UNPKG

appc-pubsub/test/webhook.js

Version:

4.45 kBJavaScriptView Raw

1'use strict';
2
3const assert = require('assert');
4const crypto = require('crypto');
5const helper = require('./_helper');
6
7// Valid client details should be used
8let Request = helper.Request;
9let Response = helper.Response;
10let pubsub = new helper.createMockConfigClient({
key: 'key',
secret: 'secret'
13});
14
15pubsub.updateConfig({
auth_type: 'basic',
url: 'http://un:pw@localhost:8080.com',
can_consume: true,
events: {
'com.test.event': null,
'com.test.topic.*': null,
'com.test.*.interior': null,
'com.splatted.**': null
}
25});
26
27describe('webhook', function () {
28
it('should validate basic auth credentials are correct', function () {
// Set the config and parse the basic auth details
let success = false,
	res = new Response(),
	req = new Request({}, {
		authorization: 'Basic ' + new Buffer('un:pw').toString('base64')
	});
36
// Test the return value and that the callback is called for middleware use
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
// Both should have succeeded, and the request should be flagged to avoid duplicate checks
assert.ok(success && authed && req._authenticatedWebhook);
});
42
it('should validate basic auth credentials are incorrect', function () {
let success = false,
	res = new Response(),
	req = new Request({}, {
		authorization: 'Basic ' + new Buffer('un2:pw2').toString('base64')
	});
49
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
// The return value should be false and the callback should not have been called
assert.equal(success || authed || !!req._authenticatedWebhook, false);
// If a response object is given then an unauthorized response should be sent
assert.ok(res.wasUnauthorized());
});
56
it('should validate auth token are correct', function () {
// Set the config and parse the basic auth details
pubsub.updateConfig({
	auth_type: 'token',
	url: 'http://localhost:8080.com',
	auth_token: 'test-token'
});
let success = false,
	res = new Response(),
	req = new Request({}, {
		'x-auth-token': 'test-token'
	});
69
// Correct creds
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
assert.ok(success && authed && req._authenticatedWebhook);
});
74
it('should validate auth token are incorrect', function () {
// Incorrect creds
let success = false,
	res = new Response(),
	req = new Request({}, {
		'x-auth-token': 'not-this'
	});
82
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
assert.equal(success || authed || !!req._authenticatedWebhook, false);
assert.ok(res.wasUnauthorized());
});
87
it('should validate key/secret signature is correct', function () {
// set the config and parse the basic auth details
pubsub.updateConfig({
	auth_type: 'key_secret',
	url: 'http://localhost:8080.com',
	auth_token: 'test-token'
});
let success = false,
	res = new Response(),
	body = { event: 'com.test.event' },
	req = new Request(body, {
		'x-signature': crypto.createHmac('SHA256', pubsub.secret).update(JSON.stringify(body)).digest('hex')
	});
101
// Correct creds
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
assert.ok(success && authed && req._authenticatedWebhook);
});
106
it('should validate key/secret signature is incorrect', function () {
// Incorrect creds
let success = false,
	res = new Response(),
	req = new Request({}, {
		'x-signature': 'not-this'
	});
114
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
assert.equal(success || authed || !!req._authenticatedWebhook, false);
assert.ok(res.wasUnauthorized());
});
119
it('should emit using an exact event name', function (done) {
let topic = pubsub.config.topics[0],
	payload = { topic };
123
// Set the listener
pubsub.on('event:' + topic, function (data) {
	// The request body should be passed through
	assert.equal(data, payload);
	done();
});
// Spoof an webhook request skipping authentication
pubsub.config.auth_type = null;
pubsub.handleWebhook(new Request(payload), new Response());
});
134
it('should not receive an unrelated event', function () {
let topic = 'com.unrelated.event',
	payload = { topic };
138
// Set the listener
pubsub.on('event:com.different.event', function () {
	assert.fail('Listener should not have been called');
});
pubsub.handleWebhook(new Request(payload), new Response());
});
145});

