require 'shopify_api/resources/cart'
 require 'shopify_api/resources/collect'
 require 'shopify_api/resources/comment'
 require 'shopify_api/resources/country'

data/lib/shopify_api/resources/base.rb

@@ -1,7 +1,34 @@
+require 'shopify_api/version'
+
 module ShopifyAPI
   class Base < ActiveResource::Base
     extend Countable
     self.include_root_in_json = false
+    self.headers['User-Agent'] = ["ShopifyAPI/#{ShopifyAPI::VERSION}",
+                                  "ActiveResource/#{ActiveResource::VERSION::STRING}",
+                                  "Ruby/#{RUBY_VERSION}"].join(' ')
+
+    class << self
+      def headers
+        if defined?(@headers)
+          @headers
+        elsif superclass != Object && superclass.headers
+          superclass.headers
+        else
+          @headers ||= {}
+        end
+      end
+
+      def activate_session(session)
+        self.site = session.site
+        self.headers.merge!('X-Shopify-Access-Token' => session.token)
+      end
+
+      def clear_session
+        self.site = nil
+        self.headers.delete('X-Shopify-Access-Token')
+      end
+    end                  
 
     private
     def only_id

data/lib/shopify_api/resources/cart.rb

@@ -0,0 +1,4 @@
+module ShopifyAPI
+  class Cart < Base
+  end
+end

data/lib/shopify_api/session.rb

@@ -1,84 +1,6 @@
+
 module ShopifyAPI
-  # 
-  #  The Shopify API authenticates each call via HTTP Authentication, using
-  #    * the application's API key as the username, and
-  #    * a hex digest of the application's shared secret and an 
-  #      authentication token as the password.
-  #  
-  #  Generation & acquisition of the beforementioned looks like this:
-  # 
-  #    0. Developer (that's you) registers Application (and provides a
-  #       callback url) and receives an API key and a shared secret
-  # 
-  #    1. User visits Application and are told they need to authenticate the
-  #       application first for read/write permission to their data (needs to
-  #       happen only once). User is asked for their shop url.
-  # 
-  #    2. Application redirects to Shopify : GET <user's shop url>/admin/api/auth?api_key=<API key>
-  #       (See Session#create_permission_url)
-  # 
-  #    3. User logs-in to Shopify, approves application permission request
-  # 
-  #    4. Shopify redirects to the Application's callback url (provided during
-  #       registration), including the shop's name, and an authentication token in the parameters:
-  #         GET client.com/customers?shop=snake-oil.myshopify.com&t=a94a110d86d2452eb3e2af4cfb8a3828
-  # 
-  #    5. Authentication password computed using the shared secret and the
-  #       authentication token (see Session#computed_password)
-  # 
-  #    6. Profit!
-  #       (API calls can now authenticate through HTTP using the API key, and
-  #       computed password)
-  # 
-  #  LoginController and ShopifyLoginProtection use the Session class to set Shopify::Base.site
-  #  so that all API calls are authorized transparently and end up just looking like this:
-  # 
-  #    # get 3 products
-  #    @products = ShopifyAPI::Product.find(:all, :params => {:limit => 3})
-  #    
-  #    # get latest 3 orders
-  #    @orders = ShopifyAPI::Order.find(:all, :params => {:limit => 3, :order => "created_at DESC" })
-  # 
-  #  As an example of what your LoginController should look like, take a look
-  #  at the following:
-  # 
-  #    class LoginController < ApplicationController
-  #      def index
-  #        # Ask user for their #{shop}.myshopify.com address
-  #      end
-  #    
-  #      def authenticate
-  #        redirect_to ShopifyAPI::Session.new(params[:shop]).create_permission_url
-  #      end
-  #    
-  #      # Shopify redirects the logged-in user back to this action along with
-  #      # the authorization token t.
-  #      # 
-  #      # This token is later combined with the developer's shared secret to form
-  #      # the password used to call API methods.
-  #      def finalize
-  #        shopify_session = ShopifyAPI::Session.new(params[:shop], params[:t])
-  #        if shopify_session.valid?
-  #          session[:shopify] = shopify_session
-  #          flash[:notice] = "Logged in to shopify store."
-  #    
-  #          return_address = session[:return_to] || '/home'
-  #          session[:return_to] = nil
-  #          redirect_to return_address
-  #        else
-  #          flash[:error] = "Could not log in to Shopify store."
-  #          redirect_to :action => 'index'
-  #        end
-  #      end
-  #    
-  #      def logout
-  #        session[:shopify] = nil
-  #        flash[:notice] = "Successfully logged out."
-  #    
-  #        redirect_to :action => 'index'
-  #      end
-  #    end
-  # 
+  
   class Session
     cattr_accessor :api_key
     cattr_accessor :secret
@@ -95,13 +17,18 @@ module ShopifyAPI
       
