/** * Validate input payload: * - if it comes with a signature, validate signature, * - parse it (JSON) * * @param $file payload source * * @return Array */ private function getValidPayload($file) { $this->headers = getallheaders(); $data = file_get_contents($file); if (!array_key_exists('X-CashWay-Signature', $this->headers)) { $this->terminateReply(400, 'A signature header is required.'); } $signature = trim($this->headers['X-CashWay-Signature']); if ($signature == 'none' || $signature == '') { $this->terminateReply(400, 'A real signature is required.'); } if (!\CashWay\API::isDataValid($data, Configuration::get('CASHWAY_SHARED_SECRET'), $signature)) { $this->terminateReply(400, 'Payload signature does not match.'); } $this->data = json_decode($data); if (null === $this->data) { $this->terminateReply(400, 'Could not parse JSON payload.'); } return $this->data; }
/** * @dataProvider signaturesProvider */ public function testNotificationSignature($body, $secret, $expected_signature) { $this->assertTrue(\CashWay\API::isDataValid($body, $secret, $expected_signature)); }