zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-28 13:36:15 +02:00
Code Issues Projects Releases Packages Wiki Activity

Skipped authenticity token for webhook controller

Browse source
This commit is contained in:
tsoganov 2024-10-10 10:37:11 +03:00
parent 285fa138e6
commit 8ed18ab76e
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/eeid/webhooks/identification_requests_controller.rb
View file

@ -4,13 +4,14 @@ module Eeid
module Webhooks module Webhooks
# Controller for handling eeID identification requests webhook # Controller for handling eeID identification requests webhook
class IdentificationRequestsController < ActionController::Base class IdentificationRequestsController < ActionController::Base
skip_before_action :verify_authenticity_token
THROTTLED_ACTIONS = %i[create].freeze THROTTLED_ACTIONS = %i[create].freeze
include Shunter::Integration::Throttle include Shunter::Integration::Throttle
rescue_from Shunter::ThrottleError, with: :handle_throttle_error rescue_from Shunter::ThrottleError, with: :handle_throttle_error
# POST /eeid/webhooks/identification_requests # POST /eeid/webhooks/identification_requests
def create def create
return render_unauthorized unless ip_whitelisted? return render_unauthorized unless ip_whitelisted?
return render_invalid_signature unless valid_hmac_signature?(request.headers['X-HMAC-Signature']) return render_invalid_signature unless valid_hmac_signature?(request.headers['X-HMAC-Signature'])