public void if_sonarqube_auth_header_is_missing_the_signature_should_not_be_valid() { // Arrange var request = TestFactory.CreateHttpRequest(); string requestBody = ""; string sonarqubeWebhookSecret = ""; // Act var sonarqubeSecretValidator = new SonarqubeSecretValidator(); bool isValidSignature = sonarqubeSecretValidator.IsValidSignature(request, requestBody, sonarqubeWebhookSecret); // Assert Assert.False(isValidSignature); }
public void if_sonarqube_auth_header_exists_but_has_invalid_hash_the_signature_should_not_be_valid() { // Arrange string sonarqubeAuthHash = "someinvalidhash"; var request = TestFactory.CreateHttpRequest(new Dictionary <string, string>() { { SonarqubeSecretValidator.SonarqubeAuthSignatureHeaderName, sonarqubeAuthHash } }); string requestBody = "{\"test\":\"test\"}"; // Some test data, doesn't matter string sonarqubeWebhookSecret = "somesecret"; // Act var sonarqubeSecretValidator = new SonarqubeSecretValidator(); bool isValidSignature = sonarqubeSecretValidator.IsValidSignature(request, requestBody, sonarqubeWebhookSecret); // Assert Assert.False(isValidSignature); }
public void if_sonarqube_auth_header_exists_and_has_valid_has_has_the_signature_should_be_valid() { // Arrange var sonarqubeSecretValidator = new SonarqubeSecretValidator(); string requestBody = "{\"test\":\"test\"}"; // Some test data, doesn't matter string sonarqubeWebhookSecret = "somesecret"; // Some secret, doesn't matter // Calculate what the hash would be based on request body and secret string sonarqubeAuthHash = sonarqubeSecretValidator.GetHMACSHA256Hash(requestBody, sonarqubeWebhookSecret); // Set the valid hash on the request header var request = TestFactory.CreateHttpRequest(new Dictionary <string, string>() { { SonarqubeSecretValidator.SonarqubeAuthSignatureHeaderName, sonarqubeAuthHash } }); // Act bool isValidSignature = sonarqubeSecretValidator.IsValidSignature(request, requestBody, sonarqubeWebhookSecret); // Assert Assert.True(isValidSignature); }