Add a rails concern to check for valid domains in the unauthenticated…

… controller
Shopify · May 20, 2020 · e10685f · e10685f
1 parent 61f68da
commit e10685f
Show file tree

Hide file tree

Showing 2 changed files with 102 additions and 0 deletions.
diff --git a/app/controllers/concerns/shopify_app/require_known_shop.rb b/app/controllers/concerns/shopify_app/require_known_shop.rb
@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module RequireKnownShop
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :check_shop_domain
+      before_action :check_shop_known
+    end
+
+    def current_shopify_domain
+      return if params[:shop].blank?
+      @shopify_domain ||= ShopifyApp::Utils.sanitize_shop_domain(params[:shop])
+    end
+
+    private
+
+    def check_shop_domain
+      redirect_to(ShopifyApp.configuration.login_url) unless current_shopify_domain
+    end
+
+    def check_shop_known
+      @shop = SessionRepository.retrieve_shop_session_by_shopify_domain(current_shopify_domain)
+      redirect_to(shop_login) unless @shop
+    end
+
+    def shop_login
+      url = URI(ShopifyApp.configuration.login_url)
+
+      url.query = URI.encode_www_form(
+        shop: params[:shop],
+        return_to: request.fullpath,
+      )
+
+      url.to_s
+    end
+  end
+end
diff --git a/test/controllers/concerns/require_known_shop_test.rb b/test/controllers/concerns/require_known_shop_test.rb
@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+class RequireKnownShopTest < ActionController::TestCase
+  class UnauthenticatedTestController < ActionController::Base
+    include ShopifyApp::RequireKnownShop
+
+    def index
+      render html: '<h1>Success</ h1>'
+    end
+  end
+
+  tests UnauthenticatedTestController
+
+  setup do
+    Rails.application.routes.draw do
+      get '/unauthenticated_test', to: 'require_known_shop_test/unauthenticated_test#index'
+    end
+  end
+
+  teardown do
+    Rails.application.reload_routes!
+  end
+
+  test 'redirects to login if no shop param is present' do
+    get :index
+
+    assert_redirected_to ShopifyApp.configuration.login_url
+  end
+
+  test 'redirects to login if no shop is not a valid shopify domain' do
+    invalid_shop = 'https://shop1.example.com'
+
+    get :index, params: { shop: invalid_shop }
+
+    assert_redirected_to ShopifyApp.configuration.login_url
+  end
+
+  test 'redirects to login if the shop is not installed' do
+    ShopifyApp::SessionRepository.expects(:retrieve_shop_session_by_shopify_domain).returns(false)
+
+    shopify_domain = 'shop1.myshopify.com'
+
+    get :index, params: { shop: shopify_domain }
+
+    redirect_url = URI('/login')
+    redirect_url.query = URI.encode_www_form(
+      shop: shopify_domain,
+      return_to: request.fullpath,
+    )
+
+    assert_redirected_to redirect_url.to_s
+  end
+
+  test 'returns :ok if the shop is installed' do
+    ShopifyApp::SessionRepository.expects(:retrieve_shop_session_by_shopify_domain).returns(true)
+
+    shopify_domain = 'shop1.myshopify.com'
+
+    get :index, params: { shop: shopify_domain }
+
+    assert_response :ok
+  end
+end