def test_slack_verify_signature_missing_headers():
request = prepare_slack_request({
# let's check what happens if verification headers are missing
})
slack = SlackInput("mytoken", slack_signing_secret="foobar")
assert slack.is_request_from_slack_authentic(request) is False
def test_slack_verify_signature_is_always_true_if_there_is_no_key():
request = prepare_slack_request({
"x-slack-signature":
"foobar", # this is an invalid signature
"x-slack-request-timestamp":
str(int(time.time())),
})
slack = SlackInput("mytoken", slack_signing_secret=None)
assert slack.is_request_from_slack_authentic(request) is True
def test_slack_verify_wrong_signature():
request = prepare_slack_request(
{
"x-slack-signature": "v0=80a3bd62ce5af04d8d80781134f165df"
"185b90342d467abf5c74a27d2d0dd1f5",
"x-slack-request-timestamp": str(int(time.time())),
}
)
input_with_wrong_secret = SlackInput("mytoken", slack_signing_secret="foobaz")
assert input_with_wrong_secret.is_request_from_slack_authentic(request) is False
def test_slack_handles_invalid_timestamp():
request = prepare_slack_request(
{
"x-slack-signature": "v0=80a3bd62ce5af04d8d80781134f165df"
"185b90342d467abf5c74a27d2d0dd1f5",
"x-slack-request-timestamp": "foobar",
}
)
input_with_right_secret = SlackInput("mytoken", slack_signing_secret="foobar")
assert input_with_right_secret.is_request_from_slack_authentic(request) is False
