Receiving error: Response to incorrectly signed payload not 401 even though I am returning 401
saqib1324 opened this issue · 2 comments
Hi, I am trying to integrate webhooks with Ruby on Rails.
These are my logs
So as it can be seen, I am returning 200 for matching requests and 401 for not matching requests but still on Xero side, it says, Intent to receive is required and Response to incorrectly signed payload not 401.
My ruby code for returning statuses is this:
def xero_webhooks
response = Xero::WebhookManager.call({
read_body_request: request.body.read,
request: request,
params: params
})
if response.success?
head :ok
else
head :unauthorized
end
end
Hi @saqib1324 I've been unable to replicate the issue using the code below
class WebhooksController < ApplicationController
skip_before_action :verify_authenticity_token
def webhook
key = ENV['WEBHOOK_KEY']
payload = request.body.read
calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest('sha256', key, payload))
if calculated_hmac.strip() == request.headers['x-xero-signature']
render json: {}, status: :ok
else
render json: {}, status: :unauthorized
end
end
endCan you please post your app Client ID so we can look into it further?
Hi @saqib1324
Just an update on the webhook signature.
If you try and pull down Rett's XeroAPI/xero-ruby-oauth2-app#93.
The bundle install should update xero-ruby SDK and a few other things.
I also pulled down a new version of Ruby Gems, I did encounter a few issues including one with permissions, and ended up uninstalling rbenv and re-installing it.
Finally I got it working.
For reference here are the versions I'm now working with:-
Rails version 6.0.5
Ruby version ruby 2.7.5p203 (2021-11-24 revision f69aeb8314) [arm64-darwin22]
RubyGems version 3.1.6
Let me know if you're stilling having an issue.