public void if_sonarqube_auth_header_is_missing_the_signature_should_not_be_valid()
        {
            // Arrange
            var    request                = TestFactory.CreateHttpRequest();
            string requestBody            = "";
            string sonarqubeWebhookSecret = "";

            // Act
            var  sonarqubeSecretValidator = new SonarqubeSecretValidator();
            bool isValidSignature         = sonarqubeSecretValidator.IsValidSignature(request, requestBody, sonarqubeWebhookSecret);

            // Assert
            Assert.False(isValidSignature);
        }
        public void if_sonarqube_auth_header_exists_but_has_invalid_hash_the_signature_should_not_be_valid()
        {
            // Arrange
            string sonarqubeAuthHash = "someinvalidhash";
            var    request           = TestFactory.CreateHttpRequest(new Dictionary <string, string>()
            {
                { SonarqubeSecretValidator.SonarqubeAuthSignatureHeaderName, sonarqubeAuthHash }
            });
            string requestBody            = "{\"test\":\"test\"}"; // Some test data, doesn't matter
            string sonarqubeWebhookSecret = "somesecret";

            // Act
            var  sonarqubeSecretValidator = new SonarqubeSecretValidator();
            bool isValidSignature         = sonarqubeSecretValidator.IsValidSignature(request, requestBody, sonarqubeWebhookSecret);

            // Assert
            Assert.False(isValidSignature);
        }
        public void if_sonarqube_auth_header_exists_and_has_valid_has_has_the_signature_should_be_valid()
        {
            // Arrange
            var    sonarqubeSecretValidator = new SonarqubeSecretValidator();
            string requestBody            = "{\"test\":\"test\"}"; // Some test data, doesn't matter
            string sonarqubeWebhookSecret = "somesecret";          // Some secret, doesn't matter
            // Calculate what the hash would be based on request body and secret
            string sonarqubeAuthHash = sonarqubeSecretValidator.GetHMACSHA256Hash(requestBody, sonarqubeWebhookSecret);
            // Set the valid hash on the request header
            var request = TestFactory.CreateHttpRequest(new Dictionary <string, string>()
            {
                { SonarqubeSecretValidator.SonarqubeAuthSignatureHeaderName, sonarqubeAuthHash }
            });

            // Act
            bool isValidSignature = sonarqubeSecretValidator.IsValidSignature(request, requestBody, sonarqubeWebhookSecret);

            // Assert
            Assert.True(isValidSignature);
        }