twilio-ruby 3.11.6 → 3.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/CHANGES.md +6 -0
- data/Gemfile +1 -1
- data/docs/usage/validation.rst +27 -1
- data/lib/rack/twilio_webhook_authentication.rb +40 -0
- data/lib/twilio-ruby.rb +1 -0
- data/lib/twilio-ruby/version.rb +1 -1
- data/spec/rack/twilio_webhook_authentication_spec.rb +76 -0
- data/twilio-ruby.gemspec +1 -4
- metadata +8 -47
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
ZWZkNmViOGVhYzA4YzlhOWRkYzFjZDZhMTY1NTY1NmE5ZmVjZWI4MQ==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
ODBhOTdkNTE2NjE0OGUzZmJhY2U3NzdhMTM2ODU0N2EwNzNlZTYyOA==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
OTY0NDM4N2Q3ODA1MDdmYTc2OTY3ODE2OGE4YjBlMjExMDBmZTBkYzkzZWE2
|
10
|
+
MThkMGZhZWY4MDhiZWIxOTE0OGVjZjQ2NjQ3OTBlNzcwZjhiMWI4ZTcxOGU0
|
11
|
+
MzQ3ZTQ3MjcyYmYzNjdkZjFiZTYxOTQxODI5YjViMzI2YTE2MzE=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
ZDgwN2ZhOWQzMzYzMGQ3MzJkY2EyNzZiOTk5MDA5ZGZmZjEwZjE0ODc2NDdl
|
14
|
+
ODE1M2FmNTUwMGVjNjgwNzc5MzIxZjRkZGE2ZmJkZjdjYTllMzY4ZTYzMjQ4
|
15
|
+
ZGVjZGIyMzkwZjMxZWRkOTcwYTE5MmIzNjQ4OTVjYTkyZjdkOTI=
|
data/CHANGES.md
CHANGED
@@ -1,6 +1,12 @@
|
|
1
1
|
twilio-ruby changelog
|
2
2
|
=====================
|
3
3
|
|
4
|
+
Version 3.12.0
|
5
|
+
- Add Rack middleware for Twilio request-signature validation
|
6
|
+
- Upgrade dependencies and clean up project files
|
7
|
+
- Documentation fixes
|
8
|
+
- Add `text` alias for `to_xml` method on TwiML generator objects
|
9
|
+
|
4
10
|
Version 3.11.6
|
5
11
|
|
6
12
|
Released July 25, 2014
|
data/Gemfile
CHANGED
data/docs/usage/validation.rst
CHANGED
@@ -53,7 +53,6 @@ actually from Twilio.
|
|
53
53
|
puts "NOT VALID. It might have been spoofed!"
|
54
54
|
end
|
55
55
|
|
56
|
-
|
57
56
|
Trailing Slashes
|
58
57
|
==================
|
59
58
|
|
@@ -69,3 +68,30 @@ https://mycompany.com/twilio and you may have built the hash using
|
|
69
68
|
https://mycompany.com/twilio/. More information can be found in our
|
70
69
|
documentation on validating requests.
|
71
70
|
|
71
|
+
Rack Middleware
|
72
|
+
===============
|
73
|
+
|
74
|
+
If you are serving up your site using a Rack based framework, such as Sinatra or
|
75
|
+
Rails, you can use the Rack middleware that is included in the gem to protect
|
76
|
+
from spoofing attempts.
|
77
|
+
|
78
|
+
To use the middleware, you need to set it up with your Twilio Auth Token and a
|
79
|
+
set of paths to watch. For example, here is how you would use the middleware in
|
80
|
+
a Sinatra application:
|
81
|
+
|
82
|
+
.. code-block:: ruby
|
83
|
+
|
84
|
+
require 'sinatra'
|
85
|
+
require 'twilio-ruby'
|
86
|
+
|
87
|
+
auth_token = 'YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY'
|
88
|
+
|
89
|
+
use Rack::TwilioWebhookAuthentication, auth_token, /\/messages/
|
90
|
+
|
91
|
+
post '/messages' do
|
92
|
+
# response with TwiML
|
93
|
+
end
|
94
|
+
|
95
|
+
Now, any POST request to /messages in your application that doesn't validate as
|
96
|
+
a Twilio request, will automatically respond with a 403 status code and your
|
97
|
+
action will not be hit.
