Return 403 if request signatures do not matchv0.2.0

author: Grégoire Duchêne <gduchene@awhk.org> 2021-04-04 21:29:15 +0100
committer: Grégoire Duchêne <gduchene@awhk.org> 2021-04-04 21:29:15 +0100
commit: 7ca3866a865ee8e654bbabaaed22c0ad97a7d39d (patch)
tree: f4ad54335be866374f78be9b85b9454beb77b6de
parent: a0c7202e467de1fc97abd8ada55959e8842de525 (diff)
2 files changed, 6 insertions, 2 deletions
diff --git a/pkg/twilio/filter.go b/pkg/twilio/filter.go
index 7d5f6b5..90e84cc 100644
--- a/pkg/twilio/filter.go
+++ b/pkg/twilio/filter.go
@@ -67,7 +67,11 @@ func (th *Filter) CheckRequestSignature(r *http.Request) error {
 func (th *Filter) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if err := th.CheckRequestSignature(r); err != nil {
 		log.Println("Failed to check Twilio signature:", err)
-		w.WriteHeader(http.StatusBadRequest)
+		if err == ErrSignatureMismatch {
+			w.WriteHeader(http.StatusForbidden)
+		} else {
+			w.WriteHeader(http.StatusBadRequest)
+		}
 		return
 	}
 	th.Handler.ServeHTTP(w, r)
diff --git a/pkg/twilio/filter_test.go b/pkg/twilio/filter_test.go
index c0c737c..764d423 100644
--- a/pkg/twilio/filter_test.go
+++ b/pkg/twilio/filter_test.go
@@ -83,7 +83,7 @@ func TestFilter_ServeHTTP(t *testing.T) {
 		r := newRequest(Post)
 		r.Header.Set("X-Twilio-Signature", "dpE7iSS3LEQo72hCT34eBRt3UEI=")
 		th.ServeHTTP(w, r)
-		assert.Equal(t, http.StatusBadRequest, w.Code)
+		assert.Equal(t, http.StatusForbidden, w.Code)
 	})
 }
author	Grégoire Duchêne <gduchene@awhk.org>	2021-04-04 21:29:15 +0100
committer	Grégoire Duchêne <gduchene@awhk.org>	2021-04-04 21:29:15 +0100
commit	7ca3866a865ee8e654bbabaaed22c0ad97a7d39d (patch)
tree	f4ad54335be866374f78be9b85b9454beb77b6de
parent	a0c7202e467de1fc97abd8ada55959e8842de525 (diff)