|
21 | 21 |
|
22 | 22 | class BaseClient: |
23 | 23 | BASE_URL = "https://www.slack.com/api/" |
| 24 | + SIGNATURE_VERSION = "v0" |
24 | 25 |
|
25 | 26 | def __init__( |
26 | 27 | self, |
@@ -237,7 +238,30 @@ def _get_user_agent(): |
237 | 238 | def validate_slack_signature( |
238 | 239 | *, signing_secret: str, data: str, timestamp: str, signature: str |
239 | 240 | ) -> bool: |
240 | | - format_req = str.encode(f"v0:{timestamp}:{data}") |
| 241 | + """ |
| 242 | + Slack creates a unique string for your app and shares it with you. Verify |
| 243 | + requests from Slack with confidence by verifying signatures using your |
| 244 | + signing secret. |
| 245 | +
|
| 246 | + On each HTTP request that Slack sends, we add an X-Slack-Signature HTTP |
| 247 | + header. The signature is created by combining the signing secret with the |
| 248 | + body of the request we're sending using a standard HMAC-SHA256 keyed hash. |
| 249 | +
|
| 250 | + https://api.slack.com/docs/verifying-requests-from-slack#how_to_make_a_request_signature_in_4_easy_steps__an_overview |
| 251 | +
|
| 252 | + Args: |
| 253 | + signing_secret: Your application's signing secret, available in the |
| 254 | + Slack API dashboard |
| 255 | + data: The raw body of the incoming request - no headers, just the body. |
| 256 | + timestamp: from the 'X-Slack-Request-Timestamp' header |
| 257 | + signature: from the 'X-Slack-Signature' header - the calculated signature |
| 258 | + should match this. |
| 259 | +
|
| 260 | + Returns: |
| 261 | + True if signatures matches |
| 262 | + """ |
| 263 | + format_req = str.encode(f"{BaseClient.SIGNATURE_VERSION}:{timestamp}:{data}") |
241 | 264 | encoded_secret = str.encode(signing_secret) |
242 | 265 | request_hash = hmac.new(encoded_secret, format_req, hashlib.sha256).hexdigest() |
243 | | - return hmac.compare_digest(f"v0={request_hash}", signature) |
| 266 | + calculated_signature = f"{BaseClient.SIGNATURE_VERSION}={request_hash}" |
| 267 | + return hmac.compare_digest(calculated_signature, signature) |
0 commit comments