Deprecate validate_shop call from JWT class

CHANGELOG.md

@@ -3,8 +3,10 @@
 ## Unreleased
 
 ### Fixed
+
 - [#935](https://github.com/Shopify/shopify_api/pull/935) Fix issue [#931](https://github.com/Shopify/shopify_api/pull/931), weight of variant should be float
 - [#939](https://github.com/Shopify/shopify_api/pull/939) Hotfix for `.spin.dev` JWT validation.
+- [#944](https://github.com/Shopify/shopify_api/pull/944) Deprecated the `validate_shop` method from the JWT class since we can trust the token payload.
 
 ## Version 10.0.2
 

lib/shopify_api/auth/jwt_payload.rb

@@ -35,8 +35,6 @@ def initialize(token)
 
         raise ShopifyAPI::Errors::InvalidJwtTokenError,
           "Session token had invalid API key" unless @aud == Context.api_key
-        raise ShopifyAPI::Errors::InvalidJwtTokenError,
-          "Session token had invalid shop" unless validate_shop(shop)
       end
 
       sig { returns(String) }
@@ -46,6 +44,7 @@ def shop
 
       sig { params(shop: String).returns(T::Boolean) }
       def validate_shop(shop)
+        puts "Deprecation notice: validate_shop will be removed in the next major release."
         /\A[a-z0-9]+[a-z0-9\-\.]*[a-z0-9]+\.(myshopify\.(io|com)|spin\.dev)\z/.match?(shop)
       end
 

test/auth/jwt_payload_test.rb

@@ -83,15 +83,6 @@ def test_decode_jwt_payload_fails_if_not_activated_yet
         end
       end
 
-      def test_decode_jwt_payload_fails_if_domain_is_invalid
-        payload = @jwt_payload.dup
-        payload[:dest] = "https://notadomain"
-        jwt_token = JWT.encode(payload, ShopifyAPI::Context.api_secret_key, "HS256")
-        assert_raises(ShopifyAPI::Errors::InvalidJwtTokenError) do
-          ShopifyAPI::Auth::JwtPayload.new(jwt_token)
-        end
-      end
-
       def test_decode_jwt_payload_fails_with_invalid_api_key
         jwt_token = JWT.encode(@jwt_payload, ShopifyAPI::Context.api_secret_key, "HS256")