       def temp(domain, token, &block)
         session = new(domain, token)
+        begin
+          original_domain  = URI.parse(ShopifyAPI::Base.site.to_s).host
+        rescue URI::InvalidURIError
+        end
+        original_token   = ShopifyAPI::Base.headers['X-Shopify-Access-Token']
+        original_session = new(original_domain, original_token)
 
-        original_site = ShopifyAPI::Base.site
         begin
-          ShopifyAPI::Base.site = session.site
+          ShopifyAPI::Base.activate_session(session)
           yield
         ensure
-          ShopifyAPI::Base.site = original_site
+          ShopifyAPI::Base.activate_session(original_session)
         end
       end
       
@@ -110,56 +37,38 @@ module ShopifyAPI
         url.gsub!(/https?:\/\//, '')                            # remove http:// or https://
         url.concat(".myshopify.com") unless url.include?('.')   # extend url to myshopify.com if no host is given
       end
-      
+
       def validate_signature(params)
         return false unless signature = params[:signature]
 
         sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
         Digest::MD5.hexdigest(secret + sorted_params) == signature
       end
-    
+
     end
     
     def initialize(url, token = nil, params = nil)
       self.url, self.token = url, token
+      self.class.prepare_url(self.url)
 
       if params
         unless self.class.validate_signature(params) && params[:timestamp].to_i > 24.hours.ago.utc.to_i
           raise "Invalid Signature: Possible malicious login" 
         end
       end
-
-      self.class.prepare_url(self.url)
     end
     
     def shop
       Shop.current
     end
-    
-    def create_permission_url
-      return nil if url.blank? || api_key.blank?
-      "http://#{url}/admin/api/auth?api_key=#{api_key}"
-    end
 
-    # Used by ActiveResource::Base to make all non-authentication API calls
-    # 
-    # (ShopifyAPI::Base.site set in ShopifyLoginProtection#shopify_session)
     def site
-      "#{protocol}://#{api_key}:#{computed_password}@#{url}/admin"
+      "#{protocol}://#{url}/admin"
     end
 
     def valid?
       url.present? && token.present?
     end
-
-    private
-
-    # The secret is computed by taking the shared_secret which we got when 
-    # registring this third party application and concating the request_to it, 
-    # and then calculating a MD5 hexdigest. 
-    def computed_password
-      Digest::MD5.hexdigest(secret + token.to_s)
-    end
-    
+  
   end
 end

data/lib/shopify_api/version.rb

@@ -0,0 +1,3 @@
+module ShopifyAPI
+  VERSION = "3.0.0"
+end

data/shopify_api.gemspec

@@ -1,8 +1,10 @@
 # -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "shopify_api/version"
 
