File size: 2,301 Bytes
214209a | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 | from fastapi.testclient import TestClient
from src.config import settings
from src.main import app
client = TestClient(app)
def test_whatsapp_webhook_rejects_missing_signature_when_enabled():
original = settings.TWILIO_VALIDATE_SIGNATURES
settings.TWILIO_VALIDATE_SIGNATURES = True
try:
response = client.post(
"/webhooks/twilio/whatsapp",
data={
"From": "whatsapp:+911234567890",
"NumMedia": "0",
"Body": "Is this safe? http://suspicious-link.com",
},
)
finally:
settings.TWILIO_VALIDATE_SIGNATURES = original
assert response.status_code == 403
assert response.json()["detail"] == "Missing Twilio signature"
def test_whatsapp_webhook_accepts_valid_signature(monkeypatch):
original = settings.TWILIO_VALIDATE_SIGNATURES
settings.TWILIO_VALIDATE_SIGNATURES = True
monkeypatch.setattr(
"src.api.webhooks.RequestValidator.validate",
lambda self, url, payload, signature: True,
)
try:
response = client.post(
"/webhooks/twilio/whatsapp",
headers={"X-Twilio-Signature": "valid-signature"},
data={
"From": "whatsapp:+911234567890",
"NumMedia": "1",
"MediaUrl0": "https://example.com/image.jpg",
"MediaContentType0": "image/jpeg",
},
)
finally:
settings.TWILIO_VALIDATE_SIGNATURES = original
assert response.status_code == 200
assert "Received your media. Analyzing for deepfakes and security threats..." in response.text
def test_whatsapp_webhook_url_message_ack_when_signature_validation_disabled():
original = settings.TWILIO_VALIDATE_SIGNATURES
settings.TWILIO_VALIDATE_SIGNATURES = False
try:
response = client.post(
"/webhooks/twilio/whatsapp",
data={
"From": "whatsapp:+911234567890",
"NumMedia": "0",
"Body": "Is this safe? http://suspicious-link.com",
},
)
finally:
settings.TWILIO_VALIDATE_SIGNATURES = original
assert response.status_code == 200
assert "Extracting URL. Verifying safety against phishing databases..." in response.text
|