demarches-normaliennes/app/controllers/webhook_controller.rb

class WebhookController < ActionController::Base
  before_action :verify_signature!, only: :helpscout

  def helpscout
    email = params[:customer][:email].downcase
    user = User.find_by(email: email)
    gestionnaire = Gestionnaire.find_by(email: email)
    administrateur = Administrateur.find_by(email: email)
    html = []

    if user
      url = manager_user_url(user)
      html << link_to_manager(user, url)
    end

    if gestionnaire
      url = manager_gestionnaire_url(gestionnaire)
      html << link_to_manager(gestionnaire, url)
    end

    if administrateur
      url = manager_administrateur_url(administrateur)
      html << link_to_manager(administrateur, url)
    end

    if html.empty?
      head :not_found
    else
      render json: { html: html.join('<br>') }
    end
  end

  private

  def link_to_manager(model, url)
    "<a target='_blank' href='#{url}' rel='noopener'>#{model.model_name.human}##{model.id}</a>"
  end

  def verify_signature!
    if generate_body_signature(request.body.read) != request.headers['X-Helpscout-Signature']
      request_http_token_authentication
    end
  end

  def generate_body_signature(body)
    Base64.strict_encode64(OpenSSL::HMAC.digest('sha1',
      Rails.application.secrets.helpscout[:webhook_secret],
      body))
  end
end
Add helpscout webhook 2018-08-29 21:26:22 +02:00			`class WebhookController < ActionController::Base`
			`before_action :verify_signature!, only: :helpscout`

			`def helpscout`
webhook: make helpscout email search case-insensitive Fix #3636 2019-03-19 15:49:54 +01:00			`email = params[:customer][:email].downcase`
Add helpscout webhook 2018-08-29 21:26:22 +02:00			`user = User.find_by(email: email)`
			`gestionnaire = Gestionnaire.find_by(email: email)`
			`administrateur = Administrateur.find_by(email: email)`
			`html = []`

			`if user`
Use helpers rather then view_context 2018-09-18 12:06:27 +02:00			`url = manager_user_url(user)`
Add helpscout webhook 2018-08-29 21:26:22 +02:00			`html << link_to_manager(user, url)`
			`end`

			`if gestionnaire`
Use helpers rather then view_context 2018-09-18 12:06:27 +02:00			`url = manager_gestionnaire_url(gestionnaire)`
Add helpscout webhook 2018-08-29 21:26:22 +02:00			`html << link_to_manager(gestionnaire, url)`
			`end`

			`if administrateur`
Use helpers rather then view_context 2018-09-18 12:06:27 +02:00			`url = manager_administrateur_url(administrateur)`
Add helpscout webhook 2018-08-29 21:26:22 +02:00			`html << link_to_manager(administrateur, url)`
			`end`

			`if html.empty?`
			`head :not_found`
			`else`
			`render json: { html: html.join('<br>') }`
			`end`
			`end`

			`private`

			`def link_to_manager(model, url)`
Add rel=noopener to links with target=_blank http://support.detectify.com/customer/portal/articles/2792257-external-links-using-target-_blank- 2019-03-05 18:16:13 +01:00			`"<a target='_blank' href='#{url}' rel='noopener'>#{model.model_name.human}##{model.id}</a>"`
Add helpscout webhook 2018-08-29 21:26:22 +02:00			`end`

			`def verify_signature!`
			`if generate_body_signature(request.body.read) != request.headers['X-Helpscout-Signature']`
			`request_http_token_authentication`
			`end`
			`end`

			`def generate_body_signature(body)`
			`Base64.strict_encode64(OpenSSL::HMAC.digest('sha1',`
			`Rails.application.secrets.helpscout[:webhook_secret],`
			`body))`
			`end`
			`end`