Class: Telesign::Util

Inherits:

Object

• Object
• Telesign::Util

Defined in:

lib/telesign/util.rb

Class Method Summary

• .random_with_n_digits(n) ⇒ Object

Instance Method Summary

• #verify_telesign_callback_signature(api_key, signature, json_str) ⇒ Object

  Verify that a callback was made by TeleSign and was not sent by a malicious client by verifying the signature.

Class Method Details

.random_with_n_digits(n) ⇒ Object

# File 'lib/telesign/util.rb', line 8

def self.random_with_n_digits(n)
  n.times.map { SecureRandom.random_number(10) }.join
end

Instance Method Details

#verify_telesign_callback_signature(api_key, signature, json_str) ⇒ Object

Verify that a callback was made by TeleSign and was not sent by a malicious client by verifying the signature.

• api_key - the TeleSign API api_key associated with your account.

• signature - the TeleSign Authorization header value supplied in the callback, as a string.

• json_str - the POST body text, that is, the JSON string sent by TeleSign describing the transaction status.

# File 'lib/telesign/util.rb', line 17

def verify_telesign_callback_signature(api_key, signature, json_str)

  digest = OpenSSL::Digest.new('sha256')
  key = Base64.decode64(api_key)

  your_signature = Base64.encode64(OpenSSL::HMAC.digest(digest, key, json_str)).strip

  unless signature.length == your_signature.length
    return false
  end

  # avoid timing attack with constant time equality check
  signatures_equal = true
  signature.split('').zip(your_signature.split('')).each do |x, y|
    unless x == y
      signatures_equal = false
    end
  end

  signatures_equal
end