|
6 | 6 | "github.com/stretchr/testify/assert" |
7 | 7 |
|
8 | 8 | "bytes" |
| 9 | + "database/sql" |
9 | 10 | "database/sql/driver" |
10 | 11 | "encoding/json" |
11 | 12 | "fmt" |
@@ -45,7 +46,7 @@ func TestGitHubPush(t *testing.T) { |
45 | 46 | req, _ := http.NewRequest("POST", server.URL+"/webhooks/github/", bytes.NewReader([]byte(PushJson))) |
46 | 47 | req.Header.Set("X-GitHub-Event", "push") |
47 | 48 | req.Header.Set("Content-Type", "application/json") |
48 | | - req.Header.Set("X-Hub-Signature", PushJson) |
| 49 | + req.Header.Set("X-Hub-Signature", PushSha) |
49 | 50 |
|
50 | 51 | testdb.SetExecWithArgsFunc(func(query string, args []driver.Value) (driver.Result, error) { |
51 | 52 |
|
@@ -112,6 +113,146 @@ func TestGitHubPush(t *testing.T) { |
112 | 113 | } |
113 | 114 | } |
114 | 115 |
|
| 116 | +func TestGitHubPushProjectNotFound(t *testing.T) { |
| 117 | + |
| 118 | + server := httptest.NewServer(CreateApp()) |
| 119 | + |
| 120 | + req, _ := http.NewRequest("POST", server.URL+"/webhooks/github/", bytes.NewReader([]byte(PushJson))) |
| 121 | + req.Header.Set("X-GitHub-Event", "push") |
| 122 | + req.Header.Set("Content-Type", "application/json") |
| 123 | + req.Header.Set("X-Hub-Signature", PushSha) |
| 124 | + |
| 125 | + testdb.SetQueryWithArgsFunc(func(query string, args []driver.Value) (result driver.Rows, err error) { |
| 126 | + |
| 127 | + if strings.Contains(query, "project.get_github_secret") { |
| 128 | + |
| 129 | + return nil, sql.ErrNoRows |
| 130 | + } |
| 131 | + |
| 132 | + return nil, fmt.Errorf("SQL_ERROR") |
| 133 | + }) |
| 134 | + |
| 135 | + if response, err := (&http.Client{}).Do(req); assert.NoError(t, err) { |
| 136 | + |
| 137 | + if assert.Equal(t, http.StatusNotFound, response.StatusCode) { |
| 138 | + |
| 139 | + var resp struct { |
| 140 | + Success bool `json:"success"` |
| 141 | + Code int `json:"code"` |
| 142 | + Error string `json:"error"` |
| 143 | + } |
| 144 | + if err := json.NewDecoder(response.Body).Decode(&resp); assert.NoError(t, err) { |
| 145 | + |
| 146 | + if assert.False(t, resp.Success) { |
| 147 | + |
| 148 | + assert.Equal(t, "Project not nound", resp.Error) |
| 149 | + } |
| 150 | + } |
| 151 | + } |
| 152 | + } |
| 153 | +} |
| 154 | + |
| 155 | +func TestGitHubPushMissingSignature(t *testing.T) { |
| 156 | + |
| 157 | + server := httptest.NewServer(CreateApp()) |
| 158 | + |
| 159 | + req, _ := http.NewRequest("POST", server.URL+"/webhooks/github/", bytes.NewReader([]byte(PushJson))) |
| 160 | + req.Header.Set("X-GitHub-Event", "push") |
| 161 | + req.Header.Set("Content-Type", "application/json") |
| 162 | + |
| 163 | + testdb.SetQueryWithArgsFunc(func(query string, args []driver.Value) (result driver.Rows, err error) { |
| 164 | + |
| 165 | + if strings.Contains(query, "project.get_github_secret") { |
| 166 | + |
| 167 | + if assert.Len(t, args, 1) { |
| 168 | + |
| 169 | + assert.Equal(t, "postgres-ci/http200ok", args[0].(string)) |
| 170 | + } |
| 171 | + |
