#3 valid_simplepay_request? not validating signature in Rails 2.3.3 - simplepay

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#3 new

valid_simplepay_request? not validating signature in Rails 2.3.3

Reported by bret (at honustudios) | August 4th, 2009 @ 06:01 PM

This is my first ticket on lighthouse so excuse me if I miss something.

It seems that the valid_simplepay_request? method in /lib/simplepay/helpers/notifcation_helper.rb doesn't return valid because of the :controller and :action params in the params hash that gets sent back to the return URL.

When the :controller => 'mycontroller' and :action => 'return' get put into the signature it doesn't match the signature calculated by amazon on the return.

In the valid_simplepay_request? method I added:

  hash.delete(:controller)
  hash.delete(:action)

That seems to allow the generated signature match the signature sent from amazon.

The final method is:

  def valid_simplepay_request?(request_hash)

hash = request_hash.symbolize_keys
signature = hash.delete(:signature) || ''
hash.delete(:controller)
hash.delete(:action)
Simplepay::Authentication.authentic?(hash, signature)

end

Hope that helps.

No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.