Mandrill: include auth in webhook signature calc

Mandrill's webhook signature calculation uses the
*exact url* Mandrill is posting to. If HTTP basic
auth is also used, that auth is included in the url.

Anymail was using Django's request.build_absolute_uri,
which doesn't include HTTP basic auth. Anymail now
includes the auth in the calculation, if it was present
in the request.

This should eliminate the need to use the
ANYMAIL_MANDRILL_WEBHOOK_URL override,
if Django's SECURE_PROXY_SSL_HEADER and
USE_X_FORWARDED_HOST (and/or
USE_X_FORWARDED_PROTO) settings are correct
for your server.

(The calculated url is now also included in
the validation failure error message, to aid
debugging.)

Fixes #48

tests/webhook_cases.py

@@ -43,6 +43,9 @@ class WebhookTestCase(AnymailTestMixin, SimpleTestCase):
         credentials = base64.b64encode("{}:{}".format(username, password).encode('utf-8')).decode('utf-8')
         self.client.defaults['HTTP_AUTHORIZATION'] = "Basic {}".format(credentials)
 
+    def clear_basic_auth(self):
+        self.client.defaults.pop('HTTP_AUTHORIZATION', None)
+
     def assert_handler_called_once_with(self, mockfn, *expected_args, **expected_kwargs):
         """Verifies mockfn was called with expected_args and at least expected_kwargs.
 
@@ -98,7 +101,7 @@ class WebhookBasicAuthTestsMixin(object):
         self.assertEqual(response.status_code, 400)
 
     def test_verifies_missing_auth(self):
-        del self.client.defaults['HTTP_AUTHORIZATION']
+        self.clear_basic_auth()
         response = self.call_webhook()
         self.assertEqual(response.status_code, 400)