github_webhook 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/github_webhook/processor.rb +6 -10
- data/lib/github_webhook/version.rb +1 -1
- data/spec/github_webhook/processor_spec.rb +16 -7
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ec22b9a09fcb0d2833a46cffacf39ac9703b33fd0b909bfee2258f4191fdfc21
|
|
4
|
+
data.tar.gz: 0f0fc361b3f1ccccb93dc66baf1b75d3ebc1f34fa3ef6022a0598dd6abc20c1b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4292322d0e533e85de5fdedf0c67efe57847114beda60ba710a3fe191d9a59ad3c61fe8ead9c68272ba8067b53f709a10980059c6cb4a37f3898a6bc6b0b1f3a
|
|
7
|
+
data.tar.gz: 767ce312e69c381ac91cc6bd4c9cf913b1297ca9d4ee990f38cf8e55f306c8607421dcaf1b0ab9941da41003f20674346512c53595d5d61c6a9866cdb6f5a559
|
data/README.md
CHANGED
|
@@ -1,16 +1,12 @@
|
|
|
1
1
|
module GithubWebhook::Processor
|
|
2
2
|
extend ActiveSupport::Concern
|
|
3
|
+
require 'abstract_controller'
|
|
3
4
|
|
|
4
5
|
included do
|
|
5
6
|
before_action :authenticate_github_request!, only: :create
|
|
6
7
|
before_action :check_github_event!, only: :create
|
|
7
8
|
end
|
|
8
9
|
|
|
9
|
-
class SignatureError < StandardError; end
|
|
10
|
-
class UnspecifiedWebhookSecretError < StandardError; end
|
|
11
|
-
class UnsupportedGithubEventError < StandardError; end
|
|
12
|
-
class UnsupportedContentTypeError < StandardError; end
|
|
13
|
-
|
|
14
10
|
# To fetch list from https://developer.github.com/v3/activity/events/types
|
|
15
11
|
# run this little JS code in the console:
|
|
16
12
|
# document.querySelectorAll('.list-style-none li.lh-condensed a').forEach(e => console.log(e.text))
|
|
@@ -75,7 +71,7 @@ module GithubWebhook::Processor
|
|
|
75
71
|
self.send event_method, json_body
|
|
76
72
|
head(:ok)
|
|
77
73
|
else
|
|
78
|
-
raise
|
|
74
|
+
raise AbstractController::ActionNotFound.new("GithubWebhooksController##{event_method} not implemented")
|
|
79
75
|
end
|
|
80
76
|
end
|
|
81
77
|
|
|
@@ -89,20 +85,20 @@ module GithubWebhook::Processor
|
|
|
89
85
|
HMAC_DIGEST = OpenSSL::Digest.new('sha256')
|
|
90
86
|
|
|
91
87
|
def authenticate_github_request!
|
|
92
|
-
raise
|
|
88
|
+
raise AbstractController::ActionNotFound.new unless respond_to?(:webhook_secret, true)
|
|
93
89
|
secret = webhook_secret(json_body)
|
|
94
90
|
|
|
95
91
|
expected_signature = "sha256=#{OpenSSL::HMAC.hexdigest(HMAC_DIGEST, secret, request_body)}"
|
|
96
92
|
unless ActiveSupport::SecurityUtils.secure_compare(signature_header, expected_signature)
|
|
97
93
|
GithubWebhook.logger && GithubWebhook.logger.warn("[GithubWebhook::Processor] signature "\
|
|
98
94
|
"invalid, actual: #{signature_header}, expected: #{expected_signature}")
|
|
99
|
-
raise
|
|
95
|
+
raise AbstractController::ActionNotFound
|
|
100
96
|
end
|
|
101
97
|
end
|
|
102
98
|
|
|
103
99
|
def check_github_event!
