Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: shopify hmac verifcation need change to successfully validate #475

Closed
Paritoshyadav opened this issue Oct 13, 2022 · 4 comments
Closed

BUG: shopify hmac verifcation need change to successfully validate #475

Paritoshyadav opened this issue Oct 13, 2022 · 4 comments

Comments

@Paritoshyadav
Copy link
Contributor

Paritoshyadav commented Oct 13, 2022
edited 

	digest := fmt.Sprintf(
		"code=%s&shop=%s&state=%s&timestamp=%s",
		params.Get("code"),
		params.Get("shop"),
		params.Get("state"),
		params.Get("timestamp"),
	)
	h := hmac.New(sha256.New, []byte(os.Getenv("SHOPIFY_SECRET")))
	h.Write([]byte(digest))
	sha := hex.EncodeToString(h.Sum(nil))

to

digest := fmt.Sprintf(
		"code=%s&host=%s&shop=%s&state=%s&timestamp=%s",
		params.Get("code"),
		params.Get("host"), //need to add host
		params.Get("shop"),
		params.Get("state"),
		params.Get("timestamp"),
	)
	h := hmac.New(sha256.New, []byte(os.Getenv("SHOPIFY_SECRET")))
	h.Write([]byte(digest))
	sha := hex.EncodeToString(h.Sum(nil))

Need to include host params to successfully validate hmac, else it will fail
@Paritoshyadav Paritoshyadav changed the title shopify hmac verifcation need change to successfully validate BUG: shopify hmac verifcation need change to successfully validate Oct 13, 2022
@techknowlogick
Copy link
Collaborator

Thanks @Paritoshyadav, would you be able to send a PR to update this?

@Paritoshyadav
Copy link
Contributor Author

@techknowlogick sure

@Paritoshyadav Paritoshyadav mentioned this issue Oct 25, 2022
Merged
@Paritoshyadav
Copy link
Contributor Author

@techknowlogick check PR

@techknowlogick
Copy link
Collaborator

closing this ticket as PR has now been merged. thanks for sending that :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@techknowlogick @Paritoshyadav