fixes

maticzav · maticzav · commit 780bcdd8ca12 · 2025-08-22T13:37:00.000+01:00
diff --git a/README.md b/README.md
@@ -123,9 +123,9 @@ async def webhook(request: Request):
 
     verified_webhook: Webhook = verify_webhook_event_signature(
         body=body,
-        signature=signature,
         timestamp=timestamp,
         secret=SECRET_KEY,
+        expected_signature=signature,
     )
 
     if verified_webhook is not None:
diff --git a/examples/webhooks.py b/examples/webhooks.py
@@ -49,7 +49,7 @@ def main() -> None:
 
     verified_webhook = verify_webhook_event_signature(
         body=evt,
-        signature=signature,
+        expected_signature=signature,
         timestamp=timestamp,
         secret=SECRET,
     )
diff --git a/src/browser_use_sdk/lib/webhooks.py b/src/browser_use_sdk/lib/webhooks.py
@@ -78,7 +78,7 @@ def create_webhook_signature(payload: Any, timestamp: str, secret: str) -> str:
 
 def verify_webhook_event_signature(
     body: Union[Dict[str, Any], str],
-    signature: str,
+    expected_signature: str,
     timestamp: str,
     #
     secret: str,
@@ -127,7 +127,7 @@ def verify_webhook_event_signature(
             payload=webhook_event.payload.model_dump(), timestamp=timestamp, secret=secret
         )
 
-        if not hmac.compare_digest(signature, expected_signature):
+        if not hmac.compare_digest(expected_signature, expected_signature):
             return None
 
         return webhook_event
diff --git a/tests/test_webhooks.py b/tests/test_webhooks.py
@@ -8,8 +8,6 @@
 from browser_use_sdk.lib.webhooks import (
     WebhookTest,
     WebhookTestPayload,
-    WebhookAgentTaskStatusUpdate,
-    WebhookAgentTaskStatusUpdatePayload,
     create_webhook_signature,
     verify_webhook_event_signature,
 )
@@ -23,17 +21,15 @@ def test_create_webhook_signature() -> None:
 
     signature = create_webhook_signature(payload, timestamp, secret)
 
-    # Signature should be a hex string
     assert isinstance(signature, str)
-    assert len(signature) == 64  # SHA256 hex length
+    assert len(signature) == 64
 
-    # Same inputs should produce same signature
     signature2 = create_webhook_signature(payload, timestamp, secret)
     assert signature == signature2
 
-    # Different payload should produce different signature
     different_payload = {"test": "different"}
     different_signature = create_webhook_signature(different_payload, timestamp, secret)
+
     assert signature != different_signature
 
 
@@ -51,7 +47,10 @@ def test_verify_webhook_event_signature_valid() -> None:
 
     # Verify signature
     verified_webhook = verify_webhook_event_signature(
-        body=webhook.model_dump(), secret=secret, signature=signature, timestamp=timestamp
+        body=webhook.model_dump(),
+        secret=secret,
+        timestamp=timestamp,
+        expected_signature=signature,
     )
 
     assert verified_webhook is not None
@@ -68,67 +67,43 @@ def test_verify_webhook_event_signature_invalid_signature() -> None:
     payload = WebhookTestPayload(test="ok")
     webhook = WebhookTest(type="test", timestamp=datetime.now(timezone.utc), payload=payload)
 
-    # Use invalid signature
-    invalid_signature = "invalid_signature_123"
-
     verified_webhook = verify_webhook_event_signature(
-        body=webhook.model_dump(), secret=secret, signature=invalid_signature, timestamp=timestamp
+        body=webhook.model_dump(),
+        secret=secret,
+        timestamp=timestamp,
+        expected_signature="random_invalid_signature",
     )
 
     assert verified_webhook is None
 
 
 def test_verify_webhook_event_signature_wrong_secret() -> None:
     """Test webhook signature verification with wrong secret."""
-    secret = "test-secret-key"
-    wrong_secret = "wrong-secret-key"
+
     timestamp = "2023-01-01T00:00:00Z"
 
     # Create test webhook
     payload = WebhookTestPayload(test="ok")
     webhook = WebhookTest(type="test", timestamp=datetime.now(timezone.utc), payload=payload)
 
     # Create signature with correct secret
-    signature = create_webhook_signature(webhook.payload.model_dump(), timestamp, secret)
+    signature = create_webhook_signature(
+        payload=webhook.payload.model_dump(),
+        timestamp=timestamp,
+        secret="test-secret-key",
+    )
 
