Skip to content

Commit

Permalink
fix payload containing invalid values
Browse files Browse the repository at this point in the history
  • Loading branch information
lekoala committed Sep 14, 2022
1 parent 713636f commit c6b7bc4
Show file tree
Hide file tree
Showing 2 changed files with 92 additions and 56 deletions.
68 changes: 44 additions & 24 deletions resources/sample.json
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
[{
[
{
"msys": {
"message_event": {
"type": "bounce",
Expand Down Expand Up @@ -42,7 +43,8 @@
"transmission_id": "65832150921904138"
}
}
}, {
},
{
"msys": {
"message_event": {
"type": "delivery",
Expand Down Expand Up @@ -85,7 +87,8 @@
"transmission_id": "65832150921904138"
}
}
}, {
},
{
"msys": {
"message_event": {
"type": "injection",
Expand Down Expand Up @@ -123,7 +126,8 @@
"transmission_id": "65832150921904138"
}
}
}, {
},
{
"msys": {
"message_event": {
"type": "sms_status",
Expand All @@ -150,7 +154,8 @@
"timestamp": "1454442600"
}
}
}, {
},
{
"msys": {
"message_event": {
"type": "spam_complaint",
Expand Down Expand Up @@ -181,7 +186,8 @@
"user_str": "Additional Example Information"
}
}
}, {
},
{
"msys": {
"message_event": {
"type": "out_of_band",
Expand All @@ -207,7 +213,8 @@
"timestamp": "1454442600"
}
}
}, {
},
{
"msys": {
"message_event": {
"type": "policy_rejection",
Expand Down Expand Up @@ -236,7 +243,8 @@
"bounce_class": "25"
}
}
}, {
},
{
"msys": {
"message_event": {
"type": "delay",
Expand Down Expand Up @@ -281,7 +289,8 @@
"transmission_id": "65832150921904138"
}
}
}, {
},
{
"msys": {
"track_event": {
"type": "click",
Expand All @@ -300,12 +309,12 @@
"rcpt_type": "cc",
"subaccount_id": "101",
"target_link_name": "Example Link Name",
"target_link_url": "http:\/\/example.com",
"target_link_url": "http://example.com",
"template_id": "templ-1234",
"template_version": "1",
"timestamp": "1454442600",
"transmission_id": "65832150921904138",
"user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2272.118 Safari\/537.36",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
"geo_ip": {
"country": "US",
"region": "MD",
Expand All @@ -315,7 +324,8 @@
}
}
}
}, {
},
{
"msys": {
"track_event": {
"type": "open",
Expand All @@ -337,7 +347,7 @@
"template_version": "1",
"timestamp": "1454442600",
"transmission_id": "65832150921904138",
"user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2272.118 Safari\/537.36",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
"geo_ip": {
"country": "US",
"region": "MD",
Expand All @@ -347,7 +357,8 @@
}
}
}
}, {
},
{
"msys": {
"gen_event": {
"type": "generation_failure",
Expand Down Expand Up @@ -378,7 +389,8 @@
"transmission_id": "65832150921904138"
}
}
}, {
},
{
"msys": {
"gen_event": {
"type": "generation_rejection",
Expand Down Expand Up @@ -411,7 +423,8 @@
"bounce_class": "25"
}
}
}, {
},
{
"msys": {
"unsubscribe_event": {
"type": "list_unsubscribe",
Expand All @@ -435,7 +448,8 @@
"transmission_id": "65832150921904138"
}
}
}, {
},
{
"msys": {
"unsubscribe_event": {
"type": "link_unsubscribe",
Expand All @@ -457,10 +471,11 @@
"template_version": "1",
"timestamp": "1454442600",
"transmission_id": "65832150921904138",
"user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2272.118 Safari\/537.36"
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"
}
}
}, {
},
{
"msys": {
"relay_event": {
"type": "relay_injection",
Expand All @@ -478,7 +493,8 @@
"relay_id": "123-456-789"
}
}
}, {
},
{
"msys": {
"relay_event": {
"type": "relay_rejection",
Expand All @@ -497,7 +513,8 @@
"relay_id": "123-456-789"
}
}
}, {
},
{
"msys": {
"relay_event": {
"type": "relay_delivery",
Expand All @@ -515,7 +532,8 @@
"relay_id": "123-456-789"
}
}
}, {
},
{
"msys": {
"relay_event": {
"type": "relay_tempfail",
Expand All @@ -536,7 +554,8 @@
"relay_id": "123-456-789"
}
}
}, {
},
{
"msys": {
"relay_event": {
"type": "relay_permfail",
Expand All @@ -557,4 +576,5 @@
"relay_id": "123-456-789"
}
}
}]
}
]
80 changes: 48 additions & 32 deletions src/SparkPostController.php
Original file line number Diff line number Diff line change
Expand Up @@ -59,15 +59,14 @@ public function test(HTTPRequest $req)
return 'You can only test in dev mode';
}

