-
Notifications
You must be signed in to change notification settings - Fork 0
/
verifier_test.go
101 lines (83 loc) · 2.85 KB
/
verifier_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package slackbot
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"encoding/json"
"fmt"
"github.com/gin-gonic/gin/render"
"github.com/slack-go/slack"
"net/http"
"testing"
"time"
"github.com/gin-gonic/gin"
)
func TestSlackVerifierReturnsServerErrorWhenSecretsVerifierFailsInitialization(t *testing.T) {
bot := newBot()
engine := gin.New()
engine.Use(bot.newSlackVerifierMiddleware())
engine.POST("/test", func(context *gin.Context) {
context.Render(http.StatusOK, render.Data{ContentType: "application/json; charset=utf-8", Data: []byte("")})
})
e := getHttpExpect(t, engine)
// Assert response
e.POST("/test").
WithJSON(slack.SlashCommand{}).
Expect().
Status(http.StatusInternalServerError)
}
func TestSlackVerifierSucceedsWhenSignaturesMatch(t *testing.T) {
requestTimestamp := fmt.Sprintf("%d", time.Now().Unix())
signingSecret := "e6b19c573432dcc6b075501d51b51bb8"
bot := NewBot("token", signingSecret)
// create a request
request := slack.SlashCommand{}
requestBytes, _ := json.Marshal(request)
// create the signature for the request
hash := hmac.New(sha256.New, []byte(signingSecret))
hash.Write([]byte(fmt.Sprintf("v0:%s:", requestTimestamp)))
hash.Write(requestBytes)
computedHash := hex.EncodeToString(hash.Sum(nil))
// set up gin with the verifier middleware
engine := gin.New()
engine.Use(bot.newSlackVerifierMiddleware())
engine.POST("/test", func(context *gin.Context) {
context.Status(http.StatusOK)
})
// make a request with valid signature headers
e := getHttpExpect(t, engine)
e.POST("/test").
WithHeader("X-Slack-Signature", fmt.Sprintf("v0=%s", computedHash)).
WithHeader("X-Slack-Request-Timestamp", requestTimestamp).
WithHeader("Content-Type", "application/json; charset=utf-8").
WithBytes(requestBytes).
Expect().
Status(http.StatusOK)
}
func TestSlackVerifierReturnsUnauthorizedErrorWhenSignaturesDoNotMatch(t *testing.T) {
requestTimestamp := fmt.Sprintf("%d", time.Now().Unix())
bot := NewBot("token", "secret1")
// create a request
request := slack.SlashCommand{}
requestBytes, _ := json.Marshal(request)
// create the signature for the request
hash := hmac.New(sha256.New, []byte("secret2"))
hash.Write([]byte(fmt.Sprintf("v0:%s:", requestTimestamp)))
hash.Write(requestBytes)
computedHash := hex.EncodeToString(hash.Sum(nil))
// set up gin with the verifier middleware
engine := gin.New()
engine.Use(bot.newSlackVerifierMiddleware())
engine.POST("/test", func(context *gin.Context) {
context.Status(http.StatusOK)
})
// make a request with valid signature headers
e := getHttpExpect(t, engine)
e.POST("/test").
WithHeader("X-Slack-Signature", fmt.Sprintf("v0=%s", computedHash)).
WithHeader("X-Slack-Request-Timestamp", requestTimestamp).
WithHeader("Content-Type", "application/json; charset=utf-8").
WithBytes(requestBytes).
Expect().
Status(http.StatusUnauthorized)
}