zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-30 06:26:15 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixed identification request webhook

Browse source
This commit is contained in:
tsoganov 2025-01-28 10:41:54 +02:00
parent 8b872b4a14
commit 8ed720b383
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/eeid/webhooks/identification_requests_controller.rb
View file

@ -14,9 +14,10 @@ module Eeid
# POST /eeid/webhooks/identification_requests # POST /eeid/webhooks/identification_requests
def create def create
return render_unauthorized unless ip_whitelisted? return render_unauthorized unless ip_whitelisted?
return render_invalid_signature unless valid_hmac_signature?(request.headers['X-HMAC-Signature'])
contact = Contact.find_by_code(permitted_params[:reference]) contact = Contact.find_by_code(permitted_params[:reference])
return render_invalid_signature unless valid_hmac_signature?(contact.ident_type, request.headers['X-HMAC-Signature'])
poi = catch_poi(contact) poi = catch_poi(contact)
verify_contact(contact) verify_contact(contact)
inform_registrar(contact, poi) inform_registrar(contact, poi)
@ -39,8 +40,8 @@ module Eeid
render json: { error: 'Invalid HMAC signature' }, status: :unauthorized render json: { error: 'Invalid HMAC signature' }, status: :unauthorized
end end
def valid_hmac_signature?(hmac_signature) def valid_hmac_signature?(ident_type, hmac_signature)
secret = ENV['ident_service_client_secret'] secret = ENV["#{ident_type}_ident_service_client_secret"]
computed_signature = OpenSSL::HMAC.hexdigest('SHA256', secret, request.raw_post) computed_signature = OpenSSL::HMAC.hexdigest('SHA256', secret, request.raw_post)
ActiveSupport::SecurityUtils.secure_compare(computed_signature, hmac_signature) ActiveSupport::SecurityUtils.secure_compare(computed_signature, hmac_signature)
end end