Use ApiAccess from shopify_api to encapsulate scopes and their common…

… operations
Shopify · Jan 28, 2021 · 97ea8b0 · 97ea8b0
1 parent 3d618ea
commit 97ea8b0
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 12 deletions.
diff --git a/lib/omniauth/shopify.rb b/lib/omniauth/shopify.rb
@@ -1,2 +1,3 @@
 require 'omniauth/shopify/version'
 require 'omniauth/strategies/shopify'
+require 'shopify_api'
diff --git a/lib/omniauth/strategies/shopify.rb b/lib/omniauth/strategies/shopify.rb
@@ -6,7 +6,6 @@ class Shopify < OmniAuth::Strategies::OAuth2
       # Available scopes: content themes products customers orders script_tags shipping
       # read_*  or write_*
       DEFAULT_SCOPE = 'read_products'
-      SCOPE_DELIMITER = ','
       MINUTE = 60
       CODE_EXPIRES_AFTER = 10 * MINUTE
 
@@ -74,16 +73,11 @@ def valid_signature?
       end
 
       def valid_scope?(token)
-        params = options.authorize_params.merge(options_for("authorize"))
-        return false unless token && params[:scope] && token['scope']
-        expected_scope = normalized_scopes(params[:scope]).sort
-        (expected_scope == token['scope'].split(SCOPE_DELIMITER).sort)
-      end
-
-      def normalized_scopes(scopes)
-        scope_list = scopes.to_s.split(SCOPE_DELIMITER).map(&:strip).reject(&:empty?).uniq
-        ignore_scopes = scope_list.map { |scope| scope =~ /\A(unauthenticated_)?write_(.*)\z/ && "#{$1}read_#{$2}" }.compact
-        scope_list - ignore_scopes
+        config = options.authorize_params.merge(options_for("authorize"))
+        return false unless token && config[:scope] && token['scope']
+        expected_api_access = ::ShopifyAPI::ApiAccess.new(config[:scope])
+        actual_api_access = ::ShopifyAPI::ApiAccess.new(token['scope'])
+        actual_api_access == expected_api_access
       end
 
       def self.encoded_params_for_signature(params)
@@ -146,7 +140,8 @@ def build_access_token
 
       def authorize_params
         super.tap do |params|
-          params[:scope] = normalized_scopes(params[:scope] || DEFAULT_SCOPE).join(SCOPE_DELIMITER)
+          scopes = params[:scope] || DEFAULT_SCOPE
+          params[:scope] = ::ShopifyAPI::ApiAccess.new(scopes).to_s
           params[:grant_options] = ['per-user'] if options[:per_user_permissions]
         end
       end

diff --git a/omniauth-shopify-oauth2.gemspec b/omniauth-shopify-oauth2.gemspec
@@ -21,6 +21,7 @@ Gem::Specification.new do |s|
 
   s.add_runtime_dependency 'omniauth-oauth2', ['~> 1.5', '< 1.7.1']
   s.add_runtime_dependency 'activesupport'
+  s.add_runtime_dependency('shopify_api', '~> 9.3')
 
   s.add_development_dependency 'minitest', '~> 5.6'
   s.add_development_dependency 'rspec', '~> 3.9.0'