twilio-ruby 3.11.6 → 3.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/CHANGES.md +6 -0
- data/Gemfile +1 -1
- data/docs/usage/validation.rst +27 -1
- data/lib/rack/twilio_webhook_authentication.rb +40 -0
- data/lib/twilio-ruby.rb +1 -0
- data/lib/twilio-ruby/version.rb +1 -1
- data/spec/rack/twilio_webhook_authentication_spec.rb +76 -0
- data/twilio-ruby.gemspec +1 -4
- metadata +8 -47
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
ZWZkNmViOGVhYzA4YzlhOWRkYzFjZDZhMTY1NTY1NmE5ZmVjZWI4MQ==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
ODBhOTdkNTE2NjE0OGUzZmJhY2U3NzdhMTM2ODU0N2EwNzNlZTYyOA==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
OTY0NDM4N2Q3ODA1MDdmYTc2OTY3ODE2OGE4YjBlMjExMDBmZTBkYzkzZWE2
|
10
|
+
MThkMGZhZWY4MDhiZWIxOTE0OGVjZjQ2NjQ3OTBlNzcwZjhiMWI4ZTcxOGU0
|
11
|
+
MzQ3ZTQ3MjcyYmYzNjdkZjFiZTYxOTQxODI5YjViMzI2YTE2MzE=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
ZDgwN2ZhOWQzMzYzMGQ3MzJkY2EyNzZiOTk5MDA5ZGZmZjEwZjE0ODc2NDdl
|
14
|
+
ODE1M2FmNTUwMGVjNjgwNzc5MzIxZjRkZGE2ZmJkZjdjYTllMzY4ZTYzMjQ4
|
15
|
+
ZGVjZGIyMzkwZjMxZWRkOTcwYTE5MmIzNjQ4OTVjYTkyZjdkOTI=
|
data/CHANGES.md
CHANGED
@@ -1,6 +1,12 @@
|
|
1
1
|
twilio-ruby changelog
|
2
2
|
=====================
|
3
3
|
|
4
|
+
Version 3.12.0
|
5
|
+
- Add Rack middleware for Twilio request-signature validation
|
6
|
+
- Upgrade dependencies and clean up project files
|
7
|
+
- Documentation fixes
|
8
|
+
- Add `text` alias for `to_xml` method on TwiML generator objects
|
9
|
+
|
4
10
|
Version 3.11.6
|
5
11
|
|
6
12
|
Released July 25, 2014
|
data/Gemfile
CHANGED
data/docs/usage/validation.rst
CHANGED
@@ -53,7 +53,6 @@ actually from Twilio.
|
|
53
53
|
puts "NOT VALID. It might have been spoofed!"
|
54
54
|
end
|
55
55
|
|
56
|
-
|
57
56
|
Trailing Slashes
|
58
57
|
==================
|
59
58
|
|
@@ -69,3 +68,30 @@ https://mycompany.com/twilio and you may have built the hash using
|
|
69
68
|
https://mycompany.com/twilio/. More information can be found in our
|
70
69
|
documentation on validating requests.
|
71
70
|
|
71
|
+
Rack Middleware
|
72
|
+
===============
|
73
|
+
|
74
|
+
If you are serving up your site using a Rack based framework, such as Sinatra or
|
75
|
+
Rails, you can use the Rack middleware that is included in the gem to protect
|
76
|
+
from spoofing attempts.
|
77
|
+
|
78
|
+
To use the middleware, you need to set it up with your Twilio Auth Token and a
|
79
|
+
set of paths to watch. For example, here is how you would use the middleware in
|
80
|
+
a Sinatra application:
|
81
|
+
|
82
|
+
.. code-block:: ruby
|
83
|
+
|
84
|
+
require 'sinatra'
|
85
|
+
require 'twilio-ruby'
|
86
|
+
|
87
|
+
auth_token = 'YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY'
|
88
|
+
|
89
|
+
use Rack::TwilioWebhookAuthentication, auth_token, /\/messages/
|
90
|
+
|
91
|
+
post '/messages' do
|
92
|
+
# response with TwiML
|
93
|
+
end
|
94
|
+
|
95
|
+
Now, any POST request to /messages in your application that doesn't validate as
|
96
|
+
a Twilio request, will automatically respond with a 403 status code and your
|
97
|
+
action will not be hit.
