diff --git a/CHANGELOG.md b/CHANGELOG.md index 4785e41e4..4854f2862 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,8 +3,10 @@ ## Unreleased ### Fixed + - [#935](https://github.com/Shopify/shopify_api/pull/935) Fix issue [#931](https://github.com/Shopify/shopify_api/pull/931), weight of variant should be float - [#939](https://github.com/Shopify/shopify_api/pull/939) Hotfix for `.spin.dev` JWT validation. +- [#944](https://github.com/Shopify/shopify_api/pull/944) Deprecated the `validate_shop` method from the JWT class since we can trust the token payload. ## Version 10.0.2 diff --git a/lib/shopify_api/auth/jwt_payload.rb b/lib/shopify_api/auth/jwt_payload.rb index 68ece1793..61f13ab36 100644 --- a/lib/shopify_api/auth/jwt_payload.rb +++ b/lib/shopify_api/auth/jwt_payload.rb @@ -35,8 +35,6 @@ def initialize(token) raise ShopifyAPI::Errors::InvalidJwtTokenError, "Session token had invalid API key" unless @aud == Context.api_key - raise ShopifyAPI::Errors::InvalidJwtTokenError, - "Session token had invalid shop" unless validate_shop(shop) end sig { returns(String) } @@ -46,6 +44,7 @@ def shop sig { params(shop: String).returns(T::Boolean) } def validate_shop(shop) + puts "Deprecation notice: validate_shop will be removed in the next major release." /\A[a-z0-9]+[a-z0-9\-\.]*[a-z0-9]+\.(myshopify\.(io|com)|spin\.dev)\z/.match?(shop) end diff --git a/test/auth/jwt_payload_test.rb b/test/auth/jwt_payload_test.rb index 6f1fcb4d2..7ca6bdd62 100644 --- a/test/auth/jwt_payload_test.rb +++ b/test/auth/jwt_payload_test.rb @@ -83,15 +83,6 @@ def test_decode_jwt_payload_fails_if_not_activated_yet end end - def test_decode_jwt_payload_fails_if_domain_is_invalid - payload = @jwt_payload.dup - payload[:dest] = "https://notadomain" - jwt_token = JWT.encode(payload, ShopifyAPI::Context.api_secret_key, "HS256") - assert_raises(ShopifyAPI::Errors::InvalidJwtTokenError) do - ShopifyAPI::Auth::JwtPayload.new(jwt_token) - end - end - def test_decode_jwt_payload_fails_with_invalid_api_key jwt_token = JWT.encode(@jwt_payload, ShopifyAPI::Context.api_secret_key, "HS256")