method

authenticated?

v6.0.0 - Show latest stable - 0 notes - Class: InboundEmailsController

1.0.0
1.1.6
1.2.6
2.0.3
2.1.0
2.2.1
2.3.2
2.3.8
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1
5.1.7
5.2.3
6.0.0 (0)
6.1.3.1 (0)
What's this?

authenticated?() private

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

# File actionmailbox/app/controllers/action_mailbox/ingresses/mandrill/inbound_emails_controller.rb, line 42
      def authenticated?
        if key.present?
          Authenticator.new(request, key).authenticated?
        else
          raise ArgumentError, <<~MESSAGE.squish
            Missing required Mandrill API key. Set action_mailbox.mandrill_api_key in your application's
            encrypted credentials or provide the MANDRILL_INGRESS_API_KEY environment variable.
          MESSAGE
        end
      end

      def key
        Rails.application.credentials.dig(:action_mailbox, :mandrill_api_key) || ENV["MANDRILL_INGRESS_API_KEY"]
      end

      class Authenticator
        attr_reader :request, :key

        def initialize(request, key)
          @request, @key = request, key
        end

        def authenticated?
          ActiveSupport::SecurityUtils.secure_compare given_signature, expected_signature
        end

        private
          def given_signature
            request.headers["X-Mandrill-Signature"]
          end

          def expected_signature
            Base64.strict_encode64 OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new, key, message)
          end

          def message
            request.url + request.POST.sort.flatten.join
          end
      end
  end
end

authenticated?

Related methods

No documentation

Flowdock - Team Inbox With Chat for Software Developers