Warn if basic auth is not on, and signature validation is not setup

Author: paul-oms

anymail/webhooks/mailpace.py

@@ -55,8 +55,10 @@ def __init__(self, **kwargs):
             self.webhook_key = get_anymail_setting(
                 "webhook_key", esp_name=self.esp_name, kwargs=kwargs, allow_bare=True
             )
+            self.warn_if_no_basic_auth = False
         except AnymailConfigurationError:
             self.webhook_key = None
+            self.warn_if_no_basic_auth = True
 
         super().__init__(**kwargs)
 

tests/test_mailpace_webhooks.py

@@ -8,12 +8,14 @@
 from anymail.signals import AnymailTrackingEvent
 from anymail.webhooks.mailpace import MailPaceTrackingWebhookView
 
-from .utils_mailpace import ClientWithMailPaceSignature, make_key
+from .utils_mailpace import (
+    ClientWithMailPaceBasicAuth,
+    ClientWithMailPaceSignature,
+    make_key,
+)
 from .webhook_cases import WebhookTestCase
 
-# These tests are triggered both with and without 'pynacl' installed,
-# without the ability to generate a signing key, there is no way to test
-# the webhook signature validation.
+# These tests are triggered both with and without 'pynacl' installed
 try:
     from nacl.signing import SigningKey
 
@@ -23,7 +25,9 @@
 
 
 @tag("mailpace")
-@unittest.skipUnless(PYNACL_INSTALLED, "Install Pynacl to run MailPace Webhook Tests")
+@unittest.skipUnless(
+    PYNACL_INSTALLED, "Install Pynacl to run MailPace Webhook Signature Tests"
+)
 class MailPaceWebhookSecurityTestCase(WebhookTestCase):
     client_class = ClientWithMailPaceSignature
 
@@ -57,6 +61,54 @@ def test_failed_signature_check(self):
         self.assertEqual(response.status_code, 400)
 
 
+@unittest.skipIf(PYNACL_INSTALLED, "Pynacl is not available, fallback to basic auth")
+class MailPaceWebhookBasicAuthTestCase(WebhookTestCase):
+    client_class = ClientWithMailPaceBasicAuth
+
+    def setUp(self):
+        super().setUp()
+
+    def test_queued_event(self):
+        raw_event = {
+            "event": "email.queued",
+            "payload": {
+                "status": "queued",
+                "id": 1,
+                "domain_id": 1,
+                "created_at": "2021-11-16T14:50:15.445Z",
+                "updated_at": "2021-11-16T14:50:15.445Z",
+                "from": "sender@example.com",
+                "to": "queued@example.com",
+                "htmlbody": "string",
+                "textbody": "string",
+                "cc": "string",
+                "bcc": "string",
+                "subject": "string",
+                "replyto": "string",
+                "message_id": "string",
+                "list_unsubscribe": "string",
+                "tags": ["string", "string"],
+            },
+        }
+        response = self.client.post(
+            "/anymail/mailpace/tracking/",
+            content_type="application/json",
+            data=json.dumps(raw_event),
+        )
+        self.assertEqual(response.status_code, 200)
+        kwargs = self.assert_handler_called_once_with(
+            self.tracking_handler,
+            sender=MailPaceTrackingWebhookView,
+            event=ANY,
+            esp_name="MailPace",
+        )
+        event = kwargs["event"]
+        self.assertIsInstance(event, AnymailTrackingEvent)
+        self.assertEqual(event.event_type, "queued")
+        self.assertEqual(event.message_id, "string")
+        self.assertEqual(event.recipient, "queued@example.com")
+
+
 @tag("mailpace")
 @unittest.skipUnless(PYNACL_INSTALLED, "Install Pynacl to run MailPace Webhook Tests")
 class MailPaceDeliveryTestCase(WebhookTestCase):

tests/utils_mailpace.py

@@ -67,4 +67,11 @@ def post(self, *args, **kwargs):
             )
 
 
+class _ClientWithMailPaceBasicAuth(ClientWithCsrfChecks):
+    def post(self, *args, **kwargs):
+        with override_settings(ANYMAIL={"WEBHOOK_SECRET": "username:password"}):
+            return super().post(*args, **kwargs)
+
+
 ClientWithMailPaceSignature = _ClientWithMailPaceSignature
+ClientWithMailPaceBasicAuth = _ClientWithMailPaceBasicAuth