added tests for coverage

Kyon147 · Sep 13, 2023 · 37ef397 · 37ef397
1 parent c71e073
commit 37ef397
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 15 deletions.
diff --git a/src/Actions/InstallShop.php b/src/Actions/InstallShop.php
@@ -66,13 +66,6 @@ public function __construct(
      */
     public function __invoke(ShopDomain $shopDomain, ?string $code): array
     {
-        if (!$this->isValidShop($shopDomain)) {
-            return [
-                'completed' => false,
-                'url' => null,
-                'shop_id' => null,
-            ];
-        }
         // Get the shop
         $shop = $this->shopQuery->getByDomain($shopDomain, [], true);
 
@@ -126,12 +119,4 @@ public function __invoke(ShopDomain $shopDomain, ?string $code): array
             ];
         }
     }
-
-    public function isValidShop(ShopDomain $shopDomain): bool
-    {
-        $regex = '/^[a-zA-Z0-9][a-zA-Z0-9\-]*.myshopify.com/';
-        $isMatched = preg_match($regex, $shopDomain->toNative(), $matches, PREG_OFFSET_CAPTURE);
-
-        return $isMatched === 1;
-    }
 }
diff --git a/tests/Http/Middleware/IframeProtectionTest.php b/tests/Http/Middleware/IframeProtectionTest.php
@@ -63,4 +63,28 @@ public function testIframeProtectionWithUnauthorizedShop(): void
         $this->assertNotEmpty($currentHeader);
         $this->assertEquals($expectedHeader, $currentHeader);
     }
+
+    public function testIframeProtectionWithExistingAncestorsInConfig(): void
+    {
+        $shop = factory($this->model)->create();
+        $this->auth->login($shop);
+        $this->app['config']->set('shopify-app.iframe_ancestors', 'https://example.com');
+
+        $domain = auth()->user()->name;
+        $expectedHeader = "frame-ancestors https://$domain https://admin.shopify.com https://example.com";
+
+        $request = new Request();
+        $shopQueryStub = $this->createStub(ShopQuery::class);
+        $shopQueryStub->method('getByDomain')->willReturn($shop);
+        $next = function () {
+            return new Response('Test Response');
+        };
+
+        $middleware = new IframeProtection($shopQueryStub);
+        $response = $middleware->handle($request, $next);
+        $currentHeader = $response->headers->get('content-security-policy');
+
+        $this->assertNotEmpty($currentHeader);
+        $this->assertEquals($expectedHeader, $currentHeader);
+    }
 }
diff --git a/tests/Http/Middleware/VerifyShopifyTest.php b/tests/Http/Middleware/VerifyShopifyTest.php
@@ -317,4 +317,36 @@ public function testTokenProcessingAndMissMatchingShops(): void
         $this->expectException(HttpException::class);
         $this->runMiddleware(VerifyShopify::class, $newRequest);
     }
+
+    public function testNotNativeAppbridgeWithTokenProcessingAndLoginShop(): void
+    {
+        // Create a shop that matches the token from buildToken
+        factory($this->model)->create(['name' => 'shop-name.myshopify.com']);
+        $this->app['config']->set('shopify-app.frontend_engine', 'REACT');
+
+        // Setup the request
+        $currentRequest = Request::instance();
+        $newRequest = $currentRequest->duplicate(
+            // Query Params
+            [
+                'shop' => 'shop-name.myshopify.com',
+            ],
+            // Request Params
+            null,
+            // Attributes
+            null,
+            // Cookies
+            null,
+            // Files
+            null,
+            // Server vars
+            [
+                'HTTP_Authorization' => "Bearer {$this->buildToken()}",
+            ]
+        );
+
+        // Run the middleware
+        $result = $this->runMiddleware(VerifyShopify::class, $newRequest);
+        $this->assertTrue($result[0]);
+    }
 }