public void WhenDeleteWithUnknownId_ThenThrowsNotFound()
{
store.Setup(s => s.Find("auserid"))
.Returns(new List <WebhookSubscription>());
Assert.That(() => service.Delete(new DeleteSubscription
{
Id = "anunknownid"
}), ThrowsHttpError.WithStatusCode(HttpStatusCode.NotFound));
}
public void WhenUpdateWithUnknownId_ThenThrowsNotFound()
{
store.Setup(s => s.Get(It.IsAny <string>()))
.Returns((WebhookSubscription)null);
Assert.That(() => service.Put(new UpdateSubscription
{
Id = "anunknownid"
}), ThrowsHttpError.WithStatusCode(HttpStatusCode.NotFound));
}
public void WhenPostAndSameUserIdSameEventAndSameUrl_ThenThrowsConflict()
{
store.Setup(s => s.Get("auserid", "anevent1"))
.Returns(new WebhookSubscription
{
CreatedById = "auserid",
Event = "anevent1"
});
Assert.That(() => service.Post(new CreateSubscription
{
Name = "aname",
Events = new List <string> {
"anevent1"
},
Config = new SubscriptionConfig
{
Url = "aurl"
}
}), ThrowsHttpError.WithStatusCode(HttpStatusCode.Conflict));
store.Verify(s => s.Add(It.IsAny <WebhookSubscription>()), Times.Never);
}
public void WhenPreAuthenticateAndWrongSignature_ThenThrowsUnauthorized()
{
var body = Encoding.UTF8.GetBytes("abody");
var signature = Webhooks.Security.HmacUtils.CreateHmacSignature(body, "awrongsecret");
using (var stream = MemoryStreamFactory.GetStream(body))
{
var request = new MockHttpRequest
{
InputStream = stream,
Headers = new NameValueCollection
{
{ WebhookEventConstants.SecretSignatureHeaderName, signature }
},
IsSecureConnection = true
};
provider.Secret = "asecret";
Assert.That(() => provider.PreAuthenticate(request, new MockHttpResponse(request)),
ThrowsHttpError.WithStatusCode(HttpStatusCode.Unauthorized));
}
}
public void WhenPreAuthenticateAndRequestNotSecureConnection_ThenThrowsForbidden()
{
var body = Encoding.UTF8.GetBytes("abody");
var signature = Webhooks.Security.HmacUtils.CreateHmacSignature(body, "asecret");
using (var stream = MemoryStreamFactory.GetStream(body))
{
var request = new MockHttpRequest
{
InputStream = stream,
Headers = new NameValueCollectionWrapper(new NameValueCollection
{
{ WebhookEventConstants.SecretSignatureHeaderName, signature }
}),
IsSecureConnection = false
};
provider.Secret = null;
Assert.That(() => provider.PreAuthenticate(request, new MockHttpResponse(request)),
ThrowsHttpError.WithStatusCode(HttpStatusCode.Forbidden));
}
}
public void WhenAuthorizeSubscriptionServiceRequestsAndForUpdateHistorySubscriptionAndAuthenticatedInWrongRole_ThenThrowsForbidden()
{
var feature = new WebhookFeature();
feature.Register(appHost);
var request = new MockHttpRequest
{
PathInfo = new UpdateSubscriptionHistory().ToPutUrl(),
Dto = new UpdateSubscriptionHistory()
};
request.Items.Add(Keywords.Session, new AuthUserSession
{
IsAuthenticated = true,
UserAuthId = "auserid",
Roles = new List <string> {
"anotherrole"
}
});
var response = new MockHttpResponse(request);
Assert.That(() => feature.AuthorizeSubscriptionServiceRequests(request, response, new TestDto()), ThrowsHttpError.WithStatusCode(HttpStatusCode.Forbidden));
}
public void WhenAuthorizeSubscriptionServiceRequestsAndForSubscriptionServiceAndUnauthenticated_ThenThrowsUnauthorized()
{
var feature = new WebhookFeature();
feature.Register(appHost);
var request = new MockHttpRequest
{
Dto = new GetSubscription()
};
var response = new MockHttpResponse(request);
Assert.That(() => feature.AuthorizeSubscriptionServiceRequests(request, response, new TestDto()), ThrowsHttpError.WithStatusCode(HttpStatusCode.Unauthorized));
}
