WIP: Include tests for CLI whck

Web tests for endpoints.php are probably broken at this point. Will be fixed in a later commit.
2022-02-19 00:03:02 +01:00 · 2022-02-19 00:03:02 +01:00 · 7eb833a59e
parent a72ceda21c
commit 7eb833a59e
10 changed files with 155 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -12,5 +12,11 @@ This repository contains the specification and tests for the forge webhook endpo
 Running tests requires the bats framework (`apt install bats`). You can run the `test.sh` script to start the tests. If you are not running from the implementation's folder, you may pass it as first argument the path to the program starting the local server (for tests).

 ```
-$ ./test.sh ~/endpoints.php/server
+$ ./test_web.sh ~/endpoints.php/server
+```
+
+If you're running test for a CLI program to check credentials (like [whck](https://tildegit.org/forge/whck)), use test_cli.sh instead:
+
+```
+$ ./test_cli.sh ~/whck/target/debug/whck
 ```
--- a/test_cli.sh
+++ b/test_cli.sh
@ -0,0 +1,15 @@
+#! /bin/bash
+
+# Test me with: ./test_cli.sh PATH/TO/PROGRAM
+
+SCRIPTDIR="$(dirname "$0")"
+
+ORIGDIR="$(pwd)"
+cd "$SCRIPTDIR"
+
+export FORGEHOOK="$(pwd)/tests/mock-forgehook.sh"
+export WHCK="$ORIGDIR"/"$1"
+
+bats tests/cli/*.bats
+
+cd "$ORIGDIR"
--- a/test_web.sh
+++ b/test_web.sh
@ -25,6 +25,6 @@ cd "$SCRIPTDIR"

 export FORGEHOOK="$(pwd)/tests/mock-forgehook.sh"
 export FORGEHOOKNOTIFY=/bin/true
-bats tests/*.bats
+bats tests/web/*.bats

