Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
trabajo-afectivo/spec/requests/channels_twitter_spec.rb

133 lines
4.8 KiB
Ruby
Raw Permalink Normal View History

Maintenance: Update copyright header.
2022-01-01 13:38:12 +00:00
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
Maintenance: Update copyright information and add a new rubocop cop to watch over it.
2021-06-01 12:20:20 +00:00
Request-spec controller actions for Twitter API webhook This is the first of many commits to add missing test coverage for Zammad's Twitter functionality. The testing process begins from the broadest scope possible, and will proceed in future commits to more granular, fine-grained behaviors. (Request specs provide integration testing at the controller level, and webhook controller actions are the main point of entry for incoming Twitter API functionality.)
2019-12-04 06:37:30 +00:00
require 'rails_helper'
RSpec.describe 'Twitter channel API endpoints', type: :request do
let!(:twitter_channel) { create(:twitter_channel) }
Improve Twitter-related factories The Channel & ExternalCredential factories used for Twitter-related tests originally contained attributes that did not reflect those created during actual use (e.g., the Channel#options hash does not store a consumer key or secret in practice, but the factory for it did). This commit makes tests more realistic by amending the factories so that the attributes/data they hold matches the format found in actual use.
2020-02-17 10:37:36 +00:00
let(:twitter_credential) { ExternalCredential.find(twitter_channel.options[:auth][:external_credential_id]) }
Request-spec controller actions for Twitter API webhook This is the first of many commits to add missing test coverage for Zammad's Twitter functionality. The testing process begins from the broadest scope possible, and will proceed in future commits to more granular, fine-grained behaviors. (Request specs provide integration testing at the controller level, and webhook controller actions are the main point of entry for incoming Twitter API functionality.)
2019-12-04 06:37:30 +00:00
let(:hash_signature) { %(sha256=#{Base64.strict_encode64(OpenSSL::HMAC.digest('sha256', consumer_secret, payload))}) }
let(:consumer_secret) { twitter_credential.credentials[:consumer_secret] }
# What's this all about? See the "Challenge-Response Checks" section of this article:
# https://developer.twitter.com/en/docs/accounts-and-users/subscribe-account-activity/guides/securing-webhooks
describe 'GET /api/v1/channels_twitter_webhook' do
let(:payload) { params[:crc_token] }
let(:params) { { crc_token: 'foo' } }
context 'with consumer secret and "crc_token" param' do
it 'responds with { response_token: <hash_signature> }' do
get '/api/v1/channels_twitter_webhook', params: params, as: :json
expect(json_response).to eq('response_token' => hash_signature)
end
end
context 'without valid twitter credentials in the DB' do
Refactoring: Remove test redundancies (from 9409d17de) 9409d17de added test coverage that turned out to overlap with existing tests. This commit removes the old test cases to eliminate redundancy, and polishes some of the language in the new test case descriptions.
2019-12-04 06:37:30 +00:00
before do
twitter_credential.credentials.delete(:consumer_secret)
twitter_credential.save!
end
Request-spec controller actions for Twitter API webhook This is the first of many commits to add missing test coverage for Zammad's Twitter functionality. The testing process begins from the broadest scope possible, and will proceed in future commits to more granular, fine-grained behaviors. (Request specs provide integration testing at the controller level, and webhook controller actions are the main point of entry for incoming Twitter API functionality.)
2019-12-04 06:37:30 +00:00
it 'responds 422 Unprocessable Entity' do
get '/api/v1/channels_twitter_webhook', params: params, as: :json
expect(response).to have_http_status(:unprocessable_entity)
end
end
context 'without "crc_token" param' do
Refactoring: Remove test redundancies (from 9409d17de) 9409d17de added test coverage that turned out to overlap with existing tests. This commit removes the old test cases to eliminate redundancy, and polishes some of the language in the new test case descriptions.
2019-12-04 06:37:30 +00:00
before { params.delete(:crc_token) }
Request-spec controller actions for Twitter API webhook This is the first of many commits to add missing test coverage for Zammad's Twitter functionality. The testing process begins from the broadest scope possible, and will proceed in future commits to more granular, fine-grained behaviors. (Request specs provide integration testing at the controller level, and webhook controller actions are the main point of entry for incoming Twitter API functionality.)
