method

authenticated?

v6.1.7.7 - Show latest stable - 0 notes - Class: InboundEmailsController

1.0.0
1.1.6
1.2.6
2.0.3
2.1.0
2.2.1
2.3.8
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1
5.1.7
5.2.3
6.0.0 (0)
6.1.3.1 (0)
6.1.7.7 (0)
7.0.0 (0)
7.1.3.2 (0)
7.1.3.4 (0)
What's this?

authenticated?() private

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

# File actionmailbox/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb, line 63
      def authenticated?
        if key.present?
          Authenticator.new(
            key:       key,
            timestamp: params.require(:timestamp),
            token:     params.require(:token),
            signature: params.require(:signature)
          ).authenticated?
        else
          raise ArgumentError, <<~MESSAGE.squish
            Missing required Mailgun Signing key. Set action_mailbox.mailgun_signing_key in your application's
            encrypted credentials or provide the MAILGUN_INGRESS_SIGNING_KEY environment variable.
          MESSAGE
        end
      end

      def key
        if Rails.application.credentials.dig(:action_mailbox, :mailgun_api_key)
          ActiveSupport::Deprecation.warn(<<-MSG.squish)
            Rails.application.credentials.action_mailbox.api_key is deprecated and will be ignored in Rails 7.0.
            Use Rails.application.credentials.action_mailbox.signing_key instead.
          MSG
          Rails.application.credentials.dig(:action_mailbox, :mailgun_api_key)
        elsif ENV["MAILGUN_INGRESS_API_KEY"]
          ActiveSupport::Deprecation.warn(<<-MSG.squish)
            The MAILGUN_INGRESS_API_KEY environment variable is deprecated and will be ignored in Rails 7.0.
            Use MAILGUN_INGRESS_SIGNING_KEY instead.
          MSG
          ENV["MAILGUN_INGRESS_API_KEY"]
        else
          Rails.application.credentials.dig(:action_mailbox, :mailgun_signing_key) || ENV["MAILGUN_INGRESS_SIGNING_KEY"]
        end
      end

      class Authenticator
        attr_reader :key, :timestamp, :token, :signature

        def initialize(key:, timestamp:, token:, signature:)
          @key, @timestamp, @token, @signature = key, Integer(timestamp), token, signature
        end

        def authenticated?
          signed? && recent?
        end

        private
          def signed?
            ActiveSupport::SecurityUtils.secure_compare signature, expected_signature
          end

          # Allow for 2 minutes of drift between Mailgun time and local server time.
          def recent?
            Time.at(timestamp) >= 2.minutes.ago
          end

          def expected_signature
            OpenSSL::HMAC.hexdigest OpenSSL::Digest::SHA256.new, key, "#{timestamp}#{token}"
          end
      end
  end
end

authenticated?

Related methods

No documentation