jamey/berrypod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
f479be5728
berrypod/test/berrypod_web/controllers/webhook_controller_test.exs
jamey 9528700862 rename project from SimpleshopTheme to Berrypod 
All modules, configs, paths, and references updated.
836 tests pass, zero warnings.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 21:23:15 +00:00

179 lines
5.7 KiB
Elixir
Raw Blame History

defmodule BerrypodWeb.WebhookControllerTest do
use BerrypodWeb.ConnCase
import Berrypod.ProductsFixtures
@webhook_secret "test_webhook_secret_123"
setup do
_conn =
provider_connection_fixture(%{
provider_type: "printify",
config: %{"shop_id" => "12345", "webhook_secret" => @webhook_secret}
})
:ok
end
describe "POST /webhooks/printify" do
test "returns 401 without signature", %{conn: conn} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> post(~p"/webhooks/printify", %{type: "product:updated"})
assert json_response(conn, 401)["error"] == "Invalid signature"
end
test "returns 401 with invalid signature", %{conn: conn} do
body = Jason.encode!(%{type: "product:updated", resource: %{id: "123"}})
conn =
conn
|> put_req_header("content-type", "application/json")
|> put_req_header("x-pfy-signature", "sha256=invalid")
|> post(~p"/webhooks/printify", body)
assert json_response(conn, 401)["error"] == "Invalid signature"
end
test "accepts valid signature and returns 200", %{conn: conn} do
body = Jason.encode!(%{type: "product:updated", resource: %{id: "123", shop_id: "12345"}})
signature = compute_signature(body, @webhook_secret)
conn =
conn
|> put_req_header("content-type", "application/json")
|> put_req_header("x-pfy-signature", "sha256=#{signature}")
|> post(~p"/webhooks/printify", body)
assert json_response(conn, 200)["status"] == "ok"
end
test "handles product:updated event", %{conn: conn} do
body = Jason.encode!(%{type: "product:updated", resource: %{id: "123", shop_id: "12345"}})
signature = compute_signature(body, @webhook_secret)
conn =
conn
|> put_req_header("content-type", "application/json")
|> put_req_header("x-pfy-signature", "sha256=#{signature}")
|> post(~p"/webhooks/printify", body)
# Should return 200 even if job processing fails (inline mode tries to execute)
assert json_response(conn, 200)["status"] == "ok"
end
test "handles product:deleted event", %{conn: conn} do
body = Jason.encode!(%{type: "product:deleted", resource: %{id: "456"}})
signature = compute_signature(body, @webhook_secret)
conn =
conn
|> put_req_header("content-type", "application/json")
|> put_req_header("x-pfy-signature", "sha256=#{signature}")
|> post(~p"/webhooks/printify", body)
assert json_response(conn, 200)["status"] == "ok"
end
test "returns 401 when no webhook secret configured", %{conn: conn} do
# Remove the provider connection to simulate no secret
Berrypod.Repo.delete_all(Berrypod.Products.ProviderConnection)
body = Jason.encode!(%{type: "product:updated", resource: %{id: "123"}})
signature = compute_signature(body, @webhook_secret)
conn =
conn
|> put_req_header("content-type", "application/json")
|> put_req_header("x-pfy-signature", "sha256=#{signature}")
|> post(~p"/webhooks/printify", body)
assert json_response(conn, 401)["error"] == "Invalid signature"
end
end
defp compute_signature(body, secret) do
:crypto.mac(:hmac, :sha256, secret, body)
|> Base.encode16(case: :lower)
end
describe "POST /webhooks/printful" do
@printful_secret "printful_test_secret_456"
setup do
_conn =
provider_connection_fixture(%{
provider_type: "printful",
config: %{"store_id" => "99999", "webhook_secret" => @printful_secret}
})
:ok
end
test "returns 401 without token", %{conn: conn} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> post(~p"/webhooks/printful", %{type: "product_updated"})
assert json_response(conn, 401)["error"] == "Invalid token"
end
test "returns 401 with wrong token", %{conn: conn} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> put_req_header("x-pf-webhook-token", "wrong_token")
|> post(~p"/webhooks/printful", %{type: "product_updated"})
assert json_response(conn, 401)["error"] == "Invalid token"
end
test "accepts valid token via header", %{conn: conn} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> put_req_header("x-pf-webhook-token", @printful_secret)
|> post(~p"/webhooks/printful", %{type: "product_updated", data: %{}})
assert json_response(conn, 200)["status"] == "ok"
end
test "accepts valid token via query param", %{conn: conn} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> post(~p"/webhooks/printful?token=#{@printful_secret}", %{
type: "product_updated",
data: %{}
})
assert json_response(conn, 200)["status"] == "ok"
end
test "handles unknown event gracefully", %{conn: conn} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> put_req_header("x-pf-webhook-token", @printful_secret)
|> post(~p"/webhooks/printful", %{type: "unknown_event", data: %{}})
assert json_response(conn, 200)["status"] == "ok"
end
test "returns 401 when no webhook secret configured", %{conn: conn} do
Berrypod.Repo.delete_all(Berrypod.Products.ProviderConnection)
conn =
conn
|> put_req_header("content-type", "application/json")
|> put_req_header("x-pf-webhook-token", @printful_secret)
|> post(~p"/webhooks/printful", %{type: "product_updated"})
assert json_response(conn, 401)["error"] == "Invalid token"
end
end
end
Reference in New Issue View Git Blame Copy Permalink