sminnee/foo.diff

## foo.diff
diff --git a/server/simpro/api/auth.py b/server/simpro/api/auth.py
index 76b12354..7b031d4d 100644
--- a/server/simpro/api/auth.py
+++ b/server/simpro/api/auth.py
@@ -80,6 +80,9 @@ def save_user_auth(user: User, organization: Organization, build_domain: str, ac

 class IsValidSimproRequest(BasePermission):
     def has_permission(self, request: Request, view: View):
+        # Fetch this before getting request data, otherwise it fails
+        body = request._request.body
+
         integration_domain = request.data.get('build')
         organization_code = view.kwargs.get('organization_code')
         signature = request.META.get('HTTP_X_RESPONSE_SIGNATURE')
@@ -91,17 +94,8 @@ class IsValidSimproRequest(BasePermission):
         webhook_secret = integration.data.get('webhook_secret') if integration.data else None
         if not webhook_secret:
             return False
-        request_body_stream: Union[BytesIO, HttpRequest] = request.stream
-        request_body_stream.read()
-        if isinstance(request_body_stream, BytesIO):
-            request_body_stream.seek(0)
-        elif hasattr(request_body_stream, '_stream'):
-            # On some platforms (Mac), request.stream will return the inner request rather than the request stream.
-            # This seems to be caused by the request parser reading the request before permissions have been run.
-            # In this case, we need to reset the stream to the beginning before reading, but this is only possible
-            # by accessing the protected member "_stream".
-            request_body_stream._stream.seek(0)
+
         hmac_digest = hmac.new(key=webhook_secret.encode(),
-                               msg=request_body_stream.read(),
+                               msg=body,
                                digestmod=hashlib.sha1).hexdigest()
         return hmac.compare_digest(signature, str(hmac_digest))
	diff --git a/server/simpro/api/auth.py b/server/simpro/api/auth.py
	index 76b12354..7b031d4d 100644
	--- a/server/simpro/api/auth.py
	+++ b/server/simpro/api/auth.py
	@@ -80,6 +80,9 @@ def save_user_auth(user: User, organization: Organization, build_domain: str, ac

	class IsValidSimproRequest(BasePermission):
	def has_permission(self, request: Request, view: View):
	+ # Fetch this before getting request data, otherwise it fails
	+ body = request._request.body
	+
	integration_domain = request.data.get('build')
	organization_code = view.kwargs.get('organization_code')
	signature = request.META.get('HTTP_X_RESPONSE_SIGNATURE')
	@@ -91,17 +94,8 @@ class IsValidSimproRequest(BasePermission):
	webhook_secret = integration.data.get('webhook_secret') if integration.data else None
	if not webhook_secret:
	return False
	- request_body_stream: Union[BytesIO, HttpRequest] = request.stream
	- request_body_stream.read()
	- if isinstance(request_body_stream, BytesIO):
	- request_body_stream.seek(0)
	- elif hasattr(request_body_stream, '_stream'):
	- # On some platforms (Mac), request.stream will return the inner request rather than the request stream.
	- # This seems to be caused by the request parser reading the request before permissions have been run.
	- # In this case, we need to reset the stream to the beginning before reading, but this is only possible
	- # by accessing the protected member "_stream".
	- request_body_stream._stream.seek(0)
	+
	hmac_digest = hmac.new(key=webhook_secret.encode(),
	- msg=request_body_stream.read(),
	+ msg=body,
	digestmod=hashlib.sha1).hexdigest()
	return hmac.compare_digest(signature, str(hmac_digest))