From 8ed720b3832761a922effd66a7a55701aed53317 Mon Sep 17 00:00:00 2001
From: tsoganov <sergei.tsoganov@ut.ee>
Date: Tue, 28 Jan 2025 10:41:54 +0200
Subject: [PATCH] Fixed identification request webhook

---
 .../eeid/webhooks/identification_requests_controller.rb    | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/controllers/eeid/webhooks/identification_requests_controller.rb b/app/controllers/eeid/webhooks/identification_requests_controller.rb
index 6451caacc..5fc381944 100644
--- a/app/controllers/eeid/webhooks/identification_requests_controller.rb
+++ b/app/controllers/eeid/webhooks/identification_requests_controller.rb
@@ -14,9 +14,10 @@ module Eeid
       # POST /eeid/webhooks/identification_requests
       def create
         return render_unauthorized unless ip_whitelisted?
-        return render_invalid_signature unless valid_hmac_signature?(request.headers['X-HMAC-Signature'])
 
         contact = Contact.find_by_code(permitted_params[:reference])
+        return render_invalid_signature unless valid_hmac_signature?(contact.ident_type, request.headers['X-HMAC-Signature'])
+
         poi = catch_poi(contact)
         verify_contact(contact)
         inform_registrar(contact, poi)
@@ -39,8 +40,8 @@ module Eeid
         render json: { error: 'Invalid HMAC signature' }, status: :unauthorized
       end
 
-      def valid_hmac_signature?(hmac_signature)
-        secret = ENV['ident_service_client_secret']
+      def valid_hmac_signature?(ident_type, hmac_signature)
+        secret = ENV["#{ident_type}_ident_service_client_secret"]
         computed_signature = OpenSSL::HMAC.hexdigest('SHA256', secret, request.raw_post)
         ActiveSupport::SecurityUtils.secure_compare(computed_signature, hmac_signature)
       end