Pt 1131 woocommerce webhook issue (#110)

mondu-ai · Mar 14, 2024 · 1d4b8bf · 1d4b8bf
1 parent 97ab05a
commit 1d4b8bf
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 6 deletions.
diff --git a/README.txt b/README.txt
@@ -3,7 +3,7 @@ Contributors: mondu-ai, arthurmmoreira, tikohov20
 Tags: mondu, woocommerce, e-commerce, ecommerce, store, sales, sell, woo, woo commerce, shop, cart, shopping cart, sell online, checkout, payment, payments, bnpl, b2b
 Requires at least: 5.9.0
 Tested up to: 6.2.2
-Stable tag: 2.1.4
+Stable tag: 2.1.5
 Requires PHP: 7.4
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -57,6 +57,11 @@ Check out [Frequently Asked Questions](https://www.mondu.ai/faq) in the Mondu we
 
 == Changelog ==
 
+= 2.1.5 =
+
+* Changed webhook signature validation logic
+* Modified OrdersController confirm endpoint
+
 = 2.1.4 =
 
 * Fix deprecated setting $instructions on payments

diff --git a/changelog.txt b/changelog.txt
@@ -1,5 +1,10 @@
 == Changelog ==
 
+= 2.1.5 =
+
+* Changed webhook signature validation logic
+* Modified OrdersController confirm endpoint
+
 = 2.1.4 =
 
 * Fix deprecated setting $instructions on payments

diff --git a/mondu-buy-now-pay-later.php b/mondu-buy-now-pay-later.php
@@ -25,7 +25,7 @@
 	die( 'Direct access not allowed' );
 }
 
-define( 'MONDU_PLUGIN_VERSION', '2.1.4' );
+define( 'MONDU_PLUGIN_VERSION', '2.1.5' );
 define( 'MONDU_PLUGIN_FILE', __FILE__ );
 define( 'MONDU_PLUGIN_PATH', __DIR__ );
 define( 'MONDU_PLUGIN_BASENAME', plugin_basename(MONDU_PLUGIN_FILE) );

diff --git a/src/Mondu/Mondu/Controllers/OrdersController.php b/src/Mondu/Mondu/Controllers/OrdersController.php
@@ -46,7 +46,7 @@ public function confirm( WP_REST_Request $request ) {
 		$order = Helper::get_order_from_order_number_or_uuid( $order_number, $mondu_order_id );
 
 		try {
-			if (!$order) {
+			if ( !$order ) {
 				throw new \Exception(__('Order not found'));
 			}
 

diff --git a/src/Mondu/Mondu/Controllers/WebhooksController.php b/src/Mondu/Mondu/Controllers/WebhooksController.php
@@ -33,10 +33,12 @@ public function register_routes() {
 	public function index( WP_REST_Request $request ) {
 		$verifier          = new SignatureVerifier();
 		$params            = $request->get_json_params();
-		$signature_payload = $request->get_header('X-MONDU-SIGNATURE');
-		$signature         = $verifier->create_hmac($params);
 		$topic             = isset($params['topic']) ? $params['topic'] : null;
 
+		$body = $request->get_body();
+		$signature_payload = $request->get_header('X-MONDU-SIGNATURE');
+		$signature = $verifier->create_hmac($body);
+
 		Helper::log([
 			'webhook_topic' => $topic,
 			'params'        => $params,

diff --git a/src/Mondu/Mondu/Models/SignatureVerifier.php b/src/Mondu/Mondu/Models/SignatureVerifier.php
@@ -20,7 +20,7 @@ public function set_secret( $secret ) {
 	}
 
 	public function create_hmac( $payload ) {
-		return hash_hmac('sha256', wp_json_encode($payload, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_FORCE_OBJECT | JSON_HEX_AMP), $this->secret);
+		return hash_hmac('sha256', $payload, $this->secret);
 	}
-Original file line number
+Diff line change
@@ Expand Up / @@ -20,7 +20,7 @@ public function set_secret( $secret ) { @@
     	}
     	public function create_hmac( $payload ) {
-    		return hash_hmac('sha256', wp_json_encode($payload, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE | JSON_FORCE_OBJECT | JSON_HEX_AMP), $this->secret);
+    		return hash_hmac('sha256', $payload, $this->secret);
     	}
@@ Expand Down @@