msb_52843
/
dalong_mall
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix shopify hmac verify

Browse Source
master
Yixian 3 years ago
parent 6d9986d044
commit 2362015ae1
3 changed files with 37 additions and 12 deletions
Show Stats Download Patch File Download Diff File

7
src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/service/ShopifyRequestValidator.java
Unescape View File

@ -21,11 +21,8 @@ public class ShopifyRequestValidator {
return HmacVerificationUtil.hmacSHA256(message.toString(), clientSecret, parameter.getHmac());
}
public boolean verifyPermission(String shopifyStoreHost, String hmac, String timestamp) {
StringBuilder message =new StringBuilder();
message.append("shop=").append(shopifyStoreHost)
.append("&timestamp=").append(timestamp);
return HmacVerificationUtil.hmacSHA256(message.toString(),clientSecret,hmac);
public boolean verifyPermission(String queryStrWithoutHmac, String hmac) {
return HmacVerificationUtil.hmacSHA256(queryStrWithoutHmac, clientSecret, hmac);
}
public boolean verify(String message, String hmac) {

11
src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
Unescape View File

@ -10,9 +10,12 @@ import au.com.royalpay.payment.tools.env.PlatformEnvironment;
import au.com.royalpay.payment.tools.exceptions.BadRequestException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.util.UriComponentsBuilder;
import javax.servlet.http.HttpServletRequest;
import java.util.regex.Pattern;
@Controller
@ -33,18 +36,18 @@ public class ShopifyAuthTemplateController {
*
* @param shop
* @param hmac
* @param timestamp
* @return
*/
@GetMapping("/auth")
@ShopifyEndpoint
public String shopifyStorePermission(@RequestParam("shop") String shop,
@RequestParam("hmac") String hmac,
@RequestParam("timestamp") String timestamp) {
@RequestParam("hmac") String hmac, HttpServletRequest request) {
if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
throw new BadRequestException("Parameter shop is invalid.");
}
if (!shopifyRequestValidator.verifyPermission(shop, hmac, timestamp)) {
String queryStr = UriComponentsBuilder.fromHttpRequest(new ServletServerHttpRequest(request))
.replaceQueryParam("hmac").build().getQuery();
if (!shopifyRequestValidator.verifyPermission(queryStr, hmac)) {
throw new ShopifyRequestVerifyException("This request parameters is invalid");
}
ShopifyPermissionURL shopifyPermissionURL = shopifyMerchantAuthApplication.getShopifyPermissionUrl(shop);

25
src/test/java/au/com/royalpay/payment/manage/shopify/support/HmacVerificationUtilTest.java
Unescape View File

@ -0,0 +1,25 @@
package au.com.royalpay.payment.manage.shopify.support;
import org.junit.jupiter.api.Test;
import org.springframework.web.util.UriComponentsBuilder;
import static org.junit.jupiter.api.Assertions.*;
class HmacVerificationUtilTest {
@Test
void checkParameters() {
String message = "host=Z2Vlay10ZXN0LXNob3AubXlzaG9waWZ5LmNvbS9hZG1pbg&shop=geek-test-shop.myshopify.com&timestamp=1648025715";
String key = "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";
String hmac = "803cd4924b19cedc5361ab09776d078a18be3ba32fd7d62de72269a12bec1ffc";
assert HmacVerificationUtil.hmacSHA256(message, key, hmac);
}
@Test
void testQuery() {
String base = "host=Z2Vlay10ZXN0LXNob3AubXlzaG9waWZ5LmNvbS9hZG1pbg&timestamp=1648025715&shop=geek-test-shop.myshopify.com";
String query = UriComponentsBuilder.fromUriString("/shopify/auth?hmac=803cd4924b19cedc5361ab09776d078a18be3ba32fd7d62de72269a12bec1ffc&host=Z2Vlay10ZXN0LXNob3AubXlzaG9waWZ5LmNvbS9hZG1pbg&timestamp=1648025715&shop=geek-test-shop.myshopify.com")
.replaceQueryParam("hmac").build().getQuery();
assertEquals(base, query);
}
}
Write Preview
Loading…
Cancel
Save