Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verifying callback requests in Rails? #16

Open
andyadams opened this issue Apr 11, 2017 · 3 comments
Open

Verifying callback requests in Rails? #16

andyadams opened this issue Apr 11, 2017 · 3 comments

Comments

@andyadams
Copy link

Hey team,

I'm trying to verify a Phaxio request in a Rails controller, and I can't quite figure out what I need to be feeding into the Phaxio.valid_callback_signature? method's 3rd argument. I've tried inserting the params method directly, building my own hash, and pretty much every combination I can think of.

For a regular 'received' fax, what format of data should I be providing for the validation method?

FWIW, here's roughly the code I've been using:

file = params[:filename]

if Phaxio.valid_callback_signature?(request.env['HTTP_X_PHAXIO_SIGNATURE'], request.url, params, { name: file.headers['name'], tempfile: file.tempfile } )
# Always returns false, no matter what I put into the 3rd (and 4th) argument
@jnankin
Copy link
Contributor

jnankin commented Apr 16, 2017
edited
Loading

Hi Andy!

There is some finagling that has to be done to get the verification to work correctly in rails. I'm going to add an issue to address creating a method to easily verify callback requests in rails.

Here's what you would have to do currently:

#convert parameters in request to a hash.  
#you don't have to use #to_unsafe_h.  You could explicitly permit the callback params that Phaxio documents
request_params = params.to_unsafe_h

#delete magic params that rails adds to the hash
request_params.delete 'action'
request_params.delete 'controller'
request_params.delete 'filename'

#currently Phaxio only specifies one file in any given callback request.  The parameter name is called 'filename'  If this parameter exists, we generate a hash that #valid_callback_signature? expects

if params.has_key? :filename
file = {
   :name => 'filename',
   :tempfile => params[:filename].tempfile
}
end

#Now we have all the values necessary to perform the check
logger.info "is valid Phaxio callback request? #{Phaxio.valid_callback_signature?(request.headers["X-Phaxio-Signature"], request.original_url,  request_params, file)}"

@jnankin jnankin closed this as completed Apr 16, 2017
@jnankin
Copy link
Contributor

jnankin commented Apr 16, 2017

Going to reopen this and just use this issue to address making rails callback request verification easier.

@jnankin jnankin reopened this Apr 16, 2017
@andyadams
Copy link
Author

Thanks for this info - I will test out the code you provided and look forward to seeing it easier in Rails. If I get some time, I can submit a pull request as well.

@BrianBorge BrianBorge mentioned this issue Dec 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jnankin @andyadams