fix payload containing invalid values

lekoala · Sep 14, 2022 · c6b7bc4 · c6b7bc4
1 parent 713636f
commit c6b7bc4
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 56 deletions.
diff --git a/resources/sample.json b/resources/sample.json
@@ -1,4 +1,5 @@
-[{
+[
+    {
         "msys": {
             "message_event": {
                 "type": "bounce",
@@ -42,7 +43,8 @@
                 "transmission_id": "65832150921904138"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "message_event": {
                 "type": "delivery",
@@ -85,7 +87,8 @@
                 "transmission_id": "65832150921904138"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "message_event": {
                 "type": "injection",
@@ -123,7 +126,8 @@
                 "transmission_id": "65832150921904138"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "message_event": {
                 "type": "sms_status",
@@ -150,7 +154,8 @@
                 "timestamp": "1454442600"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "message_event": {
                 "type": "spam_complaint",
@@ -181,7 +186,8 @@
                 "user_str": "Additional Example Information"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "message_event": {
                 "type": "out_of_band",
@@ -207,7 +213,8 @@
                 "timestamp": "1454442600"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "message_event": {
                 "type": "policy_rejection",
@@ -236,7 +243,8 @@
                 "bounce_class": "25"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "message_event": {
                 "type": "delay",
@@ -281,7 +289,8 @@
                 "transmission_id": "65832150921904138"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "track_event": {
                 "type": "click",
@@ -300,12 +309,12 @@
                 "rcpt_type": "cc",
                 "subaccount_id": "101",
                 "target_link_name": "Example Link Name",
-                "target_link_url": "http:\/\/example.com",
+                "target_link_url": "http://example.com",
                 "template_id": "templ-1234",
                 "template_version": "1",
                 "timestamp": "1454442600",
                 "transmission_id": "65832150921904138",
-                "user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2272.118 Safari\/537.36",
+                "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
                 "geo_ip": {
                     "country": "US",
                     "region": "MD",
@@ -315,7 +324,8 @@
                 }
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "track_event": {
                 "type": "open",
@@ -337,7 +347,7 @@
                 "template_version": "1",
                 "timestamp": "1454442600",
                 "transmission_id": "65832150921904138",
-                "user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2272.118 Safari\/537.36",
+                "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36",
                 "geo_ip": {
                     "country": "US",
                     "region": "MD",
@@ -347,7 +357,8 @@
                 }
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "gen_event": {
                 "type": "generation_failure",
@@ -378,7 +389,8 @@
                 "transmission_id": "65832150921904138"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "gen_event": {
                 "type": "generation_rejection",
@@ -411,7 +423,8 @@
                 "bounce_class": "25"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "unsubscribe_event": {
                 "type": "list_unsubscribe",
@@ -435,7 +448,8 @@
                 "transmission_id": "65832150921904138"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "unsubscribe_event": {
                 "type": "link_unsubscribe",
@@ -457,10 +471,11 @@
                 "template_version": "1",
                 "timestamp": "1454442600",
                 "transmission_id": "65832150921904138",
-                "user_agent": "Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2272.118 Safari\/537.36"
+                "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "relay_event": {
                 "type": "relay_injection",
@@ -478,7 +493,8 @@
                 "relay_id": "123-456-789"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "relay_event": {
                 "type": "relay_rejection",
@@ -497,7 +513,8 @@
                 "relay_id": "123-456-789"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "relay_event": {
                 "type": "relay_delivery",
@@ -515,7 +532,8 @@
                 "relay_id": "123-456-789"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "relay_event": {
                 "type": "relay_tempfail",
@@ -536,7 +554,8 @@
                 "relay_id": "123-456-789"
             }
         }
-    }, {
+    },
+    {
         "msys": {
             "relay_event": {
                 "type": "relay_permfail",
@@ -557,4 +576,5 @@
                 "relay_id": "123-456-789"
             }
         }
-    }]
+    }
+]
diff --git a/src/SparkPostController.php b/src/SparkPostController.php
@@ -59,15 +59,14 @@ public function test(HTTPRequest $req)
             return 'You can only test in dev mode';
         }
 
-        $client = $this->getClient();
-
         $file = $this->getRequest()->getVar('file');
         if ($file) {
             $data = file_get_contents(Director::baseFolder() . '/' . rtrim($file, '/'));
         } else {
             $data = file_get_contents(dirname(__DIR__) . '/resources/sample.json');
         }
         $payload = json_decode($data, JSON_OBJECT_AS_ARRAY);
+        $payload['@headers'] = $req->getHeaders();
 
