public void OnBeginRequest(Object source, EventArgs e)
{
HttpApplication app = (HttpApplication)source;
ContextWrapper wrapper = new ContextWrapper()
{
context = app.Context,
IsCompleted = false
};
logger.Trace("Request started from " + wrapper.context.Request.UserHostAddress);
RequestVerifier checkClientIp = new RequestVerifier(AclGuard.CheckClientIp);
//TODO: add full set of guard checks
}
protected virtual async Task <(bool Result, string Body)> IsValid(RequestVerifier verifier, Microsoft.AspNetCore.Http.HttpRequest request)
{
long.TryParse(request.Headers[RequestVerifier.TimestampHeaderName], out var timestamp);
if (RequireBodyRewind)
{
request.EnableBuffering();
}
using var sr = new StreamReader(request.Body);
var bodyText = await sr.ReadToEndAsync();
if (RequireBodyRewind)
{
request.Body.Position = 0;
}
var result = verifier.Verify(request.Headers[RequestVerifier.SignatureHeaderName], timestamp, bodyText);
return(result, bodyText);
}
public async Task WhenMethodPOST()
{
// Arrange
var context = new DefaultHttpContext();
var middleware = new RequestVerifier((innerHttpContext) =>
{
throw new NotImplementedException("// Some implementation goes here; it's not important for this exercise");
});
middleware.Requestdate = new DateTime(2019, 4, 1); // Passing date April 1
context.Request.Method = "POST"; // Method POST
context.Request.Path = "/Coffee/api/1"; // REQUEST PATH Starts with /Coffeee (case-insensitive)
context.Response.Body = new MemoryStream();
await middleware.Invoke(context);
context.Response.Body.Seek(0, SeekOrigin.Begin);
var reader = new StreamReader(context.Response.Body);
var streamText = reader.ReadToEnd();
var objResponse = JsonConvert.DeserializeObject <object>(streamText);
Assert.Equal(418, context.Response.StatusCode);
}
public async Task WhenMethodNot_GETPOSTDELTE()
{
// Arrange
var context = new DefaultHttpContext();
var middleware = new RequestVerifier((innerHttpContext) =>
{
throw new NotImplementedException("// Some implementation goes here; it's not important for this exercise");
});
middleware.Requestdate = new DateTime(2019, 4, 1); // Date is April 1 //CHANGE THIS DATE TO ANY OTHER DATE
context.Request.Method = "PUT"; // REQUEST METHOD IS PUT AND NOT MENTIONED IN REQUIREMENT CHANGE THIS METHOD TO TEST OTHER
context.Request.Path = "/api/1"; // CHANGE THIS PATH TO ANY OTHER like /Coffee/api/1
context.Response.Body = new MemoryStream();
await middleware.Invoke(context);
context.Response.Body.Seek(0, SeekOrigin.Begin);
var reader = new StreamReader(context.Response.Body);
var streamText = reader.ReadToEnd();
var objResponse = JsonConvert.DeserializeObject <object>(streamText);
Assert.Equal((int)HttpStatusCode.OK, context.Response.StatusCode);
}
public HttpRequestEndpoint(string signingSecret, bool requireBodyRewind = false, TimeSpan?verifierTolerance = null)
{
Verifier = new RequestVerifier(signingSecret, verifierTolerance);
RequireBodyRewind = requireBodyRewind;
}
public void VerifierFailsAlteredSig()
{
var verifier = new RequestVerifier(SigningSecret);
Assert.False(verifier.Verify(ExpectedSig, Timestamp, Body));
}
public void VerifierValidatesExpectedSig()
{
var verifier = new RequestVerifier(SigningSecret, TimeSpan.MaxValue);
Assert.True(verifier.Verify(ExpectedSig, Timestamp, Body));
}
public void VerifierGeneratesCorrectSig()
{
var sig = RequestVerifier.GenerateSignature(SigningSecret, Timestamp, Body);
Assert.Equal(ExpectedSig, sig);
}
