/** @test */ public function should_accept_custom_prefix() { $auth = $this->request->sign($this->token, 'x-'); $this->assertEquals('5.1.2', $auth['x-version']); $this->assertEquals('abc123', $auth['x-key']); $this->assertEquals('1412506800', $auth['x-timestamp']); $this->assertRegExp('/[a-z0-9]{64}/', $auth['x-signature']); }
/** @test */ public function should_return_true_on_successful_attempt_with_custom_prefix() { $params = ['name' => 'Philip Brown']; $token = new Token('abc123', 'qwerty'); $request = new Request('POST', 'users', $params); $signed = $request->sign($token, 'x-'); $params = array_merge($params, $signed); $token = new Token('abc123', 'qwerty'); $auth = new Auth('POST', 'users', $params, [new CheckKey(), new CheckVersion(), new CheckTimestamp(), new CheckSignature()]); $this->assertTrue($auth->attempt($token, 'x-')); }
/** * Sets up the Hmac authentication headers and dispatches the request * @param string $endpoint The API endpoing we want * @param array $payload Any data to send along * @param string $method The HTTP method * @return bool */ public function fetch($endpoint, array $payload = array(), $method = 'GET') { //so we don't want to use the query params for HMAC since we won't know what's //being sent versus what's expected to be sent. So we remove them and prepare for //query usage $query = array(); if (strtolower($method) == 'get') { $query = $payload; $payload = array(); } $token = new Token($this->getApiKey(), $this->getApiSecret()); $request = new Request($method, $endpoint, $payload); $headers = $request->sign($token, 'm62_auth_'); if (strtolower($method) == 'get') { $payload = array(); } $endpoint = $this->getSiteUrl($endpoint, $query); return $this->request($endpoint, $payload, $method, $headers); }