Home Explore Help
Sign In
Dachen
/
shopify_api
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

add a specific exception for signature validation failures

Kevin Hughes 11 years ago
parent
91fd968947
commit
bade385403
2 changed files with 8 additions and 5 deletions
Split View Show Diff Stats
  1. 4 1
      lib/shopify_api/session.rb
  2. 4 4
      test/session_test.rb

+ 4 - 1
lib/shopify_api/session.rb
View File 

@@ -1,6 +1,9 @@
 
 
 module ShopifyAPI
 
 
+  class ValidationException < StandardError
 
+  end
 
+
 
   class Session
 
     cattr_accessor :api_key
 
     cattr_accessor :secret
 
@@ -74,7 +77,7 @@ module ShopifyAPI
 
       return token if token
 
 
       unless self.class.validate_signature(params) && params[:timestamp].to_i > 24.hours.ago.utc.to_i
 
-        raise "Invalid Signature: Possible malicious login"
 
+        raise ShopifyAPI::ValidationException, "Invalid Signature: Possible malicious login"
 
       end
 
 
       code = params['code']

+ 4 - 4
test/session_test.rb
View File 

@@ -25,7 +25,7 @@ class SessionTest < Test::Unit::TestCase
 
     end
 
 
     should "raise error if params passed but signature omitted" do
 
-      assert_raises(RuntimeError) do
 
+      assert_raises(ShopifyAPI::ValidationException) do
 
         session = ShopifyAPI::Session.new("testshop.myshopify.com")
 
         session.request_token({'code' => 'any-code'})
 
       end
 
@@ -90,7 +90,7 @@ class SessionTest < Test::Unit::TestCase
 
       ShopifyAPI::Session.setup(:api_key => "My test key", :secret => "My test secret")
 
       session = ShopifyAPI::Session.new('http://localhost.myshopify.com')
 
       fake nil, :url => 'https://localhost.myshopify.com/admin/oauth/access_token',:method => :post, :status => 404, :body => '{"error" : "invalid_request"}'
 
-      assert_raises(RuntimeError) do
 
+      assert_raises(ShopifyAPI::ValidationException) do
 
         session.request_token(params={:code => "bad-code"})
 
       end
 
       assert_equal false, session.valid?
 
@@ -130,7 +130,7 @@ class SessionTest < Test::Unit::TestCase
 
       sorted_params = make_sorted_params(params)
 
       signature = Digest::MD5.hexdigest(ShopifyAPI::Session.secret + sorted_params)
 
       params[:foo] = 'world'
 
-      assert_raises(RuntimeError) do
 
+      assert_raises(ShopifyAPI::ValidationException) do
 
         session = ShopifyAPI::Session.new("testshop.myshopify.com")
 
         session.request_token(params.merge(:signature => signature))
 
       end
 
@@ -142,7 +142,7 @@ class SessionTest < Test::Unit::TestCase
 
       sorted_params = make_sorted_params(params)
 
       signature = Digest::MD5.hexdigest(ShopifyAPI::Session.secret + sorted_params)
 
       params[:foo] = 'world'
 
-      assert_raises(RuntimeError) do
 
+      assert_raises(ShopifyAPI::ValidationException) do
 
         session = ShopifyAPI::Session.new("testshop.myshopify.com")
 
         session.request_token(params.merge(:signature => signature))
 
       end