WIP: Include tests for CLI whck
Web tests for endpoints.php are probably broken at this point. Will be fixed in a later commit.
This commit is contained in:
parent
a72ceda21c
commit
7eb833a59e
|
@ -12,5 +12,11 @@ This repository contains the specification and tests for the forge webhook endpo
|
|||
Running tests requires the bats framework (`apt install bats`). You can run the `test.sh` script to start the tests. If you are not running from the implementation's folder, you may pass it as first argument the path to the program starting the local server (for tests).
|
||||
|
||||
```
|
||||
$ ./test.sh ~/endpoints.php/server
|
||||
$ ./test_web.sh ~/endpoints.php/server
|
||||
```
|
||||
|
||||
If you're running test for a CLI program to check credentials (like [whck](https://tildegit.org/forge/whck)), use test_cli.sh instead:
|
||||
|
||||
```
|
||||
$ ./test_cli.sh ~/whck/target/debug/whck
|
||||
```
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
#! /bin/bash
|
||||
|
||||
# Test me with: ./test_cli.sh PATH/TO/PROGRAM
|
||||
|
||||
SCRIPTDIR="$(dirname "$0")"
|
||||
|
||||
ORIGDIR="$(pwd)"
|
||||
cd "$SCRIPTDIR"
|
||||
|
||||
export FORGEHOOK="$(pwd)/tests/mock-forgehook.sh"
|
||||
export WHCK="$ORIGDIR"/"$1"
|
||||
|
||||
bats tests/cli/*.bats
|
||||
|
||||
cd "$ORIGDIR"
|
|
@ -25,6 +25,6 @@ cd "$SCRIPTDIR"
|
|||
|
||||
export FORGEHOOK="$(pwd)/tests/mock-forgehook.sh"
|
||||
export FORGEHOOKNOTIFY=/bin/true
|
||||
bats tests/*.bats
|
||||
bats tests/web/*.bats
|
||||
|
||||
cd "$ORIGDIR"
|
|
@ -0,0 +1,40 @@
|
|||
#! /bin/bash
|
||||
|
||||
function setup {
|
||||
# Load helper functions
|
||||
load ../helper
|
||||
# Which forgehook implementation to use?
|
||||
if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
|
||||
|
||||
# Which CLI validator to use?
|
||||
if [ -z "$WHCK" ]; then WHCK="whck"; fi
|
||||
|
||||
export WHCK_DIR="$(mktemp -d)"
|
||||
}
|
||||
|
||||
function teardown {
|
||||
if [ -d $WHCK_DIR ]; then rm -r $WHCK_DIR; fi
|
||||
}
|
||||
|
||||
@test "correct signature works" {
|
||||
repo="https://tildegit.org/forge/hook.sh"
|
||||
webhook="$(gen_webhook ../gitea.json "$repo")"
|
||||
secret="$($FORGEHOOK secret $repo)"
|
||||
echo -n "$secret" > $WHCK_DIR/identifier
|
||||
sig="$(hash_hmac sha256 "$webhook" "$secret")"
|
||||
# Can't echo "$webhook" | $WHCK because of bats bug which eats STDIN
|
||||
# Can't $WHCK <<< "$webhook" because bash appends a trailing newline?!
|
||||
run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
|
||||
echo "$output"
|
||||
[ $status -eq 0 ]
|
||||
}
|
||||
|
||||
@test "incorrect signature fails" {
|
||||
repo="https://tildegit.org/forge/hook.sh"
|
||||
webhook="$(gen_webhook ../gitea.json "$repo")"
|
||||
secret="$($FORGEHOOK secret $repo)"
|
||||
echo -n "FAIL$secret" > $WHCK_DIR/identifier
|
||||
sig="$(hash_hmac sha256 "$webhook" "$secret")"
|
||||
run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
|
||||
[ ! $status -eq 0 ]
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
#! /bin/bash
|
||||
|
||||
function setup {
|
||||
# Load helper functions
|
||||
load ../helper
|
||||
# Which forgehook implementation to use?
|
||||
if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
|
||||
|
||||
# Which CLI validator to use?
|
||||
if [ -z "$WHCK" ]; then WHCK="whck"; fi
|
||||
|
||||
export WHCK_DIR="$(mktemp -d)"
|
||||
}
|
||||
|
||||
function teardown {
|
||||
if [ -d $WHCK_DIR ]; then rm -r $WHCK_DIR; fi
|
||||
}
|
||||
|
||||
@test "correct signature works" {
|
||||
repo="https://tildegit.org/forge/hook.sh"
|
||||
webhook="$(gen_webhook ../github.json "$repo")"
|
||||
secret="$($FORGEHOOK secret $repo)"
|
||||
echo -n "$secret" > $WHCK_DIR/identifier
|
||||
sig="$(hash_hmac sha256 "$webhook" "$secret")"
