Module: API::Integrations::Slack::Request
- Defined in:
- lib/api/integrations/slack/request.rb
Constant Summary collapse
- VERIFICATION_VERSION =
'v0'
- VERIFICATION_TIMESTAMP_HEADER =
'X-Slack-Request-Timestamp'
- VERIFICATION_SIGNATURE_HEADER =
'X-Slack-Signature'
- VERIFICATION_DELIMITER =
':'
- VERIFICATION_HMAC_ALGORITHM =
'sha256'
- VERIFICATION_TIMESTAMP_EXPIRY =
1.minute.to_i
Class Method Summary collapse
-
.verify!(request) ⇒ Object
Verify the request by comparing the given request signature in the header with a signature value that we compute according to the steps in: api.slack.com/authentication/verifying-requests-from-slack.
Class Method Details
.verify!(request) ⇒ Object
Verify the request by comparing the given request signature in the header with a signature value that we compute according to the steps in: api.slack.com/authentication/verifying-requests-from-slack.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/api/integrations/slack/request.rb', line 17 def self.verify!(request) return false unless Gitlab::CurrentSettings.slack_app_signing_secret , signature = request.headers.values_at( VERIFICATION_TIMESTAMP_HEADER, VERIFICATION_SIGNATURE_HEADER ) return false if .nil? || signature.nil? return false if Time.current.to_i - .to_i >= VERIFICATION_TIMESTAMP_EXPIRY request.body.rewind basestring = [ VERIFICATION_VERSION, , request.body.read ].join(VERIFICATION_DELIMITER) hmac_digest = OpenSSL::HMAC.hexdigest( VERIFICATION_HMAC_ALGORITHM, Gitlab::CurrentSettings.slack_app_signing_secret, basestring ) # Signature will look like: 'v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503' ActiveSupport::SecurityUtils.secure_compare( signature, "#{VERIFICATION_VERSION}=#{hmac_digest}" ) end |