github.com/twilio/twilio-go@v1.20.1/client/request_validator_test.go (about) 1 package client 2 3 import ( 4 "strings" 5 "testing" 6 7 "github.com/stretchr/testify/assert" 8 ) 9 10 const ( 11 testURL = "https://mycompany.com/myapp.php?foo=1&bar=2" 12 signature = "vOEb5UThFn24KEfnOFLQY2AE5FY=" // of the testURL above with the params below 13 bodyHash = "0a1ff7634d9ab3b95db5c9a2dfe9416e41502b283a80c7cf19632632f96e6620" 14 ) 15 16 var ( 17 validator = NewRequestValidator("12345") 18 params = map[string]string{ 19 "Digits": "1234", 20 "CallSid": "CA1234567890ABCDE", 21 "To": "+18005551212", 22 "Caller": "+14158675309", 23 "From": "+14158675309", 24 "ReasonConferenceEnded": "test", 25 "Reason": "Participant", 26 } 27 jsonBody = []byte(`{"property": "value", "boolean": true}`) 28 formBody = []byte(`property=value&boolean=true`) 29 ) 30 31 func TestRequestValidator_Validate(t *testing.T) { 32 t.Parallel() 33 34 t.Run("returns true when validation succeeds", func(t *testing.T) { 35 assert.True(t, validator.Validate(testURL, params, signature)) 36 }) 37 38 t.Run("returns false when validation fails", func(t *testing.T) { 39 assert.False(t, validator.Validate(testURL, params, "WRONG SIGNATURE")) 40 }) 41 42 t.Run("returns true when https and port is specified but signature is generated without it", func(t *testing.T) { 43 theURL := strings.Replace(testURL, ".com", ".com:1234", 1) 44 assert.True(t, validator.Validate(theURL, params, signature)) 45 }) 46 47 t.Run("returns true when https and port is specified and signature is generated with it", func(t *testing.T) { 48 expectedSignature := "vOEb5UThFn24KEfnOFLQY2AE5FY=" // hash of https uri without port 49 assert.True(t, validator.Validate(testURL, params, expectedSignature)) 50 }) 51 52 t.Run("returns true when http and port port is specified but signature is generated without it", func(t *testing.T) { 53 theURL := strings.Replace(testURL, ".com", ".com", 1) 54 theURL = strings.Replace(theURL, "https", "http", 1) 55 expectedSignature := "n2xBNyzSW7rfYStDtOFiFMv7qNo=" // hash of http uri without port 56 assert.True(t, validator.Validate(theURL, params, expectedSignature)) 57 }) 58 59 t.Run("returns true when http and port is specified and signature is generated with it", func(t *testing.T) { 60 theURL := strings.Replace(testURL, ".com", ".com:1234", 1) 61 theURL = strings.Replace(theURL, "https", "http", 1) 62 expectedSignature := "n2xBNyzSW7rfYStDtOFiFMv7qNo=" // hash of http uri with port 1234 63 assert.True(t, validator.Validate(theURL, params, expectedSignature)) 64 }) 65 66 t.Run("return false when params are sorted incorrectly", func(t *testing.T) { 67 incorrectSignature := "95+Bu0JVPi0r/SsESZCVf0dWAjw=" //Params ReasonConferenceEnded is sorted before Reason 68 assert.False(t, validator.Validate(testURL, params, incorrectSignature)) 69 }) 70 } 71 72 func TestRequestValidator_ValidateBody(t *testing.T) { 73 t.Parallel() 74 75 t.Run("returns true when validation succeeds with json body", func(t *testing.T) { 76 theURL := testURL + "&bodySHA256=" + bodyHash 77 signatureWithBodyHash := "a9nBmqA0ju/hNViExpshrM61xv4=" 78 assert.True(t, validator.ValidateBody(theURL, jsonBody, signatureWithBodyHash)) 79 }) 80 81 t.Run("returns true when validation succeeds with form body", func(t *testing.T) { 82 expectedSignature := "NBdBDr/T/lgjI+tlgpXjKZQZs/k=" 83 assert.True(t, validator.ValidateBody(testURL, formBody, expectedSignature)) 84 }) 85 86 t.Run("returns false when validation fails with json body", func(t *testing.T) { 87 assert.False(t, validator.ValidateBody(testURL, jsonBody, signature)) 88 }) 89 90 t.Run("returns true when there's no other parameters and the signature is right", func(t *testing.T) { 91 theURL := "https://mycompany.com/myapp.php?bodySHA256=" + bodyHash 92 signatureForURL := "y77kIzt2vzLz71DgmJGsen2scGs=" 93 assert.True(t, validator.ValidateBody(theURL, jsonBody, signatureForURL)) 94 }) 95 }