spree_api 5.3.4 → 5.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/app/jobs/spree/webhook_delivery_job.rb +4 -1
  3. data/app/services/spree/webhooks/deliver_webhook.rb +16 -16
  4. data/app/subscribers/spree/webhook_event_subscriber.rb +1 -1
  5. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8103cf9477d203a505f580a267a96ad940babc92b4dd09814d86dba03e330300
4
- data.tar.gz: 98f44fdc93e9c4cad74c52ccb58b2b82d62064c53dc9f7fa9d963ca78ed37b41
3
+ metadata.gz: 24f0ef390d5a4363b8d7bb9a77f6e3e8eb537a3919c0b74b94682b4f254b1ed9
4
+ data.tar.gz: 8a54e5469420cd4fdc3f4b4175eb25067a7a2216556ccad38905c2430bd06d09
5
5
  SHA512:
6
- metadata.gz: 8b63700e0591ed1aa8f55837aec0f9492016f7cd35ccf3b202e8dcb764a35d82188cb7fc2cac64ff99c1f0a07b05142b59c48be48b01629810dfe4a2bd0cecaa
7
- data.tar.gz: 5d8809fcfe387e374449bb285df5c10df363a2e972e8b3c0fba5c2d7644841e437e70b166bd981765801390c706361bdcb2423c2922a0c7e588735a5d9adf2f9
6
+ metadata.gz: c1fe8ffb17fdd946ee89ae01930a536e9621bdac29d62ee0c32c7c849723cf96d8ca30ea85e3edd69e4b59cf63fc06f9388d632b8c86efce6884ec6367c199a2
7
+ data.tar.gz: 64ea2b60038cbb1754f71c68b5c98aee5fac5cf20c8c6985bf7de6ac555321783ed502995381a7661bcbb89c34938620b3bab7afe7a312924d438f3689473016
data/app/jobs/spree/webhook_delivery_job.rb CHANGED
@@ -6,10 +6,13 @@ module Spree
6
6
 
7
7
  retry_on StandardError, wait: :polynomially_longer, attempts: 5
8
8
 
9
- def perform(delivery_id, secret_key)
9
+ # Accept optional second argument for backward compatibility with jobs
10
+ # enqueued before this change was deployed.
11
+ def perform(delivery_id, _deprecated_secret_key = nil)
10
12
  delivery = Spree::WebhookDelivery.find_by(id: delivery_id)
11
13
  return if delivery.nil?
12
14
 
15
+ secret_key = delivery.webhook_endpoint.secret_key
13
16
  Spree::Webhooks::DeliverWebhook.call(delivery: delivery, secret_key: secret_key)
14
17
  end
15
18
  end
data/app/services/spree/webhooks/deliver_webhook.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'net/http'
3
+ require 'ssrf_filter'
4
4
  require 'openssl'
5
5
 
6
6
  module Spree
@@ -49,21 +49,21 @@ module Spree
49
49
  private
50
50
 
51
51
  def make_request
52
- uri = URI.parse(@delivery.url)
53
- http = Net::HTTP.new(uri.host, uri.port)
54
- http.use_ssl = uri.scheme == 'https'
55
- http.verify_mode = ssl_verify_mode
56
- http.open_timeout = TIMEOUT
57
- http.read_timeout = TIMEOUT
58
-
59
- request = Net::HTTP::Post.new(uri.request_uri)
60
- request['Content-Type'] = 'application/json'
61
- request['User-Agent'] = 'Spree-Webhooks/1.0'
62
- request['X-Spree-Webhook-Signature'] = generate_signature
63
- request['X-Spree-Webhook-Event'] = @delivery.event_name
64
- request.body = @delivery.payload.to_json
65
-
66
- http.request(request)
52
+ SsrfFilter.post(
53
+ @delivery.url,
54
+ headers: {
55
+ 'Content-Type' => 'application/json',
56
+ 'User-Agent' => 'Spree-Webhooks/1.0',
57
+ 'X-Spree-Webhook-Signature' => generate_signature,
58
+ 'X-Spree-Webhook-Event' => @delivery.event_name
59
+ },
60
+ body: @delivery.payload.to_json,
61
+ http_options: {
62
+ open_timeout: TIMEOUT,
63
+ read_timeout: TIMEOUT,
64
+ verify_mode: ssl_verify_mode
65
+ }
66
+ )
67
67
  end
68
68
 
69
69
  def generate_signature
data/app/subscribers/spree/webhook_event_subscriber.rb CHANGED
@@ -48,7 +48,7 @@ module Spree
48
48
  )
49
49
 
50
50
  # Queue the delivery job
51
- Spree::WebhookDeliveryJob.perform_later(delivery.id, endpoint.secret_key)
51
+ Spree::WebhookDeliveryJob.perform_later(delivery.id)
52
52
  rescue StandardError => e
53
53
  Rails.logger.error "[Spree Webhooks] Error queuing delivery for endpoint #{endpoint.id}: #{e.message}"
54
54
  Rails.error.report(e)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spree_api
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.3.4
4
+ version: 5.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ryan Bigg
@@ -115,14 +115,14 @@ dependencies:
115
115
  requirements:
116
116
  - - '='
117
117
  - !ruby/object:Gem::Version
118
- version: 5.3.4
118
+ version: 5.3.5
119
119
  type: :runtime
120
120
  prerelease: false
121
121
  version_requirements: !ruby/object:Gem::Requirement
122
122
  requirements:
123
123
  - - '='
124
124
  - !ruby/object:Gem::Version
125
- version: 5.3.4
125
+ version: 5.3.5
126
126
  description: Spree's API
127
127
  email:
128
128
  - hello@spreecommerce.org
@@ -368,9 +368,9 @@ licenses:
368
368
  - BSD-3-Clause
369
369
  metadata:
370
370
  bug_tracker_uri: https://github.com/spree/spree/issues
371
- changelog_uri: https://github.com/spree/spree/releases/tag/v5.3.4
371
+ changelog_uri: https://github.com/spree/spree/releases/tag/v5.3.5
372
372
  documentation_uri: https://docs.spreecommerce.org/
373
- source_code_uri: https://github.com/spree/spree/tree/v5.3.4
373
+ source_code_uri: https://github.com/spree/spree/tree/v5.3.5
374
374
  rdoc_options: []
375
375
  require_paths:
376
376
  - lib