private void buttonHMAC256_Click(object sender, EventArgs e)
{
var hmacCrypto = new HmacCryptoService(this.textHMACSecret.Text);
var hashedResult =
hmacCrypto.ToBase64EncodedSha256(this.textHMACPayload.Text);
this.textHMACOutput.Text = hashedResult;
}
// No [IdentityProcessor] attribute - the Identity will be dictated by "shop" i.e. domain
//
public ActionResult Return(string code, string shop, string returnUrl)
{
// Attempt to locate the identity, as there maybe a valid Domain + Access Token
// This needs to happen before try-catch, else failure will make it attempt to
// update using System State Repository
//
var userId = _provisioningService.RetrieveUserIdByShopifyDomain(shop);
var identity = _identityService.HydrateIdentity(userId);
if (!identity.IsAuthenticated)
{
throw new HttpException(
(int)HttpStatusCode.Unauthorized, $"Attempt to login using invalid Shopify store {shop}");
}
try
{
if (!VerifyShopifyHmac())
{
throw new Exception("Failed HMAC verification from Shopify Return");
}
if (BackButtonDetected(code))
{
return(Redirect("Domain"));
}
// Get Key and Secret credentials from config file - and there is not Instance-specific.
//
var credentials = ShopifyCredentialsConfig.Settings.ToApiKeyAndSecret(shop);
_shopifyHttpContext.Initialize(credentials);
// Refresh the Shopify Access Token
//
var codeHash = _hmacCrypto.ToBase64EncodedSha256(code);
var accessToken = _oAuthApi.RetrieveAccessToken(code, credentials);
_connectionContext.UpdateShopifyCredentials(shop, accessToken, codeHash);
// Issue ASP.NET sign-in cookie
//
_identityService.SignInAspNetUser(identity.AspNetUserId);
HttpContext.SetIdentity(identity);
if (identity.SystemState.IsRandomAccessMode)
{
return(Redirect(GlobalConfig.Url("/Sync/EndToEnd")));
}
else
{
return(View(new ReturnModel
{
IsWizardMode = true,
IsConnectionOk = true,
}));
}
}
catch (Exception ex)
{
_logger.Error(ex);
_stateRepository.UpdateSystemState(x => x.ShopifyConnState, StateCode.SystemFault);
throw;
}
}