Skip to content
Snippets Groups Projects
Commit a7e5183e authored by Marco Holz's avatar Marco Holz
Browse files

Add validate-callback.py

parent 7673ee24
No related branches found
No related tags found
1 merge request!3Callback validation script
# SPDX-FileCopyrightText: 2021 Marco Holz
#
# SPDX-License-Identifier: EUPL-1.2
import base64
import hmac
import secrets
import sys
import time
from hashlib import sha512
CALLBACK_SECRET = secrets.token_urlsafe(32)
CALLBACK_SECRET = 'insecure_unsafe_qHScgrg_kP-R31jHUwp3GkVkGJolvBchz65b74Lzue0'
request = {
'body': '{"type":"https://schema.fitko.de/fit-connect/callbacks/new-submissions","submissionIds":["f39ab143-d91a-474a-b69f-b00f1a1873c2"]}',
'headers': {
'callback-authentication': 'f4eig0ht6hdlsfz6DVqGjXi1j3RAombIQ7vjG1M2TFZx1fGurzg1nOEh00lPfLEulhio1RyTOav1e1aMi69SRg==',
'callback-timestamp': 1672527599,
}
}
# 1. Check timestamp
current_time_epoch = int(time.time())
seconds_five_minutes = 60 * 5
if current_time_epoch - request['headers']['callback-timestamp'] > seconds_five_minutes:
print('Error: timestamp too old')
sys.exit(1)
else:
print('timestamp ok')
# 2. generate hmac
payload = str(request['headers']['callback-timestamp']) + '.' + request['body']
expected_hmac = hmac.digest(CALLBACK_SECRET.encode("utf-8"), payload.encode("utf-8"), digest=sha512)
expected_hmac_base64 = base64.b64encode(expected_hmac).decode()
print('hmac', expected_hmac_base64)
# 3. Compare generated hmac and `callback-authentication` header
if not hmac.compare_digest(request['headers']['callback-authentication'], expected_hmac_base64):
print('Error: invalid hmac')
sys.exit(2)
else:
print('hmac ok')
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment