-
Notifications
You must be signed in to change notification settings - Fork 8
/
web_test.py
159 lines (129 loc) · 4.9 KB
/
web_test.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
"""Tests for the web server"""
import asyncio
import json
from unittest.mock import patch
import urllib.parse
import uuid
import pytest
from tornado.testing import AsyncHTTPTestCase
from bot_test import DoofSpoof
from web import make_app, is_authenticated
pytestmark = pytest.mark.asyncio
class FinishReleaseTests(AsyncHTTPTestCase):
"""Tests for the finish release button"""
def setUp(self):
self.secret = uuid.uuid4().hex
self.loop = asyncio.get_event_loop()
self.doof = DoofSpoof(loop=self.loop)
self.app = make_app(secret=self.secret, bot=self.doof)
super().setUp()
def get_app(self):
"""Override for this app"""
return self.app
def test_bad_auth_buttons(self):
"""
Bad auth should be rejected for buttons
"""
with patch("web.is_authenticated", return_value=False):
response = self.fetch(
"/api/v0/buttons/",
method="POST",
body=urllib.parse.urlencode(
{
"payload": json.dumps({}),
}
),
)
assert response.code == 401
def test_bad_auth_events(self):
"""
Bad auth should be rejected for buttons
"""
with patch("web.is_authenticated", return_value=False):
response = self.fetch("/api/v0/events/", method="POST", body=json.dumps({}))
assert response.code == 401
def test_good_auth(self):
"""
If the token validates, we should call handle_webhook on Bot
"""
payload = {}
with patch("bot.Bot.handle_webhook") as handle_webhook, patch(
"web.is_authenticated", return_value=True
):
async def fake_webhook(*args, **kwargs): # pylint: disable=unused-argument
pass
handle_webhook.return_value = (
fake_webhook()
) # pylint: disable=assignment-from-no-return
response = self.fetch(
"/api/v0/buttons/",
method="POST",
body=urllib.parse.urlencode(
{
"payload": json.dumps(payload),
}
),
)
assert response.code == 200
handle_webhook.assert_called_once_with(
webhook_dict=payload,
)
def test_event_challenge(self):
"""Doof should respond to a challenge with the same challenge text"""
challenge = "event challenge text"
payload = {"type": "url_verification", "challenge": challenge}
with patch("web.is_authenticated", return_value=True):
response = self.fetch(
"/api/v0/events/", method="POST", body=json.dumps(payload)
)
assert response.code == 200
assert response.body == challenge.encode()
def test_event_handle(self):
"""Doof should call handle_event for valid events"""
payload = {
"type": "not_a_challenge",
}
with patch("bot.Bot.handle_event") as handle_event, patch(
"web.is_authenticated", return_value=True
):
async def fake_event(*args, **kwargs): # pylint: disable=unused-argument
pass
handle_event.return_value = (
fake_event()
) # pylint: disable=assignment-from-no-return
response = self.fetch(
"/api/v0/events/", method="POST", body=json.dumps(payload)
)
assert response.code == 200
assert response.body == b""
handle_event.assert_called_once_with(
webhook_dict=payload,
)
# pylint: disable=too-many-arguments,too-many-positional-arguments
@pytest.mark.parametrize(
"secret, timestamp, signature, body, expected",
[
[ # values from Slack docs
"8f742231b10e8888abcd99yyyzzz85a5",
"1531420618",
"v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503",
b"token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&"
b"channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&"
b"text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%"
b"2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN"
b"&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c",
True,
],
["secret", "timestamp", "v0=notgonnawork", b"body", False],
],
)
def test_is_authenticated(mocker, secret, timestamp, signature, body, expected):
"""Test our slack authentication logic"""
request = mocker.Mock(
body=body,
headers={
"X-Slack-Signature": signature,
"X-Slack-Request-Timestamp": timestamp,
},
)
assert is_authenticated(request, secret) is expected