1 | 'use strict';
|
2 |
|
3 | const assert = require('assert');
|
4 | const crypto = require('crypto');
|
5 | const helper = require('./_helper');
|
6 |
|
7 |
|
8 | let Request = helper.Request;
|
9 | let Response = helper.Response;
|
10 | let pubsub = new helper.createMockConfigClient({
|
11 | key: 'key',
|
12 | secret: 'secret'
|
13 | });
|
14 |
|
15 | pubsub.updateConfig({
|
16 | auth_type: 'basic',
|
17 | url: 'http://un:pw@localhost:8080.com',
|
18 | can_consume: true,
|
19 | events: {
|
20 | 'com.test.event': null,
|
21 | 'com.test.topic.*': null,
|
22 | 'com.test.*.interior': null,
|
23 | 'com.splatted.**': null
|
24 | }
|
25 | });
|
26 |
|
27 | describe('webhook', function () {
|
28 |
|
29 | it('should validate basic auth credentials are correct', function () {
|
30 |
|
31 | let success = false,
|
32 | res = new Response(),
|
33 | req = new Request({}, {
|
34 | authorization: 'Basic ' + new Buffer('un:pw').toString('base64')
|
35 | });
|
36 |
|
37 |
|
38 | let authed = pubsub.authenticateWebhook(req, res, () => success = true);
|
39 |
|
40 | assert.ok(success && authed && req._authenticatedWebhook);
|
41 | });
|
42 |
|
43 | it('should validate basic auth credentials are incorrect', function () {
|
44 | let success = false,
|
45 | res = new Response(),
|
46 | req = new Request({}, {
|
47 | authorization: 'Basic ' + new Buffer('un2:pw2').toString('base64')
|
48 | });
|
49 |
|
50 | let authed = pubsub.authenticateWebhook(req, res, () => success = true);
|
51 |
|
52 | assert.equal(success || authed || !!req._authenticatedWebhook, false);
|
53 |
|
54 | assert.ok(res.wasUnauthorized());
|
55 | });
|
56 |
|
57 | it('should validate auth token are correct', function () {
|
58 |
|
59 | pubsub.updateConfig({
|
60 | auth_type: 'token',
|
61 | url: 'http://localhost:8080.com',
|
62 | auth_token: 'test-token'
|
63 | });
|
64 | let success = false,
|
65 | res = new Response(),
|
66 | req = new Request({}, {
|
67 | 'x-auth-token': 'test-token'
|
68 | });
|
69 |
|
70 |
|
71 | let authed = pubsub.authenticateWebhook(req, res, () => success = true);
|
72 | assert.ok(success && authed && req._authenticatedWebhook);
|
73 | });
|
74 |
|
75 | it('should validate auth token are incorrect', function () {
|
76 |
|
77 | let success = false,
|
78 | res = new Response(),
|
79 | req = new Request({}, {
|
80 | 'x-auth-token': 'not-this'
|
81 | });
|
82 |
|
83 | let authed = pubsub.authenticateWebhook(req, res, () => success = true);
|
84 | assert.equal(success || authed || !!req._authenticatedWebhook, false);
|
85 | assert.ok(res.wasUnauthorized());
|
86 | });
|
87 |
|
88 | it('should validate key/secret signature is correct', function () {
|
89 |
|
90 | pubsub.updateConfig({
|
91 | auth_type: 'key_secret',
|
92 | url: 'http://localhost:8080.com',
|
93 | auth_token: 'test-token'
|
94 | });
|
95 | let success = false,
|
96 | res = new Response(),
|
97 | body = { event: 'com.test.event' },
|
98 | req = new Request(body, {
|
99 | 'x-signature': crypto.createHmac('SHA256', pubsub.secret).update(JSON.stringify(body)).digest('hex')
|
100 | });
|
101 |
|
102 |
|
103 | let authed = pubsub.authenticateWebhook(req, res, () => success = true);
|
104 | assert.ok(success && authed && req._authenticatedWebhook);
|
105 | });
|
106 |
|
107 | it('should validate key/secret signature is incorrect', function () {
|
108 |
|
109 | let success = false,
|
110 | res = new Response(),
|
111 | req = new Request({}, {
|
112 | 'x-signature': 'not-this'
|
113 | });
|
114 |
|
115 | let authed = pubsub.authenticateWebhook(req, res, () => success = true);
|
116 | assert.equal(success || authed || !!req._authenticatedWebhook, false);
|
117 | assert.ok(res.wasUnauthorized());
|
118 | });
|
119 |
|
120 | it('should emit using an exact event name', function (done) {
|
121 | let topic = pubsub.config.topics[0],
|
122 | payload = { topic };
|
123 |
|
124 |
|
125 | pubsub.on('event:' + topic, function (data) {
|
126 |
|
127 | assert.equal(data, payload);
|
128 | done();
|
129 | });
|
130 |
|
131 | pubsub.config.auth_type = null;
|
132 | pubsub.handleWebhook(new Request(payload), new Response());
|
133 | });
|
134 |
|
135 | it('should not receive an unrelated event', function () {
|
136 | let topic = 'com.unrelated.event',
|
137 | payload = { topic };
|
138 |
|
139 |
|
140 | pubsub.on('event:com.different.event', function () {
|
141 | assert.fail('Listener should not have been called');
|
142 | });
|
143 | pubsub.handleWebhook(new Request(payload), new Response());
|
144 | });
|
145 | });
|