DE-1411 Remove deprecated VerifyWebhookRequest() method (#374)

mailgun.go

@@ -199,7 +199,6 @@ type Mailgun interface {
 	DeleteWebhook(ctx context.Context, kind string) error
 	GetWebhook(ctx context.Context, kind string) ([]string, error)
 	UpdateWebhook(ctx context.Context, kind string, url []string) error
-	VerifyWebhookRequest(req *http.Request) (verified bool, err error)
 	VerifyWebhookSignature(sig Signature) (verified bool, err error)
 
 	ListMailingLists(opts *ListOptions) *ListsIterator

webhooks.go

@@ -10,7 +10,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"net/http"
 
 	"github.com/mailgun/mailgun-go/v4/events"
 )
@@ -108,20 +107,20 @@ func (mg *MailgunImpl) UpdateWebhook(ctx context.Context, name string, urls []st
 	return err
 }
 
-// Represents the signature portion of the webhook POST body
+// Signature represents the signature portion of the webhook POST body
 type Signature struct {
 	TimeStamp string `json:"timestamp"`
 	Token     string `json:"token"`
 	Signature string `json:"signature"`
 }
 
-// Represents the JSON payload provided when a Webhook is called by mailgun
+// WebhookPayload represents the JSON payload provided when a Webhook is called by mailgun
 type WebhookPayload struct {
 	Signature Signature      `json:"signature"`
 	EventData events.RawJSON `json:"event-data"`
 }
 
-// Use this method to parse the webhook signature given as JSON in the webhook response
+// VerifyWebhookSignature - use this method to parse the webhook signature given as JSON in the webhook response
 func (mg *MailgunImpl) VerifyWebhookSignature(sig Signature) (verified bool, err error) {
 	h := hmac.New(sha256.New, []byte(mg.WebhookSigningKey()))
 
@@ -145,30 +144,3 @@ func (mg *MailgunImpl) VerifyWebhookSignature(sig Signature) (verified bool, err
 
 	return subtle.ConstantTimeCompare(signature, calculatedSignature) == 1, nil
 }
-
-// Deprecated: Please use the VerifyWebhookSignature() to parse the latest
-// version of WebHooks from mailgun
-func (mg *MailgunImpl) VerifyWebhookRequest(req *http.Request) (verified bool, err error) {
-	h := hmac.New(sha256.New, []byte(mg.WebhookSigningKey()))
-
-	_, err = io.WriteString(h, req.FormValue("timestamp"))
-	if err != nil {
-		return false, err
-	}
-
-	_, err = io.WriteString(h, req.FormValue("token"))
-	if err != nil {
-		return false, err
-	}
-
-	calculatedSignature := h.Sum(nil)
-	signature, err := hex.DecodeString(req.FormValue("signature"))
-	if err != nil {
-		return false, err
-	}
-	if len(calculatedSignature) != len(signature) {
-		return false, nil
-	}
-
-	return subtle.ConstantTimeCompare(signature, calculatedSignature) == 1, nil
-}

webhooks_test.go

@@ -99,40 +99,6 @@ func TestVerifyWebhookSignature(t *testing.T) {
 	}
 }
 
-func TestVerifyWebhookRequest_Form(t *testing.T) {
-	mg := mailgun.NewMailgun(testDomain, testKey)
-	mg.SetWebhookSigningKey(testWebhookSigningKey)
-
-	for _, v := range signedTests {
-		fields := getSignatureFields(mg.WebhookSigningKey(), v)
-		req := buildFormRequest(context.Background(), fields)
-
-		verified, err := mg.VerifyWebhookRequest(req)
-		require.NoError(t, err)
-
-		if v != verified {
-			t.Errorf("VerifyWebhookRequest should return '%v' but got '%v'", v, verified)
-		}
-	}
-}
-
-func TestVerifyWebhookRequest_MultipartForm(t *testing.T) {
-	mg := mailgun.NewMailgun(testDomain, testKey)
-	mg.SetWebhookSigningKey(testWebhookSigningKey)
-
-	for _, v := range signedTests {
-		fields := getSignatureFields(mg.WebhookSigningKey(), v)
-		req := buildMultipartFormRequest(context.Background(), fields)
-
-		verified, err := mg.VerifyWebhookRequest(req)
-		require.NoError(t, err)
-
-		if v != verified {
-			t.Errorf("VerifyWebhookRequest should return '%v' but got '%v'", v, verified)
-		}
-	}
-}
-
 func buildFormRequest(ctx context.Context, fields map[string]string) *http.Request {
 	values := url.Values{}