def test_slack_verify_signature_missing_headers(): request = prepare_slack_request({ # let's check what happens if verification headers are missing }) slack = SlackInput("mytoken", slack_signing_secret="foobar") assert slack.is_request_from_slack_authentic(request) is False
def test_slack_verify_signature_is_always_true_if_there_is_no_key(): request = prepare_slack_request({ "x-slack-signature": "foobar", # this is an invalid signature "x-slack-request-timestamp": str(int(time.time())), }) slack = SlackInput("mytoken", slack_signing_secret=None) assert slack.is_request_from_slack_authentic(request) is True
def test_slack_verify_wrong_signature(): request = prepare_slack_request( { "x-slack-signature": "v0=80a3bd62ce5af04d8d80781134f165df" "185b90342d467abf5c74a27d2d0dd1f5", "x-slack-request-timestamp": str(int(time.time())), } ) input_with_wrong_secret = SlackInput("mytoken", slack_signing_secret="foobaz") assert input_with_wrong_secret.is_request_from_slack_authentic(request) is False
def test_slack_handles_invalid_timestamp(): request = prepare_slack_request( { "x-slack-signature": "v0=80a3bd62ce5af04d8d80781134f165df" "185b90342d467abf5c74a27d2d0dd1f5", "x-slack-request-timestamp": "foobar", } ) input_with_right_secret = SlackInput("mytoken", slack_signing_secret="foobar") assert input_with_right_secret.is_request_from_slack_authentic(request) is False