     # Verify with wrong secret
     verified_webhook = verify_webhook_event_signature(
-        body=webhook.model_dump(), secret=wrong_secret, signature=signature, timestamp=timestamp
+        body=webhook.model_dump(),
+        secret="wrong-secret-key",
+        timestamp=timestamp,
+        expected_signature=signature,
     )
 
     assert verified_webhook is None
 
 
-def test_verify_webhook_event_signature_agent_task_status_update() -> None:
-    """Test webhook signature verification for agent task status update."""
-    secret = "test-secret-key"
-    timestamp = "2023-01-01T00:00:00Z"
-
-    # Create agent task status update webhook
-    payload = WebhookAgentTaskStatusUpdatePayload(
-        session_id="sess_123", task_id="task_456", status="started", metadata={"progress": 25}
-    )
-
-    webhook = WebhookAgentTaskStatusUpdate(
-        type="agent.task.status_update", timestamp=datetime.now(timezone.utc), payload=payload
-    )
-
-    # Create signature
-    signature = create_webhook_signature(webhook.payload.model_dump(), timestamp, secret)
-
-    # Verify signature
-    verified_webhook = verify_webhook_event_signature(
-        body=webhook.model_dump(), secret=secret, signature=signature, timestamp=timestamp
-    )
-
-    assert verified_webhook is not None
-    assert isinstance(verified_webhook, WebhookAgentTaskStatusUpdate)
-    assert verified_webhook.payload.session_id == "sess_123"
-    assert verified_webhook.payload.status == "started"
-    assert verified_webhook.payload.metadata is not None
-    assert verified_webhook.payload.metadata["progress"] == 25
-
-
 def test_verify_webhook_event_signature_string_body() -> None:
     """Test webhook signature verification with string body."""
     secret = "test-secret-key"
@@ -143,7 +118,7 @@ def test_verify_webhook_event_signature_string_body() -> None:
 
     # Verify with string body
     verified_webhook = verify_webhook_event_signature(
-        body=webhook.model_dump(), secret=secret, signature=signature, timestamp=timestamp
+        body=webhook.model_dump(), secret=secret, expected_signature=signature, timestamp=timestamp
     )
 
     assert verified_webhook is not None
@@ -159,7 +134,7 @@ def test_verify_webhook_event_signature_invalid_body() -> None:
     invalid_body: Dict[str, Any] = {"type": "invalid_type", "timestamp": "invalid", "payload": {}}
 
     verified_webhook = verify_webhook_event_signature(
-        body=invalid_body, secret=secret, signature="some_signature", timestamp=timestamp
+        body=invalid_body, secret=secret, expected_signature="some_signature", timestamp=timestamp
     )
 
     assert verified_webhook is None

Original file line number	Diff line number	Diff line change
`@@ -123,9 +123,9 @@ async def webhook(request: Request):`
`123`	`123`
`124`	`124`	`verified_webhook: Webhook = verify_webhook_event_signature(`
`125`	`125`	`body=body,`
`126`		`- signature=signature,`
`127`	`126`	`timestamp=timestamp,`
`128`	`127`	`secret=SECRET_KEY,`
	`128`	`+ expected_signature=signature,`
`129`	`129`	`)`
`130`	`130`
`131`	`131`	`if verified_webhook is not None:`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ def main() -> None:`
`49`	`49`
`50`	`50`	`verified_webhook = verify_webhook_event_signature(`
`51`	`51`	`body=evt,`
`52`		`- signature=signature,`
	`52`	`+ expected_signature=signature,`
`53`	`53`	`timestamp=timestamp,`
`54`	`54`	`secret=SECRET,`
`55`	`55`	`)`
Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ def create_webhook_signature(payload: Any, timestamp: str, secret: str) -> str:`
`78`	`78`
`79`	`79`	`def verify_webhook_event_signature(`
`80`	`80`	`body: Union[Dict[str, Any], str],`
`81`		`- signature: str,`
	`81`	`+ expected_signature: str,`
`82`	`82`	`timestamp: str,`
`83`	`83`	`#`
`84`	`84`	`secret: str,`
`@@ -127,7 +127,7 @@ def verify_webhook_event_signature(`
`127`	`127`	`payload=webhook_event.payload.model_dump(), timestamp=timestamp, secret=secret`
`128`	`128`	`)`
`129`	`129`
`130`		`- if not hmac.compare_digest(signature, expected_signature):`
	`130`	`+ if not hmac.compare_digest(expected_signature, expected_signature):`
`131`	`131`	`return None`
`132`	`132`
`133`	`133`	`return webhook_event`