it should be able to also POST options to the /v1/render endpoint, and handle the incoming webhook payload, as-in have a function to authenticate that the incoming webhook payload was from urlbox.

Question

it should be able to also POST options to the /v1/render endpoint, and handle the incoming webhook payload, as-in have a function to authenticate that the incoming webhook payload was from urlbox.

Closed this issue 3 years ago · 1 comments

Test:

# TODO: need to get the server and client hashing working in sync
# Should test that the hexdigest of the sha256 hash of the payload passes/fails
# when the signature passed in is the correct/incorrect hexdigest respectively
# def test_call_invalid_hash():
#     header_signature = f"t={timestamp_one_minute_ago},sha256={fake.pystr()}"

#     with pytest.raises(InvalidHeaderSignatureError) as exception:
#         webhook_validator.call(header_signature, payload, api_secret)

#     assert "" in str(exception.value)

Answer 1 · 2021-11-25T14:51:30.000Z

Now implemented: #29