Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2025-12-16 15:20:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix CloudMailin signature digest calculation

Browse source 
Adopt current (deprecated) code from
http://docs.cloudmailin.com/receiving_email/securing_your_email_url_target/

Fixes #1402
This commit is contained in:
Dan Rice 2014-09-08 00:29:22 -04:00
parent 5f98697210
commit 45232cd2dd
1 changed files with 15 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

16
app/controllers/integrations_controller.rb
View file

@ -53,10 +53,24 @@ class IntegrationsController < ApplicationController
def verify_cloudmailin_signature
provided = request.request_parameters.delete(:signature)
signature = Digest::MD5.hexdigest(request.request_parameters.sort{|a,b| a[0].to_s <=> b[0].to_s}.map{|k,v| v}.join + SITE_CONFIG['cloudmailin'])
signature = Digest::MD5.hexdigest(flatten_params(request.request_parameters).sort.map{|k,v| v}.join + SITE_CONFIG['cloudmailin'])
return provided == signature
end
def flatten_params(params, title = nil, result = {})
params.each do |key, value|
if value.kind_of?(Hash)
key_name = title ? "#{title}[#{key}]" : key
flatten_params(value, key_name, result)
else
key_name = title ? "#{title}[#{key}]" : key
result[key_name] = value
end
end
return result
end
def get_applescript(partial_name)
context = current_user.contexts.find params[:context_id]
render :partial => partial_name, :locals => { :context => context }