def test_trigger_webhooks_for_event( mock_request, webhook, order_with_lines, permission_manage_orders, permission_manage_users, permission_manage_products, ): webhook.service_account.permissions.add(permission_manage_orders) webhook.target_url = "https://webhook.site/f0fc9979-cbd4-47b7-8705-1acb03fff1d0" webhook.save() expected_data = serialize("json", [order_with_lines]) trigger_webhooks_for_event(WebhookEventType.ORDER_CREATED, expected_data) expected_headers = { "X-Saleor-Event": "order_created", "X-Saleor-Domain": "mirumee.com", } mock_request.assert_called_once_with(webhook.target_url, data=expected_data, headers=expected_headers, timeout=10)
def test_trigger_webhooks_for_event_calls_expected_events( mock_request, event_name, total_webhook_calls, expected_target_urls, service_account, order_with_lines, permission_manage_orders, permission_manage_users, permission_manage_products, ): """Confirm that Saleor executes only valid and allowed webhook events.""" service_account.permissions.add(permission_manage_orders) service_account.permissions.add(permission_manage_products) webhook = service_account.webhooks.create( target_url="http://www.example.com/first/") webhook.events.create(event_type=WebhookEventType.CUSTOMER_CREATED) webhook.events.create(event_type=WebhookEventType.PRODUCT_CREATED) webhook.events.create(event_type=WebhookEventType.ORDER_FULLY_PAID) sa_without_permissions = ServiceAccount.objects.create() second_webhook = sa_without_permissions.webhooks.create( target_url="http://www.example.com/wrong") second_webhook.events.create(event_type=WebhookEventType.ANY) second_webhook.events.create(event_type=WebhookEventType.PRODUCT_CREATED) second_webhook.events.create(event_type=WebhookEventType.CUSTOMER_CREATED) sa_with_partial_permissions = ServiceAccount.objects.create() sa_with_partial_permissions.permissions.add(permission_manage_orders) third_webhook = sa_with_partial_permissions.webhooks.create( target_url="http://www.example.com/third/") third_webhook.events.create(event_type=WebhookEventType.ANY) trigger_webhooks_for_event(event_name, data="") assert mock_request.call_count == total_webhook_calls target_url_calls = {call[0][1] for call in mock_request.call_args_list} assert target_url_calls == expected_target_urls
def test_trigger_webhooks_for_event_with_secret_key(mock_request, webhook, order_with_lines, permission_manage_orders): webhook.service_account.permissions.add(permission_manage_orders) webhook.target_url = "https://webhook.site/f0fc9979-cbd4-47b7-8705-1acb03fff1d0" webhook.secret_key = "secret_key" webhook.save() expected_data = serialize("json", [order_with_lines]) trigger_webhooks_for_event(WebhookEventType.ORDER_CREATED, expected_data) expected_signature = create_hmac_signature(expected_data, webhook.secret_key, "utf-8") expected_headers = { "X-Saleor-Event": "order_created", "X-Saleor-Domain": "mirumee.com", "X-Saleor-HMAC-SHA256": f"sha1={expected_signature}", } mock_request.assert_called_once_with(webhook.target_url, data=expected_data, headers=expected_headers, timeout=10)