Class: DiscoApp::RequestValidationService

Inherits:

Object

• Object
• DiscoApp::RequestValidationService

Defined in:

app/services/disco_app/request_validation_service.rb

Class Method Summary

• .calculated_hmac(query_hash, secret) ⇒ Object

  Return the calculated hmac for the given query hash and secret.

• .hmac_valid?(query_string, secret) ⇒ Boolean

Class Method Details

.calculated_hmac(query_hash, secret) ⇒ Object

Return the calculated hmac for the given query hash and secret.

# File 'app/services/disco_app/request_validation_service.rb', line 10

def self.calculated_hmac(query_hash, secret)
  sorted_params = query_hash.map{ |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join('&')
  OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), secret, sorted_params)
end

.hmac_valid?(query_string, secret) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/services/disco_app/request_validation_service.rb', line 3

def self.hmac_valid?(query_string, secret)
  query_hash = Rack::Utils.parse_query(query_string)
  hmac = query_hash.delete('hmac').to_s
  ActiveSupport::SecurityUtils.secure_compare(calculated_hmac(query_hash, secret), hmac)
end