         $this->processPayload($payload, 'TEST');
 
@@ -232,28 +231,11 @@ public function incoming(HTTPRequest $req)
         $isAuthenticated = true;
         $authError = null;
         if (SparkPostHelper::getWebhookUsername()) {
-            $requestUser = $req->getHeader('php_auth_user');
-            $requestPassword = $req->getHeader('php_auth_pw');
-            if (!$requestUser) {
-                $requestUser = $_SERVER['PHP_AUTH_USER'];
-            }
-            if (!$requestPassword) {
-                $requestPassword = $_SERVER['PHP_AUTH_PW'];
-            }
-
-            $hasSuppliedCredentials = $requestUser && $requestPassword;
-            if ($hasSuppliedCredentials) {
-                $user = SparkPostHelper::getWebhookUsername();
-                $password = SparkPostHelper::getWebhookPassword();
-                $isAuthenticated = ($requestUser == $user && $requestPassword == $password);
-                if ($user != $requestUser) {
-                    $authError = "User $requestUser doesn't match";
-                } elseif ($password != $requestPassword) {
-                    $authError = "Password $requestPassword don't match";
-                }
-            } else {
+            try {
+                $this->authRequest($req);
+            } catch (Exception $e) {
                 $isAuthenticated = false;
-                $authError = "No credentials";
+                $authError = $e->getMessage();
             }
         }
 
@@ -266,10 +248,11 @@ public function incoming(HTTPRequest $req)
             }
 
             if (is_dir($dir)) {
-                $payload['@headers'] = $req->getHeaders();
-                $payload['@isAuthenticated'] = $isAuthenticated;
-                $payload['@authError'] = $authError;
-                $prettyPayload = json_encode($payload, JSON_PRETTY_PRINT);
+                $storedPayload = array_merge([], $payload);
+                $storedPayload['@headers'] = $req->getHeaders();
+                $storedPayload['@isAuthenticated'] = $isAuthenticated;
+                $storedPayload['@authError'] = $authError;
+                $prettyPayload = json_encode($storedPayload, JSON_PRETTY_PRINT);
                 $time = date('Ymd-His');
                 file_put_contents($dir . '/' . $time . '_' . $batchId . '.json', $prettyPayload);
             } else {
@@ -295,6 +278,35 @@ public function incoming(HTTPRequest $req)
         return $response;
     }
 
+    protected function authRequest(HTTPRequest $req)
+    {
+        $requestUser = $req->getHeader('php_auth_user');
+        $requestPassword = $req->getHeader('php_auth_pw');
+        if (!$requestUser) {
+            $requestUser = $_SERVER['PHP_AUTH_USER'];
+        }
+        if (!$requestPassword) {
+            $requestPassword = $_SERVER['PHP_AUTH_PW'];
+        }
+
+        $authError = null;
+        $hasSuppliedCredentials = $requestUser && $requestPassword;
+        if ($hasSuppliedCredentials) {
+            $user = SparkPostHelper::getWebhookUsername();
+            $password = SparkPostHelper::getWebhookPassword();
+            if ($user != $requestUser) {
+                $authError = "User $requestUser doesn't match";
+            } elseif ($password != $requestPassword) {
+                $authError = "Password $requestPassword don't match";
+            }
+        } else {
+            $authError = "No credentials";
+        }
+        if ($authError) {
+            throw new Exception($authError);
+        }
+    }
+
     /**
      * Process data
      *
@@ -307,21 +319,25 @@ protected function processPayload(array $payload, $batchId = null)
 
         $subaccount = SparkPostHelper::getClient()->getSubaccount();
 
-        foreach ($payload as $r) {
+        foreach ($payload as $idx => $r) {
             // This is a test payload
-            if (empty($r) || empty($r['msys'])) {
+            if (empty($r)) {
+                continue;
+            }
+            // This is a custom entry
+            if (!is_numeric($idx)) {
                 continue;
             }
 
             $ev = $r['msys'] ?? null;
 
-            // Invalid payload
+            // Invalid payload: it should always be an object with a msys key containing the event
             if ($ev === null) {
-                $logLevel = self::config()->log_level ? self::config()->log_level : 7;
-                $this->getLogger()->log("Invalid payload: " . substr(json_encode($r), 0, 100) . '...', $logLevel);
+                $this->getLogger()->warn("Invalid payload: " . substr(json_encode($r), 0, 100) . '...');
                 continue;
             }
 
+            // Check type: it should be an object with the type as key
             $type = key($ev);
             if (!isset($ev[$type])) {
                 $this->getLogger()->warn("Invalid type $type in SparkPost payload");