|
|
104
100
|
unless GITHUB_EVENTS.include?(request.headers['X-GitHub-Event'])
|
|
105
|
-
raise
|
|
101
|
+
raise AbstractController::ActionNotFound.new("#{request.headers['X-GitHub-Event']} is not a whitelisted GitHub event. See https://developer.github.com/v3/activity/events/types/")
|
|
106
102
|
end
|
|
107
103
|
end
|
|
108
104
|
|
|
@@ -123,7 +119,7 @@ module GithubWebhook::Processor
|
|
|
123
119
|
when 'application/json'
|
|
124
120
|
payload = request_body
|
|
125
121
|
else
|
|
126
|
-
raise
|
|
122
|
+
raise AbstractController::ActionNotFound.new(
|
|
127
123
|
"Content-Type #{content_type} is not supported. Use 'application/x-www-form-urlencoded' or 'application/json")
|
|
128
124
|
end
|
|
129
125
|
ActiveSupport::HashWithIndifferentAccess.new(JSON.load(payload))
|
|
@@ -53,9 +53,9 @@ module GithubWebhook
|
|
|
53
53
|
context 'when #webhook_secret is not defined' do
|
|
54
54
|
let(:controller_class) { ControllerWithoutSecret }
|
|
55
55
|
|
|
56
|
-
it "raises a
|
|
56
|
+
it "raises a AbstractController::ActionNotFound" do
|
|
57
57
|
expect { controller.send :authenticate_github_request! }
|
|
58
|
-
.to raise_error(
|
|
58
|
+
.to raise_error(AbstractController::ActionNotFound)
|
|
59
59
|
end
|
|
60
60
|
end
|
|
61
61
|
|
|
@@ -99,19 +99,25 @@ module GithubWebhook
|
|
|
99
99
|
controller.request.headers['X-Hub-Signature-256'] = "sha256=FOOBAR"
|
|
100
100
|
controller.request.headers['X-GitHub-Event'] = 'push'
|
|
101
101
|
controller.request.headers['Content-Type'] = 'application/json'
|
|
102
|
-
expect { controller.send :authenticate_github_request! }.to raise_error(
|
|
102
|
+
expect { controller.send :authenticate_github_request! }.to raise_error(AbstractController::ActionNotFound)
|
|
103
103
|
end
|
|
104
104
|
|
|
105
105
|
it "raises an error when the github event method is not implemented" do
|
|
106
106
|
controller.request.headers['X-GitHub-Event'] = 'deployment'
|
|
107
107
|
controller.request.headers['Content-Type'] = 'application/json'
|
|
108
|
-
expect { controller.create }.to raise_error(
|
|
108
|
+
expect { controller.create }.to raise_error(
|
|
109
|
+
AbstractController::ActionNotFound,
|
|
110
|
+
"GithubWebhooksController#github_deployment not implemented",
|
|
111
|
+
)
|
|
109
112
|
end
|
|
110
113
|
|
|
111
114
|
it "raises an error when the github event is not in the whitelist" do
|
|
112
115
|
controller.request.headers['X-GitHub-Event'] = 'fake_event'
|
|
113
116
|
controller.request.headers['Content-Type'] = 'application/json'
|
|
114
|
-
expect { controller.send :check_github_event! }.to raise_error(
|
|
117
|
+
expect { controller.send :check_github_event! }.to raise_error(
|
|
118
|
+
AbstractController::ActionNotFound,
|
|
119
|
+
"fake_event is not a whitelisted GitHub event. See https://developer.github.com/v3/activity/events/types/",
|
|
120
|
+
)
|
|
115
121
|
end
|
|
116
122
|
|
|
117
123
|
it "raises an error when the content type is not correct" do
|
|
@@ -119,14 +125,17 @@ module GithubWebhook
|
|
|
119
125
|
controller.request.headers['X-Hub-Signature-256'] = "sha256=3f3ab3986b656abb17af3eb1443ed6c08ef8fff9fea83915909d1b421aec89be"
|
|
120
126
|
controller.request.headers['X-GitHub-Event'] = 'ping'
|
|
121
127
|
controller.request.headers['Content-Type'] = 'application/xml'
|
|
122
|
-
expect { controller.send :authenticate_github_request! }.to raise_error(
|
|
128
|
+
expect { controller.send :authenticate_github_request! }.to raise_error(
|
|
129
|
+
AbstractController::ActionNotFound,
|
|
130
|
+
"Content-Type application/xml is not supported. Use 'application/x-www-form-urlencoded' or 'application/json",
|
|
131
|
+
)
|
|
123
132
|
end
|
|
124
133
|
|
|
125
134
|
it 'raises SignatureError when the X-Hub-Signature header is missing' do
|
|
126
135
|
controller.request.body = StringIO.new('{}')
|
|
127
136
|
controller.request.headers['Content-Type'] = 'application/json'
|
|
128
137
|
controller.request.headers['X-GitHub-Event'] = 'ping'
|
|
129
|
-
expect { controller.send :authenticate_github_request! }.to raise_error(
|
|
138
|
+
expect { controller.send :authenticate_github_request! }.to raise_error(AbstractController::ActionNotFound)
|
|
130
139
|
end
|
|
131
140
|
end
|
|
132
141
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: github_webhook
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sebastien Saunier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-12-
|
|
11
|
+
date: 2021-12-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|