|
@@ -213,23 +213,26 @@ class SessionTest < Test::Unit::TestCase
|
|
|
end
|
|
end
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
- test "return true when the signature is valid and the keys of params are strings" do
|
|
|
|
|
- params = {"code" => "any-code", "timestamp" => Time.now}
|
|
|
|
|
|
|
+ test "return true when the signature is valid and the keys of params are \
|
|
|
|
|
+ strings" do
|
|
|
|
|
+ params = { "code" => "any-code", "timestamp" => Time.now }
|
|
|
params[:hmac] = generate_signature(params)
|
|
params[:hmac] = generate_signature(params)
|
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
- test "return true when validating signature of params with ampersand and equal sign characters" do
|
|
|
|
|
|
|
+ test "return true when validating signature of params with ampersand \
|
|
|
|
|
+ and equal sign characters" do
|
|
|
ShopifyAPI::Session.secret = 'secret'
|
|
ShopifyAPI::Session.secret = 'secret'
|
|
|
- params = {'a' => '1&b=2', 'c=3&d' => '4'}
|
|
|
|
|
|
|
+ params = { 'a' => '1&b=2', 'c=3&d' => '4' }
|
|
|
to_sign = "a=1%26b=2&c%3D3%26d=4"
|
|
to_sign = "a=1%26b=2&c%3D3%26d=4"
|
|
|
params[:hmac] = generate_signature(to_sign)
|
|
params[:hmac] = generate_signature(to_sign)
|
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
- test "return true when validating signature of params with percent sign characters" do
|
|
|
|
|
|
|
+ test "return true when validating signature of params with percent sign\
|
|
|
|
|
+ characters" do
|
|
|
ShopifyAPI::Session.secret = 'secret'
|
|
ShopifyAPI::Session.secret = 'secret'
|
|
|
- params = {'a%3D1%26b' => '2%26c%3D3'}
|
|
|
|
|
|
|
+ params = { 'a%3D1%26b' => '2%26c%3D3' }
|
|
|
to_sign = "a%253D1%2526b=2%2526c%253D3"
|
|
to_sign = "a%253D1%2526b=2%2526c%253D3"
|
|
|
params[:hmac] = generate_signature(to_sign)
|
|
params[:hmac] = generate_signature(to_sign)
|
|
|
|
|
|
|
@@ -239,11 +242,16 @@ class SessionTest < Test::Unit::TestCase
|
|
|
private
|
|
private
|
|
|
|
|
|
|
|
def make_sorted_params(params)
|
|
def make_sorted_params(params)
|
|
|
- sorted_params = params.except(:signature, :hmac, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join('&')
|
|
|
|
|
|
|
+ sorted_params = params.with_indifferent_access.except(
|
|
|
|
|
+ :signature, :hmac, :action, :controller
|
|
|
|
|
+ ).collect{ |k, v| "#{k}=#{v}" }.sort.join('&')
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
def generate_signature(params)
|
|
def generate_signature(params)
|
|
|
params = make_sorted_params(params) if params.is_a?(Hash)
|
|
params = make_sorted_params(params) if params.is_a?(Hash)
|
|
|
- OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, ShopifyAPI::Session.secret, params)
|
|
|
|
|
|
|
+ OpenSSL::HMAC.hexdigest(
|
|
|
|
|
+ OpenSSL::Digest::SHA256.new,
|
|
|
|
|
+ ShopifyAPI::Session.secret, params
|
|
|
|
|
+ )
|
|
|
end
|
|
end
|
|
|
end
|
|
end
|
Yoann Jaspar