Authorize.Net 中的 Webhook 始终无法通过身份验证

【问题标题】:Webhook always failed authentication in Authorize.NetAuthorize.Net 中的 Webhook 始终无法通过身份验证
【发布时间】:2020-03-22 15:08:11
【问题描述】:

在 Authorize.Net 中使用 webhook 创建订阅和重复事件处理。当我测试使用 web hook 帐户身份验证有效但在实际 webhook 通知中始终未能通过身份验证

if (isset($this->header['x-anet-signature'])) {
        $json = Json::encode($this->body);
        if ($json) {
            //To check the header and signature is true
         if (hash_equals(strtolower($this->header['x-anet-signature']),
                    'sha512=' . hash_hmac('sha512',$json, $secret))
            ) { 


             }else{
                yii::info($json,'webhookhNotifications');
                throw new \yii\web\ServerErrorHttpException('Authentication failed in Webhook');
              return false;

            } 
        }
    }

Webhook JSON

{
   "notificationId":"4bbba8fb-1d32-46b6-a513-a9ca2fed885c",
   "eventType":"net.authorize.customer.subscription.created",
   "eventDate":"2019-11-27T06:20:36.3621687Z",
   "webhookId":"a2929d59-147e-4400-a2bb-b3bd25a0311d",
   "payload":{
      "name":"Test subscription",
      "amount":290.00,
      "status":"active",
      "profile":{
         "customerProfileId":1921894828,
         "customerPaymentProfileId":1834842681,
         "customerShippingAddressId":1879009509
      },
      "entityName":"subscription",
      "id":"6168233"
   }
}

秘钥

F7B582AFFA9372866965456CFAC0D1B1219258F955FD5266D1A96BF9BE3C85F7D54C7CDFF9EF3EE7D3916EACB5EE920167F557BBB307288C17FBD169F0257AB4

x-anet-签名

sha512=FDE5518801C115C4886311877B4C37F6C26ABACE01ADB973EF372FB51C8F1E5321A83717161AD7DEFFD46F5013900E68B6220F3B25E9302A4208A9C673D32749

【问题讨论】:

  • 你能解释一下它如何失败了吗?你有错误吗?如果是这样,你会得到什么错误?请提供更多信息,因为没有足够的帮助您。
  • 请将来自 webhook 的正文部分结束 {"notificationId":"4bbba8fb-1d32-46b6-a513-a9ca2fed885c","eventType":"net.authorize.customer.subscription.created", "eventDate":"2019-11-27T06:20:36.3621687Z","webhookId":"a2929d59-147e-4400-a2bb-b3bd25a0311d","payload":{"name":"测试订阅","amount" :290.00,"status":"active","profile":{"customerProfileId":1921894828,"customerPaymentProfileId":1834842681,"customerShippingAddressId":1879009509},"entityName":"subscription","id":"6168233" }} 总是使哈希相等部分失败。
  • 您能否发布$this->header['x-anet-signature']$secret 的值,以便我们尝试重现该问题?为安全起见,您需要更改您的密钥。
  • 请看秘钥和签名。秘密密钥:F7B582AFFA9372866965456CFAC0D1B1219258F955FD5266D1A96BF9BE3C85F7D54C7CDFF9EF3EE7D3916EACB5EE920167F557BBB307288C17FBD169F0257AB4 $这 - >头[ '的x ANET签名'] = SHA512 = FDE5518801C115C4886311877B4C37F6C26ABACE01ADB973EF372FB51C8F1E5321A83717161AD7DEFFD46F5013900E68B6220F3B25E9302A4208A9C673D32749 跨度>

标签: php webhooks authorize.net authorize.net-webhooks


【解决方案1】:

您的代码应该可以工作。我出于测试目的对其进行了一些简化,但使用您在上面提供的值确实可以成功验证:

$signature = 'sha512=FDE5518801C115C4886311877B4C37F6C26ABACE01ADB973EF372FB51C8F1E5321A83717161AD7DEFFD46F5013900E68B6220F3B25E9302A4208A9C673D32749';
$json = '{"notificationId":"4bbba8fb-1d32-46b6-a513-a9ca2fed885c","eventType":"net.authorize.customer.subscription.created","eventDate":"2019-11-27T06:20:36.3621687Z","webhookId":"a2929d59-147e-4400-a2bb-b3bd25a0311d","payload":{"name":"Test subscription","amount":290.00,"status":"active","profile":{"customerProfileId":1921894828,"customerPaymentProfileId":1834842681,"customerShippingAddressId":1879009509},"entityName":"subscription","id":"6168233"}}';
$secret = 'F7B582AFFA9372866965456CFAC0D1B1219258F955FD5266D1A96BF9BE3C85F7D54C7CDFF9EF3EE7D3916EACB5EE920167F557BBB307288C17FBD169F0257AB4';

if (hash_equals(strtolower($signature), 'sha512=' . hash_hmac('sha512', $json, $secret))) {
    echo 'valid';
}else{
    echo 'invalid';
}

Demo

我认为您的错误是您正在对已经是 JSON 的 JSON 进行编码。所以改变这一行:

$json = Json::encode($this->body);

新代码:

if (isset($this->header['x-anet-signature'])) {
        $json = $this->body;
        if ($json) {
            //To check the header and signature is true
         if (hash_equals(strtolower($this->header['x-anet-signature']),
                    'sha512=' . hash_hmac('sha512',$json, $secret))
            ) { 


             }else{
                yii::info($json,'webhookhNotifications');
                throw new \yii\web\ServerErrorHttpException('Authentication failed in Webhook');
              return false;

            } 
        }
    }

【讨论】:

    猜你喜欢
    • 2016-06-16
    • 1970-01-01
    • 2018-06-13
    • 1970-01-01
    • 2016-10-24
    • 1970-01-01
    • 1970-01-01
    • 2015-02-06
    • 2012-04-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode