ricky/redmine_qbo
1
1
Fork 0
mirror of https://github.com/rickbarrette/redmine_qbo.git synced 2025-11-09 01:14:23 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update qbo_controller.rb

Browse Source
This commit is contained in:
Ricky Barrette
2016-08-01 21:47:30 -04:00
committed by GitHub
parent c2f48d0277
commit 91110adad5
1 changed files with 38 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/controllers/qbo_controller.rb
View File

@@ -11,6 +11,9 @@
class QboController < ApplicationController class QboController < ApplicationController
unloadable unloadable
require 'openssl'
require 'Base64'
include AuthHelper include AuthHelper
before_filter :require_user, :except => :qbo_webhook before_filter :require_user, :except => :qbo_webhook
@@ -64,12 +67,16 @@ class QboController < ApplicationController
# Quickbooks Webhook Callback # Quickbooks Webhook Callback
def qbo_webhook def qbo_webhook
#TODO check the payload # check the payload
signature = request.headers['intuit-signature'] signature = request.headers['intuit-signature']
token = Setting.plugin_redmine_qbo['settingsWebhookToken'] key = Setting.plugin_redmine_qbo['settingsWebhookToken']
data = request.body.read
hash = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha256'), key, data)).strip()
# proceed if the request is good
if hash.eql? signature
if request.headers['content-type'] == 'application/json' if request.headers['content-type'] == 'application/json'
data = JSON.parse(request.body.read) data = JSON.parse(data)
else else
# application/x-www-form-urlencoded # application/x-www-form-urlencoded
data = params.as_json data = params.as_json
@@ -96,6 +103,9 @@ class QboController < ApplicationController
else else
obj.sync_by_id(id) obj.sync_by_id(id)
end end
else
render nothing: true, status: 400
end
end end
# Record that last time we updated # Record that last time we updated