shopify_api 4.0.2 → 4.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.gitignore +1 -0
- data/CHANGELOG +4 -0
- data/Gemfile +2 -0
- data/lib/shopify_api/session.rb +11 -2
- data/lib/shopify_api/version.rb +1 -1
- data/shopify_api.gemspec +1 -0
- data/test/session_test.rb +18 -0
- metadata +39 -4
- metadata.gz.sig +0 -0
- data/Gemfile.lock +0 -46
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fd5fe880e2969fad40ac19852da5eb801ca3e4af
|
4
|
+
data.tar.gz: ae6b8c7e61139171bbf02cb5ac14552ea3c4319e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3e40036c3bfb41301aee1c74093cf991435b85764cfea3dcd828195a6cd404c74838cadefc1c84af4b3d03c6df92f3cd4957d84ed05a212e299c5608cf428edc
|
7
|
+
data.tar.gz: 13d1f0077ecad5dc2c45a680f066e4590d8fbb0c5e53040ce4e8e4ea5d837415e4ff63728e84fd246424a8a6a053fb95b7e79034037ca5c057d61b7d398cd35c
|
checksums.yaml.gz.sig
ADDED
Binary file
|
data.tar.gz.sig
ADDED
Binary file
|
data/.gitignore
CHANGED
data/CHANGELOG
CHANGED
data/Gemfile
CHANGED
data/lib/shopify_api/session.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'openssl'
|
2
|
+
require 'rack'
|
2
3
|
|
3
4
|
module ShopifyAPI
|
4
5
|
|
@@ -53,8 +54,16 @@ module ShopifyAPI
|
|
53
54
|
params = params.with_indifferent_access
|
54
55
|
return false unless signature = params[:hmac]
|
55
56
|
|
56
|
-
|
57
|
-
|
57
|
+
calculated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new(), secret, encoded_params_for_signature(params))
|
58
|
+
|
59
|
+
Rack::Utils.secure_compare(calculated_signature, signature)
|
60
|
+
end
|
61
|
+
|
62
|
+
private
|
63
|
+
|
64
|
+
def encoded_params_for_signature(params)
|
65
|
+
params = params.except(:signature, :hmac, :action, :controller)
|
66
|
+
params.map{|k,v| "#{URI.escape(k.to_s, '&=%')}=#{URI.escape(v.to_s, '&%')}"}.sort.join('&')
|
58
67
|
end
|
59
68
|
end
|
60
69
|
|
data/lib/shopify_api/version.rb
CHANGED
data/shopify_api.gemspec
CHANGED
data/test/session_test.rb
CHANGED
@@ -171,6 +171,24 @@ class SessionTest < Test::Unit::TestCase
|
|
171
171
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
172
172
|
end
|
173
173
|
|
174
|
+
should "return true when validating signature of params with ampersand and equal sign characters" do
|
175
|
+
ShopifyAPI::Session.secret = 'secret'
|
176
|
+
params = {'a' => '1&b=2', 'c=3&d' => '4'}
|
177
|
+
to_sign = "a=1%26b=2&c%3D3%26d=4"
|
178
|
+
params['hmac'] = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), ShopifyAPI::Session.secret, to_sign)
|
179
|
+
|
180
|
+
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
181
|
+
end
|
182
|
+
|
183
|
+
test "return true when validating signature of params with percent sign characters" do
|
184
|
+
ShopifyAPI::Session.secret = 'secret'
|
185
|
+
params = {'a%3D1%26b' => '2%26c%3D3'}
|
186
|
+
to_sign = "a%253D1%2526b=2%2526c%253D3"
|
187
|
+
params['hmac'] = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), ShopifyAPI::Session.secret, to_sign)
|
188
|
+
|
189
|
+
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
190
|
+
end
|
191
|
+
|
174
192
|
private
|
175
193
|
|
176
194
|
def make_sorted_params(params)
|
metadata
CHANGED
@@ -1,14 +1,36 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: shopify_api
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.0.
