猿问

Authorize.Net 中的 Webhook 始终无法通过身份验证

在 Authorize.Net 中,使用 webhook 创建了订阅和重复事件处理。当我使用 web 挂钩帐户身份验证进行测试时,但在实际的 webhook 通知中始终无法通过身份验证


if (isset($this->header['x-anet-signature'])) {

        $json = Json::encode($this->body);

        if ($json) {

            //To check the header and signature is true

         if (hash_equals(strtolower($this->header['x-anet-signature']),

                    'sha512=' . hash_hmac('sha512',$json, $secret))

            ) { 



             }else{

                yii::info($json,'webhookhNotifications');

                throw new \yii\web\ServerErrorHttpException('Authentication failed in Webhook');

              return false;


            } 

        }

    }

网络钩子 JSON


{

   "notificationId":"4bbba8fb-1d32-46b6-a513-a9ca2fed885c",

   "eventType":"net.authorize.customer.subscription.created",

   "eventDate":"2019-11-27T06:20:36.3621687Z",

   "webhookId":"a2929d59-147e-4400-a2bb-b3bd25a0311d",

   "payload":{

      "name":"Test subscription",

      "amount":290.00,

      "status":"active",

      "profile":{

         "customerProfileId":1921894828,

         "customerPaymentProfileId":1834842681,

         "customerShippingAddressId":1879009509

      },

      "entityName":"subscription",

      "id":"6168233"

   }

}

密钥


F7B582AFFA9372866965456CFAC0D1B1219258F955FD5266D1A96BF9BE3C85F7D54C7CDFF9EF3EE7D3916EACB5EE920167F557BBB307288C17FBD169F0257AB4

x-anet-签名


sha512=FDE5518801C115C4886311877B4C37F6C26ABACE01ADB973EF372FB51C8F1E5321A83717161AD7DEFFD46F5013900E68B6220F3B25E9302A4208A9C673D32749


ITMISS
浏览 137回答 1
1回答

汪汪一只猫

您的代码应该可以工作。我出于测试目的对其进行了一些简化,但使用您在上面提供的值确实可以成功验证:$signature = 'sha512=FDE5518801C115C4886311877B4C37F6C26ABACE01ADB973EF372FB51C8F1E5321A83717161AD7DEFFD46F5013900E68B6220F3B25E9302A4208A9C673D32749';$json = '{"notificationId":"4bbba8fb-1d32-46b6-a513-a9ca2fed885c","eventType":"net.authorize.customer.subscription.created","eventDate":"2019-11-27T06:20:36.3621687Z","webhookId":"a2929d59-147e-4400-a2bb-b3bd25a0311d","payload":{"name":"Test subscription","amount":290.00,"status":"active","profile":{"customerProfileId":1921894828,"customerPaymentProfileId":1834842681,"customerShippingAddressId":1879009509},"entityName":"subscription","id":"6168233"}}';$secret = 'F7B582AFFA9372866965456CFAC0D1B1219258F955FD5266D1A96BF9BE3C85F7D54C7CDFF9EF3EE7D3916EACB5EE920167F557BBB307288C17FBD169F0257AB4';if (hash_equals(strtolower($signature), 'sha512=' . hash_hmac('sha512', $json, $secret))) {    echo 'valid';}else{    echo 'invalid';}演示我认为您的错误是您正在对已经是 JSON 的 JSON 进行编码。所以改变这一行:$json = Json::encode($this->body);新代码:if (isset($this->header['x-anet-signature'])) {        $json = $this->body;        if ($json) {            //To check the header and signature is true         if (hash_equals(strtolower($this->header['x-anet-signature']),                    'sha512=' . hash_hmac('sha512',$json, $secret))            ) {              }else{                yii::info($json,'webhookhNotifications');                throw new \yii\web\ServerErrorHttpException('Authentication failed in Webhook');              return false;            }         }    }
0
随时随地看视频慕课网APP

相关分类

PHP
php如何把参数放在Http Request Heade???? 1 回答
我要回答