mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17554 Commits
17 Branches
Tree: abb330e613
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'abb330e613'
${ noResults }
gitea/services/webhook/deliver_test.go

deliver_test.go 8.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package webhook

  5. 

  6. import (

  7. 	"context"

  8. 	"io"

  9. 	"net/http"

  10. 	"net/http/httptest"

  11. 	"net/url"

  12. 	"strings"

  13. 	"testing"

  14. 	"time"

  15. 

  16. 	"code.gitea.io/gitea/models/db"

  17. 	"code.gitea.io/gitea/models/unittest"

  18. 	webhook_model "code.gitea.io/gitea/models/webhook"

  19. 	"code.gitea.io/gitea/modules/hostmatcher"

  20. 	"code.gitea.io/gitea/modules/setting"

  21. 	"code.gitea.io/gitea/modules/util"

  22. 	webhook_module "code.gitea.io/gitea/modules/webhook"

  23. 

  24. 	"github.com/stretchr/testify/assert"

  25. 	"github.com/stretchr/testify/require"

  26. )

  27. 

  28. func TestWebhookProxy(t *testing.T) {

  29. 	oldWebhook := setting.Webhook

  30. 	t.Cleanup(func() {

  31. 		setting.Webhook = oldWebhook

  32. 	})

  33. 

  34. 	setting.Webhook.ProxyURL = "http://localhost:8080"

  35. 	setting.Webhook.ProxyURLFixed, _ = url.Parse(setting.Webhook.ProxyURL)

  36. 	setting.Webhook.ProxyHosts = []string{"*.discordapp.com", "discordapp.com"}

  37. 

  38. 	allowedHostMatcher := hostmatcher.ParseHostMatchList("webhook.ALLOWED_HOST_LIST", "discordapp.com,s.discordapp.com")

  39. 

  40. 	tests := []struct {

  41. 		req     string

  42. 		want    string

  43. 		wantErr bool

  44. 	}{

  45. 		{

  46. 			req:     "https://discordapp.com/api/webhooks/xxxxxxxxx/xxxxxxxxxxxxxxxxxxx",

  47. 			want:    "http://localhost:8080",

  48. 			wantErr: false,

  49. 		},

  50. 		{

  51. 			req:     "http://s.discordapp.com/assets/xxxxxx",

  52. 			want:    "http://localhost:8080",

  53. 			wantErr: false,

  54. 		},

  55. 		{

  56. 			req:     "http://github.com/a/b",

  57. 			want:    "",

  58. 			wantErr: false,

  59. 		},

  60. 		{

  61. 			req:     "http://www.discordapp.com/assets/xxxxxx",

  62. 			want:    "",

  63. 			wantErr: true,

  64. 		},

  65. 	}

  66. 	for _, tt := range tests {

  67. 		t.Run(tt.req, func(t *testing.T) {

  68. 			req, err := http.NewRequest("POST", tt.req, nil)

  69. 			require.NoError(t, err)

  70. 

  71. 			u, err := webhookProxy(allowedHostMatcher)(req)

  72. 			if tt.wantErr {

  73. 				assert.Error(t, err)

  74. 				return

  75. 			}

  76. 

  77. 			assert.NoError(t, err)

  78. 

  79. 			got := ""

  80. 			if u != nil {

  81. 				got = u.String()

  82. 			}

  83. 			assert.Equal(t, tt.want, got)

  84. 		})

  85. 	}

  86. }

  87. 

  88. func TestWebhookDeliverAuthorizationHeader(t *testing.T) {

  89. 	assert.NoError(t, unittest.PrepareTestDatabase())

  90. 

  91. 	done := make(chan struct{}, 1)

  92. 	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

  93. 		assert.Equal(t, "/webhook", r.URL.Path)

  94. 		assert.Equal(t, "Bearer s3cr3t-t0ken", r.Header.Get("Authorization"))

  95. 		w.WriteHeader(200)

  96. 		done <- struct{}{}

  97. 	}))

  98. 	t.Cleanup(s.Close)

  99. 

  100. 	hook := &webhook_model.Webhook{

  101. 		RepoID:      3,

  102. 		URL:         s.URL + "/webhook",

  103. 		ContentType: webhook_model.ContentTypeJSON,

  104. 		IsActive:    true,

  105. 		Type:        webhook_module.GITEA,

  106. 	}

  107. 	err := hook.SetHeaderAuthorization("Bearer s3cr3t-t0ken")

  108. 	assert.NoError(t, err)

  109. 	assert.NoError(t, webhook_model.CreateWebhook(db.DefaultContext, hook))

  110. 	db.GetEngine(db.DefaultContext).NoAutoTime().DB().Logger.ShowSQL(true)

  111. 