 Gem::Specification.new do |s|
   s.name = %q{shopify_api}
-  s.version = "2.3.0"
+  s.version = ShopifyAPI::VERSION
   s.author = "Shopify"
 
   s.summary = %q{The Shopify API gem is a lightweight gem for accessing the Shopify admin REST web services}

data/test/base_test.rb

@@ -0,0 +1,50 @@
+require 'test_helper'
+
+
+class BaseTest < Test::Unit::TestCase
+
+  def setup
+    @session1 = ShopifyAPI::Session.new('shop1.myshopify.com', 'token1')
+    @session2 = ShopifyAPI::Session.new('shop2.myshopify.com', 'token2')
+  end
+
+  test '#activate_session should set site and headers for given session' do
+    ShopifyAPI::Base.activate_session @session1
+
+    assert_nil ActiveResource::Base.site
+    assert_equal 'https://shop1.myshopify.com/admin', ShopifyAPI::Base.site.to_s
+    assert_equal 'https://shop1.myshopify.com/admin', ShopifyAPI::Shop.site.to_s
+    
+    assert_nil ActiveResource::Base.headers['X-Shopify-Access-Token']
+    assert_equal 'token1', ShopifyAPI::Base.headers['X-Shopify-Access-Token']
+    assert_equal 'token1', ShopifyAPI::Shop.headers['X-Shopify-Access-Token']
+  end
+
+  test '#clear_session should clear site and headers from Base' do
+    ShopifyAPI::Base.activate_session @session1    
+    ShopifyAPI::Base.clear_session
+
+    assert_nil ActiveResource::Base.site
+    assert_nil ShopifyAPI::Base.site
+    assert_nil ShopifyAPI::Shop.site
+
+    assert_nil ActiveResource::Base.headers['X-Shopify-Access-Token']
+    assert_nil ShopifyAPI::Base.headers['X-Shopify-Access-Token']
+    assert_nil ShopifyAPI::Shop.headers['X-Shopify-Access-Token']
+  end
+
+  test '#activate_session with one session, then clearing and activating with another session should send request to correct shop' do
+    ShopifyAPI::Base.activate_session @session1   
+    ShopifyAPI::Base.clear_session    
+    ShopifyAPI::Base.activate_session @session2
+
+    assert_nil ActiveResource::Base.site
+    assert_equal 'https://shop2.myshopify.com/admin', ShopifyAPI::Base.site.to_s
+    assert_equal 'https://shop2.myshopify.com/admin', ShopifyAPI::Shop.site.to_s
+
+    assert_nil ActiveResource::Base.headers['X-Shopify-Access-Token']
+    assert_equal 'token2', ShopifyAPI::Base.headers['X-Shopify-Access-Token']
+    assert_equal 'token2', ShopifyAPI::Shop.headers['X-Shopify-Access-Token']
+  end
+
+end

data/test/cart_test.rb

@@ -0,0 +1,13 @@
+require 'test_helper'
+
+class CartTest < Test::Unit::TestCase
+  test 'all should return all carts' do
+    fake 'carts'
+    carts = ShopifyAPI::Cart.all
+    assert_equal carts.size, 2
+    assert_equal 2, carts.first.id
+    assert_equal "3eed8183d4281db6ea82ee2b8f23e9cc", carts.first.token
+    assert_equal 1, carts.first.line_items.size
+    assert_equal 'test', carts.first.line_items.first.title
+  end
+end

data/test/detailed_log_subscriber_test.rb

@@ -7,6 +7,7 @@ class LogSubscriberTest < Test::Unit::TestCase
   def setup
     super
     @page = { :page => { :id => 1, :title => 'Shopify API' } }.to_json
+    @ua_header = "\"User-Agent\"=>\"ShopifyAPI/#{ShopifyAPI::VERSION} ActiveResource/#{ActiveResource::VERSION::STRING} Ruby/#{RUBY_VERSION}\""
 
     ShopifyAPI::Base.site = "http://localhost/admin"
 
