Skip to content

Commit

Permalink
Use new method in SessionUtil and add test coverage
Browse files Browse the repository at this point in the history
  • Loading branch information
@zzooeeyy
zzooeeyy committed Apr 17, 2024
1 parent 1b440b9 commit 2006e37
Show file tree
Hide file tree
Showing 2 changed files with 84 additions and 8 deletions.
9 changes: 1 addition & 8 deletions lib/shopify_api/utils/session_utils.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,7 @@ def current_session_id(auth_header, cookies, online)
raise Errors::MissingJwtTokenError, "Missing Bearer token in authorization header"
end

jwt_payload = Auth::JwtPayload.new(T.must(matches[1]))
shop = jwt_payload.shop

if online
jwt_session_id(shop, jwt_payload.sub)
else
offline_session_id(shop)
end
session_id_from_shopify_id_token(id_token: T.must(matches[1]), online: online)
else
# falling back to session cookie
raise Errors::CookieNotFoundError, "JWT token or Session cookie not found for app" unless
Expand Down
83 changes: 83 additions & 0 deletions test/utils/session_utils_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ def setup
}

@jwt_token = JWT.encode(@jwt_payload, ShopifyAPI::Context.api_secret_key, "HS256")
@auth_header = "Bearer #{@jwt_token}"
end

def test_gets_online_session_id_from_shopify_id_token
Expand All @@ -47,6 +48,88 @@ def test_session_id_from_shopify_id_token_raises_invalid_jwt_errors
ShopifyAPI::Utils::SessionUtils.session_id_from_shopify_id_token(id_token: "invalid_token", online: true)
end
end

def test_non_embedded_app_current_session_id_raises_cookie_not_found_error
ShopifyAPI::Context.stubs(:embedded?).returns(false)

[
nil,
{},
{"not-session-cookie-name": "not-this-cookie"},
].each do |cookies|
error = assert_raises(ShopifyAPI::Errors::CookieNotFoundError) do
ShopifyAPI::Utils::SessionUtils.current_session_id(nil, cookies, true)
end
assert_equal("Session cookie not found for app", error.message)
end
end

def test_non_embedded_app_current_session_id_returns_id_from_cookie
ShopifyAPI::Context.stubs(:embedded?).returns(false)
expected_session_id = "cookie_value"
cookies = {ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME => expected_session_id}

assert_equal(
expected_session_id,
ShopifyAPI::Utils::SessionUtils.current_session_id(nil, cookies, true),
)
end

def test_embedded_app_current_session_id_raises_cookie_not_found_error
ShopifyAPI::Context.stubs(:embedded?).returns(true)

[
nil,
{},
{"not-session-cookie-name": "not-this-cookie"},
].each do |cookies|
error = assert_raises(ShopifyAPI::Errors::CookieNotFoundError) do
ShopifyAPI::Utils::SessionUtils.current_session_id(nil, cookies, true)
end
assert_equal("JWT token or Session cookie not found for app", error.message)
end
end

def test_embedded_app_current_session_id_raises_missing_jwt_token_error
ShopifyAPI::Context.stubs(:embedded?).returns(true)

error = assert_raises(ShopifyAPI::Errors::MissingJwtTokenError) do
ShopifyAPI::Utils::SessionUtils.current_session_id("", nil, true)
end

assert_equal("Missing Bearer token in authorization header", error.message)
end

def test_embedded_app_current_session_id_returns_online_id_from_auth_header
ShopifyAPI::Context.stubs(:embedded?).returns(true)
expected_session_id = "#{@shop}_#{@user_id}"

assert_equal(
expected_session_id,
ShopifyAPI::Utils::SessionUtils.current_session_id(@auth_header, nil, true),
)
end

def test_embedded_app_current_session_id_returns_offline_id_from_auth_header
ShopifyAPI::Context.stubs(:embedded?).returns(true)
expected_session_id = "offline_#{@shop}"

assert_equal(
expected_session_id,
ShopifyAPI::Utils::SessionUtils.current_session_id(@auth_header, nil, false),
)
end

def test_embedded_app_current_session_id_returns_id_from_auth_header_even_with_cookies
ShopifyAPI::Context.stubs(:embedded?).returns(true)
cookies = {ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME => "cookie_value"}
expected_session_id = "#{@shop}_#{@user_id}"

assert_equal(
expected_session_id,
ShopifyAPI::Utils::SessionUtils.current_session_id(@auth_header, cookies, true),
)
end
end
end
end

0 comments on commit 2006e37

Please sign in to comment.