-
Notifications
You must be signed in to change notification settings - Fork 683
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a rails concern to check for valid domains in the unauthenticated…
… controller
- Loading branch information
Aditya Mattos
committed
May 20, 2020
1 parent
61f68da
commit e10685f
Showing
2 changed files
with
102 additions
and
0 deletions.
There are no files selected for viewing
39 changes: 39 additions & 0 deletions
39
app/controllers/concerns/shopify_app/require_known_shop.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# frozen_string_literal: true | ||
|
||
module ShopifyApp | ||
module RequireKnownShop | ||
extend ActiveSupport::Concern | ||
|
||
included do | ||
before_action :check_shop_domain | ||
before_action :check_shop_known | ||
end | ||
|
||
def current_shopify_domain | ||
return if params[:shop].blank? | ||
@shopify_domain ||= ShopifyApp::Utils.sanitize_shop_domain(params[:shop]) | ||
end | ||
|
||
private | ||
|
||
def check_shop_domain | ||
redirect_to(ShopifyApp.configuration.login_url) unless current_shopify_domain | ||
end | ||
|
||
def check_shop_known | ||
@shop = SessionRepository.retrieve_shop_session_by_shopify_domain(current_shopify_domain) | ||
redirect_to(shop_login) unless @shop | ||
end | ||
|
||
def shop_login | ||
url = URI(ShopifyApp.configuration.login_url) | ||
|
||
url.query = URI.encode_www_form( | ||
shop: params[:shop], | ||
return_to: request.fullpath, | ||
) | ||
|
||
url.to_s | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
# frozen_string_literal: true | ||
|
||
class RequireKnownShopTest < ActionController::TestCase | ||
class UnauthenticatedTestController < ActionController::Base | ||
include ShopifyApp::RequireKnownShop | ||
|
||
def index | ||
render html: '<h1>Success</ h1>' | ||
end | ||
end | ||
|
||
tests UnauthenticatedTestController | ||
|
||
setup do | ||
Rails.application.routes.draw do | ||
get '/unauthenticated_test', to: 'require_known_shop_test/unauthenticated_test#index' | ||
end | ||
end | ||
|
||
teardown do | ||
Rails.application.reload_routes! | ||
end | ||
|
||
test 'redirects to login if no shop param is present' do | ||
get :index | ||
|
||
assert_redirected_to ShopifyApp.configuration.login_url | ||
end | ||
|
||
test 'redirects to login if no shop is not a valid shopify domain' do | ||
invalid_shop = 'https://shop1.example.com' | ||
|
||
get :index, params: { shop: invalid_shop } | ||
|
||
assert_redirected_to ShopifyApp.configuration.login_url | ||
end | ||
|
||
test 'redirects to login if the shop is not installed' do | ||
ShopifyApp::SessionRepository.expects(:retrieve_shop_session_by_shopify_domain).returns(false) | ||
|
||
shopify_domain = 'shop1.myshopify.com' | ||
|
||
get :index, params: { shop: shopify_domain } | ||
|
||
redirect_url = URI('/login') | ||
redirect_url.query = URI.encode_www_form( | ||
shop: shopify_domain, | ||
return_to: request.fullpath, | ||
) | ||
|
||
assert_redirected_to redirect_url.to_s | ||
end | ||
|
||
test 'returns :ok if the shop is installed' do | ||
ShopifyApp::SessionRepository.expects(:retrieve_shop_session_by_shopify_domain).returns(true) | ||
|
||
shopify_domain = 'shop1.myshopify.com' | ||
|
||
get :index, params: { shop: shopify_domain } | ||
|
||
assert_response :ok | ||
end | ||
end |