Merge pull request #999 from darrencauthon/webhook_gets
Webhook verbs
Andrew Cantino
共有 2 个文件被更改,包括 173 次插入 和 7 次删除
+ 8
- 1
app/models/agents/webhook_agent.rb
@@ -20,6 +20,9 @@ module Agents |
||
| 20 | 20 |
* `payload_path` - JSONPath of the attribute in the POST body to be |
| 21 | 21 |
used as the Event payload. If `payload_path` points to an array, |
| 22 | 22 |
Events will be created for each element. |
| 23 |
+ * `verbs` - Comma-separated list of http verbs your agent will accept. |
|
| 24 |
+ For example, "post,get" will enable POST and GET requests. Defaults |
|
| 25 |
+ to "post". |
|
| 23 | 26 |
MD |
| 24 | 27 |
end |
| 25 | 28 |
|
@@ -38,10 +41,14 @@ module Agents |
||
| 38 | 41 |
end |
| 39 | 42 |
|
| 40 | 43 |
def receive_web_request(params, method, format) |
| 44 |
+ # check the secret |
|
| 41 | 45 |
secret = params.delete('secret')
|
| 42 |
- return ["Please use POST requests only", 401] unless method == "post" |
|
| 43 | 46 |
return ["Not Authorized", 401] unless secret == interpolated['secret'] |
| 44 | 47 |
|
| 48 |
+ #check the verbs |
|
| 49 |
+ verbs = (interpolated['verbs'] || 'post').split(/,/).map { |x| x.strip.downcase }.select { |x| x.present? }
|
|
| 50 |
+ return ["Please use #{verbs.join('/').upcase} requests only", 401] unless verbs.include?(method)
|
|
| 51 |
+ |
|
| 45 | 52 |
[payload_for(params)].flatten.each do |payload| |
| 46 | 53 |
create_event(payload: payload) |
| 47 | 54 |
end |
+ 165
- 6
spec/models/agents/webhook_agent_spec.rb
@@ -38,12 +38,171 @@ describe Agents::WebhookAgent do |
||
| 38 | 38 |
expect(out).to eq(['Not Authorized', 401]) |
| 39 | 39 |
end |
| 40 | 40 |
|
| 41 |
- it "should only accept POSTs" do |
|
| 42 |
- out = nil |
|
| 43 |
- expect {
|
|
| 44 |
- out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "get", "text/html")
|
|
| 45 |
- }.to change { Event.count }.by(0)
|
|
| 46 |
- expect(out).to eq(['Please use POST requests only', 401]) |
|
| 41 |
+ describe "receiving events" do |
|
| 42 |
+ |
|
| 43 |
+ context "default settings" do |
|
| 44 |
+ |
|
| 45 |
+ it "should not accept GET" do |
|
| 46 |
+ out = nil |
|
| 47 |
+ expect {
|
|
| 48 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "get", "text/html")
|
|
| 49 |
+ }.to change { Event.count }.by(0)
|
|
| 50 |
+ expect(out).to eq(['Please use POST requests only', 401]) |
|
| 51 |
+ end |
|
| 52 |
+ |
|
| 53 |
+ it "should accept POST" do |
|
| 54 |
+ out = nil |
|
| 55 |
+ expect {
|
|
| 56 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "post", "text/html")
|
|
| 57 |
+ }.to change { Event.count }.by(1)
|
|
| 58 |
+ expect(out).to eq(['Event Created', 201]) |
|
| 59 |
+ end |
|
| 60 |
+ |
|
| 61 |
+ end |
|
| 62 |
+ |
|
| 63 |
+ context "accepting get and post" do |
|
| 64 |
+ |
|
| 65 |
+ before { agent.options['verbs'] = 'get,post' }
|
|
| 66 |
+ |
|
| 67 |
+ it "should accept GET" do |
|
| 68 |
+ out = nil |
|
| 69 |
+ expect {
|
|
| 70 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "get", "text/html")
|
|
| 71 |
+ }.to change { Event.count }.by(1)
|
|
| 72 |
+ expect(out).to eq(['Event Created', 201]) |
|
| 73 |
+ end |
|
| 74 |
+ |
|
| 75 |
+ it "should accept POST" do |
|
| 76 |
+ out = nil |
|
| 77 |
+ expect {
|
|
| 78 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "post", "text/html")
|
|
| 79 |
+ }.to change { Event.count }.by(1)
|
|
| 80 |
+ expect(out).to eq(['Event Created', 201]) |
|
| 81 |
+ end |
|
| 82 |
+ |
|
| 83 |
+ it "should not accept PUT" do |
|
| 84 |
+ out = nil |
|
| 85 |
+ expect {
|
|
| 86 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "put", "text/html")
|
|
| 87 |
+ }.to change { Event.count }.by(0)
|
|
| 88 |
+ expect(out).to eq(['Please use GET/POST requests only', 401]) |
|
| 89 |
+ end |
|
| 90 |
+ |
|
| 91 |
+ end |
|
| 92 |
+ |
|
| 93 |
+ context "accepting only get" do |
|
| 94 |
+ |
|
| 95 |
+ before { agent.options['verbs'] = 'get' }
|
|
| 96 |
+ |
|
| 97 |
+ it "should accept GET" do |
|
| 98 |
+ out = nil |
|
| 99 |
+ expect {
|
|
