lib/mandrill/web_hook/processor.rb in mandrill-rails-0.0.4 vs lib/mandrill/web_hook/processor.rb in mandrill-rails-1.0.0

- old
+ new

@@ -1,15 +1,23 @@ class Mandrill::WebHook::Processor - attr_accessor :mandrill_events, :callback_host + attr_accessor :params, :callback_host, :mandrill_events # Command initialise the processor with +params+ Hash. - # +params+ is expected to contain an array of mandrill_events - def initialize(params={}) - @mandrill_events = JSON.parse(params['mandrill_events'] || '[]') + # +params+ is expected to contain an array of mandrill_events. + # +callback_host+ is a handle to the controller making the request. + def initialize(params={},callback_host=nil) + @params = params + @callback_host = callback_host end + def mandrill_events + @mandrill_events ||= JSON.parse(params['mandrill_events'] || '[]') + rescue + @mandrill_events = [] + end + # Command: processes all +mandrill_events+ def run! mandrill_events.each do |raw_payload| event_payload = wrap_payload(raw_payload) handler = "handle_#{event_payload.event_type}".to_sym @@ -24,8 +32,33 @@ end # Returns a suitably ecapsulated +raw_event_payload+ def wrap_payload(raw_event_payload) Mandrill::WebHook::EventDecorator[raw_event_payload] + end + + class << self + + # Returns true if +params+ sent to +original_url+ are authentic given +expected_signature+ and +mandrill_webhook_keys+. + def authentic?(expected_signature, mandrill_webhook_keys, original_url, params) + result = true + Array(mandrill_webhook_keys).each do |key| + signature = generate_signature(key, original_url, params) + result = (signature == expected_signature) + break if result + end + result + end + + # Method described in docs: http://help.mandrill.com/entries/23704122-Authenticating-webhook-requests + def generate_signature(webhook_key, original_url, params) + signed_data = original_url.dup + params.except(:action, :controller).keys.sort.each do |key| + signed_data << key + signed_data << params[key] + end + Base64.encode64("#{OpenSSL::HMAC.digest('sha1', webhook_key, signed_data)}").strip + end + end end