shopify_app 6.1.3 → 6.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ad89b235fe52fa742244b8b41e4cd54c892c7756
4
- data.tar.gz: 1444bd3ab1ce8fa75307adf0f079b12f2e9cad39
3
+ metadata.gz: 9d25df222f8b66d4fa412f29bf0d467fa7c8926d
4
+ data.tar.gz: 22b43d52a0dd8c63d7dac595f11bc2edbc617a01
5
5
  SHA512:
6
- metadata.gz: 802e2f111acf873666e658054dba37263b5f604aadc218d3f56708459c87435a02ea62445a2a1525179706d10c3811577febafd4c83d6613a80d15f9513f409b
7
- data.tar.gz: 0934008dbe28d8bd66170a7ee112e0b60d8bc9e4dd8e9d7ef3de74d925bb4eed39bf0807c76eea77644777fda920977b884e8f0a53e6a1cbc8191044bc40de11
6
+ metadata.gz: 453e91f835f95f13f51ddf570674eb691d28dca37f45d650411949ec8d52f58de7d9349e72c367da3296d6afefe4ad8206ab535982c9c970a0ec0416d0e27ec1
7
+ data.tar.gz: 48dac86145f7a9433e8e23574099630caaca1d95336e4d481dc656a93d37c11442617170a07aee68e49bdd6d82c854fb61b3627169acbe1b95a145a5c29c98e3
data/CHANGELOG CHANGED
@@ -1,3 +1,8 @@
1
+ 6.2.0
2
+ -----
3
+
4
+ * Return an HTTP 401 for XHRs that aren't logged in
5
+
1
6
  6.1.3
2
7
  -----
3
8
  * add redirect_uri which is now required
@@ -35,8 +35,12 @@ module ShopifyApp
35
35
  protected
36
36
 
37
37
  def redirect_to_login
38
- session[:return_to] = request.fullpath if request.get?
39
- redirect_to login_path(shop: params[:shop])
38
+ if request.xhr?
39
+ head :unauthorized
40
+ else
41
+ session[:return_to] = request.fullpath if request.get?
42
+ redirect_to login_path(shop: params[:shop])
43
+ end
40
44
  end
41
45
 
42
46
  def close_session
@@ -35,7 +35,7 @@ module ShopifyApp
35
35
 
36
36
  def authenticate
37
37
  if shop_name = sanitize_shop_param(params)
38
- fullpage_redirect_to "/auth/shopify?shop=#{shop_name}"
38
+ fullpage_redirect_to "#{main_app.root_path}auth/shopify?shop=#{shop_name}"
39
39
  else
40
40
  redirect_to return_address
41
41
  end
@@ -1,3 +1,3 @@
1
1
  module ShopifyApp
2
- VERSION = "6.1.3"
2
+ VERSION = '6.2.0'
3
3
  end
@@ -6,6 +6,7 @@ class LoginProtectionController < ActionController::Base
6
6
  include ShopifyApp::LoginProtection
7
7
  helper_method :shop_session
8
8
 
9
+ around_action :shopify_session, only: [:index]
9
10
  before_action :login_again_if_different_shop, only: [:second_login]
10
11
 
11
12
  def index
@@ -64,6 +65,27 @@ class LoginProtectionTest < ActionController::TestCase
64
65
  end
65
66
  end
66
67
 
68
+ test '#shopify_session with no Shopify session, redirects to the login path' do
69
+ with_application_test_routes do
70
+ get :index, shop: 'foobar'
71
+ assert_redirected_to @controller.send(:login_path, shop: 'foobar')
72
+ end
73
+ end
74
+
75
+ test '#shopify_session with no Shopify session, sets session[:return_to]' do
76
+ with_application_test_routes do
77
+ get :index, shop: 'foobar'
78
+ assert_equal '/?shop=foobar', session[:return_to]
79
+ end
80
+ end
81
+
82
+ test '#shopify_session with no Shopify session, when the request is an XHR, returns an HTTP 401' do
83
+ with_application_test_routes do
84
+ xhr :get, :index, shop: 'foobar'
85
+ assert_equal 401, response.status
86
+ end
87
+ end
88
+
67
89
  private
68
90
 
69
91
  def with_application_test_routes
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopify_app
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.1.3
4
+ version: 6.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shopify
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-08-07 00:00:00.000000000 Z
11
+ date: 2015-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails