Ad

Shopify Webhook Verification Returning 'Filter Chain Halted As :verify_request Rendered Or Redirected'

- 1 answer

I setup my app to receive Shopify webhooks. I followed the guide here

I made my own controller using

  include ShopifyApp::WebhookVerification

to authenticate the webhooks and my app

I set up my Shopify_app.rb file to send the webhooks to the correct route like this

    config.webhooks = [
    {topic: 'customers/create', address: 'https://*******.ngrok.io/webhooks/new_contact'}, 
    {topic: 'checkouts/update', address: 'https://*******.ngrok.io/webhooks/checkout_update'},
    {topic: 'orders/create', address: 'https://*******.ngrok.io/webhooks/orders_create'}
  ]

Im receiving the Webhooks but i keep getting the message

Filter chain halted as :verify_request rendered or redirected

here is my controller:

   class WebhooksController < ApplicationController
      include ShopifyApp::WebhookVerification


      #webhook that handles new contacts in the shopify application
      def new_contact
        shop = ShopifyShop.getShop(shop_domain)

        if !shop
          render json: {success: true} and return
        end

          # begin
            raw_post = request.raw_post.force_encoding("UTF-8")

            contact.newShopifyContact(shop.default_tags, shop.organization_id,raw_post)
          # rescue Exception => e 
          #      ExceptionLog.track(e.class.name, e.message, e.backtrace) 
          # end        
        render json: {success: true} 
      end
  end

terminal output when receiving the request:

https://pastebin.com/gkXCiFa4

i already tried adding

   skip_before_action :verify_authenticity_token

because i thought maybe my apps authentication was causing the 401

when i remove include ShopifyApp::WebhookVerification it goes into my method new_contact so i assume the issue is with include ShopifyApp::WebhookVerification

Im trying to verify the HMAC from the request myself using this code:

      header_hmac = request.headers["HTTP_X_SHOPIFY_HMAC_SHA256"]
  digest = OpenSSL::Digest.new("sha256")
  request.body.rewind
  calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, ENV['SHOPIFY_SECRET_KEY'], request.body.read)).strip

  puts "header hmac: #{header_hmac}"
  puts "calculated hmac: #{calculated_hmac}"

  puts "Verified:#{ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, header_hmac)}"

And the verification comes back false, I'm using the correct API private key for my application i'm not sure if maybe theres a 3rd key that i need?

UPDATE 1: Seems like the issue is that

  config.webhooks = [
    {topic: 'customers/create', address: 'https://{url}.ngrok.io/shopify/app/customers_create'}, 
    {topic: 'checkouts/update', address: 'https://{url}.ngrok.io/shopify/app/checkouts_update'},
    {topic: 'orders/create', address: 'https://{url}.ngrok.io/shopify/app/orders_create'}
  ]

is not generating webhooks on the store that is installing the app.. not sure why yet

Ad

Answer

I ended up just running the job that generates webooks automatically like this:

    webhooks = [
        {topic: 'customers/create', address: 'https://85bcff59.ngrok.io/shopify_webhooks/new_contact'}, 
        {topic: 'checkouts/update', address: 'https://85bcff59.ngrok.io/shopify_webhooks/checkouts_update'},
        {topic: 'orders/create', address: 'https://85bcff59.ngrok.io/shopify_webhooks/orders_create'}
    ]

    ShopifyApp::WebhooksManagerJob.perform_now(shop_domain: shopify_domain, shop_token: shopify_token, webhooks: webhooks)

you can find the code for the job that gets ran here: https://github.com/Shopify/shopify_app/blob/master/lib/shopify_app/jobs/webhooks_manager_job.rb#L8

Ad
source: stackoverflow.com
Ad