Use a boolean instead of rewriting the function

steven-fulll · steven-fulll · commit 4bf57b98a3a8 · 2025-06-23T15:17:55.000+02:00
diff --git a/Security/Firewall/SignedRequest.php b/Security/Firewall/SignedRequest.php
@@ -16,37 +16,24 @@ public function __construct(
         $this->setMethod(strtoupper($method));
     }
 
-    public function buildVerificationSignature(SignatureConfig $signatureConfig): string
+    public function buildSignature(SignatureConfig $signatureConfig, bool $forVerification = false): string
     {
         $payload = [
             $this->method,
             $this->host,
             $this->pathInfo,
-            $this->content,
+            rawurldecode($this->content),
         ];
 
-        if ($signatureConfig->isReplayProtectionEnabled()) {
-            $this->guardValidSignatureTime();
-            // use unshift to keep BC on signature generation
-            array_unshift($payload, $this->signatureTime);
+        if ($forVerification) {
+            $payload = [
+                $this->method,
+                $this->host,
+                $this->pathInfo,
+                $this->content,
+            ];
         }
 
-        return hash_hmac(
-            $signatureConfig->getAlgorithm(),
-            implode("\n", $payload),
-            $signatureConfig->getSecret(),
-        );
-    }
-
-    public function buildSignature(SignatureConfig $signatureConfig): string
-    {
-        $payload = [
-            $this->method,
-            $this->host,
-            $this->pathInfo,
-            rawurldecode($this->content),
-        ];
-
         if ($signatureConfig->isReplayProtectionEnabled()) {
             $this->guardValidSignatureTime();
             // use unshift to keep BC on signature generation
@@ -62,7 +49,7 @@ public function buildSignature(SignatureConfig $signatureConfig): string
 
     public function authenticateSignature(string $signature, SignatureConfig $signatureConfig, ReplayProtection $replayProtection): bool
     {
-        if ($signature !== $this->buildVerificationSignature($signatureConfig)) {
+        if ($signature !== $this->buildSignature($signatureConfig, true)) {
             throw new InvalidSignatureException();
         }
 
