Closed vockalimo closed 4 years ago
found the root cause
webhook should be create by API , not admin tool
found the root cause
webhook should be create by API , not admin tool
How you solved it? I have same problem, I added the webhook from admin shopify and you said it need be create from api, how its?
i'm using ngrok in local env
Expected Behavior
Add webhook, and trigger test event, I can get the event.
Please describe the behavior you are expecting.
Current Behavior
Please describe the current behavior?
I add three webhooks
[ 'topic' => 'theme/update', 'address' => 'https://aishop.lalacube.com/webhook/theme-update' ], [ 'topic' => 'products/create', 'address' => 'https://aishop.lalacube.com/webhook/products-create' ], [ 'topic' => 'products/update', 'address' => 'https://aishop.lalacube.com/webhook/products-update' ],
When i trigger the test event , I found the access log status code 401
Trace the code Http/Middleware/AuthWebhook.php 41 if (!hash_equals($hmac, $hmacLocal) || empty($shop)) { 42 // Issue with HMAC or missing shop header 43 error_log(" fail " . $shop . " hmac $hmac vs local $hmacLocal "); 44 return Response::make('Invalid webhook signature.', 401); 45 }
hash_equals fail so respinse 401
case study $hmacLocal = createHmac(['data' => $data, 'raw' => true, 'encode' => true], $this->getConfig('api_secret')); use api_secret will fail use the " admin/settings/notifications" -> webhook -> All your webhooks will be signed with 2f736d26364267b0f39f191c30c29c664245cbfa238546bd7ea7edfxxx ($sign) so you can verify their integrity. when i use the $sign to replace the getConfig('api_secret') I can get the same hash code. So.. i miss something ? or ? please give some tips.
Thanks
Context