wip

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 All notable changes to `laravel-webhook-client` will be documented in this file
 
+## 2.0.0 - 2019-07-08
+
+- `DefaultSignatureValidator` is now responsible for verifying that a signature header has been set
+- `InvalidSignatureEvent` now only gets the `$request`
+
 ## 1.0.2 - 2019-07-01
 
 - remove handle abstract method from `ProcessWebhookJob` to allow DI.

src/Events/InvalidSignatureEvent.php

@@ -9,13 +9,8 @@ class InvalidSignatureEvent
     /** @var \Illuminate\Http\Request */
     public $request;
 
-    /** @var string|null */
-    public $invalidSignature;
-
-    public function __construct(Request $request, ?string $invalidSignature)
+    public function __construct(Request $request)
     {
         $this->request = $request;
-
-        $this->invalidSignature = $invalidSignature;
     }
 }

src/Exceptions/WebhookFailed.php

@@ -6,14 +6,9 @@
 
 class WebhookFailed extends Exception
 {
-    public static function missingSignature(string $headerName): WebhookFailed
+    public static function invalidSignature(): WebhookFailed
     {
-        return new static("The request did not contain a header named `${headerName}`.");
-    }
-
-    public static function invalidSignature(string $signature, string $signatureHeaderName): WebhookFailed
-    {
-        return new static("The signature `{$signature}` found in the header named `{$signatureHeaderName}` is invalid. Make sure that the `webhook_signing_secret` config key is set to the correct value. If you are caching your config try running `php artisan cache:clear` to resolve the problem.");
+        return new static("The signature is invalid.");
     }
 
     public static function signingSecretNotSet(): WebhookFailed

src/SignatureValidator/DefaultSignatureValidator.php

@@ -3,6 +3,7 @@
 namespace Spatie\WebhookClient\SignatureValidator;
 
 use Illuminate\Http\Request;
+use Spatie\WebhookClient\Events\InvalidSignatureEvent;
 use Spatie\WebhookClient\WebhookConfig;
 use Spatie\WebhookClient\Exceptions\WebhookFailed;
 
@@ -12,6 +13,10 @@ public function isValid(Request $request, WebhookConfig $config): bool
     {
         $signature = $request->header($config->signatureHeaderName);
 
+        if (! $signature) {
+           return false;
+        }
+
         $signingSecret = $config->signingSecret;
 
         if (empty($signingSecret)) {

src/WebhookProcessor.php

@@ -25,7 +25,7 @@ public function __construct(Request $request, WebhookConfig $config)
 
     public function process()
     {
-        $this->guardAgainstInvalidSignature();
+        $this->ensureValidSignature();
 
         if (! $this->config->webhookProfile->shouldProcess($this->request)) {
             return;
@@ -36,21 +36,12 @@ public function process()
         $this->processWebhook($webhookCall);
     }
 
-    protected function guardAgainstInvalidSignature()
+    protected function ensureValidSignature()
     {
-        $headerName = $this->config->signatureHeaderName;
-
-        $signature = $this->request->header($headerName);
-
-        if (! $signature) {
-            event(new InvalidSignatureEvent($this->request, $signature));
-            throw WebhookFailed::missingSignature($headerName);
-        }
-
         if (! $this->config->signatureValidator->isValid($this->request, $this->config)) {
-            event(new InvalidSignatureEvent($this->request, $signature));
+            event(new InvalidSignatureEvent($this->request));
 
-            throw WebhookFailed::invalidSignature($signature, $this->config->signatureHeaderName);
+            throw WebhookFailed::invalidSignature();
         }
 
         return $this;

tests/TestClasses/EverythingIsValidSignatureValidator.php

@@ -0,0 +1,17 @@
+<?php
+
+
+namespace Spatie\WebhookClient\Tests\TestClasses;
+
+
+use Illuminate\Http\Request;
+use Spatie\WebhookClient\SignatureValidator\SignatureValidator;
+use Spatie\WebhookClient\WebhookConfig;
+
+class EverythingIsValidSignatureValidator implements SignatureValidator
+{
+    public function isValid(Request $request, WebhookConfig $config): bool
+    {
+        return true;
+    }
+}

tests/TestClasses/NothingIsValidSignatureValidator.php

@@ -0,0 +1,17 @@
+<?php
+
+
+namespace Spatie\WebhookClient\Tests\TestClasses;
+
+
+use Illuminate\Http\Request;
+use Spatie\WebhookClient\SignatureValidator\SignatureValidator;
+use Spatie\WebhookClient\WebhookConfig;
+
+class NothingIsValidSignatureValidator implements SignatureValidator
+{
+    public function isValid(Request $request, WebhookConfig $config): bool
+    {
+        return false;
+    }
+}

tests/WebhookControllerTest.php

@@ -8,6 +8,8 @@
 use Illuminate\Support\Facades\Route;
 use Spatie\WebhookClient\Models\WebhookCall;
 use Spatie\WebhookClient\Events\InvalidSignatureEvent;
+use Spatie\WebhookClient\Tests\TestClasses\EverythingIsValidSignatureValidator;
+use Spatie\WebhookClient\Tests\TestClasses\NothingIsValidSignatureValidator;
 use Spatie\WebhookClient\Tests\TestClasses\ProcessWebhookJobTestClass;
 use Spatie\WebhookClient\Tests\TestClasses\ProcessNothingWebhookProfile;
 
@@ -45,8 +47,6 @@ public function setUp(): void
     /** @test */
     public function it_can_process_a_webhook_request()
     {
-        $this->withoutExceptionHandling();
-
         $this
             ->postJson('incoming-webhooks', $this->payload, $this->headers)
             ->assertSuccessful();
@@ -78,6 +78,22 @@ public function a_request_with_an_invalid_payload_will_not_get_processed()
         Event::assertDispatched(InvalidSignatureEvent::class);
     }
 
+    /** @test */
+    public function it_can_work_with_an_alternative_signature_validator()
+    {
+        config()->set('webhook-client.configs.0.signature_validator', EverythingIsValidSignatureValidator::class);
+
+        $this
+            ->postJson('incoming-webhooks', $this->payload, [])
+            ->assertOk();
+
+        config()->set('webhook-client.configs.0.signature_validator', NothingIsValidSignatureValidator::class);
+
+        $this
+            ->postJson('incoming-webhooks', $this->payload, [])
+            ->assertStatus(500);
+    }
+
     /** @test */
     public function it_can_work_with_an_alternative_profile()
     {