Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
F
FIT-Connect-SDK - .NET
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
FIT-Connect
FIT-Connect-SDK - .NET
Commits
27413871
Commit
27413871
authored
2 years ago
by
Klaus Fischer
Browse files
Options
Downloads
Patches
Plain Diff
Problems with Mocking WebRequest due to internal contructor
parent
ac4efef7
No related branches found
Branches containing commit
No related tags found
Tags containing commit
1 merge request
!6
Routing Api
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
FitConnect/Subscriber.cs
+10
-25
10 additions, 25 deletions
FitConnect/Subscriber.cs
IntegrationTests/CallbackTest.cs
+18
-54
18 additions, 54 deletions
IntegrationTests/CallbackTest.cs
with
28 additions
and
79 deletions
FitConnect/Subscriber.cs
+
10
−
25
View file @
27413871
...
...
@@ -10,7 +10,6 @@ using FitConnect.Models;
using
FitConnect.Models.v1.Api
;
using
FitConnect.Services.Models.v1.Submission
;
using
IdentityModel
;
using
Microsoft.AspNetCore.Http
;
using
Microsoft.Extensions.Logging
;
using
Newtonsoft.Json
;
using
NJsonSchema
;
...
...
@@ -202,34 +201,20 @@ public class Subscriber : FitConnectClient,
Logger
?.
LogInformation
(
"Submission completed {status}"
,
result
);
}
public
static
string
VerifyCallback
(
string
callbackSecret
,
long
timestamp
,
string
body
)
{
public
static
bool
VerifyCallback
(
WebRequest
request
)
{
var
timestamp
=
long
.
Parse
(
request
.
Headers
[
"callback-timestamp"
]
??
"0"
);
if
(
timestamp
<
DateTime
.
Now
.
AddMinutes
(-
5
).
ToEpochTime
())
throw
new
ArgumentException
(
"Request is too old"
);
var
hmac
=
new
HMACSHA512
(
Encoding
.
UTF8
.
GetBytes
(
callbackSecret
))
.
ComputeHash
(
Encoding
.
UTF8
.
GetBytes
(
$"
{
timestamp
}
.
{
body
}
"
));
return
Convert
.
ToHexString
(
hmac
).
ToLower
();
}
public
static
bool
VerifyCallback
(
string
callbackSecret
,
HttpRequest
request
)
{
if
(!
request
.
Headers
.
ContainsKey
(
"callback-timestamp"
))
throw
new
ArgumentException
(
"Missing callback-timestamp header"
);
var
timeStampString
=
request
.
Headers
[
"callback-timestamp"
].
ToString
();
if
(!
long
.
TryParse
(
timeStampString
,
out
var
timestamp
))
{
throw
new
ArgumentException
(
"Invalid callback-timestamp header"
);
}
var
authentication
=
request
.
Headers
[
"callback-authentication"
];
using
var
requestStream
=
request
.
Body
;
var
content
=
new
StreamReader
(
requestStream
).
ReadToEnd
().
Trim
();
var
secret
=
request
.
Headers
[
"callback-authentication"
]
??
""
;
using
var
requestStream
=
request
.
GetRequestStream
();
var
content
=
new
StreamReader
(
requestStream
).
ReadToEnd
();
var
hmac
=
new
HMACSHA512
(
Encoding
.
UTF8
.
GetBytes
(
secret
)).
ComputeHash
(
Encoding
.
UTF8
.
GetBytes
(
request
.
Headers
[
"callback-timestamp"
]
+
"."
+
content
));
var
hmacString
=
Convert
.
ToHexString
(
hmac
);
var
result
=
VerifyCallback
(
callbackSecret
,
timestamp
,
content
);
if
(
result
!=
authentication
)
if
(
hmacString
!=
secret
)
throw
new
ArgumentException
(
"Request is not authentic"
);
return
true
;
}
...
...
This diff is collapsed.
Click to expand it.
IntegrationTests/CallbackTest.cs
+
18
−
54
View file @
27413871
using
System
;
using
System.Collections.Generic
;
using
System.IO
;
using
System.Net
;
using
System.Net.Http
;
using
System.Text
;
using
Autofac
;
using
FluentAssertions
;
using
IdentityModel
;
using
Microsoft.AspNetCore.Http
;
using
Microsoft.Extensions.Primitives
;
using
MockContainer
;
using
Moq
;
using
NUnit.Framework
;
...
...
@@ -17,8 +11,7 @@ namespace IntegrationTests;
[
TestFixture
]
public
class
CallbackTest
{
private
HttpRequest
Request
;
private
string
_callbackSecret
=
""
;
private
WebRequest
Request
;
[
SetUp
]
public
void
Setup
()
{
...
...
@@ -28,13 +21,13 @@ public class CallbackTest {
//
// {"type":"https://schema.fitko.de/fit-connect/submission-api/callbacks/new-submissions","submissionIds":["f39ab143-d91a-474a-b69f-b00f1a1873c2"]}
//
HttpRequest
request = null!;
// request.Headers
//
request.Headers.Add("callback-authentication",
//
"798cd0edb70c08e5b32aa8a18cbbc8ff6b3078c51af6d011ff4e32e470c746234fc4314821fe5185264b029e962bd37de33f3b9fc5f1a93c40ce6672845e90df");
//
request.Headers.Add("callback-timestamp", DateTime.Now.ToEpochTime().ToString());
//
request.Method = "POST";
//
request.ContentType = "application/json";
var
request
=
Http
Web
Request
.