| 172 | + var secret [][]driver.Value |
| 173 | + |
| 174 | + secret = append(secret, []driver.Value{"SeCrEt"}) |
| 175 | + |
| 176 | + return testdb.RowsFromSlice( |
| 177 | + []string{"secret"}, |
| 178 | + secret, |
| 179 | + ), nil |
| 180 | + } |
| 181 | + |
| 182 | + return nil, fmt.Errorf("SQL_ERROR") |
| 183 | + }) |
| 184 | + |
| 185 | + if response, err := (&http.Client{}).Do(req); assert.NoError(t, err) { |
| 186 | + |
| 187 | + if assert.Equal(t, http.StatusForbidden, response.StatusCode) { |
| 188 | + |
| 189 | + var resp struct { |
| 190 | + Success bool `json:"success"` |
| 191 | + Code int `json:"code"` |
| 192 | + Error string `json:"error"` |
| 193 | + } |
| 194 | + if err := json.NewDecoder(response.Body).Decode(&resp); assert.NoError(t, err) { |
| 195 | + |
| 196 | + if assert.False(t, resp.Success) { |
| 197 | + |
| 198 | + assert.Equal(t, "Missing X-Hub-Signature header", resp.Error) |
| 199 | + } |
| 200 | + } |
| 201 | + } |
| 202 | + } |
| 203 | +} |
| 204 | + |
| 205 | +func TestGitHubPushInvalidSecret(t *testing.T) { |
| 206 | + |
| 207 | + server := httptest.NewServer(CreateApp()) |
| 208 | + |
| 209 | + req, _ := http.NewRequest("POST", server.URL+"/webhooks/github/", bytes.NewReader([]byte(PushJson))) |
| 210 | + req.Header.Set("X-GitHub-Event", "push") |
| 211 | + req.Header.Set("Content-Type", "application/json") |
| 212 | + req.Header.Set("X-Hub-Signature", PushSha) |
| 213 | + |
| 214 | + testdb.SetQueryWithArgsFunc(func(query string, args []driver.Value) (result driver.Rows, err error) { |
| 215 | + |
| 216 | + if strings.Contains(query, "project.get_github_secret") { |
| 217 | + |
| 218 | + if assert.Len(t, args, 1) { |
| 219 | + |
| 220 | + assert.Equal(t, "postgres-ci/http200ok", args[0].(string)) |
| 221 | + } |
| 222 | + |
| 223 | + var secret [][]driver.Value |
| 224 | + |
| 225 | + secret = append(secret, []driver.Value{"InvalidSecret"}) |
| 226 | + |
| 227 | + return testdb.RowsFromSlice( |
| 228 | + []string{"secret"}, |
| 229 | + secret, |
| 230 | + ), nil |
| 231 | + } |
| 232 | + |
| 233 | + return nil, fmt.Errorf("SQL_ERROR") |
| 234 | + }) |
| 235 | + |
| 236 | + if response, err := (&http.Client{}).Do(req); assert.NoError(t, err) { |
| 237 | + |
| 238 | + if assert.Equal(t, http.StatusForbidden, response.StatusCode) { |
| 239 | + |
| 240 | + var resp struct { |
| 241 | + Success bool `json:"success"` |
| 242 | + Code int `json:"code"` |
| 243 | + Error string `json:"error"` |
| 244 | + } |
| 245 | + if err := json.NewDecoder(response.Body).Decode(&resp); assert.NoError(t, err) { |
| 246 | + |
| 247 | + if assert.False(t, resp.Success) { |
| 248 | + |
| 249 | + assert.Equal(t, "HMAC verification failed", resp.Error) |
| 250 | + } |
| 251 | + } |
| 252 | + } |
| 253 | + } |
| 254 | +} |
| 255 | + |
115 | 256 | const ( |
116 | 257 | PingSha = "sha1=27577ef3f3d983a7c34c4863cd3a36ad8a3ee128" |
117 | 258 | PushSha = "sha1=5067b0b79d686d09d7222ead1ffacfdb4a6b0364" |
|
0 commit comments