async def authenticate(self, request):
company = request.query.get('company', None)
expires = request.query.get('expires', None)
body = f'{company}:{expires}'.encode()
expected_sig = hmac.new(self.settings.user_auth_key, body,
hashlib.sha256).hexdigest()
signature = request.query.get('signature', '-')
if not secrets.compare_digest(expected_sig, signature):
raise JsonErrors.HTTPForbidden('Invalid token',
headers=self.headers)
try:
self.session = Session(company=company, expires=expires)
except ValidationError as e:
raise JsonErrors.HTTPBadRequest(message='Invalid Data',
details=e.errors(),
headers=self.headers)
if self.session.expires < datetime.utcnow().replace(
tzinfo=timezone.utc):
raise JsonErrors.HTTPForbidden('token expired',
headers=self.headers)
async def call(self, request):
try:
event_data = (await request.post())['mandrill_events']
except KeyError:
raise JsonErrors.HTTPBadRequest('"mandrill_events" not found in post data')
sig_generated = base64.b64encode(
hmac.new(
self.app['webhook_auth_key'],
msg=(self.app['mandrill_webhook_url'] + 'mandrill_events' + event_data).encode(),
digestmod=hashlib.sha1,
).digest()
)
sig_given = request.headers.get('X-Mandrill-Signature', '<missing>').encode()
if not hmac.compare_digest(sig_generated, sig_given):
raise JsonErrors.HTTPForbidden('invalid signature')
try:
events = ujson.loads(event_data)
except ValueError as e:
raise JsonErrors.HTTPBadRequest(f'invalid json data: {e}')
await self.redis.enqueue_job('update_mandrill_webhooks', events)
return PreResponse(text='message status updated\n')
async def authenticate(self, request):
auth_token = getattr(self.settings, self.auth_token_field)
if not secrets.compare_digest(
auth_token, request.headers.get('Authorization', '')):
raise JsonErrors.HTTPForbidden('Invalid Authorization header')