changed the offset parameter to the secure module instead of the chec…

…k method
HashNuke · Sep 30, 2013 · eaddda7 · eaddda7
1 parent 458b9f9
commit eaddda7
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/lib/mailgun/secure.rb b/lib/mailgun/secure.rb
@@ -16,8 +16,10 @@ def initialize(mailgun)
 
     # check request auth
     def check_request_auth(timestamp, token, signature, offset=-5)
-      offset = Time.now.to_i + offset * 60
-      return false if timestamp < offset
+      if offset != 0
+        offset = Time.now.to_i + offset * 60
+        return false if timestamp < offset
+      end
 
       return signature == OpenSSL::HMAC.hexdigest(
         OpenSSL::Digest::Digest.new('sha256'),

diff --git a/spec/secure_spec.rb b/spec/secure_spec.rb
@@ -36,6 +36,14 @@
     result.should be_false
   end
 
+  it "check_request_auth should return true for an authentication generated any time when the check offset is 0" do
+    timestamp, token, signature = generate_request_auth("some-api-key", -6)
+
+    result = @mailgun.secure.check_request_auth(timestamp, token, signature, 0)
+
+    result.should be_true
+  end
+
   it "check_request_auth should return false for a different api key, token or signature" do
     timestamp, token, signature = generate_request_auth("some-different-api-key")