@@ -26,7 +27,7 @@ class LogSubscriberTest < Test::Unit::TestCase
     assert_equal 4, @logger.logged(:info).size
     assert_equal "GET http://localhost:80/admin/pages/1.json",                  @logger.logged(:info)[0]
     assert_match /\-\-\> 200/,                                                  @logger.logged(:info)[1]
-    assert_equal "Headers: {\"Accept\"=>\"application/json\"}",                 @logger.logged(:info)[2]
+    assert_equal "Headers: {\"Accept\"=>\"application/json\", #{@ua_header}}",  @logger.logged(:info)[2]
     assert_match /Response:\n\{\"page\"\:\{((\"id\"\:1)|(\"title\"\:\"Shopify API\")),((\"id\"\:1)|(\"title\"\:\"Shopify API\"))\}\}/,  @logger.logged(:info)[3]
 
   end
@@ -41,7 +42,7 @@ class LogSubscriberTest < Test::Unit::TestCase
     assert_equal 4, @logger.logged(:info).size
     assert_equal "GET http://localhost:80/admin/pages/2.json",  @logger.logged(:info)[0]
     assert_match /\-\-\> 404/,                                  @logger.logged(:info)[1]
-    assert_equal "Headers: {\"Accept\"=>\"application/json\"}", @logger.logged(:info)[2]
+    assert_equal "Headers: {\"Accept\"=>\"application/json\", #{@ua_header}}", @logger.logged(:info)[2]
     assert_equal "Response:",                                   @logger.logged(:info)[3]
   end
 end

data/test/fixtures/carts.json

@@ -0,0 +1,43 @@
+{
+  "carts": [
+    {
+      "id": 2,
+      "note": null,
+      "token": "3eed8183d4281db6ea82ee2b8f23e9cc",
+      "updated_at": "2012-02-13T14:39:37-05:00",
+      "line_items": 
+      [
+        {
+          "id": 1,
+          "title": "test",
+          "price": "1.00",
+          "line_price": "1.00",
+          "quantity": 1,
+          "sku": "",
+          "grams": 1000,
+          "vendor": "test",
+          "variant_id": 1
+        }
+      ]
+    },
+    {
+      "id": 1,
+      "note": "",
+      "token": "49801807939c296be1e9a4bf6783a705",
+      "updated_at": "2012-02-13T14:39:12-05:00",
+      "line_items":[
+        {
+          "id": 1,
+          "title": "test",
+          "price": "1.00",
+          "line_price": "1.00",
+          "quantity": 1,
+          "sku": "",
+          "grams": 1000,
+          "vendor": "test",
+          "variant_id": 1
+        }
+      ]
+    }
+  ]
+}

data/test/session_test.rb

@@ -23,7 +23,7 @@ class SessionTest < Test::Unit::TestCase
         session = ShopifyAPI::Session.new("testshop.myshopify.com", "any-token")
       end
     end
-    
+
     should "raise error if params passed but signature omitted" do
       assert_raises(RuntimeError) do
         session = ShopifyAPI::Session.new("testshop.myshopify.com", "any-token", {'foo' => 'bar'})
@@ -41,25 +41,30 @@ class SessionTest < Test::Unit::TestCase
     end
 
     should "#temp reset ShopifyAPI::Base.site to original value" do
-      ShopifyAPI::Base.site = 'http://www.original.com'
-
+      
       ShopifyAPI::Session.setup(:api_key => "key", :secret => "secret")
-      assigned_site = nil
+      session1 = ShopifyAPI::Session.new('fakeshop.myshopify.com', 'token1')
+      ShopifyAPI::Base.activate_session(session1)
+
       ShopifyAPI::Session.temp("testshop.myshopify.com", "any-token") {
-        assigned_site = ShopifyAPI::Base.site
+        @assigned_site = ShopifyAPI::Base.site
       }
-      assert_equal 'https://key:e56d5793b869753d87cf03ceb6bb5dfc@testshop.myshopify.com/admin', assigned_site.to_s
-      assert_equal 'http://www.original.com', ShopifyAPI::Base.site.to_s
+      assert_equal 'https://testshop.myshopify.com/admin', @assigned_site.to_s
+      assert_equal 'https://fakeshop.myshopify.com/admin', ShopifyAPI::Base.site.to_s
     end
 
