def test_crc_check(self):
crc_token = 'crc_123'
response_token = get_hash_token('abc', 'crc_123')
url = reverse('api-v2:twitter-webhook-list', kwargs={})
response = self.client.get(url, {'crc_token': crc_token})
expect(response.status_code).to.eq(status.HTTP_200_OK)
expect(response.data.get('response_token')).to.eq(response_token)
def test_webhook_validate_source_400(self):
hash2 = get_hash_token('def', '{"message":"hi"}')
url = reverse('api-v2:twitter-webhook-list', kwargs={})
self.client.credentials(HTTP_X_TWITTER_WEBHOOKS_SIGNATURE=hash2)
response = self.client.post(url, {'message': 'hi'}, format='json')
expect(response.status_code).to.eq(status.HTTP_400_BAD_REQUEST)
expect(response.data.get('message')).to.eq(
'Cannot recognize the requesting source')
def test_get_hash_token_bytes_msg(self, base64, hmac):
hmac.new.return_value = Mock(digest=Mock(return_value='hash_abc'))
base64.b64encode.return_value = bytes('encoded_hash_abc', 'utf-8')
token = get_hash_token('key', msg=b'abc')
hmac.new.assert_called_with(b'key',
msg=b'abc',
digestmod=hashlib.sha256)
base64.b64encode.assert_called_with('hash_abc')
expect(token).to.eq('sha256=encoded_hash_abc')
def list(self, request):
"""
GET: Twitter Challenge Response Check (CRC)
"""
crc_token = request.GET.get('crc_token')
if crc_token:
hash_token = get_hash_token(key=settings.TWITTER_CONSUMER_SECRET,
msg=crc_token)
response = {'response_token': hash_token}
return Response(response, status=status.HTTP_200_OK)
else:
return Response(
{'message': 'Error: crc_token is missing from request'},
status=status.HTTP_400_BAD_REQUEST)
def create(self, request):
"""
POST: Webhook to receive subscribed account's activity events from Twitter
"""
twitter_signature = request.META.get(
'HTTP_X_TWITTER_WEBHOOKS_SIGNATURE', '')
request_hash_token = get_hash_token(
key=settings.TWITTER_CONSUMER_SECRET, msg=request.body)
if hmac.compare_digest(twitter_signature, request_hash_token):
ActivityEventHub().handle_event(request.data)
return Response(status=status.HTTP_200_OK)
else:
return Response(
{'message': 'Cannot recognize the requesting source'},
status=status.HTTP_400_BAD_REQUEST)
def test_webhook_validate_source(self):
hash1 = get_hash_token('abc', '{"message":"hi"}')
url = reverse('api-v2:twitter-webhook-list', kwargs={})
self.client.credentials(HTTP_X_TWITTER_WEBHOOKS_SIGNATURE=hash1)
response = self.client.post(url, {'message': 'hi'}, format='json')
expect(response.status_code).to.eq(status.HTTP_200_OK)