Skip to content

Commit 98b3b92

Browse files
box-sdk-buildbox-sdk-build
authored
feat: Improve webhook validation checks (box/box-codegen#745) (#647)
1 parent 7915151 commit 98b3b92

File tree

4 files changed

+42
-38
lines changed

4 files changed

+42
-38
lines changed

.codegen.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{ "engineHash": "fe0e7f5", "specHash": "83a5340", "version": "1.16.0" }
1+
{ "engineHash": "c7328b5", "specHash": "83a5340", "version": "1.16.0" }

package-lock.json

Lines changed: 6 additions & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/managers/webhooks.generated.ts

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -680,7 +680,8 @@ export class WebhooksManager {
680680
return false;
681681
}
682682
if (
683-
primaryKey &&
683+
!(primaryKey == void 0) &&
684+
!(headers['box-signature-primary'] == void 0) &&
684685
(await compareSignatures(
685686
await computeWebhookSignature(body, headers, primaryKey, false),
686687
headers['box-signature-primary'],
@@ -689,7 +690,8 @@ export class WebhooksManager {
689690
return true;
690691
}
691692
if (
692-
primaryKey &&
693+
!(primaryKey == void 0) &&
694+
!(headers['box-signature-primary'] == void 0) &&
693695
(await compareSignatures(
694696
await computeWebhookSignature(body, headers, primaryKey, true),
695697
headers['box-signature-primary'],
@@ -698,7 +700,8 @@ export class WebhooksManager {
698700
return true;
699701
}
700702
if (
701-
secondaryKey &&
703+
!(secondaryKey == void 0) &&
704+
!(headers['box-signature-secondary'] == void 0) &&
702705
(await compareSignatures(
703706
await computeWebhookSignature(body, headers, secondaryKey, false),
704707
headers['box-signature-secondary'],
@@ -707,7 +710,8 @@ export class WebhooksManager {
707710
return true;
708711
}
709712
if (
710-
secondaryKey &&
713+
!(secondaryKey == void 0) &&
714+
!(headers['box-signature-secondary'] == void 0) &&
711715
(await compareSignatures(
712716
await computeWebhookSignature(body, headers, secondaryKey, true),
713717
headers['box-signature-secondary'],

