|
@@ -214,25 +214,24 @@ class SessionTest < Test::Unit::TestCase
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
test "return true when the signature is valid and the keys of params are strings" do
|
|
test "return true when the signature is valid and the keys of params are strings" do
|
|
|
- params = {"code" => "any-code", "timestamp" => Time.now}
|
|
|
|
|
- params["hmac"] = generate_signature(params)
|
|
|
|
|
|
|
+ params = { 'code' => 'any-code', 'timestamp' => Time.now }
|
|
|
|
|
+ params[:hmac] = generate_signature(params)
|
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
test "return true when validating signature of params with ampersand and equal sign characters" do
|
|
test "return true when validating signature of params with ampersand and equal sign characters" do
|
|
|
ShopifyAPI::Session.secret = 'secret'
|
|
ShopifyAPI::Session.secret = 'secret'
|
|
|
- params = {'a' => '1&b=2', 'c=3&d' => '4'}
|
|
|
|
|
- to_sign = "a=1%26b=2&c%3D3%26d=4"
|
|
|
|
|
- params['hmac'] = generate_signature(to_sign)
|
|
|
|
|
-
|
|
|
|
|
|
|
+ params = { 'a' => '1&b=2', 'c=3&d' => '4' }
|
|
|
|
|
+ to_sign = 'a=1%26b=2&c%3D3%26d=4'
|
|
|
|
|
+ params[:hmac] = generate_signature(to_sign)
|
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
test "return true when validating signature of params with percent sign characters" do
|
|
test "return true when validating signature of params with percent sign characters" do
|
|
|
ShopifyAPI::Session.secret = 'secret'
|
|
ShopifyAPI::Session.secret = 'secret'
|
|
|
- params = {'a%3D1%26b' => '2%26c%3D3'}
|
|
|
|
|
- to_sign = "a%253D1%2526b=2%2526c%253D3"
|
|
|
|
|
- params['hmac'] = generate_signature(to_sign)
|
|
|
|
|
|
|
+ params = { 'a%3D1%26b' => '2%26c%3D3' }
|
|
|
|
|
+ to_sign = 'a%253D1%2526b=2%2526c%253D3'
|
|
|
|
|
+ params[:hmac] = generate_signature(to_sign)
|
|
|
|
|
|
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
assert_equal true, ShopifyAPI::Session.validate_signature(params)
|
|
|
end
|
|
end
|
|
@@ -240,7 +239,9 @@ class SessionTest < Test::Unit::TestCase
|
|
|
private
|
|
private
|
|
|
|
|
|
|
|
def make_sorted_params(params)
|
|
def make_sorted_params(params)
|
|
|
- sorted_params = params.with_indifferent_access.except(:signature, :hmac, :action, :controller).collect{|k,v|"#{k}=#{v}"}.sort.join('&')
|
|
|
|
|
|
|
+ params.with_indifferent_access.except(
|
|
|
|
|
+ :signature, :hmac, :action, :controller
|
|
|
|
|
+ ).collect { |k, v| "#{k}=#{v}" }.sort.join('&')
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
def generate_signature(params)
|
|
def generate_signature(params)
|
Rafael França