module ShopifyAPI::Utils::HmacValidator
Public Class Methods
Source
# File lib/shopify_api/utils/hmac_validator.rb, line 13 def validate(verifiable_query) return false unless verifiable_query.hmac result = validate_signature(verifiable_query, Context.api_secret_key) if result || Context.old_api_secret_key.nil? || T.must(Context.old_api_secret_key).empty? result else validate_signature(verifiable_query, T.must(Context.old_api_secret_key)) end end
Private Class Methods
Source
# File lib/shopify_api/utils/hmac_validator.rb, line 34 def compute_signature(signable_string, secret) OpenSSL::HMAC.hexdigest( OpenSSL::Digest.new("sha256"), secret, signable_string, ) end
Source
# File lib/shopify_api/utils/hmac_validator.rb, line 27 def validate_signature(verifiable_query, secret) received_signature = verifiable_query.hmac computed_signature = compute_signature(verifiable_query.to_signable_string, secret) OpenSSL.secure_compare(computed_signature, T.must(received_signature)) end