RubyGems - shopify_app - Versions diffs - 6.1.3 → 6.2.0 - Mend

shopify_app 6.1.3 → 6.2.0

Files changed (7) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ad89b235fe52fa742244b8b41e4cd54c892c7756
-  data.tar.gz: 1444bd3ab1ce8fa75307adf0f079b12f2e9cad39
+  metadata.gz: 9d25df222f8b66d4fa412f29bf0d467fa7c8926d
+  data.tar.gz: 22b43d52a0dd8c63d7dac595f11bc2edbc617a01
 SHA512:
-  metadata.gz: 802e2f111acf873666e658054dba37263b5f604aadc218d3f56708459c87435a02ea62445a2a1525179706d10c3811577febafd4c83d6613a80d15f9513f409b
-  data.tar.gz: 0934008dbe28d8bd66170a7ee112e0b60d8bc9e4dd8e9d7ef3de74d925bb4eed39bf0807c76eea77644777fda920977b884e8f0a53e6a1cbc8191044bc40de11
+  metadata.gz: 453e91f835f95f13f51ddf570674eb691d28dca37f45d650411949ec8d52f58de7d9349e72c367da3296d6afefe4ad8206ab535982c9c970a0ec0416d0e27ec1
+  data.tar.gz: 48dac86145f7a9433e8e23574099630caaca1d95336e4d481dc656a93d37c11442617170a07aee68e49bdd6d82c854fb61b3627169acbe1b95a145a5c29c98e3

data/CHANGELOG CHANGED

@@ -1,3 +1,8 @@
+6.2.0
+-----
+* Return an HTTP 401 for XHRs that aren't logged in
 6.1.3
 -----
 * add redirect_uri which is now required

@@ -35,8 +35,12 @@ module ShopifyApp
     protected
     def redirect_to_login
-      session[:return_to] = request.fullpath if request.get?
-      redirect_to login_path(shop: params[:shop])
+      if request.xhr?
+        head :unauthorized
+      else
+        session[:return_to] = request.fullpath if request.get?
+        redirect_to login_path(shop: params[:shop])
+      end
     end
     def close_session

@@ -35,7 +35,7 @@ module ShopifyApp
     def authenticate
       if shop_name = sanitize_shop_param(params)
-        fullpage_redirect_to "/auth/shopify?shop=#{shop_name}"
+        fullpage_redirect_to "#{main_app.root_path}auth/shopify?shop=#{shop_name}"
       else
         redirect_to return_address
       end

@@ -1,3 +1,3 @@
 module ShopifyApp
-  VERSION = "6.1.3"
+  VERSION = '6.2.0'
 end

@@ -6,6 +6,7 @@ class LoginProtectionController < ActionController::Base
   include ShopifyApp::LoginProtection
   helper_method :shop_session
+  around_action :shopify_session, only: [:index]
   before_action :login_again_if_different_shop, only: [:second_login]
   def index
@@ -64,6 +65,27 @@ class LoginProtectionTest < ActionController::TestCase
     end
   end
+  test '#shopify_session with no Shopify session, redirects to the login path' do
+    with_application_test_routes do
+      get :index, shop: 'foobar'
+      assert_redirected_to @controller.send(:login_path, shop: 'foobar')
+    end
+  end
+  test '#shopify_session with no Shopify session, sets session[:return_to]' do
+    with_application_test_routes do
+      get :index, shop: 'foobar'
+      assert_equal '/?shop=foobar', session[:return_to]
+    end
+  end
+  test '#shopify_session with no Shopify session, when the request is an XHR, returns an HTTP 401' do
+    with_application_test_routes do
+      xhr :get, :index, shop: 'foobar'
+      assert_equal 401, response.status
+    end
+  end
   private
   def with_application_test_routes

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopify_app
 version: !ruby/object:Gem::Version
-  version: 6.1.3
+  version: 6.2.0
 platform: ruby
 authors:
 - Shopify
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-08-07 00:00:00.000000000 Z
+date: 2015-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails