HMAC Failed, Home page and Hook problems

Solved
Highlighted
Tourist
3 2 0

Hi Shopify

I created my first App and follow examples you provide in github. But something won't work as expected. After install my App on the demo-store, I'm able to get client_id, token, hmac, code etc. And able to reach Products endpoint to get all products from my Demo-store.

1- But problem my hmac validation failed all the time. The digest failed with OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'). But I can still get the right token and retrieve the products.

 

def validate_hmac(hmac,request)
      h = request.params.reject{|k,_| k == 'hmac' || k == 'signature'}
      query = URI.escape(h.sort.collect{|k,v| "#{k}=#{v}"}.join('&'))
      digest = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), @shopify_secret, query)

      unless (hmac == digest)

        message = "Authentication failed. Digest provided was: #{digest}"
       raise_error(message, 403)
        return false
      end

      return true
    end

 

 

 

2- I registered for the hook when creating order. However, when I created orders, nothing got hooked, so no callback was received.

 

def create_order_webhook
      # create webhook for order creation if it doesn't exist
      unless ShopifyAPI::Webhook.find(:all).any?
        webhook = {
            topic: 'orders/create',
            address: "https://#{@shopify_app_url}/shopify_store_front/order_create",
            format: 'json'}

        ShopifyAPI::Webhook.create(webhook)
      end
    end

 

 

3- I tried to display a custom html on my app page, but I still got a message "xxxxxxxx.ngrok.io refused to connect." For any html sent to Shopify.

 

Screen Shot 2020-09-06 at 12.34.41 PM.png

Can you help solve those issues ?

0 Likes
Highlighted
Tourist
3 2 0

This is an accepted solution.

I fixed the webhook problem.

So for Rails, I put the following above the controller: 

class ShopifyController < ApplicationController
protect_from_forgery with: :null_session

...

 

0 Likes
Highlighted
Tourist
3 2 0

This is an accepted solution.

The issue for refused connection was solved by adding the following:

https://community.shopify.com/c/Shopify-APIs-SDKs/ngrok-io-refused-to-connect/td-p/526953

 

after_action :allow_shopify_iframe
def allow_shopify_iframe
response.headers['X-Frame-Options'] = 'ALLOWALL'
end

 

0 Likes