From 37ef397d9611c4b1fcafc052331b5889125c975c Mon Sep 17 00:00:00 2001 From: Nahid Bin Azhar Date: Wed, 13 Sep 2023 15:27:31 +0600 Subject: [PATCH] added tests for coverage --- src/Actions/InstallShop.php | 15 --------- .../Http/Middleware/IframeProtectionTest.php | 24 ++++++++++++++ tests/Http/Middleware/VerifyShopifyTest.php | 32 +++++++++++++++++++ 3 files changed, 56 insertions(+), 15 deletions(-) diff --git a/src/Actions/InstallShop.php b/src/Actions/InstallShop.php index 9f0a22b3..11360d02 100644 --- a/src/Actions/InstallShop.php +++ b/src/Actions/InstallShop.php @@ -66,13 +66,6 @@ public function __construct( */ public function __invoke(ShopDomain $shopDomain, ?string $code): array { - if (!$this->isValidShop($shopDomain)) { - return [ - 'completed' => false, - 'url' => null, - 'shop_id' => null, - ]; - } // Get the shop $shop = $this->shopQuery->getByDomain($shopDomain, [], true); @@ -126,12 +119,4 @@ public function __invoke(ShopDomain $shopDomain, ?string $code): array ]; } } - - public function isValidShop(ShopDomain $shopDomain): bool - { - $regex = '/^[a-zA-Z0-9][a-zA-Z0-9\-]*.myshopify.com/'; - $isMatched = preg_match($regex, $shopDomain->toNative(), $matches, PREG_OFFSET_CAPTURE); - - return $isMatched === 1; - } } diff --git a/tests/Http/Middleware/IframeProtectionTest.php b/tests/Http/Middleware/IframeProtectionTest.php index a02448db..14bba2d8 100644 --- a/tests/Http/Middleware/IframeProtectionTest.php +++ b/tests/Http/Middleware/IframeProtectionTest.php @@ -63,4 +63,28 @@ public function testIframeProtectionWithUnauthorizedShop(): void $this->assertNotEmpty($currentHeader); $this->assertEquals($expectedHeader, $currentHeader); } + + public function testIframeProtectionWithExistingAncestorsInConfig(): void + { + $shop = factory($this->model)->create(); + $this->auth->login($shop); + $this->app['config']->set('shopify-app.iframe_ancestors', 'https://example.com'); + + $domain = auth()->user()->name; + $expectedHeader = "frame-ancestors https://$domain https://admin.shopify.com https://example.com"; + + $request = new Request(); + $shopQueryStub = $this->createStub(ShopQuery::class); + $shopQueryStub->method('getByDomain')->willReturn($shop); + $next = function () { + return new Response('Test Response'); + }; + + $middleware = new IframeProtection($shopQueryStub); + $response = $middleware->handle($request, $next); + $currentHeader = $response->headers->get('content-security-policy'); + + $this->assertNotEmpty($currentHeader); + $this->assertEquals($expectedHeader, $currentHeader); + } } diff --git a/tests/Http/Middleware/VerifyShopifyTest.php b/tests/Http/Middleware/VerifyShopifyTest.php index 047584c7..79869ed2 100644 --- a/tests/Http/Middleware/VerifyShopifyTest.php +++ b/tests/Http/Middleware/VerifyShopifyTest.php @@ -317,4 +317,36 @@ public function testTokenProcessingAndMissMatchingShops(): void $this->expectException(HttpException::class); $this->runMiddleware(VerifyShopify::class, $newRequest); } + + public function testNotNativeAppbridgeWithTokenProcessingAndLoginShop(): void + { + // Create a shop that matches the token from buildToken + factory($this->model)->create(['name' => 'shop-name.myshopify.com']); + $this->app['config']->set('shopify-app.frontend_engine', 'REACT'); + + // Setup the request + $currentRequest = Request::instance(); + $newRequest = $currentRequest->duplicate( + // Query Params + [ + 'shop' => 'shop-name.myshopify.com', + ], + // Request Params + null, + // Attributes + null, + // Cookies + null, + // Files + null, + // Server vars + [ + 'HTTP_Authorization' => "Bearer {$this->buildToken()}", + ] + ); + + // Run the middleware + $result = $this->runMiddleware(VerifyShopify::class, $newRequest); + $this->assertTrue($result[0]); + } }