如何获得Shopify(Rails)的永久令牌?

时间:2014-05-22 14:39:53

标签: ruby-on-rails ruby ruby-on-rails-4 oauth-2.0 shopify

我正在尝试验证我的新Shopify应用。首先,我的authenticate方法将店主重定向到Shopify的身份验证页面:

def authenticate
  ShopifyAPI::Session.setup({:api_key => "123", :secret => "456"})
  session = ShopifyAPI::Session.new("someshop.myshopify.com")
  redirect_to session.create_permission_url(["read_orders"], "https://myapp.com/shopify/post_authenticate?user=someshop")
end

店主批准集成后,重定向uri会触发我的post_authenticate方法:

def post_authenticate
  ShopifyAPI::Session.setup({:api_key => "123", :secret => "456"})
  session = ShopifyAPI::Session.new("#{params[:user]}.myshopify.com")
  token = session.request_token(:code => params[:code], :signature => params[:signature], :timestamp => params[:timestamp])
end

request_token方法返回以下错误:

#<ShopifyAPI::ValidationException: Invalid Signature: Possible malicious login>

我已经阅读过某个地方,你需要在同一个ShopifyAPI会话中执行所有这些操作,但在documentation中没有这样说。 example app采用了与文档完全不同的方法。

1 个答案:

答案 0 :(得分:2)

根据我的评论,我使用omniauth方法进行身份验证。这是代码的要点,以供参考。 https://gist.github.com/agmcleod/7106363317ebd082d3df。把所有的片段放在下面。

class ApplicationController < ActionController::Base
  protect_from_forgery
  force_ssl
  helper_method :current_shop, :shopify_session

protected

  def current_shop
    @current_shop ||= Shop.find(session[:shop_id]) if session[:shop_id].present?
  end

  def shopify_session
    if current_shop.nil?
      redirect_to new_login_url
    else
      begin
        session = ShopifyAPI::Session.new(current_shop.url, current_shop.token)
        ShopifyAPI::Base.activate_session(session)
        yield
      ensure
        ShopifyAPI::Base.clear_session
      end
    end
  end
end

在我的登录控制器中:

def create
  omniauth = request.env['omniauth.auth']
  if omniauth && omniauth[:provider] && omniauth[:provider] == "shopify"
    shop = Shop.find_or_create_by_url(params[:shop].gsub(/https?\:\/\//, ""))
    shop.update_attribute(:token, omniauth['credentials'].token)
    shopify_session = ShopifyAPI::Session.new(shop.url, shop.token)
    session[:shop_id] = shop.to_param
    redirect_to root_url
  else
    flash[:error] = "Something went wrong"
    redirect_to root_url
  end
end

配置/初始化/ omniauth.rb 

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :shopify, Settings.api_key, Settings.api_secret,
    scope: 'write_products,write_script_tags,read_orders',
    setup: lambda { |env| params = Rack::Utils.parse_query(env['QUERY_STRING'])
                        env['omniauth.strategy'].options[:client_options][:site] = "http://#{params['shop']}" }
end

然后在您的路线文件中,适当地映射会话的创建操作:

match '/auth/shopify/callback', :to => 'login#create'

从那里我使用shopify_session方法作为适当控制器上的周围过滤器。

相关问题
最新问题