bug #39871 [Notifier] [OvhCloud] “Invalid signature” for message with slashes (OneT0uch)
This PR was squashed before being merged into the 5.1 branch.
Discussion
----------
[Notifier] [OvhCloud] “Invalid signature” for message with slashes
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #39836 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
Test to show issue of invalid signature when message contains slash.
Commits
-------
9f01fb84b7 [Notifier] [OvhCloud] “Invalid signature” for message with slashes
This commit is contained in:
Oskar Stark
commit
1c9d2c8982
@ -75,14 +75,16 @@ final class OvhCloudTransport extends AbstractTransport
|
||||
$now = time() + $this->calculateTimeDelta();
|
||||
$headers['X-Ovh-Application'] = $this->applicationKey;
|
||||
$headers['X-Ovh-Timestamp'] = $now;
|
||||
$headers['Content-Type'] = 'application/json';
|
||||
|
||||
$toSign = $this->applicationSecret.'+'.$this->consumerKey.'+POST+'.$endpoint.'+'.json_encode($content, \JSON_UNESCAPED_SLASHES).'+'.$now;
|
||||
$body = json_encode($content, \JSON_UNESCAPED_SLASHES);
|
||||
$toSign = $this->applicationSecret.'+'.$this->consumerKey.'+POST+'.$endpoint.'+'.$body.'+'.$now;
|
||||
$headers['X-Ovh-Consumer'] = $this->consumerKey;
|
||||
$headers['X-Ovh-Signature'] = '$1$'.sha1($toSign);
|
||||
|
||||
$response = $this->client->request('POST', $endpoint, [
|
||||
'headers' => $headers,
|
||||
'json' => $content,
|
||||
'body' => $body,
|
||||
]);
|
||||
|
||||
if (200 !== $response->getStatusCode()) {
|
||||
|
||||
@ -11,6 +11,8 @@
|
||||
|
||||
namespace Symfony\Component\Notifier\Bridge\OvhCloud\Tests;
|
||||
|
||||
use Symfony\Component\HttpClient\MockHttpClient;
|
||||
use Symfony\Component\HttpClient\Response\MockResponse;
|
||||
use Symfony\Component\Notifier\Bridge\OvhCloud\OvhCloudTransport;
|
||||
use Symfony\Component\Notifier\Message\ChatMessage;
|
||||
use Symfony\Component\Notifier\Message\MessageInterface;
|
||||
@ -44,4 +46,39 @@ final class OvhCloudTransportTest extends TransportTestCase
|
||||
yield [new ChatMessage('Hello!')];
|
||||
yield [$this->createMock(MessageInterface::class)];
|
||||
}
|
||||
|
||||
public function validMessagesProvider(): iterable
|
||||
{
|
||||
yield 'without a slash' => ['hello'];
|
||||
yield 'including a slash' => ['hel/lo'];
|
||||
}
|
||||
|
||||
/**
|
||||
* @group time-sensitive
|
||||
*
|
||||
* @dataProvider validMessagesProvider
|
||||
*/
|
||||
public function testValidSignature(string $message)
|
||||
{
|
||||
$smsMessage = new SmsMessage('0611223344', $message);
|
||||
|
||||
$time = time();
|
||||
|
||||
$lastResponse = new MockResponse();
|
||||
$responses = [
|
||||
new MockResponse((string) $time),
|
||||
$lastResponse,
|
||||
];
|
||||
|
||||
$transport = $this->createTransport(new MockHttpClient($responses));
|
||||
$transport->send($smsMessage);
|
||||
|
||||
$body = $lastResponse->getRequestOptions()['body'];
|
||||
$headers = $lastResponse->getRequestOptions()['headers'];
|
||||
$signature = explode(': ', $headers[4])[1];
|
||||
|
||||
$endpoint = 'https://eu.api.ovh.com/1.0/sms/serviceName/jobs';
|
||||
$toSign = 'applicationSecret+consumerKey+POST+'.$endpoint.'+'.$body.'+'.$time;
|
||||
$this->assertSame('$1$'.sha1($toSign), $signature);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user