def test_trigger_webhooks_for_event(
mock_request,
webhook,
order_with_lines,
permission_manage_orders,
permission_manage_users,
permission_manage_products,
):
webhook.service_account.permissions.add(permission_manage_orders)
webhook.target_url = "https://webhook.site/f0fc9979-cbd4-47b7-8705-1acb03fff1d0"
webhook.save()
expected_data = serialize("json", [order_with_lines])
trigger_webhooks_for_event(WebhookEventType.ORDER_CREATED, expected_data)
expected_headers = {
"X-Saleor-Event": "order_created",
"X-Saleor-Domain": "mirumee.com",
}
mock_request.assert_called_once_with(webhook.target_url,
data=expected_data,
headers=expected_headers,
timeout=10)
def test_trigger_webhooks_for_event_calls_expected_events(
mock_request,
event_name,
total_webhook_calls,
expected_target_urls,
service_account,
order_with_lines,
permission_manage_orders,
permission_manage_users,
permission_manage_products,
):
"""Confirm that Saleor executes only valid and allowed webhook events."""
service_account.permissions.add(permission_manage_orders)
service_account.permissions.add(permission_manage_products)
webhook = service_account.webhooks.create(
target_url="http://www.example.com/first/")
webhook.events.create(event_type=WebhookEventType.CUSTOMER_CREATED)
webhook.events.create(event_type=WebhookEventType.PRODUCT_CREATED)
webhook.events.create(event_type=WebhookEventType.ORDER_FULLY_PAID)
sa_without_permissions = ServiceAccount.objects.create()
second_webhook = sa_without_permissions.webhooks.create(
target_url="http://www.example.com/wrong")
second_webhook.events.create(event_type=WebhookEventType.ANY)
second_webhook.events.create(event_type=WebhookEventType.PRODUCT_CREATED)
second_webhook.events.create(event_type=WebhookEventType.CUSTOMER_CREATED)
sa_with_partial_permissions = ServiceAccount.objects.create()
sa_with_partial_permissions.permissions.add(permission_manage_orders)
third_webhook = sa_with_partial_permissions.webhooks.create(
target_url="http://www.example.com/third/")
third_webhook.events.create(event_type=WebhookEventType.ANY)
trigger_webhooks_for_event(event_name, data="")
assert mock_request.call_count == total_webhook_calls
target_url_calls = {call[0][1] for call in mock_request.call_args_list}
assert target_url_calls == expected_target_urls
def test_trigger_webhooks_for_event_with_secret_key(mock_request, webhook,
order_with_lines,
permission_manage_orders):
webhook.service_account.permissions.add(permission_manage_orders)
webhook.target_url = "https://webhook.site/f0fc9979-cbd4-47b7-8705-1acb03fff1d0"
webhook.secret_key = "secret_key"
webhook.save()
expected_data = serialize("json", [order_with_lines])
trigger_webhooks_for_event(WebhookEventType.ORDER_CREATED, expected_data)
expected_signature = create_hmac_signature(expected_data,
webhook.secret_key, "utf-8")
expected_headers = {
"X-Saleor-Event": "order_created",
"X-Saleor-Domain": "mirumee.com",
"X-Saleor-HMAC-SHA256": f"sha1={expected_signature}",
}
mock_request.assert_called_once_with(webhook.target_url,
data=expected_data,
headers=expected_headers,
timeout=10)