lib/bunq/signature.rb in bunq-client-0.1.2 vs lib/bunq/signature.rb in bunq-client-0.2.0
- old
+ new
@@ -1,6 +1,6 @@
-require_relative 'unexpected_response'
+require_relative 'errors'
module Bunq
class Signature
# headers in raw_headers hash in rest client are all lower case
BUNQ_HEADER_PREFIX = 'X-Bunq-'.downcase
@@ -25,17 +25,22 @@
Base64.strict_encode64(signature)
end
def verify!(response)
+ return if skip_signature_check(response.code)
+
sorted_bunq_headers = response.raw_headers.select(&method(:verifiable_header?)).sort.to_h.map { |k, v| "#{k.to_s.split('-').map(&:capitalize).join('-')}: #{v.first}" }
data = %Q{#{response.code}\n#{sorted_bunq_headers.join("\n")}\n\n#{response.body}}
- signature_headers = response.raw_headers.find { |k, _| k.to_s.downcase == BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER }[1]
- fail UnexpectedResponse.new(code: response.code, headers: response.raw_headers, body: response.body) unless signature_headers
+ signature_headers = response.raw_headers.find { |k, _| k.to_s.downcase == BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER }
+ fail AbsentResponseSignature.new(code: response.code, headers: response.raw_headers, body: response.body) unless signature_headers
- signature = Base64.strict_decode64(signature_headers.first)
+ signature_headers_value = signature_headers[1]
+ fail AbsentResponseSignature.new(code: response.code, headers: response.raw_headers, body: response.body) unless signature_headers_value
+
+ signature = Base64.strict_decode64(signature_headers_value.first)
fail UnexpectedResponse.new(code: response.code, headers: response.raw_headers, body: response.body) unless server_public_key.verify(digest, signature, data)
end
private
@@ -60,8 +65,12 @@
end
def verifiable_header?(header_name, _)
_header_name = header_name.to_s.downcase
_header_name.start_with?(BUNQ_HEADER_PREFIX) && _header_name != BUNQ_SERVER_SIGNATURE_RESPONSE_HEADER
+ end
+
+ def skip_signature_check(responseCode)
+ (Bunq::configuration.sandbox && responseCode == 409) || responseCode == 429
end
end
end