search

SynergiTech / laravel-postal

This library integrates Postal with the standard Laravel mail framework.
MIT License
30 stars 9 forks source link

Unable to match signature header - sha1 issue #36

Open zajinx opened 1 month ago

zajinx commented 1 month ago

When using webhook the signature header validation fails on Almalinux 9.4 and php83 (via virtualmin) because it uses sha1, when i update the code to use sha2 the problem went away.

/src/Controllers/WebhookController.php line 31 changed from
$encodedSignature = $request->header('x-postal-signature'); to $encodedSignature = $request->header('x-postal-signature-256');

and

line 39 changed from $result = openssl_verify($body, $signature, $rsa_key, OPENSSL_ALGO_SHA1); to $result = openssl_verify($body, $signature, $rsa_key, OPENSSL_ALGO_SHA256);

willpower232 commented 1 month ago

I see they added sha2 in 3.2.0.

What error message did you get before updating the code?