From 7f10bc8825b0a8fa958b69c13358221a06a6bc5a Mon Sep 17 00:00:00 2001
From: Peter <160108743+pulseP1986@users.noreply.github.com>
Date: Thu, 28 Aug 2025 11:56:10 +0300
Subject: [PATCH 1/2] Fix signature validation

---
 src/Webhook/Webhook.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Webhook/Webhook.php b/src/Webhook/Webhook.php
index 37ddd85..08af596 100644
--- a/src/Webhook/Webhook.php
+++ b/src/Webhook/Webhook.php
@@ -55,7 +55,7 @@ private function __construct($rawJson) {
             throw new ValueError("Invalid or malformed webhook JSON: " . $rawJson);
         }
 
-        $this->_encodedJson = json_encode($decodedJson);
+        $this->_encodedJson = json_encode($decodedJson, JSON_FORCE_OBJECT);
         $this->_id = $decodedJson["id"];
         $this->_type = $decodedJson["type"];
         $this->_date = $decodedJson["date"];
@@ -151,7 +151,7 @@ public static function parse(string $webhookJsonStr=null) : self {
         }
 
         $isSignatureValid = Webhooks::validateWebhookSignature($webhook, $signature);
-        var_dump("VALID: ", $isSignatureValid);
+        //var_dump("VALID: ", $isSignatureValid);
 
         if (!$isSignatureValid) {
             throw new ApiException("Invalid webhook signature", 403);
@@ -250,7 +250,7 @@ public function validateSignature(string $expectedSignature, string $webhookSecr
     {
         $calculatedSignature = hash_hmac('sha256', hash('sha256', $this->_encodedJson), $webhookSecret);
         $result = (strcmp($calculatedSignature, $expectedSignature) == 0);
-        var_dump("Result: ", $result);
+        //var_dump("Result: ", $result);
         return $result;
     }
-}
\ No newline at end of file
+}

From 1f5b54f7ab0b2fa25dbc949c798910aedc6336a5 Mon Sep 17 00:00:00 2001
From: Peter <160108743+pulseP1986@users.noreply.github.com>
Date: Sat, 30 Aug 2025 16:28:40 +0300
Subject: [PATCH 2/2] Update Webhook.php

---
 src/Webhook/Webhook.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Webhook/Webhook.php b/src/Webhook/Webhook.php
index 08af596..fef760d 100644
--- a/src/Webhook/Webhook.php
+++ b/src/Webhook/Webhook.php
@@ -55,7 +55,7 @@ private function __construct($rawJson) {
             throw new ValueError("Invalid or malformed webhook JSON: " . $rawJson);
         }
 
-        $this->_encodedJson = json_encode($decodedJson, JSON_FORCE_OBJECT);
+        $this->_encodedJson = json_encode($decodedJson);
         $this->_id = $decodedJson["id"];
         $this->_type = $decodedJson["type"];
         $this->_date = $decodedJson["date"];
@@ -248,7 +248,7 @@ public function validateIp(string $ipHeaderName = "REMOTE_ADDR"): bool
      */
     public function validateSignature(string $expectedSignature, string $webhookSecret): bool
     {
-        $calculatedSignature = hash_hmac('sha256', hash('sha256', $this->_encodedJson), $webhookSecret);
+        $calculatedSignature = hash_hmac('sha256', hash('sha256', $this->_rawJson), $webhookSecret);
         $result = (strcmp($calculatedSignature, $expectedSignature) == 0);
         //var_dump("Result: ", $result);
         return $result;