twilio-ruby-authenticate-webhooks 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/twilio-ruby/security/request_validator.rb +61 -8
- data/lib/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 57bc2fbef36adaa28582225cd18839f1ff40b71703375052e918da177abdc0f9
|
|
4
|
+
data.tar.gz: e1fd936257b35075a3ec67803ba80f31289e16f63234033472d2ec747a701fbe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 075bb0545a86778dddd1acd42d7e19868e76c40abeb091c1208cf0bf64725fb03414ffff35b0ff1502a64417429373f748cfe2f44067956e6697f40920a95b5f
|
|
7
|
+
data.tar.gz: d1fe6c675071d0d90095e14272d5f388960c29b2209077186651d5a28c042147fb7cbd4dc7e7964d48e50cc9fadeef62c585b1fbe69878183dfd75227d3e26c2
|
|
@@ -25,16 +25,25 @@ module Twilio
|
|
|
25
25
|
#
|
|
26
26
|
# @return [Boolean] whether or not the computed signature matches the signature parameter
|
|
27
27
|
def validate(url, params, signature)
|
|
28
|
+
parsed_url = URI(url)
|
|
29
|
+
url_with_port = add_port(parsed_url)
|
|
30
|
+
url_without_port = remove_port(parsed_url)
|
|
31
|
+
|
|
32
|
+
valid_body = true # default succeed, since body not always provided
|
|
28
33
|
params_hash = body_or_hash(params)
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
body_hash = URI.decode_www_form(URI(url).query).to_h['bodySHA256']
|
|
35
|
-
expected_hash = build_hash_for(params)
|
|
36
|
-
secure_compare(expected_signature, signature) && secure_compare(expected_hash, body_hash)
|
|
34
|
+
unless params_hash.is_a? Enumerable
|
|
35
|
+
body_hash = URI.decode_www_form(parsed_url.query).to_h['bodySHA256']
|
|
36
|
+
params_hash = build_hash_for(params)
|
|
37
|
+
valid_body = !(params_hash.nil? || body_hash.nil?) && secure_compare(params_hash, body_hash)
|
|
38
|
+
params_hash = {}
|
|
37
39
|
end
|
|
40
|
+
|
|
41
|
+
# Check signature of the url with and without port numbers
|
|
42
|
+
# since signature generation on the back end is inconsistent
|
|
43
|
+
valid_signature_with_port = secure_compare(build_signature_for(url_with_port, params_hash), signature)
|
|
44
|
+
valid_signature_without_port = secure_compare(build_signature_for(url_without_port, params_hash), signature)
|
|
45
|
+
|
|
46
|
+
valid_body && (valid_signature_with_port || valid_signature_without_port)
|
|
38
47
|
end
|
|
39
48
|
|
|
40
49
|
##
|
|
@@ -92,6 +101,50 @@ module Twilio
|
|
|
92
101
|
params_or_body
|
|
93
102
|
end
|
|
94
103
|
end
|
|
104
|
+
|
|
105
|
+
##
|
|
106
|
+
# Adds the standard port to the url if it doesn't already have one
|
|
107
|
+
#
|
|
108
|
+
# @param [URI] parsed_url The parsed request url
|
|
109
|
+
#
|
|
110
|
+
# @return [String] The URL with a port number
|
|
111
|
+
def add_port(parsed_url)
|
|
112
|
+
if parsed_url.port.nil? || parsed_url.port == parsed_url.default_port
|
|
113
|
+
build_url_with_port_for(parsed_url)
|
|
114
|
+
else
|
|
115
|
+
parsed_url.to_s
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
##
|
|
120
|
+
# Removes the port from the url
|
|
121
|
+
#
|
|
122
|
+
# @param [URI] parsed_url The parsed request url
|
|
123
|
+
#
|
|
124
|
+
# @return [String] The URL without a port number
|
|
125
|
+
def remove_port(parsed_url)
|
|
126
|
+
parsed_url.port = nil
|
|
127
|
+
parsed_url.to_s
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
##
|
|
131
|
+
# Builds the url from its component pieces, with the standard port
|
|
132
|
+
#
|
|
133
|
+
# @param [URI] parsed_url The parsed request url
|
|
134
|
+
#
|
|
135
|
+
# @return [String] The URL with the standard port number
|
|
136
|
+
def build_url_with_port_for(parsed_url)
|
|
137
|
+
url = ''
|
|
138
|
+
|
|
139
|
+
url += parsed_url.scheme ? "#{parsed_url.scheme}://" : ''
|
|
140
|
+
url += parsed_url.userinfo ? "#{parsed_url.userinfo}@" : ''
|
|
141
|
+
url += parsed_url.host ? "#{parsed_url.host}:#{parsed_url.port}" : ''
|
|
142
|
+
url += parsed_url.path
|
|
143
|
+
url += parsed_url.query ? "?#{parsed_url.query}" : ''
|
|
144
|
+
url += parsed_url.fragment ? "##{parsed_url.fragment}" : ''
|
|
145
|
+
|
|
146
|
+
url
|
|
147
|
+
end
|
|
95
148
|
end
|
|
96
149
|
end
|
|
97
150
|
end
|
data/lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: twilio-ruby-authenticate-webhooks
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Erik Griffin
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-10-
|
|
11
|
+
date: 2019-10-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|