0

I have a rating & review form which is used by the customers to submit their reviews. This form can be accessed using a url even if they are not signed-in to the platform.

I use signed routes to prevent anyone from submitting the form. The url is shared to them via email. The url looks like below:

http://localhost:8000/review?order_id=12345&signature=c95c7d59e240d97c5d4ceaa0fe4d75a9a100871a0d36b8a997f5a4c4f4567777

If someone tries to submit the form without the signature or invalid signature or invalid order_id, an error is thrown. Each signature is unique to an order_id.

I create signed route using below code:

$signed_url = URL::signedRoute('add-review', ['order_id' => $newOrder->id], null, false);

I am writing a test case to check if the signature exists and is valid but I can't seem to find an assert that I could use to check if signature is valid.

The only asserts I found which is for signed route is:

assertRedirectToSignedRoute

https://laravel.com/docs/9.x/http-tests#assert-redirect-to-signed-route

I do not redirect user to a signed route, instead I store the url in the database and attach the url when an email is sent.

The code I use in the controller to do the check is

if (! $request->hasValidRelativeSignature()) {
    throw new HttpResponseException(response()->json([], 403));
}
Murlidhar Fichadia
  • 2,589
  • 6
  • 43
  • 93

1 Answers1

0

Why not fetch the url to the database and use assertEqual() to test if the signed url and the url related to the order ID is equal

xenooooo
  • 1,106
  • 1
  • 2
  • 8
  • thank you for the response, but I am not trying to do that. I am asking if there is an assert Method to check the signature is valid or not. – Murlidhar Fichadia Oct 20 '22 at 14:49