Create sanitize_shop_domain utility method

Author: NabeelAhsen

shopify/session_token.py

@@ -3,15 +3,14 @@
 import six
 import sys
 
+from shopify.utils import shop_url
+
 if sys.version_info[0] < 3:  # Backwards compatibility for python < v3.0.0
     from urlparse import urljoin
 else:
     from urllib.parse import urljoin
 
 
-HOSTNAME_PATTERN = r"[a-z0-9][a-z0-9-]*[a-z0-9]"
-SHOP_DOMAIN_RE = re.compile(r"^https://{h}\.myshopify\.com/$".format(h=HOSTNAME_PATTERN))
-
 ALGORITHM = "HS256"
 PREFIX = "Bearer "
 REQUIRED_FIELDS = ["iss", "dest", "sub", "jti", "sid"]
@@ -69,7 +68,7 @@ def _validate_issuer(decoded_payload):
 def _validate_issuer_hostname(decoded_payload):
     issuer_root = urljoin(decoded_payload["iss"], "/")
 
-    if not SHOP_DOMAIN_RE.match(issuer_root):
+    if not shop_url.sanitize_shop_domain(issuer_root):
         raise InvalidIssuerError("Invalid issuer")
 
 

shopify/utils/__init__.py

@@ -0,0 +1,20 @@
+import re
+import sys
+
+if sys.version_info[0] < 3:  # Backwards compatibility for python < v3.0.0
+    from urlparse import urlparse
+else:
+    from urllib.parse import urlparse
+
+HOSTNAME_PATTERN = r"[a-z0-9][a-z0-9-]*[a-z0-9]"
+
+
+def sanitize_shop_domain(shop_domain, myshopify_domain="myshopify.com"):
+    name = str(shop_domain).lower().strip()
+    if myshopify_domain not in name and "." not in name:
+        name += ".{domain}".format(domain=myshopify_domain)
+    name = re.sub(r"https?://", "", name)
+
+    uri = urlparse("http://{hostname}".format(hostname=name))
+    if re.match(r"{h}\.{d}$".format(h=HOSTNAME_PATTERN, d=re.escape(myshopify_domain)), uri.netloc):
+        return uri.netloc

shopify/utils/shop_url.py

@@ -0,0 +1,44 @@
+from shopify.utils import shop_url
+from test.test_helper import TestCase
+
+
+class TestSanitizeShopDomain(TestCase):
+    def test_returns_hostname_for_good_shop_domains(self):
+        good_shop_domains = [
+            "my-shop",
+            "my-shop.myshopify.com",
+            "http://my-shop.myshopify.com",
+            "https://my-shop.myshopify.com",
+        ]
+        sanitized_shops = [shop_url.sanitize_shop_domain(shop_domain) for shop_domain in good_shop_domains]
+
+        self.assertTrue(all(shop == "my-shop.myshopify.com" for shop in sanitized_shops))
+
+    def test_returns_none_for_bad_shop_domains(self):
+        bad_shop_domains = [
+            "myshop.com",
+            "myshopify.com",
+            "shopify.com",
+            "two words",
+            "store.myshopify.com.evil.com",
+            "/foo/bar",
+            "/foo.myshopify.io.evil.ru",
+            "%0a123.myshopify.io ",
+            "foo.bar.myshopify.io",
+        ]
+        sanitized_shops = [shop_url.sanitize_shop_domain(shop_domain) for shop_domain in bad_shop_domains]
+
+        self.assertTrue(all(shop_domain is None for shop_domain in sanitized_shops))
+
+    def test_returns_hostname_for_custom_shop_domains(self):
+        custom_shop_domains = [
+            "my-shop",
+            "my-shop.myshopify.io",
+            "http://my-shop.myshopify.io",
+            "https://my-shop.myshopify.io",
+        ]
+        sanitized_shops = [
+            shop_url.sanitize_shop_domain(shop_domain, "myshopify.io") for shop_domain in custom_shop_domains
+        ]
+
+        self.assertTrue(all(shop == "my-shop.myshopify.io" for shop in sanitized_shops))