lib/pagarme/resources/postback.rb in pagarme-2.1.0 vs lib/pagarme/resources/postback.rb in pagarme-2.1.1
- old
+ new
@@ -1,15 +1,32 @@
module PagarMe
class Postback < PagarMeObject
def valid?
- self.class.validate id, fingerprint
+ signature == self.class.signature(payload)
end
- def self.validate(id, fingerprint)
- fingerprint_for(id) == fingerprint
- end
+ class << self
+ def valid_request_signature?(payload, signature)
+ kind, raw_signature = signature.split '=', 2
+ return false if kind.blank? || raw_signature.blank?
+ signature(payload, kind) == raw_signature
+ end
+ alias :validate_request_signature :valid_request_signature?
- def self.fingerprint_for(id)
- Digest::SHA1.hexdigest id.to_s + "#" + PagarMe.api_key
+ def signature(payload, hash_method = 'sha1')
+ OpenSSL::HMAC.hexdigest hash_method, PagarMe.api_key, payload
+ end
+
+ # TODO: Remove deprecated Postback.validate
+ def validate(id, fingerprint)
+ $stderr.puts '[DEPRECATION WARNING] PagarMe.validate method is deprecated, use PagarMe.validate_request_signature instead'
+ valid_request_signature? id, fingerprint
+ end
+
+ # TODO: Remove deprecated Postback.fingerprint_for
+ def fingerprint_for(id)
+ $stderr.puts '[DEPRECATION WARNING] PagarMe.fingerprint_for method is deprecated, use PagarMe.signature instead'
+ signature id
+ end
end
end
end