Add more tests for token exchange

Shopify · Mar 27, 2024 · 6079cf4 · 6079cf4
1 parent 525aeea
commit 6079cf4
Show file tree

Hide file tree

Showing 2 changed files with 99 additions and 4 deletions.
diff --git a/lib/shopify_app/controller_concerns/token_exchange.rb b/lib/shopify_app/controller_concerns/token_exchange.rb
@@ -10,6 +10,7 @@ def activate_shopify_session
       end
 
       if ShopifyApp.configuration.check_session_expiry_date && current_shopify_session.expired?
+        @current_shopify_session = nil
         retrieve_session_from_token_exchange
       end
 

diff --git a/test/shopify_app/controller_concerns/token_exchange_test.rb b/test/shopify_app/controller_concerns/token_exchange_test.rb
@@ -28,8 +28,6 @@ class TokenExchangeControllerTest < ActionController::TestCase
     ShopifyApp::SessionRepository.shop_storage = ShopifyApp::InMemoryShopSessionStore
     ShopifyApp::SessionRepository.user_storage = nil
 
-    @offline_session = ShopifyAPI::Auth::Session.new(id: "offline_session_1", shop: @shop)
-
     @user = ShopifyAPI::Auth::AssociatedUser.new(
       id: 1,
       first_name: "Hello",
@@ -46,6 +44,10 @@ class TokenExchangeControllerTest < ActionController::TestCase
       is_online: true,
       associated_user: @user,
     )
+    @offline_session = ShopifyAPI::Auth::Session.new(id: "offline_session_1", shop: @shop)
+
+    @offline_session_id = "offline_#{@shop}"
+    @online_session_id = "online_#{@user.id}"
   end
 
   test "Exchanges offline token when session doesn't exist" do
@@ -54,7 +56,7 @@ class TokenExchangeControllerTest < ActionController::TestCase
         @session_token_in_header,
         nil,
         false,
-      ).returns(nil, "offline_#{@shop}")
+      ).returns(nil, @offline_session_id)
 
       ShopifyAPI::Auth::TokenExchange.expects(:exchange_token).with(
         shop: @shop,
@@ -76,7 +78,75 @@ class TokenExchangeControllerTest < ActionController::TestCase
         @session_token_in_header,
         nil,
         true,
-      ).returns(nil, "online_#{@user.id}")
+      ).returns(nil, @online_session_id)
+
+      ShopifyAPI::Auth::TokenExchange.expects(:exchange_token).with(
+        shop: @shop,
+        session_token: @session_token,
+        requested_token_type: ShopifyAPI::Auth::TokenExchange::RequestedTokenType::OFFLINE_ACCESS_TOKEN,
+      ).returns(@offline_session)
+
+      ShopifyAPI::Auth::TokenExchange.expects(:exchange_token).with(
+        shop: @shop,
+        session_token: @session_token,
+        requested_token_type: ShopifyAPI::Auth::TokenExchange::RequestedTokenType::ONLINE_ACCESS_TOKEN,
+      ).returns(@online_session)
+
+      ShopifyAPI::Context.expects(:activate_session).with(@online_session)
+
+      get :index, params: { shop: @shop }
+    end
+  end
+
+  test "Use existing shop session if it exists" do
+    ShopifyApp::SessionRepository.store_shop_session(@offline_session)
+
+    with_application_test_routes do
+      ShopifyAPI::Utils::SessionUtils.expects(:current_session_id).with(
+        @session_token_in_header,
+        nil,
+        false,
+      ).returns(@offline_session_id)
+
+      ShopifyAPI::Auth::TokenExchange.expects(:exchange_token).never
+
+      ShopifyAPI::Context.expects(:activate_session).with(@offline_session)
+
+      get :index, params: { shop: @shop }
+    end
+  end
+
+  test "Use existing user session if it exists" do
+    ShopifyApp::SessionRepository.user_storage = ShopifyApp::InMemoryUserSessionStore
+    ShopifyApp::SessionRepository.store_user_session(@online_session, @user)
+
+    with_application_test_routes do
+      ShopifyAPI::Utils::SessionUtils.expects(:current_session_id).with(
+        @session_token_in_header,
+        nil,
+        true,
+      ).returns(@online_session_id)
+
+      ShopifyAPI::Auth::TokenExchange.expects(:exchange_token).never
+
+      ShopifyAPI::Context.expects(:activate_session).with(@online_session)
+
+      get :index, params: { shop: @shop }
+    end
+  end
+
+  test "Exchange token again if current user session is expired" do
+    ShopifyApp.configuration.check_session_expiry_date = true
+    ShopifyApp::SessionRepository.user_storage = ShopifyApp::InMemoryUserSessionStore
+    ShopifyApp::SessionRepository.store_user_session(@online_session, @user)
+    @online_session.stubs(:expired?).returns(true)
+
+    with_application_test_routes do
+      ShopifyAPI::Utils::SessionUtils.expects(:current_session_id).twice.with(
+        @session_token_in_header,
+        nil,
+        true,
+      ).returns(@online_session_id)
 
       ShopifyAPI::Auth::TokenExchange.expects(:exchange_token).with(
         shop: @shop,
@@ -90,6 +160,30 @@ class TokenExchangeControllerTest < ActionController::TestCase
         requested_token_type: ShopifyAPI::Auth::TokenExchange::RequestedTokenType::ONLINE_ACCESS_TOKEN,
       ).returns(@online_session)
 
+      ShopifyApp::SessionRepository.shop_storage.expects(:store).with(@offline_session)
+      ShopifyApp::SessionRepository.user_storage.expects(:store).with(@online_session, @user)
+
+      ShopifyAPI::Context.expects(:activate_session).with(@online_session)
+
+      get :index, params: { shop: @shop }
+    end
+  end
+
+  test "Don't exchange token if current user session is not expired" do
+    ShopifyApp.configuration.check_session_expiry_date = true
+    ShopifyApp::SessionRepository.user_storage = ShopifyApp::InMemoryUserSessionStore
+    ShopifyApp::SessionRepository.store_user_session(@online_session, @user)
+    @online_session.stubs(:expired?).returns(false)
+
+    with_application_test_routes do
+      ShopifyAPI::Utils::SessionUtils.expects(:current_session_id).with(
+        @session_token_in_header,
+        nil,
+        true,
+      ).returns(@online_session_id)
+
+      ShopifyAPI::Auth::TokenExchange.expects(:exchange_token).never
+
       ShopifyAPI::Context.expects(:activate_session).with(@online_session)
 
       get :index, params: { shop: @shop }