public void WhenPreAuthenticateWithOnGetSecretAndRightSignature_ThenPopulatesSession()
{
var body = Encoding.UTF8.GetBytes("abody");
var signature = Webhooks.Security.HmacUtils.CreateHmacSignature(body, "asecret");
using (var stream = MemoryStreamFactory.GetStream(body))
{
var request = new MockHttpRequest
{
InputStream = stream,
Headers = new NameValueCollection
{
{ WebhookEventConstants.SecretSignatureHeaderName, signature },
{ WebhookEventConstants.RequestIdHeaderName, "arequestid" }
},
IsSecureConnection = true
};
provider.Secret = null;
provider.OnGetSecret = (req, name) => provider.Secret = "asecret";
provider.PreAuthenticate(request, new MockHttpResponse(request));
var session = request.GetSession();
Assert.That(session.Id, Is.Not.Null);
Assert.That(session.IsAuthenticated, Is.True);
Assert.That(session.UserAuthId, Is.EqualTo("arequestid"));
Assert.That(session.UserAuthName, Is.EqualTo("localhost"));
Assert.That(session.UserName, Is.EqualTo("localhost"));
}
}
public void WhenPreAuthenticateAndNoSignature_ThenCreatesNoSession()
{
var request = new MockHttpRequest();
var response = new MockHttpResponse(request);
provider.PreAuthenticate(request, response);
var session = request.GetSession();
Assert.That(session.Id, Is.Not.Null);
Assert.That(session.IsAuthenticated, Is.False);
}
