Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use online tokens when available #1566

Merged
merged 1 commit into from
Nov 7, 2022
Merged

use online tokens when available #1566

merged 1 commit into from
Nov 7, 2022

Conversation

teddyhwang
Copy link
Collaborator

@teddyhwang teddyhwang commented Nov 3, 2022
edited
Loading

What this PR does

Related to https://github.com/Shopify/shopify-graphiql-app/issues/1069

There is currently logic on when to retrieve an online or offline session token where current_shopify_session in the LoginProtection concern makes an incorrect assumption on checking if a shop session exists when determining to pass in is_online to load the session from the API gem. This check is required for the original OAuth request but any subsequent requests after OAuth should just check if a User session is configured.

Reviewer's guide to testing

Checklist

Before submitting the PR, please consider if any of the following are needed:

  • Update CHANGELOG.md if the changes would impact users
  • Update README.md, if appropriate.
  • Update any relevant pages in /docs, if necessary
  • For security fixes, the Disclosure Policy must be followed.

teddyhwang
teddyhwang commented Nov 3, 2022
View reviewed changes
lib/shopify_app/controller_concerns/login_protection.rb
def online_token_configured?
!ShopifyApp.configuration.user_session_repository.blank? && ShopifyApp::SessionRepository.user_storage.present?
end

def user_session_expected?
return false if shop_session.nil?
Copy link
Collaborator Author

@teddyhwang teddyhwang Nov 3, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shop_session here would only be available during OAuth since it does a shop look up by the shop parameter which is only sent during the beginning of OAuth. this would always return false since subsequent proxy API requests would not have the shop query parameter required to do this look up

paulomarg
paulomarg approved these changes Nov 3, 2022
View reviewed changes
Copy link
Contributor

@paulomarg paulomarg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me!

nelsonwittwer
nelsonwittwer approved these changes Nov 4, 2022
View reviewed changes
Copy link
Contributor

@nelsonwittwer nelsonwittwer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Glad we chased this down! 🎉

andyw8
andyw8 approved these changes Nov 4, 2022
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@teddyhwang teddyhwang merged commit 4fedb60 into main Nov 7, 2022
@teddyhwang teddyhwang deleted the fix-offline-tokens branch November 7, 2022 16:19
@teddyhwang teddyhwang changed the title use online tokens when available and remove redundant tests use online tokens when available Nov 7, 2022
@shopify-shipit shopify-shipit bot temporarily deployed to rubygems December 9, 2022 17:09 Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulomarg paulomarg paulomarg approved these changes

@nelsonwittwer nelsonwittwer nelsonwittwer approved these changes

@andyw8 andyw8 andyw8 approved these changes

@tatsuya tatsuya Awaiting requested review from tatsuya

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@teddyhwang @andyw8 @nelsonwittwer @tatsuya @paulomarg