public function testVerify() { $hasher = new HmacHasher(); $private = Str::random(256); $private2 = Str::random(256); $hash1 = $hasher->hash('this is a test', $private); $hash2 = $hasher->hash('another test', $private2); $this->assertEqualsMatrix([[true, $hasher->verify($hash1, 'this is a test', $private)], [false, $hasher->verify($hash1, 'this is a test', $private2)], [false, $hasher->verify($hash2, 'this is a test', $private)], [false, $hasher->verify($hash1, 'th1s 1s 4 t3st', $private)], [false, $hasher->verify($hash2, 'another test', $private)], [true, $hasher->verify($hash2, 'another test', $private2)]]); }
/** * Generate the content hash using the content string and the current date. * * @param $content * * @return string */ public function hash($content) { return $this->hasher->hash($content . Carbon::now()->format('Y-m-d H:i'), $this->keyPair->secret_key); }
public function testHandleWithMissingAuthorization() { $generator = new KeyPairGenerator(); $hasher = new HmacHasher(); $pair = $generator->generateHmac(); $content = json_encode(['doge' => 'much secret']); $brokenRequest = Request::create('/auth/something/important/dont/hax/pls', 'POST', [], [], [], [], $content); $brokenRequest->headers->set('Content-Hash', $hasher->hash($content, $pair->getSecretKey())); $finder = m::mock(KeyPairFinderInterface::class); $finder->shouldReceive('byPublicId')->with($pair->getPublicId(), KeyPairTypes::TYPE_HMAC)->once()->andReturn($pair); $instance = new HmacMiddleware($finder); $response = $instance->handle($brokenRequest, function () { // }); $body = Std::jsonDecode($response->getContent()); $this->assertEqualsMatrix([['One or more fields are invalid. Please check your input.', $body['messages'][0]], [['authorization'], $body['missing']]]); }