Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

twilio: add alternate auth token for use during key rotation #2588

Merged
merged 4 commits into from
Aug 24, 2022
+18 −4
Merged

twilio: add alternate auth token for use during key rotation #2588

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7b17f56
add alternate auth token for use during key rotation
mastercactapus Aug 24, 2022
e0c80c8
validate alt auth token
mastercactapus Aug 24, 2022
2f609b2
update info to clairify usage
mastercactapus Aug 24, 2022
8fe8416
regen mapconfig
mastercactapus Aug 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,10 @@ type Config struct {
Twilio struct {
Enable bool `public:"true" info:"Enables sending and processing of Voice and SMS messages through the Twilio notification provider."`

AccountSID string
AuthToken string `password:"true" info:"The primary Auth Token for Twilio. Must be primary (not secondary) for request valiation."`
AccountSID string
AuthToken string `password:"true" info:"The primary Auth Token for Twilio. Must be primary unless Alternate Auth Token is set. This token is used for outgoing requests."`
AlternateAuthToken string `password:"true" info:"An alternate Auth Token for validating incoming requests. During a key change, set this to the Primary, and Auth Token to the Secondary, then promote and clear this field."`

FromNumber string `public:"true" info:"The Twilio number to use for outgoing notifications."`

MessagingServiceSID string `public:"true" info:"If set, replaces the use of From Number for SMS notifications."`
Expand Down Expand Up @@ -428,6 +430,7 @@ func (cfg Config) Validate() error {
validateKey("Slack.ClientSecret", cfg.Slack.ClientSecret),
validateKey("Twilio.AccountSID", cfg.Twilio.AccountSID),
validateKey("Twilio.AuthToken", cfg.Twilio.AuthToken),
validateKey("Twilio.AlternateAuthToken", cfg.Twilio.AlternateAuthToken),
validateKey("GitHub.ClientID", cfg.GitHub.ClientID),
validateKey("GitHub.ClientSecret", cfg.GitHub.ClientSecret),
validateKey("Slack.AccessToken", cfg.Slack.AccessToken),
Expand Down
5 changes: 4 additions & 1 deletion graphql2/mapconfig.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 8 additions & 1 deletion notification/twilio/validation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,14 @@ func validateRequest(req *http.Request) error {

calcSig := Signature(cfg.Twilio.AuthToken, config.RequestURL(req), req.PostForm)
if !hmac.Equal([]byte(sig), calcSig) {
return errors.New("invalid X-Twilio-Signature")
if cfg.Twilio.AlternateAuthToken == "" {
return errors.New("invalid X-Twilio-Signature")
}

calcSig = Signature(cfg.Twilio.AlternateAuthToken, config.RequestURL(req), req.PostForm)
if !hmac.Equal([]byte(sig), calcSig) {
return errors.New("invalid X-Twilio-Signature")
}
}

return nil
Expand Down
1 change: 1 addition & 0 deletions web/src/schema.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1032,6 +1032,7 @@ type ConfigID =
| 'Twilio.Enable'
| 'Twilio.AccountSID'
| 'Twilio.AuthToken'
| 'Twilio.AlternateAuthToken'
| 'Twilio.FromNumber'
| 'Twilio.MessagingServiceSID'
| 'Twilio.DisableTwoWaySMS'
Expand Down