Sha256: 8107f43a50cdfcb772911940709f1585d01df13059ba2555b3aead0154cc216c

Contents?: true

Size: 1.03 KB

Versions: 4

Compression:

Stored size: 1.03 KB

Contents

# frozen_string_literal: true

module BeyondCanvas
  module RequestValidation # :nodoc:
    extend ActiveSupport::Concern

    private

    def validate_app_installation_request!
      bad_request unless app_installation_params? && valid_signature?(params[:signature],
                                                                      app_installation_data,
                                                                      BeyondApi.configuration.client_secret)
    end

    def app_installation_params?
      if params[:code].nil? ||
         params[:signature].nil? ||
         params[:return_url].nil? ||
         params[:api_url].nil? ||
         params[:access_token_url].nil?
        false
      else
        true
      end
    end

    def app_installation_data
      "#{params[:code]}:#{params[:access_token_url]}"
    end

    def valid_signature?(signature, data, secret)
      digest = OpenSSL::Digest.new('SHA1')
      hmac = OpenSSL::HMAC.digest(digest, secret, data)
      signature == Base64.encode64(hmac).chop
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
beyond_canvas-0.15.2.pre app/controllers/concerns/beyond_canvas/request_validation.rb
beyond_canvas-0.15.1.pre app/controllers/concerns/beyond_canvas/request_validation.rb
beyond_canvas-0.15.0.pre app/controllers/concerns/beyond_canvas/request_validation.rb
beyond_canvas-0.14.0.pre app/controllers/concerns/beyond_canvas/request_validation.rb