Fix: Update how we handle callback functionality, add tests

Author: nikajorjika

src/Http/Controllers/StatusCallbackController.php

@@ -2,38 +2,47 @@
 
 namespace RedberryProducts\LaravelBogPayment\Http\Controllers;
 
-use HttpException;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller;
 use RedberryProducts\LaravelBogPayment\Events\TransactionStatusUpdated;
+use Symfony\Component\HttpKernel\Exception\HttpException;
 
 class StatusCallbackController extends Controller
 {
+    /**
+     * @throws HttpException
+     */
     public function __invoke(Request $request)
     {
         $requestBody = $request->getContent();
 
+        $request->validate([
+            'body' => 'required|array'
+        ]);
+
         $signature = $request->header('Callback-Signature');
         $publicKey = config('bog-payment.public_key');
 
         $this->ensureSignatureIsValid($requestBody, $signature, $publicKey);
 
-        event(TransactionStatusUpdated::class, [json_decode($requestBody, true)['body']]);
+        event(new TransactionStatusUpdated($request->get('body')));
 
-        return json_decode($requestBody, true)['body'];
+        return $request->get('body');
     }
 
     /**
      * Verifies the signature using the provided public key.
      *
      * @param  string  $data  The data to verify.
-     * @param  string  $signature  The provided signature.
-     * @param  string  $publicKey  The public key to use for verification.
+     * @param  string|null  $signature  The provided signature.
+     * @param  string|null  $publicKey  The public key to use for verification.
+     *
+     * @return bool
      */
-    private function verifySignature(string $data, string $signature, string $publicKey): bool
+    private function verifySignature(string $data, string|null $signature, string|null $publicKey): bool
     {
-        // Decode the signature from base64
         $decodedSignature = base64_decode($signature);
+
         $publicKey = openssl_pkey_get_public($publicKey);
         $verified = openssl_verify($data, $decodedSignature, $publicKey, 'RSA-SHA256');
 
@@ -45,9 +54,8 @@ private function verifySignature(string $data, string $signature, string $public
      */
     private function ensureSignatureIsValid($body, $signature, $publicKey)
     {
-        if (! $this->verifySignature($body, $signature, $publicKey)) {
-            throw new HttpException('Invalid Signature', 401);
+        if (!$this->verifySignature($body, $signature, $publicKey)) {
+            throw new HttpException(401, 'Invalid Signature');
         }
-
     }
 }

