add verifyWebhookSignature util

README.md

@@ -41,6 +41,8 @@ API:
 <a href="#segments-api">Segments</a>
 |
 <a href="#promotions-api">Promotions</a>
+|
+<a href="#utils">Utils</a>
 </p>
 
 ## Setup
@@ -542,6 +544,23 @@ $client->promotions->tiers->getAvailable();
 
 ---
 
+### Utils
+To use utils you have to import Voucherify Utils class.
+
+```php
+require_once('vendor/autoload.php');
+
+use Voucherify\Utils;
+```
+Available methods:
+
+#### Verify Webhook Signature
+```php
+Utils::verifyWebhookSignature($signature, $message, $secretKey)
+```
+
+---
+
 ### Migration from 0.x
 
 Version 1.x of the PHP is fully backward compatible with version 0.x.
@@ -668,6 +687,7 @@ class Voucher extends CI_Controller {
 Bug reports and pull requests are welcome through [GitHub Issues](https://github.com/rspective/voucherify-php-sdk/issues).
 
 ### Changelog
+- **2018-03-18** - `1.7.9` - Add Utils with verifyWebhookSignature method
 - **2018-02-18** - `1.7.8` - Product delete force option support
 - **2018-02-13** - `1.7.7` - Fix Promotions Tiers getAvailable method param
 - **2018-02-13** - `1.7.6` - Promotions Tiers getAvailable method

src/Utils.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Voucherify;
+
+class Utils
+{
+    /**
+     * @param array|stdClass $params Params object
+     * 
+     * Verify webhook signature
+     *
+     * @throws \Voucherify\ClientException
+     */
+    public static function verifyWebhookSignature($signature, $message, $secretKey)
+    {
+        $data = "";
+
+        if (is_string($message)) {
+            $data = $message;
+        } else {
+            $data = json_encode($message);
+        }
+        return hash_hmac("sha256", $data, $secretKey) == $signature;
+    }
+}
+
+

test/UtilsTest.php

@@ -0,0 +1,63 @@
+<?php
+
+use Voucherify\Utils;
+
+class UtilsTest extends PHPUnit_Framework_TestCase
+{
+    public function testVerifyWebhookSignature()
+    {
+        // /////////////////////////////////////// HAPPY PATH (STRING)
+
+        $signature = "776247e1a5ed607c7d1ad00d2b0f5760d4a8d5ab680b86acbcea2d3d56e55fa3";
+        $data = "Example test message";
+        $secretKey = "secret_01234567890_secret";
+
+        $result = Utils::verifyWebhookSignature($signature, $data, $secretKey);
+        $this->assertEquals($result, true);
+
+        // /////////////////////////////////////// HAPPY PATH (OBJECT)
+
+        $signature = "e87e23da6caa7407a6177cc84ba1b26f58e1a68e24f08eba6ee023c8932b111a";
+        $data = (object)[
+            "item1" => 123,
+            "item2" => "message",
+            "item3" => (object)[
+                "a" => 1,
+                "b" => 2
+            ],
+            "item4" => [ "a", "b", "c" ]
+        ];
+        $secretKey = "secret_01234567890_secret";
+
+        $result = Utils::verifyWebhookSignature($signature, $data, $secretKey);
+        $this->assertEquals($result, true);
+
+        // /////////////////////////////////////// HAPPY PATH (ARRAY)
+
+        $signature = "62cd3e5dcbce78cbfadc2b8f67cde4d6853b6cea467bbbf37328193662ee040e";
+        $data = ["item_a", "item_b", "item_c"];
+        $secretKey = "secret_01234567890_secret";
+
+        $result = Utils::verifyWebhookSignature($signature, $data, $secretKey);
+        $this->assertEquals($result, true);
+
+        // /////////////////////////////////////// HAPPY PATH (NULL)
+
+        $signature = "6a660d319bc87b480a48b68cd089d3c3f5e2c787a6feeb637cf0d62562560fba";
+        $data = NULL;
+        $secretKey = "secret_01234567890_secret";
+
+        $result = Utils::verifyWebhookSignature($signature, $data, $secretKey);
+        $this->assertEquals($result, true);
+
+        // /////////////////////////////////////// UNHAPPY PATH (INVALID SIGNATURE)
+
+        $signature = "invalid_signature";
+        $data = "Example test message";
+        $secretKey = "secret_01234567890_secret";
+
+        $result = Utils::verifyWebhookSignature($signature, $message, $secretKey);
+
+        $this->assertEquals($result, false);
+    }
+}