Home/ Questions/Q 8934195
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T09:43:36+00:00

I’m trying to build a test that will allow me to exercise FilePicker.io security.

  • 0

I’m trying to build a test that will allow me to exercise FilePicker.io security. The code is run as:

ruby test.rb [file handle]

and the result is the query string that I can append to a FilePicker URL. I’m pretty sure my policy is getting read properly, but my signature isn’t. Can someone tell me what I’m doing wrong? Here’s the code:

require 'rubygems'
require 'base64'
require 'cgi'
require 'openssl'
require 'json'

handle = ARGV[0]
expiry = Time::now.to_i + 3600
policy = {:handle=>handle, :expiry=>expiry, :call=>["pick","read", "stat"]}.to_json
puts policy
puts "\n"
secret = 'SECRET'
encoded_policy = CGI.escape(Base64.encode64(policy))
signature = OpenSSL::HMAC.hexdigest('sha256', secret, encoded_policy)
puts "?signature=#{signature}&policy=#{encoded_policy}"
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The trick is to use Base64.urlsafe_encode64 instead of CGI.escape:

    require 'rubygems'
require 'base64'
require 'cgi'
require 'openssl'
require 'json'

handle = ARGV[0]
expiry = Time::now.to_i + 3600
policy = {:handle=>handle, :expiry=>expiry}.to_json
puts policy
puts "\n"
secret = 'SECRET'
encoded_policy = Base64.urlsafe_encode64(policy)
signature = OpenSSL::HMAC.hexdigest('sha256', secret, encoded_policy)
puts "?signature=#{signature}&policy=#{encoded_policy}"

    When tested with the sample values for expiry, handle, and secret in the Filepicker.io docs it returns same values as the python example.

    • 0