private bool VerifyHMAC(ShopifyOAuthResponse response)
{
var query = QueryHelpers.ParseQuery(response.Query);
var keyvalueStrings = new List <string>();
foreach (var key in query.Keys)
{
if (key != "hmac")
{
var formatKey = key.Replace("=", "%3D");
var relation = $"{formatKey}={String.Join("", query[key])}".Replace("&", "%26").Replace("%", "%25");
keyvalueStrings.Add(relation);
}
}
var sha256 = new HMACSHA256();
sha256.Key = Encoding.UTF8.GetBytes(config.SharedSecret);
var keyvaluestring = String.Join("&", keyvalueStrings.ToArray());
var hmacBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(keyvaluestring));
//Convert to Hex String
var hmac = String.Empty;
hmacBytes.ForEach(x =>
{
hmac += x.ToString("x2");
});
return(hmac == response.Hmac);
}
public async Task CompleteShopifyOAuth(ShopifyOAuthResponse resp)
{
var json = JsonConvert.SerializeObject(resp);
var jsonContent = new JsonContent(json);
var response = await api.Post(ApiEndpoints.DropshipOAuthShopify, jsonContent);
}
public async Task <IActionResult> IntegrateShopifyOAuth([FromQuery] ShopifyOAuthResponse response)
{
response.Query = HttpContext.Request.QueryString.Value.Substring(1); //remove leading ?
await dropship.CompleteShopifyOAuth(response);
return(RedirectToAction("Integrations"));
}
public bool VerifyOAuthRequest(ShopifyOAuthResponse response)
{
var somethingNotRight = false;
somethingNotRight.Consume(!VerifyHMAC(response));
somethingNotRight.Consume(!VerifyHostname(response.Shop));
somethingNotRight.Consume(GenerateNouce(response.Shop.Replace(".myshopify.com", "")) != response.State);
return(!somethingNotRight);
}
public async Task <bool> AddShopifyIntegration(DropshipAccount account, ShopifyOAuthResponse oauth, ShopifyOAuth verify)
{
var username = account.Username;
var endpoint = ShopifyEndpoints.OAuthEndpoint(oauth.Shop);
var requestType = new
{
client_id = config.ClientID,
client_secret = config.ClientSecret,
code = oauth.Code
};
var requestContent = JsonConvert.SerializeObject(requestType, jsonSettings);
var content = new JsonContent(requestContent);
var response = await http.Post(endpoint, content);
string message = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
var tokenResponse = JsonConvert.DeserializeObject <ShopifyOAuthAccessResponse>(message, jsonSettings);
verify.VerifyScope(tokenResponse.Scope);
await oauthDb.CreateOAuth(new OAuthAccountModel()
{
AccessToken = tokenResponse.AccessToken,
Username = username,
Service = "Shopify",
Extra = new Dictionary <string, string>()
{
{ "Shop", oauth.Shop }
},
AccountID = account.ID
});
return(true);
}
else
{
return(false);
}
}
public async Task <IActionResult> CreateShopifyOAuth([FromBody] ShopifyOAuthResponse response, [FromServices] ShopifyOAuth oauth)
{
if (!oauth.VerifyOAuthRequest(response))
{
return(NotFound());
}
var username = String.Empty;
if (HttpContext.User.Identity.IsAuthenticated)
{
username = HttpContext.User.Identity.Name;
}
var account = await dbAccounts.GetOneByUsername(username);
if (!await shopify.AddShopifyIntegration(account, response, oauth))
{
return(NotFound());
}
return(Ok());
}
