我正尝试使用Python / Django / DRF接受来自Typeform的表单响应,由于无法获取匹配的哈希值,因此无法验证webhook请求。
这是Typeform中的说明:
1. Using the HMAC SHA-256 algorithm, create a hash (using created_token as a key) of the entire received payload as binary.
2. Encode the binary hash in base64 format.
3. Add prefix sha256= to the binary hash.
4. Compare the created value with the signature you received in the Typeform-Signature header from Typeform.
authentication.py
class TypeformAuthentication(authentication.BaseAuthentication):
def authenticate(self, request):
typeform_signature = request.META.get('HTTP_TYPEFORM_SIGNATURE')
data = request.body
secret_key = os.environ.get('TYPEFORM_SECRET_KEY')
if not typeform_signature:
return None
if typeform_signature:
hash = hmac.new(bytes(secret_key, encoding='utf-8'), data, hashlib.sha256)
actual_signature = 'sha256={}'.format(base64.b64encode(hash.digest()).decode())
user = User.objects.get(username='typeform-user')
if actual_signature == typeform_signature:
return(user, None)
else:
raise exceptions.AuthenticationFailed('Typeform signature does not match.')
else:
return None
有效负载示例
{
"event_id": "01DTXE27VQSA3JP8ZMP0GF9HCP",
"event_type": "form_response",
"form_response": {
"form_id": "OOMZur",
"token": "01DTXE27VQSA3JP8ZMP0GF9HCP",
"landed_at": "2019-11-30T05:55:46Z",
"submitted_at": "2019-11-30T05:55:46Z",
"definition": {
"id": "OOMZur",
"title": "Auto Liability (New Company)",
"fields": [
{
"id": "GnpcIrevGZQP",
"title": "What is your business name?",
"type": "short_text",
"ref": "3e60e064-f14c-4787-9968-0358e8f34468",
"properties": {}
}
]
},
"answers": [
{
"type": "text",
"text": "Lorem ipsum dolor",
"field": {
"id": "GnpcIrevGZQP",
"type": "short_text",
"ref": "3e60e064-f14c-4787-9968-0358e8f34468"
}
}
]
}
}
类型生成的哈希值
sha256=jdzKuFkijyBIMvmGyveHfcfzcNXUeQCuveNGP6CEdXk=
authentication.py生成的哈希
sha256=at4SsBIi2IXJ8vr1Ix3tHW7iK9q5KQfx20EBa+l9wKU=
答案 0 :(得分:1)
我能够做到这一点。以防万一有人在验证Webook时遇到麻烦。我找到并修改了该指南。
不是在身份验证内部处理它。我改为使用视图来处理它。
/home