remove unused methods, update tests.

lib/shopify_api/session.rb

@@ -1,84 +1,6 @@
+
 module ShopifyAPI
-  # 
-  #  The Shopify API authenticates each call via HTTP Authentication, using
-  #    * the application's API key as the username, and
-  #    * a hex digest of the application's shared secret and an 
-  #      authentication token as the password.
-  #  
-  #  Generation & acquisition of the beforementioned looks like this:
-  # 
-  #    0. Developer (that's you) registers Application (and provides a
-  #       callback url) and receives an API key and a shared secret
-  # 
-  #    1. User visits Application and are told they need to authenticate the
-  #       application first for read/write permission to their data (needs to
-  #       happen only once). User is asked for their shop url.
-  # 
-  #    2. Application redirects to Shopify : GET <user's shop url>/admin/api/auth?api_key=<API key>
-  #       (See Session#create_permission_url)
-  # 
-  #    3. User logs-in to Shopify, approves application permission request
-  # 
-  #    4. Shopify redirects to the Application's callback url (provided during
-  #       registration), including the shop's name, and an authentication token in the parameters:
-  #         GET client.com/customers?shop=snake-oil.myshopify.com&t=a94a110d86d2452eb3e2af4cfb8a3828
-  # 
-  #    5. Authentication password computed using the shared secret and the
-  #       authentication token (see Session#computed_password)
-  # 
-  #    6. Profit!
-  #       (API calls can now authenticate through HTTP using the API key, and
-  #       computed password)
-  # 
-  #  LoginController and ShopifyLoginProtection use the Session class to set Shopify::Base.site
-  #  so that all API calls are authorized transparently and end up just looking like this:
-  # 
-  #    # get 3 products
-  #    @products = ShopifyAPI::Product.find(:all, :params => {:limit => 3})
-  #    
-  #    # get latest 3 orders
-  #    @orders = ShopifyAPI::Order.find(:all, :params => {:limit => 3, :order => "created_at DESC" })
-  # 
-  #  As an example of what your LoginController should look like, take a look
-  #  at the following:
-  # 
-  #    class LoginController < ApplicationController
-  #      def index
-  #        # Ask user for their #{shop}.myshopify.com address
-  #      end
-  #    
-  #      def authenticate
-  #        redirect_to ShopifyAPI::Session.new(params[:shop]).create_permission_url
-  #      end
-  #    
-  #      # Shopify redirects the logged-in user back to this action along with
-  #      # the authorization token t.
-  #      # 
-  #      # This token is later combined with the developer's shared secret to form
-  #      # the password used to call API methods.
-  #      def finalize
-  #        shopify_session = ShopifyAPI::Session.new(params[:shop], params[:t])
-  #        if shopify_session.valid?
-  #          session[:shopify] = shopify_session
-  #          flash[:notice] = "Logged in to shopify store."
-  #    
-  #          return_address = session[:return_to] || '/home'
-  #          session[:return_to] = nil
-  #          redirect_to return_address
-  #        else
-  #          flash[:error] = "Could not log in to Shopify store."
-  #          redirect_to :action => 'index'
-  #        end
-  #      end
-  #    
-  #      def logout
-  #        session[:shopify] = nil
-  #        flash[:notice] = "Successfully logged out."
-  #    
-  #        redirect_to :action => 'index'
-  #      end
-  #    end
-  # 
+  
   class Session
     cattr_accessor :api_key
     cattr_accessor :secret
@@ -110,13 +32,6 @@ module ShopifyAPI
         url.gsub!(/https?:\/\//, '')                            # remove http:// or https://
         url.concat(".myshopify.com") unless url.include?('.')   # extend url to myshopify.com if no host is given
       end
-      
-      def validate_signature(params)
-        return false unless signature = params[:signature]
-
-        sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
-        Digest::MD5.hexdigest(secret + sorted_params) == signature
-      end
     
     end
     
@@ -128,31 +43,14 @@ module ShopifyAPI
     def shop
       Shop.current
     end
-    
-    def create_permission_url
-      return nil if url.blank? || api_key.blank?
-      "http://#{url}/admin/api/auth?api_key=#{api_key}"
-    end
 
-    # Used by ActiveResource::Base to make all non-authentication API calls
-    # 
-    # (ShopifyAPI::Base.site set in ShopifyLoginProtection#shopify_session)
     def site
-      "#{protocol}://#{api_key}:#{computed_password}@#{url}/admin"
+      "#{protocol}://:#{token}@#{url}/admin"
     end
 
     def valid?
       url.present? && token.present?
     end
-
-    private
-
-    # The secret is computed by taking the shared_secret which we got when 
-    # registring this third party application and concating the request_to it, 
-    # and then calculating a MD5 hexdigest. 
-    def computed_password
-      token.to_s
-    end
-    
+  
   end
 end

test/session_test.rb

@@ -23,12 +23,6 @@ class SessionTest < Test::Unit::TestCase
         session = ShopifyAPI::Session.new("testshop.myshopify.com", "any-token")
       end
     end
-    
-    should "raise error if params passed but signature omitted" do
-      assert_raises(RuntimeError) do
-        session = ShopifyAPI::Session.new("testshop.myshopify.com", "any-token", {'foo' => 'bar'})
-      end
-    end
 
     should "setup api_key and secret for all sessions" do
       ShopifyAPI::Session.setup(:api_key => "My test key", :secret => "My test secret")
@@ -48,18 +42,13 @@ class SessionTest < Test::Unit::TestCase
       ShopifyAPI::Session.temp("testshop.myshopify.com", "any-token") {
         assigned_site = ShopifyAPI::Base.site
       }
-      assert_equal 'https://key:e56d5793b869753d87cf03ceb6bb5dfc@testshop.myshopify.com/admin', assigned_site.to_s
+      assert_equal 'https://:any-token@testshop.myshopify.com/admin', assigned_site.to_s
       assert_equal 'http://www.original.com', ShopifyAPI::Base.site.to_s
     end
 
-    should "return permissions url" do
-      session = ShopifyAPI::Session.new("testshop.myshopify.com", "any-token")
-      assert_equal "http://testshop.myshopify.com/admin/api/auth?api_key=key", session.create_permission_url
-    end
-
     should "return site for session" do
       session = ShopifyAPI::Session.new("testshop.myshopify.com", "any-token")
-      assert_equal "https://key:e56d5793b869753d87cf03ceb6bb5dfc@testshop.myshopify.com/admin", session.site
+      assert_equal "https://:any-token@testshop.myshopify.com/admin", session.site
     end
   end
 end