|
||||
# Can't echo "$webhook" | $WHCK because of bats bug which eats STDIN
|
||||
# Can't $WHCK <<< "$webhook" because bash appends a trailing newline?!
|
||||
run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
|
||||
echo "$output"
|
||||
[ $status -eq 0 ]
|
||||
}
|
||||
|
||||
@test "incorrect signature fails" {
|
||||
repo="https://tildegit.org/forge/hook.sh"
|
||||
webhook="$(gen_webhook ../gitea.json "$repo")"
|
||||
secret="$($FORGEHOOK secret $repo)"
|
||||
echo -n "FAIL$secret" > $WHCK_DIR/identifier
|
||||
sig="$(hash_hmac sha256 "$webhook" "$secret")"
|
||||
run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
|
||||
[ ! $status -eq 0 ]
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
#! /bin/bash
|
||||
|
||||
function setup {
|
||||
# Load helper functions
|
||||
load ../helper
|
||||
# Which forgehook implementation to use?
|
||||
if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
|
||||
|
||||
# Which CLI validator to use?
|
||||
if [ -z "$WHCK" ]; then WHCK="whck"; fi
|
||||
|
||||
export WHCK_DIR="$(mktemp -d)"
|
||||
}
|
||||
|
||||
function teardown {
|
||||
if [ -f $WHCK_DIR ]; then rm $WHCK_DIR; fi
|
||||
}
|
||||
|
||||
@test "correct signature works" {
|
||||
repo="https://tildegit.org/forge/hook.sh"
|
||||
webhook="$(gen_webhook ../gitea.json "$repo")"
|
||||
secret="$($FORGEHOOK secret $repo)"
|
||||
echo -n "$secret" > $WHCK_DIR/identifier
|
||||
# Can't echo "$webhook" | $WHCK because of bats bug which eats STDIN
|
||||
# Can't $WHCK <<< "$webhook" because bash appends a trailing newline?!
|
||||
run $WHCK token identifier "$secret" < <(echo -n "$webhook")
|
||||
echo "$output"
|
||||
[ $status -eq 0 ]
|
||||
}
|
||||
|
||||
@test "incorrect signature fails" {
|
||||
repo="https://tildegit.org/forge/hook.sh"
|
||||
webhook="$(gen_webhook ../gitea.json "$repo")"
|
||||
secret="$($FORGEHOOK secret $repo)"
|
||||
echo -n "FAIL$secret" > $WHCK_DIR/identifier
|
||||
run $WHCK token identifier "$secret" < <(echo -n "$webhook")
|
||||
[ ! $status -eq 0 ]
|
||||
}
|
|
@ -21,10 +21,12 @@ function gen_webhook() {
|
|||
# SECRET: the secret for this transaction
|
||||
# HEADER: where to store the secret
|
||||
function send_webhook {
|
||||
echo "$2" > $TMPFILE
|
||||
TMPFILE="$(mktemp)"
|
||||
echo -n "$2" > $TMPFILE
|
||||
|
||||
# We can make a few attempts, just in case the webserver hasn't started yet
|
||||
n=0
|
||||
status=""
|
||||
while [[ "$status" != "0" ]]; do
|
||||
if [ $n -eq 3 ]; then
|
||||
# Failed to reach server after 3 attempts
|
||||
|
@ -32,16 +34,20 @@ function send_webhook {
|
|||
fi
|
||||
# --data-binary so that newlines aren't broken
|
||||
# (otherwise, signature won't match)
|
||||
run curl --header "Content-Type: application/json" \
|
||||
output="$(curl --header "Content-Type: application/json" \
|
||||
--header ""$4": "$3"" \
|
||||
--request POST \
|
||||
--data-binary @$TMPFILE \
|
||||
-s -w "%{http_code}" \
|
||||
"$1"
|
||||
"$1")"
|
||||
status=$?
|
||||
rm $TMPFILE
|
||||
# Requested succeeded, break out of loop
|
||||
if [ $status -eq 0 ]; then
|
||||
echo "$output"
|
||||
if [[ ! "$output" = 200 ]]; then return 2; fi
|
||||
if [[ ! "$output" = 200 ]]; then
|
||||
echo "|$output|"
|
||||
return 2
|
||||
fi
|
||||
return 0;
|
||||
fi
|
||||
((n++))
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
function setup {
|
||||
# Load helper functions
|
||||
load helper
|
||||
load ../helper
|
||||
# Which forgehook implementation to use?
|
||||
if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
|
||||
port=$(find_free_port)
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
function setup {
|
||||
# Load helper functions
|
||||
load helper
|
||||
load ../helper
|
||||
# Which forgehook implementation to use?
|
||||
if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
|
||||
port=$(find_free_port)
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
function setup {
|
||||
# Load helper functions
|
||||
load helper
|
||||
load ../helper
|
||||
# Which forgehook implementation to use?
|
||||
if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
|
||||
port=$(find_free_port)
|
Loading…
Reference in New Issue