From 09784227a0c8bc4d9cdb0099a7a66adc371cfe04 Mon Sep 17 00:00:00 2001 From: Jeff Hodges Date: Sat, 19 Jun 2021 21:26:11 -0700 Subject: [PATCH 1/3] WIP Add signature verification function --- frameioclient/lib/utils.py | 26 ++++++++++++++++++++++++++ tests/integration.py | 3 +-- tests/test_signature_verification.py | 0 3 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 tests/test_signature_verification.py diff --git a/frameioclient/lib/utils.py b/frameioclient/lib/utils.py index 7f3ef571..f7318412 100644 --- a/frameioclient/lib/utils.py +++ b/frameioclient/lib/utils.py @@ -1,6 +1,8 @@ import re import sys +import hmac import xxhash +import hashlib KB = 1024 MB = KB * KB @@ -125,6 +127,30 @@ def format_headers(token, version): 'x-frameio-client': 'python/{}'.format(version) } + @staticmethod + def verify_signature(curr_time: float, req_time: float, signature: str, body: str, secret: str): + """ + Verify webhook/custom action signature + + :Args: + curr_time (float): Current epoch time + req_time (float): Request epoch time + signature (str): Signature provided by the frame.io API for the given request + body (str): Webhook body from the received POST + secret (str): The secret for this custom action/webhook that you saved when you first created it + """ + if int(curr_time) - int(req_time) < 500: + message = 'v0:{}:{}'.format(req_time, body) + calculated_signature = 'v0={}'.format(hmac.new( + bytes(secret, 'latin-1'), + msg=bytes(message, 'latin-1'), + digestmod=hashlib.sha256).hexdigest()) + if calculated_signature == signature: + return True + else: + return False + else: + return False class PaginatedResponse(object): def __init__(self, results=[], limit=None, page_size=0, total=0, diff --git a/tests/integration.py b/tests/integration.py index 42f7be82..7672eb85 100644 --- a/tests/integration.py +++ b/tests/integration.py @@ -3,10 +3,9 @@ import json import time import socket -import platform -import mimetypes import shutil import requests +import platform from math import ceil from pprint import pprint, pformat diff --git a/tests/test_signature_verification.py b/tests/test_signature_verification.py new file mode 100644 index 00000000..e69de29b From a74dbfd6aa287a2ed5fc5f8fb04ffe99f26cf3d9 Mon Sep 17 00:00:00 2001 From: Jeff Hodges Date: Sat, 19 Jun 2021 21:31:18 -0700 Subject: [PATCH 2/3] Remove type hints to maintain python 2 compatibility for now --- frameioclient/lib/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frameioclient/lib/utils.py b/frameioclient/lib/utils.py index f7318412..6cffa9cd 100644 --- a/frameioclient/lib/utils.py +++ b/frameioclient/lib/utils.py @@ -128,7 +128,7 @@ def format_headers(token, version): } @staticmethod - def verify_signature(curr_time: float, req_time: float, signature: str, body: str, secret: str): + def verify_signature(curr_time, req_time, signature, body, secret): """ Verify webhook/custom action signature From 301beac7010a30a76f932093257f0d459418bd56 Mon Sep 17 00:00:00 2001 From: Jeff Date: Mon, 13 May 2024 17:58:11 -0700 Subject: [PATCH 3/3] Update frameioclient/lib/utils.py Co-authored-by: Lezou Dali --- frameioclient/lib/utils.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/frameioclient/lib/utils.py b/frameioclient/lib/utils.py index 6cffa9cd..1d101904 100644 --- a/frameioclient/lib/utils.py +++ b/frameioclient/lib/utils.py @@ -147,10 +147,7 @@ def verify_signature(curr_time, req_time, signature, body, secret): digestmod=hashlib.sha256).hexdigest()) if calculated_signature == signature: return True - else: - return False - else: - return False + return False class PaginatedResponse(object): def __init__(self, results=[], limit=None, page_size=0, total=0,