Merge pull request #147 from alma/feature/ecom-2116-php-client-create…

…-endpoint-that-returns-data feat: replace payment validator hmac verification by request hmac val…
alma · Oct 30, 2024 · 7746a5c · 7746a5c
2 parents 81569df + dafd8f5
commit 7746a5c
Show file tree

Hide file tree

Showing 3 changed files with 144 additions and 3 deletions.
diff --git a/src/Lib/PaymentValidator.php b/src/Lib/PaymentValidator.php
@@ -58,15 +58,16 @@ public static function checkPurchaseAmount($data)
     }
 
     /**
+     * Validate the HMAC signature of the request
+     *
      * @param string $data
      * @param string $apiKey
      * @param string $signature
+     * @deprecated Use RequestUtils::isHmacValidated instead
      * @return bool
      */
     public function isHmacValidated($data, $apiKey,  $signature)
     {
-        return is_string($data) &&
-            is_string($apiKey) &&
-            hash_hmac('sha256', $data, $apiKey) === $signature;
+        return RequestUtils::isHmacValidated($data, $apiKey, $signature);
     }
 }
diff --git a/src/Lib/RequestUtils.php b/src/Lib/RequestUtils.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Alma\API\Lib;
+
+class RequestUtils
+{
+    /**
+     * Validate the HMAC signature of the request
+     *
+     * @param string $data
+     * @param string $apiKey
+     * @param string $signature
+     * @return bool
+     */
+    public static function isHmacValidated($data, $apiKey,  $signature)
+    {
+        return is_string($data) &&
+            is_string($apiKey) &&
+            hash_hmac('sha256', $data, $apiKey) === $signature;
+    }
+
+}
diff --git a/tests/Unit/Lib/RequestUtilsTest.php b/tests/Unit/Lib/RequestUtilsTest.php
@@ -0,0 +1,118 @@
+<?php
+
+namespace Alma\API\Tests\Unit\Lib;
+
+use Alma\API\Lib\RequestUtils;
+use PHPUnit\Framework\TestCase;
+use stdClass;
+
+class RequestUtilsTest extends TestCase
+{
+    public function testValidateRequestSignature()
+    {
+        $data = 'merchant_id_test';
+        $apiKey = 'api_key_test';
+        $signature = '0dd3cb4632c074ead0d0f346c75015c76ad4e1e115f01c7e0850dd5accb7b4b0';
+
+        $this->assertTrue(RequestUtils::isHmacValidated($data, $apiKey,  $signature));
+    }
+    /**
+     * @dataProvider checkHmacInvalidDataProvider
+     * @param $data
+     * @param $apiKey
+     * @param $signature
+     * @return void
+     */
+    public function testHmacDataDifferentFromSignature($data, $apiKey,  $signature)
+    {
+        $this->assertFalse(RequestUtils::isHmacValidated($data, $apiKey,  $signature));
+    }
+
+    public static function checkHmacInvalidDataProvider()
+    {
+        return [
+            'String data' => [
+                'data' => 'payment_id_test',
+                'apiKey' => 'api_key_test',
+                'signature' => 'wrong_signature'
+            ],
+            'Empty array data' => [
+                'data' => [],
+                'apiKey' => 'api_key_test',
+                'signature' => 'wrong_signature'
+            ],
+            'Empty array apiKey' => [
+                'data' => 'payment_id_test',
+                'apiKey' => [],
+                'signature' => 'wrong_signature'
+            ],
+            'Empty array signature' => [
+                'data' => 'payment_id_test',
+                'apiKey' => 'api_key_test',
+                'signature' => []
+            ],
+            'Empty string data' => [
+                'data' => '',
+                'apiKey' => 'api_key_test',
+                'signature' => 'wrong_signature'
+            ],
+            'Empty string apiKey' => [
+                'data' => 'payment_id_test',
+                'apiKey' => '',
+                'signature' => 'wrong_signature'
+            ],
+            'Empty string signature' => [
+                'data' => 'payment_id_test',
+                'apiKey' => 'api_key_test',
+                'signature' => ''
+            ],
+            'Object data' => [
+                'data' => new stdClass(),
+                'apiKey' => 'api_key_test',
+                'signature' => 'wrong_signature'
+            ],
+            'Object apiKey' => [
+                'data' => 'payment_id_test',
+                'apiKey' => new stdClass(),
+                'signature' => 'wrong_signature'
+            ],
+            'Object signature' => [
+                'data' => 'payment_id_test',
+                'apiKey' => 'api_key_test',
+                'signature' => new stdClass()
+            ],
+            'Boolean data' => [
+                'data' => false,
+                'apiKey' => 'api_key_test',
+                'signature' => 'wrong_signature'
+            ],
+            'Boolean apiKey' => [
+                'data' => 'payment_id_test',
+                'apiKey' => true,
+                'signature' => 'wrong_signature'
+            ],
+            'Boolean signature' => [
+                'data' => 'payment_id_test',
+                'apiKey' => 'api_key_test',
+                'signature' => true
+            ],
+            'Int data' => [
+                'data' => 1,
+                'apiKey' => 'api_key_test',
+                'signature' => 'wrong_signature'
+            ],
+            'Int apiKey' => [
+                'data' => 'payment_id_test',
+                'apiKey' => 2,
+                'signature' => 'wrong_signature'
+            ],
+            'Int signature' => [
+                'data' => 'payment_id_test',
+                'apiKey' => 'api_key_test',
+                'signature' => 3
+            ]
+
+        ];
+    }
+
+}