Skip to content

Move callbacks to use new signed_payload_jwt #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 21, 2021
Merged

Move callbacks to use new signed_payload_jwt #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bf5eb07
Use JWT for payload
bookernath Jun 20, 2021
f4307a6
Update uninstall and remove user callbacks to use JWT
bookernath Jun 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,4 @@ Thumbs.db
# Environment #
###############
*.env
venv/
40 changes: 23 additions & 17 deletions app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,11 @@ def bad_request(e):
return content, 400


def jwt_error(e):
print(f"JWT verification failed: {e}")
return "Payload verification failed!", 401


# Helper for template rendering
def render(template, context):
return flask.render_template(template, **context)
Expand Down Expand Up @@ -188,14 +193,15 @@ def auth_callback():
@app.route('/bigcommerce/load')
def load():
# Decode and verify payload
payload = flask.request.args['signed_payload']
user_data = BigcommerceApi.oauth_verify_payload(payload, client_secret())
if user_data is False:
return "Payload verification failed!", 401
payload = flask.request.args['signed_payload_jwt']
try:
user_data = BigcommerceApi.oauth_verify_payload_jwt(payload, client_secret(), client_id())
except Exception as e:
return jwt_error(e)

bc_user_id = user_data['user']['id']
email = user_data['user']['email']
store_hash = user_data['store_hash']
store_hash = user_data['sub'].split('stores/')[1]

# Lookup store
store = Store.query.filter_by(store_hash=store_hash).first()
Expand Down Expand Up @@ -224,13 +230,14 @@ def load():
@app.route('/bigcommerce/uninstall')
def uninstall():
# Decode and verify payload
payload = flask.request.args['signed_payload']
user_data = BigcommerceApi.oauth_verify_payload(payload, client_secret())
if user_data is False:
return "Payload verification failed!", 401
payload = flask.request.args['signed_payload_jwt']
try:
user_data = BigcommerceApi.oauth_verify_payload_jwt(payload, client_secret(), client_id())
except Exception as e:
return jwt_error(e)

# Lookup store
store_hash = user_data['store_hash']
store_hash = user_data['sub'].split('stores/')[1]
store = Store.query.filter_by(store_hash=store_hash).first()
if store is None:
return "Store not found!", 401
Expand All @@ -250,14 +257,13 @@ def uninstall():
# The Remove User Callback URL.
@app.route('/bigcommerce/remove-user')
def remove_user():
# Decode and verify payload
payload = flask.request.args['signed_payload']
user_data = BigcommerceApi.oauth_verify_payload(payload, client_secret())
if user_data is False:
return "Payload verification failed!", 401
payload = flask.request.args['signed_payload_jwt']
try:
user_data = BigcommerceApi.oauth_verify_payload_jwt(payload, client_secret(), client_id())
except Exception as e:
return jwt_error(e)

# Lookup store
store_hash = user_data['store_hash']
store_hash = user_data['sub'].split('stores/')[1]
store = Store.query.filter_by(store_hash=store_hash).first()
if store is None:
return "Store not found!", 401
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Werkzeug==2.0.1
itsdangerous==2.0.1
requests==2.25.1
python-dotenv==0.17.1
bigcommerce==0.22.0
bigcommerce==0.22.2
gunicorn==20.1.0
psycopg2==2.8.6
Flask-SQLAlchemy==2.5.1