-
Notifications
You must be signed in to change notification settings - Fork 699
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create concern to authenticate deep links using Turbolinks
- Loading branch information
1 parent
f541c62
commit 9336b4a
Showing
4 changed files
with
160 additions
and
0 deletions.
There are no files selected for viewing
22 changes: 22 additions & 0 deletions
22
app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # frozen_string_literal: true | ||
|
|
||
| module ShopifyApp | ||
| module EnsureAuthenticatedLinks | ||
| extend ActiveSupport::Concern | ||
|
|
||
| included do | ||
| before_action :redirect_to_splash_page, if: :missing_expected_jwt? | ||
| end | ||
|
|
||
| private | ||
|
|
||
| def redirect_to_splash_page | ||
| splash_page_path = root_path(return_to: request.fullpath, shop: current_shopify_domain) | ||
| redirect_to(splash_page_path) | ||
| end | ||
|
|
||
| def missing_expected_jwt? | ||
| jwt_shopify_domain.blank? | ||
| end | ||
| end | ||
| end |
22 changes: 22 additions & 0 deletions
22
app/controllers/concerns/shopify_app/turbolinks_authenticated.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # frozen_string_literal: true | ||
|
|
||
| module ShopifyApp | ||
| module TurbolinksAuthenticated | ||
| extend ActiveSupport::Concern | ||
|
|
||
| included do | ||
| before_action :redirect_to_splash_page, if: :missing_expected_jwt? | ||
| end | ||
|
|
||
| private | ||
|
|
||
| def redirect_to_splash_page | ||
| splash_page_path = root_path(return_to: request.fullpath, shop: current_shopify_domain) | ||
| redirect_to(splash_page_path) | ||
| end | ||
|
|
||
| def missing_expected_jwt? | ||
| jwt_shopify_domain.blank? | ||
| end | ||
| end | ||
| end |
58 changes: 58 additions & 0 deletions
58
test/controllers/concerns/ensure_authenticated_links_test.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| # frozen_string_literal: true | ||
|
|
||
| require 'test_helper' | ||
|
|
||
| class EnsureAuthenticatedLinksTest < ActionController::TestCase | ||
| class TurbolinksTestController < ActionController::Base | ||
| include ShopifyApp::EnsureAuthenticatedLinks | ||
|
|
||
| def root | ||
| render(html: '<h1>Splash Page</ h1>') | ||
| end | ||
|
|
||
| def some_link | ||
| render(html: '<h1>Success</ h1>') | ||
| end | ||
|
|
||
| private | ||
|
|
||
| def jwt_shopify_domain | ||
| request.env['jwt.shopify_domain'] | ||
| end | ||
|
|
||
| def current_shopify_domain | ||
| 'test-shop.myshopify.com' | ||
| end | ||
| end | ||
|
|
||
| tests TurbolinksTestController | ||
|
|
||
| setup do | ||
| @shop_domain = 'test-shop.myshopify.com' | ||
|
|
||
| Rails.application.routes.draw do | ||
| root to: 'ensure_authenticated_links_test/turbolinks_test#root' | ||
| get '/some_link', to: 'ensure_authenticated_links_test/turbolinks_test#some_link' | ||
| end | ||
| end | ||
|
|
||
| teardown do | ||
| Rails.application.reload_routes! | ||
| end | ||
|
|
||
| test 'redirects to splash page with a return_to and shop param if no session token is present' do | ||
| get :some_link, params: { shop: @shop_domain } | ||
|
|
||
| expected_path = root_path(return_to: request.fullpath, shop: @shop_domain) | ||
|
|
||
| assert_redirected_to expected_path | ||
| end | ||
|
|
||
| test 'returns the requested resource if a valid session token exists' do | ||
| request.env['jwt.shopify_domain'] = @shop_domain | ||
|
|
||
| get :some_link, params: { shop: @shop_domain } | ||
|
|
||
| assert_response :ok | ||
| end | ||
| end |
58 changes: 58 additions & 0 deletions
58
test/controllers/concerns/turbolinks_authenticated_test.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| # frozen_string_literal: true | ||
|
|
||
| require 'test_helper' | ||
|
|
||
| class TurbolinksAuthenticatedTest < ActionController::TestCase | ||
| class TurbolinksTestController < ActionController::Base | ||
| include ShopifyApp::TurbolinksAuthenticated | ||
|
|
||
| def root | ||
| render(html: '<h1>Splash Page</ h1>') | ||
| end | ||
|
|
||
| def some_link | ||
| render(html: '<h1>Success</ h1>') | ||
| end | ||
|
|
||
| private | ||
|
|
||
| def jwt_shopify_domain | ||
| request.env['jwt.shopify_domain'] | ||
| end | ||
|
|
||
| def current_shopify_domain | ||
| 'test-shop.myshopify.com' | ||
| end | ||
| end | ||
|
|
||
| tests TurbolinksTestController | ||
|
|
||
| setup do | ||
| @shop_domain = 'test-shop.myshopify.com' | ||
|
|
||
| Rails.application.routes.draw do | ||
| root to: 'turbolinks_authenticated_test/turbolinks_test#root' | ||
| get '/some_link', to: 'turbolinks_authenticated_test/turbolinks_test#some_link' | ||
| end | ||
| end | ||
|
|
||
| teardown do | ||
| Rails.application.reload_routes! | ||
| end | ||
|
|
||
| test 'redirects to splash page with a return_to and shop param if no session token is present' do | ||
| get :some_link, params: { shop: @shop_domain } | ||
|
|
||
| expected_path = root_path(return_to: request.fullpath, shop: @shop_domain) | ||
|
|
||
| assert_redirected_to expected_path | ||
| end | ||
|
|
||
| test 'returns the requested resource if a valid session token exists' do | ||
| request.env['jwt.shopify_domain'] = @shop_domain | ||
|
|
||
| get :some_link, params: { shop: @shop_domain } | ||
|
|
||
| assert_response :ok | ||
| end | ||
| end |