  112. 	hookTask := &webhook_model.HookTask{

  113. 		HookID:         hook.ID,

  114. 		EventType:      webhook_module.HookEventPush,

  115. 		PayloadVersion: 2,

  116. 	}

  117. 

  118. 	hookTask, err = webhook_model.CreateHookTask(db.DefaultContext, hookTask)

  119. 	assert.NoError(t, err)

  120. 	assert.NotNil(t, hookTask)

  121. 

  122. 	assert.NoError(t, Deliver(context.Background(), hookTask))

  123. 	select {

  124. 	case <-done:

  125. 	case <-time.After(5 * time.Second):

  126. 		t.Fatal("waited to long for request to happen")

  127. 	}

  128. 

  129. 	assert.True(t, hookTask.IsSucceed)

  130. 	assert.Equal(t, "******", hookTask.RequestInfo.Headers["Authorization"])

  131. }

  132. 

  133. func TestWebhookDeliverHookTask(t *testing.T) {

  134. 	assert.NoError(t, unittest.PrepareTestDatabase())

  135. 

  136. 	done := make(chan struct{}, 1)

  137. 	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

  138. 		assert.Equal(t, "PUT", r.Method)

  139. 		switch r.URL.Path {

  140. 		case "/webhook/66d222a5d6349e1311f551e50722d837e30fce98":

  141. 			// Version 1

  142. 			assert.Equal(t, "push", r.Header.Get("X-GitHub-Event"))

  143. 			assert.Equal(t, "", r.Header.Get("Content-Type"))

  144. 			body, err := io.ReadAll(r.Body)

  145. 			assert.NoError(t, err)

  146. 			assert.Equal(t, `{"data": 42}`, string(body))

  147. 

  148. 		case "/webhook/6db5dc1e282529a8c162c7fe93dd2667494eeb51":

  149. 			// Version 2

  150. 			assert.Equal(t, "push", r.Header.Get("X-GitHub-Event"))

  151. 			assert.Equal(t, "application/json", r.Header.Get("Content-Type"))

  152. 			body, err := io.ReadAll(r.Body)

  153. 			assert.NoError(t, err)

  154. 			assert.Len(t, body, 2147)

  155. 

  156. 		default:

  157. 			w.WriteHeader(404)

  158. 			t.Fatalf("unexpected url path %s", r.URL.Path)

  159. 			return

  160. 		}

  161. 		w.WriteHeader(200)

  162. 		done <- struct{}{}

  163. 	}))

  164. 	t.Cleanup(s.Close)

  165. 

  166. 	hook := &webhook_model.Webhook{

  167. 		RepoID:      3,

  168. 		IsActive:    true,

  169. 		Type:        webhook_module.MATRIX,

  170. 		URL:         s.URL + "/webhook",

  171. 		HTTPMethod:  "PUT",

  172. 		ContentType: webhook_model.ContentTypeJSON,

  173. 		Meta:        `{"message_type":0}`, // text

  174. 	}

  175. 	assert.NoError(t, webhook_model.CreateWebhook(db.DefaultContext, hook))

  176. 

  177. 	t.Run("Version 1", func(t *testing.T) {

  178. 		hookTask := &webhook_model.HookTask{

  179. 			HookID:         hook.ID,

  180. 			EventType:      webhook_module.HookEventPush,

  181. 			PayloadContent: `{"data": 42}`,

  182. 			PayloadVersion: 1,

  183. 		}

  184. 

  185. 		hookTask, err := webhook_model.CreateHookTask(db.DefaultContext, hookTask)

  186. 		assert.NoError(t, err)

  187. 		assert.NotNil(t, hookTask)

  188. 

  189. 		assert.NoError(t, Deliver(context.Background(), hookTask))

  190. 		select {

  191. 		case <-done:

  192. 		case <-time.After(5 * time.Second):

  193. 			t.Fatal("waited to long for request to happen")

  194. 		}

  195. 

  196. 		assert.True(t, hookTask.IsSucceed)

  197. 	})

  198. 

  199. 	t.Run("Version 2", func(t *testing.T) {

  200. 		p := pushTestPayload()

  201. 		data, err := p.JSONPayload()

  202. 		assert.NoError(t, err)

  203. 

