Close #2130 Update JWT email confirmation (#2131)

channainfo · Dec 18, 2024 · 1d40c05 · 1d40c05
1 parent 4e9af2f
commit 1d40c05
Show file tree

Hide file tree

Showing 9 changed files with 62 additions and 64 deletions.
diff --git a/app/controllers/spree/api/v2/storefront/anonymous_line_item_controller.rb b/app/controllers/spree/api/v2/storefront/anonymous_line_item_controller.rb
@@ -0,0 +1,39 @@
+module Spree
+  module Api
+    module V2
+      module Storefront
+        class AnonymousLineItemController < Spree::Api::V2::BaseController
+          def show_anonymous_line_item
+            token = params[:token]
+            line_item = line_item_jwt_token(token)
+            if line_item
+              render_serialized_payload { serialize_resource(line_item) }
+            else
+              render json: { error: 'Invalid or expired token' }, status: :unauthorized
+            end
+          end
+
+          def resource_serializer
+            Spree::V2::Storefront::LineItemSerializer
+          end
+
+          private
+
+          def line_item_jwt_token(token)
+            decoded_token = SpreeCmCommissioner::LineItemJwtToken.decode(token)
+
+            line_item_id = decoded_token['line_item_id']
+
+            line_item = Spree::LineItem.find(line_item_id)
+            return nil unless line_item
+
+            decoded_token = SpreeCmCommissioner::LineItemJwtToken.decode(token, line_item&.order&.token)
+            return nil unless decoded_token
+
+            line_item
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/app/controllers/spree/api/v2/storefront/anonymous_order_controller.rb b/app/controllers/spree/api/v2/storefront/anonymous_order_controller.rb
diff --git a/app/helpers/spree/base_helper_decorator.rb b/app/helpers/spree/base_helper_decorator.rb
@@ -20,7 +20,7 @@ def custom_product_storefront_resource_url(resource, options = {})
       end
     end
 
-    def custom_product_line_item_url(line_item, jwt_token, options = {})
+    def custom_product_line_item_url(line_item, options = {})
       if defined?(locale_param) && locale_param.present?
         options.merge!(locale: locale_param)
       end
@@ -31,10 +31,12 @@ def custom_product_line_item_url(line_item, jwt_token, options = {})
                    ''
                  end
 
-      order = Spree::Order.find(line_item.order_id)
-      return if order.number.blank? && jwt_token.blank?
+      line_item = Spree::LineItem.find(line_item.id)
+      jwt_token = SpreeCmCommissioner::LineItemJwtToken.encode(line_item)
 
-      "#{current_store.formatted_url + localize}/anonymous_orders/#{jwt_token}"
+      return if line_item.number.blank? && jwt_token.blank?
+
+      "#{current_store.formatted_url + localize}/anonymous_line_item/#{line_item.number}?token=#{jwt_token}"
     end
   end
 end

diff --git a/app/mailers/spree/order_mailer_decorator.rb b/app/mailers/spree/order_mailer_decorator.rb
@@ -18,8 +18,6 @@ def confirm_email(order, resend: false)
       subject = (resend ? "[#{Spree.t(:resend).upcase}] " : '')
       subject += "#{@current_store&.name} Booking Confirmation ##{@order.number}"
 
-      @jwt_token = SpreeCmCommissioner::OrderJwtToken.encode(@order)
-
       mail(to: @order.email, from: from_address, subject: subject, store_url: @current_store.url) do |format|
         format.html { render layout: 'spree_cm_commissioner/layouts/order_mailer' }
         format.text

diff --git a/app/views/spree_cm_commissioner/order_mailer/purchased_items/_items.html.erb b/app/views/spree_cm_commissioner/order_mailer/purchased_items/_items.html.erb
@@ -23,7 +23,7 @@
             <%= sanitize(line_item.variant.options_text) %>
           </div>
         <% end %>
-        <div> <%= link_to 'View Details', custom_product_line_item_url(line_item, @jwt_token) %></div>
+        <div> <%= link_to 'View Details', custom_product_line_item_url(line_item) %></div>
       </td>
       <td class="align-right align-center-vertical" width="10%">
         <span>

diff --git a/config/routes.rb b/config/routes.rb
@@ -474,7 +474,7 @@
         resources :self_check_in, only: %i[index create]
         resources :guest_orders, only: %i[index show]
         post :user_order_transfer, to: 'user_order_transfer#create'
-        get 'anonymous_order/show_anonymous_order', to: 'anonymous_order#show_anonymous_order'
+        get 'anonymous_line_item/:line_item_id', to: 'anonymous_line_item#show_anonymous_line_item'
       end
 
       namespace :operator do

diff --git a/lib/spree_cm_commissioner.rb b/lib/spree_cm_commissioner.rb
@@ -11,7 +11,7 @@
 require 'spree_cm_commissioner/payment_method_group'
 require 'spree_cm_commissioner/calendar_event'
 require 'spree_cm_commissioner/s3_url_generator'
-require 'spree_cm_commissioner/order_jwt_token'
+require 'spree_cm_commissioner/line_item_jwt_token'
 
 require 'google/cloud/recaptcha_enterprise'
 require 'searchkick'

diff --git a/lib/spree_cm_commissioner/line_item_jwt_token.rb b/lib/spree_cm_commissioner/line_item_jwt_token.rb
@@ -0,0 +1,14 @@
+module SpreeCmCommissioner
+  class LineItemJwtToken
+    def self.encode(line_item)
+      payload = { order_number: line_item.order.number, line_item_id: line_item.id, exp: 1.hour.from_now.to_i }
+      JWT.encode(payload, line_item.order.token, 'HS256')
+    end
+
+    def self.decode(token, secret = nil)
+      JWT.decode(token, secret, secret.present?, { algorithm: 'HS256' }).first
+    rescue JWT::DecodeError
+      nil
+    end
+  end
+end
diff --git a/lib/spree_cm_commissioner/order_jwt_token.rb b/lib/spree_cm_commissioner/order_jwt_token.rb