RubyGems - nexmo - Versions diffs - 6.0.1 → 6.1.0 - Mend

nexmo 6.0.1 → 6.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc8163571414c0618c708aafb97c3dc3069430fcc3a6bb9c4e2398bd97e628f2
-  data.tar.gz: 78545b0d8f5faff46c8c43f88eebf4944ed410d7faa2a392dc8b6ef8001e1027
+  metadata.gz: 991aaf647a8a483780486cdf6ad8393305d9e597aeeda649c404e8ce4ba4f858
+  data.tar.gz: 5849c75718751dc5b4c6d7fc0c205b224e19a5527ca536176bbd30956a916fda
 SHA512:
-  metadata.gz: 40b060620adbe2190b86549e40d2ce9e309c4dedad9e4cd2a90e226cbaedcedd27df5e025afbc5985fd9fc628e494dbae0a574d069e76c008b2bf0bdeacff6ed
-  data.tar.gz: 227e5733e84a23d5a44634d63c1bed0550d4189fccdef1b1ae80d7d2c9db8b4ec40d6c6dfdced97d9a3aa6b9d78171cc79ae44ab6403cc5076242f194f7f486b
+  metadata.gz: 2ad6c409666f784c59656bb55c793ea5e1885c6bee593fb866259edbfecd178b62d89214946ba4ab2bce1c6a36a71f2149a584b8d0781de0978eab2e498a9cbc
+  data.tar.gz: f91e6bbcbf7de8a41a88411d47c58529b0c204780a25c5f827cac682cfe17e162c33193c86928f6ba39b4cf452f0303c7d75ded9281ddbf41b4cf2892a2f5d0f

data/lib/nexmo/client.rb CHANGED

@@ -9,7 +9,7 @@ module Nexmo
     # @return [Signature]
     #
     def signature
-      @signature ||= Signature.new(config.signature_secret)
+      @signature ||= Signature.new(config)
     end
     # @return [Account]

data/lib/nexmo/config.rb CHANGED

@@ -10,6 +10,7 @@ module Nexmo
       self.logger = (defined?(Rails.logger) && Rails.logger) || ::Logger.new(nil)
       self.private_key = nil
       self.signature_secret = ENV['NEXMO_SIGNATURE_SECRET']
+      self.signature_method = ENV['NEXMO_SIGNATURE_METHOD'] || 'md5hash'
       self.token = nil
     end
@@ -146,6 +147,8 @@ module Nexmo
     attr_writer :signature_secret
+    attr_accessor :signature_method
     # Returns the value of attribute token, or a temporary short lived token.
     #
     # @return [String]

data/lib/nexmo/errors.rb CHANGED

@@ -20,6 +20,8 @@ module Nexmo
         if hash.key?('error_title')
           hash['error_title']
+        elsif hash.key?('description')
+          hash['description']
         elsif problem_details?(hash)
           problem_details_message(hash)
         end

data/lib/nexmo/jwt.rb CHANGED

@@ -23,7 +23,7 @@ module Nexmo
     #
     #   private_key = File.read('path/to/private.key')
     #
-    #   client.token = Nexmo::JWT.generate(claims, private_key)
+    #   client.config.token = Nexmo::JWT.generate(claims, private_key)
     #
     # @param [Hash] payload
     # @param [String, OpenSSL::PKey::RSA] private_key

data/lib/nexmo/signature.rb CHANGED

@@ -1,16 +1,20 @@
+# frozen_string_literal: true
+require 'openssl'
 require 'digest/md5'
 require 'jwt'
 module Nexmo
   class Signature
-    def initialize(secret)
-      @secret = secret
+    def initialize(config)
+      @config = config
     end
     # Check webhook request signature.
     #
     # @example
-    #   client = Nexmo::Client.new(signature_secret: 'secret')
+    #   client = Nexmo::Client.new
+    #   client.config.signature_secret = 'secret'
+    #   client.config.signature_method = 'sha512'
     #
     #   if client.signature.check(request.GET)
     #     # valid signature
@@ -22,26 +26,27 @@ module Nexmo
     #
     # @see https://developer.nexmo.com/concepts/guides/signing-messages
     #
-    def check(params)
+    def check(params, signature_method: @config.signature_method)
       params = params.dup
       signature = params.delete('sig')
-      ::JWT::SecurityUtils.secure_compare(signature, digest(params))
+      ::JWT::SecurityUtils.secure_compare(signature, digest(params, signature_method))
     end
     private
-    def digest(params)
-      md5 = Digest::MD5.new
+    def digest(params, signature_method)
+      digest_string = params.sort.map { |k, v| "&#{k}=#{v.tr('&=', '_')}" }.join
-      params.sort.each do |k, v|
-        md5.update("&#{k}=#{v}")
+      case signature_method
+      when 'md5', 'sha1', 'sha256', 'sha512'
+        OpenSSL::HMAC.hexdigest(signature_method, @config.signature_secret, digest_string).upcase
+      when 'md5hash'
+        Digest::MD5.hexdigest("#{digest_string}#{@config.signature_secret}")
+      else
+        raise ArgumentError, "Unknown signature algorithm: #{signature_method}. Expected: md5hash, md5, sha1, sha256, or sha512."
       end
-      md5.update(@secret)
-      md5.hexdigest
     end
   end
 end

data/lib/nexmo/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Nexmo
-  VERSION = '6.0.1'
+  VERSION = '6.1.0'
 end

data/nexmo.gemspec CHANGED

@@ -14,7 +14,7 @@ Gem::Specification.new do |s|
   s.required_ruby_version = '>= 2.5.0'
   s.add_dependency('jwt', '~> 2')
   s.add_dependency('zeitwerk', '~> 2')
-  s.add_development_dependency('rake', '~> 12.0')
+  s.add_development_dependency('rake', '~> 13')
   s.add_development_dependency('yard', '~> 0.9')
   s.add_development_dependency('minitest', '~> 5.0')
   s.add_development_dependency('webmock', '~> 3.0')

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nexmo
 version: !ruby/object:Gem::Version
-  version: 6.0.1
+  version: 6.1.0
 platform: ruby
 authors:
 - Nexmo
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-10-16 00:00:00.000000000 Z
+date: 2019-11-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.0'
+        version: '13'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement