def test_init_app_flow_should_override_secrets():
# GIVEN
app = mock.Mock()
# WHEN
webhook = Webhook(secret="hello-world-of-secrecy")
webhook.init_app(app, secret="a-new-world-of-secrecy")
# THEN
assert webhook.secret == "a-new-world-of-secrecy".encode("utf-8")
def test_init_app_flow_should_not_accidentally_override_secrets():
# GIVEN
app = mock.Mock()
# WHEN
webhook = Webhook(secret="hello-world-of-secrecy")
webhook.init_app(app)
# THEN
assert webhook.secret is not None
def test_init_app_flow():
# GIVEN
app = mock.Mock()
# WHEN
webhook = Webhook()
webhook.init_app(app)
# THEN
app.add_url_rule.assert_called_once_with(endpoint="/postreceive",
rule="/postreceive",
view_func=webhook._postreceive,
methods=["POST"])
def test_constructor(self):
# GIVEN
app = Mock()
# WHEN
webhook = Webhook(app)
# THEN
app.add_url_rule.assert_called_once_with(
'/postreceive', view_func=webhook._postreceive, methods=['POST'])
# -----------------------------------------------------------------------------
# Copyright 2015 Bloomberg Finance L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ----------------------------- END-OF-FILE -----------------------------------
def test_push_request():
""" Uses the example event defined in the GitHub documentation to ensure
that our webhook app can receive the event.
"""
# GIVEN
app = Flask(__name__) # Standard Flask app
webhook = Webhook(app) # Defines '/postreceive' endpoint
@webhook.hook() # Defines a handler for the 'push' event
def on_push(data):
flag = data["repository"]["full_name"] == "Codertocat/Hello-World"
if not flag:
return "Event data does not match expected data", 400
# WHEN
resp = None
with app.test_client() as client:
resp = client.post("/postreceive",
json=example_push_event,
headers={
"X-Github-Event": "push",
"X-Github-Delivery": 0
})
# THEN
assert resp.status_code == 204
def test_constructor(self):
# GIVEN
app = Mock()
# WHEN
webhook = Webhook(app)
# THEN
app.add_url_rule.assert_called_once_with(
'/postreceive', view_func=webhook._postreceive, methods=['POST'])
def test_does_not_call_if_signature_is_incorrect(mock_hmac, app, push_request):
# GIVEN
webhook = Webhook(app, secret="super_secret")
push_request.headers["X-Hub-Signature-256"] = "sha256=hash_of_something"
push_request.data = b"something"
handler = mock.Mock()
mock_hmac.compare_digest.return_value = False
# WHEN, THEN
webhook.hook()(handler)
with pytest.raises(werkzeug.exceptions.BadRequest):
webhook._postreceive()
def test_calls_if_signature_is_correct(mock_hmac, app, push_request, secret):
# GIVEN
webhook = Webhook(app, secret=secret)
push_request.headers["X-Hub-Signature-256"] = "sha256=hash_of_something"
push_request.data = b"something"
handler = mock.Mock()
mock_hmac.compare_digest.return_value = True
# WHEN
webhook.hook()(handler)
webhook._postreceive()
# THEN
handler.assert_called_once_with(push_request.get_json.return_value)
def webhook(app):
yield Webhook(app)