Basic hyperlink format / query string and values for SSO

  • 5 December 2016
  • 3 replies
  • 27 views


Hello, the following is the hyperlink I generate via Ruby and the output looks something like this:




https://evisit.freshdesk.com/login/sso?&email=1@1.com&name=Herb Meehan&timestamp=1480974001&hash=f454f15e13bb8f6aee7ba329e60b9c08




No matter what, I was always getting a Invalid time entry


and I'm taken to this url: https://evisit.freshdesk.com/login/normal




Here's a little bit of the Ruby code I have in place: Does anything stand out as bad?


  def time_in_utc
Time.now.getutc.to_i.to_s
end

def url_params
"#{full_name}#{ENV['FRESHDESK_SECRET_KEY']}#{email}#{time_in_utc}"
end

def gen_hash_from_params_hash
digest = OpenSSL::Digest.new('MD5')
OpenSSL::HMAC.hexdigest(digest,ENV["FRESHDESK_SECRET_KEY"],url_params)
end

def get_link
"https://evisit.freshdesk.com/login/sso?&email=#{email}&name=#{full_name}&timestamp=#{time_in_utc}&hash=#{gen_hash_from_params_hash}"
end


screenshot2016-12-05at2.57.55pm_25021.png

This topic has been closed for comments

3 replies


I made a change just in case the value of time_in_utc has to be EXACTLY the same.




 


def get_link
utctime = time_in_utc
"https://evisit.freshdesk.com/login/sso?&name=#{full_name}&email=#{email}&timestamp=#{utctime}&hash=#{gen_hash_from_params_hash(utctime)}"
end

def time_in_utc
Time.now.getutc.to_i.to_s
end

def url_params
#no longer used
end

def gen_hash_from_params_hash (utctime)
digest = OpenSSL::Digest.new('MD5')
OpenSSL::HMAC.hexdigest(digest,ENV["FRESHDESK_SECRET_KEY"],"#{full_name}#{ENV['FRESHDESK_SECRET_KEY']}#{email}#{utctime}")
end


 


I believe it's one of those things where I'll end up spending an hour on it, and it will be something simple like the order of the parameters (not really, but something silly).  




To do: Will also check a replacement for gen_hash_from_params_hash and I'll just bang my head on this for a bit. If something stands out, please, let me know. I'd greatly appreciate it. Thank you.



I solved this.  For some reason, NOW is too soon.




This always works 100% of the time:




 


  def time_in_utc
(Time.now - 5.minutes).getutc.to_i.to_s
#Time.now.getutc.to_i.to_s <- can't use this, would love to though
# A time from NOW is somehow too early
end


 


Confirmed. I have been successfully logging on for about 3 months, then this morning it started failing with "Invalid time entry".


I made Herb's change of getting the time from 5 minutes in the past, and all works well.