/** * @covers Request::signature_equals */ public function test_signature_equals() { $data = ['key' => 'value']; $request = new Request($data); $signature = base64_encode(hash_hmac('sha1', json_encode($data), HELPSCOUT_SECRET_KEY, true)); self::assertTrue($request->signature_equals($signature)); self::assertFalse($request->signature_equals('')); $signature = base64_encode(hash_hmac('sha1', json_encode(['other-key' => 'value']), HELPSCOUT_SECRET_KEY, true)); self::assertFalse($request->signature_equals($signature)); }
/** * Validate the request * * - Validates the payload * - Validates the request signature * * @return bool */ private function validate() { // we need at least this if (!isset($this->data['customer']['email']) && !isset($this->data['customer']['emails'])) { return false; } // check request signature $request = new Request($this->data); if (isset($_SERVER['HTTP_X_HELPSCOUT_SIGNATURE']) && $request->signature_equals($_SERVER['HTTP_X_HELPSCOUT_SIGNATURE'])) { return true; } return false; }