add description field to notification

change hmac logic to calculate on raw body
support for arbitrary fields in notification

Author: dormin

sample/callback.php

@@ -23,7 +23,7 @@
 use Riskified\DecisionNotification\Model;
 
 # Replace with the 'shop domain' of your account in Riskified
-$domain = "busteco.com";
+$domain = "test.com";
 
 # Replace with the 'auth token' listed in the Riskified web app under the 'Settings' Tab
 $authToken = "bde6c2dce1657b1197cbebb10e4423b3560a3a6b";
@@ -32,9 +32,9 @@
 
 $signature = new Signature\HttpDataSignature();
 
-$headers = array('X-Riskified-Hmac-Sha256:4e17669551be731365461a27bf50d6886f11f2fd95ba88c74d401d0328909a63');
-$body = 'id=1&status=approved';
+$headers = array('X-Riskified-Hmac-Sha256:6bccbd8fbeeb2b95b553ada025a8d018b6d5182792f1db4fcc4186e7bf6c3c0f');
+$body = 'id=1&description=all%20good&status=approved';
 
 $notification = new Model\Notification($signature, $headers, $body);
 
-print "Order $notification->id changed to status $notification->status";
+print "Order #$notification->id changed to status '$notification->status' with message '$notification->description'\n";

sample/order_webhook.php

@@ -25,7 +25,7 @@
 use Riskified\OrderWebhook\Transport;
 
 # Replace with the 'shop domain' of your account in Riskified
-$domain = "test.pass.com";
+$domain = "test.com";
 
 # Replace with the 'auth token' listed in the Riskified web app under the 'Settings' Tab
 $authToken = "1388add8a99252fc1a4974de471e73cd";

src/Riskified/DecisionNotification/Model/Notification.php

@@ -24,13 +24,17 @@
 class Notification {
 
     /**
-     * @var Order ID
+     * @var string Order ID
      */
     public $id;
     /**
-     * @var Order Status
+     * @var string Status of Order
      */
     public $status;
+    /**
+     * @var string Description of Decision
+     */
+    public $description;
 
     protected $signature;
     protected $headers;
@@ -41,7 +45,7 @@ class Notification {
      * Inits and validates the request.
      * @param $signature Signature An instance of a Signature class that handles authentication
      * @param $headers array A list of HTTP Headers as strings
-     * @param $body string The body of the Request
+     * @param $body string The raw body of the Request
      * @throws NotificationException on issues with the request
      */
     public function __construct($signature, $headers, $body) {
@@ -50,7 +54,7 @@ public function __construct($signature, $headers, $body) {
         $this->body = $body;
 
         $this->parse_headers();
-        $this->parse_body($body);
+        $this->parse_body();
         $this->test_authorization();
     }
 
@@ -64,7 +68,8 @@ protected function parse_headers() {
             list ($key, $value) = explode(':', $header);
             if (!$key || !$value)
                 throw new Exception\BadHeaderException($this->headers, $this->body, $header);
-            $this->headers_map[trim($key)] = trim($value);
+            $header = str_replace('-', '_', strtoupper(trim($key)));
+            $this->headers_map[$header] = trim($value);
         }
     }
 
@@ -75,7 +80,7 @@ protected function parse_headers() {
     protected function test_authorization() {
         $signature = $this->signature;
         $remote_hmac = $this->headers_map[$signature::HMAC_HEADER_NAME];
-        $local_hmac = $signature->calc_hmac($this->data_string());
+        $local_hmac = $signature->calc_hmac($this->body);
         if ($remote_hmac != $local_hmac)
             throw new Exception\AuthorizationException($this->headers, $this->body, $local_hmac, $remote_hmac);
     }
@@ -90,14 +95,7 @@ protected function parse_body() {
         if (!$vars['id'] || !$vars['status'])
             throw new Exception\BadPostParametersException($this->headers, $this->body);
 
-        $this->id = $vars['id'];
-        $this->status = $vars['status'];
-    }
-
-    /**
-     * @return string sorted param string for hashing
-     */
-    protected function data_string() {
-        return "id=$this->id&status=$this->status";
+        foreach($vars as $key => $value)
+            $this->$key = $value;
     }
 }