Class: ConstantContact::Webhooks::Helpers::Validator

Inherits:

Object

Object
ConstantContact::Webhooks::Helpers::Validator

show all

Defined in:: lib/constantcontact/webhooks/helpers/validator.rb

Class Method Summary collapse

.validate(secret, hmac, data) ⇒ Object

Validate the request received from Constant Contact.

Class Method Details

.validate(secret, hmac, data) ⇒ `Object`

Validate the request received from Constant Contact. Compute the HMAC digest and compare it to the value in the x-ctct-hmac-sha256 header. If they match, you can be sure that the webhook was sent by Constant Contact and the message has not been compromised.

Parameters:

secret (String) —

The Constant Contact secret key
hmac (String) —

The value received in the x-ctct-hmac-sha256 header.
data (String) —

The body message from the POST received from ConstantContact in Webhook callback.

Returns:

true if the computed vs. received values match; false otherwise.

# File 'lib/constantcontact/webhooks/helpers/validator.rb', line 20

def validate(secret, hmac, data)
  digest = OpenSSL::Digest.new('sha256')
  calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, data)).strip
  calculated_hmac == hmac
end

Class: ConstantContact::Webhooks::Helpers::Validator

Class Method Summary collapse

Class Method Details

.validate(secret, hmac, data) ⇒ Object

.validate(secret, hmac, data) ⇒ `Object`