public void OnBeginRequest(Object source, EventArgs e) { HttpApplication app = (HttpApplication)source; ContextWrapper wrapper = new ContextWrapper() { context = app.Context, IsCompleted = false }; logger.Trace("Request started from " + wrapper.context.Request.UserHostAddress); RequestVerifier checkClientIp = new RequestVerifier(AclGuard.CheckClientIp); //TODO: add full set of guard checks }
protected virtual async Task <(bool Result, string Body)> IsValid(RequestVerifier verifier, Microsoft.AspNetCore.Http.HttpRequest request) { long.TryParse(request.Headers[RequestVerifier.TimestampHeaderName], out var timestamp); if (RequireBodyRewind) { request.EnableBuffering(); } using var sr = new StreamReader(request.Body); var bodyText = await sr.ReadToEndAsync(); if (RequireBodyRewind) { request.Body.Position = 0; } var result = verifier.Verify(request.Headers[RequestVerifier.SignatureHeaderName], timestamp, bodyText); return(result, bodyText); }
public async Task WhenMethodPOST() { // Arrange var context = new DefaultHttpContext(); var middleware = new RequestVerifier((innerHttpContext) => { throw new NotImplementedException("// Some implementation goes here; it's not important for this exercise"); }); middleware.Requestdate = new DateTime(2019, 4, 1); // Passing date April 1 context.Request.Method = "POST"; // Method POST context.Request.Path = "/Coffee/api/1"; // REQUEST PATH Starts with /Coffeee (case-insensitive) context.Response.Body = new MemoryStream(); await middleware.Invoke(context); context.Response.Body.Seek(0, SeekOrigin.Begin); var reader = new StreamReader(context.Response.Body); var streamText = reader.ReadToEnd(); var objResponse = JsonConvert.DeserializeObject <object>(streamText); Assert.Equal(418, context.Response.StatusCode); }
public async Task WhenMethodNot_GETPOSTDELTE() { // Arrange var context = new DefaultHttpContext(); var middleware = new RequestVerifier((innerHttpContext) => { throw new NotImplementedException("// Some implementation goes here; it's not important for this exercise"); }); middleware.Requestdate = new DateTime(2019, 4, 1); // Date is April 1 //CHANGE THIS DATE TO ANY OTHER DATE context.Request.Method = "PUT"; // REQUEST METHOD IS PUT AND NOT MENTIONED IN REQUIREMENT CHANGE THIS METHOD TO TEST OTHER context.Request.Path = "/api/1"; // CHANGE THIS PATH TO ANY OTHER like /Coffee/api/1 context.Response.Body = new MemoryStream(); await middleware.Invoke(context); context.Response.Body.Seek(0, SeekOrigin.Begin); var reader = new StreamReader(context.Response.Body); var streamText = reader.ReadToEnd(); var objResponse = JsonConvert.DeserializeObject <object>(streamText); Assert.Equal((int)HttpStatusCode.OK, context.Response.StatusCode); }
public HttpRequestEndpoint(string signingSecret, bool requireBodyRewind = false, TimeSpan?verifierTolerance = null) { Verifier = new RequestVerifier(signingSecret, verifierTolerance); RequireBodyRewind = requireBodyRewind; }
public void VerifierFailsAlteredSig() { var verifier = new RequestVerifier(SigningSecret); Assert.False(verifier.Verify(ExpectedSig, Timestamp, Body)); }
public void VerifierValidatesExpectedSig() { var verifier = new RequestVerifier(SigningSecret, TimeSpan.MaxValue); Assert.True(verifier.Verify(ExpectedSig, Timestamp, Body)); }
public void VerifierGeneratesCorrectSig() { var sig = RequestVerifier.GenerateSignature(SigningSecret, Timestamp, Body); Assert.Equal(ExpectedSig, sig); }