def test_signature_checking(self): """ webhooks - checks signatures for payload """ r = Receiver(self.callable, signature='X-Hub-Signature') Receiver.register('test-receiver-sign', r) # check correct signature payload = json.dumps(dict(somekey='somevalue')) headers = [('Content-Type', 'application/json'), ('X-Hub-Signature', get_hmac(payload))] with self.app.test_request_context(headers=headers, data=payload): r.consume_event(2) assert self.payload == json.loads(payload) # check signature with prefix headers = [('Content-Type', 'application/json'), ('X-Hub-Signature', 'sha1=' + get_hmac(payload))] with self.app.test_request_context(headers=headers, data=payload): r.consume_event(2) assert self.payload == json.loads(payload) # check incorrect signature headers = [('Content-Type', 'application/json'), ('X-Hub-Signature', get_hmac("somevalue"))] with self.app.test_request_context(headers=headers, data=payload): self.assertRaises(InvalidSignature, r.consume_event, 2)
def test_signature_checking(app, receiver): """Check signatures for payload.""" class TestReceiverSign(receiver): signature = 'X-Hub-Signature' with app.app_context(): current_webhooks.register('test-receiver-sign', TestReceiverSign) # check correct signature payload = json.dumps(dict(somekey='somevalue')) with app.app_context(): headers = [('Content-Type', 'application/json'), ('X-Hub-Signature', get_hmac(payload))] with app.test_request_context(headers=headers, data=payload): event = Event.create(receiver_id='test-receiver-sign') event.process() assert json.loads(payload) == event.receiver.calls[0].payload # check signature with prefix with app.app_context(): headers = [('Content-Type', 'application/json'), ('X-Hub-Signature', 'sha1=' + get_hmac(payload))] with app.test_request_context(headers=headers, data=payload): event = Event.create(receiver_id='test-receiver-sign') event.process() assert json.loads(payload) == event.receiver.calls[1].payload # check incorrect signature with app.app_context(): headers = [('Content-Type', 'application/json'), ('X-Hub-Signature', get_hmac("somevalue"))] with app.test_request_context(headers=headers, data=payload): with pytest.raises(InvalidSignature): Event.create(receiver_id='test-receiver-sign')