diff --git a/lib/shopify_api/utils/session_utils.rb b/lib/shopify_api/utils/session_utils.rb index 3fa4d510..ee59c3c4 100644 --- a/lib/shopify_api/utils/session_utils.rb +++ b/lib/shopify_api/utils/session_utils.rb @@ -25,14 +25,7 @@ def current_session_id(auth_header, cookies, online) raise Errors::MissingJwtTokenError, "Missing Bearer token in authorization header" end - jwt_payload = Auth::JwtPayload.new(T.must(matches[1])) - shop = jwt_payload.shop - - if online - jwt_session_id(shop, jwt_payload.sub) - else - offline_session_id(shop) - end + session_id_from_shopify_id_token(id_token: T.must(matches[1]), online: online) else # falling back to session cookie raise Errors::CookieNotFoundError, "JWT token or Session cookie not found for app" unless diff --git a/test/utils/session_utils_test.rb b/test/utils/session_utils_test.rb index fb232d2b..4f24aa2d 100644 --- a/test/utils/session_utils_test.rb +++ b/test/utils/session_utils_test.rb @@ -24,6 +24,7 @@ def setup } @jwt_token = JWT.encode(@jwt_payload, ShopifyAPI::Context.api_secret_key, "HS256") + @auth_header = "Bearer #{@jwt_token}" end def test_gets_online_session_id_from_shopify_id_token @@ -47,6 +48,88 @@ def test_session_id_from_shopify_id_token_raises_invalid_jwt_errors ShopifyAPI::Utils::SessionUtils.session_id_from_shopify_id_token(id_token: "invalid_token", online: true) end end + + def test_non_embedded_app_current_session_id_raises_cookie_not_found_error + ShopifyAPI::Context.stubs(:embedded?).returns(false) + + [ + nil, + {}, + {"not-session-cookie-name": "not-this-cookie"}, + ].each do |cookies| + error = assert_raises(ShopifyAPI::Errors::CookieNotFoundError) do + ShopifyAPI::Utils::SessionUtils.current_session_id(nil, cookies, true) + end + assert_equal("Session cookie not found for app", error.message) + end + end + + def test_non_embedded_app_current_session_id_returns_id_from_cookie + ShopifyAPI::Context.stubs(:embedded?).returns(false) + expected_session_id = "cookie_value" + cookies = {ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME => expected_session_id} + + assert_equal( + expected_session_id, + ShopifyAPI::Utils::SessionUtils.current_session_id(nil, cookies, true), + ) + end + + def test_embedded_app_current_session_id_raises_cookie_not_found_error + ShopifyAPI::Context.stubs(:embedded?).returns(true) + + [ + nil, + {}, + {"not-session-cookie-name": "not-this-cookie"}, + ].each do |cookies| + error = assert_raises(ShopifyAPI::Errors::CookieNotFoundError) do + ShopifyAPI::Utils::SessionUtils.current_session_id(nil, cookies, true) + end + assert_equal("JWT token or Session cookie not found for app", error.message) + end + end + + def test_embedded_app_current_session_id_raises_missing_jwt_token_error + ShopifyAPI::Context.stubs(:embedded?).returns(true) + + error = assert_raises(ShopifyAPI::Errors::MissingJwtTokenError) do + ShopifyAPI::Utils::SessionUtils.current_session_id("", nil, true) + end + + assert_equal("Missing Bearer token in authorization header", error.message) + end + + def test_embedded_app_current_session_id_returns_online_id_from_auth_header + ShopifyAPI::Context.stubs(:embedded?).returns(true) + expected_session_id = "#{@shop}_#{@user_id}" + + assert_equal( + expected_session_id, + ShopifyAPI::Utils::SessionUtils.current_session_id(@auth_header, nil, true), + ) + end + + def test_embedded_app_current_session_id_returns_offline_id_from_auth_header + ShopifyAPI::Context.stubs(:embedded?).returns(true) + expected_session_id = "offline_#{@shop}" + + assert_equal( + expected_session_id, + ShopifyAPI::Utils::SessionUtils.current_session_id(@auth_header, nil, false), + ) + end + + def test_embedded_app_current_session_id_returns_id_from_auth_header_even_with_cookies + ShopifyAPI::Context.stubs(:embedded?).returns(true) + cookies = {ShopifyAPI::Auth::Oauth::SessionCookie::SESSION_COOKIE_NAME => "cookie_value"} + expected_session_id = "#{@shop}_#{@user_id}" + + assert_equal( + expected_session_id, + ShopifyAPI::Utils::SessionUtils.current_session_id(@auth_header, cookies, true), + ) + end end end end