| 100 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "get", "text/html")
|
|
| 101 |
+ }.to change { Event.count }.by(1)
|
|
| 102 |
+ expect(out).to eq(['Event Created', 201]) |
|
| 103 |
+ end |
|
| 104 |
+ |
|
| 105 |
+ it "should not accept POST" do |
|
| 106 |
+ out = nil |
|
| 107 |
+ expect {
|
|
| 108 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "post", "text/html")
|
|
| 109 |
+ }.to change { Event.count }.by(0)
|
|
| 110 |
+ expect(out).to eq(['Please use GET requests only', 401]) |
|
| 111 |
+ end |
|
| 112 |
+ |
|
| 113 |
+ end |
|
| 114 |
+ |
|
| 115 |
+ context "accepting only post" do |
|
| 116 |
+ |
|
| 117 |
+ before { agent.options['verbs'] = 'post' }
|
|
| 118 |
+ |
|
| 119 |
+ it "should not accept GET" do |
|
| 120 |
+ out = nil |
|
| 121 |
+ expect {
|
|
| 122 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "get", "text/html")
|
|
| 123 |
+ }.to change { Event.count }.by(0)
|
|
| 124 |
+ expect(out).to eq(['Please use POST requests only', 401]) |
|
| 125 |
+ end |
|
| 126 |
+ |
|
| 127 |
+ it "should accept POST" do |
|
| 128 |
+ out = nil |
|
| 129 |
+ expect {
|
|
| 130 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "post", "text/html")
|
|
| 131 |
+ }.to change { Event.count }.by(1)
|
|
| 132 |
+ expect(out).to eq(['Event Created', 201]) |
|
| 133 |
+ end |
|
| 134 |
+ |
|
| 135 |
+ end |
|
| 136 |
+ |
|
| 137 |
+ context "accepting only put" do |
|
| 138 |
+ |
|
| 139 |
+ before { agent.options['verbs'] = 'put' }
|
|
| 140 |
+ |
|
| 141 |
+ it "should accept PUT" do |
|
| 142 |
+ out = nil |
|
| 143 |
+ expect {
|
|
| 144 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "put", "text/html")
|
|
| 145 |
+ }.to change { Event.count }.by(1)
|
|
| 146 |
+ expect(out).to eq(['Event Created', 201]) |
|
| 147 |
+ end |
|
| 148 |
+ |
|
| 149 |
+ it "should not accept GET" do |
|
| 150 |
+ out = nil |
|
| 151 |
+ expect {
|
|
| 152 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "get", "text/html")
|
|
| 153 |
+ }.to change { Event.count }.by(0)
|
|
| 154 |
+ expect(out).to eq(['Please use PUT requests only', 401]) |
|
| 155 |
+ end |
|
| 156 |
+ |
|
| 157 |
+ it "should not accept POST" do |
|
| 158 |
+ out = nil |
|
| 159 |
+ expect {
|
|
| 160 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "post", "text/html")
|
|
| 161 |
+ }.to change { Event.count }.by(0)
|
|
| 162 |
+ expect(out).to eq(['Please use PUT requests only', 401]) |
|
| 163 |
+ end |
|
| 164 |
+ |
|
| 165 |
+ end |
|
| 166 |
+ |
|
| 167 |
+ context "flaky content with commas" do |
|
| 168 |
+ |
|
| 169 |
+ before { agent.options['verbs'] = ',, PUT,POST, gEt , ,' }
|
|
| 170 |
+ |
|
| 171 |
+ it "should accept PUT" do |
|
| 172 |
+ out = nil |
|
| 173 |
+ expect {
|
|
| 174 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "put", "text/html")
|
|
| 175 |
+ }.to change { Event.count }.by(1)
|
|
| 176 |
+ expect(out).to eq(['Event Created', 201]) |
|
| 177 |
+ end |
|
| 178 |
+ |
|
| 179 |
+ it "should accept GET" do |
|
| 180 |
+ out = nil |
|
| 181 |
+ expect {
|
|
| 182 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "get", "text/html")
|
|
| 183 |
+ }.to change { Event.count }.by(1)
|
|
| 184 |
+ expect(out).to eq(['Event Created', 201]) |
|
| 185 |
+ end |
|
| 186 |
+ |
|
| 187 |
+ it "should accept POST" do |
|
| 188 |
+ out = nil |
|
| 189 |
+ expect {
|
|
| 190 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "post", "text/html")
|
|
| 191 |
+ }.to change { Event.count }.by(1)
|
|
| 192 |
+ expect(out).to eq(['Event Created', 201]) |
|
| 193 |
+ end |
|
| 194 |
+ |
|
| 195 |
+ it "should not accept DELETE" do |
|
| 196 |
+ out = nil |
|
| 197 |
+ expect {
|
|
| 198 |
+ out = agent.receive_web_request({ 'secret' => 'foobar', 'some_key' => payload }, "delete", "text/html")
|
|
| 199 |
+ }.to change { Event.count }.by(0)
|
|
| 200 |
+ expect(out).to eq(['Please use PUT/POST/GET requests only', 401]) |
|
| 201 |
+ end |
|
| 202 |
+ |
|
| 203 |
+ end |
|
| 204 |
+ |
|
| 47 | 205 |
end |
| 206 |
+ |
|
| 48 | 207 |
end |
| 49 | 208 |
end |