Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adds rack middleware to make request verification easier in rack apps. #428

Merged
merged 6 commits into from
Jun 23, 2020
Merged

feat: adds rack middleware to make request verification easier in rack apps. #428

merged 6 commits into from
Jun 23, 2020

Conversation

philnash
Copy link
Contributor

This adds a class that can be used to verify requests with a public key in rack applications like Rails or Sinatra. This was based on my work on the twilio-ruby rack middleware here.

This also changed the class to fail verification if an error was thrown. In the case where a signature was missing, OpenSSL would throw an error instead of returning false for a invalid signature. I think it's more appropriate for the verification to fail than to throw an error at this point, especially since the error came from OpenSSL and wasn't otherwise clear.

Checklist

  • I acknowledge that all my contributions will be made under the project's license
  • I have made a material change to the repo (functionality, testing, spelling, grammar)
  • I have read the Contribution Guidelines and my PR follows them
  • I have titled the PR appropriately
  • I have updated my branch with the master branch
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation about the functionality in the appropriate .md file
  • I have added inline documentation to the code I modified

@thinkingserious thinkingserious added the status: code review request requesting a community code review or review from Twilio label Jun 22, 2020
@philnash
Copy link
Contributor Author

This probably wants another look after #427 is merged just to make sure.

@philnash
Adds rack middleware to make request verification easier in rack apps.
532c24f 
This adds a  class that can be used to verify requests with a public key in rack applications like Rails or Sinatra.
This also changed the  class to fail verification if an error was thrown. In the case where a signature was missing, OpenSSL would throw an error instead of returning false for a invalid signature.
@philnash philnash force-pushed the rack-middleware-webhook-validation branch from 292c6e4 to 532c24f Compare June 23, 2020 00:46
childish-sambino
childish-sambino approved these changes Jun 23, 2020
View reviewed changes
Copy link
Contributor

@childish-sambino childish-sambino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🏅

@childish-sambino childish-sambino merged commit 6239298 into sendgrid:master Jun 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@childish-sambino childish-sambino childish-sambino approved these changes

Assignees
No one assigned
Labels
status: code review request requesting a community code review or review from Twilio
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@philnash @childish-sambino @thinkingserious