134 lines
3.4 KiB
Lua
134 lines
3.4 KiB
Lua
local PLUGIN_NAME = "standard-webhooks"
|
|
local helpers = require "spec.helpers"
|
|
local swh = require "kong.plugins.standard-webhooks.internal"
|
|
|
|
local SECRET = "MfKQ9r8GKYqrTwjUPD8ILPZIo2LaLaSw"
|
|
local MESSAGE_ID = "msg_p5jXN8AQM9LWM0D4loKWxJek"
|
|
|
|
for _, strategy in helpers.all_strategies() do
|
|
local client
|
|
|
|
describe(PLUGIN_NAME .. ": (Access)", function()
|
|
lazy_setup(function()
|
|
local bp = helpers.get_db_utils(strategy, {"routes", "services", "plugins"}, {PLUGIN_NAME})
|
|
|
|
local r = bp.routes:insert({
|
|
paths = {"/"}
|
|
})
|
|
|
|
bp.plugins:insert{
|
|
route = r,
|
|
name = PLUGIN_NAME,
|
|
config = {
|
|
secret_v1 = SECRET
|
|
}
|
|
}
|
|
|
|
-- start kong
|
|
assert(helpers.start_kong({
|
|
-- set the strategy
|
|
database = strategy,
|
|
-- use the custom test template to create a local mock server
|
|
nginx_conf = "spec/fixtures/custom_nginx.template",
|
|
-- write & load declarative config, only if 'strategy=off'
|
|
declarative_config = strategy == "off" and helpers.make_yaml_file() or nil
|
|
}))
|
|
end)
|
|
lazy_teardown(function()
|
|
helpers.stop_kong()
|
|
end)
|
|
|
|
before_each(function()
|
|
client = helpers.proxy_client()
|
|
end)
|
|
|
|
after_each(function()
|
|
if client then
|
|
client:close()
|
|
end
|
|
end)
|
|
|
|
it("rejects missing headers", function()
|
|
local res = client:post("/", {
|
|
headers = {
|
|
["Content-Type"] = "application/json",
|
|
["webhook-id"] = MESSAGE_ID,
|
|
["webhook-timestamp"] = math.floor(ngx.now())
|
|
},
|
|
body = {
|
|
foo = "bar"
|
|
}
|
|
})
|
|
|
|
assert.response(res).has.status(400)
|
|
end)
|
|
|
|
it("rejects invalid timestamp", function()
|
|
local res = client:post("/", {
|
|
headers = {
|
|
["Content-Type"] = "application/json",
|
|
["webhook-id"] = MESSAGE_ID,
|
|
["webhook-signature"] = "asdf",
|
|
["webhook-timestamp"] = "XYZ"
|
|
},
|
|
body = {
|
|
foo = "bar"
|
|
}
|
|
})
|
|
|
|
assert.response(res).has.status(400)
|
|
end)
|
|
|
|
it("rejects missing body", function()
|
|
local res = client:post("/", {
|
|
headers = {
|
|
["Content-Type"] = "application/json",
|
|
["webhook-id"] = MESSAGE_ID,
|
|
["webhook-signature"] = "asdf",
|
|
["webhook-timestamp"] = math.floor(ngx.now())
|
|
}
|
|
})
|
|
|
|
assert.response(res).has.status(400)
|
|
end)
|
|
|
|
it("accepts correct signature", function()
|
|
local ts = math.floor(ngx.now())
|
|
local signature = swh.sign(SECRET, MESSAGE_ID, ts, '{"foo":"bar"}')
|
|
|
|
local res = client:post("/", {
|
|
headers = {
|
|
["Content-Type"] = "application/json",
|
|
["webhook-id"] = MESSAGE_ID,
|
|
["webhook-signature"] = signature,
|
|
["webhook-timestamp"] = ts
|
|
},
|
|
body = {
|
|
foo = "bar"
|
|
}
|
|
})
|
|
|
|
assert.response(res).has.status(200)
|
|
end)
|
|
|
|
it("fails because the timestamp tolerance is exceeded", function()
|
|
local ts = math.floor(ngx.now()) - 6 * 60
|
|
local signature = swh.sign(SECRET, MESSAGE_ID, ts, '{"foo":"bar"}')
|
|
|
|
local res = client:post("/", {
|
|
headers = {
|
|
["Content-Type"] = "application/json",
|
|
["webhook-id"] = MESSAGE_ID,
|
|
["webhook-signature"] = signature,
|
|
["webhook-timestamp"] = ts
|
|
},
|
|
body = {
|
|
foo = "bar"
|
|
}
|
|
})
|
|
|
|
assert.response(res).has.status(400)
|
|
end)
|
|
end)
|
|
end
|