search

Shopify / koa-shopify-auth

DEPRECATED Middleware to authenticate a Koa application with Shopify
MIT License
80 stars 64 forks source link

storeCallback of CustomSessionStorage has id as "offline_" -> shop id missing #111

Closed luciilucii closed 3 years ago

luciilucii commented 3 years ago

Issue summary

When trying to redirect the merchant to a charge url, the session in the store callback doesn't have a shop value, and the id is "offline_". The shop is actually an empty string in that case.

Expected behavior

The merchant should be redirected to the charge url.

Actual behavior

The merchant is redirected to an URL that doesn't contain any grant_options. Therefore the page doesn't work and the browser shows the following error:

"This site can’t be reached. Check if there is a typo in admin."

Steps to reproduce the problem

Haven't found out how to clearly reproduce the problem. Reinstalling the app doesn't solve the issue. Neither does changing the ngrok link nor reauthenticating via the partner dashboard for the development store.

When trying the last time, I logged in to a different shop after installing the app in the first shop. After a while, I returned to the first shop. But not entirely sure that this causes the problem.

Important Note

I use both offline and online authentication like described here: https://github.com/Shopify/koa-shopify-auth/issues/106

paulomarg commented 3 years ago

Hey @luciilucii, are you calling loadOfflineSession or loadCurrentSession? This missing id could be a sign that we're lacking the shop for which we're fetching the session.

It would be super helpful if you could grab a stack trace of the storeCallback so we could see which call exactly is causing this. Is that something you could do?

luciilucii commented 3 years ago

Hey @paulomarg

I'm only using loadCurrentSession. I have a hard time reproducing the issue. It seems super random.

In the storeCallback function, I placed a checker for the shop value. So the function returns false if there is no value for "shop". Here is the complete session from the logs, when this issue occured:

Session {  
    id: 'offline_',  
    shop: '',
    state: '783375349070137',
    isOnline: false 
}

These are all the value from the session.

The following issue happened after that. It might be related to the issue. Although it's actually the koa-bodyparser. 

request_id=8aa8431a-e7ad-4d52-9938-3bd90357828c 
TypeError: Cannot destructure property 'shop' of 'session' as it is undefined.
at /app/server.js:168:13
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async bodyParser (/app/node_modules/koa-bodyparser/index.js:95:5)

Notes: The /app/server.js file is my server file. On the line that is in the logs, I call the loadCurrentSession function. Something that might be noteworthy:

I use authenticatedFetch before redirecting the user to the given charge url. Not sure where this was described, but I’ve implemented the changes to use the userLoggedInFetch like described here:

function userLoggedInFetch(app) {
    const fetchFunction = authenticatedFetch(app)

    return async (uri, options) => {
        const response = await fetchFunction(uri, options);

        if (response.headers.get('X-Shopify-API-Request-Failure-Reauthorize') === '1') {
            const authUrlHeader = response.headers.get('X-Shopify-API-Request-Failure-Reauthorize-Url')

            const redirect = Redirect.create(app)
            redirect.dispatch(Redirect.Action.APP, authUrlHeader || `/auth`)
            return null
        }

        return response
    }
}

And in the Provider:

const client = new ApolloClient({
    fetch: userLoggedInFetch(app),
    fetchOptions: {
      credentials: "include",
    },
  })

Do you need anything else? Or do you have any other ideas on this issue?

luciilucii commented 3 years ago

Hey @paulomarg

I got the error again. Unfortunately also not sure why this was caused.

However, I got the trace nailed down: 

at CustomSessionStorage.storeCallback (/Users/.../server/sessionHandler.js:44:27)
at CustomSessionStorage.<anonymous> (/Users/.../node_modules/@shopify/shopify- 
api/dist/auth/session/storage/custom.js:23:51)
at step (/Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:143:27)
at Object.next (/Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:124:57)
at /Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:117:75
at new Promise (<anonymous>)
at Object.__awaiter (/Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:113:16)
at CustomSessionStorage.storeSession (/Users/.../node_modules/@shopify/shopify-    api/dist/auth/session/storage/custom.js:17:24)
at Object.<anonymous> (/Users/.../node_modules/@shopify/shopify-api/dist/auth/oauth/oauth.js:49:80)
at step (/Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:143:27)
at CustomSessionStorage.storeCallback (/Users/.../server/sessionHandler.js:47:25)
at CustomSessionStorage.<anonymous> (/Users/.../node_modules/@shopify/shopify-api/dist/auth/session/storage/custom.js:23:51)
at step (/Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:143:27)
at Object.next (/Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:124:57)
at /Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:117:75
at new Promise (<anonymous>)
at Object.__awaiter (/Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:113:16)
at CustomSessionStorage.storeSession (/Users/.../node_modules/@shopify/shopify-api/dist/auth/session/storage/custom.js:17:24)
at Object.<anonymous> (/Users/.../node_modules/@shopify/shopify-api/dist/auth/oauth/oauth.js:49:80)
at step (/Users/.../node_modules/@shopify/shopify-api/node_modules/tslib/tslib.js:143:27)`