nexmo 6.0.1 → 6.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fc8163571414c0618c708aafb97c3dc3069430fcc3a6bb9c4e2398bd97e628f2
4
- data.tar.gz: 78545b0d8f5faff46c8c43f88eebf4944ed410d7faa2a392dc8b6ef8001e1027
3
+ metadata.gz: 991aaf647a8a483780486cdf6ad8393305d9e597aeeda649c404e8ce4ba4f858
4
+ data.tar.gz: 5849c75718751dc5b4c6d7fc0c205b224e19a5527ca536176bbd30956a916fda
5
5
  SHA512:
6
- metadata.gz: 40b060620adbe2190b86549e40d2ce9e309c4dedad9e4cd2a90e226cbaedcedd27df5e025afbc5985fd9fc628e494dbae0a574d069e76c008b2bf0bdeacff6ed
7
- data.tar.gz: 227e5733e84a23d5a44634d63c1bed0550d4189fccdef1b1ae80d7d2c9db8b4ec40d6c6dfdced97d9a3aa6b9d78171cc79ae44ab6403cc5076242f194f7f486b
6
+ metadata.gz: 2ad6c409666f784c59656bb55c793ea5e1885c6bee593fb866259edbfecd178b62d89214946ba4ab2bce1c6a36a71f2149a584b8d0781de0978eab2e498a9cbc
7
+ data.tar.gz: f91e6bbcbf7de8a41a88411d47c58529b0c204780a25c5f827cac682cfe17e162c33193c86928f6ba39b4cf452f0303c7d75ded9281ddbf41b4cf2892a2f5d0f
@@ -9,7 +9,7 @@ module Nexmo
9
9
  # @return [Signature]
10
10
  #
11
11
  def signature
12
- @signature ||= Signature.new(config.signature_secret)
12
+ @signature ||= Signature.new(config)
13
13
  end
14
14
 
15
15
  # @return [Account]
@@ -10,6 +10,7 @@ module Nexmo
10
10
  self.logger = (defined?(Rails.logger) && Rails.logger) || ::Logger.new(nil)
11
11
  self.private_key = nil
12
12
  self.signature_secret = ENV['NEXMO_SIGNATURE_SECRET']
13
+ self.signature_method = ENV['NEXMO_SIGNATURE_METHOD'] || 'md5hash'
13
14
  self.token = nil
14
15
  end
15
16
 
@@ -146,6 +147,8 @@ module Nexmo
146
147
 
147
148
  attr_writer :signature_secret
148
149
 
150
+ attr_accessor :signature_method
151
+
149
152
  # Returns the value of attribute token, or a temporary short lived token.
150
153
  #
151
154
  # @return [String]
@@ -20,6 +20,8 @@ module Nexmo
20
20
 
21
21
  if hash.key?('error_title')
22
22
  hash['error_title']
23
+ elsif hash.key?('description')
24
+ hash['description']
23
25
  elsif problem_details?(hash)
24
26
  problem_details_message(hash)
25
27
  end
@@ -23,7 +23,7 @@ module Nexmo
23
23
  #
24
24
  # private_key = File.read('path/to/private.key')
25
25
  #
26
- # client.token = Nexmo::JWT.generate(claims, private_key)
26
+ # client.config.token = Nexmo::JWT.generate(claims, private_key)
27
27
  #
28
28
  # @param [Hash] payload
29
29
  # @param [String, OpenSSL::PKey::RSA] private_key
@@ -1,16 +1,20 @@
1
+ # frozen_string_literal: true
2
+ require 'openssl'
1
3
  require 'digest/md5'
2
4
  require 'jwt'
3
5
 
4
6
  module Nexmo
5
7
  class Signature
6
- def initialize(secret)
7
- @secret = secret
8
+ def initialize(config)
9
+ @config = config
8
10
  end
9
11
 
10
12
  # Check webhook request signature.
11
13
  #
12
14
  # @example
13
- # client = Nexmo::Client.new(signature_secret: 'secret')
15
+ # client = Nexmo::Client.new
16
+ # client.config.signature_secret = 'secret'
17
+ # client.config.signature_method = 'sha512'
14
18
  #
15
19
  # if client.signature.check(request.GET)
16
20
  # # valid signature
@@ -22,26 +26,27 @@ module Nexmo
22
26
  #
23
27
  # @see https://developer.nexmo.com/concepts/guides/signing-messages
24
28
  #
25
- def check(params)
29
+ def check(params, signature_method: @config.signature_method)
26
30
  params = params.dup
27
31
 
28
32
  signature = params.delete('sig')
29
33
 
30
- ::JWT::SecurityUtils.secure_compare(signature, digest(params))
34
+ ::JWT::SecurityUtils.secure_compare(signature, digest(params, signature_method))
31
35
  end
32
36
 
33
37
  private
34
38
 
35
- def digest(params)
36
- md5 = Digest::MD5.new
39
+ def digest(params, signature_method)
40
+ digest_string = params.sort.map { |k, v| "&#{k}=#{v.tr('&=', '_')}" }.join
37
41
 
38
- params.sort.each do |k, v|
39
- md5.update("&#{k}=#{v}")
42
+ case signature_method
43
+ when 'md5', 'sha1', 'sha256', 'sha512'
44
+ OpenSSL::HMAC.hexdigest(signature_method, @config.signature_secret, digest_string).upcase
45
+ when 'md5hash'
46
+ Digest::MD5.hexdigest("#{digest_string}#{@config.signature_secret}")
47
+ else
48
+ raise ArgumentError, "Unknown signature algorithm: #{signature_method}. Expected: md5hash, md5, sha1, sha256, or sha512."
40
49
  end
41
-
42
- md5.update(@secret)
43
-
44
- md5.hexdigest
45
50
  end
46
51
  end
47
52
  end
@@ -1,3 +1,3 @@
1
1
  module Nexmo
2
- VERSION = '6.0.1'
2
+ VERSION = '6.1.0'
3
3
  end
@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
14
14
  s.required_ruby_version = '>= 2.5.0'
15
15
  s.add_dependency('jwt', '~> 2')
16
16
  s.add_dependency('zeitwerk', '~> 2')
17
- s.add_development_dependency('rake', '~> 12.0')
17
+ s.add_development_dependency('rake', '~> 13')
18
18
  s.add_development_dependency('yard', '~> 0.9')
19
19
  s.add_development_dependency('minitest', '~> 5.0')
20
20
  s.add_development_dependency('webmock', '~> 3.0')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexmo
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.1
4
+ version: 6.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nexmo
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-10-16 00:00:00.000000000 Z
11
+ date: 2019-11-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt
@@ -44,14 +44,14 @@ dependencies:
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '12.0'
47
+ version: '13'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
- version: '12.0'
54
+ version: '13'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: yard
57
57
  requirement: !ruby/object:Gem::Requirement