Incoviba/oficial
1
0
Fork 0
Code Issues Pull Requests 2 Releases Wiki Activity

HMAC not static

Browse Source
This commit is contained in:
Juan Pablo Vial
2025-06-03 23:04:57 -04:00
parent 1c3052219c
commit c5188a1feb
3 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/setup/setups/services.php
View File

@ -154,7 +154,8 @@ return [
Incoviba\Service\Venta\MediosPago\Toku::class => function(ContainerInterface $container) { Incoviba\Service\Venta\MediosPago\Toku::class => function(ContainerInterface $container) {
return (new Incoviba\Service\Venta\MediosPago\Toku( return (new Incoviba\Service\Venta\MediosPago\Toku(
$container->get('externalLogger'), $container->get('externalLogger'),
$container->get(Incoviba\Common\Define\Connection::class) $container->get(Incoviba\Common\Define\Connection::class),
$container->get(Incoviba\Service\HMAC::class)
)) ))
->register('customer', $container->get(Incoviba\Service\Venta\MediosPago\Toku\Customer::class)) ->register('customer', $container->get(Incoviba\Service\Venta\MediosPago\Toku\Customer::class))
->register('subscription', $container->get(Incoviba\Service\Venta\MediosPago\Toku\Subscription::class)) ->register('subscription', $container->get(Incoviba\Service\Venta\MediosPago\Toku\Subscription::class))

8
app/src/Service/HMAC.php
View File

@ -5,13 +5,19 @@ use Incoviba\Common\Ideal;
class HMAC extends Ideal\Service class HMAC extends Ideal\Service
{ {
public static function validate(string $timestamp, string $requestSignature, string $requestId, string $secret): bool public function validate(string $timestamp, string $requestSignature, string $requestId, string $secret): bool
{ {
$message = "{$timestamp}.{$requestId}"; $message = "{$timestamp}.{$requestId}";
$encodedSecret = mb_convert_encoding($secret, 'UTF-8'); $encodedSecret = mb_convert_encoding($secret, 'UTF-8');
$encodedMessage = mb_convert_encoding($message, 'UTF-8'); $encodedMessage = mb_convert_encoding($message, 'UTF-8');
$hmacObject = hash_hmac('sha256', $encodedMessage, $encodedSecret); $hmacObject = hash_hmac('sha256', $encodedMessage, $encodedSecret);
$computedSignature = base64_encode($hmacObject); $computedSignature = base64_encode($hmacObject);
$this->logger->info('Validating HMAC', [
'requestSignature' => $requestSignature,
'computedSignature' => $hmacObject,
'compare1' => hash_equals($hmacObject, $requestSignature),
'compare2' => hash_equals($computedSignature, $requestSignature),
]);
return hash_equals($computedSignature, $requestSignature); return hash_equals($computedSignature, $requestSignature);
} }
} }

18
app/src/Service/Venta/MediosPago/Toku.php
View File

@ -27,7 +27,7 @@ class Toku extends Ideal\Service
protected Subscription $subscription; protected Subscription $subscription;
protected Invoice $invoice; protected Invoice $invoice;
public function __construct(LoggerInterface $logger, protected Connection $connection) public function __construct(LoggerInterface $logger, protected Connection $connection, protected HMAC $hmac)
{ {
parent::__construct($logger); parent::__construct($logger);
} }
@ -446,21 +446,9 @@ class Toku extends Ideal\Service
return false; return false;
} }
foreach ($results as $secret) { if (array_any($results, fn($secret) => $this->hmac->validate($timestamp, $signature, $eventId, $secret))) {
$this->logger->info('Toku webhook validated', [
'timestamp' => $timestamp,
'signature' => $signature,
'eventId' => $eventId,
'eventType' => $eventType,
'secret' => $secret,
]);
if (HMAC::validate($timestamp, $signature, $eventId, $secret)) {
return true;
}
}
/*if (array_any($results, fn($secret) => HMAC::validate($timestamp, $signature, $eventId, $secret))) {
return true; return true;
}*/ }
} catch (Throwable $throwable) { } catch (Throwable $throwable) {
$this->logger->error($throwable); $this->logger->error($throwable);