ensure scopes plug

ericdude4 · Aug 20, 2021 · 849a7dc · 849a7dc
1 parent 320e2a0
commit 849a7dc
Show file tree

Hide file tree

Showing 13 changed files with 188 additions and 13 deletions.
diff --git a/assets/js/app.js b/assets/js/app.js
@@ -7,21 +7,34 @@ import enTranslations from '@shopify/polaris/locales/en.json'
 import '@shopify/polaris/styles.css'
 
 import ShowPlans from './components/show-plans'
+import ExternalRedirect from './components/external-redirect'
+
 function WrappedShowPlans(props) {
   return (
     <AppProvider i18n={enTranslations}>
-      <ShowPlans 
-        plans={props.plans} 
-        guard={props.guard} 
-        shopUrl={props.shop_url} 
-        redirectAfter={props.redirect_after} 
+      <ShowPlans
+        plans={props.plans}
+        guard={props.guard}
+        shopUrl={props.shop_url}
+        redirectAfter={props.redirect_after}
         shopifyApiKey={props.shopify_api_key}
         sessionToken={props.session_token}
       />
     </AppProvider>
   )
 }
 
+function WrappedRedirect({
+  shop_url, shopify_api_key, redirect_location
+}) {
+  return (
+    <AppProvider i18n={enTranslations}>
+      <ExternalRedirect shopUrl={shop_url} shopifyApiKey={shopify_api_key} redirectLocation={redirect_location} />
+    </AppProvider>
+  );
+}
+
 window.Components = {
-  WrappedShowPlans
+  WrappedShowPlans,
+  WrappedRedirect
 }
diff --git a/assets/js/components/external-redirect.js b/assets/js/components/external-redirect.js
@@ -0,0 +1,43 @@
+import React, { useEffect } from 'react';
+import createApp from '@shopify/app-bridge';
+import { Redirect } from '@shopify/app-bridge/actions';
+import { Frame, TextContainer, Layout, Page } from '@shopify/polaris'
+
+export default function ExternalRedirect({ shopUrl, shopifyApiKey, redirectLocation }) {
+  const app = createApp({
+    apiKey: shopifyApiKey,
+    shopOrigin: shopUrl,
+  });
+
+  const redirect = Redirect.create(app);
+
+  const doRedirect = () => {
+    if (window.self == window.top) {
+      // do a normal redirect if not in an iFrame
+      window.location = redirectLocation
+    } else {
+      redirect.dispatch(Redirect.Action.REMOTE, redirectLocation)
+    }
+  }
+
+  useEffect(() => {
+    doRedirect()
+  }, [])
+
+  return (
+    <Page title="You are being redirected">
+      <Layout>
+        <Layout.Section>
+          <Frame>
+            <TextContainer style="padding-top: 3 rem;">
+              <p>
+                If you are not automatically redirected within 5 seconds, &nbsp;
+                <a href="#" onClick={doRedirect}>click here</a>
+              </p>
+            </TextContainer>
+          </Frame>
+        </Layout.Section>
+      </Layout>
+    </Page>
+  );
+}
diff --git a/lib/shopifex/errors/runtime_error.ex b/lib/shopifex/errors/runtime_error.ex
@@ -0,0 +1,3 @@
+defmodule Shopifex.RuntimeError do
+  defexception message: "An error occurred"
+end
diff --git a/lib/shopifex/plug/ensure_scopes.ex b/lib/shopifex/plug/ensure_scopes.ex
@@ -0,0 +1,55 @@
+defmodule Shopifex.Plug.EnsureScopes do
+  @moduledoc """
+  This plug ensures that the shop which is currently loaded in the session
+  has all of the scopes which are defined under `config :shopifex, scopes: "foo"`.
+
+  If the current shop does not have all the scopes, the conn is redirected to
+  the Shopify OAuth update flow.
+
+  Simply adding a new scope to your `:shopifex, scopes: "foo"` config will
+  trigger an OAuth update with your installations.
+  """
+  import Plug.Conn
+  import Phoenix.Controller
+  require Logger
+
+  def init(options) do
+    # initialize options
+    options
+  end
+
+  def call(conn, _) do
+    case Shopifex.Plug.current_shop(conn) do
+      nil ->
+        raise(
+          Shopifex.RuntimeError,
+          """
+          `Shopifex.Plug.EnsureScopes` must be placed in the pipeline after a plug which places a shop in the session; such as `Shopifex.Plug.ShopifySession` or `Shopifex.Plug.ShopifyWebhook`
+          """
+        )
+
+      shop ->
+        required_scopes = String.split(Application.get_env(:shopifex, :scopes), ",")
+        shop_scopes = String.split(shop.scope, ",")
+
+        case required_scopes -- shop_scopes do
+          [] ->
+            conn
+
+          missing_scopes ->
+            Logger.info(
+              "Shop #{shop.url} is missing required scopes #{inspect(missing_scopes)}, initiating app update"
+            )
+
+            reinstall_url =
+              "https://#{shop.url}/admin/oauth/authorize?client_id=#{Application.fetch_env!(:shopifex, :api_key)}&scope=#{Application.fetch_env!(:shopifex, :scopes)}&redirect_uri=#{Application.fetch_env!(:shopifex, :reinstall_uri)}"
+
+            conn
+            |> put_view(ShopifexWeb.PageView)
+            |> put_layout({ShopifexWeb.LayoutView, "app.html"})
+            |> render("redirect.html", redirect_location: reinstall_url)
+            |> halt()
+        end
+    end
+  end
+end
diff --git a/lib/shopifex_web/controllers/auth_controller.ex b/lib/shopifex_web/controllers/auth_controller.ex
@@ -94,7 +94,7 @@ defmodule ShopifexWeb.AuthController do
               Logger.info("Initiating shop reinstallation for #{shop_url}")
 
