import hmac
import hashlib

from gitea_codex_bot.services.security import verify_gitea_signature


def test_verify_signature_success() -> None:
    payload = b'{"a":1}'
    secret = "abc"
    signature = hmac.new(secret.encode(), payload, hashlib.sha256).hexdigest()
    assert verify_gitea_signature(payload, secret, signature)


def test_verify_signature_failure() -> None:
    assert not verify_gitea_signature(b"x", "abc", "deadbeef")