JamesDullaghan · January 13, 2019 19:35
diff --git a/shopify_oauth_example.rb b/shopify_oauth_example.rb
    code  = request.params[:code]
    hmac  = request.params[:hmac]
    shop = request.params[:shop]
    no_values_present = code.nil? && hmac.nil? && shop.nil?

    if no_values_present
      shopify_session = ShopifyAPI::Session.new(current_franchise.shopify_store_url)
      scope = ["read_customers"]

      uri = URI(permission_url)
      uri.query = [uri.query, "state=#{STATE_PARAM}"].compact.join('&')

      redirect_to uri.to_s
      return
    end

    valid_shopify_params = code.present? && hmac.present? && shop.present?

    unless valid_shopify_params
      flash[:error] = "Unable to connect your Shopify account"

      redirect_to dashboard_path
      return
    end

    shopify_session = ShopifyAPI::Session.new(current_franchise.shopify_store_url)
    # code, shop, state, timestamp
    h = request.params.reject do |k,_|
      k == 'hmac' ||
        k == 'controller' ||
        k == 'action'
    end

    sha256 = OpenSSL::Digest.new('sha256')
    # secret = Rails.application.secrets.shopify_api_secret
    secret = "hush"
    query = URI.escape(h.sort.collect{|k,v| "#{k}=#{v}"}.join('&'))
    digest = OpenSSL::HMAC.hexdigest(sha256, secret, query)

    if not ActiveSupport::SecurityUtils.secure_compare(hmac, digest)
      flash[:error] = "Unable to securely authenticate with third party service"

      render 'auth', locals: {}
    end

    params = {
      client_id: Rails.application.secrets.shopify_api_key,
      client_secret: Rails.application.secrets.shopify_api_secret,
      code: code,
    }

    session[:token] = shopify_session.request_token(params)
	code = request.params[:code]
	hmac = request.params[:hmac]
	shop = request.params[:shop]
	no_values_present = code.nil? && hmac.nil? && shop.nil?

	if no_values_present
	shopify_session = ShopifyAPI::Session.new(current_franchise.shopify_store_url)
	scope = ["read_customers"]

	uri = URI(permission_url)
	uri.query = [uri.query, "state=#{STATE_PARAM}"].compact.join('&')

	redirect_to uri.to_s
	return
	end

	valid_shopify_params = code.present? && hmac.present? && shop.present?

	unless valid_shopify_params
	flash[:error] = "Unable to connect your Shopify account"

	redirect_to dashboard_path
	return
	end

	shopify_session = ShopifyAPI::Session.new(current_franchise.shopify_store_url)
	# code, shop, state, timestamp
	h = request.params.reject do \|k,_\|
	k == 'hmac' \|\|
	k == 'controller' \|\|
	k == 'action'
	end

	sha256 = OpenSSL::Digest.new('sha256')
	# secret = Rails.application.secrets.shopify_api_secret
	secret = "hush"
	query = URI.escape(h.sort.collect{\|k,v\| "#{k}=#{v}"}.join('&'))
	digest = OpenSSL::HMAC.hexdigest(sha256, secret, query)

	if not ActiveSupport::SecurityUtils.secure_compare(hmac, digest)
	flash[:error] = "Unable to securely authenticate with third party service"

	render 'auth', locals: {}
	end

	params = {
	client_id: Rails.application.secrets.shopify_api_key,
	client_secret: Rails.application.secrets.shopify_api_secret,
	code: code,
	}

	session[:token] = shopify_session.request_token(params)