Skip to content

Test webhook signing #5619

Description

@emyller

Webhook signing is missing test coverage.

Need to verify the resulting signature works as expected. The exact same algorithm is used across multiple webhook integrations in the industry.

Suggestion of test structure:

def test_sign_payload_creates_valid_signature(...):
    # Given
    payload = 'some json payload'
    secret = 'a secret'
    expected = 'a hashed signature manually calculated using payload + secret above'
    
    # When
    result = sign_payload(payload, secret)
    
    # Then
    assert hmac.compare_digest(result, expected)

Metadata

Metadata

Assignees

Labels

apiIssue related to the REST APIimprovementImprovement to the existing platformintegrationsRelated to Flagsmith Integrationstech-debtTechnical debt issues

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions