Skip to content

Fix/installation path with admin auth plug #603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix/installation path with admin auth plug #603

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
80d4cbf
fix broken app installation, we need to redirect to shopify for install
hez Apr 11, 2025
2e314e1
Merge pull request #598 from orbit-apps/fix/installation-path-with-ad…
hez Apr 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
## Unreleased

- Fix: 0.16.2 broke the installation path when no JWT was passed along

## 0.16.2

- BREAKING: Reworked Plugs.AdminAuthenticator to use the new JWT Session functions, this breaks the old redirect for exchanging sessions on install
Expand Down
7 changes: 7 additions & 0 deletions lib/shopify_api/config.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,11 @@ defmodule ShopifyAPI.Config do

def lookup(key), do: Application.get_env(:shopify_api, key)
def lookup(key, subkey), do: Application.get_env(:shopify_api, key)[subkey]

@spec app_name() :: String.t() | nil
@spec app_name(Plug.Conn.t(), keyword()) :: String.t() | nil
def app_name, do: lookup(:app_name)

def app_name(%Plug.Conn{path_info: path_info}, opts \\ []),
do: Keyword.get(opts, :app_name) || app_name() || List.last(path_info)
end
38 changes: 35 additions & 3 deletions lib/shopify_api/plugs/admin_authenticator.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,9 @@ defmodule ShopifyAPI.Plugs.AdminAuthenticator do
end
end

defp do_authentication(conn, _options) do
token = conn.params["id_token"]

# User auth
defp do_authentication(%{params: %{"id_token" => token}} = conn, _options)
when is_binary(token) do
with {:ok, app} <- JWTSessionToken.app(token),
{true, jwt, _jws} <- JWTSessionToken.verify(token, app.client_secret),
:ok <- validate_hmac(app, conn.query_params),
Expand All @@ -76,6 +76,38 @@ defmodule ShopifyAPI.Plugs.AdminAuthenticator do
end
end

# Offline token auth OR new install
defp do_authentication(conn, options) do
myshopify_domain = conn.params["shop"]
app_name = ShopifyAPI.Config.app_name(conn, options)
{:ok, app} = ShopifyAPI.AppServer.get(app_name)

with :ok <- validate_hmac(app, conn.query_params),
{:ok, shop} <- ShopifyAPI.ShopServer.get_or_create(myshopify_domain, true),
{:ok, auth_token} <- ShopifyAPI.AuthTokenServer.get(myshopify_domain, app_name) do
conn
|> assign_app(app)
|> assign_shop(shop)
|> assign_auth_token(auth_token)
else
{:error, :invalid_hmac} ->
Logger.info("#{__MODULE__} failed hmac validation")

conn
|> Conn.resp(401, "Not Authorized.")
|> Conn.halt()

_err ->
oauth_url = ShopifyAPI.shopify_oauth_url(app, myshopify_domain)
Logger.info("redirecting to Shop oauth url: #{oauth_url}")

conn
|> Conn.put_resp_header("location", oauth_url)
|> Conn.resp(unquote(302), "You are being redirected.")
|> Conn.halt()
end
end

defp should_do_authentication?(conn), do: has_hmac(conn.query_params) == :ok

defp assign_app(conn, app), do: Conn.assign(conn, :app, app)
Expand Down
Loading