Release v0.15.3.pre

* bug-fixes * Add `URI.decode` on signature validation
ePages-de · Jun 18, 2020 · 480a72b · 480a72b
1 parent fa4c60d
commit 480a72b
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,8 @@
+### v0.15.3.pre
+
+* bug-fixes
+  * Add `URI.decode` on signature validation
+
 ### v0.15.2.pre
 
 * bug-fixes

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    beyond_canvas (0.15.2.pre)
+    beyond_canvas (0.15.3.pre)
       beyond_api (~> 0.8)
       bourbon (~> 5.1)
       colorize (~> 0.8)
@@ -46,7 +46,7 @@ GEM
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.0)
-    beyond_api (0.11.0.pre)
+    beyond_api (0.11.1.pre)
       faraday (~> 0.15)
     bourbon (5.1.0)
       sass (~> 3.4)
@@ -74,7 +74,7 @@ GEM
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    loofah (2.5.0)
+    loofah (2.6.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)

diff --git a/app/controllers/concerns/beyond_canvas/request_validation.rb b/app/controllers/concerns/beyond_canvas/request_validation.rb
@@ -31,7 +31,7 @@ def app_installation_data
     def valid_signature?(signature, data, secret)
       digest = OpenSSL::Digest.new('SHA1')
       hmac = OpenSSL::HMAC.digest(digest, secret, data)
-      signature == Base64.encode64(hmac).chop
+      URI.decode(signature) == Base64.encode64(hmac).chop
     end
   end
 end
diff --git a/lib/beyond_canvas/version.rb b/lib/beyond_canvas/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BeyondCanvas
-  VERSION = '0.15.2.pre'
+  VERSION = '0.15.3.pre'
 end