Class: OmniAuth::Strategies::Scalus

Inherits:

OAuth2

• Object
• OAuth2
• OmniAuth::Strategies::Scalus

Defined in:

lib/omniauth/strategies/scalus.rb

Constant Summary

DEFAULT_SCOPE =

Available scopes: content themes products customers orders script_tags shipping read_* or write_*

'read_products'

MINUTE =

60

CODE_EXPIRES_AFTER =

10 * MINUTE

Class Method Summary

• .encoded_params_for_signature(params) ⇒ Object
• .hmac_sign(encoded_params, secret) ⇒ Object

Instance Method Summary

• #authorize_params ⇒ Object
• #callback_phase ⇒ Object
• #callback_url ⇒ Object
• #fix_https ⇒ Object
• #request_phase ⇒ Object
• #setup_phase ⇒ Object
• #valid_signature? ⇒ Boolean
• #valid_site? ⇒ Boolean

Class Method Details

.encoded_params_for_signature(params) ⇒ Object

# File 'lib/omniauth/strategies/scalus.rb', line 45

def self.encoded_params_for_signature(params)
  params = params.dup
  params.delete('hmac')
  params.delete('signature') # deprecated signature
  params.map{|k,v| "#{URI.escape(k.to_s, '&=%')}=#{URI.escape(v.to_s, '&%')}"}.sort.join('&')
end

.hmac_sign(encoded_params, secret) ⇒ Object

# File 'lib/omniauth/strategies/scalus.rb', line 52

def self.hmac_sign(encoded_params, secret)
  OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, secret, encoded_params)
end

Instance Method Details

#authorize_params ⇒ Object

# File 'lib/omniauth/strategies/scalus.rb', line 79

def authorize_params
  super.tap do |params|
    params[:scope] ||= DEFAULT_SCOPE
  end
end

#callback_phase ⇒ Object

# File 'lib/omniauth/strategies/scalus.rb', line 73

def callback_phase
  return fail!(:invalid_site) unless valid_site?
  return fail!(:invalid_signature) unless valid_signature?
  super
end

#callback_url ⇒ Object

# File 'lib/omniauth/strategies/scalus.rb', line 85

def callback_url
  options[:callback_url] || full_host + script_name + callback_path
end

#fix_https ⇒ Object

# File 'lib/omniauth/strategies/scalus.rb', line 56

def fix_https
  options[:client_options][:site].gsub!(/\Ahttp\:/, 'https:')
end

#request_phase ⇒ Object

# File 'lib/omniauth/strategies/scalus.rb', line 65

def request_phase
  if valid_site?
    super
  else
    fail!(:invalid_site)
  end
end

#setup_phase ⇒ Object

# File 'lib/omniauth/strategies/scalus.rb', line 60

def setup_phase
  super
  fix_https
end

#valid_signature? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/omniauth/strategies/scalus.rb', line 31

def valid_signature?
  return false unless request.POST.empty?

  params = request.GET
  signature = params['hmac']
  timestamp = params['timestamp']
  return false unless signature && timestamp

  return false unless timestamp.to_i > Time.now.to_i - CODE_EXPIRES_AFTER

  calculated_signature = self.class.hmac_sign(self.class.encoded_params_for_signature(params), options.client_secret)
  Rack::Utils.secure_compare(calculated_signature, signature)
end

#valid_site? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/omniauth/strategies/scalus.rb', line 27

def valid_site?
  !!(/\A(https|http)\:\/\/[a-zA-Z0-9][a-zA-Z0-9\-]*\.#{Regexp.quote(options[:scalus_domain])}[\/]?\z/ =~ options[:client_options][:site])
end