package gitea import ( "crypto/hmac" "crypto/sha256" "encoding/hex" "testing" ) func TestVerifySignature(t *testing.T) { body := []byte(`{"hello":"hop"}`) mac := hmac.New(sha256.New, []byte("secret")) _, _ = mac.Write(body) signature := hex.EncodeToString(mac.Sum(nil)) if !VerifySignature(body, signature, "secret") { t.Fatal("expected valid signature") } if VerifySignature(body, signature, "wrong") { t.Fatal("accepted signature with wrong secret") } if VerifySignature(body, "not-hex", "secret") { t.Fatal("accepted malformed signature") } }