ayan.poddar
/
eShopOnContainers
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 19 Wiki Activity
Browse Source

forcing granturl to be in same origin as hook url

pull/937/head
eiximenis 6 years ago
parent
71e3839056
commit
dc36826ec1
3 changed files with 20 additions and 4 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      src/Services/Webhooks/Webhooks.API/Controllers/WebhooksController.cs
  2. +18
    -2
      src/Services/Webhooks/Webhooks.API/Services/GrantUrlTesterService.cs
  3. +1
    -1
      src/Services/Webhooks/Webhooks.API/Services/IGrantUrlTesterService.cs

+ 1
- 1
src/Services/Webhooks/Webhooks.API/Controllers/WebhooksController.cs View File

@ -67,7 +67,7 @@ namespace Webhooks.API.Controllers
var userId = _identityService.GetUserIdentity(); var userId = _identityService.GetUserIdentity();
var grantOk = await _grantUrlTester.TestGrantUrl(request.GrantUrl, request.Token ?? string.Empty);
var grantOk = await _grantUrlTester.TestGrantUrl(request.Url, request.GrantUrl, request.Token ?? string.Empty);
if (grantOk) if (grantOk)
{ {


+ 18
- 2
src/Services/Webhooks/Webhooks.API/Services/GrantUrlTesterService.cs View File

@ -1,6 +1,5 @@
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using System; using System;
using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Net.Http; using System.Net.Http;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -17,8 +16,15 @@ namespace Webhooks.API.Services
_logger = logger; _logger = logger;
} }
public async Task<bool> TestGrantUrl(string url, string token)
public async Task<bool> TestGrantUrl(string urlHook, string url, string token)
{ {
if (!CheckSameOrigin(urlHook, url))
{
_logger.LogWarning($"Url of the hook ({urlHook} and the grant url ({url} do not belong to same origin)");
return false;
}
var client = _clientFactory.CreateClient("GrantClient"); var client = _clientFactory.CreateClient("GrantClient");
var msg = new HttpRequestMessage(HttpMethod.Options, url); var msg = new HttpRequestMessage(HttpMethod.Options, url);
msg.Headers.Add("X-eshop-whtoken", token); msg.Headers.Add("X-eshop-whtoken", token);
@ -37,5 +43,15 @@ namespace Webhooks.API.Services
return false; return false;
} }
} }
private bool CheckSameOrigin(string urlHook, string url)
{
var firstUrl = new Uri(urlHook, UriKind.Absolute);
var secondUrl = new Uri(url, UriKind.Absolute);
return firstUrl.Scheme == secondUrl.Scheme &&
firstUrl.Port == secondUrl.Port &&
firstUrl.Host == firstUrl.Host;
}
} }
} }

+ 1
- 1
src/Services/Webhooks/Webhooks.API/Services/IGrantUrlTesterService.cs View File

@ -7,6 +7,6 @@ namespace Webhooks.API.Services
{ {
public interface IGrantUrlTesterService public interface IGrantUrlTesterService
{ {
Task<bool> TestGrantUrl(string url, string token);
Task<bool> TestGrantUrl(string urlHook, string url, string token);
} }
} }

Write Preview
Loading…
Cancel
Save