Skip to content

Commit

Permalink
Merge pull request #90 from praekeltfoundation/debug-turn-channels
Browse files Browse the repository at this point in the history 
Add debugging to hmac and a way to turn signature verification off
  • Loading branch information
@HawkiesZA
HawkiesZA authored Jan 23, 2025
2 parents b91df83 + 9d4fd6d commit cc139bd
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 7 deletions.
1 change: 1 addition & 0 deletions src/vumi2/applications/turn_channels_api/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
## THIS IS A TEST APPLICATION AND SHOULD NOT BE USED IN PRODUCTION
22 changes: 15 additions & 7 deletions src/vumi2/applications/turn_channels_api/turn_channels_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,13 +184,21 @@ async def http_send_message(self) -> dict[Any, Any]:
if isinstance(request_data, bytes):
request_data = request_data.decode()
# Verify the hmac signature
h = hmac.new(
self.config.secret_key.encode(), request_data.encode(), sha256
).digest()
computed_signature = str(base64.b64encode(h))
signature = request.headers.get("X-Turn-Hook-Signature", "")
if not hmac.compare_digest(computed_signature, signature):
raise SignatureMismatchError()
if self.config.secret_key:
logger.info("Verifying HMAC signature")
h = hmac.new(
self.config.secret_key.encode(),
request_data.encode(),
sha256,
).digest()
computed_signature = str(base64.b64encode(h))
signature = request.headers.get("X-Turn-Hook-Signature", "")
logger.info(
f"Signature from Turn: {signature}."
"Computed: {computed_signature}"
)
if not hmac.compare_digest(computed_signature, signature):
raise SignatureMismatchError()

msg_dict = json.loads(request_data)
except json.JSONDecodeError as e:
Expand Down

0 comments on commit cc139bd

Please sign in to comment.