Skip to content
This repository has been archived by the owner on Apr 11, 2024. It is now read-only.

Commit

Permalink
Ensure getCurrentSessionId also gets the ID from an id token via sear…
Browse files Browse the repository at this point in the history 
…ch param
  • Loading branch information
@rezaansyed
rezaansyed committed Sep 8, 2023
1 parent c7b5efc commit 1d08e98
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 13 deletions.
2 changes: 2 additions & 0 deletions lib/auth/oauth/oauth.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ export function tokenExchange(config: ConfigInterface) {
Accept: 'application/json',
},
};

log.info(`Token exchange params: , ${JSON.stringify(postParams)}`)

Check failure on line 105 in lib/auth/oauth/oauth.ts

View workflow job for this annotation

GitHub Actions / CI_Node_14 

Insert `;`

Check failure on line 105 in lib/auth/oauth/oauth.ts

View workflow job for this annotation

GitHub Actions / CI_Node_14 

Insert `;`

Check failure on line 105 in lib/auth/oauth/oauth.ts

View workflow job for this annotation

GitHub Actions / CI_Node_16 

Insert `;`

Check failure on line 105 in lib/auth/oauth/oauth.ts

View workflow job for this annotation

GitHub Actions / CI_Node_16 

Insert `;`

Check failure on line 105 in lib/auth/oauth/oauth.ts

View workflow job for this annotation

GitHub Actions / CI_Node_18 

Insert `;`

Check failure on line 105 in lib/auth/oauth/oauth.ts

View workflow job for this annotation

GitHub Actions / CI_Node_18 

Insert `;`

Check failure on line 105 in lib/auth/oauth/oauth.ts

View workflow job for this annotation

GitHub Actions / CI_Node_20 

Insert `;`

Check failure on line 105 in lib/auth/oauth/oauth.ts

View workflow job for this annotation

GitHub Actions / CI_Node_20 

Insert `;`
const cleanShop = sanitizeShop(config)(shop, true)!;

const HttpClient = httpClientClass(config);
Expand Down
51 changes: 38 additions & 13 deletions lib/session/session-utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import {SESSION_COOKIE_NAME} from '../auth/oauth/types';
import {
abstractConvertRequest,
Cookies,
NormalizedRequest,
NormalizedResponse,
} from '../../runtime/http';
import {sanitizeShop} from '../utils/shop-validator';
Expand Down Expand Up @@ -39,20 +40,14 @@ export function getCurrentSessionId(config: ConfigInterface) {
isOnline,
});

const authHeader = request.headers.Authorization;
if (authHeader) {
const matches = (
typeof authHeader === 'string' ? authHeader : authHeader[0]
).match(/^Bearer (.+)$/);
if (!matches) {
log.error('Missing Bearer token in authorization header', {isOnline});

throw new ShopifyErrors.MissingJwtTokenError(
'Missing Bearer token in authorization header',
);
}
const sessionTokenString = getSessionTokenString(
request,
config,
isOnline,
);

const jwtPayload = await decodeSessionToken(config)(matches[1]);
if (sessionTokenString) {
const jwtPayload = await decodeSessionToken(config)(sessionTokenString);
const shop = jwtPayload.dest.replace(/^https:\/\//, '');

log.debug('Found valid JWT payload', {shop, isOnline});
Expand Down Expand Up @@ -93,3 +88,33 @@ export function customAppSession(config: ConfigInterface) {
});
};
}

function getSessionTokenString(
request: NormalizedRequest,
config: ConfigInterface,
isOnline: boolean,
) {
const log = logger(config);
const url = new URL(request.url);
const authHeader = request.headers.Authorization;
const authParam = url.searchParams.get('id_token')!;

if (authHeader) {
const matches = (
typeof authHeader === 'string' ? authHeader : authHeader[0]
).match(/^Bearer (.+)$/);
if (!matches) {
log.error('Missing Bearer token in authorization header', {
isOnline,
});

throw new ShopifyErrors.MissingJwtTokenError(
'Missing Bearer token in authorization header',
);
}

return matches[1];
} else {
return authParam;
}
}

0 comments on commit 1d08e98

Please sign in to comment.