  204. 		hookTask := &webhook_model.HookTask{

  205. 			HookID:         hook.ID,

  206. 			EventType:      webhook_module.HookEventPush,

  207. 			PayloadContent: string(data),

  208. 			PayloadVersion: 2,

  209. 		}

  210. 

  211. 		hookTask, err = webhook_model.CreateHookTask(db.DefaultContext, hookTask)

  212. 		assert.NoError(t, err)

  213. 		assert.NotNil(t, hookTask)

  214. 

  215. 		assert.NoError(t, Deliver(context.Background(), hookTask))

  216. 		select {

  217. 		case <-done:

  218. 		case <-time.After(5 * time.Second):

  219. 			t.Fatal("waited to long for request to happen")

  220. 		}

  221. 

  222. 		assert.True(t, hookTask.IsSucceed)

  223. 	})

  224. }

  225. 

  226. func TestWebhookDeliverSpecificTypes(t *testing.T) {

  227. 	assert.NoError(t, unittest.PrepareTestDatabase())

  228. 

  229. 	type hookCase struct {

  230. 		gotBody    chan []byte

  231. 		httpMethod string // default to POST

  232. 	}

  233. 

  234. 	cases := map[string]*hookCase{

  235. 		webhook_module.SLACK:      {},

  236. 		webhook_module.DISCORD:    {},

  237. 		webhook_module.DINGTALK:   {},

  238. 		webhook_module.TELEGRAM:   {},

  239. 		webhook_module.MSTEAMS:    {},

  240. 		webhook_module.FEISHU:     {},

  241. 		webhook_module.MATRIX:     {httpMethod: "PUT"},

  242. 		webhook_module.WECHATWORK: {},

  243. 		webhook_module.PACKAGIST:  {},

  244. 	}

  245. 

  246. 	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

  247. 		typ := strings.Split(r.URL.Path, "/")[1] // URL: "/{webhook_type}/other-path"

  248. 		assert.Equal(t, "application/json", r.Header.Get("Content-Type"), r.URL.Path)

  249. 		assert.Equal(t, util.IfZero(cases[typ].httpMethod, "POST"), r.Method, "webhook test request %q", r.URL.Path)

  250. 		body, _ := io.ReadAll(r.Body) // read request and send it back to the test by testcase's chan

  251. 		cases[typ].gotBody <- body

  252. 		w.WriteHeader(http.StatusNoContent)

  253. 	}))

  254. 	t.Cleanup(s.Close)

  255. 

  256. 	p := pushTestPayload()

  257. 	data, err := p.JSONPayload()

  258. 	assert.NoError(t, err)

  259. 

  260. 	for typ := range cases {

  261. 		cases[typ].gotBody = make(chan []byte, 1)

  262. 		t.Run(typ, func(t *testing.T) {

  263. 			t.Parallel()

  264. 			hook := &webhook_model.Webhook{

  265. 				RepoID:   3,

  266. 				IsActive: true,

  267. 				Type:     typ,

  268. 				URL:      s.URL + "/" + typ,

  269. 				Meta:     "{}",

  270. 			}

  271. 			assert.NoError(t, webhook_model.CreateWebhook(db.DefaultContext, hook))

  272. 

  273. 			hookTask := &webhook_model.HookTask{

  274. 				HookID:         hook.ID,

  275. 				EventType:      webhook_module.HookEventPush,

  276. 				PayloadContent: string(data),

  277. 				PayloadVersion: 2,

  278. 			}

  279. 

  280. 			hookTask, err := webhook_model.CreateHookTask(db.DefaultContext, hookTask)

  281. 			assert.NoError(t, err)

  282. 			assert.NotNil(t, hookTask)

  283. 

  284. 			assert.NoError(t, Deliver(context.Background(), hookTask))

  285. 

  286. 			select {

  287. 			case gotBody := <-cases[typ].gotBody:

  288. 				assert.NotEqual(t, string(data), string(gotBody), "request body must be different from the event payload")

  289. 				assert.Equal(t, hookTask.RequestInfo.Body, string(gotBody), "delivered webhook payload doesn't match saved request")

  290. 			case <-time.After(5 * time.Second):

  291. 				t.Fatal("waited to long for request to happen")

  292. 			}

  293. 

  294. 			assert.True(t, hookTask.IsSucceed)

  295. 		})

  296. 	}

  297. }