|
@@ -0,0 +1,40 @@
|
|
1
|
+
module Rack
|
2
|
+
# Middleware that authenticates webhooks from Twilio using the request
|
3
|
+
# validator.
|
4
|
+
#
|
5
|
+
# The middleware takes an auth token with which to set up the request
|
6
|
+
# validator and any number of paths. When a path matches the incoming request
|
7
|
+
# path, the request will be checked for authentication.
|
8
|
+
#
|
9
|
+
# Example:
|
10
|
+
#
|
11
|
+
# require 'rack'
|
12
|
+
# use Rack::TwilioWebhookAuthentication, ENV['AUTH_TOKEN'], /\/messages/
|
13
|
+
#
|
14
|
+
# The above appends this middleware to the stack, using an auth token saved in
|
15
|
+
# the ENV and only against paths that match /\/messages/. If the request
|
16
|
+
# validates then it gets passed on to the action as normal. If the request
|
17
|
+
# doesn't validate then the middleware responds immediately with a 403 status.
|
18
|
+
|
19
|
+
class TwilioWebhookAuthentication
|
20
|
+
def initialize(app, auth_token, *paths)
|
21
|
+
@app = app
|
22
|
+
@auth_token = auth_token
|
23
|
+
@path_regex = Regexp.union(paths)
|
24
|
+
end
|
25
|
+
|
26
|
+
def call(env)
|
27
|
+
return @app.call(env) unless env["PATH_INFO"].match(@path_regex)
|
28
|
+
validator = Twilio::Util::RequestValidator.new(@auth_token)
|
29
|
+
request = Rack::Request.new(env)
|
30
|
+
original_url = request.url
|
31
|
+
params = request.post? ? request.POST : {}
|
32
|
+
signature = env['HTTP_X_TWILIO_SIGNATURE']
|
33
|
+
if validator.validate(original_url, params, signature)
|
34
|
+
@app.call(env)
|
35
|
+
else
|
36
|
+
[403, {'Content-Type' => 'text/plain'}, ["Twilio Request Validation Failed."]]
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
data/lib/twilio-ruby.rb
CHANGED
data/lib/twilio-ruby/version.rb
CHANGED
@@ -0,0 +1,76 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'rack/mock'
|
3
|
+
|
4
|
+
describe Rack::TwilioWebhookAuthentication do
|
5
|
+
before do
|
6
|
+
@app = lambda {|env| [200, {'Content-Type' => 'text/plain'}, ['Hello']] }
|
7
|
+
end
|
8
|
+
|
9
|
+
describe 'new' do
|
10
|
+
it 'should initialize with an app, auth token and a path' do
|
11
|
+
expect {
|
12
|
+
Rack::TwilioWebhookAuthentication.new(@app, 'ABC', /\/voice/)
|
13
|
+
}.not_to raise_error
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'should initialize with an app, auth token and paths' do
|
17
|
+
expect {
|
18
|
+
Rack::TwilioWebhookAuthentication.new(@app, 'ABC', /\/voice/, /\/sms/)
|
19
|
+
}.not_to raise_error
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
describe 'calling against one path' do
|
24
|
+
before do
|
25
|
+
@middleware = Rack::TwilioWebhookAuthentication.new(@app, 'ABC', /\/voice/)
|
26
|
+
end
|
27
|
+
|
28
|
+
it 'should not intercept when the path doesn\'t match' do
|
29
|
+
expect(Twilio::Util::RequestValidator).to_not receive(:validate)
|
30
|
+
request = Rack::MockRequest.env_for('/sms')
|
31
|
+
status, headers, body = @middleware.call(request)
|
32
|
+
expect(status).to be(200)
|
33
|
+
end
|
34
|
+
|
35
|
+
it 'should allow a request through if it validates' do
|
36
|
+
expect_any_instance_of(Twilio::Util::RequestValidator).to receive(:validate).and_return(true)
|
37
|
+
request = Rack::MockRequest.env_for('/voice')
|
38
|
+
status, headers, body = @middleware.call(request)
|
39
|
+
expect(status).to be(200)
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'should short circuit a request to 403 if it does not validate' do
|
43
|
+
expect_any_instance_of(Twilio::Util::RequestValidator).to receive(:validate).and_return(false)
|
44
|
+
request = Rack::MockRequest.env_for('/voice')
|
45
|
+
status, headers, body = @middleware.call(request)
|
46
|
+
expect(status).to be(403)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
describe 'calling against many paths' do
|
51
|
+
before do
|
52
|
+
@middleware = Rack::TwilioWebhookAuthentication.new(@app, 'ABC', /\/voice/, /\/sms/)
|
53
|
+
end
|
54
|
+
|
55
|
+
it 'should not intercept when the path doesn\'t match' do
|
56
|
+
expect(Twilio::Util::RequestValidator).to_not receive(:validate)
|
57
|
+
request = Rack::MockRequest.env_for('icesms')
|
58
|
+
status, headers, body = @middleware.call(request)
|
59
|
+
expect(status).to be(200)
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'shold allow a request through if it validates' do
|
63
|
+
