Merge pull request #71 from silverDuy/validate-for-webhook-get-request

`WebhookAuthenticator::authenticateGetRequest` now also consider `location-id` and `privileges`

Author: vienthuong

CHANGELOG.md

@@ -9,6 +9,8 @@ Updates should follow the [Keep a CHANGELOG](http://keepachangelog.com/) princip
 - Added EndPointTrait for supporting to remove the unnecessary last slashes of an endpoint
 - Updated `AdminAuthenticator` and `Context` to remove the unnecessary last slashes of the provided endpoint
 - [Fix Call to a member function getSource() on null](https://github.com/vienthuong/shopware-php-sdk/issues/65)
+- `WebhookAuthenticator::authenticateGetRequest` now also consider `location-id` and `privileges`
+- [Fix GET Requests of Webhook are not validated correctly](https://github.com/vienthuong/shopware-php-sdk/issues/61)
 
 ### 1.7.3
 - [Fix Schema caching](https://github.com/vienthuong/shopware-php-sdk/pull/62)

src/Service/WebhookAuthenticator.php

@@ -59,26 +59,32 @@ public static function authenticateGetRequest(string $shopSecret): bool
 
         $shop = new Shop($queries['shop-id'], $queries['shop-url'], $shopSecret);
 
-        $queryString = sprintf(
-            'shop-id=%s&shop-url=%s&timestamp=%s&sw-version=%s',
-            $shop->getShopId(),
-            $shop->getShopUrl(),
-            $queries['timestamp'] ?? null,
-            $queries['sw-version'] ?? null,
-        );
-
-        if (array_key_exists('sw-context-language', $queries) && array_key_exists('sw-context-language', $queries)) {
-            $queryString = sprintf(
-                'shop-id=%s&shop-url=%s&timestamp=%s&sw-version=%s&sw-context-language=%s&sw-user-language=%s',
-                $shop->getShopId(),
-                $shop->getShopUrl(),
-                $queries['timestamp'],
-                $queries['sw-version'],
-                $queries['sw-context-language'],
-                $queries['sw-user-language'],
-            );
+        $queryParams = [
+            'shop-id' => $shop->getShopId(),
+            'shop-url' => $shop->getShopUrl(),
+            'timestamp' => $queries['timestamp'],
+            'sw-version' => $queries['sw-version'],
+        ];
+
+        if (array_key_exists('sw-context-language', $queries)) {
+            $queryParams['sw-context-language'] = $queries['sw-context-language'];
         }
 
+        if (array_key_exists('sw-user-language', $queries)) {
+            $queryParams['sw-user-language'] = $queries['sw-user-language'];
+        }
+
+        if (array_key_exists('location-id', $queries)) {
+            $queryParams['location-id'] = $queries['location-id'];
+        }
+
+        if (array_key_exists('privileges', $queries)) {
+            $queryParams['privileges'] = urlencode($queries['privileges']);
+        }
+
+        $queryString = http_build_query($queryParams);
+
+
         $hmac = \hash_hmac('sha256', htmlspecialchars_decode($queryString), $shopSecret);
 
         return hash_equals($hmac, $queries['shopware-shop-signature']);