-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added more tests and webhook validation code
- Loading branch information
1 parent
6a264b8
commit e03f4cb
Showing
3 changed files
with
78 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
<?php | ||
|
||
namespace Dojo_PHP; | ||
use Dojo_PHP\ApiException; | ||
|
||
class WebHooksUtil { | ||
|
||
/** | ||
* Validates dojo-signature for webhook payload (https://docs.dojo.tech/payments/development-resources/webhooks#step-3-verify-dojo-webhooks) | ||
* | ||
* @param string $requestBody Raw JSON request body from the webhook request. | ||
* @param string $secret Raw Secret generated by for this webhook registration. | ||
* @param string $dojoSignature Dojo signature that comes with the request. | ||
* @return void Throws, if validation fails. | ||
*/ | ||
public static function validatePayloadSignature($requestBody, $secret, $dojoSignature) { | ||
|
||
if (empty($requestBody)) { | ||
throw new ApiException("Request body value is not provided"); | ||
} | ||
|
||
if (empty($secret)) { | ||
throw new ApiException("Secret value is not provided"); | ||
} | ||
|
||
if (empty($dojoSignature)) { | ||
throw new ApiException("'dojo-signature' value is not provided"); | ||
} | ||
|
||
// "sha256=EE-A5-9D-30-4D-BB-..." -> | ||
// eea59d4dbb... | ||
$dojoSignature = str_replace("sha256=", '', $dojoSignature); | ||
$dojoSignature = str_replace("-", '', $dojoSignature); | ||
$dojoSignature = strtolower($dojoSignature); | ||
|
||
$res = hash_hmac('sha256', $requestBody, $secret); | ||
|
||
if (!hash_equals($res, $dojoSignature)) { | ||
throw new ApiException("Signature provided in 'dojo-signature' is incorrect!"); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
<?php | ||
|
||
namespace Dojo_PHP\Tests; | ||
|
||
use PHPUnit\Framework\TestCase; | ||
|
||
use Dojo_PHP\WebHooksUtil; | ||
use Dojo_PHP\ApiException; | ||
|
||
class WebHooksUtilTest extends TestCase { | ||
public function test_validatePayloadSignature_CalledForExampleFromDocs_ExpectCorrectHashIsCalculated() { | ||
// Arrange | ||
$json = "{\"id\":\"evt_hnnHxIKR_Uy6bhZCusCltw\",\"event\":\"payment_intent.created\",\"accountId\":\"acc_test\",\"createdAt\":\"2022-02-01T13:07:41.8667859Z\",\"data\":{\"paymentIntentId\":\"pi_vpwd4ooAPEqyNAQe4z89WQ\",\"paymentStatus\":\"Created\",\"captureMode\":\"Auto\"}}"; | ||
$secret = "PDYkJQq6sESYHp_zJuTTBQ"; | ||
$dojoSignature = "sha256=4B-49-F8-FE-25-A7-E6-7D-00-4F-A7-9C-F8-0B-63-00-C7-77-B4-F2-2D-E5-E1-22-84-FA-04-18-50-A1-76-FD"; | ||
|
||
// Act & assert | ||
WebHooksUtil::validatePayloadSignature($json, $secret, $dojoSignature); | ||
$this->assertEquals(true, true, "Must not fail with proper exception"); | ||
} | ||
|
||
public function test_validatePayloadSignature_CalledForIncorrectExampleFromDocs_ExpectException() { | ||
try { | ||
// Arrange | ||
$json = "{\"id\":\"evt_hnnHxIKR_Uy6bhZCusCltw\",\"event\":\"payment_intent.created\",\"accountId\":\"acc_test\",\"createdAt\":\"2022-02-01T13:07:41.8667859Z\",\"data\":{\"paymentIntentId\":\"pi_vpwd4ooAPEqyNAQe4z89WQ\",\"paymentStatus\":\"Created\",\"captureMode\":\"Auto\"}}"; | ||
$secret = "PDYkJQq6sESYHp_zJuTTBQ"; | ||
$dojoSignature = "sha256=5B-49-F8-FE-25-A7-E6-7D-00-4F-A7-9C-F8-0B-63-00-C7-77-B4-F2-2D-E5-E1-22-84-FA-04-18-50-A1-76-FD"; | ||
|
||
WebHooksUtil::validatePayloadSignature($json, $secret, $dojoSignature); | ||
$this->assertEquals(true, false, "Must fail with proper exception"); | ||
} | ||
catch (ApiException $ex) { | ||
$this->assertEquals($ex->getMessage(), "Signature provided in 'dojo-signature' is incorrect!", "Must fail with proper exception"); | ||
} | ||
} | ||
} |