Sha256: d91e225b0e66f2e66682b0153d45e243447474f73331c72390837b357a3cd1c6
Contents?: true
Size: 1.06 KB
Versions: 9
Compression:
Stored size: 1.06 KB
Contents
module Twilio
module Security
class RequestValidator
def initialize(auth_token = nil)
@auth_token = auth_token || Twilio.auth_token
raise ArgumentError, 'Auth token is required' if @auth_token.nil?
end
def validate(url, params, signature)
expected = build_signature_for url, params
secure_compare(expected, signature)
end
def build_signature_for(url, params)
data = url + params.sort.join
digest = OpenSSL::Digest.new('sha1')
Base64.encode64(OpenSSL::HMAC.digest(digest, @auth_token, data)).strip
end
private
# Compares two strings in constant time to avoid timing attacks.
# Borrowed from ActiveSupport::MessageVerifier.
# https://github.com/rails/rails/blob/master/activesupport/lib/active_support/message_verifier.rb
def secure_compare(a, b)
return false unless a.bytesize == b.bytesize
l = a.unpack("C#{a.bytesize}")
res = 0
b.each_byte { |byte| res |= byte ^ l.shift }
res == 0
end
end
end
end
Version data entries
9 entries across 9 versions & 1 rubygems