 cd "$ORIGDIR"
--- a/tests/cli/gitea.bats
+++ b/tests/cli/gitea.bats
@ -0,0 +1,40 @@
+#! /bin/bash
+
+function setup {
+    # Load helper functions
+    load ../helper
+    # Which forgehook implementation to use?
+    if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
+
+    # Which CLI validator to use?
+    if [ -z "$WHCK" ]; then WHCK="whck"; fi
+   
+    export WHCK_DIR="$(mktemp -d)"
+}
+
+function teardown {
+    if [ -d $WHCK_DIR ]; then rm -r $WHCK_DIR; fi
+}
+
+@test "correct signature works" {
+    repo="https://tildegit.org/forge/hook.sh"
+    webhook="$(gen_webhook ../gitea.json "$repo")"
+    secret="$($FORGEHOOK secret $repo)"
+    echo -n "$secret" > $WHCK_DIR/identifier
+    sig="$(hash_hmac sha256 "$webhook" "$secret")"
+    # Can't echo "$webhook" | $WHCK because of bats bug which eats STDIN
+    # Can't $WHCK <<< "$webhook" because bash appends a trailing newline?!
+    run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
+    echo "$output"
+    [ $status -eq 0 ]
+}
+
+@test "incorrect signature fails" {
+    repo="https://tildegit.org/forge/hook.sh"
+    webhook="$(gen_webhook ../gitea.json "$repo")"
+    secret="$($FORGEHOOK secret $repo)"
+    echo -n "FAIL$secret" > $WHCK_DIR/identifier
+    sig="$(hash_hmac sha256 "$webhook" "$secret")"
+    run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
+    [ ! $status -eq 0 ]
+}
--- a/tests/cli/github.bats
+++ b/tests/cli/github.bats
@ -0,0 +1,40 @@
+#! /bin/bash
+
+function setup {
+    # Load helper functions
+    load ../helper
+    # Which forgehook implementation to use?
+    if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
+
+    # Which CLI validator to use?
+    if [ -z "$WHCK" ]; then WHCK="whck"; fi
+   
+    export WHCK_DIR="$(mktemp -d)"
+}
+
+function teardown {
+    if [ -d $WHCK_DIR ]; then rm -r $WHCK_DIR; fi
+}
+
+@test "correct signature works" {
+    repo="https://tildegit.org/forge/hook.sh"
+    webhook="$(gen_webhook ../github.json "$repo")"
+    secret="$($FORGEHOOK secret $repo)"
+    echo -n "$secret" > $WHCK_DIR/identifier
+    sig="$(hash_hmac sha256 "$webhook" "$secret")"
+    # Can't echo "$webhook" | $WHCK because of bats bug which eats STDIN
+    # Can't $WHCK <<< "$webhook" because bash appends a trailing newline?!
+    run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
+    echo "$output"
+    [ $status -eq 0 ]
+}
+
+@test "incorrect signature fails" {
+    repo="https://tildegit.org/forge/hook.sh"
+    webhook="$(gen_webhook ../gitea.json "$repo")"
+    secret="$($FORGEHOOK secret $repo)"
+    echo -n "FAIL$secret" > $WHCK_DIR/identifier
+    sig="$(hash_hmac sha256 "$webhook" "$secret")"
+    run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
+    [ ! $status -eq 0 ]
+}
--- a/tests/cli/gitlab.bats
+++ b/tests/cli/gitlab.bats
@ -0,0 +1,38 @@
+#! /bin/bash
+
+function setup {
+    # Load helper functions
+    load ../helper
+    # Which forgehook implementation to use?
+    if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
+
+    # Which CLI validator to use?
+    if [ -z "$WHCK" ]; then WHCK="whck"; fi
+   
+    export WHCK_DIR="$(mktemp -d)"
+}
+
+function teardown {
+    if [ -f $WHCK_DIR ]; then rm $WHCK_DIR; fi
+}
+
+@test "correct signature works" {
+    repo="https://tildegit.org/forge/hook.sh"
+    webhook="$(gen_webhook ../gitea.json "$repo")"
+    secret="$($FORGEHOOK secret $repo)"
+    echo -n "$secret" > $WHCK_DIR/identifier
+    # Can't echo "$webhook" | $WHCK because of bats bug which eats STDIN
+    # Can't $WHCK <<< "$webhook" because bash appends a trailing newline?!
+    run $WHCK token identifier "$secret" < <(echo -n "$webhook")
+    echo "$output"
+    [ $status -eq 0 ]
+}
+
+@test "incorrect signature fails" {
+    repo="https://tildegit.org/forge/hook.sh"
+    webhook="$(gen_webhook ../gitea.json "$repo")"
+    secret="$($FORGEHOOK secret $repo)"
+    echo -n "FAIL$secret" > $WHCK_DIR/identifier
+    run $WHCK token identifier "$secret" < <(echo -n "$webhook")
+    [ ! $status -eq 0 ]
+}
--- a/tests/helper.bash
+++ b/tests/helper.bash
@ -21,10 +21,12 @@ function gen_webhook() {
 #   SECRET: the secret for this transaction
 #   HEADER: where to store the secret
 function send_webhook {
-    echo "$2" > $TMPFILE
+    TMPFILE="$(mktemp)"
+    echo -n "$2" > $TMPFILE

    # We can make a few attempts, just in case the webserver hasn't started yet
    n=0
+    status=""
    while [[ "$status" != "0" ]]; do
        if [ $n -eq 3 ]; then
            # Failed to reach server after 3 attempts
@ -32,16 +34,20 @@ function send_webhook {
        fi
        # --data-binary so that newlines aren't broken
        # (otherwise, signature won't match)
-        run curl --header "Content-Type: application/json" \
+        output="$(curl --header "Content-Type: application/json" \
            --header ""$4": "$3"" \
            --request POST \
            --data-binary @$TMPFILE \
            -s -w "%{http_code}" \
-            "$1"
+            "$1")"
+        status=$?
+        rm $TMPFILE
        # Requested succeeded, break out of loop
        if [ $status -eq 0 ]; then
-            echo "$output"
-            if [[ ! "$output" = 200 ]]; then return 2; fi
+            if [[ ! "$output" = 200 ]]; then
+                echo "|$output|"
+                return 2
+            fi
            return 0;
        fi
        ((n++))
--- a/tests/web/gitea.bats
+++ b/tests/web/gitea.bats
@ -2,7 +2,7 @@

 function setup {
    # Load helper functions
-    load helper
+    load ../helper
    # Which forgehook implementation to use?
    if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
    port=$(find_free_port)
--- a/tests/web/github.bats
+++ b/tests/web/github.bats
@ -2,7 +2,7 @@

 function setup {
    # Load helper functions
-    load helper
+    load ../helper
    # Which forgehook implementation to use?
    if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
    port=$(find_free_port)
--- a/tests/web/gitlab.bats
+++ b/tests/web/gitlab.bats
@ -2,7 +2,7 @@

 function setup {
    # Load helper functions
-    load helper
+    load ../helper
    # Which forgehook implementation to use?
    if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
    port=$(find_free_port)