Focuses on API authentication, access scopes, and permission management.
I am currently trying to update the shopify_app gem to v19+ which includes a forced upgrade of the shopify_api gem to version 10+. This upgrade is proving to be very difficult.
My biggest hurdle at the moment is getting my RSpec tests to authenticate requests for controllers that inherit from the gem's Authenticated Controller. Before version 19 this could be done as per this issue/discussion: https://github.com/Shopify/shopify_app/issues/1266.
There doesn't seem to be any documentation or discussion on how to authenticate for tests. Has anyone successfully upgraded to v19+ and got tests to pass?
For the record, here is the login method I'm using that is working on version 18x:
module AuthHelper
def login(shop)
OmniAuth.config.test_mode = true
# recommended to enable /auth/shopify and bypass devise override
OmniAuth.config.allowed_request_methods = [:get]
# silences omniauth noise telling me that the above line opens us up to vulnerabilities
# OmniAuth.config.silence_get_warning = true
OmniAuth.config.logger = Rails.logger
OmniAuth.config.add_mock(
:shopify,
provider: 'shopify',
uid: shop.shopify_domain,
credentials: { token: shop.shopify_token },
extra: { scope: ShopifyApp.configuration.scope }
)
# the next 3 lines are technically setting `request.env['key']` on a request that
# has not yet been made.
Rails.application.env_config['omniauth.auth'] = OmniAuth.config.mock_auth[:shopify]
Rails.application.env_config['omniauth.params'] = { shop: shop.shopify_domain }
Rails.application.env_config['jwt.shopify_domain'] = shop.shopify_domain
get '/app/auth/shopify/callback', params: { shop: shop.shopify_domain }
mock_shopify_session(shop)
end
def mock_shopify_session(shop)
session = ShopifyAPI::Session.new(
domain: shop.shopify_domain,
token: shop.shopify_token,
api_version: ShopifyApp.configuration.api_version,
access_scopes: shop.access_scopes
)
ShopifyAPI::Base.activate_session(session)
end
end
Test files can then simply call login(@shop) before each test and the requests will work.
Thanks in advance if anyone can shed any light on how to do this.