$client = $this->getClient();

$file = $this->getRequest()->getVar('file');
if ($file) {
$data = file_get_contents(Director::baseFolder() . '/' . rtrim($file, '/'));
} else {
$data = file_get_contents(dirname(__DIR__) . '/resources/sample.json');
}
$payload = json_decode($data, JSON_OBJECT_AS_ARRAY);
$payload['@headers'] = $req->getHeaders();

$this->processPayload($payload, 'TEST');

Expand Down Expand Up @@ -232,28 +231,11 @@ public function incoming(HTTPRequest $req)
$isAuthenticated = true;
$authError = null;
if (SparkPostHelper::getWebhookUsername()) {
$requestUser = $req->getHeader('php_auth_user');
$requestPassword = $req->getHeader('php_auth_pw');
if (!$requestUser) {
$requestUser = $_SERVER['PHP_AUTH_USER'];
}
if (!$requestPassword) {
$requestPassword = $_SERVER['PHP_AUTH_PW'];
}

$hasSuppliedCredentials = $requestUser && $requestPassword;
if ($hasSuppliedCredentials) {
$user = SparkPostHelper::getWebhookUsername();
$password = SparkPostHelper::getWebhookPassword();
$isAuthenticated = ($requestUser == $user && $requestPassword == $password);
if ($user != $requestUser) {
$authError = "User $requestUser doesn't match";
} elseif ($password != $requestPassword) {
$authError = "Password $requestPassword don't match";
}
} else {
try {
$this->authRequest($req);
} catch (Exception $e) {
$isAuthenticated = false;
$authError = "No credentials";
$authError = $e->getMessage();
}
}

Expand All @@ -266,10 +248,11 @@ public function incoming(HTTPRequest $req)
}

if (is_dir($dir)) {
$payload['@headers'] = $req->getHeaders();
$payload['@isAuthenticated'] = $isAuthenticated;
$payload['@authError'] = $authError;
$prettyPayload = json_encode($payload, JSON_PRETTY_PRINT);
$storedPayload = array_merge([], $payload);
$storedPayload['@headers'] = $req->getHeaders();
$storedPayload['@isAuthenticated'] = $isAuthenticated;
$storedPayload['@authError'] = $authError;
$prettyPayload = json_encode($storedPayload, JSON_PRETTY_PRINT);
$time = date('Ymd-His');
file_put_contents($dir . '/' . $time . '_' . $batchId . '.json', $prettyPayload);
} else {
Expand All @@ -295,6 +278,35 @@ public function incoming(HTTPRequest $req)
return $response;
}

protected function authRequest(HTTPRequest $req)
{
$requestUser = $req->getHeader('php_auth_user');
$requestPassword = $req->getHeader('php_auth_pw');
if (!$requestUser) {
$requestUser = $_SERVER['PHP_AUTH_USER'];
}
if (!$requestPassword) {
$requestPassword = $_SERVER['PHP_AUTH_PW'];
}

$authError = null;
$hasSuppliedCredentials = $requestUser && $requestPassword;
if ($hasSuppliedCredentials) {
$user = SparkPostHelper::getWebhookUsername();
$password = SparkPostHelper::getWebhookPassword();
if ($user != $requestUser) {
$authError = "User $requestUser doesn't match";
} elseif ($password != $requestPassword) {
$authError = "Password $requestPassword don't match";
}
} else {
$authError = "No credentials";
}
if ($authError) {
throw new Exception($authError);
}
}

/**
* Process data
*
Expand All @@ -307,21 +319,25 @@ protected function processPayload(array $payload, $batchId = null)

$subaccount = SparkPostHelper::getClient()->getSubaccount();

foreach ($payload as $r) {
foreach ($payload as $idx => $r) {
// This is a test payload
if (empty($r) || empty($r['msys'])) {
if (empty($r)) {
continue;
}
// This is a custom entry
if (!is_numeric($idx)) {
continue;
}

$ev = $r['msys'] ?? null;

// Invalid payload
// Invalid payload: it should always be an object with a msys key containing the event
if ($ev === null) {
$logLevel = self::config()->log_level ? self::config()->log_level : 7;
$this->getLogger()->log("Invalid payload: " . substr(json_encode($r), 0, 100) . '...', $logLevel);
$this->getLogger()->warn("Invalid payload: " . substr(json_encode($r), 0, 100) . '...');
continue;
}

// Check type: it should be an object with the type as key
$type = key($ev);
if (!isset($ev[$type])) {
$this->getLogger()->warn("Invalid type $type in SparkPost payload");
Expand Down

0 comments on commit c6b7bc4

Please sign in to comment.