|
@@ -0,0 +1,40 @@
|
|
1
|
+
module Rack
|
2
|
+
# Middleware that authenticates webhooks from Twilio using the request
|
3
|
+
# validator.
|
4
|
+
#
|
5
|
+
# The middleware takes an auth token with which to set up the request
|
6
|
+
# validator and any number of paths. When a path matches the incoming request
|
7
|
+
# path, the request will be checked for authentication.
|
8
|
+
#
|
9
|
+
# Example:
|
10
|
+
#
|
11
|
+
# require 'rack'
|
12
|
+
# use Rack::TwilioWebhookAuthentication, ENV['AUTH_TOKEN'], /\/messages/
|
13
|
+
#
|
14
|
+
# The above appends this middleware to the stack, using an auth token saved in
|
15
|
+
# the ENV and only against paths that match /\/messages/. If the request
|
16
|
+
# validates then it gets passed on to the action as normal. If the request
|
17
|
+
# doesn't validate then the middleware responds immediately with a 403 status.
|
18
|
+
|
19
|
+
class TwilioWebhookAuthentication
|
20
|
+
def initialize(app, auth_token, *paths)
|
21
|
+
@app = app
|
22
|
+
@auth_token = auth_token
|
23
|
+
@path_regex = Regexp.union(paths)
|
24
|
+
end
|
25
|
+
|
26
|
+
def call(env)
|
27
|
+
return @app.call(env) unless env["PATH_INFO"].match(@path_regex)
|
28
|
+
validator = Twilio::Util::RequestValidator.new(@auth_token)
|
29
|
+
request = Rack::Request.new(env)
|
30
|
+
original_url = request.url
|
31
|
+
params = request.post? ? request.POST : {}
|
32
|
+
signature = env['HTTP_X_TWILIO_SIGNATURE']
|
33
|
+
if validator.validate(original_url, params, signature)
|
34
|
+
@app.call(env)
|
35
|
+
else
|
36
|
+
[403, {'Content-Type' => 'text/plain'}, ["Twilio Request Validation Failed."]]
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
data/lib/twilio-ruby.rb
CHANGED
data/lib/twilio-ruby/version.rb
CHANGED
@@ -0,0 +1,76 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'rack/mock'
|
3
|
+
|
4
|
+
describe Rack::TwilioWebhookAuthentication do
|
5
|
+
before do
|
6
|
+
@app = lambda {|env| [200, {'Content-Type' => 'text/plain'}, ['Hello']] }
|
7
|
+
end
|
8
|
+
|
9
|
+
describe 'new' do
|
10
|
+
it 'should initialize with an app, auth token and a path' do
|
11
|
+
expect {
|
12
|
+
Rack::TwilioWebhookAuthentication.new(@app, 'ABC', /\/voice/)
|
13
|
+
}.not_to raise_error
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'should initialize with an app, auth token and paths' do
|
17
|
+
expect {
|
18
|
+
Rack::TwilioWebhookAuthentication.new(@app, 'ABC', /\/voice/, /\/sms/)
|
19
|
+
}.not_to raise_error
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
describe 'calling against one path' do
|
24
|
+
before do
|
25
|
+
@middleware = Rack::TwilioWebhookAuthentication.new(@app, 'ABC', /\/voice/)
|
26
|
+
end
|
27
|
+
|
28
|
+
it 'should not intercept when the path doesn\'t match' do
|
29
|
+
expect(Twilio::Util::RequestValidator).to_not receive(:validate)
|
30
|
+
request = Rack::MockRequest.env_for('/sms')
|
31
|
+
status, headers, body = @middleware.call(request)
|
32
|
+
expect(status).to be(200)
|
33
|
+
end
|
34
|
+
|
35
|
+
it 'should allow a request through if it validates' do
|
36
|
+
expect_any_instance_of(Twilio::Util::RequestValidator).to receive(:validate).and_return(true)
|
37
|
+
request = Rack::MockRequest.env_for('/voice')
|
38
|
+
status, headers, body = @middleware.call(request)
|
39
|
+
expect(status).to be(200)
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'should short circuit a request to 403 if it does not validate' do
|
43
|
+
expect_any_instance_of(Twilio::Util::RequestValidator).to receive(:validate).and_return(false)
|
44
|
+
request = Rack::MockRequest.env_for('/voice')
|
45
|
+
status, headers, body = @middleware.call(request)
|
46
|
+
expect(status).to be(403)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
describe 'calling against many paths' do
|
51
|
+
before do
|
52
|
+
@middleware = Rack::TwilioWebhookAuthentication.new(@app, 'ABC', /\/voice/, /\/sms/)
|
53
|
+
end
|
54
|
+
|
55
|
+
it 'should not intercept when the path doesn\'t match' do
|
56
|
+
expect(Twilio::Util::RequestValidator).to_not receive(:validate)
|
57
|
+
request = Rack::MockRequest.env_for('icesms')
|
58
|
+
status, headers, body = @middleware.call(request)
|
59
|
+
expect(status).to be(200)
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'shold allow a request through if it validates' do
|
63
|
+
