Minor change to conform to spec, updated tests

pubsubhubbub · Feb 25, 2014 · 233d191 · 233d191
1 parent e1815fd
commit 233d191
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 8 deletions.
diff --git a/index.js b/index.js
@@ -16,6 +16,8 @@ var request = require("request"),
  * @param {String} [options.callbackUrl] Callback URL for the hub
  * @param {String} [options.secret] Secret value for HMAC signatures
  * @param {Number} [options.maxContentSize] Maximum allowed size of the POST messages
+ * @param {String} [options.username] Username for HTTP Authentication
+ * @param {String} [options.password] Password for HTTP Authentication
  * @return {Object} A PubSubHubbub server object
  */
 module.exports.createServer = function(options){
@@ -197,7 +199,7 @@ PubSubHubbub.prototype._onError = function(error){
 }
 
 /**
- * Will be fired when HTTP server has successfully started listening the selected port
+ * Will be fired when HTTP server has successfully started listening on the selected port
  *
  * @event
  */
@@ -279,6 +281,7 @@ PubSubHubbub.prototype._onPostRequest = function(req, res){
         return this._sendError(req, res, 400, "Bad Request");
     }
 
+    // Hub must notify with signature header if secret specified.
     if(this.secret && !req.headers['x-hub-signature']){
         return this._sendError(req, res, 403, "Forbidden");
     }
@@ -318,8 +321,10 @@ PubSubHubbub.prototype._onPostRequest = function(req, res){
             return this._sendError(req, res, 413, "Request Entity Too Large");
         }
 
+        // Must return 2xx code even if signature doesn't match.
         if(this.secret && hmac.digest("hex").toLowerCase() != signature){
-            return this._sendError(req, res, 403, "Forbidden");
+            res.writeHead(202, {'Content-Type': 'text/plain; charset=utf-8'});
+            return res.end();
         }
 
         res.writeHead(204, {'Content-Type': 'text/plain; charset=utf-8'});

diff --git a/test/pubsubhubbub.test.js b/test/pubsubhubbub.test.js
@@ -34,6 +34,23 @@ describe('pubsubhubbub notification', function () {
 		pubsub.listen(8000);
 	});
 
+	it('should return 400 - no topic', function (done) {
+		var options = {
+			url: 'http://localhost:8000',
+			headers: {
+				'link': '<http://pubsubhubbub.appspot.com/>; rel="hub"'
+			}
+		}
+		request.post(options, function (err, res, body) {
+			try {
+				expect(res.statusCode).to.equal(400);
+				done();
+			} catch (err) {
+				done(err);
+			}
+		});
+	});
+
 	it('should return 403 - no X-Hub-Signature', function (done){
 		var options = {
 			url: 'http://localhost:8000',
@@ -51,24 +68,26 @@ describe('pubsubhubbub notification', function () {
 		});
 	});
 
-	it('should return 400 - no topic', function (done) {
+	it('should return 202 - signature does not match', function (done) {
 		var options = {
 			url: 'http://localhost:8000',
 			headers: {
-				'link': '<http://pubsubhubbub.appspot.com/>; rel="hub"'
-			}
+				'X-Hub-Signature': 'sha1='+hub_encryption,
+				'link': '<http://test.com>; rel="self", <http://pubsubhubbub.appspot.com/>; rel="hub"',
+			},
+			body: response_body + "potentially malicious content"
 		}
 		request.post(options, function (err, res, body) {
 			try {
-				expect(res.statusCode).to.equal(400);
+				expect(res.statusCode).to.equal(202);
 				done();
 			} catch (err) {
 				done(err);
 			}
 		});
 	});
 
-	it('should return 204', function (done) {
+	it('should return 204 - sucessful request', function (done) {
 		var options = {
 			url: 'http://localhost:8000',
 			headers: {
@@ -87,12 +106,62 @@ describe('pubsubhubbub notification', function () {
 		});
 	});
 
+	it('should emit a feed event - successful request', function (done) {
+		var eventFired = false;
+		var options = {
+			url: 'http://localhost:8000',
+			headers: {
+				'X-Hub-Signature': 'sha1='+hub_encryption,
+				'link': '<http://test.com>; rel="self", <http://pubsubhubbub.appspot.com/>; rel="hub"',
+			},
+			body: response_body
+		}
+		request.post(options, function (err, res, body) {});
+
+		pubsub.on('feed', function () {
+			eventFired = true;
+		});
+		try {
+			setTimeout( function () {
+				expect(eventFired).to.equal(true);
+				done();
+			}, 100);	
+		} catch (err) {
+			done(err);
+		}
+	});
+
+	it('should not emit a feed event - signature does not match', function (done) {
+		var eventFired = false;
+		var options = {
+			url: 'http://localhost:8000',
+			headers: {
+				'X-Hub-Signature': 'sha1='+hub_encryption,
+				'link': '<http://test.com>; rel="self", <http://pubsubhubbub.appspot.com/>; rel="hub"',
+			},
+			body: response_body + "potentially malicious content"
+		}
+		request.post(options, function (err, res, body) {});
+
+		pubsub.on('feed', function () {
+			eventFired = true;
+		});
+		try {
+			setTimeout( function () {
+				expect(eventFired).to.equal(false);
+				done();
+			}, 100);	
+		} catch (err) {
+			done(err);
+		}
+	});
+
 	after(function () {
 		pubsub.server.close();
 	});
 });
 
-suite("Pubsubhubbub tests", function () {
+suite("pubsubhubbub creation", function () {
 	test("pubsub should exist", function () {
 		expect(pubsub).to.exist;
 	});