Webhook signing is missing test coverage.
Need to verify the resulting signature works as expected. The exact same algorithm is used across multiple webhook integrations in the industry.
Suggestion of test structure:
def test_sign_payload_creates_valid_signature(...):
# Given
payload = 'some json payload'
secret = 'a secret'
expected = 'a hashed signature manually calculated using payload + secret above'
# When
result = sign_payload(payload, secret)
# Then
assert hmac.compare_digest(result, expected)
Webhook signing is missing test coverage.
Need to verify the resulting signature works as expected. The exact same algorithm is used across multiple webhook integrations in the industry.
Suggestion of test structure: