onfido 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +16 -0
- data/lib/onfido.rb +1 -0
- data/lib/onfido/resources/webhook.rb +18 -0
- data/lib/onfido/version.rb +1 -1
- data/spec/integrations/webhook_spec.rb +42 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bcac6af9dc80518231e80efa12112ef00086d6d4
|
|
4
|
+
data.tar.gz: e557c29b2dc8565d3442bffc3f088dd497d8d467
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7345b7bbf23647ca8322ebbf30876f3bbe38bc5f2d90826cdc28f2764a70153fc6e42024f1763226aceb12a12e8cd8cc155a715de7d5a4e4216584e6a72549a3
|
|
7
|
+
data.tar.gz: 613ec094ccec7f7b63a7c1e6a5c4dbc71a23526969b4dff0930a18aa87e2a733ce92e3aa5f7635c0caf50fc4b6ce0b61dfe0f9fe7dee4c67548017a937d344b7
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -142,6 +142,22 @@ rescue Onfido::RequestError => e
|
|
|
142
142
|
end
|
|
143
143
|
```
|
|
144
144
|
|
|
145
|
+
## Webhooks
|
|
146
|
+
|
|
147
|
+
Each webhook endpoint has a secret token, generated automatically and [exposed](https://onfido.com/documentation#register-webhook) in the API. When sending a request, Onfido includes a signature computed using the request body and this token in the `X-Signature` header.
|
|
148
|
+
|
|
149
|
+
This provided signature [should](https://onfido.com/documentation#webhook-security) be compared to one you generate yourself with the token to check that a webhook is a genuine request from Onfido.
|
|
150
|
+
|
|
151
|
+
```ruby
|
|
152
|
+
if Onfido::Webhook.valid?(request.raw_post,
|
|
153
|
+
request.headers["X-Signature"],
|
|
154
|
+
ENV['ONFIDO_WEBHOOK_TOKEN'])
|
|
155
|
+
process_webhook
|
|
156
|
+
else
|
|
157
|
+
render status: 498, text: "498 Token expired/invalid"
|
|
158
|
+
end
|
|
159
|
+
```
|
|
160
|
+
|
|
145
161
|
## Roadmap
|
|
146
162
|
|
|
147
163
|
- Improve test coverage with more scenarios
|
data/lib/onfido.rb
CHANGED
|
@@ -14,5 +14,23 @@ module Onfido
|
|
|
14
14
|
def all(page: 1, per_page: 20)
|
|
15
15
|
get(url: url_for("webhooks?page=#{page}&per_page=#{per_page}"))
|
|
16
16
|
end
|
|
17
|
+
|
|
18
|
+
# As well as being a normal resource, Onfido::Webhook also supports
|
|
19
|
+
# verifying the authenticity of a webhook by comparing the signature on the
|
|
20
|
+
# request to one computed from the body
|
|
21
|
+
def self.valid?(request_body, request_signature, token)
|
|
22
|
+
if [request_body, request_signature, token].any?(&:nil?)
|
|
23
|
+
raise ArgumentError, "A request body, request signature and token " \
|
|
24
|
+
"must be provided"
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
computed_signature = generate_signature(request_body, token)
|
|
28
|
+
Rack::Utils.secure_compare(request_signature, computed_signature)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def self.generate_signature(request_body, token)
|
|
32
|
+
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), token, request_body)
|
|
33
|
+
end
|
|
34
|
+
private_class_method :generate_signature
|
|
17
35
|
end
|
|
18
36
|
end
|
data/lib/onfido/version.rb
CHANGED
|
@@ -46,4 +46,46 @@ describe Onfido::Webhook do
|
|
|
46
46
|
expect(response["webhooks"][1]["id"]).to_not be_nil
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
|
+
|
|
50
|
+
describe ".valid?" do
|
|
51
|
+
subject(:valid?) do
|
|
52
|
+
described_class.valid?(request_body, request_signature, token)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
let(:request_body) { '{"foo":"bar"}' }
|
|
56
|
+
let(:request_signature) { 'fdab9db604d33297741b43b9fc9536028d09dca3' }
|
|
57
|
+
let(:token) { 'very_secret_token' }
|
|
58
|
+
|
|
59
|
+
it { is_expected.to be(true) }
|
|
60
|
+
|
|
61
|
+
context "with an invalid signature" do
|
|
62
|
+
let(:request_signature) { '2f3d7727ff9a32a7c87072ce514df1f6d3228bec' }
|
|
63
|
+
it { is_expected.to be(false) }
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
context "with a nil request signature" do
|
|
67
|
+
let(:request_signature) { nil }
|
|
68
|
+
specify { expect { valid? }.to raise_error(ArgumentError) }
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
context "with a token other than the one used to sign the request" do
|
|
72
|
+
let(:token) { "quite_secret_token" }
|
|
73
|
+
it { is_expected.to be(false) }
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
context "with a nil token" do
|
|
77
|
+
let(:token) { nil }
|
|
78
|
+
specify { expect { valid? }.to raise_error(ArgumentError) }
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
context "with a modified request body" do
|
|
82
|
+
let(:request_body) { '{"bar":"baz"}' }
|
|
83
|
+
it { is_expected.to be(false) }
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
context "with a nil request body" do
|
|
87
|
+
let(:request_body) { nil }
|
|
88
|
+
specify { expect { valid? }.to raise_error(ArgumentError) }
|
|
89
|
+
end
|
|
90
|
+
end
|
|
49
91
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: onfido
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Pericles Theodorou
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-
|
|
12
|
+
date: 2016-06-07 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|