onfido 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +16 -0
- data/lib/onfido.rb +1 -0
- data/lib/onfido/resources/webhook.rb +18 -0
- data/lib/onfido/version.rb +1 -1
- data/spec/integrations/webhook_spec.rb +42 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bcac6af9dc80518231e80efa12112ef00086d6d4
|
|
4
|
+
data.tar.gz: e557c29b2dc8565d3442bffc3f088dd497d8d467
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7345b7bbf23647ca8322ebbf30876f3bbe38bc5f2d90826cdc28f2764a70153fc6e42024f1763226aceb12a12e8cd8cc155a715de7d5a4e4216584e6a72549a3
|
|
7
|
+
data.tar.gz: 613ec094ccec7f7b63a7c1e6a5c4dbc71a23526969b4dff0930a18aa87e2a733ce92e3aa5f7635c0caf50fc4b6ce0b61dfe0f9fe7dee4c67548017a937d344b7
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -142,6 +142,22 @@ rescue Onfido::RequestError => e
|
|
|
142
142
|
end
|
|
143
143
|
```
|
|
144
144
|
|
|
145
|
+
## Webhooks
|
|
146
|
+
|
|
147
|
+
Each webhook endpoint has a secret token, generated automatically and [exposed](https://onfido.com/documentation#register-webhook) in the API. When sending a request, Onfido includes a signature computed using the request body and this token in the `X-Signature` header.
|
|
148
|
+
|
|
149
|
+
This provided signature [should](https://onfido.com/documentation#webhook-security) be compared to one you generate yourself with the token to check that a webhook is a genuine request from Onfido.
|
|
150
|
+
|
|
151
|
+
```ruby
|
|
152
|
+
if Onfido::Webhook.valid?(request.raw_post,
|
|
153
|
+
request.headers["X-Signature"],
|
|
154
|
+
ENV['ONFIDO_WEBHOOK_TOKEN'])
|
|
155
|
+
process_webhook
|
|
156
|
+
else
|
|
157
|
+
render status: 498, text: "498 Token expired/invalid"
|
|
158
|
+
end
|
|
159
|
+
```
|
|
160
|
+
|
|
145
161
|
## Roadmap
|
|
146
162
|
|
|
147
163
|
- Improve test coverage with more scenarios
|
data/lib/onfido.rb
CHANGED
|
@@ -14,5 +14,23 @@ module Onfido
|
|
|
14
14
|
def all(page: 1, per_page: 20)
|
|
15
15
|
get(url: url_for("webhooks?page=#{page}&per_page=#{per_page}"))
|
|
16
16
|
end
|
|
17
|
+
|
|
18
|
+
# As well as being a normal resource, Onfido::Webhook also supports
|
|
19
|
+
# verifying the authenticity of a webhook by comparing the signature on the
|
|
20
|
+
# request to one computed from the body
|
|
21
|
+
def self.valid?(request_body, request_signature, token)
|
|
22
|
+
if [request_body, request_signature, token].any?(&:nil?)
|
|
23
|
+
raise ArgumentError, "A request body, request signature and token " \
|
|
24
|
+
"must be provided"
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
computed_signature = generate_signature(request_body, token)
|
|
28
|
+
Rack::Utils.secure_compare(request_signature, computed_signature)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def self.generate_signature(request_body, token)
|
|
32
|
+
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), token, request_body)
|
|
33
|
+
end
|
|
34
|
+
private_class_method :generate_signature
|
|
17
35
|
end
|
|
18
36
|
end
|
data/lib/onfido/version.rb
CHANGED
|
@@ -46,4 +46,46 @@ describe Onfido::Webhook do
|
|
|
46
46
|
expect(response["webhooks"][1]["id"]).to_not be_nil
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
|
+
|
|
50
|
+
describe ".valid?" do
|
|
51
|
+
subject(:valid?) do
|
|
52
|
+
described_class.valid?(request_body, request_signature, token)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
let(:request_body) { '{"foo":"bar"}' }
|
|
56
|
+
let(:request_signature) { 'fdab9db604d33297741b43b9fc9536028d09dca3' }
|
|
57
|
+
let(:token) { 'very_secret_token' }
|
|
58
|
+
|
|
59
|
+
it { is_expected.to be(true) }
|
|
60
|
+
|
|
61
|
+
context "with an invalid signature" do
|
|
62
|
+
let(:request_signature) { '2f3d7727ff9a32a7c87072ce514df1f6d3228bec' }
|
|
63
|
+
it { is_expected.to be(false) }
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
context "with a nil request signature" do
|
|
67
|
+
let(:request_signature) { nil }
|
|
68
|
+
specify { expect { valid? }.to raise_error(ArgumentError) }
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
context "with a token other than the one used to sign the request" do
|
|
72
|
+
let(:token) { "quite_secret_token" }
|
|
73
|
+
it { is_expected.to be(false) }
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
context "with a nil token" do
|
|
77
|
+
let(:token) { nil }
|
|
78
|
+
specify { expect { valid? }.to raise_error(ArgumentError) }
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
context "with a modified request body" do
|
|
82
|
+
let(:request_body) { '{"bar":"baz"}' }
|
|
83
|
+
it { is_expected.to be(false) }
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
context "with a nil request body" do
|
|
87
|
+
let(:request_body) { nil }
|
|
88
|
+
specify { expect { valid? }.to raise_error(ArgumentError) }
|
|
89
|
+
end
|
|
90
|
+
end
|
|
49
91
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: onfido
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Pericles Theodorou
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-
|
|
12
|
+
date: 2016-06-07 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|