diff --git a/app/Http/Middleware/VerifyHMAC.php b/app/Http/Middleware/VerifyHMAC.php index 6f1097c..46a153e 100644 --- a/app/Http/Middleware/VerifyHMAC.php +++ b/app/Http/Middleware/VerifyHMAC.php @@ -25,7 +25,7 @@ public function handle(Request $request, Closure $next) { abort(Response::HTTP_UNAUTHORIZED, 'Unauthorized.'); } - $datetime = $request->header('X-Time'); + $datetime = $request->header('X-Timestamp'); if (empty($datetime)) { abort(Response::HTTP_UNAUTHORIZED, 'Unauthorized.'); } diff --git a/tests/Feature/Public/Middleware/VerifyHMACTest.php b/tests/Feature/Public/Middleware/VerifyHMACTest.php index 5199edd..71fdf7a 100644 --- a/tests/Feature/Public/Middleware/VerifyHMACTest.php +++ b/tests/Feature/Public/Middleware/VerifyHMACTest.php @@ -34,7 +34,7 @@ public function aborts_without_timestamp(): void { public function aborts_with_garbage_timestamp(): void { $response = $this->post(route('hook.health'), [], [ 'X-Signature' => 'some-signature', - 'X-Time' => 'not-a-timestamp', + 'X-Timestamp' => 'not-a-timestamp', ]); $response->assertStatus(Response::HTTP_UNAUTHORIZED); @@ -44,7 +44,7 @@ public function aborts_with_garbage_timestamp(): void { public function aborts_with_expired_timestamp(): void { $response = $this->post(route('hook.health'), [], [ 'X-Signature' => 'some-signature', - 'X-Time' => Carbon::now('UTC')->subMinutes(VerifyHMAC::VALID_MINUTES)->toIso8601String(), + 'X-Timestamp' => Carbon::now('UTC')->subMinutes(VerifyHMAC::VALID_MINUTES)->toIso8601String(), ]); $response->assertStatus(Response::HTTP_UNAUTHORIZED); @@ -54,7 +54,7 @@ public function aborts_with_expired_timestamp(): void { public function aborts_with_future_timestamp(): void { $response = $this->post(route('hook.health'), [], [ 'X-Signature' => 'some-signature', - 'X-Time' => Carbon::now('UTC')->addSeconds(VerifyHMAC::VALID_SECONDS + 5)->toIso8601String(), + 'X-Timestamp' => Carbon::now('UTC')->addSeconds(VerifyHMAC::VALID_SECONDS + 5)->toIso8601String(), ]); $response->assertStatus(Response::HTTP_UNAUTHORIZED); @@ -64,7 +64,7 @@ public function aborts_with_future_timestamp(): void { public function aborts_with_invalid_signature(): void { $response = $this->post(route('hook.health'), [], [ 'X-Signature' => 'some-signature', - 'X-Time' => Carbon::now('UTC')->toIso8601String(), + 'X-Timestamp' => Carbon::now('UTC')->toIso8601String(), ]); $response->assertStatus(Response::HTTP_UNAUTHORIZED); @@ -82,7 +82,7 @@ public function aborts_with_tampered_signature(): void { $response = $this->post($url, ['invalid' => 'data'], [ 'X-Signature' => $signature, - 'X-Time' => $datetime, + 'X-Timestamp' => $datetime, ]); $response->assertStatus(Response::HTTP_UNAUTHORIZED); @@ -101,7 +101,7 @@ public function validates_valid_post_request(): void { $response = $this->post($url, $payload, [ 'X-Signature' => $signature, - 'X-Time' => $datetime, + 'X-Timestamp' => $datetime, ]); $response->assertStatus(Response::HTTP_OK); @@ -121,7 +121,7 @@ public function validates_valid_get_request(): void { $response = $this->get($url . '?' . http_build_query($payload), [ 'X-Signature' => $signature, - 'X-Time' => $datetime, + 'X-Timestamp' => $datetime, ]); $response->assertStatus(Response::HTTP_OK); diff --git a/tests/Feature/Public/WebhooksTest.php b/tests/Feature/Public/WebhooksTest.php index d71fc51..5e6b5fe 100644 --- a/tests/Feature/Public/WebhooksTest.php +++ b/tests/Feature/Public/WebhooksTest.php @@ -25,7 +25,7 @@ public function db_backup_route_calls_backup_command(): void { $signature = VerifyHMAC::generateHMAC($url, $datetime, []); $response = $this->post($url, [], [ 'X-Signature' => $signature, - 'X-Time' => $datetime, + 'X-Timestamp' => $datetime, ]); $response->assertStatus(Response::HTTP_OK);