def __init__(self, api_key, url, secret, params=None, protocol='https'): """init is called in two cases: either with request parameters or without. If params are passed, we attempt to authenticate the url/secret combo. secret can be either the app's shared_secret or the user's password. """ self.url = Session.prepare_shop_domain(url) self.user = api_key if params is not None: # attempt to authenticate the params if self.validate_signature(secret, params): password = util.md5(secret+params['t']).hexdigest() else: raise AuthException('Unable to authenticate url: %s' % self.url) else: password = secret site = "%s://%s/admin/" % (protocol, self.url) super(Session, self).__init__(site, self.user, password) for resource in _remote_resources(): name = resource.__name__ resource_class = new.classobj(name, (resource,), {'_site': site}) resource_class._connection = resource_class.session = self setattr(self, name, resource_class)
def validate_signature(self, secret, params): if 'signature' in params and 't' in params and 'timestamp' in params: # TODO: check that timestamp is <= 24 hours ago # If the signature checks out, we know the request came from Shopify if util.md5(secret+"shop=%st=%stimestamp=%s" % (self.url, params['t'], params['timestamp'])).hexdigest() == params['signature']: return True return False