From 053a4c4f746079232a4e3fc256c99ea1ef83cf36 Mon Sep 17 00:00:00 2001
From: Chris Minett <1084019+chrisminett@users.noreply.github.com>
Date: Sat, 29 Apr 2023 08:56:03 +0100
Subject: [PATCH 1/3] Tidy request validation server key strings that look like
 constants

---
 src/MessageBird/RequestValidator.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/MessageBird/RequestValidator.php b/src/MessageBird/RequestValidator.php
index 374f1ee..6305924 100644
--- a/src/MessageBird/RequestValidator.php
+++ b/src/MessageBird/RequestValidator.php
@@ -188,7 +188,8 @@ public function validateSignature(string $signature, string $url, string $body)
     public function validateRequestFromGlobals()
     {
         $signature = $_SERVER['MessageBird-Signature-JWT'] ?? null;
-        $url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
+        $url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") .
+            "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
         $body = file_get_contents('php://input');
 
         return $this->validateSignature($signature, $url, $body);

From efcdb05aae8e095e2f937cbb6a43a8bdff0ad64f Mon Sep 17 00:00:00 2001
From: Chris Minett <1084019+chrisminett@users.noreply.github.com>
Date: Sat, 29 Apr 2023 08:57:20 +0100
Subject: [PATCH 2/3] Fix request validation string type

---
 src/MessageBird/RequestValidator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/MessageBird/RequestValidator.php b/src/MessageBird/RequestValidator.php
index 6305924..f4b1ce9 100644
--- a/src/MessageBird/RequestValidator.php
+++ b/src/MessageBird/RequestValidator.php
@@ -187,7 +187,7 @@ public function validateSignature(string $signature, string $url, string $body)
      */
     public function validateRequestFromGlobals()
     {
-        $signature = $_SERVER['MessageBird-Signature-JWT'] ?? null;
+        $signature = $_SERVER['MessageBird-Signature-JWT'] ?? '';
         $url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") .
             "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
         $body = file_get_contents('php://input');

From 9f03fd7735e91bbe5d5c40b6582e3b8a49b24f0f Mon Sep 17 00:00:00 2001
From: Chris Minett <1084019+chrisminett@users.noreply.github.com>
Date: Sat, 29 Apr 2023 09:02:36 +0100
Subject: [PATCH 3/3] Add support to RequestValidator for standard HTTP header
 format

HTTP headers are usually set with keys prefixed with `HTTP_`
and all uppercase and underscores.
---
 src/MessageBird/RequestValidator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/MessageBird/RequestValidator.php b/src/MessageBird/RequestValidator.php
index f4b1ce9..8d42fe7 100644
--- a/src/MessageBird/RequestValidator.php
+++ b/src/MessageBird/RequestValidator.php
@@ -187,7 +187,7 @@ public function validateSignature(string $signature, string $url, string $body)
      */
     public function validateRequestFromGlobals()
     {
-        $signature = $_SERVER['MessageBird-Signature-JWT'] ?? '';
+        $signature = $_SERVER['HTTP_MESSAGEBIRD_SIGNATURE_JWT'] ?? ($_SERVER['MessageBird-Signature-JWT'] ?? '');
         $url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") .
             "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
         $body = file_get_contents('php://input');