search

sendgrid / sendgrid-python

The Official Twilio SendGrid Python API Library
https://sendgrid.com
MIT License
1.53k stars 711 forks source link

Signed webhook verification fails #1014

Closed simopot closed 2 years ago

simopot commented 2 years ago

Issue Summary

EventWebhook.convert_public_key_to_ecdsa doesn't seem to be compatible with the version 2.0.0 of starkbank-ecdsa released a couple of days ago. Installing the older starkbank-ecdsa==1.0.0 fixes the issue.

Steps to Reproduce

Call convert_public_key_to_ecdsa with a valid public key or Run tests in test/test_eventwebhook.py

Code Snippet

from sendgrid.helpers.eventwebhook import EventWebhook
PUBLIC_KEY = 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE83T4O/n84iotIvIW4mdBgQ/7dAfSmpqIM8kF9mN1flpVKS3GRqe62gw+2fNNRaINXvVpiglSI8eNEc6wEA3F+g=='
ew = EventWebhook()
ew.convert_public_key_to_ecdsa(PUBLIC_KEY)

Exception/Log

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/xxx/sendgrid-python/sendgrid/helpers/eventwebhook/__init__.py", line 30, in convert_public_key_to_ecdsa
    return PublicKey.fromPem(public_key)
  File "/usr/local/lib/python3.9/site-packages/ellipticcurve/publicKey.py", line 39, in fromPem
    publicKeyPem = getPemContent(pem=string, template=_pemTemplate)
  File "/usr/local/lib/python3.9/site-packages/ellipticcurve/utils/pem.py", line 6, in getPemContent
    return search("".join(pattern.splitlines()), "".join(pem.splitlines())).group(1)
AttributeError: 'NoneType' object has no attribute 'group'

Technical details:

Tried with

and

amcquistan commented 2 years ago

This is a pretty big issue for the team I'm working on as we cannot push any code updates since this library is broken.

A quick fix would be to update setup.py from

def getRequires():
    deps = [
        'python_http_client>=3.2.1',
        'starkbank-ecdsa>=1.0.0'
    ]
    return deps

to

def getRequires():
    deps = [
        'python_http_client>=3.2.1',
        'starkbank-ecdsa>=1.0.0,<2.0'
    ]
    return deps
amcquistan commented 2 years ago

@eshanholtz when can we expect a new release with this Fix to be pushed to PyPI? I'm really quite stuck until this happens because my CI/CD system fails without this fix.

JenniferMah commented 2 years ago

Hi @amcquistan! This fix should be included in our next release on 10/18/21.