(t *testing.T, request wmJournal.Request, signingKey string)
| 253 | } |
| 254 | |
| 255 | func assertWebhookJWT(t *testing.T, request wmJournal.Request, signingKey string) { |
| 256 | t.Helper() |
| 257 | |
| 258 | authHeader := request.Headers["Authorization"] |
| 259 | if authHeader == "" { |
| 260 | authHeader = request.Headers["authorization"] |
| 261 | } |
| 262 | require.NotEmpty(t, authHeader, "webhook request missing Authorization header") |
| 263 | require.True(t, strings.HasPrefix(authHeader, "Bearer "), "Authorization header must start with Bearer") |
| 264 | |
| 265 | tokenString := strings.TrimPrefix(authHeader, "Bearer ") |
| 266 | token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { |
| 267 | require.Equal(t, jwt.SigningMethodHS256, token.Method, "unexpected signing method") |
| 268 | return []byte(signingKey), nil |
| 269 | }) |
| 270 | require.NoError(t, err, "JWT validation failed") |
| 271 | require.True(t, token.Valid, "JWT token is not valid") |
| 272 | |
| 273 | claims, ok := token.Claims.(jwt.MapClaims) |
| 274 | require.True(t, ok, "cannot parse claims") |
| 275 | require.Equal(t, "api.httpsms.com", claims["iss"], "issuer mismatch") |
| 276 | require.NotEmpty(t, claims["sub"], "subject mismatch") |
| 277 | |
| 278 | exp, err := claims.GetExpirationTime() |
| 279 | require.NoError(t, err) |
| 280 | require.True(t, exp.After(time.Now()), "token is expired") |
| 281 | |
| 282 | nbf, err := claims.GetNotBefore() |
| 283 | require.NoError(t, err) |
| 284 | require.True(t, nbf.Before(time.Now()), "token not yet valid") |
| 285 | } |
| 286 | |
| 287 | func waitForWebhookEvents(t *testing.T, webhookPath string, expectedCount int, timeout time.Duration) []wmJournal.GetRequestResponse { |
| 288 | t.Helper() |
no outgoing calls
no test coverage detected