- [X] Fix compare method

aemaddin · aemaddin · commit 6e460519a56e · 2025-02-17T02:18:12.000+02:00
diff --git a/lib/Tap.php b/lib/Tap.php
@@ -43,7 +43,7 @@ class Tap
     // @var float Initial delay between retries, in seconds
     private static $initialNetworkRetryDelay = 0.5;
 
-    const VERSION = '2.1.0';
+    const VERSION = '2.2.1';
 
     /**
      * @return mixed
diff --git a/lib/WebhookSignature.php b/lib/WebhookSignature.php
@@ -17,17 +17,16 @@ abstract class WebhookSignature
      * @param array $header the contents of the signature header sent by
      *  Tap
      * @param string $secret secret used to generate the signature
-     * @param int $tolerance maximum difference allowed between the header's
      *  timestamp and the current time
      *
      * @return bool
      * @throws SignatureVerificationException if the verification fails
      *
      */
-    public static function verifyHeader($payload, $header, $secret, $tolerance = null)
+    public static function verifyHeader(array $payload, array $header, string $secret): bool
     {
         // Extract timestamp and signatures from header
-        $signature = self::getSignature($header, self::EXPECTED_SCHEME);
+        $signature = self::getSignature($header);
 
         if (empty($signature)) {
             throw SignatureVerificationException::factory(
@@ -46,7 +45,7 @@ public static function verifyHeader($payload, $header, $secret, $tolerance = nul
             $signatureFound = true;
         }
 
-        if (!$signatureFound) {
+        if (! $signatureFound) {
             throw SignatureVerificationException::factory(
                 'No signatures found matching the expected signature for payload', $payload, $header, $expectedSignature, $signature
             );
@@ -59,16 +58,15 @@ public static function verifyHeader($payload, $header, $secret, $tolerance = nul
      * Extracts the signatures matching a given scheme in a signature header.
      *
      * @param array $header the signature header
-     * @param string $scheme the signature scheme to look for
      *
      * @return string the signature matching the provided scheme
      */
-    private static function getSignature($header, $scheme)
+    private static function getSignature(array $header): string
     {
         $signature = '';
 
         foreach ($header as $key => $value) {
-            if ($key === $scheme) {
+            if ($key === self::EXPECTED_SCHEME) {
                 $signature = $value[0];
             }
         }
@@ -86,7 +84,7 @@ private static function getSignature($header, $scheme)
      *
      * @return string the signature as a string
      */
-    private static function computeSignature($payload, $secret)
+    private static function computeSignature(array $payload, string $secret): string
     {
         return hash_hmac('sha256', self::generateSignature($payload), $secret);
     }
@@ -95,24 +93,24 @@ private static function computeSignature($payload, $secret)
      * @param array $payload
      * @return string
      */
-    private static function generateSignature($payload)
+    private static function generateSignature(array $payload): string
     {
         $object = $payload['object'];
 
         $id = $payload['id'];
         $currency = $payload['currency'];
-        $amount = number_format($payload['amount'], $currency == 'KWD' ? 3 : 2);
+        $amount = number_format($payload['amount'], $currency == 'KWD' ? 3 : 2, '.', '');
         $gateway_reference = $payload['reference']['gateway'];
         $payment_reference = $payload['reference']['payment'];
         $updated = $payload['updated'] ?? null;
         $status = $payload['status'];
         $created = $payload['transaction']['created'];
 
         if ($object === 'invoice') {
-            $toBeHashedString = 'x_id' . $id . 'x_amount' . $amount . 'x_currency' . $currency . 'x_updated' . $updated . 'x_status' . $status . 'x_created' . $created . '';
+            $toBeHashedString = 'x_id'.$id.'x_amount'.$amount.'x_currency'.$currency.'x_updated'.$updated.'x_status'.$status.'x_created'.$created.'';
         } else {
             // Charge or Authorize - Create a hashstring from the posted response data + the data that are related to you.
-            $toBeHashedString = 'x_id' . $id . 'x_amount' . $amount . 'x_currency' . $currency . 'x_gateway_reference' . $gateway_reference . 'x_payment_reference' . $payment_reference . 'x_status' . $status . 'x_created' . $created . '';
+            $toBeHashedString = 'x_id'.$id.'x_amount'.$amount.'x_currency'.$currency.'x_gateway_reference'.$gateway_reference.'x_payment_reference'.$payment_reference.'x_status'.$status.'x_created'.$created.'';
         }
 
         return $toBeHashedString;
