public TrelloWebHookReceiverTests()
 {
     byte[] secret = Encoding.UTF8.GetBytes(TestSecret);
     using (var hasher = new HMACSHA1(secret))
     {
         byte[] data       = Encoding.UTF8.GetBytes(TestContent);
         byte[] requestUri = Encoding.UTF8.GetBytes(TestAddress);
         byte[] combo      = new byte[data.Length + requestUri.Length];
         Buffer.BlockCopy(data, 0, combo, 0, data.Length);
         Buffer.BlockCopy(requestUri, 0, combo, data.Length, requestUri.Length);
         byte[] testHash = hasher.ComputeHash(combo);
         _signature = EncodingUtilities.ToBase64(testHash, uriSafe: false);
     }
 }
        public async Task ReceiveAsync_Throws_IfPostHasInvalidSignature()
        {
            // Arrange
            Initialize(TestSecret);
            var invalid = EncodingUtilities.ToBase64(Encoding.UTF8.GetBytes("你好世界"), uriSafe: false);

            _postRequest.Headers.Add(TrelloWebHookReceiver.SignatureHeaderName, invalid);

            // Act
            var actual = await ReceiverMock.Object.ReceiveAsync(TestId, RequestContext, _postRequest);

            // Assert
            var error = await actual.Content.ReadAsAsync <HttpError>();

            Assert.Equal("The WebHook signature provided by the 'x-trello-webhook' header field does not match the value expected by the 'TrelloWebHookReceiverProxy' receiver. WebHook request is invalid.", error.Message);
            ReceiverMock.Protected()
            .Verify <Task <HttpResponseMessage> >("ExecuteWebHookAsync", Times.Never(), TestId, RequestContext, _postRequest, ItExpr.IsAny <IEnumerable <string> >(), ItExpr.IsAny <object>());
        }
Beispiel #3
0
        /// <summary>
        /// Gets the event data for this ID from the authenticated source so that we know that it is valid.
        /// </summary>
        protected virtual async Task <JObject> GetEventDataAsync(HttpRequestMessage request, string id, string notificationId)
        {
            if (request == null)
            {
                throw new ArgumentNullException("request");
            }
            if (id == null)
            {
                throw new ArgumentNullException("id");
            }
            if (notificationId == null)
            {
                throw new ArgumentNullException("notificationId");
            }

            // Create HTTP request for requesting authoritative event data from Stripe
            string secretKey = await GetReceiverConfig(request, Name, id, SecretMinLength, SecretMaxLength);

            string             address = string.Format(CultureInfo.InvariantCulture, EventUriTemplate, notificationId);
            HttpRequestMessage req     = new HttpRequestMessage(HttpMethod.Get, address);

            byte[] challenge = Encoding.UTF8.GetBytes(secretKey + ":");
            req.Headers.Authorization = new AuthenticationHeaderValue("Basic", EncodingUtilities.ToBase64(challenge, uriSafe: false));

            using (HttpResponseMessage rsp = await _httpClient.SendAsync(req))
            {
                if (!rsp.IsSuccessStatusCode)
                {
                    string msg = string.Format(CultureInfo.CurrentCulture, StripeReceiverResources.Receiver_BadId, notificationId);
                    request.GetConfiguration().DependencyResolver.GetLogger().Error(msg);
                    HttpResponseMessage badId = request.CreateErrorResponse(HttpStatusCode.BadRequest, msg);
                    throw new HttpResponseException(badId);
                }

                JObject result = await rsp.Content.ReadAsAsync <JObject>();

                return(result);
            }
        }