"""Tests für Webhook-Signatur-Prüfung.""" import hashlib import hmac import os import pytest from src.queue.webhook import ( verify_telegram_signature, verify_whatsapp_signature, ) class TestWhatsAppSignature: """Tests für WhatsApp-Signatur-Prüfung.""" def setup_method(self) -> None: """Setze Test-secret per Environment var.""" self._old_secret = os.environ.pop("WHATSAPP_APP_SECRET", None) os.environ["WHATSAPP_APP_SECRET"] = "test_app_secret_123" def teardown_method(self) -> None: """Environment bereinigen.""" if self._old_secret: os.environ["WHATSAPP_APP_SECRET"] = self._old_secret else: os.environ.pop("WHATSAPP_APP_SECRET", None) def test_korrekte_whatsapp_signatur(self) -> None: """Korrekte WhatsApp-Signatur → True.""" payload = b'{"object":"whatsapp","entry":[]}' signature = "sha256=" + hmac.new( b"test_app_secret_123", payload, hashlib.sha256 ).hexdigest() assert verify_whatsapp_signature(payload, signature) is True def test_falsche_whatsapp_signatur(self) -> None: """Falsche WhatsApp-Signatur → False.""" payload = b'{"object":"whatsapp","entry":[]}' signature = "sha256=falschfalschfalschfalschfalschfalsch" assert verify_whatsapp_signature(payload, signature) is False def test_fehlender_app_secret(self) -> None: """Fehlender App-Secret → False (sicherer Fail).""" os.environ.pop("WHATSAPP_APP_SECRET", None) assert verify_whatsapp_signature(b"payload", "sha256=xyz") is False assert verify_whatsapp_signature(b"payload", "sha256=xyz", app_secret="") is False class TestTelegramSignature: """Tests für Telegram-Signatur-Prüfung.""" def setup_method(self) -> None: """Setze Test-token per Environment var.""" self._old_token = os.environ.pop("TELEGRAM_BOT_TOKEN", None) os.environ["TELEGRAM_BOT_TOKEN"] = "1234567890:***" def teardown_method(self) -> None: """Environment bereinigen.""" if self._old_token: os.environ["TELEGRAM_BOT_TOKEN"] = self._old_token else: os.environ.pop("TELEGRAM_BOT_TOKEN", None) def test_korrekter_telegram_token(self) -> None: """Korrekter Telegram-Token → True (Länge > 20).""" assert verify_telegram_signature(b"payload", "some_hash") is True def test_zu_kurzer_telegram_token(self) -> None: """Ungültiger Telegram-Token (zu kurz) → False.""" os.environ.pop("TELEGRAM_BOT_TOKEN", None) assert verify_telegram_signature(b"payload", "short") is False assert verify_telegram_signature(b"", "") is False