mirror of
https://github.com/retailcrm/mailgun-php.git
synced 2024-11-26 23:06:06 +03:00
Merge branch 'gmacon-verifyWebhookSignature'
This commit is contained in:
commit
f4c6fd012b
@ -17,22 +17,21 @@ use Mailgun\Messages\MessageBuilder;
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
class Mailgun{
|
class Mailgun{
|
||||||
|
|
||||||
protected $workingDomain;
|
protected $workingDomain;
|
||||||
protected $restClient;
|
protected $restClient;
|
||||||
|
protected $apiKey;
|
||||||
|
|
||||||
public function __construct($apiKey = null, $apiEndpoint = "api.mailgun.net", $apiVersion = "v2", $ssl = true){
|
public function __construct($apiKey = null, $apiEndpoint = "api.mailgun.net", $apiVersion = "v2", $ssl = true){
|
||||||
|
$this->apiKey = $apiKey;
|
||||||
$this->restClient = new RestClient($apiKey, $apiEndpoint, $apiVersion, $ssl);
|
$this->restClient = new RestClient($apiKey, $apiEndpoint, $apiVersion, $ssl);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function sendMessage($workingDomain, $postData, $postFiles = array()){
|
public function sendMessage($workingDomain, $postData, $postFiles = array()){
|
||||||
|
|
||||||
/*
|
/*
|
||||||
This function allows the sending of a fully formed message OR a custom
|
* This function allows the sending of a fully formed message OR a custom
|
||||||
MIME string. If sending MIME, the string must be passed in to the 3rd
|
* MIME string. If sending MIME, the string must be passed in to the 3rd
|
||||||
position of the function call.
|
* position of the function call.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if(is_array($postFiles)){
|
if(is_array($postFiles)){
|
||||||
return $this->post("$workingDomain/messages", $postData, $postFiles);
|
return $this->post("$workingDomain/messages", $postData, $postFiles);
|
||||||
}
|
}
|
||||||
@ -52,6 +51,31 @@ class Mailgun{
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function verifyWebhookSignature($postData = NULL) {
|
||||||
|
/*
|
||||||
|
* This function checks the signature in a POST request to see if it is
|
||||||
|
* authentic.
|
||||||
|
*
|
||||||
|
* Pass an array of parameters. If you pass nothing, $_POST will be
|
||||||
|
* used instead.
|
||||||
|
*
|
||||||
|
* If this function returns FALSE, you must not process the request.
|
||||||
|
* You should reject the request with status code 403 Forbidden.
|
||||||
|
*/
|
||||||
|
if(is_null($postData)) {
|
||||||
|
$postData = $_POST;
|
||||||
|
}
|
||||||
|
$hmac = hash_hmac('sha256', "{$postData["timestamp"]}{$postData["token"]}", $this->apiKey);
|
||||||
|
$sig = $postData['signature'];
|
||||||
|
if(function_exists('hash_equals')) {
|
||||||
|
// hash_equals is constant time, but will not be introduced until PHP 5.6
|
||||||
|
return hash_equals($hmac, $sig);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return ($hmac == $sig);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public function post($endpointUrl, $postData = array(), $files = array()){
|
public function post($endpointUrl, $postData = array(), $files = array()){
|
||||||
return $this->restClient->post($endpointUrl, $postData, $files);
|
return $this->restClient->post($endpointUrl, $postData, $files);
|
||||||
}
|
}
|
||||||
|
@ -13,4 +13,24 @@ class MailgunTest extends \Mailgun\Tests\MailgunTestCase
|
|||||||
$client = new Mailgun();
|
$client = new Mailgun();
|
||||||
$client->sendMessage("test.mailgun.com", "etss", 1);
|
$client->sendMessage("test.mailgun.com", "etss", 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testVerifyWebhookGood() {
|
||||||
|
$client = new Mailgun('key-3ax6xnjp29jd6fds4gc373sgvjxteol0');
|
||||||
|
$postData = [
|
||||||
|
'timestamp' => '1403645220',
|
||||||
|
'token' => '5egbgr1vjgqxtrnp65xfznchgdccwh5d6i09vijqi3whgowmn6',
|
||||||
|
'signature' => '9cfc5c41582e51246e73c88d34db3af0a3a2692a76fbab81492842f000256d33',
|
||||||
|
];
|
||||||
|
assert($client->verifyWebhookSignature($postData));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testVerifyWebhookBad() {
|
||||||
|
$client = new Mailgun('key-3ax6xnjp29jd6fds4gc373sgvjxteol0');
|
||||||
|
$postData = [
|
||||||
|
'timestamp' => '1403645220',
|
||||||
|
'token' => 'owyldpe6nxhmrn78epljl6bj0orrki1u3d2v5e6cnlmmuox8jr',
|
||||||
|
'signature' => '9cfc5c41582e51246e73c88d34db3af0a3a2692a76fbab81492842f000256d33',
|
||||||
|
];
|
||||||
|
assert(!$client->verifyWebhookSignature($postData));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user