Create
(
"https://fachverfahren.beispielstadt.example.org/callbacks/fit-connect"
);
request
.
Headers
.
Add
(
"callback-authentication"
,
"798cd0edb70c08e5b32aa8a18cbbc8ff6b3078c51af6d011ff4e32e470c746234fc4314821fe5185264b029e962bd37de33f3b9fc5f1a93c40ce6672845e90df"
);
request
.
Headers
.
Add
(
"callback-timestamp"
,
DateTime
.
Now
.
ToEpochTime
().
ToString
());
request
.
Method
=
"POST"
;
request
.
ContentType
=
"application/json"
;
var
memoryStream
=
new
MemoryStream
();
var
streamWriter
=
new
StreamWriter
(
memoryStream
);
...
...
@@ -44,49 +37,24 @@ public class CallbackTest {
streamWriter
.
Flush
();
memoryStream
.
Position
=
0
;
// Request = new DefaultHttpRequest(new DefaultHttpContext()) {
// Body = new StreamBody(memoryStream)
// };
var
headers
=
new
HeaderDictionary
(
new
Dictionary
<
string
,
StringValues
>()
{
{
"callback-timestamp"
,
"1672527599"
},
{
"callback-authentication"
,
"798cd0edb70c08e5b32aa8a18cbbc8ff6b3078c51af6d011ff4e32e470c746234fc4314821fe5185264b029e962bd37de33f3b9fc5f1a93c40ce6672845e90df"
}
});
var
mock
=
new
Mock
<
HttpRequest
>();
new
Mock
<
HttpWebRequest
>(
"https://fachverfahren.beispielstadt.example.org/callbacks/fit-connect"
);
mock
.
Setup
(
w
=>
w
.
ContentType
).
Returns
(
"application/json"
);
mock
.
Setup
(
w
=>
w
.
Headers
).
Returns
(
h
eaders
);
mock
.
Setup
(
w
=>
w
.
Headers
).
Returns
(
request
.
H
eaders
);
mock
.
Setup
(
w
=>
w
.
Method
).
Returns
(
"POST"
);
mock
.
Setup
(
w
=>
w
.
Body
).
Returns
(
memoryStream
);
mock
.
Setup
(
w
=>
w
.
GetRequestStream
()).
Returns
(
memoryStream
);
mock
.
Setup
(
w
=>
w
.
RequestUri
)
.
Returns
(
new
Uri
(
"https://fachverfahren.beispielstadt.example.org/callbacks/fit-connect"
));
Request
=
mock
.
Object
;
_callbackSecret
=
MockContainer
.
Container
.
Create
().
Resolve
<
MockSettings
>().
CallbackSecret
;
}
[
Test
]
public
void
ValidRequest_WithSingeValues
()
{
// Arrange
//Act
var
authentication
=
FitConnect
.
Subscriber
.
VerifyCallback
(
_callbackSecret
,
1672527599
,
"{\"type\":\"https://schema.fitko.de/fit-connect/submission-api/callbacks/new-submissions\",\"submissionIds\":[\"f39ab143-d91a-474a-b69f-b00f1a1873c2\"]}"
);
// Assert
authentication
.
Should
()
.
Be
(
"798cd0edb70c08e5b32aa8a18cbbc8ff6b3078c51af6d011ff4e32e470c746234fc4314821fe5185264b029e962bd37de33f3b9fc5f1a93c40ce6672845e90df"
);
}
[
Test
]
public
void
ValidRequest
()
{
// Assert
FitConnect
.
Subscriber
.
VerifyCallback
(
_callbackSecret
,
Request
).
Should
().
Be
(
true
);
FitConnect
.
Subscriber
.
VerifyCallback
(
Request
).
Should
().
Be
(
true
);
}
[
Test
]
...
...
@@ -96,9 +64,7 @@ public class CallbackTest {
// Atc
// Assert
Assert
.
Throws
<
ArgumentException
>(()
=>
{
FitConnect
.
Subscriber
.
VerifyCallback
(
_callbackSecret
,
Request
);
})
Assert
.
Throws
<
ArgumentException
>(()
=>
{
FitConnect
.
Subscriber
.
VerifyCallback
(
Request
);
})
.
Message
.
Should
().
Be
(
"Request is too old"
);
}
...
...
@@ -110,9 +76,7 @@ public class CallbackTest {
// Atc
// Assert
Assert
.
Throws
<
ArgumentException
>(()
=>
{
FitConnect
.
Subscriber
.
VerifyCallback
(
_callbackSecret
,
Request
);
})
Assert
.
Throws
<
ArgumentException
>(()
=>
{
FitConnect
.
Subscriber
.
VerifyCallback
(
Request
);
})
.
Message
.
Should
().
Be
(
"Request is not authentic"
);
}
}
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment