github_webhook 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +11 -1
- data/lib/github_webhook/processor.rb +3 -3
- data/lib/github_webhook/version.rb +1 -1
- data/spec/github_webhook/processor_spec.rb +12 -5
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 68085b2caf36fbd2af5d858a0fd98ce539d0c98a0c23b45e399eca378f17175b
|
4
|
+
data.tar.gz: 547ce4ef7686bb5a886a03e2f7c550a8602729608302aa1f9daeaacee9a26acd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e4cd1c3ff4f074510e1228e950b9d71d2e663869cb78e5f7f98cc0028d365ece7ddacd447c0bfd1525ed04739d3b156ffe1cc8f9fde12a865212ab379eed5252
|
7
|
+
data.tar.gz: 549b72dcc5a79abddbd693c1771c96f51a35a58dd53012240bad08164f5217f71c399d71ca4c4d30aff3d8047775907bb1132515601c6d0f0eea37bce4bff519
|
data/README.md
CHANGED
@@ -1,11 +1,21 @@
|
|
1
|
+
|
1
2
|
[](http://badge.fury.io/rb/github_webhook)
|
2
3
|
|
3
4
|
|
4
|
-
#
|
5
|
+
# Github Webhook for Rails
|
5
6
|
|
6
7
|
This gem will help you to quickly setup a route in your Rails application which listens
|
7
8
|
to a [GitHub webhook](https://developer.github.com/webhooks/)
|
8
9
|
|
10
|
+
## Alternatives
|
11
|
+
|
12
|
+
If you want to use this logic outside of Rails, you should consider the following gems (cf [#19](https://github.com/ssaunier/github_webhook/issues/19)):
|
13
|
+
|
14
|
+
- [`sinatra-github_webhooks`](https://github.com/chrismytton/sinatra-github_webhooks)
|
15
|
+
- [`rack-github_webhooks`](https://github.com/chrismytton/rack-github_webhooks)
|
16
|
+
|
17
|
+
If you are on Rails, please read on!
|
18
|
+
|
9
19
|
## Installation
|
10
20
|
|
11
21
|
Add this line to your application's Gemfile:
|
@@ -86,13 +86,13 @@ module GithubWebhook::Processor
|
|
86
86
|
|
87
87
|
private
|
88
88
|
|
89
|
-
HMAC_DIGEST = OpenSSL::Digest.new('
|
89
|
+
HMAC_DIGEST = OpenSSL::Digest.new('sha256')
|
90
90
|
|
91
91
|
def authenticate_github_request!
|
92
92
|
raise UnspecifiedWebhookSecretError.new unless respond_to?(:webhook_secret, true)
|
93
93
|
secret = webhook_secret(json_body)
|
94
94
|
|
95
|
-
expected_signature = "
|
95
|
+
expected_signature = "sha256=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, request_body)}"
|
96
96
|
unless ActiveSupport::SecurityUtils.secure_compare(signature_header, expected_signature)
|
97
97
|
GithubWebhook.logger && GithubWebhook.logger.warn("[GithubWebhook::Processor] signature "\
|
98
98
|
"invalid, actual: #{signature_header}, expected: #{expected_signature}")
|
@@ -131,7 +131,7 @@ module GithubWebhook::Processor
|
|
131
131
|
end
|
132
132
|
|
133
133
|
def signature_header
|
134
|
-
@signature_header ||= request.headers['X-Hub-Signature']
|
134
|
+
@signature_header ||= request.headers['X-Hub-Signature-256'] || ''
|
135
135
|
end
|
136
136
|
|
137
137
|
def event_method
|
@@ -65,7 +65,7 @@ module GithubWebhook
|
|
65
65
|
it "calls the #push method in controller" do
|
66
66
|
expect(controller).to receive(:github_push)
|
67
67
|
controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
|
68
|
-
controller.request.headers['X-Hub-Signature'] = "
|
68
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
|
69
69
|
controller.request.headers['X-GitHub-Event'] = 'push'
|
70
70
|
controller.request.headers['Content-Type'] = 'application/json'
|
71
71
|
controller.send :authenticate_github_request! # Manually as we don't have the before_filter logic in our Mock object
|
@@ -75,7 +75,7 @@ module GithubWebhook
|
|
75
75
|
|
76
76
|
it "calls the #push method in controller (json)" do
|
77
77
|
controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
|
78
|
-
controller.request.headers['X-Hub-Signature'] = "
|
78
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
|
79
79
|
controller.request.headers['X-GitHub-Event'] = 'push'
|
80
80
|
controller.request.headers['Content-Type'] = 'application/json'
|
81
81
|
controller.send :authenticate_github_request! # Manually as we don't have the before_action logic in our Mock object
|
@@ -86,7 +86,7 @@ module GithubWebhook
|
|
86
86
|
it "calls the #push method (x-www-form-urlencoded encoded)" do
|
87
87
|
body = "payload=" + CGI::escape({ :foo => "bar" }.to_json.to_s)
|
88
88
|
controller.request.body = StringIO.new(body)
|
89
|
-
controller.request.headers['X-Hub-Signature'] = "
|
89
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=cefe60b775fcb22483ceece8f20be4869868a20fb4aa79829e53c1de61b99d01"
|
90
90
|
controller.request.headers['X-GitHub-Event'] = 'push'
|
91
91
|
controller.request.headers['Content-Type'] = 'application/x-www-form-urlencoded'
|
92
92
|
controller.send :authenticate_github_request! # Manually as we don't have the before_action logic in our Mock object
|
@@ -96,7 +96,7 @@ module GithubWebhook
|
|
96
96
|
|
97
97
|
it "raises an error when signature does not match" do
|
98
98
|
controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
|
99
|
-
controller.request.headers['X-Hub-Signature'] = "
|
99
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=FOOBAR"
|
100
100
|
controller.request.headers['X-GitHub-Event'] = 'push'
|
101
101
|
controller.request.headers['Content-Type'] = 'application/json'
|
102
102
|
expect { controller.send :authenticate_github_request! }.to raise_error(Processor::SignatureError)
|
@@ -116,11 +116,18 @@ module GithubWebhook
|
|
116
116
|
|
117
117
|
it "raises an error when the content type is not correct" do
|
118
118
|
controller.request.body = StringIO.new({ :foo => "bar" }.to_json.to_s)
|
119
|
-
controller.request.headers['X-Hub-Signature'] = "
|
119
|
+
controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
|
120
120
|
controller.request.headers['X-GitHub-Event'] = 'ping'
|
121
121
|
controller.request.headers['Content-Type'] = 'application/xml'
|
122
122
|
expect { controller.send :authenticate_github_request! }.to raise_error(Processor::UnsupportedContentTypeError)
|
123
123
|
end
|
124
|
+
|
125
|
+
it 'raises SignatureError when the X-Hub-Signature header is missing' do
|
126
|
+
controller.request.body = StringIO.new('{}')
|
127
|
+
controller.request.headers['Content-Type'] = 'application/json'
|
128
|
+
controller.request.headers['X-GitHub-Event'] = 'ping'
|
129
|
+
expect { controller.send :authenticate_github_request! }.to raise_error(Processor::SignatureError)
|
130
|
+
end
|
124
131
|
end
|
125
132
|
end
|
126
133
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: github_webhook
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sebastien Saunier
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-12-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|