From 920910330e4f65f6c8584b8bb653f3b0f36650c4 Mon Sep 17 00:00:00 2001
From: francois branciard <francoisbranciard@protonmail.com>
Date: Tue, 21 Jul 2020 19:58:25 +0200
Subject: [PATCH] #230 uppercase to add to check signature

---
 orchestrator/src/routes/sms.js | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/orchestrator/src/routes/sms.js b/orchestrator/src/routes/sms.js
index c18bf45..bc21334 100644
--- a/orchestrator/src/routes/sms.js
+++ b/orchestrator/src/routes/sms.js
@@ -11,10 +11,9 @@ router.post(
     const params = Object.assign(req.query, req.body);
     console.log('/webhooks/inbound-sms');
     // console.log(params);
-    // console.log('generated sig = ' + Nexmo.generateSignature(orchestrator.nexmoApiSignatureMethod, orchestrator.nexmoApiSignatureSecret, params));
-    // console.log('params.sig = '+ params.sig);
     if (orchestrator.nexmoApiCheckMsgSignature === 'true') {
-      if (Nexmo.generateSignature(orchestrator.nexmoApiSignatureMethod, orchestrator.nexmoApiSignatureSecret, params) === params.sig) {
+      const sigToCheck = Nexmo.generateSignature(orchestrator.nexmoApiSignatureMethod, orchestrator.nexmoApiSignatureSecret, params);
+      if (sigToCheck && sigToCheck.toUpperCase() === params.sig) {
         console.log('Valid signature');
         if (params && params.text && params.text.toString() !== '') {
           console.log('text:' + params.text.toString());
@@ -42,10 +41,9 @@ router.get(
     const params = Object.assign(req.query, req.body);
     console.log('/webhooks/inbound-sms');
     // console.log(params);
-    // console.log('generated sig = ' + Nexmo.generateSignature(orchestrator.nexmoApiSignatureMethod, orchestrator.nexmoApiSignatureSecret, params));
-    // console.log('params.sig = '+ params.sig);
     if (orchestrator.nexmoApiCheckMsgSignature === 'true') {
-      if (Nexmo.generateSignature(orchestrator.nexmoApiSignatureMethod, orchestrator.nexmoApiSignatureSecret, params) === params.sig) {
+      const sigToCheck = Nexmo.generateSignature(orchestrator.nexmoApiSignatureMethod, orchestrator.nexmoApiSignatureSecret, params);
+      if (sigToCheck && sigToCheck.toUpperCase() === params.sig) {
         console.log('Valid signature');
         if (params && params.text && params.text.toString() !== '') {
           console.log('text:' + params.text.toString());