cloudinary-laravel icon indicating copy to clipboard operation
cloudinary-laravel copied to clipboard

Published 20 hours ago verified publisher icon cloudinary-community

specify signature_algorithm in the config/cloudinary.php

Open meyer59 opened this issue 2 years ago • 5 comments

Hello It will be great if we can specify some more parameters in the cloudinary.php conf file as mentioned here. Actually, i am trying to specify the signature_algorithm parameter, is there any way to do it with the current package version ? Thank you

meyer59 avatar Mar 23 '22 16:03 meyer59

Please could I have a go at working on this?

tara-matthew avatar Oct 02 '23 14:10 tara-matthew

@tara-matthew assigned to you.

unicodeveloper avatar Oct 03 '23 06:10 unicodeveloper

@unicodeveloper after taking a stab at this seems like the extra env parameters would not be needed since we use the cloudinary url. The extra parameters can be added to the string the signature_algorithm in particular can be added using

cloudinary://cloudinary_url_here?cloud[signature_algorithm]=sha256

relevant cloudinary docs maybe we just need to add some more docs here to let people know

uhexos avatar Oct 12 '23 19:10 uhexos

You might be right. Seems possible.

Have you tried it to see if it actually works?

On Thu, Oct 12, 2023 at 8:16 PM Nwokorobia Ugo @.***> wrote:

@unicodeveloper https://github.com/unicodeveloper after taking a stab at this seems like the extra env parameters would not be needed since we use the cloudinary url. The extra parameters can be added to the string the signature_algorithm in particular can be added using

cloudinary://cloudinary_url_here?cloud[signature_algorithm]=sha256

relevant cloudinary docs https://cloudinary.com/documentation/php_integration#landingpage:~:text=You%20can%20also%20configure%20parameters%20for%20an%20instance%20via%20environment%20variable%2C%20for%20example%3A maybe we just need to add some more docs here to let people know

— Reply to this email directly, view it on GitHub https://github.com/cloudinary-devs/cloudinary-laravel/issues/63#issuecomment-1760231865, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAWPNUJXDT7OPXWWU6I62XLX7A6YRANCNFSM5ROPWELA . You are receiving this because you were mentioned.Message ID: @.***>

unicodeveloper avatar Oct 12 '23 19:10 unicodeveloper

tried adding the sha256 and if you set a sha eg 2566 that doesn't exist it throws an error that says you need a enter a valid signature_algorithm. Seems it actually detects the setting. Buuuutt I couldn't actually get it to produce a sha 256 signature.

Given
$uploadedFileUrl = cloudinary()->upload($request->file('file')->getRealPath()); SignatureVerifier::verifyApiResponseSignature($uploadedFileUrl->getPublicId(), $uploadedFileUrl->getVersion(), $uploadedFileUrl->getSignature());

the signature that comes back seems to be sha1 encrypted cause we end up here at which during execution and it returns true public static function generateHmac($payloadToSign, $apiSecret) { return sha1($payloadToSign . $apiSecret); }

Any chance the sha256 is for paying accounts only ?

uhexos avatar Oct 12 '23 19:10 uhexos