Add jwt signing (#287)

* add method to check jwt signatures to voice api

* Bump version: 3.10.0 → 3.11.0

Author: maxkahan

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 3.10.0
+current_version = 3.11.0
 commit = True
 tag = False
 

CHANGES.md

@@ -1,3 +1,6 @@
+# 3.11.0
+- Add method to check JWT signatures of Voice API webhooks: `vonage.Voice.verify_signature`
+
 # 3.10.0
 - Indicating support for Python 3.12
 

README.md

@@ -347,6 +347,18 @@ client.voice.send_dtmf(response['uuid'], digits='1234')
 response = client.get_recording(RECORDING_URL)
 ```
 
+### Verify the Signature of a Webhook Sent by Vonage
+
+If signed webhooks are enabled (the default), Vonage will sign webhooks with the signature secret found in the [API Settings](https://dashboard.nexmo.com/settings) section of the Vonage Developer Dashboard.
+
+```python
+if client.voice.verify_signature('JWT_RECEIVED_FROM_VONAGE', 'MY_VONAGE_SIGNATURE_SECRET'):
+    print('Signature is valid!')
+else:
+    print('Signature is invalid!')
+```
+
+
 ## NCCO Builder
 
 The SDK contains a builder to help you create Call Control Objects (NCCOs) for use with the Vonage Voice API.

requirements.txt

@@ -1,5 +1,5 @@
 -e .
-pytest==7.2.0
+pytest==7.4.2
 responses==0.22.0
 coverage
 pydantic>=1.10,==1.*

setup.py

@@ -9,7 +9,7 @@
 
 setup(
     name="vonage",
-    version="3.10.0",
+    version="3.11.0",
     description="Vonage Server SDK for Python",
     long_description=long_description,
     long_description_content_type="text/markdown",
@@ -21,7 +21,7 @@
     package_dir={"": "src"},
     platforms=["any"],
     install_requires=[
-        "vonage-jwt>=1.0.0",
+        "vonage-jwt>=1.1.0",
         "requests>=2.4.2",
         "pytz>=2018.5",
         "Deprecated",

src/vonage/__init__.py

@@ -1,4 +1,4 @@
 from .client import *
 from .ncco_builder.ncco import *
 
-__version__ = "3.10.0"
+__version__ = "3.11.0"

src/vonage/voice.py

@@ -1,4 +1,5 @@
 from urllib.parse import urlparse
+from vonage_jwt.verify_jwt import verify_signature
 
 
 class Voice:
@@ -94,3 +95,6 @@ def get_recording(self, url):
         headers = self._client.headers
         headers['Authorization'] = self._client._create_jwt_auth_string()
         return self._client.parse(hostname, self._client.session.get(url, headers=headers))
+
+    def verify_signature(self, token: str, signature: str) -> bool:
+        return verify_signature(token, signature)

tests/test_voice.py

@@ -1,10 +1,9 @@
 import os.path
 import time
-
 import jwt
+from unittest.mock import patch
 
-import vonage
-from vonage import Ncco
+from vonage import Client, Voice, Ncco
 from util import *
 
 
@@ -149,7 +148,7 @@ def test_user_provided_authorization(dummy_data):
     stub(responses.GET, "https://api.nexmo.com/v1/calls/xx-xx-xx-xx")
 
     application_id = "different-application-id"
-    client = vonage.Client(application_id=application_id, private_key=dummy_data.private_key)
+    client = Client(application_id=application_id, private_key=dummy_data.private_key)
 
     nbf = int(time.time())
     exp = nbf + 3600
@@ -172,13 +171,13 @@ def test_authorization_with_private_key_path(dummy_data):
 
     private_key = os.path.join(os.path.dirname(__file__), "data/private_key.txt")
 
-    client = vonage.Client(
+    client = Client(
         key=dummy_data.api_key,
         secret=dummy_data.api_secret,
         application_id=dummy_data.application_id,
         private_key=private_key,
     )
-    voice = vonage.Voice(client)
+    voice = Voice(client)
     voice.get_call("xx-xx-xx-xx")
 
     token = jwt.decode(
@@ -212,3 +211,15 @@ def test_get_recording(voice, dummy_data):
         bytes,
     )
     assert request_user_agent() == dummy_data.user_agent
+
+
+def test_verify_jwt_signature(voice: Voice):
+    with patch('vonage.Voice.verify_signature') as mocked_verify_signature:
+        mocked_verify_signature.return_value = True
+        assert voice.verify_signature('valid_token', 'valid_signature')
+
+
+def test_verify_jwt_invalid_signature(voice: Voice):
+    with patch('vonage.Voice.verify_signature') as mocked_verify_signature:
+        mocked_verify_signature.return_value = False
+        assert voice.verify_signature('token', 'invalid_signature') is False