private bool VerifyHMAC(ShopifyOAuthResponse response) { var query = QueryHelpers.ParseQuery(response.Query); var keyvalueStrings = new List <string>(); foreach (var key in query.Keys) { if (key != "hmac") { var formatKey = key.Replace("=", "%3D"); var relation = $"{formatKey}={String.Join("", query[key])}".Replace("&", "%26").Replace("%", "%25"); keyvalueStrings.Add(relation); } } var sha256 = new HMACSHA256(); sha256.Key = Encoding.UTF8.GetBytes(config.SharedSecret); var keyvaluestring = String.Join("&", keyvalueStrings.ToArray()); var hmacBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(keyvaluestring)); //Convert to Hex String var hmac = String.Empty; hmacBytes.ForEach(x => { hmac += x.ToString("x2"); }); return(hmac == response.Hmac); }
public async Task CompleteShopifyOAuth(ShopifyOAuthResponse resp) { var json = JsonConvert.SerializeObject(resp); var jsonContent = new JsonContent(json); var response = await api.Post(ApiEndpoints.DropshipOAuthShopify, jsonContent); }
public async Task <IActionResult> IntegrateShopifyOAuth([FromQuery] ShopifyOAuthResponse response) { response.Query = HttpContext.Request.QueryString.Value.Substring(1); //remove leading ? await dropship.CompleteShopifyOAuth(response); return(RedirectToAction("Integrations")); }
public bool VerifyOAuthRequest(ShopifyOAuthResponse response) { var somethingNotRight = false; somethingNotRight.Consume(!VerifyHMAC(response)); somethingNotRight.Consume(!VerifyHostname(response.Shop)); somethingNotRight.Consume(GenerateNouce(response.Shop.Replace(".myshopify.com", "")) != response.State); return(!somethingNotRight); }
public async Task <bool> AddShopifyIntegration(DropshipAccount account, ShopifyOAuthResponse oauth, ShopifyOAuth verify) { var username = account.Username; var endpoint = ShopifyEndpoints.OAuthEndpoint(oauth.Shop); var requestType = new { client_id = config.ClientID, client_secret = config.ClientSecret, code = oauth.Code }; var requestContent = JsonConvert.SerializeObject(requestType, jsonSettings); var content = new JsonContent(requestContent); var response = await http.Post(endpoint, content); string message = await response.Content.ReadAsStringAsync(); if (response.IsSuccessStatusCode) { var tokenResponse = JsonConvert.DeserializeObject <ShopifyOAuthAccessResponse>(message, jsonSettings); verify.VerifyScope(tokenResponse.Scope); await oauthDb.CreateOAuth(new OAuthAccountModel() { AccessToken = tokenResponse.AccessToken, Username = username, Service = "Shopify", Extra = new Dictionary <string, string>() { { "Shop", oauth.Shop } }, AccountID = account.ID }); return(true); } else { return(false); } }
public async Task <IActionResult> CreateShopifyOAuth([FromBody] ShopifyOAuthResponse response, [FromServices] ShopifyOAuth oauth) { if (!oauth.VerifyOAuthRequest(response)) { return(NotFound()); } var username = String.Empty; if (HttpContext.User.Identity.IsAuthenticated) { username = HttpContext.User.Identity.Name; } var account = await dbAccounts.GetOneByUsername(username); if (!await shopify.AddShopifyIntegration(account, response, oauth)) { return(NotFound()); } return(Ok()); }