diff --git a/lib/Botly.js b/lib/Botly.js index eb1f38a..e46b2ce 100644 --- a/lib/Botly.js +++ b/lib/Botly.js @@ -61,7 +61,8 @@ Botly.prototype.router = function () { const router = Router(); router.get(this.webHookPath, (req, res) => { - if (req.query['hub.verify_token'] === this.verifyToken) { + if (req.query['hub.mode'] === 'subscribe' && + req.query['hub.verify_token'] === this.verifyToken) { res.send(req.query['hub.challenge']); } else { res.status(403).send('Error, wrong validation token'); diff --git a/test/botly_test.js b/test/botly_test.js index 6061403..e1295a2 100644 --- a/test/botly_test.js +++ b/test/botly_test.js @@ -70,6 +70,7 @@ describe('Botly Tests', function () { method: 'GET', url: '/webhook', query: { + 'hub.mode': 'subscribe', 'hub.verify_token': 'myVerifyToken', 'hub.challenge': '42' } @@ -79,6 +80,33 @@ describe('Botly Tests', function () { expect(response._getData()).to.equal('42'); }); + + it('should provide an express router and reject correct verify_token if hub.mode is not "subscribe"', () => { + + var botly = new Botly({ + accessToken: 'myToken', + verifyToken: 'myVerifyToken', + webHookPath: '/webhook', + notificationType: Botly.CONST.NOTIFICATION_TYPE.NO_PUSH + }); + var router = botly.router(); + expect(router).to.be.defined; + + var response = http.createResponse(); + var request = http.createRequest({ + method: 'GET', + url: '/webhook', + query: { + 'hub.mode': 'SubscribE', + 'hub.verify_token': 'myVerifyToken', + 'hub.challenge': '42' + } + }); + + router.handle(request, response); + expect(response.statusCode).to.equal(403); + expect(response._getData()).to.equal('Error, wrong validation token'); + }); it('should provide an express router and handle bad verify_token', () => { @@ -96,6 +124,7 @@ describe('Botly Tests', function () { method: 'GET', url: '/webhook', query: { + 'hub.mode': 'subscribe', 'hub.verify_token': '111', 'hub.challenge': '42' }