github_webhook 1.2.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +11 -1
- data/lib/github_webhook/processor.rb +3 -3
- data/lib/github_webhook/version.rb +1 -1
- data/spec/github_webhook/processor_spec.rb +12 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 68085b2caf36fbd2af5d858a0fd98ce539d0c98a0c23b45e399eca378f17175b
|
|
4
|
+
data.tar.gz: 547ce4ef7686bb5a886a03e2f7c550a8602729608302aa1f9daeaacee9a26acd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e4cd1c3ff4f074510e1228e950b9d71d2e663869cb78e5f7f98cc0028d365ece7ddacd447c0bfd1525ed04739d3b156ffe1cc8f9fde12a865212ab379eed5252
|
|
7
|
+
data.tar.gz: 549b72dcc5a79abddbd693c1771c96f51a35a58dd53012240bad08164f5217f71c399d71ca4c4d30aff3d8047775907bb1132515601c6d0f0eea37bce4bff519
|
data/README.md
CHANGED
|
@@ -1,11 +1,21 @@
|
|
|
1
|
+
|
|
1
2
|
[](http://badge.fury.io/rb/github_webhook)
|
|
2
3
|
|
|
3
4
|
|
|
4
|
-
#
|
|
5
|
+
# Github Webhook for Rails
|
|
5
6
|
|
|
6
7
|
This gem will help you to quickly setup a route in your Rails application which listens
|
|
7
8
|
to a [GitHub webhook](https://developer.github.com/webhooks/)
|
|
8
9
|
|
|
10
|
+
## Alternatives
|
|
11
|
+
|
|
12
|
+
If you want to use this logic outside of Rails, you should consider the following gems (cf [#19](https://github.com/ssaunier/github_webhook/issues/19)):
|
|
13
|
+
|
|
14
|
+
- [`sinatra-github_webhooks`](https://github.com/chrismytton/sinatra-github_webhooks)
|
|
15
|
+
- [`rack-github_webhooks`](https://github.com/chrismytton/rack-github_webhooks)
|
|
16
|
+
|
|
17
|
+
If you are on Rails, please read on!
|
|
18
|
+
|
|
9
19
|
## Installation
|
|
10
20
|
|
|
11
21
|
Add this line to your application's Gemfile:
|
|
@@ -86,13 +86,13 @@ module GithubWebhook::Processor
|
|
|
86
86
|
|
|
87
87
|
private
|
|
88
88
|
|
|
89
|
-
HMAC_DIGEST = OpenSSL::Digest.new('
|
|
89
|
+
HMAC_DIGEST = OpenSSL::Digest.new('sha256')
|
|
90
90
|
|
|
91
91
|
def authenticate_github_request!
|
|
92
92
|
raise UnspecifiedWebhookSecretError.new unless respond_to?(:webhook_secret, true)
|
|
93
93
|
secret = webhook_secret(json_body)
|
|
94
94
|
|
|
95
|
-
expected_signature = "
|
|
95
|
+
expected_signature = "sha256=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, request_body)}"
|
|
96
96
|
unless ActiveSupport::SecurityUtils.secure_compare(signature_header, expected_signature)
|
|
97
97
|
GithubWebhook.logger && GithubWebhook.logger.warn("[GithubWebhook::Processor] signature "\
|
|
98
98
|
"invalid, actual: #{signature_header}, expected: #{expected_signature}")
|
|
@@ -131,7 +131,7 @@ module GithubWebhook::Processor
|
|
|
131
131
|
end
|
|
132
132
|
|
|
133
133
|
def signature_header
|
|
134
|
-
@signature_header ||= request.headers['X-Hub-Signature']
|
|
134
|
+
@signature_header ||= request.headers['X-Hub-Signature-256'] || ''
|
|
135
135
|
end
|
|
136
136
|
|
|
137
137
|
def event_method
|
|
@@ -65,7 +65,7 @@ module GithubWebhook
|
|
|
65
65
|
it "calls the #push method in controller" do
|
|
66
66
|
expect(controller).to receive(:github_push)
|
|
67
67
|
controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
|
|
68
|
-
controller.request.headers['X-Hub-Signature'] = "
|
|
68
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
|
|
69
69
|
controller.request.headers['X-GitHub-Event'] = 'push'
|
|
70
70
|
controller.request.headers['Content-Type'] = 'application/json'
|
