Sha256: bb071ac6553cfd97dce5e7006a5f61127e804925d290455c28bb920789e557c2
Contents?: true
Size: 1.46 KB
Versions: 53
Compression:
Stored size: 1.46 KB
Contents
# typed: strict
# frozen_string_literal: true
module Authable
extend T::Sig
include ActionDispatch::Http::Cache::Response
include ActionController::Helpers::ClassMethods
include ActionController::HttpAuthentication::Basic::ControllerMethods
include BodyParameter::YettoParameters
SHA256_DIGEST = OpenSSL::Digest.new("sha256")
sig { void }
def from__app_?
state = params.fetch(:state, "")
_, _, gh_nonce, _, _, _, _ = parse_state(state)
return false if ActiveSupport::SecurityUtils.secure_compare((gh_nonce || ""), PLUG_APP_NONCE)
self.status = PlugApp::HTTP::BAD_REQUEST_I
self.response_body = ::ErrorSerializer.format(PlugApp::HTTP::BAD_REQUEST)
return true if response.status == 200
# status is annoyingly set to 401, but we want
# to hide that an issue exists
self.status = PlugApp::HTTP::BAD_REQUEST_I
self.response_body = ::ErrorSerializer.format(PlugApp::HTTP::BAD_REQUEST)
end
sig { void }
def from_yetto?
return bad_request if request.headers.blank?
yetto_signature = request.headers.fetch(Headers::Yetto::HEADER_SIGNATURE, "")
return bad_request unless yetto_signature.start_with?("sha256=")
hmac_header = yetto_signature.split("sha256=").last
body = request.env.fetch("RAW_POST_DATA", "")
calculated_hmac = OpenSSL::HMAC.hexdigest(SHA256_DIGEST, SIGNING_SECRET, body)
return true if ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, hmac_header)
bad_request
end
end
Version data entries
53 entries across 53 versions & 1 rubygems