Add Mailgun->verifyWebhookSignature

This commit is contained in:
George Macon 2014-06-24 17:36:21 -04:00
parent e538430f54
commit 46f63044ad
2 changed files with 47 additions and 0 deletions

View File

@ -20,8 +20,10 @@ class Mailgun{
protected $workingDomain;
protected $restClient;
protected $apiKey;
public function __construct($apiKey = null, $apiEndpoint = "api.mailgun.net", $apiVersion = "v2", $ssl = true){
$this->apiKey = $apiKey;
$this->restClient = new RestClient($apiKey, $apiEndpoint, $apiVersion, $ssl);
}
@ -52,6 +54,31 @@ class Mailgun{
}
}
public function verifyWebhookSignature($postData = NULL) {
/*
* This function checks the signature in a POST request to see if it is
* authentic.
*
* Pass an array of parameters. If you pass nothing, $_POST will be
* used instead.
*
* If this function returns FALSE, you must not process the request.
* You should reject the request with status code 403 Forbidden.
*/
if(is_null($postData)) {
$postData = $_POST;
}
$hmac = hash_hmac('sha256', "{$postData["timestamp"]}{$postData["token"]}", $this->apiKey);
$sig = $postData['signature'];
if(function_exists('hash_equals')) {
// hash_equals is constant time, but will not be introduced until PHP 5.6
return hash_equals($hmac, $sig);
}
else {
return ($hmac == $sig);
}
}
public function post($endpointUrl, $postData = array(), $files = array()){
return $this->restClient->post($endpointUrl, $postData, $files);
}

View File

@ -13,6 +13,26 @@ class MailgunTest extends \Mailgun\Tests\MailgunTestCase
$client = new Mailgun();
$client->sendMessage("test.mailgun.com", "etss", 1);
}
public function testVerifyWebhookGood() {
$client = new Mailgun('key-3ax6xnjp29jd6fds4gc373sgvjxteol0');
$postData = [
'timestamp' => '1403645220',
'token' => '5egbgr1vjgqxtrnp65xfznchgdccwh5d6i09vijqi3whgowmn6',
'signature' => '9cfc5c41582e51246e73c88d34db3af0a3a2692a76fbab81492842f000256d33',
];
assert($client->verifyWebhookSignature($postData));
}
public function testVerifyWebhookBad() {
$client = new Mailgun('key-3ax6xnjp29jd6fds4gc373sgvjxteol0');
$postData = [
'timestamp' => '1403645220',
'token' => 'owyldpe6nxhmrn78epljl6bj0orrki1u3d2v5e6cnlmmuox8jr',
'signature' => '9cfc5c41582e51246e73c88d34db3af0a3a2692a76fbab81492842f000256d33',
];
assert(!$client->verifyWebhookSignature($postData));
}
}
?>