diff options
Diffstat (limited to 'spec/requests/api/integrations/slack/events_spec.rb')
-rw-r--r-- | spec/requests/api/integrations/slack/events_spec.rb | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/spec/requests/api/integrations/slack/events_spec.rb b/spec/requests/api/integrations/slack/events_spec.rb new file mode 100644 index 00000000000..176e9eded31 --- /dev/null +++ b/spec/requests/api/integrations/slack/events_spec.rb @@ -0,0 +1,112 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe API::Integrations::Slack::Events do + describe 'POST /integrations/slack/events' do + let(:params) { {} } + let(:headers) do + { + ::API::Integrations::Slack::Request::VERIFICATION_TIMESTAMP_HEADER => Time.current.to_i.to_s, + ::API::Integrations::Slack::Request::VERIFICATION_SIGNATURE_HEADER => 'mock_verified_signature' + } + end + + before do + allow(ActiveSupport::SecurityUtils).to receive(:secure_compare) do |signature| + signature == 'mock_verified_signature' + end + + stub_application_setting(slack_app_signing_secret: 'mock_key') + end + + subject { post api('/integrations/slack/events'), params: params, headers: headers } + + shared_examples 'an unauthorized request' do + specify do + subject + + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + + shared_examples 'a successful request that generates a tracked error' do + specify do + expect(Gitlab::ErrorTracking).to receive(:track_exception).once + + subject + + expect(response).to have_gitlab_http_status(:no_content) + expect(response.body).to be_empty + end + end + + context 'when the slack_app_signing_secret setting is not set' do + before do + stub_application_setting(slack_app_signing_secret: nil) + end + + it_behaves_like 'an unauthorized request' + end + + context 'when the timestamp header has expired' do + before do + headers[::API::Integrations::Slack::Request::VERIFICATION_TIMESTAMP_HEADER] = 5.minutes.ago.to_i.to_s + end + + it_behaves_like 'an unauthorized request' + end + + context 'when the timestamp header is missing' do + before do + headers.delete(::API::Integrations::Slack::Request::VERIFICATION_TIMESTAMP_HEADER) + end + + it_behaves_like 'an unauthorized request' + end + + context 'when the signature header is missing' do + before do + headers.delete(::API::Integrations::Slack::Request::VERIFICATION_SIGNATURE_HEADER) + end + + it_behaves_like 'an unauthorized request' + end + + context 'when the signature is not verified' do + before do + headers[::API::Integrations::Slack::Request::VERIFICATION_SIGNATURE_HEADER] = 'unverified_signature' + end + + it_behaves_like 'an unauthorized request' + end + + context 'when type param is missing' do + it_behaves_like 'a successful request that generates a tracked error' + end + + context 'when type param is unknown' do + let(:params) do + { type: 'unknown_type' } + end + + it_behaves_like 'a successful request that generates a tracked error' + end + + context 'when type param is url_verification' do + let(:params) do + { + type: 'url_verification', + challenge: '3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P' + } + end + + it 'responds in-request with the challenge' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to eq({ 'challenge' => '3eZbrw1aBm2rZgRNFdxV2595E9CY3gmdALWMmHkvFXO7tYXAYM8P' }) + end + end + end +end |