expect_any_instance_of(Twilio::Util::RequestValidator).to receive(:validate).and_return(true)
|
64
|
+
request = Rack::MockRequest.env_for('/sms')
|
65
|
+
status, headers, body = @middleware.call(request)
|
66
|
+
expect(status).to be(200)
|
67
|
+
end
|
68
|
+
|
69
|
+
it 'should short circuit a request to 403 if it does not validate' do
|
70
|
+
expect_any_instance_of(Twilio::Util::RequestValidator).to receive(:validate).and_return(false)
|
71
|
+
request = Rack::MockRequest.env_for('/sms')
|
72
|
+
status, headers, body = @middleware.call(request)
|
73
|
+
expect(status).to be(403)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
data/twilio-ruby.gemspec
CHANGED
@@ -23,13 +23,10 @@ Gem::Specification.new do |spec|
|
|
23
23
|
|
24
24
|
spec.add_dependency('multi_json', '>= 1.3.0')
|
25
25
|
spec.add_dependency('builder', '>= 2.1.2')
|
26
|
-
spec.add_dependency('jwt', '
|
26
|
+
spec.add_dependency('jwt', '~> 1.0.0')
|
27
27
|
spec.add_dependency('jruby-openssl') if RUBY_PLATFORM == 'java'
|
28
28
|
# Workaround for RBX <= 2.2.1, should be fixed in next version
|
29
29
|
spec.add_dependency('rubysl') if defined?(RUBY_ENGINE) && RUBY_ENGINE == 'rbx'
|
30
30
|
|
31
|
-
spec.add_development_dependency 'rspec', '~> 2.14'
|
32
|
-
spec.add_development_dependency 'fakeweb', '~> 1.3.0'
|
33
|
-
spec.add_development_dependency 'rack', '~> 1.3.0'
|
34
31
|
spec.add_development_dependency 'bundler', '~> 1.5'
|
35
32
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: twilio-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrew Benton
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-
|
11
|
+
date: 2014-08-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: multi_json
|
@@ -41,59 +41,17 @@ dependencies:
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: jwt
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - ! '>='
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: 0.1.2
|
48
|
-
type: :runtime
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - ! '>='
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: 0.1.2
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: rspec
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - ~>
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '2.14'
|
62
|
-
type: :development
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
44
|
requirements:
|
66
45
|
- - ~>
|
67
46
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
69
|
-
|
70
|
-
name: fakeweb
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - ~>
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: 1.3.0
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - ~>
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: 1.3.0
|
83
|
-
- !ruby/object:Gem::Dependency
|
84
|
-
name: rack
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
86
|
-
requirements:
|
87
|
-
- - ~>
|
88
|
-
- !ruby/object:Gem::Version
|
89
|
-
version: 1.3.0
|
90
|
-
type: :development
|
47
|
+
version: 1.0.0
|
48
|
+
type: :runtime
|
91
49
|
prerelease: false
|
92
50
|
version_requirements: !ruby/object:Gem::Requirement
|
93
51
|
requirements:
|
94
52
|
- - ~>
|
95
53
|
- !ruby/object:Gem::Version
|
96
|
-
version: 1.
|
54
|
+
version: 1.0.0
|
97
55
|
- !ruby/object:Gem::Dependency
|
98
56
|
name: bundler
|
99
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -166,6 +124,7 @@ files:
|
|
166
124
|
- docs/usage/validation.rst
|
167
125
|
- examples/examples.rb
|
168
126
|
- examples/print-call-log.rb
|
127
|
+
- lib/rack/twilio_webhook_authentication.rb
|
169
128
|
- lib/twilio-ruby.rb
|
170
129
|
- lib/twilio-ruby/rest/accounts.rb
|
171
130
|
- lib/twilio-ruby/rest/applications.rb
|
@@ -216,6 +175,7 @@ files:
|
|
216
175
|
- lib/twilio-ruby/util/capability.rb
|
217
176
|
- lib/twilio-ruby/util/request_validator.rb
|
218
177
|
- lib/twilio-ruby/version.rb
|
178
|
+
- spec/rack/twilio_webhook_authentication_spec.rb
|
219
179
|
- spec/rest/account_spec.rb
|
220
180
|
- spec/rest/call_spec.rb
|
221
181
|
- spec/rest/client_spec.rb
|
@@ -263,6 +223,7 @@ specification_version: 4
|
|
263
223
|
summary: A simple library for communicating with the Twilio REST API, building TwiML,
|
264
224
|
and generating Twilio Client Capability Tokens
|
265
225
|
test_files:
|
226
|
+
- spec/rack/twilio_webhook_authentication_spec.rb
|
266
227
|
- spec/rest/account_spec.rb
|
267
228
|
- spec/rest/call_spec.rb
|
268
229
|
- spec/rest/client_spec.rb
|