ayan.poddar/eShopOnContainers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

forcing granturl to be in same origin as hook url

Browse Source
This commit is contained in:
eiximenis 2019-02-11 12:17:26 +01:00
parent 71e3839056
commit dc36826ec1
3 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Services/Webhooks/Webhooks.API/Controllers/WebhooksController.cs
View File

@ -67,7 +67,7 @@ namespace Webhooks.API.Controllers
var userId = _identityService.GetUserIdentity(); var userId = _identityService.GetUserIdentity();
var grantOk = await _grantUrlTester.TestGrantUrl(request.GrantUrl, request.Token ?? string.Empty); var grantOk = await _grantUrlTester.TestGrantUrl(request.Url, request.GrantUrl, request.Token ?? string.Empty);
if (grantOk) if (grantOk)
{ {

20
src/Services/Webhooks/Webhooks.API/Services/GrantUrlTesterService.cs
View File

@ -1,6 +1,5 @@
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using System; using System;
using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Net.Http; using System.Net.Http;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -17,8 +16,15 @@ namespace Webhooks.API.Services
_logger = logger; _logger = logger;
} }
public async Task<bool> TestGrantUrl(string url, string token) public async Task<bool> TestGrantUrl(string urlHook, string url, string token)
{ {
if (!CheckSameOrigin(urlHook, url))
{
_logger.LogWarning($"Url of the hook ({urlHook} and the grant url ({url} do not belong to same origin)");
return false;
}
var client = _clientFactory.CreateClient("GrantClient"); var client = _clientFactory.CreateClient("GrantClient");
var msg = new HttpRequestMessage(HttpMethod.Options, url); var msg = new HttpRequestMessage(HttpMethod.Options, url);
msg.Headers.Add("X-eshop-whtoken", token); msg.Headers.Add("X-eshop-whtoken", token);
@ -37,5 +43,15 @@ namespace Webhooks.API.Services
return false; return false;
} }
} }
private bool CheckSameOrigin(string urlHook, string url)
{
var firstUrl = new Uri(urlHook, UriKind.Absolute);
var secondUrl = new Uri(url, UriKind.Absolute);
return firstUrl.Scheme == secondUrl.Scheme &&
firstUrl.Port == secondUrl.Port &&
firstUrl.Host == firstUrl.Host;
}
} }
} }

2
src/Services/Webhooks/Webhooks.API/Services/IGrantUrlTesterService.cs
View File

@ -7,6 +7,6 @@ namespace Webhooks.API.Services
{ {
public interface IGrantUrlTesterService public interface IGrantUrlTesterService
{ {
Task<bool> TestGrantUrl(string url, string token); Task<bool> TestGrantUrl(string urlHook, string url, string token);
} }
} }