diff --git a/CHANGELOG.md b/CHANGELOG.md index 25585730c..8079c99b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ Unreleased - Remove references to old JS files during asset precompile [#1865](https://github.com/Shopify/shopify_app/pull/1865) - Remove old translation keys for `enable_cookies_*`, `top_level_interaction_*` and `request_storage_access_*` [#1865](https://github.com/Shopify/shopify_app/pull/1865) - Add invalid id token handling for `current_shopify_domain` method [#1868](https://github.com/Shopify/shopify_app/pull/1868) +- Keep original path and params when redirecting deep links to embed [#1869](https://github.com/Shopify/shopify_app/pull/1869) 22.2.1 (May 6,2024) ---------- diff --git a/lib/shopify_app/controller_concerns/embedded_app.rb b/lib/shopify_app/controller_concerns/embedded_app.rb index 505529faa..3c699bfd2 100644 --- a/lib/shopify_app/controller_concerns/embedded_app.rb +++ b/lib/shopify_app/controller_concerns/embedded_app.rb @@ -25,7 +25,11 @@ def redirect_to_embed_app_in_admin return redirect_to(ShopifyApp.configuration.login_url) end - redirect_path = ShopifyAPI::Auth.embedded_app_url(host) + original_path = request.path + original_params = request.query_parameters.except(:host, :shop, :id_token) + original_path += "?#{original_params.to_query}" if original_params.present? + + redirect_path = ShopifyAPI::Auth.embedded_app_url(host) + original_path.to_s redirect_path = ShopifyApp.configuration.root_url if deduced_phishing_attack?(redirect_path) redirect_to(redirect_path, allow_other_host: true) end diff --git a/test/controllers/concerns/embedded_app_test.rb b/test/controllers/concerns/embedded_app_test.rb index ebcf0964c..413d14ea7 100644 --- a/test/controllers/concerns/embedded_app_test.rb +++ b/test/controllers/concerns/embedded_app_test.rb @@ -75,7 +75,7 @@ def redirect_to_embed shop = "my-shop.myshopify.com" host = Base64.encode64("#{shop}/admin") get :redirect_to_embed, params: { host: host } - assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}" + assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed" end test "#redirect_to_embed_app_in_admin redirects to the embed app in the admin when the shop param is present" do @@ -83,7 +83,16 @@ def redirect_to_embed shop = "my-shop.myshopify.com" get :redirect_to_embed, params: { shop: shop } - assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}" + assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed" + end + + test "#redirect_to_embed_app_in_admin keeps original path and params when redirecting to the embed app" do + ShopifyApp.configuration.embedded_app = true + + shop = "my-shop.myshopify.com" + host = Base64.encode64("#{shop}/admin") + get :redirect_to_embed, params: { shop: shop, foo: "bar", host: host, id_token: "id_token" } + assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed?foo=bar" end test "Redirect to login URL when host nor shop param is present" do diff --git a/test/shopify_app/controller_concerns/token_exchange_test.rb b/test/shopify_app/controller_concerns/token_exchange_test.rb index 2982ae4c8..81bc3f791 100644 --- a/test/shopify_app/controller_concerns/token_exchange_test.rb +++ b/test/shopify_app/controller_concerns/token_exchange_test.rb @@ -227,7 +227,7 @@ class TokenExchangeControllerTest < ActionController::TestCase host = Base64.encode64("#{@shop}/admin") params = { shop: @shop, host: host } - expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key" + expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key/" with_application_test_routes do get :index, params: params @@ -241,7 +241,7 @@ class TokenExchangeControllerTest < ActionController::TestCase params = { shop: @shop } - expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key" + expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key/" with_application_test_routes do get :index, params: params