From 47e3a46995dba3977befdd0fcf41901834e55fc1 Mon Sep 17 00:00:00 2001
From: dev-prakhar <prakhar@pushowl.com>
Date: Wed, 26 Jan 2022 11:50:11 +0530
Subject: [PATCH 1/2] Changed Webhook Auth Logic

---
 smoothcode_auth/__init__.py | 2 +-
 smoothcode_auth/auth.py     | 4 ++--
 tests/test_auth.py          | 6 +++---
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/smoothcode_auth/__init__.py b/smoothcode_auth/__init__.py
index 2cad53c..6086ca0 100644
--- a/smoothcode_auth/__init__.py
+++ b/smoothcode_auth/__init__.py
@@ -4,4 +4,4 @@
 
 from .auth import SmoothCodeAuth
 
-__version__ = '0.0.2'
+__version__ = '0.0.3'
diff --git a/smoothcode_auth/auth.py b/smoothcode_auth/auth.py
index f8e3a79..b758500 100644
--- a/smoothcode_auth/auth.py
+++ b/smoothcode_auth/auth.py
@@ -12,5 +12,5 @@ def is_dashboard_request(self, shop: str):
         return generate_hmac(self.client_secret, shop) == self.hmac
 
     def is_webhook_request(self, webhook_data: dict):
-        stringfied_webhook_data = json.dumps(webhook_data, separators=(',', ':'))
-        return generate_hmac(self.client_secret, stringfied_webhook_data) == self.hmac
+        webhook_id = webhook_data.get('id')
+        return generate_hmac(self.client_secret, str(webhook_id)) == self.hmac
diff --git a/tests/test_auth.py b/tests/test_auth.py
index 637eb6b..b8d30f4 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -14,10 +14,10 @@ def test_is_dashboard_request_with_incorrect_data(self):
 
     def test_is_webhook_request_with_correct_data(self):
         client_secret = 'client_secret'
-        request_hmac = '656718377faf656ccc037d8607ebfe3434197981aa1362db81210252ce92cd5c'
-        assert SmoothCodeAuth(request_hmac, client_secret).is_webhook_request({'request': 'webhook'})
+        request_hmac = '3999c5c10e23bee670e28ad67f446ac5e7b9c47ca1ee39c4bdf0c7bf056f8d71'
+        assert SmoothCodeAuth(request_hmac, client_secret).is_webhook_request({'id': 1235643534})
 
     def test_is_webhook_request_with_incorrect_data(self):
         client_secret = 'client_secret'
         request_hmac = 'request_hmac'
-        assert not SmoothCodeAuth(request_hmac, client_secret).is_webhook_request({'request': 'webhook'})
+        assert not SmoothCodeAuth(request_hmac, client_secret).is_webhook_request({'id': 'webhook'})

From 52f790905ca1138b708540ac99398c3f257e6914 Mon Sep 17 00:00:00 2001
From: dev-prakhar <prakhar@pushowl.com>
Date: Wed, 26 Jan 2022 11:51:15 +0530
Subject: [PATCH 2/2] Updated Readme

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 65c5ad8..bfb3094 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ SmoothCodeAuth(request_hmac, client_secret).is_dashboard_request(shop) # returns
 from smoothcode_auth import SmoothCodeAuth
 
 # SmoothCode sends hmac in the Authorization Header of the request
-# It is hmac of the webhook data signed by your App Client Secret
+# It is hmac of the webhook id signed by your App Client Secret
 
 SmoothCodeAuth(request_hmac, client_secret).is_webhook_request(webhook_data) # returns True if the request is valid
 ```