mirror of
https://github.com/SecurityBrewery/catalyst.git
synced 2025-12-24 16:03:10 +01:00
183 lines
4.8 KiB
Go
183 lines
4.8 KiB
Go
package testing
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/SecurityBrewery/catalyst/app/data"
|
|
)
|
|
|
|
func TestWebhooksCollection(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
testSets := []catalystTest{
|
|
{
|
|
baseTest: baseTest{
|
|
Name: "ListWebhooks",
|
|
Method: http.MethodGet,
|
|
URL: "/api/webhooks",
|
|
},
|
|
userTests: []userTest{
|
|
{
|
|
Name: "Unauthorized",
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"invalid bearer token"`},
|
|
ExpectedEvents: map[string]int{},
|
|
},
|
|
{
|
|
Name: "Analyst",
|
|
AuthRecord: data.AnalystEmail,
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"missing required scopes"`},
|
|
},
|
|
{
|
|
Name: "Admin",
|
|
Admin: data.AdminEmail,
|
|
ExpectedStatus: http.StatusOK,
|
|
ExpectedHeaders: map[string]string{"X-Total-Count": "1"},
|
|
ExpectedContent: []string{`"id":"w_test_webhook"`},
|
|
ExpectedEvents: map[string]int{},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
baseTest: baseTest{
|
|
Name: "CreateWebhook",
|
|
Method: http.MethodPost,
|
|
RequestHeaders: map[string]string{"Content-Type": "application/json"},
|
|
URL: "/api/webhooks",
|
|
Body: s(map[string]any{
|
|
"name": "new",
|
|
"collection": "tickets",
|
|
"destination": "https://example.com/new",
|
|
}),
|
|
},
|
|
userTests: []userTest{
|
|
{
|
|
Name: "Unauthorized",
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"invalid bearer token"`},
|
|
},
|
|
{
|
|
Name: "Analyst",
|
|
AuthRecord: data.AnalystEmail,
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"missing required scopes"`},
|
|
},
|
|
{
|
|
Name: "Admin",
|
|
Admin: data.AdminEmail,
|
|
ExpectedStatus: http.StatusOK,
|
|
ExpectedContent: []string{`"name":"new"`},
|
|
ExpectedEvents: map[string]int{
|
|
"OnRecordAfterCreateRequest": 1,
|
|
"OnRecordBeforeCreateRequest": 1,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
baseTest: baseTest{
|
|
Name: "GetWebhook",
|
|
Method: http.MethodGet,
|
|
URL: "/api/webhooks/w_test_webhook",
|
|
},
|
|
userTests: []userTest{
|
|
{
|
|
Name: "Unauthorized",
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"invalid bearer token"`},
|
|
},
|
|
{
|
|
Name: "Analyst",
|
|
AuthRecord: data.AnalystEmail,
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"missing required scopes"`},
|
|
},
|
|
{
|
|
Name: "Admin",
|
|
Admin: data.AdminEmail,
|
|
ExpectedStatus: http.StatusOK,
|
|
ExpectedContent: []string{`"id":"w_test_webhook"`},
|
|
ExpectedEvents: map[string]int{"OnRecordViewRequest": 1},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
baseTest: baseTest{
|
|
Name: "UpdateWebhook",
|
|
Method: http.MethodPatch,
|
|
RequestHeaders: map[string]string{"Content-Type": "application/json"},
|
|
URL: "/api/webhooks/w_test_webhook",
|
|
Body: s(map[string]any{"name": "update"}),
|
|
},
|
|
userTests: []userTest{
|
|
{
|
|
Name: "Unauthorized",
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"invalid bearer token"`},
|
|
},
|
|
{
|
|
Name: "Analyst",
|
|
AuthRecord: data.AnalystEmail,
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"missing required scopes"`},
|
|
},
|
|
{
|
|
Name: "Admin",
|
|
Admin: data.AdminEmail,
|
|
ExpectedStatus: http.StatusOK,
|
|
ExpectedContent: []string{`"id":"w_test_webhook"`, `"name":"update"`},
|
|
ExpectedEvents: map[string]int{
|
|
"OnRecordAfterUpdateRequest": 1,
|
|
"OnRecordBeforeUpdateRequest": 1,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
baseTest: baseTest{
|
|
Name: "DeleteWebhook",
|
|
Method: http.MethodDelete,
|
|
URL: "/api/webhooks/w_test_webhook",
|
|
},
|
|
userTests: []userTest{
|
|
{
|
|
Name: "Unauthorized",
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"invalid bearer token"`},
|
|
},
|
|
{
|
|
Name: "Analyst",
|
|
AuthRecord: data.AnalystEmail,
|
|
ExpectedStatus: http.StatusUnauthorized,
|
|
ExpectedContent: []string{`"missing required scopes"`},
|
|
},
|
|
{
|
|
Name: "Admin",
|
|
Admin: data.AdminEmail,
|
|
ExpectedStatus: http.StatusNoContent,
|
|
ExpectedEvents: map[string]int{
|
|
"OnRecordAfterDeleteRequest": 1,
|
|
"OnRecordBeforeDeleteRequest": 1,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
for _, testSet := range testSets {
|
|
t.Run(testSet.baseTest.Name, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
for _, userTest := range testSet.userTests {
|
|
t.Run(userTest.Name, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
runMatrixTest(t, testSet.baseTest, userTest)
|
|
})
|
|
}
|
|
})
|
|
}
|
|
}
|