fix: Retrieve case-insensitive header values (#605)

alexa · Jan 22, 2020 · 15fe574 · 15fe574
1 parent 59002f4
commit 15fe574
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 3 deletions.
diff --git a/ask-sdk-express-adapter/CHANGELOG.md b/ask-sdk-express-adapter/CHANGELOG.md
@@ -0,0 +1,7 @@
+# Change Log
+
+# 2.0.1 (2020-01-22)
+
+This release contains the following changes : 
+
+- Case-insensitive header value retrieval for request verification. [604](https://github.com/alexa/alexa-skills-kit-sdk-for-nodejs/issues/604)
diff --git a/ask-sdk-express-adapter/lib/verifier/index.ts b/ask-sdk-express-adapter/lib/verifier/index.ts
@@ -70,8 +70,17 @@ export class SkillRequestSignatureVerifier implements Verifier {
      */
     public async verify (requestEnvelope : string, headers : IncomingHttpHeaders) : Promise<void> {
         // throw error if signature or signatureCertChainUrl are not present
-        const signatureCertChainUrl : string = headers[SIGNATURE_CERT_CHAIN_URL_HEADER.toLowerCase()] as string;
-        const signature : string = headers[SIGNATURE_HEADER.toLowerCase()] as string;
+        let signatureCertChainUrl : string;
+        let signature : string;
+        for (const key of Object.keys(headers)) {
+            const keyInLowerCase = key.toLocaleLowerCase();
+            if (keyInLowerCase === SIGNATURE_CERT_CHAIN_URL_HEADER.toLowerCase()) {
+                signatureCertChainUrl = headers[key] as string;
+            } else if (keyInLowerCase === SIGNATURE_HEADER.toLowerCase()) {
+                signature = headers[key] as string;
+            }
+        }
+
         if (!signatureCertChainUrl) {
             throw createAskSdkError(
                 this.constructor.name,

diff --git a/ask-sdk-express-adapter/package.json b/ask-sdk-express-adapter/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ask-sdk-express-adapter",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "description": "Express adapter package for Alexa Skills Kit SDK",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

diff --git a/ask-sdk-express-adapter/tst/verifier/index.spec.ts b/ask-sdk-express-adapter/tst/verifier/index.spec.ts
@@ -164,6 +164,22 @@ describe('SkillRequestSignatureVerifier', () => {
                 expect.fail('should not throw error');
             }
         });
+
+        it('should not throw error when header keys are in camel case', async() => {
+            const validRequestBody : string = fs.readFileSync(__dirname + '/../mocks/requestEnvelope.json').toString();
+            const requestHeader : IncomingHttpHeaders = DataProvider.requestHeader();
+            const signatureKeyInCamel = 'Signature';
+            const urlKeyInCamel = 'SignatureCertChainUrl';
+            requestHeader[signatureKeyInCamel] = validSignature;
+            requestHeader[urlKeyInCamel] = testUrl;
+            nock('https://s3.amazonaws.com').get(certUrl.path).reply(200, validPem);
+            sinon.stub(verifier, <any> '_validateRequestBody');
+            try {
+                await verifier.verify(validRequestBody, requestHeader);
+            } catch (err) {
+                expect.fail('should not throw error');
+            }
+        });
     });
 
     describe('async function _validateUrlAndRetriveCertChain', () => {