expect_any_instance_of(Twilio::Util::RequestValidator).to receive(:validate).and_return(true)
|
64
|
+
request = Rack::MockRequest.env_for('/sms')
|
65
|
+
status, headers, body = @middleware.call(request)
|
66
|
+
expect(status).to be(200)
|
67
|
+
end
|
68
|
+
|
69
|
+
it 'should short circuit a request to 403 if it does not validate' do
|
70
|
+
expect_any_instance_of(Twilio::Util::RequestValidator).to receive(:validate).and_return(false)
|
71
|
+
request = Rack::MockRequest.env_for('/sms')
|
72
|
+
status, headers, body = @middleware.call(request)
|
73
|
+
expect(status).to be(403)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
data/twilio-ruby.gemspec
CHANGED
@@ -23,13 +23,10 @@ Gem::Specification.new do |spec|
|
|
23
23
|
|
24
24
|
spec.add_dependency('multi_json', '>= 1.3.0')
|
25
25
|
spec.add_dependency('builder', '>= 2.1.2')
|
26
|
-
spec.add_dependency('jwt', '
|
26
|
+
spec.add_dependency('jwt', '~> 1.0.0')
|
27
27
|
spec.add_dependency('jruby-openssl') if RUBY_PLATFORM == 'java'
|
28
28
|
# Workaround for RBX <= 2.2.1, should be fixed in next version
|
29
29
|
spec.add_dependency('rubysl') if defined?(RUBY_ENGINE) && RUBY_ENGINE == 'rbx'
|
30
30
|
|
31
|
-
spec.add_development_dependency 'rspec', '~> 2.14'
|
32
|
-
spec.add_development_dependency 'fakeweb', '~> 1.3.0'
|
33
|
-
spec.add_development_dependency 'rack', '~> 1.3.0'
|
34
31
|
spec.add_development_dependency 'bundler', '~> 1.5'
|
35
32
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: twilio-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Benton
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-08-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: multi_json
|
@@ -41,59 +41,17 @@ dependencies:
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: jwt
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - ! '>='
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: 0.1.2
|
48
|
-
type: :runtime
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - ! '>='
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: 0.1.2
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: rspec
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - ~>
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '2.14'
|
62
|
-
type: :development
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
44
|
requirements:
|
66
45
|
- - ~>
|
67
46
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
69
|
-
|
70
|
-
name: fakeweb
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - ~>
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: 1.3.0
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - ~>
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: 1.3.0
|
83
|
-
- !ruby/object:Gem::Dependency
|
84
|
-
name: rack
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
86
|
-
requirements:
|
87
|
-
- - ~>
|
88
|
-
- !ruby/object:Gem::Version
|
89
|
-
version: 1.3.0
|
90
|
-
type: :development
|
47
|
+
version: 1.0.0
|
48
|
+
type: :runtime
|
91
49
|
prerelease: false
|
92
50
|
version_requirements: !ruby/object:Gem::Requirement
|
93
51
|
requirements:
|
94
52
|
- - ~>
|
95
53
|
- !ruby/object:Gem::Version
|
96
|
-
version: 1.
|
54
|
+
version: 1.0.0
|
97
55
|
- !ruby/object:Gem::Dependency
|
98
56
|
name: bundler
|
99
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -166,6 +124,7 @@ files:
|
|
166
124
|
- docs/usage/validation.rst
|
167
125
|
- examples/examples.rb
|
168
126
|
- examples/print-call-log.rb
|
127
|
+
- lib/rack/twilio_webhook_authentication.rb
|
169
128
|
- lib/twilio-ruby.rb
|
170
129
|
- lib/twilio-ruby/rest/accounts.rb
|
171
130
|
- lib/twilio-ruby/rest/applications.rb
|
@@ -216,6 +175,7 @@ files:
|
|
216
175
|
- lib/twilio-ruby/util/capability.rb
|
217
176
|
- lib/twilio-ruby/util/request_validator.rb
|
218
177
|
- lib/twilio-ruby/version.rb
|
178
|
+
- spec/rack/twilio_webhook_authentication_spec.rb
|
219
179
|
- spec/rest/account_spec.rb
|
220
180
|
- spec/rest/call_spec.rb
|
221
181
|
- spec/rest/client_spec.rb
|
@@ -263,6 +223,7 @@ specification_version: 4
|
|
263
223
|
summary: A simple library for communicating with the Twilio REST API, building TwiML,
|
264
224
|
and generating Twilio Client Capability Tokens
|
265
225
|
test_files:
|
226
|
+
- spec/rack/twilio_webhook_authentication_spec.rb
|
266
227
|
- spec/rest/account_spec.rb
|
267
228
|
- spec/rest/call_spec.rb
|
268
229
|
- spec/rest/client_spec.rb
|