src/test/webhooks.generated.test.ts

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -139,39 +139,39 @@ test('testWebhookValidation', async function testWebhookValidation(): Promise<an
139139
['box-signature-version']: '1',
140140
};
141141
const headersWithJapanese: {
142-
readonly [key: string]: any;
142+
readonly [key: string]: string;
143143
} = {
144144
...headers,
145145
...{
146146
['box-signature-primary']: 'LV2uCu+5NJtIHrCXDYgZ0v/PP5THGRuegw3RtdnEyuE=',
147147
},
148148
};
149149
const headersWithEmoji: {
150-
readonly [key: string]: any;
150+
readonly [key: string]: string;
151151
} = {
152152
...headers,
153153
...{
154154
['box-signature-primary']: 'xF/SDZosX4le+v4A0Qn59sZhuD1RqY5KRUKzVMSbh0E=',
155155
},
156156
};
157157
const headersWithCarriageReturn: {
158-
readonly [key: string]: any;
158+
readonly [key: string]: string;
159159
} = {
160160
...headers,
161161
...{
162162
['box-signature-primary']: 'SVkbKgy3dEEf2PbbzpNu2lDZS7zZ/aboU7HOZgBGrJk=',
163163
},
164164
};
165165
const headersWithForwardSlash: {
166-
readonly [key: string]: any;
166+
readonly [key: string]: string;
167167
} = {
168168
...headers,
169169
...{
170170
['box-signature-primary']: 't41PWT5ZB6OcysnD6SDy9Ud+p9hdXxIdXqcdweyZv/Q=',
171171
},
172172
};
173173
const headersWithBackSlash: {
174-
readonly [key: string]: any;
174+
readonly [key: string]: string;
175175
} = {
176176
...headers,
177177
...{
@@ -188,96 +188,96 @@ test('testWebhookValidation', async function testWebhookValidation(): Promise<an
188188
epochSecondsToDateTime(getEpochTimeInSeconds() - 1200),
189189
);
190190
const headersWithCorrectDatetime: {
191-
readonly [key: string]: any;
191+
readonly [key: string]: string;
192192
} = {
193193
...headers,
194194
...{
195195
['box-delivery-timestamp']: currentDatetime,
196-
['box-signature-primary']: await computeWebhookSignature(
196+
['box-signature-primary']: (await computeWebhookSignature(
197197
body,
198198
{ ...headers, ...{ ['box-delivery-timestamp']: currentDatetime } },
199199
primaryKey,
200200
true,
201-
),
202-
['box-signature-secondary']: await computeWebhookSignature(
201+
))!,
202+
['box-signature-secondary']: (await computeWebhookSignature(
203203
body,
204204
{ ...headers, ...{ ['box-delivery-timestamp']: currentDatetime } },
205205
secondaryKey,
206206
true,
207-
),
207+
))!,
208208
},
209209
};
210210
const headersWithJapaneseWithCorrectDatetime: {
211-
readonly [key: string]: any;
211+
readonly [key: string]: string;
212212
} = {
213213
...headersWithJapanese,
214214
...{
215215
['box-delivery-timestamp']: currentDatetime,
216-
['box-signature-primary']: await computeWebhookSignature(
216+
['box-signature-primary']: (await computeWebhookSignature(
217217
bodyWithJapanese,
218218
{
219219
...headersWithJapanese,
220220
...{ ['box-delivery-timestamp']: currentDatetime },
221221
},
222222
primaryKey,
223223
true,
224-
),
225-
['box-signature-secondary']: await computeWebhookSignature(
224+
))!,
225+
['box-signature-secondary']: (await computeWebhookSignature(
226226
bodyWithJapanese,
227227
{
228228
...headersWithJapanese,
229229
...{ ['box-delivery-timestamp']: currentDatetime },
230230
},
231231
secondaryKey,
232232
true,
233-
),
233+
))!,
234234
},
235235
};
236236
const headersWithFutureDatetime: {
237-
readonly [key: string]: any;
237+
readonly [key: string]: string;
238238
} = {
239239
...headers,
240240
...{
241241
['box-delivery-timestamp']: futureDatetime,
242-
['box-signature-primary']: await computeWebhookSignature(
242+
['box-signature-primary']: (await computeWebhookSignature(
243243
body,
244244
{ ...headers, ...{ ['box-delivery-timestamp']: futureDatetime } },
245245
primaryKey,
246246
true,
247-
),
248-
['box-signature-secondary']: await computeWebhookSignature(
247+
))!,
248+
['box-signature-secondary']: (await computeWebhookSignature(
249249
body,
250250
{ ...headers, ...{ ['box-delivery-timestamp']: futureDatetime } },
251251
secondaryKey,
252252
true,
253-
),
253+
))!,
254254
},
255255
};
256256
const headersWithPastDatetime: {
257-
readonly [key: string]: any;
257+
readonly [key: string]: string;
258258
} = {
259259
...headers,
260260
...{
261261
['box-delivery-timestamp']: pastDatetime,
262-
['box-signature-primary']: await computeWebhookSignature(
262+
['box-signature-primary']: (await computeWebhookSignature(
263263
body,
264264
{ ...headers, ...{ ['box-delivery-timestamp']: pastDatetime } },
265265
primaryKey,
266266
true,
267-
),
268-
['box-signature-secondary']: await computeWebhookSignature(
267+
))!,
268+
['box-signature-secondary']: (await computeWebhookSignature(
269269
body,
270270
{ ...headers, ...{ ['box-delivery-timestamp']: pastDatetime } },
271271
secondaryKey,
272272
true,
273-
),
273+
))!,
274274
},
275275
};
276276
const headersWithWrongSignatureVersion: {
277-
readonly [key: string]: any;
277+
readonly [key: string]: string;
278278
} = { ...headers, ...{ ['box-signature-version']: '2' } };
279279
const headersWithWrongSignatureAlgorithm: {
280-
readonly [key: string]: any;
280+
readonly [key: string]: string;
281281
} = { ...headers, ...{ ['box-signature-algorithm']: 'HmacSHA1' } };
282282
if (
283283
!(await compareSignatures(

0 commit comments

Comments
 (0)