-
Notifications
You must be signed in to change notification settings - Fork 12
/
authentication_test.go
119 lines (103 loc) · 3.12 KB
/
authentication_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package main_test
import (
"net/http"
"net/http/httptest"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var _ = TestWebhookHandler(func(context WebhookTestContext) {
Describe("authentication", func() {
var (
handle = context.Handle
headers = context.Headers
requestJSON = context.RequestJSON
responseRecorder *httptest.ResponseRecorder
)
BeforeEach(func() {
responseRecorder = *context.ResponseRecorder
})
Context("with an empty X-Hub-Signature header", func() {
headers.Is(func() map[string]string {
return map[string]string{
"X-Hub-Signature": "",
}
})
It("fails with StatusUnauthorized", func() {
handle()
Expect(responseRecorder.Code).To(Equal(http.StatusUnauthorized))
})
})
Context("with an invalid X-Hub-Signature header", func() {
requestJSON.Is(func() string {
return "{}"
})
headers.Is(func() map[string]string {
return map[string]string{
"X-Hub-Signature": "sha1=2f539a59127d552f4565b1a114ec8f4fa2d55f55",
}
})
It("fails with StatusForbidden", func() {
handle()
Expect(responseRecorder.Code).To(Equal(http.StatusForbidden))
})
})
Context("with an empty request with a proper signature", func() {
var validSignature = "sha1=33c829a9c355e7722cb74d25dfa54c6c623cde63"
requestJSON.Is(func() string {
return "{}"
})
headers.Is(func() map[string]string {
return map[string]string{
"X-Hub-Signature": validSignature,
}
})
It("succeeds with 'ignored' response", func() {
handle()
Expect(responseRecorder.Code).To(Equal(http.StatusOK))
Expect(responseRecorder.Body.String()).To(ContainSubstring("Ignoring"))
})
Context("with a gibberish event", func() {
headers.Is(func() map[string]string {
return map[string]string{
"X-Hub-Signature": validSignature,
"X-Github-Event": "gibberish",
}
})
It("succeeds with 'ignored' response", func() {
handle()
Expect(responseRecorder.Code).To(Equal(http.StatusOK))
Expect(responseRecorder.Body.String()).To(ContainSubstring("Ignoring"))
})
})
})
Context("with a valid signature", func() {
Describe("issue_comment event", func() {
headers.Is(func() map[string]string {
return map[string]string{
"X-Github-Event": "issue_comment",
}
})
Context("with an arbitrary comment", func() {
requestJSON.Is(func() string {
return IssueCommentEvent("just a simple comment", arbitraryIssueAuthor)
})
It("succeeds with 'ignored' response", func() {
handle()
Expect(responseRecorder.Code).To(Equal(http.StatusOK))
Expect(responseRecorder.Body.String()).To(ContainSubstring("Ignoring"))
})
})
Context("with a '!mergethis' comment (without space after '!merge')", func() {
requestJSON.Is(func() string {
return IssueCommentEvent("!mergethis", arbitraryIssueAuthor)
})
It("succeeds with 'ignored' response", func() {
handle()
Expect(responseRecorder.Code).To(Equal(http.StatusOK))
Expect(responseRecorder.Body.String()).To(ContainSubstring("Ignoring"))
})
})
})
})
})
})