Merge pull request #1 from trico/validate_signature_error

Validate signature error

CHANGELOG

@@ -1,8 +1,14 @@
-== Version 3.1.9 (Unreleased)
+== Version 3.2.0
 
 * in Session::request_token params is no longer optional, you must pass all the params and the method will now extract the code
-* Add access to FulfillmentService endpoint
-* Fix JSON errors handling (#103)
+* Fixed JSON errors handling (#103)
+* Fixed compatibility with Ruby 2.1.x (#83)
+* Fixed getting parent ID from nested resources like Variants (#44)
+* Cleaned up compatibility with ActiveResource 4.0.x
+* Added OrderRisk resource
+* Added FulfillmentService resource
+* Removed discontinued ProductSearchEngine resource
+* Added convenience method Customer#search (#45)
 
 == Version 3.1.8
 

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    shopify_api (3.1.8)
+    shopify_api (3.2.0)
       activeresource (>= 3.0.0)
       thor (>= 0.14.4)
 
@@ -24,7 +24,7 @@ GEM
     atomic (1.1.14)
     builder (3.1.4)
     fakeweb (1.3.0)
-    i18n (0.6.5)
+    i18n (0.6.9)
     metaclass (0.0.1)
     minitest (4.7.5)
     mocha (0.14.0)

lib/shopify_api/resources/customer.rb

@@ -3,8 +3,11 @@ module ShopifyAPI
     include Metafields
 
     def orders
-      Order.find(:all, :params => {:customer_id => self.id})
+      Order.find(:all, params: {customer_id: self.id})
     end
 
+    def self.search(params)
+      find(:all, from: :search, params: params)
+    end
   end
 end

lib/shopify_api/session.rb

@@ -39,6 +39,7 @@ module ShopifyAPI
       end
 
       def validate_signature(params)
+        params = params.with_indifferent_access
         return false unless signature = params[:signature]
 
         sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join

lib/shopify_api/version.rb

@@ -1,3 +1,3 @@
 module ShopifyAPI
-  VERSION = "3.1.8"
+  VERSION = "3.2.0"
 end

test/customer_test.rb

@@ -0,0 +1,10 @@
+require 'test_helper'
+
+class CustomerTest < Test::Unit::TestCase
+  def test_search
+    fake "customers/search.json?query=Bob+country%3AUnited+States", extension: false, body: load_fixture('customers_search')
+
+    results = ShopifyAPI::Customer.search(query: 'Bob country:United States')
+    assert_equal 'Bob', results.first.first_name
+  end
+end

test/fixtures/customers_search.json

@@ -0,0 +1,60 @@
+{
+  "customers": [
+    {
+      "accepts_marketing": false,
+      "created_at": "2014-01-20T17:25:18-05:00",
+      "email": "bob.norman@hostmail.com",
+      "first_name": "Bob",
+      "id": 207119551,
+      "last_name": "Norman",
+      "last_order_id": null,
+      "multipass_identifier": null,
+      "note": null,
+      "orders_count": 0,
+      "state": "disabled",
+      "total_spent": "0.00",
+      "updated_at": "2014-01-20T17:25:18-05:00",
+      "verified_email": true,
+      "tags": "",
+      "last_order_name": null,
+      "default_address": {
+        "address1": "Chestnut Street 92",
+        "address2": "",
+        "city": "Louisville",
+        "company": null,
+        "country": "United States",
+        "first_name": null,
+        "id": 207119551,
+        "last_name": null,
+        "phone": "555-625-1199",
+        "province": "Kentucky",
+        "zip": "40202",
+        "name": null,
+        "province_code": "KY",
+        "country_code": "US",
+        "country_name": "United States",
+        "default": true
+      },
+      "addresses": [
+        {
+          "address1": "Chestnut Street 92",
+          "address2": "",
+          "city": "Louisville",
+          "company": null,
+          "country": "United States",
+          "first_name": null,
+          "id": 207119551,
+          "last_name": null,
+          "phone": "555-625-1199",
+          "province": "Kentucky",
+          "zip": "40202",
+          "name": null,
+          "province_code": "KY",
+          "country_code": "US",
+          "country_name": "United States",
+          "default": true
+        }
+      ]
+    }
+  ]
+}

test/session_test.rb

@@ -148,10 +148,20 @@ class SessionTest < Test::Unit::TestCase
       end
     end
 
+    should "return true when the signature is valid and the keys of params are strings" do
+      now = Time.now
+      params = {"code" => "any-code", "timestamp" => now}
+      sorted_params = make_sorted_params(params)
+      signature = Digest::MD5.hexdigest(ShopifyAPI::Session.secret + sorted_params)
+      params = {"code" => "any-code", "timestamp" => now, "signature" => signature}
+
+      assert_equal true, ShopifyAPI::Session.validate_signature(params)
+    end
+
     private
 
     def make_sorted_params(params)
-      sorted_params = params.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
+      sorted_params = params.with_indifferent_access.except(:signature, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join
     end
 
   end