Code Coverage for /var/www/html/shopify-sdk/shopifychamp-sdk/src/PublicApp.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	75.00% covered (warning)	75.00%	6 / 8	CRAP	72.00% covered (warning)	72.00%	36 / 50
Shopify\PublicApp	0.00% covered (danger)	0.00%	0 / 1	75.00% covered (warning)	75.00%	6 / 8	26.92	72.00% covered (warning)	72.00%	36 / 50
__construct				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	8 / 8
setAccessToken				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	4 / 4
getAccessToken				0.00% covered (danger)	0.00%	0 / 1	22.10	23.53% covered (danger)	23.53%	4 / 17
prepareAuthorizeUrl				100.00% covered (success)	100.00%	1 / 1	4	100.00% covered (success)	100.00%	11 / 11
setState				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	2 / 2
getState				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	1 / 1
validateHmac				100.00% covered (success)	100.00%	1 / 1	3	100.00% covered (success)	100.00%	4 / 4
validateState				0.00% covered (danger)	0.00%	0 / 1	2.15	66.67% covered (warning)	66.67%	2 / 3

1	<?php
2
3	namespace Shopify;
4	use Shopify\Common\AppInterface;
5	use Shopify\Exception\ApiException;
6
7	/**
8	* Class PublicApp
9	* @package Shopify
10	*/
11	class PublicApp extends Client implements AppInterface
12	{
13	/**
14	* define scope for api access
15	*/
16	const SCOPE = 'read_products,read_orders';
17
18	/**
19	*
20	* @var string
21	*/
22	private $oauth_url = 'https://{shopify_domain}/admin/oauth/';
23
24	/**
25	* random unique value for each authorization request
26	* @var state
27	*/
28	private $state;
29
30	/**
31	* PublicApp constructor.
32	* Shopify domain => testshop.myshopify.com
33	* @param $shop
34	* Shopify api key
35	* @param $api_key
36	* Shopify api secret key
37	* @param $api_secret_key
38	* ['version'=>'2020-01']
39	* @param array $api_params
40	* @throws ApiException
41	*/
42	public function __construct($shop, $api_key, $api_secret_key, array $api_params = [])
43	{
44	$this->setShop($shop);
45	$this->api_key = $api_key;
46	$this->api_secret_key = $api_secret_key;
47	$this->api_params = $api_params;
48	$this->setApiVersion($this->api_params);
49	$this->setGraphqlApiUrl($this->graphql_api_url);
50	$this->setRestApiUrl($this->rest_api_url);
51	}
52
53	/**
54	* assign access token for api call
55	* @param $access_token
56	*/
57	public function setAccessToken($access_token)
58	{
59	$this->access_token = $access_token;
60	$this->setRestApiHeaders($this->access_token);
61	$this->setGraphqlApiHeaders($this->access_token);
62	}
63
64	/**
65	* Once the User has authorized the app, call to get the access token
66	* @param $get_params
67	* @return mixed
68	* @throws ApiException
69	* @throws ClientException
70	*/
71	public function getAccessToken($get_params)
72	{
73	if(isset($get_params['code'],$get_params['hmac']))
74	{
75	if(isset($get_params['state']) && !$this->validateState($get_params))
76	throw new ApiException("Previous state value('".$this->getState()."') doesn't match with current value('".$get_params['state']."')",0);
77	if(!$this->validateHmac($get_params,$get_params['hmac']))
78	throw new ApiException("Hmac validation failed",0);
79	$access_token_url = $this->oauth_url.'access_token';
80	$access_token_url = strtr($access_token_url,['{shopify_domain}'=> $this->shop]);
81	$params['client_id'] = $this->api_key;
82	$params['client_secret'] = $this->api_secret_key;
83	$params['code'] = $get_params['code'];
84	$http_response = $this->request('POST', $access_token_url, ['query'=>$params]);
85	$response = \GuzzleHttp\json_decode($http_response->getBody()->getContents(),true);
86	if(isset($response['access_token']))
87	{
88	$this->setAccessToken($response['access_token']);
89	return $response['access_token'];
90	}
91	}
92	else {
93	throw new ApiException('Unable to authorise app, check your credentials',0);
94	}
95
96	}
97
98	/**
99	* prepare url to authorize public app with Oauth for given shop domain
100	* @param $scope
101	* @param null $redirect_url
102	* @param $state
103	* @return false\|string
104	*/
105	public function prepareAuthorizeUrl($redirect_url='', $scope='', $state=false)
106	{
107	/&redirect_uri={redirect_uri}&state={nonce}/
108	$authorise_url = $this->oauth_url.'authorize?client_id={api_key}&scope={scopes}';
109	$authorise_url = strtr($authorise_url, [
110	'{shopify_domain}'=> $this->shop,
111	'{api_key}'=> $this->api_key,
112	'{scopes}'=> !empty($scope)?$scope:self::SCOPE
113	]
114	);
115	if($redirect_url){
116	$authorise_url.='&redirect_uri='.$redirect_url;
117	}
118	if($state){
119	$this->setState($state);
120	$authorise_url.='&state='.$this->getState();
121	}
122	return $authorise_url;
123	}
124
125	/**
126	* set random unique value for authorization request
127	* @param $state
128	*/
129	public function setState($state)
130	{
131	$this->state = $state;
132	}
133
134	/**
135	* get random unique value for authorization request
136	* @return string
137	*/
138	public function getState()
139	{
140	return $this->state;
141	}
142
143	/**
144	* HMAC verification procedure for OAuth/webhooks
145	* @param $data
146	* @param $hmac
147	* @return bool
148	*/
149	public function validateHmac($data, $hmac)
150	{
151	if(isset($data['hmac'])) {
152	unset($data['hmac']);
153	array_values($data);
154	}
155
156	return ($hmac === hash_hmac('sha256', is_array($data) ? http_build_query($data) : $data, $this->api_secret_key));
157	}
158
159	/**
160	* check random value same with previous value set for authorization request
161	* @param $state
162	* @return bool
163	*/
164	public function validateState($params)
165	{
166	if($params['state'] === $this->getState())
167	return true;
168	return false;
169	}
170	}