"""Tests für WhatsApp-Webhook-Blueprint.""" import hashlib import hmac from flask import Flask from src.routes.whatsapp import whatsapp_bp class TestWhatsAppWebhook: """Tests für WhatsApp-Webhook-Endpunkt.""" def setup_method(self) -> None: """Erstellt Flask-App mit registriertem Blueprint.""" self.app = Flask(__name__) self.app.register_blueprint(whatsapp_bp) self.client = self.app.test_client() def test_get_mit_korrektem_verify_token(self) -> None: """GET mit korrektem verify_token → 200 + Challenge.""" response = self.client.get( "/webhook/whatsapp", query_string={ "hub.mode": "subscribe", "hub.verify_token": "bsn_verify_token", "hub.challenge": "12345", }, ) assert response.status_code == 200 assert response.data.decode() == "12345" def test_get_mit_falschem_verify_token(self) -> None: """GET mit falschem verify_token → 403.""" response = self.client.get( "/webhook/whatsapp", query_string={ "hub.mode": "subscribe", "hub.verify_token": "falscher_token", "hub.challenge": "12345", }, ) assert response.status_code == 403 def test_post_mit_korrekter_signatur(self) -> None: """POST mit korrekter Signatur → 200.""" payload = b'{"object":"whatsapp","entry":[]}' sig = "sha256=" + hmac.new( b"test_app_secret_123", payload, hashlib.sha256 ).hexdigest() response = self.client.post( "/webhook/whatsapp", data=payload, headers={"X-Hub-Signature-256": sig}, content_type="application/json", ) assert response.status_code == 200 data = response.get_json() assert data["status"] == "accepted" def test_post_mit_falscher_signatur(self) -> None: """POST mit falscher Signatur → 401.""" payload = b'{"object":"whatsapp","entry":[]}' response = self.client.post( "/webhook/whatsapp", data=payload, headers={"X-Hub-Signature-256": "sha256=falsch"}, content_type="application/json", ) assert response.status_code == 401 data = response.get_json() assert "error" in data