bug #39871 [Notifier] [OvhCloud] “Invalid signature” for message with…

… slashes (OneT0uch)

This PR was squashed before being merged into the 5.1 branch.

Discussion
----------

[Notifier] [OvhCloud] “Invalid signature” for message with slashes

| Q             | A
| ------------- | ---
| Branch?       | 5.1
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets       | Fix #39836 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License       | MIT

Test to show issue of invalid signature when message contains slash.

Commits
-------

9f01fb8 [Notifier] [OvhCloud] “Invalid signature” for message with slashes

src/Symfony/Component/Notifier/Bridge/OvhCloud/OvhCloudTransport.php

@@ -75,14 +75,16 @@ protected function doSend(MessageInterface $message): void
         $now = time() + $this->calculateTimeDelta();
         $headers['X-Ovh-Application'] = $this->applicationKey;
         $headers['X-Ovh-Timestamp'] = $now;
+        $headers['Content-Type'] = 'application/json';
 
-        $toSign = $this->applicationSecret.'+'.$this->consumerKey.'+POST+'.$endpoint.'+'.json_encode($content, \JSON_UNESCAPED_SLASHES).'+'.$now;
+        $body = json_encode($content, \JSON_UNESCAPED_SLASHES);
+        $toSign = $this->applicationSecret.'+'.$this->consumerKey.'+POST+'.$endpoint.'+'.$body.'+'.$now;
         $headers['X-Ovh-Consumer'] = $this->consumerKey;
         $headers['X-Ovh-Signature'] = '$1$'.sha1($toSign);
 
         $response = $this->client->request('POST', $endpoint, [
             'headers' => $headers,
-            'json' => $content,
+            'body' => $body,
         ]);
 
         if (200 !== $response->getStatusCode()) {

src/Symfony/Component/Notifier/Bridge/OvhCloud/Tests/OvhCloudTransportTest.php

@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Notifier\Bridge\OvhCloud\Tests;
 
+use Symfony\Component\HttpClient\MockHttpClient;
+use Symfony\Component\HttpClient\Response\MockResponse;
 use Symfony\Component\Notifier\Bridge\OvhCloud\OvhCloudTransport;
 use Symfony\Component\Notifier\Message\ChatMessage;
 use Symfony\Component\Notifier\Message\MessageInterface;
@@ -44,4 +46,39 @@ public function unsupportedMessagesProvider(): iterable
         yield [new ChatMessage('Hello!')];
         yield [$this->createMock(MessageInterface::class)];
     }
+
+    public function validMessagesProvider(): iterable
+    {
+        yield 'without a slash' => ['hello'];
+        yield 'including a slash' => ['hel/lo'];
+    }
+
+    /**
+     * @group time-sensitive
+     *
+     * @dataProvider validMessagesProvider
+     */
+    public function testValidSignature(string $message)
+    {
+        $smsMessage = new SmsMessage('0611223344', $message);
+
+        $time = time();
+
+        $lastResponse = new MockResponse();
+        $responses = [
+            new MockResponse((string) $time),
+            $lastResponse,
+        ];
+
+        $transport = $this->createTransport(new MockHttpClient($responses));
+        $transport->send($smsMessage);
+
+        $body = $lastResponse->getRequestOptions()['body'];
+        $headers = $lastResponse->getRequestOptions()['headers'];
+        $signature = explode(': ', $headers[4])[1];
+
+        $endpoint = 'https://eu.api.ovh.com/1.0/sms/serviceName/jobs';
+        $toSign = 'applicationSecret+consumerKey+POST+'.$endpoint.'+'.$body.'+'.$time;
+        $this->assertSame('$1$'.sha1($toSign), $signature);
+    }
 }