|
4
|
+
version: 4.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Shopify
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
|
-
cert_chain:
|
11
|
-
|
10
|
+
cert_chain:
|
11
|
+
- |
|
12
|
+
-----BEGIN CERTIFICATE-----
|
13
|
+
MIIDcDCCAligAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQ8wDQYDVQQDDAZhZG1p
|
14
|
+
bnMxFzAVBgoJkiaJk/IsZAEZFgdzaG9waWZ5MRMwEQYKCZImiZPyLGQBGRYDY29t
|
15
|
+
MB4XDTE0MDUxNTIwMzM0OFoXDTE1MDUxNTIwMzM0OFowPzEPMA0GA1UEAwwGYWRt
|
16
|
+
aW5zMRcwFQYKCZImiZPyLGQBGRYHc2hvcGlmeTETMBEGCgmSJomT8ixkARkWA2Nv
|
17
|
+
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL0/81O3e1vh5smcwp2G
|
18
|
+
MpLQ6q0kejQLa65bPYPxdzWA1SYOKyGfw+yR9LdFzsuKpwWzKq6zX35lj1IckWS4
|
19
|
+
bNBEQzxmufUxU0XPM02haFB8fOfDJzdXsWte9Ge4IFwahwn68gpMqN+BvxL+KMYz
|
20
|
+
Iut9YmN44d4LZdsENEIO5vmybuG2vYDz7R56qB0PA+Q2P2CdhymsBad2DQs69FBo
|
21
|
+
uico9V6VMYYctL9lCYdzu9IXrOYNTt88suKIVzzAlHOKeN0Ng5qdztFoTR8sfxDr
|
22
|
+
Ydg3KHl5n47wlpgd8R0f/4b5gGxW+v9pyJCgQnLlRu7DedVSvv7+GMtj3g9r3nhJ
|
23
|
+
KqECAwEAAaN3MHUwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFI/o
|
24
|
+
maf34HXbUOQsdoLHacEKQgunMB0GA1UdEQQWMBSBEmFkbWluc0BzaG9waWZ5LmNv
|
25
|
+
bTAdBgNVHRIEFjAUgRJhZG1pbnNAc2hvcGlmeS5jb20wDQYJKoZIhvcNAQEFBQAD
|
26
|
+
ggEBADkK9aj5T0HPExsov4EoMWFnO+G7RQ28C30VAfKxnL2UxG6i4XMHVs6Xi94h
|
27
|
+
qXFw1ec9Y2eDUqaolT3bviOk9BB197+A8Vz/k7MC6ci2NE+yDDB7HAC8zU6LAx8Y
|
28
|
+
Iqvw7B/PSZ/pz4bUVFlTATif4mi1vO3lidRkdHRtM7UePSn2rUpOi0gtXBP3bLu5
|
29
|
+
YjHJN7wx5cugMEyroKITG5gL0Nxtu21qtOlHX4Hc4KdE2JqzCPOsS4zsZGhgwhPs
|
30
|
+
fl3hbtVFTqbOlwL9vy1fudXcolIE/ZTcxQ+er07ZFZdKCXayR9PPs64heamfn0fp
|
31
|
+
TConQSX2BnZdhIEYW+cKzEC/bLc=
|
32
|
+
-----END CERTIFICATE-----
|
33
|
+
date: 2015-05-12 00:00:00.000000000 Z
|
12
34
|
dependencies:
|
13
35
|
- !ruby/object:Gem::Dependency
|
14
36
|
name: activeresource
|
@@ -24,6 +46,20 @@ dependencies:
|
|
24
46
|
- - ">="
|
25
47
|
- !ruby/object:Gem::Version
|
26
48
|
version: '0'
|
49
|
+
- !ruby/object:Gem::Dependency
|
50
|
+
name: rack
|
51
|
+
requirement: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - ">="
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: '0'
|
56
|
+
type: :runtime
|
57
|
+
prerelease: false
|
58
|
+
version_requirements: !ruby/object:Gem::Requirement
|
59
|
+
requirements:
|
60
|
+
- - ">="
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: '0'
|
27
63
|
- !ruby/object:Gem::Dependency
|
28
64
|
name: mocha
|
29
65
|
requirement: !ruby/object:Gem::Requirement
|
@@ -98,7 +134,6 @@ files:
|
|
98
134
|
- CHANGELOG
|
99
135
|
- CONTRIBUTORS
|
100
136
|
- Gemfile
|
101
|
-
- Gemfile.lock
|
102
137
|
- Gemfile_ar30
|
103
138
|
- Gemfile_ar31
|
104
139
|
- Gemfile_ar32
|
metadata.gz.sig
ADDED
Binary file
|
data/Gemfile.lock
DELETED
@@ -1,46 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
shopify_api (4.0.1)
|
5
|
-
activeresource
|
6
|
-
|
7
|
-
GEM
|
8
|
-
remote: https://rubygems.org/
|
9
|
-
specs:
|
10
|
-
activemodel (4.0.13)
|
11
|
-
activesupport (= 4.0.13)
|
12
|
-
builder (~> 3.1.0)
|
13
|
-
activeresource (4.0.0)
|
14
|
-
activemodel (~> 4.0)
|
15
|
-
activesupport (~> 4.0)
|
16
|
-
rails-observers (~> 0.1.1)
|
17
|
-
activesupport (4.0.13)
|
18
|
-
i18n (~> 0.6, >= 0.6.9)
|
19
|
-
minitest (~> 4.2)
|
20
|
-
multi_json (~> 1.3)
|
21
|
-
thread_safe (~> 0.1)
|
22
|
-
tzinfo (~> 0.3.37)
|
23
|
-
builder (3.1.4)
|
24
|
-
fakeweb (1.3.0)
|
25
|
-
i18n (0.7.0)
|
26
|
-
metaclass (0.0.1)
|
27
|
-
minitest (4.7.5)
|
28
|
-
mocha (0.14.0)
|
29
|
-
metaclass (~> 0.0.1)
|
30
|
-
multi_json (1.10.1)
|
31
|
-
rails-observers (0.1.2)
|
32
|
-
activemodel (~> 4.0)
|
33
|
-
rake (10.1.0)
|
34
|
-
thread_safe (0.3.4)
|
35
|
-
tzinfo (0.3.42)
|
36
|
-
|
37
|
-
PLATFORMS
|
38
|
-
ruby
|
39
|
-
|
40
|
-
DEPENDENCIES
|
41
|
-
activeresource (~> 4.0.0)
|
42
|
-
fakeweb
|
43
|
-
minitest (~> 4.0)
|
44
|
-
mocha (>= 0.9.8)
|
45
|
-
rake
|
46
|
-
shopify_api!
|