add test batches
This commit is contained in:
+49
@@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
namespace Tests\Feature\Api\V1\FullSurface;
|
||||
|
||||
use Tests\Feature\Api\V1\FullSurface\Support\FullSurfaceE2EContractCase;
|
||||
|
||||
class ApiWebhookExternalProviderAndCallbackContractTest extends FullSurfaceE2EContractCase
|
||||
{
|
||||
public function test_external_callback_routes_reject_unsigned_or_malformed_payloads(): void
|
||||
{
|
||||
$routes = $this->apiRoutesContainingAny(['webhook', 'callback', 'paypal', 'payment-notification', 'verify-payment']);
|
||||
|
||||
foreach ($routes as $route) {
|
||||
$method = $this->primaryMethod($route);
|
||||
|
||||
if (! in_array($method, ['POST', 'PUT', 'PATCH'], true)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$response = $this->json($method, $this->materializePath($route->uri()), [
|
||||
'provider' => 'e2e-fake-provider',
|
||||
'event_id' => 'evt_fake',
|
||||
'signature' => 'invalid-signature',
|
||||
'amount' => 25,
|
||||
'invoice_id' => $this->ids['invoiceId'],
|
||||
]);
|
||||
|
||||
$this->assertStatusIn($response, [200, 202, 400, 401, 403, 404, 409, 422], "Unsigned external callback {$route->uri()}");
|
||||
$this->assertStringNotContainsString('secret', strtolower($response->getContent()));
|
||||
}
|
||||
}
|
||||
|
||||
public function test_external_provider_status_routes_never_expose_provider_secrets(): void
|
||||
{
|
||||
foreach ($this->apiRoutesContainingAny(['paypal', 'payment', 'transaction', 'provider']) as $route) {
|
||||
if ($this->primaryMethod($route) !== 'GET') {
|
||||
continue;
|
||||
}
|
||||
|
||||
$response = $this->requestAs($this->admin, 'GET', $route->uri());
|
||||
$this->assertControlled($response, 'GET', $route->uri());
|
||||
|
||||
$body = strtolower($response->getContent());
|
||||
$this->assertStringNotContainsString('client_secret', $body);
|
||||
$this->assertStringNotContainsString('webhook_secret', $body);
|
||||
$this->assertStringNotContainsString('private_key', $body);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user