View GitHub Repository laravel-email-log

Schedule Inspection
Subscribe
Passed
Push — master ( 19b6ab...f5d191 )
by Thomas
06:22
created

MailgunWebhook::verify()   A

↳ Parent: MailgunWebhook

Complexity

Conditions 2
Paths 2

Size

Total Lines 14

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 7
CRAP Score 2

Importance

Changes 0
Metric Value
dl 0
loc 14
ccs 7
cts 7
cp 1
rs 9.7998
c 0
b 0
f 0
cc 2
nc 2
nop 1
crap 2
1 
<?php
2 

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    3
                

                                    
                                                    
                
                
                
namespace Tompec\EmailLog\Middlewares;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    4
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    5
                

                                    
                                                    
                
                
                
use Closure;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    6
                

                                    
                                                    
                
                
                
use Illuminate\Http\Response;

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    7
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    8
                

                                    
                                                    
                
                
                
class MailgunWebhook

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    9
                

                                    
                                                    
                
                
                
{

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    10
                

                                    
                                                    
                
                
                
    /**

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    11
                

                                    
                                                    
                
                
                
     * Handle an incoming request.

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    12
                

                                    
                                                    
                
                
                
     *

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    13
                

                                    
                                                    
                
                
                
     * @param  \Illuminate\Http\Request  $request

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    14
                

                                    
                                                    
                
                
                
     * @param  \Closure  $next

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    15
                

                                    
                                                    
                
                
                
     * @return mixed

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    16
                

                                    
                                                    
                
                
                
     */

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    17
                

                                    
                             4                         
                
                
                
    public function handle($request, Closure $next)

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    18
                

                                    
                                                    
                
                
                
    {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    19
                

                                    
                             4                         
                
                
                
        if (! $this->verify($request)) {

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    20
                

                                    
                             2                         
                
                
                
            abort(Response::HTTP_FORBIDDEN);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    21
                

                                    
                                                    
                
                
                
        }

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    22
                

                                    
                                                    
                
                
                

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    23
                

                                    
                             2                         
                
                
                
        return $next($request);

            


            
                                                                                                            
                            
            
                                    
            
            

                
                    24
                

                                    
                                                    
                
                
                
    }

            


            
                                                                                                            
                                                                
            
                                    
            
            

                
                    25
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    26
                

                                    
                             4                         
                
                
                
    public function verify($request)

            


            
                                                        
            
                                    
            
            

                
                    27
                

                                    
                                                    
                
                
                
    {

            


            
                                                        
            
                                    
            
            

                
                    28
                

                                    
                             4                         
                
                
                
        $token = $request->input('signature.token');

            


            
                                                        
            
                                    
            
            

                
                    29
                

                                    
                             4                         
                
                
                
        $timestamp = $request->input('signature.timestamp');

            


            
                                                        
            
                                    
            
            

                
                    30
                

                                    
                             4                         
                
                
                
        $signature = $request->input('signature.signature');

            


            
                                                        
            
                                    
            
            

                
                    31
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    32
                

                                    
                                                    
                
                
                
        // check if the timestamp is fresh

            


            
                                                        
            
                                    
            
            

                
                    33
                

                                    
                             4                         
                
                
                
        if (abs(time() - $timestamp) > 15) {

            


            
                                                        
            
                                    
            
            

                
                    34
                

                                    
                             1                         
                
                
                
            return false;

            


            
                                                        
            
                                    
            
            

                
                    35
                

                                    
                                                    
                
                
                
        }

            


            
                                                        
            
                                    
            
            

                
                    36
                

                                    
                                                    
                
                
                

            


            
                                                        
            
                                    
            
            

                
                    37
                

                                    
                                                    
                
                
                
        // returns true if signature is valid

            


            
                                                        
            
                                    
            
            

                
                    38
                

                                    
                             3                         
                
                
                
        return hash_hmac('sha256', $timestamp.$token, config('services.mailgun.secret')) === $signature;

            


            
                                                        
            
                                    
            
            

                
                    39
                

                                    
                                                    
                
                
                
    }

            


            
                                                        
            
                                    
            
            

                
                    40
                

                                    
                                                    
                
                
                
}

            


            
                                                        
            
                                    
            
            

                
                    41