def __init__(self, api_key, url, secret, params=None, protocol='https'):
"""init is called in two cases: either with request parameters or without.
If params are passed, we attempt to authenticate the url/secret combo.
secret can be either the app's shared_secret or the user's password.
"""
self.url = Session.prepare_shop_domain(url)
self.user = api_key
if params is not None:
# attempt to authenticate the params
if self.validate_signature(secret, params):
password = util.md5(secret+params['t']).hexdigest()
else:
raise AuthException('Unable to authenticate url: %s' % self.url)
else:
password = secret
site = "%s://%s/admin/" % (protocol, self.url)
super(Session, self).__init__(site, self.user, password)
for resource in _remote_resources():
name = resource.__name__
resource_class = new.classobj(name, (resource,), {'_site': site})
resource_class._connection = resource_class.session = self
setattr(self, name, resource_class)
def validate_signature(self, secret, params):
if 'signature' in params and 't' in params and 'timestamp' in params:
# TODO: check that timestamp is <= 24 hours ago
# If the signature checks out, we know the request came from Shopify
if util.md5(secret+"shop=%st=%stimestamp=%s" % (self.url, params['t'], params['timestamp'])).hexdigest() == params['signature']:
return True
return False
