"""Tests für Webhook-Signatur-Prüfung.""" import hashlib import hmac import os import pytest from src.queue.webhook import ( verify_telegram_signature, verify_whatsapp_signature, ) os.environ["WHATSAPP_APP_SECRET"] = "test" # noqa: S105 os.environ["TELEGRAM_BOT_TOKEN"] = "1234567890:ABCdefGHIjklMNOpqrsTUVwxyz" # noqa: S105 SECRET = "test" # noqa: S105 PAYLOAD = b'{"message_id": "123", "absender": "+491234", "text": "Hallo"}' EXPECTED_HMAC = hmac.new(SECRET.encode(), PAYLOAD, hashlib.sha256).hexdigest() VALID_SIGNATURE = f"sha256={EXPECTED_HMAC}" def test_correct_whatsapp_signature_returns_true() -> None: """Korrekte WhatsApp-Signatur → True.""" assert verify_whatsapp_signature(PAYLOAD, VALID_SIGNATURE) is True def test_wrong_whatsapp_signature_returns_false() -> None: """Falsche WhatsApp-Signatur → False.""" assert verify_whatsapp_signature(PAYLOAD, "sha256=wrongsignature") is False def test_missing_app_secret_returns_false(monkeypatch: pytest.MonkeyPatch) -> None: """Fehlender App-Secret → False (sicherer Fail).""" monkeypatch.delenv("WHATSAPP_APP_SECRET", raising=False) assert verify_whatsapp_signature(PAYLOAD, VALID_SIGNATURE) is False def test_correct_telegram_token_returns_true() -> None: """Korrekter Telegram-Token → True.""" assert verify_telegram_signature() is True def test_invalid_telegram_token_too_short_returns_false() -> None: """Ungültiger Telegram-Token (zu kurz) → False.""" assert verify_telegram_signature(token="short") is False # noqa: S106