From 4f5944f9f6c91f8d0e645686815af0e787b5bcd0 Mon Sep 17 00:00:00 2001
From: Marcel Pociot <m.pociot@gmail.com>
Date: Mon, 26 Nov 2018 00:28:57 +0100
Subject: [PATCH] wip

---
 tests/ConnectionTest.php | 52 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/tests/ConnectionTest.php b/tests/ConnectionTest.php
index b39a063..10a5cb3 100644
--- a/tests/ConnectionTest.php
+++ b/tests/ConnectionTest.php
@@ -3,6 +3,7 @@
 namespace BeyondCode\LaravelWebSockets\Tests;
 
 use BeyondCode\LaravelWebSockets\ClientProviders\Client;
+use BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Exceptions\InvalidSignatureException;
 use BeyondCode\LaravelWebSockets\LaravelEcho\Pusher\Exceptions\UnknownAppKeyException;
 use BeyondCode\LaravelWebSockets\LaravelEcho\WebSocket\PusherServer;
 use BeyondCode\LaravelWebSockets\Tests\Mocks\Message;
@@ -91,4 +92,55 @@ class ConnectionTest extends TestCase
             'channel' => 'basic-channel'
         ]);
     }
+
+    /** @test */
+    public function clients_need_valid_auth_signatures_for_private_channels()
+    {
+        $this->expectException(InvalidSignatureException::class);
+
+        /** @var PusherServer $server */
+        $server = app(PusherServer::class);
+
+        $connection = $this->getWebSocketConnection();
+
+        $message = new Message(json_encode([
+            'event' => 'pusher:subscribe',
+            'data' => [
+                'auth' => 'invalid',
+                'channel' => 'private-channel'
+            ],
+        ]));
+
+        $server->onOpen($connection);
+
+        $server->onMessage($connection, $message);
+    }
+
+    /** @test */
+    public function clients_can_subscribe_to_private_channels()
+    {
+        /** @var PusherServer $server */
+        $server = app(PusherServer::class);
+
+        $connection = $this->getWebSocketConnection();
+
+        $server->onOpen($connection);
+
+        $signature = "{$connection->socketId}:private-channel";
+
+        $message = new Message(json_encode([
+            'event' => 'pusher:subscribe',
+            'data' => [
+                'auth' => $connection->client->appKey.':'.hash_hmac('sha256', $signature, $connection->client->appSecret),
+                'channel' => 'private-channel'
+            ],
+        ]));
+
+
+        $server->onMessage($connection, $message);
+
+        $connection->assertSentEvent('pusher_internal:subscription_succeeded', [
+            'channel' => 'private-channel'
+        ]);
+    }
 }
\ No newline at end of file