Fixed an issue with the "OAuth" substring being removed from the "oauth_body_hash" values

jaaufauvre · jaaufauvre · commit 2c6a7a5ed39e · 2021-06-08T14:53:10.000+01:00
diff --git a/Mastercard.Developer.OAuth1Signer.Core/Signers/NetHttpClientSigner.cs b/Mastercard.Developer.OAuth1Signer.Core/Signers/NetHttpClientSigner.cs
@@ -47,7 +47,8 @@ private async Task SignPrivateAsync(HttpRequestMessage request)
             // Generate the header and add it to the request
             var methodString = request.Method.ToString();
             var header = OAuth.GetAuthorizationHeader(request.RequestUri.AbsoluteUri, methodString, payload, Encoding, ConsumerKey, SigningKey);
-            request.Headers.Authorization = new AuthenticationHeaderValue("OAuth", header.Replace("OAuth", string.Empty));
+            var parameter = header.Substring(6, header.Length - 6); // Remove the "OAuth" scheme
+            request.Headers.Authorization = new AuthenticationHeaderValue("OAuth", parameter);
         }
     }
 }
diff --git a/Mastercard.Developer.OAuth1Signer.Tests/NetCore2/Signers/NetHttpClientSignerTest.cs b/Mastercard.Developer.OAuth1Signer.Tests/NetCore2/Signers/NetHttpClientSignerTest.cs
@@ -114,5 +114,24 @@ public void TestSignAsync_ShouldThrowArgumentNullException_WhenNullRequest()
         }
 
         #endregion
+
+        [TestMethod]
+        public void TestSign_ShouldNotRemoveOAuthSubstringFromBodyDigests()
+        {
+            // GIVEN
+            var request = new HttpRequestMessage
+            {
+                Method = HttpMethod.Post,
+                RequestUri = new Uri("https://api.mastercard.com/service"),
+                Content = new StringContent("{ \"uuid\": \"e8b57e13-a771-4d49-9419-4d1168b0a684\" }") // The SHA-256 digest is "ugxcxkGBiQwu5kGnpvKgrbkOAuthLE+qtCXBDeZ/D/I="
+            };
+
+            // WHEN
+            CreateHttpClientSigner().Sign(request);
+
+            // THEN
+            Assert.AreEqual("OAuth", request.Headers.Authorization.Scheme);
+            Assert.IsTrue(request.Headers.Authorization.Parameter.Contains("bkOAuthLE"));
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,8 @@ private async Task SignPrivateAsync(HttpRequestMessage request)`
`47`	`47`	`// Generate the header and add it to the request`
`48`	`48`	`var methodString = request.Method.ToString();`
`49`	`49`	`var header = OAuth.GetAuthorizationHeader(request.RequestUri.AbsoluteUri, methodString, payload, Encoding, ConsumerKey, SigningKey);`
`50`		`- request.Headers.Authorization = new AuthenticationHeaderValue("OAuth", header.Replace("OAuth", string.Empty));`
	`50`	`+ var parameter = header.Substring(6, header.Length - 6); // Remove the "OAuth" scheme`
	`51`	`+ request.Headers.Authorization = new AuthenticationHeaderValue("OAuth", parameter);`
`51`	`52`	`}`
`52`	`53`	`}`
`53`	`54`	`}`