Source code for slack_utils.signature

import hashlib
import hmac
import os
import time

from slack_utils.exceptions import SlackException


[docs]def verify(signature, timestamp, body, slack_signing_secret=None):
    """Validate Slack signature

    :param signature: X-Slack-Signature HTTP header value
    :param timestamp: X-Slack-Request-Timestamp HTTP header value
    :param body: Request body
    :param slack_signing_secret: Slack signing secret. You can use
                                 SLACK_SIGNING_SECRET env var instead
    """
    if slack_signing_secret is None:
        slack_signing_secret = os.getenv('SLACK_SIGNING_SECRET', '')

    if time.time() - int(timestamp) > 60:
        raise SlackException('Message is older than 60 seconds, '
                             'probably someone is doing something nasty.')

    base_string = f'v0:{timestamp}:{body}'
    hashed_string = 'v0=' + hmac.new(
        slack_signing_secret.encode(),
        msg=base_string.encode(),
        digestmod=hashlib.sha256
    ).hexdigest()

    if not hmac.compare_digest(signature, hashed_string):
        raise SlackException('Invalid signature.')

    return True
Source code for slack_utils.signature

Slack Utils

Navigation

Related Topics
