flagsmith Test webhook signing

Webhook signing is missing test coverage.

Need to verify the resulting signature works as expected. The exact same algorithm is used across multiple webhook integrations in the industry.

Suggestion of test structure:

def test_sign_payload_creates_valid_signature(...):
    # Given
    payload = 'some json payload'
    secret = 'a secret'
    expected = 'a hashed signature manually calculated using payload + secret above'
    
    # When
    result = sign_payload(payload, secret)
    
    # Then
    assert hmac.compare_digest(result, expected)

Jun 18 '25 14:06 emyller

I would like to try this I would love to receive more details And also how to install the dependencies - there is no requirements.txt file

Jun 19 '25 20:06 elisheva1280

And also how to install the dependencies - there is no requirements.txt file

This application uses Poetry to manage dependencies, which relies on a pyproject.toml file to define dependencies rather than the classic requirements.txt. You can learn more from our documentation. 😉

I've also added a suggestion of test to the issue description, hopefully that helps!

Jun 20 '25 15:06 emyller

@elisheva1280 are you still working on this?

Jul 09 '25 11:07 matthewelwell

Not now

Jul 13 '25 04:07 elisheva1280

can i take this up?

Sep 18 '25 15:09 TanyaKansal

can i take this up?

Sure! Thanks in advance for your contribution.

Sep 18 '25 15:09 emyller

can you add hacktoberfest label to it? Also can you mention steps for local set up

Oct 05 '25 12:10 TanyaKansal

@TanyaKansal I'm sorry, we've decided to take this onto our own engineering team. Thank you for your interest in contributing! Please check out other open issues.

Oct 30 '25 20:10 emyller