UNPKG

appc-pubsub/test/webhook.js

Version:

4.58 kBJavaScriptView Raw

1'use strict';
2
3const assert = require('assert');
4const crypto = require('crypto');
5const helper = require('./_helper');
6
7// Valid client details should be used
8let Request = helper.Request;
9let Response = helper.Response;
10let pubsub = new helper.createMockConfigClient({
key: 'key',
secret: 'secret'
13});
14const events = {
'com.test.event': null,
'com.test.topic.*': null,
'com.test.*.interior': null,
'com.splatted.**': null
19};
20
21const url = new URL('http://un:pw@axwaylocal.com');
22pubsub.config = {
url: url.href,
can_consume: true,
auth_type: 'basic',
auth_user: url.username,
auth_pass: url.password,
topics: Object.keys(events)
29};
30
31describe('webhook', function () {
32
it('should validate basic auth credentials are correct', function () {
// Set the config and parse the basic auth details
let success = false,
	res = new Response(),
	req = new Request({}, {
		authorization: 'Basic ' + Buffer.from('un:pw').toString('base64')
	});
40
// Test the return value and that the callback is called for middleware use
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
// Both should have succeeded, and the request should be flagged to avoid duplicate checks
assert.ok(success && authed && req._authenticatedWebhook);
});
46
it('should validate basic auth credentials are incorrect', function () {
let success = false,
	res = new Response(),
	req = new Request({}, {
		authorization: 'Basic ' + Buffer.from('un2:pw2').toString('base64')
	});
53
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
// The return value should be false and the callback should not have been called
assert.strictEqual(success || authed || !!req._authenticatedWebhook, false);
// If a response object is given then an unauthorized response should be sent
assert.ok(res.wasUnauthorized());
});
60
it('should validate auth token are correct', function () {
// Change config to auth token.
pubsub.config.auth_type = 'token';
pubsub.config.url = 'http://axwaylocal.com';
pubsub.config.auth_token = 'test-token';
delete pubsub.config.auth_user;
delete pubsub.config.auth_pass;
let success = false,
	res = new Response(),
	req = new Request({}, {
		'x-auth-token': 'test-token'
	});
73
// Correct creds
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
assert.ok(success && authed && req._authenticatedWebhook);
});
78
it('should validate auth token are incorrect', function () {
// Incorrect creds
let success = false,
	res = new Response(),
	req = new Request({}, {
		'x-auth-token': 'not-this'
	});
86
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
assert.strictEqual(success || authed || !!req._authenticatedWebhook, false);
assert.ok(res.wasUnauthorized());
});
91
it('should validate key/secret signature is correct', function () {
// Change config to key/secret.
pubsub.config.auth_type = 'key_secret';
delete pubsub.config.auth_token;
96
let success = false,
	res = new Response(),
	body = { event: 'com.test.event' },
	req = new Request(body, {
		'x-signature': crypto.createHmac('SHA256', pubsub.secret).update(JSON.stringify(body)).digest('hex')
	});
103
// Correct creds
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
assert.ok(success && authed && req._authenticatedWebhook);
});
108
it('should validate key/secret signature is incorrect', function () {
// Incorrect creds
let success = false,
	res = new Response(),
	req = new Request({}, {
		'x-signature': 'not-this'
	});
116
let authed = pubsub.authenticateWebhook(req, res, () => success = true);
assert.strictEqual(success || authed || !!req._authenticatedWebhook, false);
assert.ok(res.wasUnauthorized());
});
121
it('should emit using an exact event name', function (done) {
let topic = pubsub.config.topics[0],
	payload = { topic };
125
// Set the listener
pubsub.on('event:' + topic, function (data) {
	// The request body should be passed through
	assert.strictEqual(data, payload);
	done();
});
// Spoof an webhook request skipping authentication
pubsub.config.auth_type = null;
pubsub.handleWebhook(new Request(payload), new Response());
});
136
it('should not receive an unrelated event', function () {
let topic = 'com.unrelated.event',
	payload = { topic };
140
// Set the listener
pubsub.on('event:com.different.event', function () {
	assert.fail('Listener should not have been called');
});
pubsub.handleWebhook(new Request(payload), new Response());
});
147});

