Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecated Property Warnings in EventWebhook Signature Verification with PHP 8.2 #1108

Closed
supercrocman opened this issue May 29, 2024 · 4 comments · Fixed by #1111
Closed

Comments

@supercrocman
Copy link

Issue Summary

The issue involves using the convertPublicKeyToECDSA and verifySignature functions in the SendGrid PHP client library. When executing these functions, deprecated warnings are logged.

Steps to Reproduce

  1. Call the convertPublicKeyToECDSA function with the SendGrid webhook public key.
  2. Use the output of the first function as input to the verifySignature function along with the request content and headers.

Code Snippet

$eventWebhook = new EventWebhook();
$ecPublicKey = $eventWebhook->convertPublicKeyToECDSA($_ENV['SENDGRID_WEBHOOK_PUBLIC_KEY']);
return $eventWebhook->verifySignature(
            $ecPublicKey,
            $request->getContent(),
            $request->headers->get(EventWebhookHeader::SIGNATURE),
            $request->headers->get(EventWebhookHeader::TIMESTAMP)
        );

Exception/Log

Deprecated: Creation of dynamic property EllipticCurve\PublicKey::$pem is deprecated
Deprecated: Creation of dynamic property EllipticCurve\Signature::$der is deprecated

Technical details:

  • sendgrid-php version: 8.1.1
  • php version: 8.2.19
@ChrisHSandN
Copy link

We are also waiting for this. I opened a SendGrid support ticket and after some struggles they agreed to "submit a JIRA" on the 16th May 2024. Its been almost a month now and still no change.

The EllipticCurve deprecations come from starkbank/ecdsa which is set to version 0.* in composer.json. There is a new version 2.1 https://github.com/starkbank/ecdsa-php which likely fixes the issue.

On a related note sendgrid/sendgrid-php prerequisites requires

PHP version 7.3, 7.4, 8.0, or 8.1

These versions are all outside of active support, and only 8.1 is still in security support. Could we please get official PHP 8.2/8.3 support!

@ChrisHSandN
Copy link

Well Sendgrid closed my support ticket in relation to this issue as "fixed" today 😒

I am getting the distinct feeling that SendGrid is just being left to decay by Twillo with some minimal outsourcing to keep the lights on...

@ChrisHSandN
Copy link

Dear Sendgrid, you will be pleased to learn that PHP 8.4 has been released today...

Its now been 1 year 11 months and 13 days since your library stopped explicitly supporting the latest active PHP versions. Others are starting to notice and ask about it too #1114

@thinkingserious I see you were a major contributor to this library in the past and still work at Twilio, Inc. Any chance you could ask the right people why this library isn't being updated anymore?

@tiwarishubham635
Copy link
Contributor

The PR has been merged. This will be available in the release on coming Thursday!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants