public void WhenPreAuthenticateWithOnGetSecretAndRightSignature_ThenPopulatesSession() { var body = Encoding.UTF8.GetBytes("abody"); var signature = Webhooks.Security.HmacUtils.CreateHmacSignature(body, "asecret"); using (var stream = MemoryStreamFactory.GetStream(body)) { var request = new MockHttpRequest { InputStream = stream, Headers = new NameValueCollection { { WebhookEventConstants.SecretSignatureHeaderName, signature }, { WebhookEventConstants.RequestIdHeaderName, "arequestid" } }, IsSecureConnection = true }; provider.Secret = null; provider.OnGetSecret = (req, name) => provider.Secret = "asecret"; provider.PreAuthenticate(request, new MockHttpResponse(request)); var session = request.GetSession(); Assert.That(session.Id, Is.Not.Null); Assert.That(session.IsAuthenticated, Is.True); Assert.That(session.UserAuthId, Is.EqualTo("arequestid")); Assert.That(session.UserAuthName, Is.EqualTo("localhost")); Assert.That(session.UserName, Is.EqualTo("localhost")); } }
public void WhenPreAuthenticateAndNoSignature_ThenCreatesNoSession() { var request = new MockHttpRequest(); var response = new MockHttpResponse(request); provider.PreAuthenticate(request, response); var session = request.GetSession(); Assert.That(session.Id, Is.Not.Null); Assert.That(session.IsAuthenticated, Is.False); }