               reinstall_url =
-                "https://#{shop_url}/admin/oauth/request_grant?client_id=#{Application.fetch_env!(:shopifex, :api_key)}&scope=#{Application.fetch_env!(:shopifex, :scopes)}&redirect_uri=#{Application.fetch_env!(:shopifex, :reinstall_uri)}"
+                "https://#{shop_url}/admin/oauth/authorize?client_id=#{Application.fetch_env!(:shopifex, :api_key)}&scope=#{Application.fetch_env!(:shopifex, :scopes)}&redirect_uri=#{Application.fetch_env!(:shopifex, :reinstall_uri)}"
 
               conn
               |> redirect(external: reinstall_url)

diff --git a/lib/shopifex_web/routes.ex b/lib/shopifex_web/routes.ex
@@ -11,6 +11,7 @@ defmodule ShopifexWeb.Routes do
 
       pipeline :shopify_session do
         plug(Shopifex.Plug.ShopifySession)
+        plug(Shopifex.Plug.EnsureScopes)
         plug(Shopifex.Plug.LoadInIframe)
       end
 
@@ -30,6 +31,7 @@ defmodule ShopifexWeb.Routes do
         plug(Shopifex.Plug.FetchFlash)
         plug(Shopifex.Plug.LoadInIframe)
         plug(Shopifex.Plug.ShopifyWebhook)
+        plug(Shopifex.Plug.EnsureScopes)
       end
 
       pipeline :shopify_api do

diff --git a/lib/shopifex_web/templates/page/redirect.html.eex b/lib/shopifex_web/templates/page/redirect.html.eex
@@ -0,0 +1,10 @@
+<%=
+    ReactPhoenix.ClientSide.react_component(
+        "Components.WrappedRedirect",
+        %{
+            shop_url: Shopifex.Plug.current_shop(@conn).url,
+            redirect_location: @redirect_location,
+            shopify_api_key: Application.get_env(:shopifex, :api_key)
+        }
+    )
+%>
diff --git a/lib/shopifex_web/views/page_view.ex b/lib/shopifex_web/views/page_view.ex
@@ -0,0 +1,3 @@
+defmodule ShopifexWeb.PageView do
+  use ShopifexWeb, :view
+end
diff --git a/mix.exs b/mix.exs
@@ -4,7 +4,7 @@ defmodule Shopifex.MixProject do
   def project do
     [
       app: :shopifex,
-      version: "2.0.0",
+      version: "2.0.1",
       elixir: "~> 1.10",
       start_permanent: Mix.env() == :prod,
       compilers: [:phoenix, :gettext] ++ Mix.compilers(),

diff --git a/priv/static/js/app.js b/priv/static/js/app.js
diff --git a/priv/static/js/app.js.map b/priv/static/js/app.js.map
diff --git a/test/plug/ensure_scopes_test.exs b/test/plug/ensure_scopes_test.exs
@@ -0,0 +1,45 @@
+defmodule Shopifex.Plug.EnsureScopesTest do
+  use ShopifexWeb.ConnCase
+
+  setup do
+    conn = build_conn(:get, "/my-route?foo=bar&fizz=buzz")
+    {:ok, conn: conn}
+  end
+
+  setup [:shop_in_session]
+
+  test "shop scopes matching shopifex config passes plug", %{
+    conn: conn
+  } do
+    shop = Shopifex.Plug.current_shop(conn)
+    Application.put_env(:shopifex, :scopes, shop.scope)
+
+    conn = Shopifex.Plug.EnsureScopes.call(conn, [])
+
+    refute conn.halted
+  end
+
+  test "renders redirect page with location to Shopify OAuth update flow", %{
+    conn: conn
+  } do
+    Application.put_env(:shopifex, :scopes, "read_orders")
+
+    conn = Shopifex.Plug.EnsureScopes.call(conn, [])
+
+    assert conn.halted
+    assert html_response(conn, 200) =~ "Components.WrappedRedirect"
+
+    assert conn.assigns.redirect_location =~
+             "https://shopifex.myshopify.com/admin/oauth/authorize?client_id=thisisafakeapikey"
+  end
+
+  test "throws error when shop not in session", %{
+    conn: conn
+  } do
+    assert_raise Shopifex.RuntimeError, fn ->
+      conn
+      |> Map.put(:private, %{})
+      |> Shopifex.Plug.EnsureScopes.call([])
+    end
+  end
+end
diff --git a/test/plug/payment_guard_test.exs b/test/plug/payment_guard_test.exs
@@ -8,9 +8,10 @@ defmodule Shopifex.Plug.PaymentGuardTest do
 
   setup [:shop_in_session]
 
-  test "payment guard blocks pay-walled function and redirects to payment page with session token", %{
-    conn: conn
-  } do
+  test "payment guard blocks pay-walled function and redirects to payment page with session token",
+       %{
+         conn: conn
+       } do
     halted_conn = Shopifex.Plug.PaymentGuard.call(conn, "block")
 
     assert html_response(halted_conn, 302) =~