1	`'use strict';`
2
3	`const assert = require('assert');`
4	`const crypto = require('crypto');`
5	`const helper = require('./_helper');`
6
7	`// Valid client details should be used`
8	`let Request = helper.Request;`
9	`let Response = helper.Response;`
10	`let pubsub = new helper.createMockConfigClient({`
11	`key: 'key',`
12	`secret: 'secret'`
13	`});`
14
15	`pubsub.updateConfig({`
16	`auth_type: 'basic',`
17	`url: 'http://un:pw@localhost:8080.com',`
18	`can_consume: true,`
19	`events: {`
20	`'com.test.event': null,`
21	`'com.test.topic.*': null,`
22	`'com.test.*.interior': null,`
23	`'com.splatted.**': null`
24	`}`
25	`});`
26
27	`describe('webhook', function () {`
28
29	`it('should validate basic auth credentials are correct', function () {`
30	`// Set the config and parse the basic auth details`
31	`let success = false,`
32	`res = new Response(),`
33	`req = new Request({}, {`
34	`authorization: 'Basic ' + new Buffer('un:pw').toString('base64')`
35	`});`
36
37	`// Test the return value and that the callback is called for middleware use`
38	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
39	`// Both should have succeeded, and the request should be flagged to avoid duplicate checks`
40	`assert.ok(success && authed && req._authenticatedWebhook);`
41	`});`
42
43	`it('should validate basic auth credentials are incorrect', function () {`
44	`let success = false,`
45	`res = new Response(),`
46	`req = new Request({}, {`
47	`authorization: 'Basic ' + new Buffer('un2:pw2').toString('base64')`
48	`});`
49
50	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
51	`// The return value should be false and the callback should not have been called`
52	`assert.equal(success \|\| authed \|\| !!req._authenticatedWebhook, false);`
53	`// If a response object is given then an unauthorized response should be sent`
54	`assert.ok(res.wasUnauthorized());`
55	`});`
56
57	`it('should validate auth token are correct', function () {`
58	`// Set the config and parse the basic auth details`
59	`pubsub.updateConfig({`
60	`auth_type: 'token',`
61	`url: 'http://localhost:8080.com',`
62	`auth_token: 'test-token'`
63	`});`
64	`let success = false,`
65	`res = new Response(),`
66	`req = new Request({}, {`
67	`'x-auth-token': 'test-token'`
68	`});`
69
70	`// Correct creds`
71	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
72	`assert.ok(success && authed && req._authenticatedWebhook);`
73	`});`
74
75	`it('should validate auth token are incorrect', function () {`
76	`// Incorrect creds`
77	`let success = false,`
78	`res = new Response(),`
79	`req = new Request({}, {`
80	`'x-auth-token': 'not-this'`
81	`});`
82
83	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
84	`assert.equal(success \|\| authed \|\| !!req._authenticatedWebhook, false);`
85	`assert.ok(res.wasUnauthorized());`
86	`});`
87
88	`it('should validate key/secret signature is correct', function () {`
89	`// set the config and parse the basic auth details`
90	`pubsub.updateConfig({`
91	`auth_type: 'key_secret',`
92	`url: 'http://localhost:8080.com',`
93	`auth_token: 'test-token'`
94	`});`
95	`let success = false,`
96	`res = new Response(),`
97	`body = { event: 'com.test.event' },`
98	`req = new Request(body, {`
99	`'x-signature': crypto.createHmac('SHA256', pubsub.secret).update(JSON.stringify(body)).digest('hex')`
100	`});`
101
102	`// Correct creds`
103	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
104	`assert.ok(success && authed && req._authenticatedWebhook);`
105	`});`
106
107	`it('should validate key/secret signature is incorrect', function () {`
108	`// Incorrect creds`
109	`let success = false,`
110	`res = new Response(),`
111	`req = new Request({}, {`
112	`'x-signature': 'not-this'`
113	`});`
114
115	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
116	`assert.equal(success \|\| authed \|\| !!req._authenticatedWebhook, false);`
117	`assert.ok(res.wasUnauthorized());`
118	`});`
119
120	`it('should emit using an exact event name', function (done) {`
121	`let topic = pubsub.config.topics[0],`
122	`payload = { topic };`
123
124	`// Set the listener`
125	`pubsub.on('event:' + topic, function (data) {`
126	`// The request body should be passed through`
127	`assert.equal(data, payload);`
128	`done();`
129	`});`
130	`// Spoof an webhook request skipping authentication`
131	`pubsub.config.auth_type = null;`
132	`pubsub.handleWebhook(new Request(payload), new Response());`
133	`});`
134
135	`it('should not receive an unrelated event', function () {`
136	`let topic = 'com.unrelated.event',`
137	`payload = { topic };`
138
139	`// Set the listener`
140	`pubsub.on('event:com.different.event', function () {`
141	`assert.fail('Listener should not have been called');`
142	`});`
143	`pubsub.handleWebhook(new Request(payload), new Response());`
144	`});`
145	`});`