Closed italopessoa closed 2 weeks ago
The recent changes introduce a new authorization filter for validating Mercado Pago Webhook messages using HMAC signatures. This includes the creation of new classes and methods for the filter and HMAC signature validation, updates to existing controller imports, and comprehensive unit tests to ensure proper functionality and security. These enhancements bolster the security and integrity of webhook communications for the application.
File(s) | Change Summary |
---|---|
.../Auth/MercadoPagoMessageAuthorizationFilter.cs |
Introduced MercadoPagoMessageAuthorizationFilter class to validate Mercado Pago Webhook messages using HMAC signatures. |
.../Webhook/MercadoPagoController.cs |
Updated import statement to reference Api.Auth namespace instead of MercadoPago.Gateway.Auth . |
.../Security/MercadoPagoHmacSignatureValidator.cs |
Added MercadoPagoHmacSignatureValidator class and IMercadoPagoHmacSignatureValidator interface for validating HMAC signatures. |
.../Auth/MercadoPagoMessageAuthorizationFilterTest.cs |
Added test cases for MercadoPagoMessageAuthorizationFilter including success, unauthorized access, and exception handling scenarios. |
tests/FIAP.TechChallenge.ByteMeBurger.Api.Test/FIAP.TechChallenge.ByteMeBurger.Api.Test.csproj |
Added project reference to FIAP.TechChallenge.ByteMeBurger.MercadoPago.Gateway.csproj . |
.../Security/MercadoPagoHmacSignatureValidatorTest.cs |
Added test cases for MercadoPagoHmacSignatureValidator including constructor validation and authorization scenarios with different input values. |
sequenceDiagram
participant Client
participant MercadoPagoController
participant MercadoPagoMessageAuthorizationFilter
participant MercadoPagoHmacSignatureValidator
Client->>MercadoPagoController: Send Webhook Request
MercadoPagoController->>MercadoPagoMessageAuthorizationFilter: OnAuthorization(context)
MercadoPagoMessageAuthorizationFilter->>MercadoPagoHmacSignatureValidator: TryToValidate(signature, requestParams)
MercadoPagoHmacSignatureValidator-->>MercadoPagoMessageAuthorizationFilter: Validation Result
MercadoPagoMessageAuthorizationFilter-->>MercadoPagoController: Authorization Result
MercadoPagoController-->>Client: Response (Authorized/Unauthorized)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
98