Allow signature validation without timestamp tolerance enforcement

[svix-frank]

Should keep it enabled by default, but we might want to allow custom tolerances or allow to disable the tolerance enforcement altogether.

Can be useful if you want to verify old payloads or if you have a bad clock.

[masahiro-yamamoto-rc]

@svix-frank
Would you let me know why this issue was closed, please?

We are in a situation where we need to use a custom tolerance.
We are going to create a subclass of __verify_timestamp, but wondering why such a simple method is prefixed with double underscore.

svix-webhooks/python/svix/webhooks.py

Lines 67 to 79 in 03ab8b9

	def __verify_timestamp(self, timestamp_header: str) -> datetime:
	webhook_tolerance = timedelta(minutes=5)
	now = datetime.now(tz=timezone.utc)
	try:
	timestamp = datetime.fromtimestamp(float(timestamp_header), tz=timezone.utc)
	except Exception:
	raise WebhookVerificationError("Invalid Signature Headers")
	if timestamp < (now - webhook_tolerance):
	raise WebhookVerificationError("Message timestamp too old")
	if timestamp > (now + webhook_tolerance):
	raise WebhookVerificationError("Message timestamp too new")
	return timestamp

[dimaqq]

Asking for the same tweak but for a different reason than OP: sometimes, things go bad in production and webhooks need to be retried for business reasons.

Ref: https://news.ycombinator.com/item?id=27823109

[tasn]

I reopened it. No idea why it was closed, but at the very least it's useful for tests (if not a variety of other use-cases too).

Asking for the same tweak but for a different reason than OP: sometimes, things go bad in production and webhooks need to be retried for business reasons.

You should generate a new signature when you retry (Svix already does it).

[dimaqq]

Sorry I mean to say “processing of web hooks received from a 3rd party”

[svix-jplatte]

There's a function VerifyIgnoringTimestamp for this nowadays. Please let us know if we closed this in error.