Add header verification test

[OGKevin]

Steps to reproduce:

1. Response verification should be tested,

What should happen:

1. Response verification is not tested.

What happens:

1. Response verification is tested.

Logs

• Logs no logs

Extra info:

• Tested on 0.12.3

References

• Add header verification test  sdk_php#86
• Ensure that headers are correctly cased before signature verification… #59

[kid-cavaquinho]

@OGKevin what type of tests do you have in mind for it? Unit tests on the level of SecurityUtils.cs, for example? Contract/collaboration tests on ApiClient?

[OGKevin]

@AnTao My initial thought was to mock the returned value of

sdk_csharp/BunqSdk/Http/ApiClient.cs

Line 154 in c71114b

var responseMessage = client.SendAsync(requestMessage).Result;

and then change the x-bunq-header to different caps and ensure that signature verification still works by setting the casing correctly. And another test that changes the value of x-bunq-header and ensure that signature validation fails.

Eventually, we can save save an actual TResult(The type that is returned by the line mentioned above) to a file and create the mock object from the contents saved to that file. And then do the header manipulation from there before it touches the validation code.

[kid-cavaquinho]

@OGKevin perfect. I can pick it. Incoming PR.

[kid-cavaquinho]

@OGKevin I cannot run the current setup of tests. The endpoint and ApiContext tests throw null reference exceptions. Unfortunately I do not have an API key, is it required? Am I missing some configuration file to be able to run these? Thanks in advance.

[OGKevin]

@AnTao yes, it would be ideally that we mock all the requests instead of actually making them! This way we can also use something like Travis to run tests 👍. But that would be a future refactor.

You indeed need an API key for the SANDBOX environment. You can use this key pair, because its sandbox, there is no harm in sharing it publicly, but _don't do this with your production credentials!

"apiKey": "9807ed7aaded6e7026ff46440b09a9d42db81f1eb107e7db93586df3fbef2122"

"docKey": "39ae97a6-c704-4095-bee2-32d9d3c936ee"

You can place the doc key here: https://doc.bunq.com/settings and you will be presented with 3 users you can use to login into the sandbox bunq app which is located here: https://doc.bunq.com/api/1/page/android-emulator-setup

Afterwards, fill in the configuration file with data: https://github.com/bunq/sdk_csharp/blob/develop/BunqSdk.Tests/README.md#configuration

[kid-cavaquinho]

Aww cool @OGKevin thanks for the input. Won't be using it on PROD for the time being. I am a bunq user because I believe in the same ideas behind it and even tough I some ideas for apps, for the time being I just want to contribute 😺

Yes, automation execution of the tests is desirable, with Travis or insert favourite ci/cd tool here. I've been using appveyor for my simple pet projects at home, it is quite simple and does the job effectively.

I will try it tomorrow as I am a bit busy today. I will give you feedback.
Bedankt.

[kid-cavaquinho]

@OGKevin thanks for the update. The keys you provided helped me running the tests locally! 👍

Regarding the issue itself, do you pretend to change the design of ApiClient, by let's say... inject the HttpClient via the ctor? Or having a WrapperClass with the HttpClient dependency so that it can be mocked then in the tests? Also which mocking framework do you favour?

Thanks!

[OGKevin]

Hey @AnTao I think I missed this comment 😓.

I haven't done any research yet regarding how I want to implemented this. I also want to mock all the requests to not make actual requests to our API, but instead read the response from a JSON file. Something like

sdk_csharp/BunqSdk.Tests/Model/Generated/Object/NotificationUrlTest.cs

Line 13 in 9b67332

public class NotificationUrlTest : BunqSdkTestBase

does but then higher in the code. Somewhere around

sdk_csharp/BunqSdk/Http/ApiClient.cs

Line 162 in 9b67332

var responseMessage = client.SendAsync(requestMessage).Result;

or lower but ill create a separate issue for this.

For this particular issue, you might list suggestions on how you feel like implementing this and we can discuss what would be the best solution 👍 .