Webhook 在 Authorize.Net 中始终无法通过身份验证
Webhook always failed authentication in Authorize.Net
在 Authorize.Net 中使用 webhook 创建了订阅和重复事件处理。当我测试使用 web hook 帐户身份验证时,但在实际的 webhook 通知中,身份验证总是失败
if (isset($this->header['x-anet-signature'])) {
$json = Json::encode($this->body);
if ($json) {
//To check the header and signature is true
if (hash_equals(strtolower($this->header['x-anet-signature']),
'sha512=' . hash_hmac('sha512',$json, $secret))
) {
}else{
yii::info($json,'webhookhNotifications');
throw new \yii\web\ServerErrorHttpException('Authentication failed in Webhook');
return false;
}
}
}
网络钩子JSON
{
"notificationId":"4bbba8fb-1d32-46b6-a513-a9ca2fed885c",
"eventType":"net.authorize.customer.subscription.created",
"eventDate":"2019-11-27T06:20:36.3621687Z",
"webhookId":"a2929d59-147e-4400-a2bb-b3bd25a0311d",
"payload":{
"name":"Test subscription",
"amount":290.00,
"status":"active",
"profile":{
"customerProfileId":1921894828,
"customerPaymentProfileId":1834842681,
"customerShippingAddressId":1879009509
},
"entityName":"subscription",
"id":"6168233"
}
}
密钥
F7B582AFFA9372866965456CFAC0D1B1219258F955FD5266D1A96BF9BE3C85F7D54C7CDFF9EF3EE7D3916EACB5EE920167F557BBB307288C17FBD169F0257AB4
x-anet-签名
sha512=FDE5518801C115C4886311877B4C37F6C26ABACE01ADB973EF372FB51C8F1E5321A83717161AD7DEFFD46F5013900E68B6220F3B25E9302A4208A9C673D32749
您的代码应该可以工作。我出于测试目的对其进行了一些简化,但使用您在上面提供的值确实可以成功验证:
$signature = 'sha512=FDE5518801C115C4886311877B4C37F6C26ABACE01ADB973EF372FB51C8F1E5321A83717161AD7DEFFD46F5013900E68B6220F3B25E9302A4208A9C673D32749';
$json = '{"notificationId":"4bbba8fb-1d32-46b6-a513-a9ca2fed885c","eventType":"net.authorize.customer.subscription.created","eventDate":"2019-11-27T06:20:36.3621687Z","webhookId":"a2929d59-147e-4400-a2bb-b3bd25a0311d","payload":{"name":"Test subscription","amount":290.00,"status":"active","profile":{"customerProfileId":1921894828,"customerPaymentProfileId":1834842681,"customerShippingAddressId":1879009509},"entityName":"subscription","id":"6168233"}}';
$secret = 'F7B582AFFA9372866965456CFAC0D1B1219258F955FD5266D1A96BF9BE3C85F7D54C7CDFF9EF3EE7D3916EACB5EE920167F557BBB307288C17FBD169F0257AB4';
if (hash_equals(strtolower($signature), 'sha512=' . hash_hmac('sha512', $json, $secret))) {
echo 'valid';
}else{
echo 'invalid';
}
我认为你的错误是你编码的 JSON 已经是 JSON。所以改变这一行:
$json = Json::encode($this->body);
新代码:
if (isset($this->header['x-anet-signature'])) {
$json = $this->body;
if ($json) {
//To check the header and signature is true
if (hash_equals(strtolower($this->header['x-anet-signature']),
'sha512=' . hash_hmac('sha512',$json, $secret))
) {
}else{
yii::info($json,'webhookhNotifications');
throw new \yii\web\ServerErrorHttpException('Authentication failed in Webhook');
return false;
}
}
}
在 Authorize.Net 中使用 webhook 创建了订阅和重复事件处理。当我测试使用 web hook 帐户身份验证时,但在实际的 webhook 通知中,身份验证总是失败
if (isset($this->header['x-anet-signature'])) {
$json = Json::encode($this->body);
if ($json) {
//To check the header and signature is true
if (hash_equals(strtolower($this->header['x-anet-signature']),
'sha512=' . hash_hmac('sha512',$json, $secret))
) {
}else{
yii::info($json,'webhookhNotifications');
throw new \yii\web\ServerErrorHttpException('Authentication failed in Webhook');
return false;
}
}
}
网络钩子JSON
{
"notificationId":"4bbba8fb-1d32-46b6-a513-a9ca2fed885c",
"eventType":"net.authorize.customer.subscription.created",
"eventDate":"2019-11-27T06:20:36.3621687Z",
"webhookId":"a2929d59-147e-4400-a2bb-b3bd25a0311d",
"payload":{
"name":"Test subscription",
"amount":290.00,
"status":"active",
"profile":{
"customerProfileId":1921894828,
"customerPaymentProfileId":1834842681,
"customerShippingAddressId":1879009509
},
"entityName":"subscription",
"id":"6168233"
}
}
密钥
F7B582AFFA9372866965456CFAC0D1B1219258F955FD5266D1A96BF9BE3C85F7D54C7CDFF9EF3EE7D3916EACB5EE920167F557BBB307288C17FBD169F0257AB4
x-anet-签名
sha512=FDE5518801C115C4886311877B4C37F6C26ABACE01ADB973EF372FB51C8F1E5321A83717161AD7DEFFD46F5013900E68B6220F3B25E9302A4208A9C673D32749
您的代码应该可以工作。我出于测试目的对其进行了一些简化,但使用您在上面提供的值确实可以成功验证:
$signature = 'sha512=FDE5518801C115C4886311877B4C37F6C26ABACE01ADB973EF372FB51C8F1E5321A83717161AD7DEFFD46F5013900E68B6220F3B25E9302A4208A9C673D32749';
$json = '{"notificationId":"4bbba8fb-1d32-46b6-a513-a9ca2fed885c","eventType":"net.authorize.customer.subscription.created","eventDate":"2019-11-27T06:20:36.3621687Z","webhookId":"a2929d59-147e-4400-a2bb-b3bd25a0311d","payload":{"name":"Test subscription","amount":290.00,"status":"active","profile":{"customerProfileId":1921894828,"customerPaymentProfileId":1834842681,"customerShippingAddressId":1879009509},"entityName":"subscription","id":"6168233"}}';
$secret = 'F7B582AFFA9372866965456CFAC0D1B1219258F955FD5266D1A96BF9BE3C85F7D54C7CDFF9EF3EE7D3916EACB5EE920167F557BBB307288C17FBD169F0257AB4';
if (hash_equals(strtolower($signature), 'sha512=' . hash_hmac('sha512', $json, $secret))) {
echo 'valid';
}else{
echo 'invalid';
}
我认为你的错误是你编码的 JSON 已经是 JSON。所以改变这一行:
$json = Json::encode($this->body);
新代码:
if (isset($this->header['x-anet-signature'])) {
$json = $this->body;
if ($json) {
//To check the header and signature is true
if (hash_equals(strtolower($this->header['x-anet-signature']),
'sha512=' . hash_hmac('sha512',$json, $secret))
) {
}else{
yii::info($json,'webhookhNotifications');
throw new \yii\web\ServerErrorHttpException('Authentication failed in Webhook');
return false;
}
}
}