rack-twilio-validator 0.0.2 → 0.0.3

data/lib/rack/twilio-validator.rb

@@ -16,7 +16,7 @@ module Rack
     def _call(env)
       @request = Rack::Request.new(env)
 
-      if unprotected_path? || request_validator.validate(@request.url, @request.params, env['HTTP_X_TWILIO_SIGNATURE'])
+      if unprotected_path? || validate(env['HTTP_X_TWILIO_SIGNATURE'])
         @app.call(env)
       else
         response = ::Twilio::TwiML::Response.new do |r|
@@ -37,8 +37,20 @@ module Rack
       ! protected_path?
     end
 
-    def request_validator
-      @validator ||= ::Twilio::Util::RequestValidator.new(@auth_token)
+    # Twilio currently strips the port from https requests.  See
+    # https://www.twilio.com/docs/security under 'A Few Notes' for
+    # more info
+    def formatted_url
+      if @request.scheme == "https"
+        @request.url.gsub(/:#{@request.port}/, '')
+      else
+        @request.url
+      end
+    end
+
+    def validate(signature)
+      validator = ::Twilio::Util::RequestValidator.new(@auth_token)
+      validator.validate(formatted_url, @request.params, signature)
     end
   end
 end

data/lib/rack/twilio-validator/version.rb

@@ -1,5 +1,5 @@
 module Rack
   class TwilioValidator
-    VERSION = "0.0.2"
+    VERSION = "0.0.3"
   end
 end

data/spec/twilio_validator_spec.rb

@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Rack::TwilioValidator do
   let(:auth_token) { "5cc8534fb3f86ff7e52d884562bcca18" }
-  let(:params) { { :foo => "fizz", :bar => "buzz" } }
+  let(:params) { { "foo" => "fizz", "bar" => "buzz" } }
   let(:valid_signature) { "4C3R3E2C2TwiOkEwqznWMH1k3O8=" }
   let(:uri) { "/twilio/endpoint"}
 
@@ -41,6 +41,20 @@ describe Rack::TwilioValidator do
     end
   end
 
+  context "for a request with credentials in the url" do
+    it "drops the credentials in the url when validating the signature" do
+      post("http://username:password@example.org#{uri}", params, "HTTP_X_TWILIO_SIGNATURE" => valid_signature)
+      last_response.should be_ok
+    end
+  end
+
+  context "for an https request" do
+    it "drops the port when validating" do
+      post "https://example.org:7654#{uri}", params, "HTTP_X_TWILIO_SIGNATURE" => "U2ixEfmunlgHywjscRAc90fuucQ="
+      last_response.should be_ok
+    end
+  end
+
   context "with an optional supplied protected path" do
     let(:app) {
       Rack::Builder.new do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rack-twilio-validator
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease: 
 platform: ruby
 authors:
@@ -14,7 +14,7 @@ default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
-  requirement: &2152629100 !ruby/object:Gem::Requirement
+  requirement: &2169224920 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2152629100
+  version_requirements: *2169224920
 - !ruby/object:Gem::Dependency
   name: twilio-ruby
-  requirement: &2152628680 !ruby/object:Gem::Requirement
+  requirement: &2169223820 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,10 +33,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *2152628680
+  version_requirements: *2169223820
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2152628260 !ruby/object:Gem::Requirement
+  requirement: &2169222280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -44,10 +44,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152628260
+  version_requirements: *2169222280
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &2156435820 !ruby/object:Gem::Requirement
+  requirement: &2169221260 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -55,10 +55,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2156435820
+  version_requirements: *2169221260
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2156435400 !ruby/object:Gem::Requirement
+  requirement: &2169220460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -66,7 +66,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2156435400
+  version_requirements: *2169220460
 description: Rack Middleware for validating twilio request signatures
 email:
 - xternal1+github@gmail.com
@@ -98,12 +98,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 2374040186925587672
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: 2374040186925587672
 requirements: []
 rubyforge_project: rack-twilio-validator
 rubygems_version: 1.6.2