Skip to content
Snippets Groups Projects
Commit 052616fe authored by Klaus Fischer's avatar Klaus Fischer
Browse files

Problems with Mocking WebRequest due to internal contructor

parent 4c7553da
No related branches found
No related tags found
1 merge request!4Feature/563 check callback
using System.Net;
using System.Reflection;
using System.Security.Cryptography;
using System.Text;
using Autofac;
using Autofac.Core.Activators.Reflection;
using FitConnect.Encryption;
using FitConnect.Interfaces.Subscriber;
using FitConnect.Models;
......@@ -202,11 +205,22 @@ public class Subscriber : FitConnectClient,
Logger?.LogInformation("Submission completed {status}", result);
}
public static void VerifyCallback(WebRequest request) {
public static bool VerifyCallback(WebRequest request) {
var timestamp = long.Parse(request.Headers["callback-timestamp"] ?? "0");
if (timestamp < DateTime.Now.AddMinutes(-5).ToEpochTime())
throw new ArgumentException("Request is too old");
var secret = request.Headers["callback-authentication"] ?? "";
using var requestStream = request.GetRequestStream();
var content = new StreamReader(requestStream).ReadToEnd();
var hmac = new HMACSHA512(Encoding.UTF8.GetBytes(secret)).ComputeHash(
Encoding.UTF8.GetBytes(request.Headers["callback-timestamp"] + "." + content));
var hmacString = Convert.ToHexString(hmac);
if (hmacString != secret)
throw new ArgumentException("Request is not authentic");
return true;
}
}
......
using System;
using System.IO;
using System.Net;
using System.Text;
using FluentAssertions;
using IdentityModel;
using Moq;
using NUnit.Framework;
namespace IntegrationTests;
......@@ -18,25 +21,62 @@ public class CallbackTest {
//
// {"type":"https://schema.fitko.de/fit-connect/submission-api/callbacks/new-submissions","submissionIds":["f39ab143-d91a-474a-b69f-b00f1a1873c2"]}
Request = HttpWebRequest.Create(
var request = HttpWebRequest.Create(
"https://fachverfahren.beispielstadt.example.org/callbacks/fit-connect");
Request.Headers.Add("callback-authentication",
request.Headers.Add("callback-authentication",
"798cd0edb70c08e5b32aa8a18cbbc8ff6b3078c51af6d011ff4e32e470c746234fc4314821fe5185264b029e962bd37de33f3b9fc5f1a93c40ce6672845e90df");
Request.Headers.Add("callback-timestamp", "1641066653");
Request.Method = "POST";
Request.GetRequestStream().Write(Encoding.UTF8.GetBytes(
"{\"type\":\"https://schema.fitko.de/fit-connect/submission-api/callbacks/new-submissions\",\"submissionIds\":[\"f39ab143-d91a-474a-b69f-b00f1a1873c2\"]}"));
request.Headers.Add("callback-timestamp", DateTime.Now.ToEpochTime().ToString());
request.Method = "POST";
request.ContentType = "application/json";
var memoryStream = new MemoryStream();
var streamWriter = new StreamWriter(memoryStream);
streamWriter.WriteLine(
"{\"type\":\"https://schema.fitko.de/fit-connect/submission-api/callbacks/new-submissions\",\"submissionIds\":[\"f39ab143-d91a-474a-b69f-b00f1a1873c2\"]}");
streamWriter.Flush();
memoryStream.Position = 0;
var mock =
new Mock<HttpWebRequest>(
"https://fachverfahren.beispielstadt.example.org/callbacks/fit-connect");
mock.Setup(w => w.ContentType).Returns("application/json");
mock.Setup(w => w.Headers).Returns(request.Headers);
mock.Setup(w => w.Method).Returns("POST");
mock.Setup(w => w.GetRequestStream()).Returns(memoryStream);
mock.Setup(w => w.RequestUri)
.Returns(new Uri(
"https://fachverfahren.beispielstadt.example.org/callbacks/fit-connect"));
Request = mock.Object;
}
[Test]
public void ValidRequest() {
Request.Should().NotBeNull();
// Assert
FitConnect.Subscriber.VerifyCallback(Request).Should().Be(true);
}
[Test]
public void CheckRequestAge_Fails() {
Assert.Throws<ArgumentException>(() => {
FitConnect.Subscriber.VerifyCallback(Request);
}).Message.Should().Be("Request is too old");
public void RequestAge_Fails() {
// Arrange
Request.Headers["callback-timestamp"] = "1641066653";
// Atc
// Assert
Assert.Throws<ArgumentException>(() => { FitConnect.Subscriber.VerifyCallback(Request); })
.Message.Should().Be("Request is too old");
}
[Test]
public void RequestAuthentication_Fails() {
// Arrange
Request.Headers["callback-authentication"] =
"898cd0edb70c08e5b32aa8a18cbbc8ff6b3078c51af6d011ff4e32e470c746234fc4314821fe5185264b029e962bd37de33f3b9fc5f1a93c40ce6672845e90df";
// Atc
// Assert
Assert.Throws<ArgumentException>(() => { FitConnect.Subscriber.VerifyCallback(Request); })
.Message.Should().Be("Request is not authentic");
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment