From f76222763d35dd1414db97cb735c717d691285c0 Mon Sep 17 00:00:00 2001 From: FreneticScribbler Date: Tue, 27 Jun 2023 00:05:30 +0100 Subject: [PATCH] Try again at signing --- RIGS/views/rigboard.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/RIGS/views/rigboard.py b/RIGS/views/rigboard.py index 102fe56f..31e99568 100644 --- a/RIGS/views/rigboard.py +++ b/RIGS/views/rigboard.py @@ -4,6 +4,7 @@ import re import premailer import simplejson import urllib +import hmac from envparse import env from bs4 import BeautifulSoup @@ -407,8 +408,8 @@ class RecieveForumWebhook(generic.View): return super().dispatch(request, *args, **kwargs) def post(self, request, *args, **kwargs): - signer = signing.Signer(key=env('FORUM_WEBHOOK_SECRET')) - if request.POST.get('X-Discourse-Event-Signature') == signer.sign(request.body): + computed = f"sha256={hmac.new(env('FORUM_WEBHOOK_SECRET'), request.body).hexdigest()}" + if request.POST.get('X-Discourse-Event-Signature') == computed: # and request.POST.get('X-Discourse-Event') == "topic_created": body = json.loads(request.body.decode('utf-8')) event_id = int(body['title'][1:5]) # find the ID, force convert it to an int to eliminate leading zeros event = models.Event.objects.filter(pk=event_id).first()