Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #1 from trico/validate_signature_error

Validate signature error
  • Loading branch information...
commit 9e7e1f4f959805658d7585284f2fc3fcf16db7cc 2 parents 5851187 + abe2df9
@trico trico authored
View
12 CHANGELOG
@@ -1,8 +1,14 @@
-== Version 3.1.9 (Unreleased)
+== Version 3.2.0
* in Session::request_token params is no longer optional, you must pass all the params and the method will now extract the code
-* Add access to FulfillmentService endpoint
-* Fix JSON errors handling (#103)
+* Fixed JSON errors handling (#103)
+* Fixed compatibility with Ruby 2.1.x (#83)
+* Fixed getting parent ID from nested resources like Variants (#44)
+* Cleaned up compatibility with ActiveResource 4.0.x
+* Added OrderRisk resource
+* Added FulfillmentService resource
+* Removed discontinued ProductSearchEngine resource
+* Added convenience method Customer#search (#45)
== Version 3.1.8
View
4 Gemfile.lock
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
- shopify_api (3.1.8)
+ shopify_api (3.2.0)
activeresource (>= 3.0.0)
thor (>= 0.14.4)
@@ -24,7 +24,7 @@ GEM
atomic (1.1.14)
builder (3.1.4)
fakeweb (1.3.0)
- i18n (0.6.5)
+ i18n (0.6.9)
metaclass (0.0.1)
minitest (4.7.5)
mocha (0.14.0)
View
5 lib/shopify_api/resources/customer.rb
@@ -3,8 +3,11 @@ class Customer < Base
include Metafields
def orders
- Order.find(:all, :params => {:customer_id => self.id})
+ Order.find(:all, params: {customer_id: self.id})
end
+ def self.search(params)
+ find(:all, from: :search, params: params)
+ end
end
end
View
1  lib/shopify_api/session.rb
@@ -39,6 +39,7 @@ def prepare_url(url)
end
def validate_signature(params)
+ params = params.with_indifferent_access
return false unless signature = params[:signature]
sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
View
2  lib/shopify_api/version.rb
@@ -1,3 +1,3 @@
module ShopifyAPI
- VERSION = "3.1.8"
+ VERSION = "3.2.0"
end
View
10 test/customer_test.rb
@@ -0,0 +1,10 @@
+require 'test_helper'
+
+class CustomerTest < Test::Unit::TestCase
+ def test_search
+ fake "customers/search.json?query=Bob+country%3AUnited+States", extension: false, body: load_fixture('customers_search')
+
+ results = ShopifyAPI::Customer.search(query: 'Bob country:United States')
+ assert_equal 'Bob', results.first.first_name
+ end
+end
View
60 test/fixtures/customers_search.json
@@ -0,0 +1,60 @@
+{
+ "customers": [
+ {
+ "accepts_marketing": false,
+ "created_at": "2014-01-20T17:25:18-05:00",
+ "email": "bob.norman@hostmail.com",
+ "first_name": "Bob",
+ "id": 207119551,
+ "last_name": "Norman",
+ "last_order_id": null,
+ "multipass_identifier": null,
+ "note": null,
+ "orders_count": 0,
+ "state": "disabled",
+ "total_spent": "0.00",
+ "updated_at": "2014-01-20T17:25:18-05:00",
+ "verified_email": true,
+ "tags": "",
+ "last_order_name": null,
+ "default_address": {
+ "address1": "Chestnut Street 92",
+ "address2": "",
+ "city": "Louisville",
+ "company": null,
+ "country": "United States",
+ "first_name": null,
+ "id": 207119551,
+ "last_name": null,
+ "phone": "555-625-1199",
+ "province": "Kentucky",
+ "zip": "40202",
+ "name": null,
+ "province_code": "KY",
+ "country_code": "US",
+ "country_name": "United States",
+ "default": true
+ },
+ "addresses": [
+ {
+ "address1": "Chestnut Street 92",
+ "address2": "",
+ "city": "Louisville",
+ "company": null,
+ "country": "United States",
+ "first_name": null,
+ "id": 207119551,
+ "last_name": null,
+ "phone": "555-625-1199",
+ "province": "Kentucky",
+ "zip": "40202",
+ "name": null,
+ "province_code": "KY",
+ "country_code": "US",
+ "country_name": "United States",
+ "default": true
+ }
+ ]
+ }
+ ]
+}
View
12 test/session_test.rb
@@ -148,10 +148,20 @@ class SessionTest < Test::Unit::TestCase
end
end
+ should "return true when the signature is valid and the keys of params are strings" do
+ now = Time.now
+ params = {"code" => "any-code", "timestamp" => now}
+ sorted_params = make_sorted_params(params)
+ signature = Digest::MD5.hexdigest(ShopifyAPI::Session.secret + sorted_params)
+ params = {"code" => "any-code", "timestamp" => now, "signature" => signature}
+
+ assert_equal true, ShopifyAPI::Session.validate_signature(params)
+ end
+
private
def make_sorted_params(params)
- sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
+ sorted_params = params.with_indifferent_access.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.