Zoom adapter request verification (#241)

* Add Zoom adapter project * Working Zoom adapter including message templates. * Updated Zoom Readme and made some refactorings to solution * Fixed Zoom request verification
BotBuilderCommunity · May 4, 2020 · 8480031 · 8480031
1 parent 008c720
commit 8480031
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/libraries/Bot.Builder.Community.Adapters.Zoom/ZoomAdapter.cs b/libraries/Bot.Builder.Community.Adapters.Zoom/ZoomAdapter.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.Globalization;
 using System.IO;
+using System.Linq;
 using System.Security.Authentication;
 using System.Text;
 using System.Threading;
@@ -13,6 +14,7 @@
 using Microsoft.Bot.Schema;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Primitives;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Linq;
 using Newtonsoft.Json.Serialization;
@@ -64,6 +66,13 @@ public async Task ProcessAsync(HttpRequest httpRequest, HttpResponse httpRespons
                 throw new ArgumentNullException(nameof(bot));
             }
 
+            if (_options.ValidateIncomingZoomRequests &&
+                httpRequest.Headers.TryGetValue("HeaderAuthorization", out StringValues headerAuthorization)
+                && headerAuthorization.FirstOrDefault() != _options.VerificationToken)
+            {
+                throw new AuthenticationException("Failed to validate incoming request. Mismatched verification token.");
+            }
+
             string body;
             using (var sr = new StreamReader(httpRequest.Body))
             {
@@ -72,12 +81,6 @@ public async Task ProcessAsync(HttpRequest httpRequest, HttpResponse httpRespons
 
             var zoomRequest = JsonConvert.DeserializeObject<ZoomRequest>(body, JsonSerializerSettings);
 
-            if (_options.ValidateIncomingZoomRequests
-                && !ValidationHelper.ValidateRequest(httpRequest, zoomRequest, body, _logger))
-            {
-                throw new AuthenticationException("Failed to validate incoming request.");
-            }
-
             var activity = RequestToActivity(zoomRequest);
 
             using (var context = new TurnContext(this, activity))
@@ -123,7 +126,7 @@ public override async Task<ResourceResponse[]> SendActivitiesAsync(ITurnContext
 
                     if (clientResponse.IsSuccessful)
                     {
-                        responses.Add(new ResourceResponse() {Id = JObject.Parse(clientResponse.Content)["message_id"].ToString()});
+                        responses.Add(new ResourceResponse() { Id = JObject.Parse(clientResponse.Content)["message_id"].ToString() });
                     }
                     else
                     {