forcing granturl to be in same origin as hook url

6 years ago · dc36826ec1
--- a/src/Services/Webhooks/Webhooks.API/Controllers/WebhooksController.cs
+++ b/src/Services/Webhooks/Webhooks.API/Controllers/WebhooksController.cs
@ -67,7 +67,7 @@ namespace Webhooks.API.Controllers
            var userId = _identityService.GetUserIdentity();


            var grantOk = await _grantUrlTester.TestGrantUrl(request.GrantUrl, request.Token ?? string.Empty);
            var grantOk = await _grantUrlTester.TestGrantUrl(request.Url, request.GrantUrl, request.Token ?? string.Empty);

            if (grantOk)
            {
--- a/src/Services/Webhooks/Webhooks.API/Services/GrantUrlTesterService.cs
+++ b/src/Services/Webhooks/Webhooks.API/Services/GrantUrlTesterService.cs
@ -1,6 +1,5 @@
 using Microsoft.Extensions.Logging;
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
 using System.Threading.Tasks;
@ -17,8 +16,15 @@ namespace Webhooks.API.Services
            _logger = logger;
        }

        public async Task<bool> TestGrantUrl(string url, string token)
        public async Task<bool> TestGrantUrl(string urlHook, string url, string token)
        {
            if (!CheckSameOrigin(urlHook, url))
            {
                _logger.LogWarning($"Url of the hook ({urlHook} and the grant url ({url} do not belong to same origin)");
                return false;
            }


            var client = _clientFactory.CreateClient("GrantClient");
            var msg = new HttpRequestMessage(HttpMethod.Options, url);
            msg.Headers.Add("X-eshop-whtoken", token);
@ -37,5 +43,15 @@ namespace Webhooks.API.Services
                return false;
            }
        }

        private bool CheckSameOrigin(string urlHook, string url)
        {
            var firstUrl = new Uri(urlHook, UriKind.Absolute);
            var secondUrl = new Uri(url, UriKind.Absolute);

            return firstUrl.Scheme == secondUrl.Scheme &&
                firstUrl.Port == secondUrl.Port &&
                firstUrl.Host == firstUrl.Host;
        }
    }
 }
--- a/src/Services/Webhooks/Webhooks.API/Services/IGrantUrlTesterService.cs
+++ b/src/Services/Webhooks/Webhooks.API/Services/IGrantUrlTesterService.cs
@ -7,6 +7,6 @@ namespace Webhooks.API.Services
 {
    public interface IGrantUrlTesterService
    {
        Task<bool> TestGrantUrl(string url, string token);
        Task<bool> TestGrantUrl(string urlHook, string url, string token);
    }
 }