removing hmac signature verification feature

README.md

@@ -150,7 +150,6 @@ and max number of retries
     * [.publishEvent(cloudEvent)](#EventsCoreAPI+publishEvent) ⇒ <code>Promise.&lt;string&gt;</code>
     * [.getEventsFromJournal(journalUrl, [eventsJournalOptions], [fetchResponseHeaders])](#EventsCoreAPI+getEventsFromJournal) ⇒ <code>Promise.&lt;object&gt;</code>
     * [.getEventsObservableFromJournal(journalUrl, [eventsJournalOptions], [eventsJournalPollingOptions])](#EventsCoreAPI+getEventsObservableFromJournal) ⇒ <code>Observable</code>
-    * ~~[.verifySignatureForEvent(event, clientSecret, signatureHeaderValue)](#EventsCoreAPI+verifySignatureForEvent) ⇒ <code>boolean</code>~~
     * [.verifyDigitalSignatureForEvent(event, recipientClientId, [signatureOptions])](#EventsCoreAPI+verifyDigitalSignatureForEvent) ⇒ <code>boolean</code>
 
 <a name="EventsCoreAPI+httpOptions"></a>
@@ -454,22 +453,6 @@ and leverage the various <a href="https://rxjs-dev.firebaseapp.com/guide/operato
 | [eventsJournalOptions] | [<code>EventsJournalOptions</code>](#EventsJournalOptions) | Query options to send with the Journal URL |
 | [eventsJournalPollingOptions] | [<code>EventsJournalPollingOptions</code>](#EventsJournalPollingOptions) | Journal polling options |
 
-<a name="EventsCoreAPI+verifySignatureForEvent"></a>
-
-### ~~eventsCoreAPI.verifySignatureForEvent(event, clientSecret, signatureHeaderValue) ⇒ <code>boolean</code>~~
-***Deprecated***
-
-Authenticating events by verifying signature
-
-**Kind**: instance method of [<code>EventsCoreAPI</code>](#EventsCoreAPI)  
-**Returns**: <code>boolean</code> - If signature matches return true else return false  
-
-| Param | Type | Description |
-| --- | --- | --- |
-| event | <code>object</code> | JSON payload delivered to the registered webhook URL |
-| clientSecret | <code>string</code> | Client secret can be retrieved from the Adobe I/O Console integration |
-| signatureHeaderValue | <code>string</code> | Value of x-adobe-signature header in each POST request to the registered webhook URL |
-
 <a name="EventsCoreAPI+verifyDigitalSignatureForEvent"></a>
 
 ### eventsCoreAPI.verifyDigitalSignatureForEvent(event, recipientClientId, [signatureOptions]) ⇒ <code>boolean</code>

src/index.js

@@ -23,8 +23,6 @@ const logger = require('@adobe/aio-lib-core-logging')(loggerNamespace,
   { level: process.env.LOG_LEVEL })
 const { codes } = require('./SDKErrors')
 const fetchRetryClient = require('@adobe/aio-lib-core-networking')
-const hmacSHA256 = require('crypto-js/hmac-sha256')
-const Base64 = require('crypto-js/enc-base64')
 
 const EventsConsumerFromJournal = require('./journalling')
 
@@ -485,25 +483,6 @@ class EventsCoreAPI {
     return (new EventsConsumerFromJournal(this, journalUrl, eventsJournalOptions, eventsJournalPollingOptions)).asObservable()
   }
 
-  /**
-   * Authenticating events by verifying hmac signature
-   *
-   * @param {object} event JSON payload delivered to the registered webhook URL
-   * @param {string} clientSecret Client secret can be retrieved from the Adobe I/O Console integration
-   * @param {string} deprecatedSignature Value of x-adobe-signature header in each POST request to the registered webhook URL
-   * @returns {boolean} If signature matches return true else return false
-   * @deprecated
-   */
-  verifySignatureForEvent (event, clientSecret, deprecatedSignature) {
-    if (clientSecret !== null && typeof (clientSecret) !== 'undefined') {
-      const hmacDigest = Base64.stringify(hmacSHA256(JSON.stringify(event), clientSecret))
-      return hmacDigest === deprecatedSignature
-    } else {
-      logger.error('invalid or missing client secret')
-      return false
-    }
-  }
-
   /**
    * Authenticating events by verifying digital signature
    *

test/index.test.js

@@ -571,24 +571,6 @@ describe('Get events observable from journal', () => {
   })
 })
 
-describe('Authenticate event with deprecated hmac signature', () => {
-  it('Verify event signature successfully', async () => {
-    const sdkClient = await createSdkClient()
-    const verified = await sdkClient.verifySignatureForEvent({ hello: 'world' }, 'client-secret', 'hXC8F1eTt8Xmz7ec/9MkHqfzubDCSfGsgb8dWD0F+hQ=')
-    expect(verified).toBe(true)
-  })
-  it('Verify event signature with error', async () => {
-    const sdkClient = await createSdkClient()
-    const verified = await sdkClient.verifySignatureForEvent({ hello: 'world' }, 'client-secret', 'hXC8F11eTt8Xmz7ec/9MkHqfzubDCSfGsgb8dWD0F+hQ=')
-    expect(verified).toBe(false)
-  })
-  it('Verify invalid client secret', async () => {
-    const sdkClient = await createSdkClient()
-    const verified = await sdkClient.verifySignatureForEvent({ hello: 'world' }, undefined, 'hXC8F11eTt8Xmz7ec/9MkHqfzubDCSfGsgb8dWD0F+hQ=')
-    expect(verified).toBe(false)
-  })
-})
-
 describe('Authenticate event with digital signatures', () => {
   const event = mock.data.testEvent.event
   const signatureOptions = mock.data.signatureOptions.params

types.d.ts

@@ -214,16 +214,6 @@ declare class EventsCoreAPI {
      * @returns {Observable<object>} observable to which the user can subscribe to in order to listen to events
      */
     getEventsObservableFromJournal(journalUrl: string, eventsJournalOptions?: EventsJournalOptions, eventsJournalPollingOptions?: EventsJournalPollingOptions): Observable<object>;
-    /**
-     * Authenticating events by verifying signature
-     *
-     * @param {object} event JSON payload delivered to the registered webhook URL
-     * @param {string} clientSecret Client secret can be retrieved from the Adobe I/O Console integration
-     * @param {string} signatureHeaderValue Value of x-adobe-signature header in each POST request to the registered webhook URL
-     * @returns {boolean} If signature matches return true else return false
-     * @deprecated
-     */
-    verifySignatureForEvent(event: any, clientSecret: string, signatureHeaderValue: string): boolean;
 
     /**
      * Authenticating events by verifying digital signature