Incoviba/oficial
1
0
Fork 0
Code Issues Pull Requests 2 Releases Wiki Activity

FIX: Correct HMAC validation

Browse Source
This commit is contained in:
Juan Pablo Vial
2025-06-03 23:07:47 -04:00
parent eb402b1b71
commit dc0ae2746b
1 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/src/Service/HMAC.php
View File

@ -11,13 +11,6 @@ class HMAC extends Ideal\Service
$encodedSecret = mb_convert_encoding($secret, 'UTF-8'); $encodedSecret = mb_convert_encoding($secret, 'UTF-8');
$encodedMessage = mb_convert_encoding($message, 'UTF-8'); $encodedMessage = mb_convert_encoding($message, 'UTF-8');
$hmacObject = hash_hmac('sha256', $encodedMessage, $encodedSecret); $hmacObject = hash_hmac('sha256', $encodedMessage, $encodedSecret);
$computedSignature = base64_encode($hmacObject); return hash_equals($hmacObject, $requestSignature);
$this->logger->info('Validating HMAC', [
'requestSignature' => $requestSignature,
'computedSignature' => $hmacObject,
'compare1' => hash_equals($hmacObject, $requestSignature),
'compare2' => hash_equals($computedSignature, $requestSignature),
]);
return hash_equals($computedSignature, $requestSignature);
} }
} }