specify signature_algorithm in the config/cloudinary.php

[meyer59]

Hello
It will be great if we can specify some more parameters in the cloudinary.php conf file as mentioned here.
Actually, i am trying to specify the signature_algorithm parameter, is there any way to do it with the current package version ?
Thank you

[tara-matthew]

Please could I have a go at working on this?

[unicodeveloper]

@tara-matthew assigned to you.

[uhexos]

@unicodeveloper after taking a stab at this seems like the extra env parameters would not be needed since we use the cloudinary url. The extra parameters can be added to the string the signature_algorithm in particular can be added using

cloudinary://cloudinary_url_here?cloud[signature_algorithm]=sha256

relevant cloudinary docs maybe we just need to add some more docs here to let people know

[unicodeveloper]

You might be right. Seems possible. Have you tried it to see if it actually works?

…

On Thu, Oct 12, 2023 at 8:16 PM Nwokorobia Ugo ***@***.***> wrote: @unicodeveloper <https://github.com/unicodeveloper> after taking a stab at this seems like the extra env parameters would not be needed since we use the cloudinary url. The extra parameters can be added to the string the signature_algorithm in particular can be added using cloudinary://cloudinary_url_here?cloud[signature_algorithm]=sha256 relevant cloudinary docs <https://cloudinary.com/documentation/php_integration#landingpage:~:text=You%20can%20also%20configure%20parameters%20for%20an%20instance%20via%20environment%20variable%2C%20for%20example%3A> maybe we just need to add some more docs here to let people know — Reply to this email directly, view it on GitHub <#63 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAWPNUJXDT7OPXWWU6I62XLX7A6YRANCNFSM5ROPWELA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[uhexos]

tried adding the sha256 and if you set a sha eg 2566 that doesn't exist it throws an error that says you need a enter a valid signature_algorithm. Seems it actually detects the setting. Buuuutt I couldn't actually get it to produce a sha 256 signature.

Given
$uploadedFileUrl = cloudinary()->upload($request->file('file')->getRealPath()); SignatureVerifier::verifyApiResponseSignature($uploadedFileUrl->getPublicId(), $uploadedFileUrl->getVersion(), $uploadedFileUrl->getSignature());

the signature that comes back seems to be sha1 encrypted cause we end up here at which during execution and it returns true
public static function generateHmac($payloadToSign, $apiSecret) { return sha1($payloadToSign . $apiSecret); }

Any chance the sha256 is for paying accounts only ?