-    should "return permissions url" do
+    should "return site for session" do
       session = ShopifyAPI::Session.new("testshop.myshopify.com", "any-token")
-      assert_equal "http://testshop.myshopify.com/admin/api/auth?api_key=key", session.create_permission_url
+      assert_equal "https://testshop.myshopify.com/admin", session.site
     end
 
-    should "return site for session" do
-      session = ShopifyAPI::Session.new("testshop.myshopify.com", "any-token")
-      assert_equal "https://key:e56d5793b869753d87cf03ceb6bb5dfc@testshop.myshopify.com/admin", session.site
+    should "raise error if signature does not match expected" do
+      ShopifyAPI::Session.secret = 'secret'
+      params = {:foo => 'hello', :foo => 'world', :timestamp => Time.now}
+      sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
+      signature = Digest::MD5.hexdigest(ShopifyAPI::Session.secret + sorted_params)
+
+      session = ShopifyAPI::Session.new("testshop.myshopify.com", "any-token", params.merge(:signature => signature))
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: shopify_api
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 3.0.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-02-13 00:00:00.000000000 Z
+date: 2012-04-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activeresource
-  requirement: &2152625980 !ruby/object:Gem::Requirement
+  requirement: &70215153027780 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *2152625980
+  version_requirements: *70215153027780
 - !ruby/object:Gem::Dependency
   name: thor
-  requirement: &2152625260 !ruby/object:Gem::Requirement
+  requirement: &70215153026900 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: 0.14.4
   type: :runtime
   prerelease: false
-  version_requirements: *2152625260
+  version_requirements: *70215153026900
 - !ruby/object:Gem::Dependency
   name: mocha
-  requirement: &2152624800 !ruby/object:Gem::Requirement
+  requirement: &70215153026040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: 0.9.8
   type: :development
   prerelease: false
-  version_requirements: *2152624800
+  version_requirements: *70215153026040
 - !ruby/object:Gem::Dependency
   name: fakeweb
-  requirement: &2152624420 !ruby/object:Gem::Requirement
+  requirement: &70215153062680 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,7 +54,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152624420
+  version_requirements: *70215153062680
 description: The Shopify API gem allows Ruby developers to programmatically access
   the admin section of Shopify stores. The API is implemented as JSON or XML over
   HTTP using all four verbs (GET/POST/PUT/DELETE). Each resource, like Order, Product,
@@ -76,6 +76,7 @@ files:
 - RELEASING
 - Rakefile
 - bin/shopify
+- lib/active_resource/base_ext.rb
 - lib/active_resource/connection_ext.rb
 - lib/active_resource/detailed_log_subscriber.rb
 - lib/active_resource/disable_prefix_check.rb
@@ -95,6 +96,7 @@ files:
 - lib/shopify_api/resources/base.rb
 - lib/shopify_api/resources/billing_address.rb
 - lib/shopify_api/resources/blog.rb
+- lib/shopify_api/resources/cart.rb
 - lib/shopify_api/resources/collect.rb
 - lib/shopify_api/resources/comment.rb
 - lib/shopify_api/resources/country.rb
@@ -129,14 +131,18 @@ files:
 - lib/shopify_api/resources/variant.rb
 - lib/shopify_api/resources/webhook.rb
 - lib/shopify_api/session.rb
+- lib/shopify_api/version.rb
 - shopify_api.gemspec
 - test/asset_test.rb
+- test/base_test.rb
 - test/blog_test.rb
+- test/cart_test.rb
 - test/cli_test.rb
 - test/detailed_log_subscriber_test.rb
 - test/fixtures/asset.json
 - test/fixtures/assets.json
 - test/fixtures/blogs.json
+- test/fixtures/carts.json
 - test/fixtures/events.json
 - test/fixtures/metafield.json
 - test/fixtures/metafields.json