Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

validate_signature error #114

Merged
merged 1 commit into from

2 participants

@trico

I'm using sinatra, and I've found out that when I use token = session.request_token(params) after the first redirect the params variable is a hash with strings as keys and validation_signature expects a symbol.

@kevinhughes27
Collaborator

Thanks for the fix! will merge on green travis

@kevinhughes27 kevinhughes27 merged commit c2b9bc3 into Shopify:master

1 check passed

Details default The Travis CI build passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 27, 2014
  1. @trico

    validate_signature error

    trico authored
This page is out of date. Refresh to see the latest.
Showing with 12 additions and 1 deletion.
  1. +1 −0  lib/shopify_api/session.rb
  2. +11 −1 test/session_test.rb
View
1  lib/shopify_api/session.rb
@@ -39,6 +39,7 @@ def prepare_url(url)
end
def validate_signature(params)
+ params = params.with_indifferent_access
return false unless signature = params[:signature]
sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
View
12 test/session_test.rb
@@ -148,10 +148,20 @@ class SessionTest < Test::Unit::TestCase
end
end
+ should "return true when the signature is valid and the keys of params are strings" do
+ now = Time.now
+ params = {"code" => "any-code", "timestamp" => now}
+ sorted_params = make_sorted_params(params)
+ signature = Digest::MD5.hexdigest(ShopifyAPI::Session.secret + sorted_params)
+ params = {"code" => "any-code", "timestamp" => now, "signature" => signature}
+
+ assert_equal true, ShopifyAPI::Session.validate_signature(params)
+ end
+
private
def make_sorted_params(params)
- sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
+ sorted_params = params.with_indifferent_access.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
end
end
Something went wrong with that request. Please try again.