Class: Slackened::Authentication::Request

Inherits:

Object

• Object
• Slackened::Authentication::Request

Defined in:

lib/slackened/authentication/request.rb

Instance Attribute Summary

• #body ⇒ Object readonly

  Returns the value of attribute body.

• #signature ⇒ Object readonly

  Returns the value of attribute signature.

• #timestamp ⇒ Object readonly

  Returns the value of attribute timestamp.

Instance Method Summary

• #initialize(timestamp:, signature:, body:) ⇒ Request constructor

  A new instance of Request.

• #stale? ⇒ Boolean

  The signature depends on the timestamp to protect against replay attacks.

• #valid? ⇒ Boolean

  Slack creates a unique string for your app and shares it with you.

Constructor Details

#initialize(timestamp:, signature:, body:) ⇒ Request

Returns a new instance of Request.

# File 'lib/slackened/authentication/request.rb', line 9

def initialize(timestamp:, signature:, body:)
	@timestamp = timestamp.to_i
	@signature = signature
	@body = body
end

Instance Attribute Details

#body ⇒ Object (readonly)

Returns the value of attribute body.

# File 'lib/slackened/authentication/request.rb', line 7

def body
  @body
end

#signature ⇒ Object (readonly)

Returns the value of attribute signature.

# File 'lib/slackened/authentication/request.rb', line 7

def signature
  @signature
end

#timestamp ⇒ Object (readonly)

Returns the value of attribute timestamp.

# File 'lib/slackened/authentication/request.rb', line 7

def timestamp
  @timestamp
end

Instance Method Details

#stale? ⇒ Boolean

The signature depends on the timestamp to protect against replay attacks. While you’re extracting the timestamp, check to make sure that the request occurred recently. In this example, we verify that the timestamp does not differ from local time by more than five minutes. api.slack.com/authentication/verifying-requests-from-slack

Returns:

• (Boolean)

# File 'lib/slackened/authentication/request.rb', line 19

def stale?
	# is it less than 5 minutes old?
	five_minutes_ago = Time.now - 60 * 5

	Time.at(@timestamp) > five_minutes_ago
end

#valid? ⇒ Boolean

Slack creates a unique string for your app and shares it with you. Verify requests from Slack with confidence by verifying signatures using your signing secret. api.slack.com/authentication/verifying-requests-from-slack

Returns:

• (Boolean)

# File 'lib/slackened/authentication/request.rb', line 29

def valid?
	return false if stale?

	sig_basestring = "v0:#{@timestamp}:#{@body}"

	secret = Slackened.configuration.signing_secret

	digest = OpenSSL::HMAC.hexdigest('SHA256', secret, sig_basestring)

	@signature == "v0=#{digest}"
end