Coverage for fingerprint_pro_server_api_sdk/webhook_validation.py: 100%
18 statements
« prev ^ index » next coverage.py v7.6.9, created at 2024-12-09 17:50 +0000
1import hmac
2import hashlib
5class WebhookValidation:
6 """Manages work with webhooks."""
7 @staticmethod
8 def is_valid_hmac_signature(signature: str, data: bytes, secret: str) -> bool:
9 """Validates an HMAC signature."""
10 hmac_instance = hmac.new(secret.encode('utf-8'), data, hashlib.sha256)
11 computed_hash = hmac_instance.hexdigest()
12 return signature == computed_hash
14 @staticmethod
15 def is_valid_webhook_signature(header: str, data: bytes, secret: str) -> bool:
16 """Verifies the HMAC signature extracted from the "fpjs-event-signature" header of the incoming request.
17 This is a part of the webhook signing process, which is available only for enterprise customers.
18 If you wish to enable it, please contact our support: https://fingerprint.com/support"""
20 signatures = header.split(',')
22 for signature in signatures:
23 parts = signature.split('=')
24 if len(parts) == 2:
25 version, hash_value = parts
26 if version == "v1" and WebhookValidation.is_valid_hmac_signature(hash_value, data, secret):
27 return True
29 return False