wingrunr21
commented
9 years ago Well, any configuration for this would need to be done on the overarching Griddler config in the initializer. At the moment we'd need to re-open Griddler::Configuration and add the config value. It might be a better idea to allow Griddler to pass any un-consumed configuration values onto the adapters.
As far as the configuration itself, I think anything that responds to call would probably work. This would be called to obtain the expected signature value and compared with the incoming value.
We'd need to define a new exception or two, subclassed from Griddler::Error, within the Griddler::Errors module. One exception for an invalid configuration and another for a bad signature.
In the mean time, can you utilize the headers or raw_headers in your email processing class and run your checks that way?
@calebthompson any thoughts?
beezee
jufemaiz
Mandrill allows you to authenticate that a webook came from them.
I know I could override the controller and handle it there, but then the adapter I've chosen to use with Griddler starts to leak into other parts of my codebase and it increases the perceived friction of using this adapter.
Personally I'd prefer if the adapter checked an optional config for the key, and attempted to verify request signatures when config is present. I'm happy to open a PR with these changes if you're open to supporting that behavior.
Also, I'm curious what your preferred means of defining that config would be.