Issues in VerifySignature.php (develop) - Issues in develop - minulislam/multicoin-api - Measure and Improve Code Quality continuously with Scrutinizer

Issues (41)

src/Http/Middlewares/VerifySignature.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

<?php

namespace Multicoin\Api\Http\Middlewares;

use Closure;
use Multicoin\Api\Exceptions\WebhookFailed;

class VerifySignature
{
    public function handle($request, Closure $next)
    {
        $signature = $request->header('X-Multicoin-Signature');

        if (! $signature) {
            throw WebhookFailed::missingSignature();
        }

        if (! $this->isValid($signature, $request)) {
            throw WebhookFailed::invalidSignature($signature);
        }

        return $next($request);
    }

    protected function isValid(string $signature, $request): bool
    {
        $payload = $request->getContent();

        $secret = config('multicoin.api_key');
        if (empty($secret)) {
            throw WebhookFailed::signingSecretNotSet();
        }
        $timestamp = $request->header('timestamp');
        $token = $request->header('token');
        $computedSignature = hash_hmac('sha256', $token.$timestamp, $secret);

        return hash_equals($signature, $computedSignature);
    }
}


1			<?php
2
3			namespace Multicoin\Api\Http\Middlewares;
4
5			use Closure;
6			use Multicoin\Api\Exceptions\WebhookFailed;
7
8			class VerifySignature
9			{
10			public function handle($request, Closure $next)
11			{
12			$signature = $request->header('X-Multicoin-Signature');
13
14			if (! $signature) {
15			throw WebhookFailed::missingSignature();
16			}
17
18			if (! $this->isValid($signature, $request)) {
19			throw WebhookFailed::invalidSignature($signature);
20			}
21
22			return $next($request);
23			}
24
25			protected function isValid(string $signature, $request): bool
26			{
27			$payload = $request->getContent();
			0 ignored issues – show Unused Code introduced 2019-05-11 04:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$payload` is dead and can be removed. Loading history...
28			$secret = config('multicoin.api_key');
29			if (empty($secret)) {
30			throw WebhookFailed::signingSecretNotSet();
31			}
32			$timestamp = $request->header('timestamp');
33			$token = $request->header('token');
34			$computedSignature = hash_hmac('sha256', $token.$timestamp, $secret);
35
36			return hash_equals($signature, $computedSignature);
37			}
38			}
39

GitHub Access Token became invalid

Issues (41)

src/Http/Middlewares/VerifySignature.php (1 issue)

Labels

Severity

Introduced By

minulislam / multicoin-api

GitHub Access Token became invalid

Issues (41)

src/Http/Middlewares/VerifySignature.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like