diff --git a/src/vumi2/applications/turn_channels_api/README.md b/src/vumi2/applications/turn_channels_api/README.md new file mode 100644 index 0000000..79e417a --- /dev/null +++ b/src/vumi2/applications/turn_channels_api/README.md @@ -0,0 +1 @@ +## THIS IS A TEST APPLICATION AND SHOULD NOT BE USED IN PRODUCTION \ No newline at end of file diff --git a/src/vumi2/applications/turn_channels_api/turn_channels_api.py b/src/vumi2/applications/turn_channels_api/turn_channels_api.py index de1ba29..d03d291 100644 --- a/src/vumi2/applications/turn_channels_api/turn_channels_api.py +++ b/src/vumi2/applications/turn_channels_api/turn_channels_api.py @@ -184,13 +184,21 @@ async def http_send_message(self) -> dict[Any, Any]: if isinstance(request_data, bytes): request_data = request_data.decode() # Verify the hmac signature - h = hmac.new( - self.config.secret_key.encode(), request_data.encode(), sha256 - ).digest() - computed_signature = str(base64.b64encode(h)) - signature = request.headers.get("X-Turn-Hook-Signature", "") - if not hmac.compare_digest(computed_signature, signature): - raise SignatureMismatchError() + if self.config.secret_key: + logger.info("Verifying HMAC signature") + h = hmac.new( + self.config.secret_key.encode(), + request_data.encode(), + sha256, + ).digest() + computed_signature = str(base64.b64encode(h)) + signature = request.headers.get("X-Turn-Hook-Signature", "") + logger.info( + f"Signature from Turn: {signature}." + "Computed: {computed_signature}" + ) + if not hmac.compare_digest(computed_signature, signature): + raise SignatureMismatchError() msg_dict = json.loads(request_data) except json.JSONDecodeError as e: