upgrade app api

3 years ago · 4aabbc7f5b
parent 297ea65d7d
commit 4aabbc7f5b
2 changed files with 8 additions and 5 deletions
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/service/ShopifyRequestValidator.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/domain/service/ShopifyRequestValidator.java
@ -21,9 +21,11 @@ public class ShopifyRequestValidator {
        return HmacVerificationUtil.hmacSHA256(message.toString(),clientSecret,parameter.getHmac());
    }

-    public boolean verifyPermission(String shopifyStoreHost, String hmac, String timestamp) {
+    public boolean verifyPermission(String shop, String hmac, String timestamp, String host) {
        StringBuilder message =new StringBuilder();
-        message.append("shop=").append(shopifyStoreHost)
+        message
+                .append("host=").append(host)
+                .append("&shop=").append(shop)
                .append("&timestamp=").append(timestamp);
        return HmacVerificationUtil.hmacSHA256(message.toString(),clientSecret,hmac);
    }
--- a/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
+++ b/src/main/java/au/com/royalpay/payment/manage/shopify/auth/web/ShopifyAuthTemplateController.java
@ -38,13 +38,14 @@ public class ShopifyAuthTemplateController {
     */
    @GetMapping("/auth")
    @ShopifyEndpoint
-    public String shopifyStorePermission(@RequestParam("shop") String shop,
-                                         @RequestParam("hmac") String hmac,
+    public String shopifyStorePermission(@RequestParam("hmac") String hmac,
+                                         @RequestParam("host") String host,
+                                         @RequestParam("shop") String shop,
                                         @RequestParam("timestamp") String timestamp) {
        if (!Pattern.matches("^[a-zA-Z0-9][a-zA-Z0-9\\-]*\\.myshopify\\.com", shop)) {
            throw new BadRequestException("Parameter shop is invalid.");
        }
-        if (!shopifyRequestValidator.verifyPermission(shop, hmac, timestamp)) {
+        if (!shopifyRequestValidator.verifyPermission(shop, hmac, timestamp,host)) {
            throw new ShopifyRequestVerifyException("This request parameters is invalid");
        }
        ShopifyPermissionURL shopifyPermissionURL = shopifyMerchantAuthApplication.getShopifyPermissionUrl(shop);