Skip to content

Changed Webhook Auth Logic #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dev-prakhar merged 2 commits into from
Jan 26, 2022
Merged

Changed Webhook Auth Logic #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
47e3a46
Changed Webhook Auth Logic
dev-prakhar Jan 26, 2022
52f7909
Updated Readme
dev-prakhar Jan 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ SmoothCodeAuth(request_hmac, client_secret).is_dashboard_request(shop) # returns
from smoothcode_auth import SmoothCodeAuth

# SmoothCode sends hmac in the Authorization Header of the request
# It is hmac of the webhook data signed by your App Client Secret
# It is hmac of the webhook id signed by your App Client Secret

SmoothCodeAuth(request_hmac, client_secret).is_webhook_request(webhook_data) # returns True if the request is valid
```
Expand Down
2 changes: 1 addition & 1 deletion smoothcode_auth/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@

from .auth import SmoothCodeAuth

__version__ = '0.0.2'
__version__ = '0.0.3'
4 changes: 2 additions & 2 deletions smoothcode_auth/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,5 @@ def is_dashboard_request(self, shop: str):
return generate_hmac(self.client_secret, shop) == self.hmac

def is_webhook_request(self, webhook_data: dict):
stringfied_webhook_data = json.dumps(webhook_data, separators=(',', ':'))
return generate_hmac(self.client_secret, stringfied_webhook_data) == self.hmac
webhook_id = webhook_data.get('id')
return generate_hmac(self.client_secret, str(webhook_id)) == self.hmac
6 changes: 3 additions & 3 deletions tests/test_auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ def test_is_dashboard_request_with_incorrect_data(self):

def test_is_webhook_request_with_correct_data(self):
client_secret = 'client_secret'
request_hmac = '656718377faf656ccc037d8607ebfe3434197981aa1362db81210252ce92cd5c'
assert SmoothCodeAuth(request_hmac, client_secret).is_webhook_request({'request': 'webhook'})
request_hmac = '3999c5c10e23bee670e28ad67f446ac5e7b9c47ca1ee39c4bdf0c7bf056f8d71'
assert SmoothCodeAuth(request_hmac, client_secret).is_webhook_request({'id': 1235643534})

def test_is_webhook_request_with_incorrect_data(self):
client_secret = 'client_secret'
request_hmac = 'request_hmac'
assert not SmoothCodeAuth(request_hmac, client_secret).is_webhook_request({'request': 'webhook'})
assert not SmoothCodeAuth(request_hmac, client_secret).is_webhook_request({'id': 'webhook'})