-
-
Notifications
You must be signed in to change notification settings - Fork 199
Access to params #139
Comments
Best way to do that at this point would be to override the Griddler::EmailsController and throw in a |
Thanks for getting back to me! What you say sounds very good but is a little outside my skill level (I don't know how to override the Griddler::EmailsController). Unless it's easy for you to explain or demonstrate I might just wait until a future version of the gem. |
You'd reopen the |
Full example: # in app/controllers/griddler/emails_controller.rb
class Griddler::EmailsController
before_filter :verify_webhook
private
def verify_webhook
# write your verification method here
end
end |
Thanks - thats great to get me started - here is where I am at: require 'openssl'
class Griddler::EmailsController
before_filter :verify_webhook
private
def verify_webhook
signature = params[:signature]
timestamp = params[:timestamp]
token = params[:token]
api_key = ENV['MAILGUN_API_KEY']
return signature == OpenSSL::HMAC.hexdigest(
OpenSSL::Digest::Digest.new('sha256'),
api_key,
'%s%s' % [timestamp, token])
end
end But it's giving me: * [out :: 119.9.20.198] undefined method `before_filter' for Griddler::EmailsController:Class |
Before we get too far, you don't want to return true/false, you need to redirect or render, as in my original suggestion. try |
@calebthompson thanks so much but is there any chance you could elaborate your last response? Really keen to get this working otherwise there is no way for me to stop others from posting to the application... |
TL;DR, the Rails docs will be really helpful in this for you: http://guides.rubyonrails.org/action_controller_overview.html#filters Briefly, before_filters in controllers, unlike before_* in models, don't stop a workflow just because they return false. In a before_save, if you returned false from a callback then the model wouldn't save, but that's not how it works with controllers. In a controller, you'll need to So after you check the signature, you'd probably want to use something like |
Unfortunately, the way Rails 4 (and I think 3?) isolate Engines, you can't just re-open the controller. I just tried the recommendations above and it results in:
It appears that because I have now defined What worked for me was inheriting # in config/routes.rb
post '/incoming_email' => 'griddler/custom_emails#create'
# in app/controllers/griddler/custom_emails_controller.rb
class Griddler::CustomEmailsController < Griddler::EmailsController
before_action :foo
private
def foo
# do something
end
end However, while this is a good way to deal with authentication, it still doesn't provide my email processor class with access to the full set of original params. For example, with Mailgun, they post additional things like their own version of the stripped out body and signature (vs. letting griddler do this). It would be nice to have access to all of those params just in case. Is there any reason/potential downside to just making the |
@dmarkow I'm confused - since it's a subclass, |
Yes, It feels to me that the def process_email(email)
EmailProcessor.new(email, params).process
end |
Is there a way to access the params from the original HTTP post from mailgun?
I want to access params[:timestamp], params[:token] and params[:signature] to allow me to verify the web hooks.
See "Securing Webhooks" at http://documentation.mailgun.com/user_manual.html#webhooks
The text was updated successfully, but these errors were encountered: