From 5e581bde8d8eb8dc512e3ed53a22c2b0d6b91ba3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sasu=20M=C3=A4kinen?= Date: Fri, 22 Nov 2019 14:55:11 +0200 Subject: [PATCH 1/3] use sha256 --- README.md | 2 +- lib/onfido/resources/webhook.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9c18a4d..6634eda 100644 --- a/README.md +++ b/README.md @@ -208,7 +208,7 @@ This provided signature [should](https://onfido.com/documentation#webhook-securi ```ruby if Onfido::Webhook.valid?(request.raw_post, - request.headers["X-Signature"], + request.headers["X-SHA2-Signature"], ENV['ONFIDO_WEBHOOK_TOKEN']) process_webhook else diff --git a/lib/onfido/resources/webhook.rb b/lib/onfido/resources/webhook.rb index b43f08c..1d80ca6 100644 --- a/lib/onfido/resources/webhook.rb +++ b/lib/onfido/resources/webhook.rb @@ -29,7 +29,7 @@ def self.valid?(request_body, request_signature, token) end def self.generate_signature(request_body, token) - OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), token, request_body) + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, request_body) end private_class_method :generate_signature end From 24832ad4809d148b08d300a9b325c51aa1d95c8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sasu=20M=C3=A4kinen?= Date: Fri, 22 Nov 2019 15:01:20 +0200 Subject: [PATCH 2/3] fix test --- spec/integrations/webhook_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/integrations/webhook_spec.rb b/spec/integrations/webhook_spec.rb index 489a3a7..ed3e2a0 100644 --- a/spec/integrations/webhook_spec.rb +++ b/spec/integrations/webhook_spec.rb @@ -53,13 +53,13 @@ end let(:request_body) { '{"foo":"bar"}' } - let(:request_signature) { 'fdab9db604d33297741b43b9fc9536028d09dca3' } + let(:request_signature) { '89e60408fec20bfb26bb0f993d5e88307818982f50f23b361a00d679bae8b1dc' } let(:token) { 'very_secret_token' } it { is_expected.to be(true) } context "with an invalid signature" do - let(:request_signature) { '2f3d7727ff9a32a7c87072ce514df1f6d3228bec' } + let(:request_signature) { 'e1ad1c23078824debd18b2dee222506167cf28921a2a42f9c05e2426e51ad986' } it { is_expected.to be(false) } end From 86174e55f985285b4edc28d07507a735b520c24e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sasu=20M=C3=A4kinen?= Date: Fri, 22 Nov 2019 15:21:24 +0200 Subject: [PATCH 3/3] styleguide --- spec/integrations/webhook_spec.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/spec/integrations/webhook_spec.rb b/spec/integrations/webhook_spec.rb index ed3e2a0..7004d35 100644 --- a/spec/integrations/webhook_spec.rb +++ b/spec/integrations/webhook_spec.rb @@ -53,13 +53,17 @@ end let(:request_body) { '{"foo":"bar"}' } - let(:request_signature) { '89e60408fec20bfb26bb0f993d5e88307818982f50f23b361a00d679bae8b1dc' } + let(:request_signature) do + '89e60408fec20bfb26bb0f993d5e88307818982f50f23b361a00d679bae8b1dc' + end let(:token) { 'very_secret_token' } it { is_expected.to be(true) } context "with an invalid signature" do - let(:request_signature) { 'e1ad1c23078824debd18b2dee222506167cf28921a2a42f9c05e2426e51ad986' } + let(:request_signature) do + 'e1ad1c23078824debd18b2dee222506167cf28921a2a42f9c05e2426e51ad986' + end it { is_expected.to be(false) } end