44 lines
1.3 KiB
Bash
44 lines
1.3 KiB
Bash
#! /bin/bash
|
|
|
|
function setup {
|
|
# Load helper functions
|
|
load ../helper
|
|
# Which forgehook implementation to use?
|
|
if [ -z "$FORGEHOOK" ]; then FORGEHOOK="forgehook"; fi
|
|
|
|
# Which CLI validator to use?
|
|
if [ -z "$WHCK" ]; then WHCK="whck"; fi
|
|
echo "$WHCK"
|
|
|
|
export WHCK_DIR="$(mktemp -d)"
|
|
}
|
|
|
|
function teardown {
|
|
if [ -d $WHCK_DIR ]; then rm -r $WHCK_DIR; fi
|
|
}
|
|
|
|
@test "correct signature works" {
|
|
[ -x "$WHCK" ]
|
|
repo="https://tildegit.org/forge/hook.sh"
|
|
webhook="$(gen_webhook ../github.json "$repo")"
|
|
secret="$($FORGEHOOK secret $repo)"
|
|
echo -n "$secret" > $WHCK_DIR/identifier
|
|
sig="$(hash_hmac sha256 "$webhook" "$secret")"
|
|
# Can't echo "$webhook" | $WHCK because of bats bug which eats STDIN
|
|
# Can't $WHCK <<< "$webhook" because bash appends a trailing newline?!
|
|
run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
|
|
echo "$output"
|
|
[ $status -eq 0 ]
|
|
}
|
|
|
|
@test "incorrect signature fails" {
|
|
[ -x "$WHCK" ]
|
|
repo="https://tildegit.org/forge/hook.sh"
|
|
webhook="$(gen_webhook ../gitea.json "$repo")"
|
|
secret="$($FORGEHOOK secret $repo)"
|
|
echo -n "FAIL$secret" > $WHCK_DIR/identifier
|
|
sig="$(hash_hmac sha256 "$webhook" "$secret")"
|
|
run $WHCK hmac-sha256 identifier "$sig" < <(echo -n "$webhook")
|
|
[ ! $status -eq 0 ]
|
|
}
|