@tomhughes commented on this pull request.
> + create(:user, :auth_provider => "facebook", :auth_uid => "12345")
+
+ payload = Base64.urlsafe_encode64(
+ JSON.generate(
+ :algorithm => "HMAC-SHA256",
+ :expires => Time.now.to_i + 3600,
+ :issued_at => Time.now.to_i,
+ :user_id => "12345"
+ )
+ )
+ signature = OpenSSL::HMAC.digest("SHA256", "invalid secret", payload)
+ encoded_signature = Base64.urlsafe_encode64(signature)
+ signed_request = [encoded_signature, payload].join(".")
+
+ post auth_delete_path(:provider => "facebook"), :params => {
:signed_request => signed_request }
+ assert_response :bad_request
Good idea, now done.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/7093#discussion_r3493285424
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/pull/7093/review/[email protected]>_______________________________________________
rails-dev mailing list
[email protected]
https://lists.openstreetmap.org/listinfo/rails-dev