Request signature validation fixes

messagebird / php-rest-api

This repository contains the open source PHP client for MessageBird's REST API.

https://developers.messagebird.com/

BSD 2-Clause "Simplified" License

158 stars 95 forks source link

Request signature validation fixes #216

Open chrisminett opened 1 year ago

chrisminett commented 1 year ago

Passing null when the header is missing causes a TypeError, as the signature must be a string.
$_SERVER params were being accessed using undefined constants auto-converted to strings. Fix to use regular strings.
HTTP headers are usually keyed with HTTP_ prefix, and using all uppercase characters and underscores. The existing check for simply MessageBird-Signature-JWT did not pick up the header when using Apache. Maybe that works on other web servers, so I've left it as a fallback.

chrisminett commented 3 weeks ago

@ErikBooijMB is there anything I need to add to get this PR approved? I'm not sure how anyone could use signature validation currently as it seems to be entirely broken for us, and blocking using v3 of this package.