Sha256: 4838b338c355573df9933b2a4adba8392d08ee780973f95e29c84da3b67018c2
Contents?: true
Size: 1.46 KB
Versions: 2
Compression:
Stored size: 1.46 KB
Contents
# typed: strict
# frozen_string_literal: true
module Authable
extend T::Sig
include ActionDispatch::Http::Cache::Response
include ActionController::Helpers::ClassMethods
include ActionController::HttpAuthentication::Basic::ControllerMethods
include BodyParameter::YettoParameters
SHA256_DIGEST = OpenSSL::Digest.new("sha256")
sig { void }
def from__app_?
state = params.fetch(:state, "")
_, _, gh_nonce, _, _, _, _ = parse_state(state)
return if ActiveSupport::SecurityUtils.secure_compare((gh_nonce || ""), PLUG_APP_NONCE)
self.status = PlugApp::HTTP::BAD_REQUEST_I
self.response_body = ::ErrorSerializer.format(PlugApp::HTTP::BAD_REQUEST)
return true if response.status == 200
# status is annoyingly set to 401, but we want
# to hide that an issue exists
self.status = PlugApp::HTTP::BAD_REQUEST_I
self.response_body = ::ErrorSerializer.format(PlugApp::HTTP::BAD_REQUEST)
end
sig { void }
def from_yetto?
return bad_request if request.headers.blank?
yetto_signature = request.headers.fetch(Headers::Yetto::HEADER_SIGNATURE, "")
return bad_request unless yetto_signature.start_with?("sha256=")
hmac_header = yetto_signature.split("sha256=").last
body = request.env.fetch("RAW_POST_DATA", "")
calculated_hmac = OpenSSL::HMAC.hexdigest(SHA256_DIGEST, SIGNING_SECRET, body)
return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, hmac_header)
bad_request
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| hephaestus-0.5.0 | templates/app/controllers/concerns/authable.rb |
| hephaestus-0.4.0 | templates/app/controllers/concerns/authable.rb |