DEVHIDE
Login Or Sign up

HMAC authentication of secret and payload in Symfony 5.4

158 Views Asked by At

My JavaScript code is making the following POST API call to my endpoint:

const payload = {
   course: args,
   recipient: roomId
};
const signature = this.calculateSignature(JSON.stringify(payload), secret);

const response = await fetch(`https://crmpicco.co.uk/app/api/dsf7s9d8797987897987`, {
   method: 'POST',
   headers: {
      'Content-Type': 'application/json',
      'X-EchoBot-Signature-256': signature 
   },
   body: JSON.stringify(payload)
});

calculateSignature(payload, secret) {
   return "sha256=" + crypto
   .createHmac('sha256', secret)
   .update(payload)
   .digest('hex');
}

in my Symfony 5.4 PHP app I have the following code:

$echoSecret = "0IQgWRFC1872i6AQc3mDo3Dc48UfWATPCoRX";

$encodedPayload = json_encode(json_decode($request->getContent()));
$calculatedSecret = hash_hmac('sha256', $encodedPayload, $echoSecret);
if ($headers['x-echobot-signature-256'][0] == "sha256=" . $calculatedSecret) {
    $this->getLogger()->info('The signature is valid, proceed...', [
        'calculatedSecret' => $calculatedSecret,
        'headerSecret' => $headers['x-echobot-signature-256'][0]
    ]);
} else {
    $this->getLogger()->info('The signature is invalid :(', [
        'calculatedSecret' => $calculatedSecret,
        'headerSecret' => $headers['x-echobot-signature-256'][0]
    ]);
}

Everytime I call the endpoint the authentication fails and falls into the The signature is invalid :( else block.

The request looks like this:

"request":{"stdClass":{"course":["topaid33"],"recipient":"!LjZCWlshucBDhBobTT:crm.com"}},"payload":"{"course":["topaid33"],"recipient":"!LjZCWlshucBDhBobTT:crm.com"}","headers":{"accept-encoding":["gzip, deflate, br"],"content-type":["application/json"],"user-agent":["Amazon CloudFront"],"x-amz-cf-id":["ndCQJ9lvWATP_vSerFFFFaqHBhYqOn_wdSLF2vWBShXCBA=="],"x-cloudfront-key":["RFC1872"],"x-matrixbot-signature-256":["sha256=3577f59ea6f1dd44af8af2e9240093387897897987987a029ccf818ae92ee2cdb99"],"x-forwarded-port":["443"],"x-forwarded-proto":["https"],"content-length":["78"],"via":["1.1 ip-10-82-2-81 (Varnish/7.2)"],"host":["s.crmpicco.co.uk"],"x-varnish":["3735722"],"x-php-ob-level":["1"]

Where am I taking a mis-step here?

javascript php hmac symfony5 hmacsha256
Original Q&A
1

There are 1 best solutions below

0
On

compare hashes using the hash_equals function


$signature = $request->header('x-echobot-signature-256');

$computedSignature = hash_hmac('sha256', (string) $request->getContent(), $echoSecret);

hash_equals($signature, $computedSignature)

Related Questions in JAVASCRIPT

Related Questions in PHP

Related Questions in HMAC

Related Questions in SYMFONY5

Related Questions in HMACSHA256

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.