def test_no_request_signature_header(): assert (VerifyRequest(signing_secret=signing_secret).execute( raw_body=raw_body, headers={ "X-Slack-Request-Timestamp": str(int(time())), }, ) == False)
def test_no_request_timestamp_header(): assert (VerifyRequest(signing_secret=signing_secret).execute( raw_body, headers={ "X-Slack-Signature": event_signature(signing_secret, str(int(time())), raw_body) }, ) == False)
def test_verify_request_returns_false_if_timestamp_is_from_the_future(): headers = { "X-Slack-Request-Timestamp": str(int(time() - (time() + 1))), "X-Slack-Signature": event_signature(signing_secret, int(time()), raw_body), } assert (VerifyRequest(signing_secret=signing_secret).execute( raw_body, headers) == False)
def test_verify_request_returns_true_if_timestamp_is_within_5_min(): timestamp = int(time() - (60 * 3)) headers = { "X-Slack-Signature": event_signature(signing_secret, timestamp, raw_body), "X-Slack-Request-Timestamp": str(timestamp), } assert (VerifyRequest(signing_secret=signing_secret).execute( raw_body, headers) == True)
def test_verify_signature(): raw_body = "foobar" headers = { "X-Slack-Request-Timestamp": str(int(time())), "X-Slack-Signature": event_signature(signing_secret, int(time()), raw_body), } assert (VerifyRequest(signing_secret=signing_secret).execute( raw_body, headers) == True)
def test_verify_signature_fails(): raw_body = "foobar" headers = { "X-Slack-Request-Timestamp": str(int(time())), "X-Slack-Signature": event_signature("the wrong secret", int(time()), raw_body), } assert (VerifyRequest(signing_secret=signing_secret).execute( raw_body, headers) == False) headers = { "X-Slack-Request-Timestamp": str(int(time())), "X-Slack-Signature": event_signature(signing_secret, int(time()), "wrong body"), } assert (VerifyRequest(signing_secret=signing_secret).execute( raw_body, headers) == False)
def execute(self): response = ApiGatewayResponse() if not VerifyRequest(signing_secret=self.signing_secret).execute( self.raw_body, self.headers): response.auth_error() return response body = json.loads(self.raw_body) type = body.get("type") if type == "url_verification": response_body = UrlVerification().execute(body) response.ok(response_body) elif type == "event_callback": event = body["event"] logging.info(f"Received event: {event['type']}") if event["type"] == "user_change": UpdateAllProfiles( user_link_store=self.user_link_store, user_token_store=self.user_token_store, ).execute(body) response.ok() elif event["type"] == "tokens_revoked": UserUninstall( user_link_store=self.user_link_store, user_token_store=self.user_token_store, ).execute(body) response.ok() else: logging.error("unsupported event_callback %s", event) response.ok() else: logging.error("event not supported %s", body) response.ok() return response