forked from cartsnitch/cartsnitch
fix(receiptwitness): handle invalid timestamp in Mailgun webhook verification
Wrap int(timestamp) in try/except to return False instead of raising ValueError on empty/invalid timestamp, which was causing a 500 error instead of the intended 406. Also add tests for empty timestamp (→ 406) and GET /inbound/email (→ 405). Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -17,7 +17,11 @@ TOKEN_PATTERN = re.compile(r"receipts\+([A-Za-z0-9_-]+)@")
|
||||
|
||||
def verify_mailgun_signature(token: str, timestamp: str, signature: str) -> bool:
|
||||
"""Verify Mailgun webhook signature."""
|
||||
if abs(time.time() - int(timestamp)) > 300: # 5 min freshness
|
||||
try:
|
||||
ts = int(timestamp)
|
||||
except (ValueError, TypeError):
|
||||
return False
|
||||
if abs(time.time() - ts) > 300: # 5 min freshness
|
||||
return False
|
||||
key = settings.mailgun_webhook_signing_key.encode()
|
||||
hmac_digest = hmac.new(key, f"{timestamp}{token}".encode(), hashlib.sha256).hexdigest()
|
||||
|
||||
Reference in New Issue
Block a user