JFIFxxC      C  " }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3RbrgenerateHeader(); $event = Webhook::constructEvent(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); $this->assertInstanceOf(\FedaPay\Event::class, $event); $this->assertEquals("evt_test_webhook", $event->id); } public function testInvalidJson() { $this->expectException('\UnexpectedValueException'); $payload = "this is not valid JSON"; $sigHeader = $this->generateHeader(["payload" => $payload]); Webhook::constructEvent($payload, $sigHeader, self::SECRET); } public function testValidJsonAndInvalidHeader() { $this->expectException('\FedaPay\Error\SignatureVerification'); $sigHeader = "bad_header"; Webhook::constructEvent(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); } public function testMalformedHeader() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('Unable to extract timestamp and signatures from header'); $sigHeader = "i'm not even a real signature header"; WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); } /** * @expectedException \FedaPay\Error\SignatureVerification * @expectedExceptionMessage No signatures found with expected scheme */ public function testNoSignaturesWithExpectedScheme() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('No signatures found with expected scheme'); $sigHeader = $this->generateHeader(["scheme" => "v0"]); WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); } public function testNoValidSignatureForPayload() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('No signatures found matching the expected signature for payload'); $sigHeader = $this->generateHeader(["signature" => "bad_signature"]); WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET); } public function testTimestampTooOld() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('Timestamp outside the tolerance zone'); $sigHeader = $this->generateHeader(["timestamp" => time() - 15]); WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET, 10); } public function testTimestampTooRecent() { $this->expectException('\FedaPay\Error\SignatureVerification'); $this->expectExceptionMessage('Timestamp outside the tolerance zone'); $sigHeader = $this->generateHeader(["timestamp" => time() + 15]); WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET, 10); } public function testValidHeaderAndSignature() { $sigHeader = $this->generateHeader(); $this->assertTrue(WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET, 10)); } public function testHeaderContainsValidSignature() { $sigHeader = $this->generateHeader() . ",v1=bad_signature"; $this->assertTrue(WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET, 10)); } public function testTimestampOffButNoTolerance() { $sigHeader = $this->generateHeader(["timestamp" => 12345]); $this->assertTrue(WebhookSignature::verifyHeader(self::EVENT_PAYLOAD, $sigHeader, self::SECRET)); } }