Flowdock
method

authenticated?

Importance_0
v6.1.3.1 - Show latest stable - 0 notes - Class: InboundEmailsController
authenticated?() private

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

Hide source
# File actionmailbox/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb, line 63
      def authenticated?
        if key.present?
          Authenticator.new(
            key:       key,
            timestamp: params.require(:timestamp),
            token:     params.require(:token),
            signature: params.require(:signature)
          ).authenticated?
        else
          raise ArgumentError, <<~MESSAGE.squish
            Missing required Mailgun Signing key. Set action_mailbox.mailgun_signing_key in your application's
            encrypted credentials or provide the MAILGUN_INGRESS_SIGNING_KEY environment variable.
          MESSAGE
        end
      end

      def key
        if Rails.application.credentials.dig(:action_mailbox, :mailgun_api_key)
          ActiveSupport::Deprecation.warn(<<-MSG.squish)
            Rails.application.credentials.action_mailbox.api_key is deprecated and will be ignored in Rails 6.2.
            Use Rails.application.credentials.action_mailbox.signing_key instead.
          MSG
          Rails.application.credentials.dig(:action_mailbox, :mailgun_api_key)
        elsif ENV["MAILGUN_INGRESS_API_KEY"]
          ActiveSupport::Deprecation.warn(<<-MSG.squish)
            The MAILGUN_INGRESS_API_KEY environment variable is deprecated and will be ignored in Rails 6.2.
            Use MAILGUN_INGRESS_SIGNING_KEY instead.
          MSG
          ENV["MAILGUN_INGRESS_API_KEY"]
        else
          Rails.application.credentials.dig(:action_mailbox, :mailgun_signing_key) || ENV["MAILGUN_INGRESS_SIGNING_KEY"]
        end
      end

      class Authenticator
        attr_reader :key, :timestamp, :token, :signature

        def initialize(key:, timestamp:, token:, signature:)
          @key, @timestamp, @token, @signature = key, Integer(timestamp), token, signature
        end

        def authenticated?
          signed? && recent?
        end

        private
          def signed?
            ActiveSupport::SecurityUtils.secure_compare signature, expected_signature
          end

          # Allow for 2 minutes of drift between Mailgun time and local server time.
          def recent?
            Time.at(timestamp) >= 2.minutes.ago
          end

          def expected_signature
            OpenSSL::HMAC.hexdigest OpenSSL::Digest::SHA256.new, key, "#{timestamp}#{token}"
          end
      end
  end
end
Register or log in to add new notes.