Add mollie_webhook_secret token to REST webhook endpoint#1242
Conversation
| $webhookUrl = untrailingslashit($webhookUrl); | ||
| } else { | ||
| $webhookUrl = add_query_arg( | ||
| ['mollie_webhook_secret' => get_option('mollie_webhook_secret', '')], |
There was a problem hiding this comment.
When no webhook was received the option can be empty. Better is to use getOrCreateWebhookSecret method.
danielhuesken
left a comment
There was a problem hiding this comment.
I could not find the class WebhookSecret.
| */ | ||
| public function registerRoutes() | ||
| { | ||
| $this->webhookSecret->getOrCreate(); |
There was a problem hiding this comment.
For what is it needed?
| ]); | ||
| } | ||
|
|
||
| public function getOrCreateWebhookSecret(): string |
There was a problem hiding this comment.
Is this method needed anymore?
| return $this->webhookSecret->getOrCreate(); | ||
| } | ||
|
|
||
| public function checkWebhookSecret(?string $incoming): bool |
There was a problem hiding this comment.
Is this method needed anymore?
| } | ||
|
|
||
| // Webhook test by Mollie | ||
| if (isset($_GET['testByMollie'])) { |
There was a problem hiding this comment.
Must the test also run against unauthenticated calls? Thant it must be before authentication check.
There was a problem hiding this comment.
I'm leaning to remove this check, is not documented and not used as far as I know
There was a problem hiding this comment.
Ok, I also found no documentation. I think it is an old leftover.
No description provided.