From 9f01fb84b73f39aa140c907254f5c442860d9939 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20DELCEY?= Date: Mon, 18 Jan 2021 11:05:31 +0100 Subject: [PATCH] =?UTF-8?q?[Notifier]=20[OvhCloud]=20=E2=80=9CInvalid=20si?= =?UTF-8?q?gnature=E2=80=9D=20for=20message=20with=20slashes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Bridge/OvhCloud/OvhCloudTransport.php | 6 ++- .../OvhCloud/Tests/OvhCloudTransportTest.php | 37 +++++++++++++++++++ 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Notifier/Bridge/OvhCloud/OvhCloudTransport.php b/src/Symfony/Component/Notifier/Bridge/OvhCloud/OvhCloudTransport.php index 4d737019c332c..d114186a68834 100644 --- a/src/Symfony/Component/Notifier/Bridge/OvhCloud/OvhCloudTransport.php +++ b/src/Symfony/Component/Notifier/Bridge/OvhCloud/OvhCloudTransport.php @@ -75,14 +75,16 @@ protected function doSend(MessageInterface $message): void $now = time() + $this->calculateTimeDelta(); $headers['X-Ovh-Application'] = $this->applicationKey; $headers['X-Ovh-Timestamp'] = $now; + $headers['Content-Type'] = 'application/json'; - $toSign = $this->applicationSecret.'+'.$this->consumerKey.'+POST+'.$endpoint.'+'.json_encode($content, \JSON_UNESCAPED_SLASHES).'+'.$now; + $body = json_encode($content, \JSON_UNESCAPED_SLASHES); + $toSign = $this->applicationSecret.'+'.$this->consumerKey.'+POST+'.$endpoint.'+'.$body.'+'.$now; $headers['X-Ovh-Consumer'] = $this->consumerKey; $headers['X-Ovh-Signature'] = '$1$'.sha1($toSign); $response = $this->client->request('POST', $endpoint, [ 'headers' => $headers, - 'json' => $content, + 'body' => $body, ]); if (200 !== $response->getStatusCode()) { diff --git a/src/Symfony/Component/Notifier/Bridge/OvhCloud/Tests/OvhCloudTransportTest.php b/src/Symfony/Component/Notifier/Bridge/OvhCloud/Tests/OvhCloudTransportTest.php index 8d45cae600a47..848d3a51c9283 100644 --- a/src/Symfony/Component/Notifier/Bridge/OvhCloud/Tests/OvhCloudTransportTest.php +++ b/src/Symfony/Component/Notifier/Bridge/OvhCloud/Tests/OvhCloudTransportTest.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Notifier\Bridge\OvhCloud\Tests; +use Symfony\Component\HttpClient\MockHttpClient; +use Symfony\Component\HttpClient\Response\MockResponse; use Symfony\Component\Notifier\Bridge\OvhCloud\OvhCloudTransport; use Symfony\Component\Notifier\Message\ChatMessage; use Symfony\Component\Notifier\Message\MessageInterface; @@ -44,4 +46,39 @@ public function unsupportedMessagesProvider(): iterable yield [new ChatMessage('Hello!')]; yield [$this->createMock(MessageInterface::class)]; } + + public function validMessagesProvider(): iterable + { + yield 'without a slash' => ['hello']; + yield 'including a slash' => ['hel/lo']; + } + + /** + * @group time-sensitive + * + * @dataProvider validMessagesProvider + */ + public function testValidSignature(string $message) + { + $smsMessage = new SmsMessage('0611223344', $message); + + $time = time(); + + $lastResponse = new MockResponse(); + $responses = [ + new MockResponse((string) $time), + $lastResponse, + ]; + + $transport = $this->createTransport(new MockHttpClient($responses)); + $transport->send($smsMessage); + + $body = $lastResponse->getRequestOptions()['body']; + $headers = $lastResponse->getRequestOptions()['headers']; + $signature = explode(': ', $headers[4])[1]; + + $endpoint = 'https://eu.api.ovh.com/1.0/sms/serviceName/jobs'; + $toSign = 'applicationSecret+consumerKey+POST+'.$endpoint.'+'.$body.'+'.$time; + $this->assertSame('$1$'.sha1($toSign), $signature); + } }