Permalink
Browse files

Amazon MWS API callback verification completed

  • Loading branch information...
1 parent 0895ac6 commit 6542dbd4d70f3e14ead77574482d25375e1e80b8 @csaunders csaunders committed May 14, 2012
Showing with 30 additions and 7 deletions.
  1. +23 −7 lib/active_fulfillment/fulfillment/services/amazon_mws.rb
  2. +7 −0 test/unit/services/amazon_mws_test.rb
@@ -102,10 +102,6 @@ def self.shipping_methods
[ 'Priority Shipping', 'Priority' ]
].inject(ActiveSupport::OrderedHash.new){|h, (k,v)| h[k] = v; h}
end
-
- def self.sign(aws_secret_access_key, auth_string)
- Base64.encode64(OpenSSL::HMAC.digest(@@digest, aws_secret_access_key, auth_string)).strip
- end
def initialize(options = {})
requires!(options, :login, :password)
@@ -289,16 +285,36 @@ def parse_error(http_response)
end
def sign(http_verb, uri, options)
- opts = build_basic_api_query(options)
string_to_sign = "#{http_verb.to_s.upcase}\n"
string_to_sign += "#{uri.host}\n"
- string_to_sign += uri.path.length <= 0 ? "/\n" : "#{uri.path}\n"
+ string_to_sign += uri.path.length <= 0 ? "/\n" : "#{uri.path}"
string_to_sign += build_query(options)
-
+
# remove trailing newline created by encode64
escape(Base64.encode64(OpenSSL::HMAC.digest(SIGNATURE_METHOD, @options[:password], string_to_sign)).chomp)
end
+ def amazon_request?(uri, body)
+ if @options[:base_url]
+ base_url = "#{uri.scheme}://#{@options[:base_url]}"
+ else
+ base_url = "#{uri.scheme}://#{uri.host}"
+ end
+ return_path_and_params = uri.to_s.gsub(base_url, '')
+
+ signature_match = body.match(/&?Signature=([a-zA-Z0-9\%]+)/)
+ body = body.gsub(signature_match[0], '')
+ signature = signature_match[1]
+
+ string_to_sign = "POST\n"
+ string_to_sign += "#{base_url}\n"
+ string_to_sign += "#{return_path_and_params}\n"
+ string_to_sign += body
+
+ calculated_signature = escape(Base64.encode64(OpenSSL::HMAC.digest(SIGNATURE_METHOD, @options[:password], string_to_sign)).chomp)
+ calculated_signature == signature
+ end
+
def md5_content(content)
Base64.encode64(OpenSSL::Digest::Digest.new('md5', content).digest).chomp
end
@@ -88,6 +88,13 @@ def test_create_signature
assert_equal expected_signature, service.sign(:POST, uri, options)
end
+ def test_verify_amazon_response
+ service = AmazonMarketplaceWebService.new(:login => "AKIAFJPPO5KLY6G4XO7Q", :password => "aaa", :base_url => "www.vendor.com/mwsApp1")
+ callback_url = URI.parse("https://www.vendor.com/mwsApp1/orders/listRecentOrders.jsp?sessionId=123")
+ response_body = "AWSAccessKeyId=AKIAFJPPO5KLY6G4XO7Q&Marketplace=ATVPDKIKX0DER&Merchant=A047950713KM6AGKQCBRD&SignatureMethod=HmacSHA256&SignatureVersion=2&Signature=b0hxWov1RfBOqNk77UDfNRRZmf3tkdM7vuNa%2FolfnWg%3D"
+ assert service.amazon_request?(callback_url, response_body)
+ end
+
def test_build_address
expected_items = {
"DestinationAddress.Name" => @address[:name].gsub(' ', '%20'),

0 comments on commit 6542dbd

Please sign in to comment.