Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions mercadopago/webhook/validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ def validate( # pylint: disable=too-many-arguments
the manifest before computing the HMAC.
data_id: Value of the ``data.id`` query parameter. May be ``None``;
in that case the ``id:`` pair is omitted. When present, the
value is lowercased before being included in the manifest.
value is included in the manifest exactly as received.
secret: Secret signature configured for the application in Tus
Integraciones.
tolerance_seconds: Optional maximum allowed drift in seconds
Expand Down Expand Up @@ -216,7 +216,7 @@ def _build_manifest(data_id, request_id, ts):
"""Builds the HMAC manifest, omitting empty pairs per the documented rule."""
parts = []
if data_id:
parts.append(f"id:{data_id.lower()}")
parts.append(f"id:{data_id}")
if request_id:
parts.append(f"request-id:{request_id}")
parts.append(f"ts:{ts}")
Expand Down
8 changes: 5 additions & 3 deletions tests/test_webhook_signature_validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
def compute_hash(data_id, request_id, ts, secret):
parts = []
if data_id:
parts.append(f"id:{data_id.lower()}")
parts.append(f"id:{data_id}")
if request_id:
parts.append(f"request-id:{request_id}")
parts.append(f"ts:{ts}")
Expand All @@ -52,8 +52,10 @@ def test_happy_path_lowercase(self):
WebhookSignatureValidator.validate(VALID_HEADER, REQUEST_ID, DATA_ID_LOWER, SECRET)

# --- case 2 ---
def test_uppercase_dataid_is_lowercased(self):
WebhookSignatureValidator.validate(VALID_HEADER, REQUEST_ID, DATA_ID_RAW, SECRET)
def test_uppercase_dataid_is_preserved(self):
upper_hash = compute_hash(DATA_ID_RAW, REQUEST_ID, TS, SECRET)
upper_header = build_header(upper_hash)
WebhookSignatureValidator.validate(upper_header, REQUEST_ID, DATA_ID_RAW, SECRET)

# --- case 3 ---
def test_malformed_header_raises_malformed(self):
Expand Down
Loading