2019-12-04 06:37:30 +00:00
it 'responds 422 Unprocessable Entity' do
get '/api/v1/channels_twitter_webhook', params: params, as: :json
expect(response).to have_http_status(:unprocessable_entity)
end
end
end
describe 'POST /api/v1/channels_twitter_webhook' do
Maintenance: Rubocop enforces %r{} regular expression style
2021-05-12 11:37:44 +00:00
let(:payload) { params.stringify_keys.to_s.gsub(%r{=>}, ':').delete(' ') }
Request-spec controller actions for Twitter API webhook This is the first of many commits to add missing test coverage for Zammad's Twitter functionality. The testing process begins from the broadest scope possible, and will proceed in future commits to more granular, fine-grained behaviors. (Request specs provide integration testing at the controller level, and webhook controller actions are the main point of entry for incoming Twitter API functionality.)
2019-12-04 06:37:30 +00:00
let(:headers) { { 'x-twitter-webhooks-signature': hash_signature } }
Refactoring: Remove test redundancies (from 9409d17de) 9409d17de added test coverage that turned out to overlap with existing tests. This commit removes the old test cases to eliminate redundancy, and polishes some of the language in the new test case descriptions.
2019-12-04 06:37:30 +00:00
let(:params) { { foo: 'bar', for_user_id: twitter_channel.options[:user][:id] } }
Request-spec controller actions for Twitter API webhook This is the first of many commits to add missing test coverage for Zammad's Twitter functionality. The testing process begins from the broadest scope possible, and will proceed in future commits to more granular, fine-grained behaviors. (Request specs provide integration testing at the controller level, and webhook controller actions are the main point of entry for incoming Twitter API functionality.)
2019-12-04 06:37:30 +00:00
# What's this all about? See the "Optional signature header validation" section of this article:
# https://developer.twitter.com/en/docs/accounts-and-users/subscribe-account-activity/guides/securing-webhooks
describe 'hash signature validation' do
context 'with valid params and headers (i.e., not one of the failure cases below)' do
it 'responds 200 OK' do
post '/api/v1/channels_twitter_webhook', params: params, headers: headers, as: :json
expect(response).to have_http_status(:ok)
end
end
describe '"x-twitter-webhooks-signature" header' do
context 'when absent' do
let(:headers) { {} }
it 'responds 422 Unprocessable Entity' do
post '/api/v1/channels_twitter_webhook', params: params, headers: headers, as: :json
expect(response).to have_http_status(:unprocessable_entity)
end
end
Refactoring: Remove test redundancies (from 9409d17de) 9409d17de added test coverage that turned out to overlap with existing tests. This commit removes the old test cases to eliminate redundancy, and polishes some of the language in the new test case descriptions.
2019-12-04 06:37:30 +00:00
context 'when invalid (not based on consumer secret + payload)' do
let(:headers) { { 'x-twitter-webhooks-signature': 'Not a valid signature' } }
Request-spec controller actions for Twitter API webhook This is the first of many commits to add missing test coverage for Zammad's Twitter functionality. The testing process begins from the broadest scope possible, and will proceed in future commits to more granular, fine-grained behaviors. (Request specs provide integration testing at the controller level, and webhook controller actions are the main point of entry for incoming Twitter API functionality.)
2019-12-04 06:37:30 +00:00
it 'responds 401 Not Authorized' do
post '/api/v1/channels_twitter_webhook', params: params, headers: headers, as: :json
expect(response).to have_http_status(:unauthorized)
end
end
end
describe '"for_user_id" param' do
context 'when absent' do
let(:params) { { foo: 'bar' } }
it 'responds 422 Unprocessable Entity' do
post '/api/v1/channels_twitter_webhook', params: params, headers: headers, as: :json
expect(response).to have_http_status(:unprocessable_entity)
end
end
context 'without corresponding Channel' do
let(:params) { { foo: 'bar', for_user_id: 'no_such_user' } }
it 'responds 422 Unprocessable Entity' do
post '/api/v1/channels_twitter_webhook', params: params, headers: headers, as: :json
expect(response).to have_http_status(:unprocessable_entity)
end
end
end
end
describe 'core behavior' do
before do
allow(TwitterSync).to receive(:new).and_return(twitter_sync)
allow(twitter_sync).to receive(:process_webhook)
end
let(:twitter_sync) { instance_double('TwitterSync') }
it 'delegates to TwitterSync#process_webhook' do
post '/api/v1/channels_twitter_webhook', params: params, headers: headers, as: :json
expect(twitter_sync).to have_received(:process_webhook).with(twitter_channel)
end
it 'responds with an empty hash' do
post '/api/v1/channels_twitter_webhook', params: params, headers: headers, as: :json
expect(json_response).to eq({})
end
end
end
end
Reference in a new issue Copy permalink