Merge pull request #1869 from kirillplatonov/keep-original-deeplinks-…

…path

Keep original path and params when redirecting deep links to embed

CHANGELOG.md

@@ -5,6 +5,7 @@ Unreleased
 - Remove references to old JS files during asset precompile [#1865](https://github.com/Shopify/shopify_app/pull/1865)
 - Remove old translation keys for `enable_cookies_*`, `top_level_interaction_*` and `request_storage_access_*` [#1865](https://github.com/Shopify/shopify_app/pull/1865)
 - Add invalid id token handling for `current_shopify_domain` method [#1868](https://github.com/Shopify/shopify_app/pull/1868)
+- Keep original path and params when redirecting deep links to embed [#1869](https://github.com/Shopify/shopify_app/pull/1869)
 
 22.2.1 (May 6,2024)
 ----------

lib/shopify_app/controller_concerns/embedded_app.rb

@@ -25,7 +25,11 @@ def redirect_to_embed_app_in_admin
         return redirect_to(ShopifyApp.configuration.login_url)
       end
 
-      redirect_path = ShopifyAPI::Auth.embedded_app_url(host)
+      original_path = request.path
+      original_params = request.query_parameters.except(:host, :shop, :id_token)
+      original_path += "?#{original_params.to_query}" if original_params.present?
+
+      redirect_path = ShopifyAPI::Auth.embedded_app_url(host) + original_path.to_s
       redirect_path = ShopifyApp.configuration.root_url if deduced_phishing_attack?(redirect_path)
       redirect_to(redirect_path, allow_other_host: true)
     end

test/controllers/concerns/embedded_app_test.rb

@@ -75,15 +75,24 @@ def redirect_to_embed
     shop = "my-shop.myshopify.com"
     host = Base64.encode64("#{shop}/admin")
     get :redirect_to_embed, params: { host: host }
-    assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}"
+    assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed"
   end
 
   test "#redirect_to_embed_app_in_admin redirects to the embed app in the admin when the shop param is present" do
     ShopifyApp.configuration.embedded_app = true
 
     shop = "my-shop.myshopify.com"
     get :redirect_to_embed, params: { shop: shop }
-    assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}"
+    assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed"
+  end
+
+  test "#redirect_to_embed_app_in_admin keeps original path and params when redirecting to the embed app" do
+    ShopifyApp.configuration.embedded_app = true
+
+    shop = "my-shop.myshopify.com"
+    host = Base64.encode64("#{shop}/admin")
+    get :redirect_to_embed, params: { shop: shop, foo: "bar", host: host, id_token: "id_token" }
+    assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed?foo=bar"
   end
 
   test "Redirect to login URL when host nor shop param is present" do

test/shopify_app/controller_concerns/token_exchange_test.rb

@@ -227,7 +227,7 @@ class TokenExchangeControllerTest < ActionController::TestCase
       host = Base64.encode64("#{@shop}/admin")
       params = { shop: @shop, host: host }
 
-      expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key"
+      expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key/"
 
       with_application_test_routes do
         get :index, params: params
@@ -241,7 +241,7 @@ class TokenExchangeControllerTest < ActionController::TestCase
 
       params = { shop: @shop }
 
-      expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key"
+      expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key/"
 
       with_application_test_routes do
         get :index, params: params