github_webhook 1.1.1 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b600d6f9819bb2733a770802f9b7d9bf3c6ce0494f5efd5331a3c837449138e9
-  data.tar.gz: 2508562d1d07536d4269a8d9a2887e11a5fb777d8def729e1a7874e04a818b23
+  metadata.gz: ec22b9a09fcb0d2833a46cffacf39ac9703b33fd0b909bfee2258f4191fdfc21
+  data.tar.gz: 0f0fc361b3f1ccccb93dc66baf1b75d3ebc1f34fa3ef6022a0598dd6abc20c1b
 SHA512:
-  metadata.gz: bab9275ab482493469fff0e8b161d320626b514303e4370fff55929beb2ed30aac8f2eaf6c21410834f4c38d56c4e633e3ce7ef768a04c1cf1bae02a3f5e4413
-  data.tar.gz: 5359dd0bc8f338a19d95ca06f2b8c0c340f02f2ccd49aebae4d8eae7cce27a85dc8f300524551ee298a3cbe49e5f6aec71ad4a87f4cebfd7dd44d6101386074e
+  metadata.gz: 4292322d0e533e85de5fdedf0c67efe57847114beda60ba710a3fe191d9a59ad3c61fe8ead9c68272ba8067b53f709a10980059c6cb4a37f3898a6bc6b0b1f3a
+  data.tar.gz: 767ce312e69c381ac91cc6bd4c9cf913b1297ca9d4ee990f38cf8e55f306c8607421dcaf1b0ab9941da41003f20674346512c53595d5d61c6a9866cdb6f5a559

data/.github/workflows/ruby.yml

@@ -0,0 +1,24 @@
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby 2.7
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.7.x
+    - name: Build and test with Rake
+      run: |
+        gem install bundler
+        bundle install --jobs 4 --retry 3
+        bundle exec rake

data/.ruby-version

@@ -1 +1 @@
-2.4.2
+2.7.4

data/Appraisals

@@ -9,3 +9,7 @@ end
 appraise "rails-5.1" do
   gem "rails", "~> 5.1.0"
 end
+
+appraise "rails-6.0" do
+  gem "rails", "~> 6.0"
+end

data/README.md

@@ -1,19 +1,27 @@
-[![Build Status](https://travis-ci.org/ssaunier/github_webhook.svg?branch=master)](https://travis-ci.org/ssaunier/github_webhook)
-[![Code Climate](https://codeclimate.com/github/ssaunier/github_webhook/badges/gpa.svg)](https://codeclimate.com/github/ssaunier/github_webhook)
+
 [![Gem Version](https://badge.fury.io/rb/github_webhook.svg)](http://badge.fury.io/rb/github_webhook)
 
 
-# GithubWebhook
+# Github Webhook for Rails
 
 This gem will help you to quickly setup a route in your Rails application which listens
 to a [GitHub webhook](https://developer.github.com/webhooks/)
 
+## Alternatives
+
+If you want to use this logic outside of Rails, you should consider the following gems (cf [#19](https://github.com/ssaunier/github_webhook/issues/19)):
+
+- [`sinatra-github_webhooks`](https://github.com/chrismytton/sinatra-github_webhooks)
+- [`rack-github_webhooks`](https://github.com/chrismytton/rack-github_webhooks)
+
+If you are on Rails, please read on!
+
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'github_webhook', '~> 1.1'
+gem 'github_webhook', '~> 1.4'
 ```
 
 And then execute:

data/github_webhook.gemspec

@@ -22,9 +22,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "activesupport", ">= 4"
   spec.add_dependency "railties", ">= 4"
 
-  spec.add_development_dependency "bundler", "~> 1.5"
-  spec.add_development_dependency "rake", "~> 10.1"
-  spec.add_development_dependency "rspec", "~> 2.14"
-  spec.add_development_dependency "codeclimate-test-reporter", "~> 1.0"
+  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "rspec", "~> 3.9"
   spec.add_development_dependency "appraisal"
 end

data/lib/github_webhook/processor.rb

@@ -1,44 +1,44 @@
 module GithubWebhook::Processor
   extend ActiveSupport::Concern
+  require 'abstract_controller'
 
   included do
     before_action :authenticate_github_request!, only: :create
     before_action :check_github_event!, only: :create
   end
 
-  class SignatureError < StandardError; end
-  class UnspecifiedWebhookSecretError < StandardError; end
-  class UnsupportedGithubEventError < StandardError; end
-  class UnsupportedContentTypeError < StandardError; end
-
   # To fetch list from https://developer.github.com/v3/activity/events/types
   # run this little JS code in the console:
-  #    $("h3:contains('Webhook event name')").next('p').each((_, p) => console.log(p.innerText))
+  #    document.querySelectorAll('.list-style-none li.lh-condensed a').forEach(e => console.log(e.text))
   GITHUB_EVENTS = %w(
     check_run
     check_suite
+    code_scanning_alert
     commit_comment
+    content_reference
     create
     delete
+    deploy_key
     deployment
     deployment_status
-    download
-    follow
+    discussion
+    discussion_comment
     fork
-    fork_apply
     github_app_authorization
-    gist
     gollum
     installation
     installation_repositories
     issue_comment
     issues
     label
+    marketplace_purchase
     member
     membership
+    meta
     milestone
     organization
     org_block
+    package
     page_build
     ping
     project_card
@@ -50,13 +50,20 @@ module GithubWebhook::Processor
     pull_request_review_comment
     push
     release
+    repository_dispatch
     repository
     repository_import
     repository_vulnerability_alert
+    secret_scanning_alert
+    security_advisory
+    sponsorship
+    star
     status
     team
     team_add
     watch
+    workflow_dispatch
+    workflow_run
   )
 
   def create
@@ -64,7 +71,7 @@ module GithubWebhook::Processor
       self.send event_method, json_body
       head(:ok)
     else
-      raise NoMethodError.new("GithubWebhooksController##{event_method} not implemented")
+      raise AbstractController::ActionNotFound.new("GithubWebhooksController##{event_method} not implemented")
     end
   end
 
@@ -75,23 +82,23 @@ module GithubWebhook::Processor
 
   private
 
-  HMAC_DIGEST = OpenSSL::Digest.new('sha1')
+  HMAC_DIGEST = OpenSSL::Digest.new('sha256')
 
   def authenticate_github_request!
-    raise UnspecifiedWebhookSecretError.new unless respond_to?(:webhook_secret, true)
+    raise AbstractController::ActionNotFound.new unless respond_to?(:webhook_secret, true)
     secret = webhook_secret(json_body)
 
-    expected_signature = "sha1=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, request_body)}"
-    if signature_header != expected_signature
+    expected_signature = "sha256=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, request_body)}"
+    unless ActiveSupport::SecurityUtils.secure_compare(signature_header, expected_signature)
       GithubWebhook.logger && GithubWebhook.logger.warn("[GithubWebhook::Processor] signature "\
         "invalid, actual: #{signature_header}, expected: #{expected_signature}")
-      raise SignatureError
+      raise AbstractController::ActionNotFound
     end
   end
 
   def check_github_event!
     unless GITHUB_EVENTS.include?(request.headers['X-GitHub-Event'])
-      raise UnsupportedGithubEventError.new("#{request.headers['X-GitHub-Event']} is not a whiltelisted GitHub event. See https://developer.github.com/v3/activity/events/types/")
+      raise AbstractController::ActionNotFound.new("#{request.headers['X-GitHub-Event']} is not a whitelisted GitHub event. See https://developer.github.com/v3/activity/events/types/")
     end
   end
 
@@ -112,7 +119,7 @@ module GithubWebhook::Processor
       when 'application/json'
         payload = request_body
       else
-        raise UnsupportedContentTypeError.new(
+        raise AbstractController::ActionNotFound.new(
           "Content-Type #{content_type} is not supported. Use 'application/x-www-form-urlencoded' or 'application/json")
       end
       ActiveSupport::HashWithIndifferentAccess.new(JSON.load(payload))
@@ -120,7 +127,7 @@ module GithubWebhook::Processor
   end
 
   def signature_header
-    @signature_header ||= request.headers['X-Hub-Signature']
+    @signature_header ||= request.headers['X-Hub-Signature-256'] || ''
   end
 
   def event_method

data/lib/github_webhook/version.rb

@@ -1,3 +1,3 @@
 module GithubWebhook
-  VERSION = "1.1.1"
+  VERSION = "1.4.0"
 end

data/spec/github_webhook/processor_spec.rb

@@ -53,9 +53,9 @@ module GithubWebhook
       context 'when #webhook_secret is not defined' do
         let(:controller_class) { ControllerWithoutSecret }
 
-        it "raises a Processor::UnspecifiedWebhookSecretError" do
+        it "raises a AbstractController::ActionNotFound" do
           expect { controller.send :authenticate_github_request! }
-            .to raise_error(Processor::UnspecifiedWebhookSecretError)
+            .to raise_error(AbstractController::ActionNotFound)
         end
       end
 
@@ -65,7 +65,7 @@ module GithubWebhook
         it "calls the #push method in controller" do
           expect(controller).to receive(:github_push)
           controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
