-
Notifications
You must be signed in to change notification settings - Fork 321
Expand file tree
/
Copy pathsendgrid_webhook_verification_spec.rb
More file actions
142 lines (126 loc) · 5.46 KB
/
sendgrid_webhook_verification_spec.rb
File metadata and controls
142 lines (126 loc) · 5.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
require 'spec_helper'
require 'rack/mock'
require './spec/fixtures/event_webhook'
unless RUBY_PLATFORM == 'java'
describe Rack::SendGridWebhookVerification do
let(:public_key) { Fixtures::EventWebhook::PUBLIC_KEY }
before do
@app = ->(_env) { [200, { 'Content-Type' => 'text/plain' }, ['Hello']] }
end
describe 'new' do
it 'should initialize with an app, public key and a path' do
expect do
Rack::SendGridWebhookVerification.new(@app, 'ABC', %r{/email})
end.not_to raise_error
end
it 'should initialize with an app, public key and paths' do
expect do
Rack::SendGridWebhookVerification.new(@app, 'ABC', %r{/email}, %r{/event})
end.not_to raise_error
end
end
describe 'calling against one path' do
let(:middleware) { Rack::SendGridWebhookVerification.new(@app, public_key, %r{/email}) }
it "should not intercept when the path doesn't match" do
expect(SendGrid::EventWebhook).to_not receive(:new)
request = Rack::MockRequest.env_for('/login')
status, headers, body = middleware.call(request)
expect(status).to eq(200)
end
it 'should allow a request through if it is verified' do
options = {
:input => Fixtures::EventWebhook::PAYLOAD,
'Content-Type' => "application/json"
}
options[SendGrid::EventWebhookHeader::SIGNATURE] = Fixtures::EventWebhook::SIGNATURE
options[SendGrid::EventWebhookHeader::TIMESTAMP] = Fixtures::EventWebhook::TIMESTAMP
request = Rack::MockRequest.env_for('/email', options)
status, headers, body = middleware.call(request)
expect(status).to eq(200)
end
it 'should short circuit a request to 403 if there is no signature or timestamp' do
options = {
:input => Fixtures::EventWebhook::PAYLOAD,
'Content-Type' => "application/json"
}
request = Rack::MockRequest.env_for('/email', options)
status, headers, body = middleware.call(request)
expect(status).to eq(403)
end
it 'should short circuit a request to 403 if the signature is incorrect' do
options = {
:input => Fixtures::EventWebhook::PAYLOAD,
'Content-Type' => "application/json"
}
options[SendGrid::EventWebhookHeader::SIGNATURE] = Fixtures::EventWebhook::FAILING_SIGNATURE
options[SendGrid::EventWebhookHeader::TIMESTAMP] = Fixtures::EventWebhook::TIMESTAMP
request = Rack::MockRequest.env_for('/email', options)
status, headers, body = middleware.call(request)
expect(status).to eq(403)
end
it 'should short circuit a request to 403 if the payload is incorrect' do
options = {
:input => 'payload',
'Content-Type' => "application/json"
}
options[SendGrid::EventWebhookHeader::SIGNATURE] = Fixtures::EventWebhook::SIGNATURE
options[SendGrid::EventWebhookHeader::TIMESTAMP] = Fixtures::EventWebhook::TIMESTAMP
request = Rack::MockRequest.env_for('/email', options)
status, headers, body = middleware.call(request)
expect(status).to eq(403)
end
end
describe 'calling with multiple paths' do
let(:middleware) { Rack::SendGridWebhookVerification.new(@app, public_key, %r{/email}, %r{/events}) }
it "should not intercept when the path doesn't match" do
expect(SendGrid::EventWebhook).to_not receive(:new)
request = Rack::MockRequest.env_for('/sms_events')
status, headers, body = middleware.call(request)
expect(status).to eq(200)
end
it 'should allow a request through if it is verified' do
options = {
:input => Fixtures::EventWebhook::PAYLOAD,
'Content-Type' => "application/json"
}
options[SendGrid::EventWebhookHeader::SIGNATURE] = Fixtures::EventWebhook::SIGNATURE
options[SendGrid::EventWebhookHeader::TIMESTAMP] = Fixtures::EventWebhook::TIMESTAMP
request = Rack::MockRequest.env_for('/events', options)
status, headers, body = middleware.call(request)
expect(status).to eq(200)
end
it 'should short circuit a request to 403 if there is no signature or timestamp' do
options = {
:input => Fixtures::EventWebhook::PAYLOAD,
'Content-Type' => "application/json"
}
request = Rack::MockRequest.env_for('/events', options)
status, headers, body = middleware.call(request)
expect(status).to eq(403)
end
end
describe 'request body which passed to an app' do
before do
@payload = nil
@spy_app = lambda do |env|
@payload = Rack::Request.new(env).body
[200, { 'Content-Type' => 'text/plain' }, ['Hello']]
end
end
let(:middleware) { Rack::SendGridWebhookVerification.new(@spy_app, public_key, %r{/email}) }
it 'keeps original reading position' do
options = {
:input => Fixtures::EventWebhook::PAYLOAD,
'Content-Type' => "application/json"
}
options[SendGrid::EventWebhookHeader::SIGNATURE] = Fixtures::EventWebhook::SIGNATURE
options[SendGrid::EventWebhookHeader::TIMESTAMP] = Fixtures::EventWebhook::TIMESTAMP
request = Rack::MockRequest.env_for('/email', options)
status, headers, body = middleware.call(request)
expect(status).to eq(200)
expect(@payload).not_to be_nil
expect(@payload.pos).to be_zero
end
end
end
end