tests/Callback/CallbackEndpointTest.php

@@ -0,0 +1,151 @@
+<?php
+
+use Illuminate\Support\Facades\Event;
+use Illuminate\Support\Facades\Config;
+use RedberryProducts\LaravelBogPayment\Events\TransactionStatusUpdated;
+
+
+function generateRSAKeyPair(): array
+{
+    $config = [
+        'private_key_bits' => 2048,
+        'default_md' => 'sha256',
+        'private_key_type' => OPENSSL_KEYTYPE_RSA,
+    ];
+
+    $resource = openssl_pkey_new($config);
+    openssl_pkey_export($resource, $privateKey);
+    $publicKeyDetails = openssl_pkey_get_details($resource);
+
+    return [
+        'private_key' => $privateKey,
+        'public_key' => $publicKeyDetails['key'],
+    ];
+}
+
+function generateValidSignature(string $data, string $privateKey)
+{
+    openssl_sign($data, $signature, $privateKey, OPENSSL_ALGO_SHA256);
+    return base64_encode($signature);
+}
+
+beforeEach(function () {
+    $keys = generateRSAKeyPair();
+
+    $this->privateKey = $keys['private_key'];
+    $this->publicKey = $keys['public_key'];
+
+    Config::set('bog-payment.public_key', $keys['public_key']);
+});
+
+test('callback with valid signature and payload should trigger event', function () {
+    Event::fake();
+    $payload = ['body' => ['transaction_id' => '12345', 'status' => 'success']];
+    $payloadJson = json_encode($payload);
+    $signature = generateValidSignature($payloadJson, $this->privateKey);
+
+    $response = $this->postJson(route('bog-payment.callback'),
+        ['body' => ['transaction_id' => '12345', 'status' => 'success']], [
+            'Content-Type' => 'application/json',
+            'Callback-Signature' => $signature,
+        ]);
+
+    $response->assertOk();
+    Event::assertDispatched(TransactionStatusUpdated::class);
+});
+
+test('callback with invalid signature should return 401', function () {
+    $response = $this->postJson(route('bog-payment.callback'),
+        ['body' => ['transaction_id' => '12345', 'status' => 'success']], [
+            'Content-Type' => 'application/json',
+            'Callback-Signature' => 'invalid_signature',
+        ]);
+
+    $response->assertStatus(401);
+});
+
+test('callback with missing signature should return 401', function () {
+    $response = $this->postJson(route('bog-payment.callback'),
+        ['body' => ['transaction_id' => '12345', 'status' => 'success']], [
+            'Content-Type' => 'application/json',
+        ]);
+
+    $response->assertStatus(401);
+});
+
+test('callback with invalid JSON should return 401', function () {
+    $payload = ['body' => ['transaction_id' => '12345', 'status' => 'success']];
+    $response = $this->postJson(route('bog-payment.callback'), $payload, [
+        'Content-Type' => 'application/json',
+        'Callback-Signature' => generateValidSignature('invalid_json', $this->privateKey),
+    ]);
+
+    $response->assertStatus(401);
+});
+
+test('callback with missing required fields should return error', function () {
+    $payload = json_encode(['unexpected_field' => 'value']);
+    $signature = generateValidSignature($payload, $this->privateKey);
+
+    $response = $this->postJson(route('bog-payment.callback'), [], [
+        'Content-Type' => 'application/json',
+        'Callback-Signature' => $signature,
+    ]);
+
+    $response->assertStatus(422);
+});
+
+test('callback with missing public key should return 500', function () {
+    Config::set('bog-payment.public_key', null);
+
+    $payload = ['body' => ['transaction_id' => '12345', 'status' => 'success']];
+    $payloadJson = json_encode($payload);
+    $signature = generateValidSignature($payloadJson, $this->privateKey);
+
+    $response = $this->postJson(route('bog-payment.callback'), $payload, [
+        'Content-Type' => 'application/json',
+        'Callback-Signature' => $signature,
+    ]);
+
+    $response->assertStatus(500);
+});
+
+test('callback when signature verification fails should return 401', function () {
+    $payload = ['body' => ['transaction_id' => '12345', 'status' => 'success']];
+
+    $response = $this->postJson(route('bog-payment.callback'), $payload, [
+        'Content-Type' => 'application/json',
+        'Callback-Signature' => 'wrong_signature',
+    ]);
+
+    $response->assertStatus(401);
+});
+
+test('callback when unexpected error occurs should return 500', function () {
+    Config::set('bog-payment.public_key', 'invalid_key');
+
+    $payload = json_encode(['body' => ['transaction_id' => '12345', 'status' => 'success']]);
+    $signature = generateValidSignature($payload, $this->privateKey);
+
+    $response = $this->postJson(route('bog-payment.callback'),
+        ['body' => ['transaction_id' => '12345', 'status' => 'success']], [
+            'Content-Type' => 'application/json',
+            'Callback-Signature' => $signature,
+        ]);
+
+    $response->assertStatus(500);
+});
+
+test('callback with valid data should return correct response', function () {
+    $payload = ['body' => ['transaction_id' => '12345', 'status' => 'success']];
+    $payloadJson = json_encode($payload);
+    $signature = generateValidSignature($payloadJson, $this->privateKey);
+
+    $response = $this->postJson(route('bog-payment.callback'), $payload, [
+        'Content-Type' => 'application/json',
+        'Callback-Signature' => $signature,
+    ]);
+
+    $response->assertOk()
+        ->assertJson(['transaction_id' => '12345', 'status' => 'success']);
+});