Class: SlackMsgr::Authenticate

Inherits:

Object

• Object
• SlackMsgr::Authenticate

Defined in:

lib/slack_msgr/authenticate.rb

Overview

Handles various authentication patterns offered by Slack

Class Method Summary

• .signing_secret?(request) ⇒ Boolean
• .verification_token?(token) ⇒ Boolean

Class Method Details

.signing_secret?(request) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/slack_msgr/authenticate.rb', line 11

def signing_secret?(request)
  signature = request.headers['X-Slack-Signature']
  timestamp = request.headers['X-Slack-Request-Timestamp']
  version   = signature.split('=').first
  body      = request.body.read

  # The request timestamp is more than five minutes from local time.
  # It could be a replay attack, so let's ignore it.
  return false if timestamp_over_five_minutes_old?(timestamp)

  signature == "#{version}=#{compute_hash_sha256(version, timestamp, body)}"
end

.verification_token?(token) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/slack_msgr/authenticate.rb', line 7

def verification_token?(token)
  token == SlackMsgr.configuration.verification_token
end