search

craftcms / shopify

Synchronize and extend product data from your Shopify storefront.
MIT License
45 stars 25 forks source link

Could not validate webhook HMAC #109

Closed AmandaLutzTO closed 6 months ago

AmandaLutzTO commented 6 months ago

Description

Trying to sync Shopify product changes to Craft using webhooks.

The Shopify webhook sections says "Your webhooks will be signed with ..." This long string does not match SHOPIFY_ADMIN_ACCESS_TOKEN, SHOPIFY_API_KEY, SHOPIFY_API_SECRET_KEY, or SHOPIFY_HOSTNAME. Should it be somewhere?

Steps to reproduce

  1. Install Shopify plugin
  2. Follow instructions for set up (https://github.com/craftcms/shopify/tree/v4?tab=readme-ov-file#create-a-shopify-app)
  3. Use command for initial 400+ product sync (https://github.com/craftcms/shopify/tree/v4?tab=readme-ov-file#synchronization)
  4. Generate webhook urls and add to Shopify (https://qa.domain.ca/shopify/webhook/handle)
  5. Change Shopify product price and check logs [web.ERROR] [application] Could not validate webhook HMAC

Additional info

linear[bot] commented 6 months ago

PT-1651 Could not validate webhook HMAC

lukeholder commented 6 months ago

@AmandaLutzTO

You should not create your webhooks from the shopify admin setting webhooks page.

You need to generate the webhooks from the Craft CP > Shopify > Webhooks and click 'create' while your project is in development (with a local passhthrough set up like ngrok) as well creating them in production.

This is documented here: https://github.com/craftcms/shopify?tab=readme-ov-file#set-up-webhooks

This should set up validated webhooks automatically for you.

AmandaLutzTO commented 6 months ago

Ah got it. Don't need to add any of the webhooks to Shopify.

I now have a "[web.ERROR] [application] Webhook handler failed with message:file_put_contents(/tmp/.last_api_deprecation_warning): Failed to open stream: Permission denied" issue but that seems like an issue for the server admin.

Thanks.

cloudops-gkaur commented 6 months ago

Adding to Amanda's error, we do have 777 on file /tmp/.last_api_deprecation_warning as current permissions and it still throws an error. What this temp file is used for, I just see a random numbers inside. Also here are the logs 2024-04-24 16:10:43 [web.ERROR] [application] Webhook handler failed with message:file_put_contents(/tmp/.last_api_deprecation_warning): Failed to open stream: Permission denied {"memory":32809904} 2024-04-24 16:10:45 [web.ERROR] [application] Webhook handler failed with message:file_put_contents(/tmp/.last_api_deprecation_warning): Failed to open stream: Permission denied {"memory":32815408} 2024-04-24 16:10:59 [web.ERROR] [application] Webhook handler failed with message:file_put_contents(/tmp/.last_api_deprecation_warning): Failed to open stream: Permission denied {"memory":32812816} 2024-04-24 16:11:00 [web.ERROR] [application] Webhook handler failed with message:file_put_contents(/tmp/.last_api_deprecation_warning): Failed to open stream: Permission denied {"memory":32811136} 2024-04-24 16:11:03 [web.ERROR] [application] Webhook handler failed with message:file_put_contents(/tmp/.last_api_deprecation_warning): Failed to open stream: Permission denied {"memory":32809656}