Webhook library signature and timestamp functions return incorrect string values

[imbenham]

Issue Summary

An apparent backend change to the sendgrid webhooks implementation has resulted in a change to the case of the signature and timestamp headers. For example, the signature header previously was "X-Twilio-Email-Event-Webhook-Signature" but now is "x-twilio-email-event-webhook-signature".

The helper functions to access the keys for these headers now return the incorrect values. Attempting to access the signature using the key form the helper nib now results in an undefined value: const sig = headers[EventWebhookHeader.SIGNATURE()] // sig === undefined

Steps to Reproduce

1. Set up webhooks and use the EventWebhookHeader.SIGNATURE() and EventWebhookHeader.TIMESTAMP() methods to extract the relevant header values.
2. Note the result.

Code Snippet

const verifyWebhookSig = (headers: any|undefined, body: string) => {
  if (headers === undefined) {
    return false;
  }

  const signature = headers[EventWebhookHeader.SIGNATURE()];
  const timestamp = headers[EventWebhookHeader.TIMESTAMP()];

  console.log('signature', signature); // undefined
  console.log('timestamp', timestamp); // undefined

  if (signature === undefined || timestamp === undefined) {
    return false;
  }

  const eventWH = new EventWebhook();
  const pubKey = eventWH.convertPublicKeyToECDSA(webhookKey);
  return eventWH.verifySignature(pubKey, body, signature, timestamp);
};

Header examples

9/28/2021

'x-twilio-email-event-webhook-timestamp': '1632838793' 

9/9/2021

"X-Twilio-Email-Event-Webhook-Timestamp": "1631213066"

Technical details:

*@sendgrid/eventwebhook: 7.4.5,

• node version:12.x

[eshanholtz]

Interesting. I wasn't aware of the change. Thanks for bringing this to our attention. For now, I recommend casting the strings to lowercase, like so: EventWebhookHeader.SIGNATURE().toLowerCase(). This issue has been added to our internal backlog to be prioritized. Pull requests and +1s on the issue summary will help it move up the backlog.