nexmo 6.0.1 → 6.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/nexmo/client.rb +1 -1
- data/lib/nexmo/config.rb +3 -0
- data/lib/nexmo/errors.rb +2 -0
- data/lib/nexmo/jwt.rb +1 -1
- data/lib/nexmo/signature.rb +18 -13
- data/lib/nexmo/version.rb +1 -1
- data/nexmo.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 991aaf647a8a483780486cdf6ad8393305d9e597aeeda649c404e8ce4ba4f858
|
|
4
|
+
data.tar.gz: 5849c75718751dc5b4c6d7fc0c205b224e19a5527ca536176bbd30956a916fda
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2ad6c409666f784c59656bb55c793ea5e1885c6bee593fb866259edbfecd178b62d89214946ba4ab2bce1c6a36a71f2149a584b8d0781de0978eab2e498a9cbc
|
|
7
|
+
data.tar.gz: f91e6bbcbf7de8a41a88411d47c58529b0c204780a25c5f827cac682cfe17e162c33193c86928f6ba39b4cf452f0303c7d75ded9281ddbf41b4cf2892a2f5d0f
|
data/lib/nexmo/client.rb
CHANGED
data/lib/nexmo/config.rb
CHANGED
|
@@ -10,6 +10,7 @@ module Nexmo
|
|
|
10
10
|
self.logger = (defined?(Rails.logger) && Rails.logger) || ::Logger.new(nil)
|
|
11
11
|
self.private_key = nil
|
|
12
12
|
self.signature_secret = ENV['NEXMO_SIGNATURE_SECRET']
|
|
13
|
+
self.signature_method = ENV['NEXMO_SIGNATURE_METHOD'] || 'md5hash'
|
|
13
14
|
self.token = nil
|
|
14
15
|
end
|
|
15
16
|
|
|
@@ -146,6 +147,8 @@ module Nexmo
|
|
|
146
147
|
|
|
147
148
|
attr_writer :signature_secret
|
|
148
149
|
|
|
150
|
+
attr_accessor :signature_method
|
|
151
|
+
|
|
149
152
|
# Returns the value of attribute token, or a temporary short lived token.
|
|
150
153
|
#
|
|
151
154
|
# @return [String]
|
data/lib/nexmo/errors.rb
CHANGED
data/lib/nexmo/jwt.rb
CHANGED
|
@@ -23,7 +23,7 @@ module Nexmo
|
|
|
23
23
|
#
|
|
24
24
|
# private_key = File.read('path/to/private.key')
|
|
25
25
|
#
|
|
26
|
-
# client.token = Nexmo::JWT.generate(claims, private_key)
|
|
26
|
+
# client.config.token = Nexmo::JWT.generate(claims, private_key)
|
|
27
27
|
#
|
|
28
28
|
# @param [Hash] payload
|
|
29
29
|
# @param [String, OpenSSL::PKey::RSA] private_key
|
data/lib/nexmo/signature.rb
CHANGED
|
@@ -1,16 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'openssl'
|
|
1
3
|
require 'digest/md5'
|
|
2
4
|
require 'jwt'
|
|
3
5
|
|
|
4
6
|
module Nexmo
|
|
5
7
|
class Signature
|
|
6
|
-
def initialize(
|
|
7
|
-
@
|
|
8
|
+
def initialize(config)
|
|
9
|
+
@config = config
|
|
8
10
|
end
|
|
9
11
|
|
|
10
12
|
# Check webhook request signature.
|
|
11
13
|
#
|
|
12
14
|
# @example
|
|
13
|
-
# client = Nexmo::Client.new
|
|
15
|
+
# client = Nexmo::Client.new
|
|
16
|
+
# client.config.signature_secret = 'secret'
|
|
17
|
+
# client.config.signature_method = 'sha512'
|
|
14
18
|
#
|
|
15
19
|
# if client.signature.check(request.GET)
|
|
16
20
|
# # valid signature
|
|
@@ -22,26 +26,27 @@ module Nexmo
|
|
|
22
26
|
#
|
|
23
27
|
# @see https://developer.nexmo.com/concepts/guides/signing-messages
|
|
24
28
|
#
|
|
25
|
-
def check(params)
|
|
29
|
+
def check(params, signature_method: @config.signature_method)
|
|
26
30
|
params = params.dup
|
|
27
31
|
|
|
28
32
|
signature = params.delete('sig')
|
|
29
33
|
|
|
30
|
-
::JWT::SecurityUtils.secure_compare(signature, digest(params))
|
|
34
|
+
::JWT::SecurityUtils.secure_compare(signature, digest(params, signature_method))
|
|
31
35
|
end
|
|
32
36
|
|
|
33
37
|
private
|
|
34
38
|
|
|
35
|
-
def digest(params)
|
|
36
|
-
|
|
39
|
+
def digest(params, signature_method)
|
|
40
|
+
digest_string = params.sort.map { |k, v| "&#{k}=#{v.tr('&=', '_')}" }.join
|
|
37
41
|
|
|
38
|
-
|
|
39
|
-
|
|
42
|
+
case signature_method
|
|
43
|
+
when 'md5', 'sha1', 'sha256', 'sha512'
|
|
44
|
+
OpenSSL::HMAC.hexdigest(signature_method, @config.signature_secret, digest_string).upcase
|
|
45
|
+
when 'md5hash'
|
|
46
|
+
Digest::MD5.hexdigest("#{digest_string}#{@config.signature_secret}")
|
|
47
|
+
else
|
|
48
|
+
raise ArgumentError, "Unknown signature algorithm: #{signature_method}. Expected: md5hash, md5, sha1, sha256, or sha512."
|
|
40
49
|
end
|
|
41
|
-
|
|
42
|
-
md5.update(@secret)
|
|
43
|
-
|
|
44
|
-
md5.hexdigest
|
|
45
50
|
end
|
|
46
51
|
end
|
|
47
52
|
end
|
data/lib/nexmo/version.rb
CHANGED
data/nexmo.gemspec
CHANGED
|
@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
|
|
|
14
14
|
s.required_ruby_version = '>= 2.5.0'
|
|
15
15
|
s.add_dependency('jwt', '~> 2')
|
|
16
16
|
s.add_dependency('zeitwerk', '~> 2')
|
|
17
|
-
s.add_development_dependency('rake', '~>
|
|
17
|
+
s.add_development_dependency('rake', '~> 13')
|
|
18
18
|
s.add_development_dependency('yard', '~> 0.9')
|
|
19
19
|
s.add_development_dependency('minitest', '~> 5.0')
|
|
20
20
|
s.add_development_dependency('webmock', '~> 3.0')
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nexmo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.0
|
|
4
|
+
version: 6.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nexmo
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-11-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|
|
@@ -44,14 +44,14 @@ dependencies:
|
|
|
44
44
|
requirements:
|
|
45
45
|
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '
|
|
47
|
+
version: '13'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
52
|
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
|
-
version: '
|
|
54
|
+
version: '13'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: yard
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|