method
authenticated?
v7.1.3.2 -
Show latest stable
-
0 notes -
Class: InboundEmailsController
- 1.0.0
- 1.1.6
- 1.2.6
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9
- 3.1.0
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0 (0)
- 6.1.3.1 (0)
- 6.1.7.7 (0)
- 7.0.0 (0)
- 7.1.3.2 (0)
- 7.1.3.4 (0)
- What's this?
authenticated?()
private
Hide source
# File actionmailbox/app/controllers/action_mailbox/ingresses/mailgun/inbound_emails_controller.rb, line 64 def authenticated? if key.present? Authenticator.new( key: key, timestamp: params.require(:timestamp), token: params.require(:token), signature: params.require(:signature) ).authenticated? else raise ArgumentError, <<~MESSAGE.squish Missing required Mailgun Signing key. Set action_mailbox.mailgun_signing_key in your application's encrypted credentials or provide the MAILGUN_INGRESS_SIGNING_KEY environment variable. MESSAGE end end def key Rails.application.credentials.dig(:action_mailbox, :mailgun_signing_key) || ENV["MAILGUN_INGRESS_SIGNING_KEY"] end class Authenticator attr_reader :key, :timestamp, :token, :signature def initialize(key:, timestamp:, token:, signature:) @key, @timestamp, @token, @signature = key, Integer(timestamp), token, signature end def authenticated? signed? && recent? end private def signed? ActiveSupport::SecurityUtils.secure_compare signature, expected_signature end # Allow for 2 minutes of drift between Mailgun time and local server time. def recent? Time.at(timestamp) >= 2.minutes.ago end def expected_signature OpenSSL::HMAC.hexdigest OpenSSL::Digest::SHA256.new, key, "#{timestamp}#{token}" end end end end