ShopifySharp
ShopifySharp copied to clipboard
nozzlegear
Bug with Proxied Query Strings Authorization._querystringRegex
Just this afternoon, I discovered an unexpected change with the queries coming from Shopify. I found the query string now contains a "logged_in_customer_id" field. If the customer is not logged in then the value will be empty otherwise it (naturally) appears to hold the customers ID.
This was breaking the AuthorizationService.IsAuthenticProxyRequest(string,string), and causing it to improperly fail when a customer is not logged in, but works expectedly when logged in.
Digging around I found it was the AuthorizationService._querystringRegex causing the issue. as the second group requires at least 1+ instead of 0+ I patched my own version with the Regex ?|&=([^?|^&]*) and it appears to be working properly again.
Thanks for the report! I'll take a look into this soon, although I have several proxy apps and haven't noticed any issues yet.
I need to add in some tests for validating proxy requests, but the last time I tried it was somewhat difficult. This package is using a private app for testing the API, but since private apps can't use proxy pages I'm not able to just copy over a querystring and paste it into a test. I'll have to figure that out.
I ran into this issue as well. I worked around it by parsing the query string myself and then called IsAuthenticProxyRequest(IDictionary<string, string> querystring, string shopifySecretKey) instead of IsAuthenticProxyRequest(string querystring, string shopifySecretKey);
@braceabilitycode Thanks! Just to be clear, when you parsed the querystring manually, did you include the logged_in_customer_id field in the dictionary?