💯% test coverage

austinpray · austinpray · commit 6533b6eb7a02 · 2018-09-11T01:00:17.000-05:00
diff --git a/Makefile b/Makefile
@@ -21,7 +21,7 @@ else
 DOCKER_VOLUMES =  -v $(shell pwd):/app
 DOCKER_VOLUMES += -v /app/.eggs
 DOCKER_VOLUMES += -v /app/.pytest_cache
-DOCKER_VOLUMES += -v /app/.slacktools.egg-info
+DOCKER_VOLUMES += -v /app/slacktools.egg-info
 endif
 
 test-%:
diff --git a/README.rst b/README.rst
@@ -72,7 +72,6 @@ Roadmap
 
 - Wider python support? This lib only `supports python 3 <.travis.yml>`_ right
   now. However, if someone needs it, I can add python 2 compatibility.
-- 100% test coverage
 - Friendly message builder API?
 - Build deep links into clients
 
diff --git a/src/slacktools/authorization.py b/src/slacktools/authorization.py
@@ -8,10 +8,11 @@ class SignatureVersionException(ValueError):
     pass
 
 
-def verify_signature(slack_signing_secret: str,
-                     timestamp: int,
+def verify_signature(signing_secret: str,
+                     request_timestamp: int,
                      body: str,
-                     slack_signature: str):
+                     signature: str,
+                     current_timestamp: int = None) -> bool:
     """
     Verifies a signature from X-Slack-Signature and X-Slack-Request-Timestamp
 
@@ -24,29 +25,33 @@ def verify_signature(slack_signing_secret: str,
     :raises: SignatureVersionException if the signature version is something other than v0
     """
 
-    if not slack_signing_secret:
+    if not signing_secret:
         raise ValueError('slack_signing_secret not provided')
-    if not timestamp or not isinstance(timestamp, int):
+    if not request_timestamp or not isinstance(request_timestamp, int):
         raise ValueError('timestamp is not good int')
     if not body:
         raise ValueError('body not provided')
-    if not slack_signature:
+    if not signature:
         raise ValueError('signature not provided')
-    if not slack_signature.startswith('v0'):
+    if not signature.startswith('v0'):
         raise SignatureVersionException(
-            "expected the signature to be version 'v0' but got '{}'".format(slack_signature[:2]))
+            "expected the signature to be version 'v0' but got '{}'".format(signature[:2]))
 
-    if abs(time() - timestamp) > 60 * 5:
+    if current_timestamp is None:
+        current_timestamp = int(time())
+
+    if abs(current_timestamp - request_timestamp) > 60 * 5:
         # The request timestamp is more than five minutes from local time.
         # It could be a replay attack, so let's ignore it.
         return False
 
-    sig_basestring = "v0:{}:{}".format(timestamp, body)
+    return hmac.compare_digest(make_signature(signing_secret, current_timestamp, body), signature)
+
 
-    my_signature = 'v0=' + hmac.new(
-        slack_signing_secret.encode(),
+def make_signature(signing_secret: str, request_timestamp: int, body: str) -> str:
+    sig_basestring = "v0:{}:{}".format(request_timestamp, body)
+    return 'v0=' + hmac.new(
+        signing_secret.encode(),
         sig_basestring.encode(),
         sha256
     ).hexdigest()
-
-    return hmac.compare_digest(my_signature, slack_signature)
diff --git a/tests/arguments.py b/tests/arguments.py
diff --git a/tests/test_arguments.py b/tests/test_arguments.py
@@ -0,0 +1,8 @@
+import pytest
+from slacktools.arguments import SlackArgumentParser, SlackArgumentParserException
+
+def test_arguments():
+    """haha what a useless test"""
+    with pytest.raises(SlackArgumentParserException):
+        p = SlackArgumentParser()
+        p.error('ayy')
diff --git a/tests/test_authorization.py b/tests/test_authorization.py
@@ -0,0 +1,44 @@
+import pytest
+from slacktools.authorization import verify_signature, make_signature, SignatureVersionException
+from time import time
+
+def test_verify_signature():
+    with pytest.raises(ValueError):
+        verify_signature(None, 1111, 'string', 'v0=ayy')
+    with pytest.raises(ValueError):
+        verify_signature('secret', None, 'string', 'v0=ayy')
+    with pytest.raises(ValueError):
+        verify_signature('secret', 1111, None, 'v0=ayy')
+    with pytest.raises(ValueError):
+        verify_signature('secret', 1111, 'body', None)
+    with pytest.raises(SignatureVersionException):
+        verify_signature('secret', 1111, 'body', 'something bogus')
+
+    ss = '8f742231b10e8888abcd99yyyzzz85a5'
+    assert verify_signature(signing_secret=ss,
+                            request_timestamp=1531420618,
+                            body='token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c',
+                            signature='v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503',
+                            current_timestamp=1531420618)
+
+    # bogus key
+    assert not verify_signature(signing_secret='bogus',
+                            request_timestamp=1531420618,
+                            body='token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c',
+                            signature='v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503',
+                            current_timestamp=1531420618)
+
+    # replay attacks
+    assert not verify_signature(signing_secret=ss,
+                                request_timestamp=1531420618,
+                                body='token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c',
+                                signature='v0=a2114d57b48eac39b9ad189dd8316235a7b4a8d21a10bd27519666489c69b503',
+                                current_timestamp=1531420618 + (60*6))
+
+    t = int(time())
+    s1 = make_signature(ss, t, 'ayy lmao')
+
+    assert verify_signature(signing_secret=ss,
+                                request_timestamp=t,
+                                body='ayy lmao',
+                                signature=s1)
diff --git a/tests/test_chat.py b/tests/test_chat.py
@@ -0,0 +1,20 @@
+from slacktools.chat import send, reply, send_factory, send_ephemeral, send_ephemeral_factory
+from unittest.mock import MagicMock
+
+class FakeClient:
+    def api_call(self, *args, **kwargs):
+        return args, kwargs
+
+def test_send():
+    """kinda useless tests but whatever"""
+    slack_client = FakeClient()
+    assert send(slack_client, 'general', 'ayy lmao')[1]['channel'] == 'general'
+    assert send(slack_client, 'general', 'ayy lmao')[1]['text'] == 'ayy lmao'
+
+    assert reply(slack_client, {'channel': 'general', 'user': 'UXXXYYYY'}, 'ayy lmao')[1]['channel'] == 'general'
+    assert reply(slack_client, {'channel': 'general', 'user': 'UXXXYYYY'}, 'ayy lmao')[1]['text'] == '<@UXXXYYYY> ayy lmao'
+
+    assert send_factory(slack_client, 'general')('ayy')[1]['channel'] == 'general'
+    assert send_factory(slack_client, 'general')('ayy')[1]['text'] == 'ayy'
+
+    assert send_ephemeral_factory(slack_client, 'general', 'UXXXYYYY')('ayy')[1]['user'] == 'UXXXYYYY'
