Merge pull request #10 from binary-cats/patch-1

cyrillkalita · web-flow · commit 36014113338b · 2021-03-27T12:41:58.000-05:00
Proper responses for incorrect values
diff --git a/.travis.yml b/.travis.yml
@@ -25,6 +25,14 @@ matrix:
           env: LARAVEL='6.*' TESTBENCH='4.*' COMPOSER_FLAGS='--prefer-stable'
         - php: 7.3
           env: LARAVEL='7.*' TESTBENCH='5.*' COMPOSER_FLAGS='--prefer-stable'
+        - php: 7.4
+          env: LARAVEL='7.*' TESTBENCH='5.*' COMPOSER_FLAGS='--prefer-stable'
+        - php: 7.4
+          env: LARAVEL='7.*' TESTBENCH='6.*' COMPOSER_FLAGS='--prefer-stable'
+        - php: 7.4
+          env: LARAVEL='8.*' TESTBENCH='6.*' COMPOSER_FLAGS='--prefer-stable'
+        - php: 8.0
+          env: LARAVEL='8.*' TESTBENCH='6.*' COMPOSER_FLAGS='--prefer-stable'
 
 before_install:
     - travis_retry composer self-update
diff --git a/composer.json b/composer.json
@@ -18,7 +18,7 @@
         }
     ],
     "require": {
-        "php": "^7.2",
+        "php": "^7.2|^8.0",
         "illuminate/support": "~5.8.0|^6.0|^7.0|^8.0",
         "spatie/laravel-webhook-client": "^2.0"
     },
diff --git a/src/MailgunSignatureValidator.php b/src/MailgunSignatureValidator.php
@@ -33,7 +33,8 @@ class MailgunSignatureValidator implements SignatureValidator
      */
     public function isValid(Request $request, WebhookConfig $config): bool
     {
-        $signature = $request->get('signature', []);
+        $signature = $this->signature($request);
+
         $secret = $config->signingSecret;
 
         try {
@@ -46,4 +47,21 @@ public function isValid(Request $request, WebhookConfig $config): bool
 
         return true;
     }
+
+    /**
+     * Validate the incoming signature' schema.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @return array
+     */
+    protected function signature(Request $request): array
+    {
+        $validated = $request->validate([
+            'signature.signature' => 'bail|required',
+            'signature.timestamp' => 'required',
+            'signature.token' => 'required',
+        ]);
+
+        return $validated['signature'];
+    }
 }
diff --git a/tests/IntegrationTest.php b/tests/IntegrationTest.php
@@ -56,6 +56,43 @@ public function it_can_handle_a_valid_request()
         $this->assertEquals($webhookCall->id, cache('dummyjob')->id);
     }
 
+    public function in_will_ignore_empty_reququest()
+    {
+        $payload = [];
+
+        Arr::set($payload, 'signature', $this->determineMailgunSignature($payload));
+
+        $this
+            ->postJson('mailgun-webhooks', $payload)
+            ->assertStatus(422);
+
+        $this->assertCount(0, WebhookCall::get());
+
+        Event::assertNotDispatched('mailgun-webhooks::my.type');
+
+        $this->assertNull(cache('dummyjob'));
+    }
+
+    public function in_will_ignore_unsinged_reququest()
+    {
+        $payload = [
+            'event-data' => [
+                'event' => 'my.type',
+                'key' => 'value',
+            ],
+        ];
+
+        $this
+            ->postJson('mailgun-webhooks', $payload)
+            ->assertStatus(422);
+
+        $this->assertCount(0, WebhookCall::get());
+
+        Event::assertNotDispatched('mailgun-webhooks::my.type');
+
+        $this->assertNull(cache('dummyjob'));
+    }
+
     /** @test */
     public function a_request_with_an_invalid_signature_wont_be_logged()
     {
@@ -70,7 +107,7 @@ public function a_request_with_an_invalid_signature_wont_be_logged()
 
         $this
             ->postJson('mailgun-webhooks', $payload)
-            ->assertStatus(500);
+            ->assertStatus(422);
 
         $this->assertCount(0, WebhookCall::get());
 

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`}`
`19`	`19`	`],`
`20`	`20`	`"require": {`
`21`		`- "php": "^7.2",`
	`21`	`+ "php": "^7.2\|^8.0",`
`22`	`22`	`"illuminate/support": "~5.8.0\|^6.0\|^7.0\|^8.0",`
`23`	`23`	`"spatie/laravel-webhook-client": "^2.0"`
`24`	`24`	`},`