|
71
71
|
controller.send :authenticate_github_request! # Manually as we don't have the before_filter logic in our Mock object
|
|
@@ -75,7 +75,7 @@ module GithubWebhook
|
|
|
75
75
|
|
|
76
76
|
it "calls the #push method in controller (json)" do
|
|
77
77
|
controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
|
|
78
|
-
controller.request.headers['X-Hub-Signature'] = "
|
|
78
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
|
|
79
79
|
controller.request.headers['X-GitHub-Event'] = 'push'
|
|
80
80
|
controller.request.headers['Content-Type'] = 'application/json'
|
|
81
81
|
controller.send :authenticate_github_request! # Manually as we don't have the before_action logic in our Mock object
|
|
@@ -86,7 +86,7 @@ module GithubWebhook
|
|
|
86
86
|
it "calls the #push method (x-www-form-urlencoded encoded)" do
|
|
87
87
|
body = "payload=" + CGI::escape({ :foo => "bar" }.to_json.to_s)
|
|
88
88
|
controller.request.body = StringIO.new(body)
|
|
89
|
-
controller.request.headers['X-Hub-Signature'] = "
|
|
89
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=cefe60b775fcb22483ceece8f20be4869868a20fb4aa79829e53c1de61b99d01"
|
|
90
90
|
controller.request.headers['X-GitHub-Event'] = 'push'
|
|
91
91
|
controller.request.headers['Content-Type'] = 'application/x-www-form-urlencoded'
|
|
92
92
|
controller.send :authenticate_github_request! # Manually as we don't have the before_action logic in our Mock object
|
|
@@ -96,7 +96,7 @@ module GithubWebhook
|
|
|
96
96
|
|
|
97
97
|
it "raises an error when signature does not match" do
|
|
98
98
|
controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
|
|
99
|
-
controller.request.headers['X-Hub-Signature'] = "
|
|
99
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=FOOBAR"
|
|
100
100
|
controller.request.headers['X-GitHub-Event'] = 'push'
|
|
101
101
|
controller.request.headers['Content-Type'] = 'application/json'
|
|
102
102
|
expect { controller.send :authenticate_github_request! }.to raise_error(Processor::SignatureError)
|
|
@@ -116,11 +116,18 @@ module GithubWebhook
|
|
|
116
116
|
|
|
117
117
|
it "raises an error when the content type is not correct" do
|
|
118
118
|
controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
|
|
119
|
-
controller.request.headers['X-Hub-Signature'] = "
|
|
119
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
|
|
120
120
|
controller.request.headers['X-GitHub-Event'] = 'ping'
|
|
121
121
|
controller.request.headers['Content-Type'] = 'application/xml'
|
|
122
122
|
expect { controller.send :authenticate_github_request! }.to raise_error(Processor::UnsupportedContentTypeError)
|
|
123
123
|
end
|
|
124
|
+
|
|
125
|
+
it 'raises SignatureError when the X-Hub-Signature header is missing' do
|
|
126
|
+
controller.request.body = StringIO.new('{}')
|
|
127
|
+
controller.request.headers['Content-Type'] = 'application/json'
|
|
128
|
+
controller.request.headers['X-GitHub-Event'] = 'ping'
|
|
129
|
+
expect { controller.send :authenticate_github_request! }.to raise_error(Processor::SignatureError)
|
|
130
|
+
end
|
|
124
131
|
end
|
|
125
132
|
end
|
|
126
133
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: github_webhook
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sebastien Saunier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-12-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|