Merge pull request #4 from binary-cats/fix/signature-validation

Fix signature validator
binary-cats · Feb 4, 2020 · 0d17ef8 · 0d17ef8
2 parents dd8ccd1 + 798e0be
commit 0d17ef8
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/src/LobSignatureValidator.php b/src/LobSignatureValidator.php
@@ -34,19 +34,33 @@ class LobSignatureValidator implements SignatureValidator
     public function isValid(Request $request, WebhookConfig $config): bool
     {
         $signatureArray = [
-            'token' => json_encode($request->all()),
-            'timestamp'  => $request->header('lob-signature-timestamp'),
-            'signature'  => $request->header('lob-signature'),
+            'token'     => $this->payload($request),
+            'timestamp' => $request->header('lob-signature-timestamp'),
+            'signature' => $request->header('lob-signature'),
         ];
 
         $secret = $config->signingSecret;
 
         try {
-            Webhook::constructEvent($request->all(), $signatureArray, $secret);
+            Webhook::constructEvent($request->input(), $signatureArray, $secret);
         } catch (Exception $exception) {
             return false;
         }
 
         return true;
     }
+
+    /**
+     * Compile the payload.
+     *
+     * @param  Illuminate\Http\Request       $request
+     * @return string
+     */
+    protected function payload(Request $request): string
+    {
+        // Will decode the body into an object, not an array
+        $decoded = json_decode($request->getContent());
+        // recode back into string
+        return json_encode($decoded, JSON_UNESCAPED_SLASHES);
+    }
 }