From 406e3159c12cabc3b485a09b33e777ad6fccb535 Mon Sep 17 00:00:00 2001 From: Kirill Platonov Date: Sun, 23 Jun 2024 22:32:59 +0200 Subject: [PATCH 1/2] Keep original path and params when redirecting deep links to embed --- CHANGELOG.md | 1 + lib/shopify_app/controller_concerns/embedded_app.rb | 6 +++++- test/controllers/concerns/embedded_app_test.rb | 12 ++++++++++-- .../controller_concerns/token_exchange_test.rb | 4 ++-- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d4b7b68f0..eb3f2b3a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ Unreleased ---------- - ⚠️ [Breaking] Removes `ShopifyApp::JWTMiddleware`. Any existing app code relying on decoded JWT contents set from `request.env` should instead include the `WithShopifyIdToken` concern and call its respective methods. [#1861](https://github.com/Shopify/shopify_app/pull/1861) - Handle scenario when invalid URI is passed to `sanitize_shop_domain` [#1852](https://github.com/Shopify/shopify_app/pull/1852) +- Keep original path and params when redirecting deep links to embed [#1869](https://github.com/Shopify/shopify_app/pull/1869) 22.2.1 (May 6,2024) ---------- diff --git a/lib/shopify_app/controller_concerns/embedded_app.rb b/lib/shopify_app/controller_concerns/embedded_app.rb index 505529faa..3c699bfd2 100644 --- a/lib/shopify_app/controller_concerns/embedded_app.rb +++ b/lib/shopify_app/controller_concerns/embedded_app.rb @@ -25,7 +25,11 @@ def redirect_to_embed_app_in_admin return redirect_to(ShopifyApp.configuration.login_url) end - redirect_path = ShopifyAPI::Auth.embedded_app_url(host) + original_path = request.path + original_params = request.query_parameters.except(:host, :shop, :id_token) + original_path += "?#{original_params.to_query}" if original_params.present? + + redirect_path = ShopifyAPI::Auth.embedded_app_url(host) + original_path.to_s redirect_path = ShopifyApp.configuration.root_url if deduced_phishing_attack?(redirect_path) redirect_to(redirect_path, allow_other_host: true) end diff --git a/test/controllers/concerns/embedded_app_test.rb b/test/controllers/concerns/embedded_app_test.rb index ebcf0964c..e7593c7f3 100644 --- a/test/controllers/concerns/embedded_app_test.rb +++ b/test/controllers/concerns/embedded_app_test.rb @@ -75,7 +75,7 @@ def redirect_to_embed shop = "my-shop.myshopify.com" host = Base64.encode64("#{shop}/admin") get :redirect_to_embed, params: { host: host } - assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}" + assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed" end test "#redirect_to_embed_app_in_admin redirects to the embed app in the admin when the shop param is present" do @@ -83,7 +83,15 @@ def redirect_to_embed shop = "my-shop.myshopify.com" get :redirect_to_embed, params: { shop: shop } - assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}" + assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed" + end + + test "#redirect_to_embed_app_in_admin keeps original path and params when redirecting to the embed app" do + ShopifyApp.configuration.embedded_app = true + + shop = "my-shop.myshopify.com" + get :redirect_to_embed, params: { shop: shop, foo: "bar" } + assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed?foo=bar" end test "Redirect to login URL when host nor shop param is present" do diff --git a/test/shopify_app/controller_concerns/token_exchange_test.rb b/test/shopify_app/controller_concerns/token_exchange_test.rb index 2982ae4c8..81bc3f791 100644 --- a/test/shopify_app/controller_concerns/token_exchange_test.rb +++ b/test/shopify_app/controller_concerns/token_exchange_test.rb @@ -227,7 +227,7 @@ class TokenExchangeControllerTest < ActionController::TestCase host = Base64.encode64("#{@shop}/admin") params = { shop: @shop, host: host } - expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key" + expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key/" with_application_test_routes do get :index, params: params @@ -241,7 +241,7 @@ class TokenExchangeControllerTest < ActionController::TestCase params = { shop: @shop } - expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key" + expected_redirect_url = "https://my-shop.myshopify.com/admin/apps/key/" with_application_test_routes do get :index, params: params From c70c32c4131bbb6f5c826d5b2acd1a9637f3e189 Mon Sep 17 00:00:00 2001 From: Kirill Platonov Date: Tue, 2 Jul 2024 21:02:59 +0200 Subject: [PATCH 2/2] Improve redirect to embed test --- test/controllers/concerns/embedded_app_test.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/controllers/concerns/embedded_app_test.rb b/test/controllers/concerns/embedded_app_test.rb index e7593c7f3..413d14ea7 100644 --- a/test/controllers/concerns/embedded_app_test.rb +++ b/test/controllers/concerns/embedded_app_test.rb @@ -90,7 +90,8 @@ def redirect_to_embed ShopifyApp.configuration.embedded_app = true shop = "my-shop.myshopify.com" - get :redirect_to_embed, params: { shop: shop, foo: "bar" } + host = Base64.encode64("#{shop}/admin") + get :redirect_to_embed, params: { shop: shop, foo: "bar", host: host, id_token: "id_token" } assert_redirected_to "https://#{shop}/admin/apps/#{ShopifyApp.configuration.api_key}/redirect_to_embed?foo=bar" end