public void To_check_it_is_valid_request_test()
{
var requestProperties = new Mock <RequestProperties>("GET", "", "", "");
var request = new Mock <Request>(requestProperties.Object);
RequestValidator.IsValidRequest(request.Object).Should().Be(true);
}
public void ItShouldReturnTrueWhenTheGeneratedAndExpectedSignaturesMatch()
{
RequestValidator validator = new RequestValidator();
bool isValid = validator.IsValidRequest(
"sha1=7ef2f3063ac865672e979b42272b8d5c81240190",
"312725802",
"some payload"
);
Assert.IsTrue(isValid);
}
public void ItShouldReturnFalseWhenTheGeneratedAndExpectedSignaturesDoNotMatch()
{
RequestValidator validator = new RequestValidator();
bool isValid = validator.IsValidRequest(
"sha1=7ef2f3063ac8656segs5e372b8d5c81240190",
"some-key",
"some payload"
);
Assert.IsFalse(isValid);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var twilioAuthToken = ConfigurationManager.AppSettings[_twilioAuthTokenKey];
var context = ((HttpApplication)filterContext.HttpContext.GetService(typeof(HttpApplication))).Context;
var isValidRequest = _requestValidator.IsValidRequest(context, twilioAuthToken);
if (!isValidRequest && !_isTestEnvironment)
{
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
}
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var validator = new RequestValidator();
var context = ((HttpApplication)filterContext.HttpContext.GetService(typeof(HttpApplication))).Context;
if (!validator.IsValidRequest(context, AuthToken, UrlOverride))
{
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
filterContext.HttpContext.Response.SuppressContent = true;
filterContext.HttpContext.ApplicationInstance.CompleteRequest();
}
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var validator = new RequestValidator();
var context = ((HttpApplication)filterContext.HttpContext.GetService(typeof(HttpApplication))).Context;
if (!validator.IsValidRequest(context, AuthToken, UrlOverride))
{
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
filterContext.HttpContext.Response.SuppressContent = true;
filterContext.HttpContext.ApplicationInstance.CompleteRequest();
}
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var validator = new RequestValidator();
var context = ((HttpApplication)filterContext.HttpContext.GetService(typeof(HttpApplication))).Context;
if (!validator.IsValidRequest(context, AuthToken, UrlOverride))
{
//This did not actually stop the Action execution, so its been replaced by the Result below
//filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
//filterContext.HttpContext.Response.SuppressContent = true;
//filterContext.HttpContext.ApplicationInstance.CompleteRequest();
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
}
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var validator = new RequestValidator();
var context = ((HttpApplication)filterContext.HttpContext.GetService(typeof(HttpApplication))).Context;
if (!validator.IsValidRequest(context, AuthToken, UrlOverride))
{
//This did not actually stop the Action execution, so its been replaced by the Result below
//filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
//filterContext.HttpContext.Response.SuppressContent = true;
//filterContext.HttpContext.ApplicationInstance.CompleteRequest();
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
}
base.OnActionExecuting(filterContext);
}
private void ValidateRequest(TwilioNotifier notifier)
{
var httpContext = System.Web.HttpContext.Current;
if (httpContext == null) // We are not coming via the http stack so don't validate.
{
return;
}
// To validate a dev request we need to ignore any ADC transformations that may have occurred.
var externalAddress = ConfigurationSettings.GetSiteConfigurationSection().SiteSettings.Address;
var alternativeUrl = $"https://{externalAddress}{httpContext.Request.Url.PathAndQuery}";
bool isValid = _validator.IsValidRequest(httpContext, notifier.TpAuthToken, alternativeUrl);
if (!isValid)
{
throw new TwilioValidationException();
}
}
public void A_null_request_should_not_be_a_valid_request_test()
{
RequestValidator.IsValidRequest(null).Should().Be(false);
}