search

mreinstein / alexa-verifier

✓ Verify HTTP requests sent to an Alexa skill are sent from Amazon
MIT License
76 stars 23 forks source link

verification fails with double-byte utf-8 encodings #19

Closed l33way closed 7 years ago

l33way commented 7 years ago

the verification will fail anytime the request contains double byte utf-8 encodings. I believe that all requests from Alexa are UTF-8 encoded.

for example if the request contains the word "déjà vu".. validation will fail.

this seems to fix the issue:

// returns true if the signature for the request body is valid, false otherwise function isValidSignature(pem_cert, signature, requestBody) { ... verifier.update(requestBody); // this line can be modified to: verifier.update(requestBody,'utf8'); ... }

mreinstein commented 7 years ago

@l33way looks reasonable. Can you send a pull request please?

l33way commented 7 years ago

@mreinstein sure

mreinstein commented 7 years ago

thanks for the PR!