sendgrid/sendgrid-python

issue when I try to verify

Myalpha93 opened this issue · 3 comments

Myalpha93 commented

def create(self, request, *args, **kwargs):
#print(request.data)
print("=======================")
public_key = "pbulickey___incoming_on_a_secret_manager" # I get from the section of "Signed Event Webhook Requests" on sendgrid
public_key = EventWebhook.convert_public_key_to_ecdsa(public_key=public_key)
print(public_key)
payload = str(request.data)
print(request.headers)
signature = request.headers['X-Twilio-Email-Event-Webhook-Signature']
print(signature)
timestamp = str(request.headers['X-Twilio-Email-Event-Webhook-Timestamp'])
print(timestamp)
validar = EventWebhook.verify_signature(payload, signature, timestamp, public_key)
print(validar)

class EventWebhook:
"""
This class allows you to use the Event Webhook feature. Read the docs for
more details: https://sendgrid.com/docs/for-developers/tracking-events/event
"""

def __init__(self, public_key=None):
    """
    Construct the Event Webhook verifier object
    :param public_key: verification key under Mail Settings
    :type public_key: string
    """
    self.public_key = self.convert_public_key_to_ecdsa(public_key) if public_key else public_key

def convert_public_key_to_ecdsa( public_key):
    """
    Convert the public key string to a ECPublicKey.
    :param public_key: verification key under Mail Settings
    :type public_key string
    :return: public key using the ECDSA algorithm
    :rtype PublicKey
    """
    return PublicKey.fromPem('\n-----BEGIN PUBLIC KEY-----\n'+public_key+'\n-----END PUBLIC KEY-----\n')

def verify_signature( payload, signature, timestamp, public_key):
    """
    Verify signed event webhook requests.
    :param payload: event payload in the request body
    :type payload: stringd
    :param signature: value obtained from the 'X-Twilio-Email-Event-Webhook-Signature' header
    :type signature: string
    :param timestamp: value obtained from the 'X-Twilio-Email--Webhook-Timestamp' header
    :type timestamp: stringEvent
    :param public_key: elliptic curve public key
    :type public_key: PublicKey
    :return: true or false if signature is valid
    """
    timestamped_payload = timestamp + payload
    decoded_signature = Signature.fromBase64(signature)

    key = public_key 
    return Ecdsa.verify(timestamped_payload, decoded_signature, key)

==========================
I was trying to verify but always give me a False result. Also I don't understand this error:
timestamped_payload = timestamp + payload
TypeError: can only concatenate str (not "list") to str

If the documentation told me that I have to use raw data but I need to convert a json (payload body) to str.
Can you help me please

myalpha95 commented

So I read a post when a guy told me how I can fix it.
Only I need to replace
payload = str(request.data)
for
payload = (request.body.decode('latin-1'))

it was all what I need.
And I use this code on django 3 with a custom CreateAPIView if someone is wondering.

Close the issue please

JenniferMah commented

Hi @Myalpha93! Did you still need assistance with your error?

childish-sambino commented

Closing due to inactivity. Please re-open this issue or open a new GitHub issue if you still need help.