search

pusher / pusher-http-python

Pusher Channels HTTP API library for Python
https://pusher.com/docs/server_api_guide
MIT License
376 stars 113 forks source link

validate_webhook Isn't Working #161

Closed aaronn closed 4 years ago

aaronn commented 4 years ago

I believe validate_webhook may be broken:

        webhook = pusher.validate_webhook(
            request.headers.get("X-Pusher-Key"), 
            request.headers.get("X-Pusher-Signature"), 
            request.data,
        )

This always returns None even if I copy and paste the key, signature, and data directly.

It is failing specifically on line 118 in authentication_client.py:

        if not verify(self.secret, body, signature):
            return None

The signature appears to always be different than the one returned by hmac.compare in signature.py.

aaronn commented 4 years ago

I'm using django-rest-framework and I had to use the raw request.body to fix this. json.dumps(request.data) does not work.