Permalink
Browse files

Add request validation support

  • Loading branch information...
1 parent b94a754 commit 2e669a209344d90543bb9b48f8991d696fdd10b0 @kyleconroy kyleconroy committed Jul 19, 2011
Showing with 87 additions and 4 deletions.
  1. +36 −0 Services/Twilio/RequestValidator.php
  2. +3 −4 docs/index.rst
  3. +48 −0 tests/RequestValidatorTest.php
@@ -0,0 +1,36 @@
+<?php
+
+class Services_Twilio_RequestValidator
+{
+
+ protected $AuthToken;
+
+ function __construct($token)
+ {
+ $this->AuthToken = $token;
+ }
+
+ public function computeSignature($url, $data = array())
+ {
+ // sort the array by keys
+ ksort($data);
+
+ // append them to the data string in order
+ // with no delimiters
+ foreach($data as $key => $value)
+ $url .= "$key$value";
+
+ // This function calculates the HMAC hash of the data with the key
+ // passed in
+ // Note: hash_hmac requires PHP 5 >= 5.1.2 or PECL hash:1.1-1.5
+ // Or http://pear.php.net/package/Crypt_HMAC/
+ return base64_encode(hash_hmac("sha1", $url, $this->AuthToken, true));
+ }
+
+ public function validate($expectedSignature, $url, $data = array())
+ {
+ return $this->computeSignature($url, $data)
+ == $expectedSignature;
+ }
+
+}
View
@@ -3,16 +3,15 @@
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
-===============
+=================
Services_Twilio
-===============
+=================
Status
=======
This documentation is for version 3.0 of `twilio-php <https://www.github.com/twilio/twilio-php>`_.
-
Installation
================
@@ -71,7 +70,7 @@ If you’ve got questions that aren’t answered by this documentation, ask the
Running the Tests
>>>>>>>>>>>>>>>>>>>>>>>>>
-The unit tests depend on `Mockery <https://github.com/padraic/mockery>`_ and `PHPUnit <https://github.com/sebastianbergmann/phpunit>`_. First, install all the necessary pear channels (which is ridiculous)
+The unit tests depend on `Mockery <https://github.com/padraic/mockery>`_ and `PHPUnit <https://github.com/sebastianbergmann/phpunit>`_. First, 'discover' all the necessary pear channels (which is ridiculous)
.. code-block:: bash
@@ -0,0 +1,48 @@
+<?php
+
+require_once 'Twilio/RequestValidator.php';
+
+class RequestValidatorTest extends PHPUnit_Framework_TestCase {
+
+ function testRequestValidation() {
+ $token = "1c892n40nd03kdnc0112slzkl3091j20";
+ $validator = new Services_Twilio_RequestValidator($token);
+
+ $uri = "http://www.postbin.org/1ed898x";
+ $params = array(
+ "CalledZip" => "94612",
+ "AccountSid" => "AC9a9f9392lad99kla0sklakjs90j092j3",
+ "ApiVersion" => "2010-04-01",
+ "CallSid" => "CAd800bb12c0426a7ea4230e492fef2a4f",
+ "CallStatus" => "ringing",
+ "Called" => "+15306384866",
+ "CalledCity" => "OAKLAND",
+ "CalledCountry" => "US",
+ "CalledState" => "CA",
+ "Caller" => "+15306666666",
+ "CallerCity" => "SOUTH LAKE TAHOE",
+ "CallerCountry" => "US",
+ "CallerName" => "CA Wireless Call",
+ "CallerState" => "CA",
+ "CallerZip" => "89449",
+ "Direction" => "inbound",
+ "From" => "+15306666666",
+ "FromCity" => "SOUTH LAKE TAHOE",
+ "FromCountry" => "US",
+ "FromState" => "CA",
+ "FromZip" => "89449",
+ "To" => "+15306384866",
+ "ToCity" => "OAKLAND",
+ "ToCountry" => "US",
+ "ToState" => "CA",
+ "ToZip" => "94612",
+ );
+
+ $expected = "fF+xx6dTinOaCdZ0aIeNkHr/ZAA=";
+
+ $this->assertEquals(
+ $validator->computeSignature($uri, $params), $expected);
+ $this->assertTrue($validator->validate($expected, $uri, $params));
+ }
+
+}

0 comments on commit 2e669a2

Please sign in to comment.