Skip to content

Fix the issue "Get Current Session ID process from Post Purchase Extension Token" #279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jonaswebdev wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Fix the issue "Get Current Session ID process from Post Purchase Extension Token" #279

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
913b414
Fix Get Current Session ID process from Post Purchase Extension Token
jonaswebdev May 26, 2023
8e9cb7e
Tests for Fix the issue "Get Current Session ID process from Post Pur…
jonaswebdev May 29, 2023
b2a2ab3
Changelog update
jonaswebdev May 29, 2023
1b6c7c1
Changelog update
jonaswebdev May 29, 2023
1ab26d8
Preapre to publish on packagist.org
jonaswebdev Jun 16, 2023
f78565a
Preparation to publish on packagist.org
jonaswebdev Jun 16, 2023
ae0c26a
Preparation to publish on packagist.org - description
jonaswebdev Jun 16, 2023
a598323
Rollback of "Preparation to publish on packagist.org"
jonaswebdev Jun 19, 2023
b4b98ec
Merge pull request #1 from Shopify/main
jonaswebdev Sep 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## Unreleased
- PATCH: Fix the issue "Get Current Session ID process from Post Purchase Extension Token"

## v5.1.0 - 2023-07-11

Expand Down
11 changes: 10 additions & 1 deletion src/Auth/OAuth.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
use Shopify\Exception\CookieSetException;
use Shopify\Exception\HttpRequestException;
use Shopify\Exception\InvalidArgumentException;
use Shopify\Exception\InvalidJwtPayloadException;
use Shopify\Exception\InvalidOAuthException;
use Shopify\Exception\MissingArgumentException;
use Shopify\Exception\OAuthSessionNotFoundException;
Expand Down Expand Up @@ -232,7 +233,15 @@ public static function getCurrentSessionId(array $rawHeaders, array $cookies, bo
}

$jwtPayload = Utils::decodeSessionToken($matches[1]);
$shop = preg_replace('/^https:\/\//', '', $jwtPayload['dest']);

if (!empty($jwtPayload['dest'])) {
$shop = preg_replace('/^https:\/\//', '', $jwtPayload['dest']);
} elseif (!empty($jwtPayload['input_data']->shop->domain)) {
$shop = preg_replace('/^https:\/\//', '', $jwtPayload['input_data']->shop->domain);
} else {
throw new InvalidJwtPayloadException('Missing shop value in JWT payload');
}

if ($isOnline) {
$currentSessionId = self::getJwtSessionId($shop, $jwtPayload['sub']);
} else {
Expand Down
9 changes: 9 additions & 0 deletions src/Exception/InvalidJwtPayloadException.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<?php

declare(strict_types=1);

namespace Shopify\Exception;

class InvalidJwtPayloadException extends \Exception
{
}
57 changes: 57 additions & 0 deletions tests/Auth/OAuthTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
use Shopify\Exception\CookieSetException;
use Shopify\Exception\HttpRequestException;
use Shopify\Exception\InvalidArgumentException;
use Shopify\Exception\InvalidJwtPayloadException;
use Shopify\Exception\InvalidOAuthException;
use Shopify\Exception\MissingArgumentException;
use Shopify\Exception\OAuthSessionNotFoundException;
Expand Down Expand Up @@ -672,4 +673,60 @@ private function encodeJwtPayload(): string
];
return JWT::encode($payload, Context::$API_SECRET_KEY, 'HS256');
}


private function encodeJwtPayloadFromPostPurchaseExtension(): string
{
$shop = new stdClass();
$shop->domain = "https://exampleshop.myshopify.com";
$inputData = new stdClass();
$inputData->shop = $shop;

$payload = [
"iss" => "https://exampleshop.myshopify.com/admin",
"sub" => "42",
"input_data" => $inputData,
"iat" => 1591764998,
];

return JWT::encode($payload, Context::$API_SECRET_KEY, 'HS256');
}

private function encodeInvalidJwtPayloadFromPostPurchaseExtension(): string
{
$payload = [
"iss" => "https://exampleshop.myshopify.com/admin",
"sub" => "42",
"iat" => 1591764998,
];

return JWT::encode($payload, Context::$API_SECRET_KEY, 'HS256');
}


public function testGetCurrentSessionIdFromPostPurchaseTokenForOnlineShop()
{
$token = $this->encodeJwtPayloadFromPostPurchaseExtension();

$currentSessionId = OAuth::getCurrentSessionId(['Authorization' => "Bearer $token"], [], true);
$this->assertEquals('exampleshop.myshopify.com_42', $currentSessionId);
}

public function testGetCurrentSessionIdFromPostPurchaseTokenForOfflineShop()
{
$token = $this->encodeJwtPayloadFromPostPurchaseExtension();

$currentSessionId = OAuth::getCurrentSessionId(['Authorization' => "Bearer $token"], [], false);
$this->assertEquals('offline_exampleshop.myshopify.com', $currentSessionId);
}

public function testGetCurrentSessionIdFromPostPurchaseTokenInvalidJwtPayloadException()
{
$token = $this->encodeInvalidJwtPayloadFromPostPurchaseExtension();

$this->expectException(InvalidJwtPayloadException::class);
$this->expectExceptionMessage('Missing shop value in JWT payload');
$currentSessionId = OAuth::getCurrentSessionId(['Authorization' => "Bearer $token"], [], true);
}

}