Sha256: 86ef39fd041f80438a8df1c57655049e55b66f01b33c906f62b32e2c2e62f942
Contents?: true
Size: 1.86 KB
Versions: 1
Compression:
Stored size: 1.86 KB
Contents
# frozen_string_literal: true
module ShopifyApp
class JWT
class InvalidDestinationError < StandardError; end
class MismatchedHostsError < StandardError; end
class InvalidAudienceError < StandardError; end
WARN_EXCEPTIONS = [
::JWT::DecodeError,
::JWT::ExpiredSignature,
::JWT::ImmatureSignature,
::JWT::VerificationError,
InvalidAudienceError,
InvalidDestinationError,
MismatchedHostsError,
]
def initialize(token)
@token = token
set_payload
end
def shopify_domain
@payload && ShopifyApp::Utils.sanitize_shop_domain(@payload['dest'])
end
def shopify_user_id
@payload['sub'].to_i if @payload && @payload['sub']
end
private
def set_payload
payload, _ = parse_token_data(ShopifyApp.configuration&.secret, ShopifyApp.configuration&.old_secret)
@payload = validate_payload(payload)
rescue *WARN_EXCEPTIONS => error
Rails.logger.warn("[ShopifyApp::JWT] Failed to validate JWT: [#{error.class}] #{error}")
nil
end
def parse_token_data(secret, old_secret)
::JWT.decode(@token, secret, true, { algorithm: 'HS256' })
rescue ::JWT::VerificationError
raise unless old_secret
::JWT.decode(@token, old_secret, true, { algorithm: 'HS256' })
end
def validate_payload(payload)
dest_host = ShopifyApp::Utils.sanitize_shop_domain(payload['dest'])
iss_host = ShopifyApp::Utils.sanitize_shop_domain(payload['iss'])
api_key = ShopifyApp.configuration.api_key
raise InvalidAudienceError, "'aud' claim does not match api_key" unless payload['aud'] == api_key
raise InvalidDestinationError, "'dest' claim host not a valid shopify host" unless dest_host
raise MismatchedHostsError, "'dest' claim host does not match 'iss' claim host" unless dest_host == iss_host
payload
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| shopify_app-15.0.1 | lib/shopify_app/session/jwt.rb |