TrimStrings middleware breaks signature verification

[mpociot]

• Cashier Paddle Version: 1.4.4
• Laravel Version: 8.43.0
• PHP Version: 8.0.5

Description:

When a user enters any data with a leading/trailing whitespace, the signature verification is broken, because the TrimStrings middleware removed the whitespace, while the provided signature expects the whitespace.

Steps To Reproduce:

Perform a Paddle request with a leading/trailing whitespace.

[driesvints]

Can you give a specific example of how to do this?

[mpociot]

It happened to me when having a whitespace in a passthrough parameter, but I think if you have whitespace in your name, it should happen too

[driesvints]

@mpociot I'll take a look tomorrow 👍

[driesvints]

This all works for me:

Auth::user()->charge(12.55, 'Test Charge', ['passthrough' => ['test' => ' Test with space ']]);

I tried also to set the name on the card with a leading and trailing space. Funny thing is that Paddle marked the name as invalid when I have a leading space but it doesn't when I have a trailing space. In any case, the trailing space also didn't cause the signature to be broken. I'll need more specific steps to reproduce this.

[mpociot]

Okay, then this only happens with a passthrough that contains a leading space:

Auth::user()->charge(12.55, 'Test Charge', ['passthrough' => '    Uh Oh']);

[driesvints]

That's not possible. You should get an exception for that. It's not possible to do a charge like that. The passthrough should always be an array. Are you overwriting this somehow?

cashier-paddle/src/Concerns/PerformsCharges.php

Lines 67 to 69 in 31c5c18

	if (! is_array($payload['passthrough'])) {
	throw new LogicException('The value for "passthrough" always needs to be an array.');
	}