Merge pull request #1083 from andersjonsson/fix-timestamp-wsmessagefi…

…lter fix problem with timestamp in WsMessageFilter
DigDes · Oct 1, 2024 · 7d42a70 · 7d42a70
2 parents a2bcb47 + 1ead628
commit 7d42a70
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 1 deletion.
diff --git a/src/SoapCore.Tests/MessageFilter/WsMessageFilterTests.cs b/src/SoapCore.Tests/MessageFilter/WsMessageFilterTests.cs
@@ -33,6 +33,19 @@ public async Task IncorrectCredentialsNotAuthrorized()
 			await filter.OnRequestExecuting(CreateMessage(usernameToken));
 		}
 
+		[TestMethod]
+		[ExpectedException(typeof(InvalidCredentialException))]
+		public async Task IncorrectCredentialsWithTimestampNotAuthrorized()
+		{
+			var usernameToken = new XElement(
+				_wsse + "UsernameToken",
+				new XElement(_wsse + "Username", "INVALID_USERNAME"),
+				new XElement(_wsse + "Password", "INAVLID_PASSWORD"));
+
+			var filter = new WsMessageFilter("yourusername", "yourpassword");
+			await filter.OnRequestExecuting(CreateMessageWithTimestamp(usernameToken));
+		}
+
 		[TestMethod]
 		public async Task PasswordIsOptional()
 		{
@@ -166,5 +179,27 @@ private static Message CreateMessage(XNode usernameToken)
 			var doc = new XDocument(envelope);
 			return Message.CreateMessage(doc.CreateReader(), int.MaxValue, MessageVersion.Soap11);
 		}
+
+		private static Message CreateMessageWithTimestamp(XNode usernameToken)
+		{
+			var envelope = new XElement(
+				_soapenv11 + "Envelope",
+				new XAttribute(XNamespace.Xmlns + "wsse", _wsse.NamespaceName),
+				new XAttribute(XNamespace.Xmlns + "soap", _soapenv11.NamespaceName),
+				new XElement(
+					_soapenv11 + "Header",
+					new XElement(
+						_wsse + "Security",
+						new XElement(_wsse + "Timestamp", new XElement(_wsse + "Created"), new XElement(_wsse + "Expires")),
+						usernameToken)),
+				new XElement(
+					_soapenv11 + "Body",
+					new XElement(
+						XName.Get("Ping", "http://tempuri.org/"),
+						"abc")));
+
+			var doc = new XDocument(envelope);
+			return Message.CreateMessage(doc.CreateReader(), int.MaxValue, MessageVersion.Soap11);
+		}
 	}
 }
diff --git a/src/SoapCore/WsMessageFilter.cs b/src/SoapCore/WsMessageFilter.cs
@@ -70,7 +70,11 @@ private WsUsernameToken GetWsUsernameToken(Message message)
 				if (message.Headers[i].Name.ToLower() == "security")
 				{
 					using var reader = message.Headers.GetReaderAtHeader(i);
-					reader.Read();
+					while (!reader.EOF && reader.LocalName != "UsernameToken")
+					{
+						reader.Read();
+					}
+
 					var serializer = new XmlSerializer(typeof(WsUsernameToken));
 					wsUsernameToken = (WsUsernameToken)serializer.Deserialize(reader);
 				}