File tree 1 file changed +14
-0
lines changed
test/shopify_app/controller_concerns
1 file changed +14
-0
lines changed Original file line number Diff line number Diff line change @@ -446,6 +446,20 @@ class LoginProtectionControllerTest < ActionController::TestCase
446446 end
447447 end
448448
449+ test "#activate_shopify_session when not enough scope and rescuing from invalid JWT token, breaks out of iframe in XHR requests" do
450+ ShopifyAPI ::Context . stubs ( :scope ) . returns ( ShopifyAPI ::Auth ::AuthScopes . new ( [ "scope1" , "scope2" ] ) )
451+ ShopifyAPI ::Utils ::SessionUtils . stubs ( :current_session_id ) . returns ( nil )
452+
453+ cookies . encrypted [ ShopifyAPI ::Auth ::Oauth ::SessionCookie ::SESSION_COOKIE_NAME ] = "cookie"
454+ request . headers [ "HTTP_AUTHORIZATION" ] = "Bearer token"
455+
456+ with_application_test_routes do
457+ get :index , xhr : true
458+
459+ assert_equal "/login" , response . headers [ "X-Shopify-API-Request-Failure-Reauthorize-Url" ]
460+ end
461+ end
462+
449463 test "#activate_shopify_session when rescuing from non 401 errors, does not close session" do
450464 with_application_test_routes do
451465 cookies . encrypted [ ShopifyAPI ::Auth ::Oauth ::SessionCookie ::SESSION_COOKIE_NAME ] = "cookie"
You can’t perform that action at this time.
0 commit comments