|
|
@@ -14,7 +14,7 @@ class WebhookController extends Controller
|
|
|
|
|
|
public function pagarme(Request $request): JsonResponse
|
|
|
{
|
|
|
- if (! $this->validPagarmeToken($request)) {
|
|
|
+ if (! $this->validPagarmeCredentials($request)) {
|
|
|
return $this->errorResponse(message: __('http.unauthorized_token'), code: 401);
|
|
|
}
|
|
|
|
|
|
@@ -23,18 +23,30 @@ class WebhookController extends Controller
|
|
|
return $this->successResponse(message: __('http.webhook_received'));
|
|
|
}
|
|
|
|
|
|
- private function validPagarmeToken(Request $request): bool
|
|
|
+ //
|
|
|
+
|
|
|
+ private function validPagarmeCredentials(Request $request): bool
|
|
|
{
|
|
|
- $configuredToken = config('services.pagarme.webhook_token');
|
|
|
+ $configuredUser = config('services.pagarme.webhook_user');
|
|
|
+ $configuredPassword = config('services.pagarme.webhook_password');
|
|
|
|
|
|
- if (empty($configuredToken)) {
|
|
|
- return true;
|
|
|
+ if (empty($configuredUser) || empty($configuredPassword)) {
|
|
|
+ return false;
|
|
|
}
|
|
|
|
|
|
- $receivedToken = $request->bearerToken()
|
|
|
- ?: $request->header('X-Webhook-Token')
|
|
|
- ?: $request->query('token');
|
|
|
+ return is_string($configuredUser)
|
|
|
+ && is_string($configuredPassword)
|
|
|
+ && $this->validBasicAuthCredentials($request, $configuredUser, $configuredPassword);
|
|
|
+ }
|
|
|
+
|
|
|
+ private function validBasicAuthCredentials(Request $request, string $configuredUser, string $configuredPassword): bool
|
|
|
+ {
|
|
|
+ $receivedUser = $request->getUser();
|
|
|
+ $receivedPassword = $request->getPassword();
|
|
|
|
|
|
- return is_string($receivedToken) && hash_equals($configuredToken, $receivedToken);
|
|
|
+ return is_string($receivedUser)
|
|
|
+ && is_string($receivedPassword)
|
|
|
+ && hash_equals($configuredUser, $receivedUser)
|
|
|
+ && hash_equals($configuredPassword, $receivedPassword);
|
|
|
}
|
|
|
}
|
