Sha256: 6e5306c51eaf3637a46d75bd197c0231202af5ae7c479b9b5590ea76a5020bc7

Contents?: true

Size: 1.83 KB

Versions: 17

Compression:

Stored size: 1.83 KB

Contents

# frozen_string_literal: true
module ShopifyApp
  class JWT
    class InvalidDestinationError < StandardError; end
    class MismatchedHostsError < StandardError; end
    class InvalidAudienceError < StandardError; end

    WARN_EXCEPTIONS = [
      ::JWT::DecodeError,
      ::JWT::ExpiredSignature,
      ::JWT::ImmatureSignature,
      ::JWT::VerificationError,
      InvalidAudienceError,
      InvalidDestinationError,
      MismatchedHostsError,
    ]

    def initialize(token)
      @token = token
      set_payload
    end

    def shopify_domain
      @payload && ShopifyApp::Utils.sanitize_shop_domain(@payload['dest'])
    end

    def shopify_user_id
      @payload && @payload['sub']
    end

    private

    def set_payload
      payload, _ = parse_token_data(ShopifyApp.configuration&.secret, ShopifyApp.configuration&.old_secret)
      @payload = validate_payload(payload)
    rescue *WARN_EXCEPTIONS => error
      Rails.logger.warn("[ShopifyApp::JWT] Failed to validate JWT: [#{error.class}] #{error}")
      nil
    end

    def parse_token_data(secret, old_secret)
      ::JWT.decode(@token, secret, true, { algorithm: 'HS256' })
    rescue ::JWT::VerificationError
      raise unless old_secret

      ::JWT.decode(@token, old_secret, true, { algorithm: 'HS256' })
    end

    def validate_payload(payload)
      dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload['dest'])
      iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload['iss'])
      api_key = ShopifyApp.configuration.api_key

      raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload['aud'] == api_key
      raise InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
      raise MismatchedHostsError, "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host

      payload
    end
  end
end

Version data entries

17 entries across 17 versions & 1 rubygems

Version Path
shopify_app-15.0.0 lib/shopify_app/session/jwt.rb
shopify_app-14.4.4 lib/shopify_app/session/jwt.rb
shopify_app-14.4.3 lib/shopify_app/session/jwt.rb
shopify_app-14.4.2 lib/shopify_app/session/jwt.rb
shopify_app-14.4.1 lib/shopify_app/session/jwt.rb
shopify_app-14.4.0 lib/shopify_app/session/jwt.rb
shopify_app-14.3.0 lib/shopify_app/session/jwt.rb
shopify_app-14.2.0 lib/shopify_app/session/jwt.rb
shopify_app-14.1.0 lib/shopify_app/session/jwt.rb
shopify_app-14.0.0 lib/shopify_app/session/jwt.rb
shopify_app-13.5.0 lib/shopify_app/session/jwt.rb
shopify_app-13.4.1 lib/shopify_app/session/jwt.rb
shopify_app-13.4.0 lib/shopify_app/session/jwt.rb
shopify_app-13.3.0 lib/shopify_app/session/jwt.rb
shopify_app-13.2.0 lib/shopify_app/session/jwt.rb
shopify_app-13.1.1 lib/shopify_app/session/jwt.rb
shopify_app-13.1.0 lib/shopify_app/session/jwt.rb