我正在尝试按照Mandrill在这里概述的步骤http://help.mandrill.com/entries/23704122-Authenticating-webhook-requests来验证传入的请求。我已经设置了一个测试请求。在代码中看到的url。我希望此方法返回山魈签名,在这种情况下是H7Zky1B/GShKH4kuQcfUhNrQq+k=,但它每次返回不同的值。我哪里做错了?
php代码示例
function generateSignature($webhook_key, $url, $params) {
$signed_data = $url;
ksort($params);
foreach ($params as $key => $value) {
$signed_data .= $key;
$signed_data .= $value;
}
return base64_encode(hash_hmac('sha1', $signed_data, $webhook_key, true));
}
my ruby code
def valid?(params)
wh_key = "Ny_lzk4zxENbNVezqECBxw"
url = "http://requestb.in/15wvu0y1"
signed_data = url
params.sort.each do |key, value|
signed_data += (key.to_s + value.to_s)
end
digest = OpenSSL::Digest.new('sha1')
Base64.encode64("#{OpenSSL::HMAC.digest(digest,signed_data,wh_key)}")
end
您肯定需要完整的URL,包括开头的http://
。看起来您在倒数第二行传递的参数顺序可能不正确。但是,假设参数已经被格式解码,这应该可以工作:
def valid?(webhook_key, url, params, signature)
data = url
params.sort.each {|k,v| data = url + k + v}
digest = OpenSSL::Digest::Digest.new('sha1')
expected = Base64.encode64(OpenSSL::HMAC.digest(digest, webhook_key, data)).strip
expected == signature
end
这对我有用:
data = "http://my_awesome.com/api/webhook_action"
request.POST.sort_by { |key, value| key.to_i }.each do |key,value|
data += key.to_s.strip
data += value.to_s.strip
end
digest = OpenSSL::Digest::Digest.new('sha1')
expected = Base64.encode64("#{OpenSSL::HMAC.digest(digest,test_key, data)}").strip