1	`'use strict';`
2
3	`const assert = require('assert');`
4	`const crypto = require('crypto');`
5	`const helper = require('./_helper');`
6
7	`// Valid client details should be used`
8	`let Request = helper.Request;`
9	`let Response = helper.Response;`
10	`let pubsub = new helper.createMockConfigClient({`
11	`key: 'key',`
12	`secret: 'secret'`
13	`});`
14	`const events = {`
15	`'com.test.event': null,`
16	`'com.test.topic.*': null,`
17	`'com.test.*.interior': null,`
18	`'com.splatted.**': null`
19	`};`
20
21	`const url = new URL('http://un:pw@axwaylocal.com');`
22	`pubsub.config = {`
23	`url: url.href,`
24	`can_consume: true,`
25	`auth_type: 'basic',`
26	`auth_user: url.username,`
27	`auth_pass: url.password,`
28	`topics: Object.keys(events)`
29	`};`
30
31	`describe('webhook', function () {`
32
33	`it('should validate basic auth credentials are correct', function () {`
34	`// Set the config and parse the basic auth details`
35	`let success = false,`
36	`res = new Response(),`
37	`req = new Request({}, {`
38	`authorization: 'Basic ' + Buffer.from('un:pw').toString('base64')`
39	`});`
40
41	`// Test the return value and that the callback is called for middleware use`
42	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
43	`// Both should have succeeded, and the request should be flagged to avoid duplicate checks`
44	`assert.ok(success && authed && req._authenticatedWebhook);`
45	`});`
46
47	`it('should validate basic auth credentials are incorrect', function () {`
48	`let success = false,`
49	`res = new Response(),`
50	`req = new Request({}, {`
51	`authorization: 'Basic ' + Buffer.from('un2:pw2').toString('base64')`
52	`});`
53
54	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
55	`// The return value should be false and the callback should not have been called`
56	`assert.strictEqual(success \|\| authed \|\| !!req._authenticatedWebhook, false);`
57	`// If a response object is given then an unauthorized response should be sent`
58	`assert.ok(res.wasUnauthorized());`
59	`});`
60
61	`it('should validate auth token are correct', function () {`
62	`// Change config to auth token.`
63	`pubsub.config.auth_type = 'token';`
64	`pubsub.config.url = 'http://axwaylocal.com';`
65	`pubsub.config.auth_token = 'test-token';`
66	`delete pubsub.config.auth_user;`
67	`delete pubsub.config.auth_pass;`
68	`let success = false,`
69	`res = new Response(),`
70	`req = new Request({}, {`
71	`'x-auth-token': 'test-token'`
72	`});`
73
74	`// Correct creds`
75	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
76	`assert.ok(success && authed && req._authenticatedWebhook);`
77	`});`
78
79	`it('should validate auth token are incorrect', function () {`
80	`// Incorrect creds`
81	`let success = false,`
82	`res = new Response(),`
83	`req = new Request({}, {`
84	`'x-auth-token': 'not-this'`
85	`});`
86
87	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
88	`assert.strictEqual(success \|\| authed \|\| !!req._authenticatedWebhook, false);`
89	`assert.ok(res.wasUnauthorized());`
90	`});`
91
92	`it('should validate key/secret signature is correct', function () {`
93	`// Change config to key/secret.`
94	`pubsub.config.auth_type = 'key_secret';`
95	`delete pubsub.config.auth_token;`
96
97	`let success = false,`
98	`res = new Response(),`
99	`body = { event: 'com.test.event' },`
100	`req = new Request(body, {`
101	`'x-signature': crypto.createHmac('SHA256', pubsub.secret).update(JSON.stringify(body)).digest('hex')`
102	`});`
103
104	`// Correct creds`
105	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
106	`assert.ok(success && authed && req._authenticatedWebhook);`
107	`});`
108
109	`it('should validate key/secret signature is incorrect', function () {`
110	`// Incorrect creds`
111	`let success = false,`
112	`res = new Response(),`
113	`req = new Request({}, {`
114	`'x-signature': 'not-this'`
115	`});`
116
117	`let authed = pubsub.authenticateWebhook(req, res, () => success = true);`
118	`assert.strictEqual(success \|\| authed \|\| !!req._authenticatedWebhook, false);`
119	`assert.ok(res.wasUnauthorized());`
120	`});`
121
122	`it('should emit using an exact event name', function (done) {`
123	`let topic = pubsub.config.topics[0],`
124	`payload = { topic };`
125
126	`// Set the listener`
127	`pubsub.on('event:' + topic, function (data) {`
128	`// The request body should be passed through`
129	`assert.strictEqual(data, payload);`
130	`done();`
131	`});`
132	`// Spoof an webhook request skipping authentication`
133	`pubsub.config.auth_type = null;`
134	`pubsub.handleWebhook(new Request(payload), new Response());`
135	`});`
136
137	`it('should not receive an unrelated event', function () {`
138	`let topic = 'com.unrelated.event',`
139	`payload = { topic };`
140
141	`// Set the listener`
142	`pubsub.on('event:com.different.event', function () {`
143	`assert.fail('Listener should not have been called');`
144	`});`
145	`pubsub.handleWebhook(new Request(payload), new Response());`
146	`});`
147	`});`