Shopify · andyw8 · Dec 14, 2020 · Dec 11, 2020 · paulomarg · Dec 14, 2020
diff --git a/lib/shopify_api/session.rb b/lib/shopify_api/session.rb
@@ -7,6 +7,8 @@ class ValidationException < StandardError
   end
 
   class Session
+    SECONDS_IN_A_DAY = 24 * 60 * 60
+
     cattr_accessor :api_key, :secret, :myshopify_domain
     self.myshopify_domain = 'myshopify.com'
 
@@ -106,7 +108,8 @@ def create_permission_url(scope, redirect_uri, options = {})
     def request_token(params)
       return token if token
 
-      unless self.class.validate_signature(params) && params[:timestamp].to_i > 24.hours.ago.utc.to_i
+      twenty_four_hours_ago = Time.now.utc.to_i - SECONDS_IN_A_DAY
+      unless self.class.validate_signature(params) && params[:timestamp].to_i > twenty_four_hours_ago
         raise ShopifyAPI::ValidationException, "Invalid Signature: Possible malicious login"
       end
 

diff --git a/test/session_test.rb b/test/session_test.rb
@@ -3,6 +3,8 @@
 require 'timecop'
 
 class SessionTest < Test::Unit::TestCase
+  SECONDS_IN_A_DAY = 24 * 60 * 60
+
   def setup
     super
     ShopifyAPI::Session.secret = 'secret'
@@ -373,7 +375,7 @@ def setup
   end
 
   test "raise error if timestamp is too old" do
-    params = { code: "any-code", timestamp: Time.now - 2.days }
+    params = { code: "any-code", timestamp: Time.now - 2 * SECONDS_IN_A_DAY }
     signature = generate_signature(params)
     params[:foo] = 'world'
     assert_raises(ShopifyAPI::ValidationException) do