public TrelloWebHookReceiverTests()
{
byte[] secret = Encoding.UTF8.GetBytes(TestSecret);
using (var hasher = new HMACSHA1(secret))
{
byte[] data = Encoding.UTF8.GetBytes(TestContent);
byte[] requestUri = Encoding.UTF8.GetBytes(TestAddress);
byte[] combo = new byte[data.Length + requestUri.Length];
Buffer.BlockCopy(data, 0, combo, 0, data.Length);
Buffer.BlockCopy(requestUri, 0, combo, data.Length, requestUri.Length);
byte[] testHash = hasher.ComputeHash(combo);
_signature = EncodingUtilities.ToBase64(testHash, uriSafe: false);
}
}
public async Task ReceiveAsync_Throws_IfPostHasInvalidSignature()
{
// Arrange
Initialize(TestSecret);
var invalid = EncodingUtilities.ToBase64(Encoding.UTF8.GetBytes("你好世界"), uriSafe: false);
_postRequest.Headers.Add(TrelloWebHookReceiver.SignatureHeaderName, invalid);
// Act
var actual = await ReceiverMock.Object.ReceiveAsync(TestId, RequestContext, _postRequest);
// Assert
var error = await actual.Content.ReadAsAsync <HttpError>();
Assert.Equal("The WebHook signature provided by the 'x-trello-webhook' header field does not match the value expected by the 'TrelloWebHookReceiverProxy' receiver. WebHook request is invalid.", error.Message);
ReceiverMock.Protected()
.Verify <Task <HttpResponseMessage> >("ExecuteWebHookAsync", Times.Never(), TestId, RequestContext, _postRequest, ItExpr.IsAny <IEnumerable <string> >(), ItExpr.IsAny <object>());
}
/// <summary>
/// Gets the event data for this ID from the authenticated source so that we know that it is valid.
/// </summary>
protected virtual async Task <JObject> GetEventDataAsync(HttpRequestMessage request, string id, string notificationId)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
if (id == null)
{
throw new ArgumentNullException("id");
}
if (notificationId == null)
{
throw new ArgumentNullException("notificationId");
}
// Create HTTP request for requesting authoritative event data from Stripe
string secretKey = await GetReceiverConfig(request, Name, id, SecretMinLength, SecretMaxLength);
string address = string.Format(CultureInfo.InvariantCulture, EventUriTemplate, notificationId);
HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Get, address);
byte[] challenge = Encoding.UTF8.GetBytes(secretKey + ":");
req.Headers.Authorization = new AuthenticationHeaderValue("Basic", EncodingUtilities.ToBase64(challenge, uriSafe: false));
using (HttpResponseMessage rsp = await _httpClient.SendAsync(req))
{
if (!rsp.IsSuccessStatusCode)
{
string msg = string.Format(CultureInfo.CurrentCulture, StripeReceiverResources.Receiver_BadId, notificationId);
request.GetConfiguration().DependencyResolver.GetLogger().Error(msg);
HttpResponseMessage badId = request.CreateErrorResponse(HttpStatusCode.BadRequest, msg);
throw new HttpResponseException(badId);
}
JObject result = await rsp.Content.ReadAsAsync <JObject>();
return(result);
}
}