# |
Jun 23rd 2021, 21:26 |
tyler.adam.lazenby |
Right, and I think just using the `getData()` method will work fine it is a json body that gets sent over. |
# |
Jun 23rd 2021, 21:25 |
kevin.pfeifer |
```$this->request->getParsedBody();``` will give you the json directly if you desire that more |
# |
Jun 23rd 2021, 21:24 |
tyler.adam.lazenby |
thank you!!!!!!!! |
# |
Jun 23rd 2021, 21:24 |
kevin.pfeifer |
with `$this->request->getBody()` you get a PhpInputStream. If you want the unparsed body, you need to call ```$this->request->getBody()->getContents()``` |
# |
Jun 23rd 2021, 21:19 |
tyler.adam.lazenby |
thank you so much |
# |
Jun 23rd 2021, 21:19 |
kevin.pfeifer |
let me check with one of my json post data |
# |
Jun 23rd 2021, 21:16 |
tyler.adam.lazenby |
and the stream interface... has issues |
# |
Jun 23rd 2021, 21:16 |
tyler.adam.lazenby |
I need the string version of the body |
# |
Jun 23rd 2021, 21:14 |
kevin.pfeifer |
or `$this->request->getParsedBody();` if you want the parsed body :) See also https://github.com/cakephp/cakephp/blob/master/src/Http/ServerRequest.php#L1271 |
# |
Jun 23rd 2021, 21:13 |
kevin.pfeifer |
you can also check `$this->request->getBody();` |
# |
Jun 23rd 2021, 21:12 |
tyler.adam.lazenby |
just wanna do it the cake way as much as possible though |
# |
Jun 23rd 2021, 21:12 |
tyler.adam.lazenby |
I just know that the command above is what works on my old source code |
# |
Jun 23rd 2021, 21:11 |
tyler.adam.lazenby |
I wasn't sure if it would |
# |
Jun 23rd 2021, 21:11 |
kevin.pfeifer |
so does `$this->request->getData();` not return what you expect? |
# |
Jun 23rd 2021, 21:07 |
tyler.adam.lazenby |
basically I need the equivalent of `file_get_contents('php://input')` |
# |
Jun 23rd 2021, 21:06 |
tyler.adam.lazenby |
before I get any further, I would like to ask what you would say to do when I am going to need the request body to be able to hash and see if the signature matches? |
# |
Jun 23rd 2021, 20:17 |
tyler.adam.lazenby |
I know all about that |
# |
Jun 23rd 2021, 20:17 |
steinkel |
but for regular forms you have this one and his cousing ```$this->enableCsrfToken();``` |
# |
Jun 23rd 2021, 20:17 |
tyler.adam.lazenby |
I was avoiding using the enablecsrf() |
# |
Jun 23rd 2021, 20:16 |
tyler.adam.lazenby |
yeah] |
# |
Jun 23rd 2021, 20:16 |
steinkel |
hehe, well you actually don't want that at all in a webhook |
# |
Jun 23rd 2021, 20:16 |
kevin.pfeifer |
well that would have been a good info at the start of this whole journey :) |
# |
Jun 23rd 2021, 20:16 |
steinkel |
integration unit tests |
# |
Jun 23rd 2021, 20:15 |
steinkel |
```$this->enableSecurityToken();``` you have that for unit tests |
# |
Jun 23rd 2021, 20:14 |
tyler.adam.lazenby |
and that finally got me to be able to post on unit tests! |
# |
Jun 23rd 2021, 20:14 |
tyler.adam.lazenby |
Thank you |
# |
Jun 23rd 2021, 20:14 |
steinkel |
in any case, validate your inputs to ensure they match your expected types and limits |
# |
Jun 23rd 2021, 20:13 |
steinkel |
yeah, some checksum calculated with a salted hash based on selected params, or similar approach would work just fine |
# |
Jun 23rd 2021, 20:13 |
tyler.adam.lazenby |
oh I will. I am going to be following woocommerce's secret validation protecol |
# |
Jun 23rd 2021, 20:12 |
steinkel |
and, for your webhooks ensure you validate your input first thing |
# |
Jun 23rd 2021, 20:12 |
steinkel |
disable it too |
# |
Jun 23rd 2021, 20:12 |
tyler.adam.lazenby |
gawwww |
# |
Jun 23rd 2021, 20:12 |
tyler.adam.lazenby |
ok now i have done that... but now the security component is throwing an error |
# |
Jun 23rd 2021, 20:11 |
steinkel |
https://book.cakephp.org/4/en/controllers/components/form-protection.html#disabling-form-tampering-for-specific-actions |
# |
Jun 23rd 2021, 20:11 |
tyler.adam.lazenby |
That is exactly what I am trying to disable... I don't know how |
# |
Jun 23rd 2021, 20:10 |
steinkel |
you are not posting a form |
# |
Jun 23rd 2021, 20:10 |
steinkel |
don't enable FormProtection in your webhooks, they are going to be called by an external entity that's not going to get the required tokens configured |
# |
Jun 23rd 2021, 20:09 |
tyler.adam.lazenby |
Which I don't understand because the action is literally just going to be an endpoint for a webhook |
# |
Jun 23rd 2021, 20:04 |
tyler.adam.lazenby |
@kevin.pfeifer Form protection. sorry I didn't flag |
# |
Jun 23rd 2021, 20:02 |
tyler.adam.lazenby |
FormProtection |
# |
Jun 23rd 2021, 20:02 |
kevin.pfeifer |
@tyler.adam.lazenby this exception only gets thrown by either the SecurityComponent or the FormProtector. Can you tell from the callstack which it is? |