-          controller.request.headers['X-Hub-Signature'] = "sha1=52b582138706ac0c597c315cfc1a1bf177408a4d"
+          controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
           controller.request.headers['X-GitHub-Event'] = 'push'
           controller.request.headers['Content-Type'] = 'application/json'
           controller.send :authenticate_github_request!  # Manually as we don't have the before_filter logic in our Mock object
@@ -75,7 +75,7 @@ module GithubWebhook
 
       it "calls the #push method in controller (json)" do
         controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
-        controller.request.headers['X-Hub-Signature'] = "sha1=52b582138706ac0c597c315cfc1a1bf177408a4d"
+        controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
         controller.request.headers['X-GitHub-Event'] = 'push'
         controller.request.headers['Content-Type'] = 'application/json'
         controller.send :authenticate_github_request!  # Manually as we don't have the before_action logic in our Mock object
@@ -86,7 +86,7 @@ module GithubWebhook
       it "calls the #push method (x-www-form-urlencoded encoded)" do
         body = "payload=" + CGI::escape({ :foo => "bar" }.to_json.to_s)
         controller.request.body = StringIO.new(body)
-        controller.request.headers['X-Hub-Signature'] = "sha1=6986874ecdf710b04de7ef5a040161d41687407a"
+        controller.request.headers['X-Hub-Signature-256'] = "sha256=cefe60b775fcb22483ceece8f20be4869868a20fb4aa79829e53c1de61b99d01"
         controller.request.headers['X-GitHub-Event'] = 'push'
         controller.request.headers['Content-Type'] = 'application/x-www-form-urlencoded'
         controller.send :authenticate_github_request!  # Manually as we don't have the before_action logic in our Mock object
@@ -96,30 +96,46 @@ module GithubWebhook
 
       it "raises an error when signature does not match" do
         controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
-        controller.request.headers['X-Hub-Signature'] = "sha1=FOOBAR"
+        controller.request.headers['X-Hub-Signature-256'] = "sha256=FOOBAR"
         controller.request.headers['X-GitHub-Event'] = 'push'
         controller.request.headers['Content-Type'] = 'application/json'
-        expect { controller.send :authenticate_github_request! }.to raise_error(Processor::SignatureError)
+        expect { controller.send :authenticate_github_request! }.to raise_error(AbstractController::ActionNotFound)
       end
 
       it "raises an error when the github event method is not implemented" do
         controller.request.headers['X-GitHub-Event'] = 'deployment'
         controller.request.headers['Content-Type'] = 'application/json'
-        expect { controller.create }.to raise_error(NoMethodError)
+        expect { controller.create }.to raise_error(
+          AbstractController::ActionNotFound,
+          "GithubWebhooksController#github_deployment not implemented",
+        )
       end
 
       it "raises an error when the github event is not in the whitelist" do
         controller.request.headers['X-GitHub-Event'] = 'fake_event'
         controller.request.headers['Content-Type'] = 'application/json'
-        expect { controller.send :check_github_event! }.to raise_error(Processor::UnsupportedGithubEventError)
+        expect { controller.send :check_github_event! }.to raise_error(
+          AbstractController::ActionNotFound,
+          "fake_event is not a whitelisted GitHub event. See https://developer.github.com/v3/activity/events/types/",
+        )
       end
 
       it "raises an error when the content type is not correct" do
         controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
-        controller.request.headers['X-Hub-Signature'] = "sha1=52b582138706ac0c597c315cfc1a1bf177408a4d"
+        controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
         controller.request.headers['X-GitHub-Event'] = 'ping'
         controller.request.headers['Content-Type'] = 'application/xml'
-        expect { controller.send :authenticate_github_request! }.to raise_error(Processor::UnsupportedContentTypeError)
+        expect { controller.send :authenticate_github_request! }.to raise_error(
+          AbstractController::ActionNotFound,
+          "Content-Type application/xml is not supported. Use 'application/x-www-form-urlencoded' or 'application/json",
+        )
+      end
+
+      it 'raises SignatureError when the X-Hub-Signature header is missing' do
+        controller.request.body = StringIO.new('{}')
+        controller.request.headers['Content-Type'] = 'application/json'
+        controller.request.headers['X-GitHub-Event'] = 'ping'
+        expect { controller.send :authenticate_github_request! }.to raise_error(AbstractController::ActionNotFound)
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: github_webhook
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.4.0
 platform: ruby
 authors:
 - Sebastien Saunier
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-08-22 00:00:00.000000000 Z
+date: 2021-12-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -52,62 +52,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.1'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.1'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.14'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.14'
-- !ruby/object:Gem::Dependency
-  name: codeclimate-test-reporter
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3.9'
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -129,9 +101,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".ruby-version"
-- ".travis.yml"
 - Appraisals
 - Gemfile
 - LICENSE.txt
@@ -151,7 +123,7 @@ homepage: https://github.com/ssaunier/github_webhook
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -166,9 +138,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: Process GitHub Webhooks in your Rails app (Controller mixin)
 test_files:

data/.travis.yml

@@ -1,14 +0,0 @@
-language: ruby
-rvm:
-  - 2.4.2
-  - 2.3.5
-  - 2.2.8
-gemfile:
-  - gemfiles/rails_4.2.gemfile
-  - gemfiles/rails_5.0.gemfile
-  - gemfiles/rails_5.1.gemfile
-addons:
-  code_climate:
-    repo_token: 50425d682162d68af0b65bd9e5160da8337d2159fc3ebc00d2a5b14386548ac5
-after_success:
-  - bundle exec codeclimate-test-reporter