right_hook 0.3.2 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -11,19 +11,19 @@ module RightHook
11
11
  event_type = params[:event_type]
12
12
  content = request.body.read
13
13
 
14
- halt 404 unless Event::KNOWN_TYPES.include?(event_type)
15
- halt 501 unless respond_to?("on_#{event_type}")
14
+ halt 404, "Unknown event type" unless Event::KNOWN_TYPES.include?(event_type)
15
+ halt 501, "Event type not implemented" unless respond_to?("on_#{event_type}")
16
16
 
17
17
  require_valid_signature(content, owner, repo_name, event_type)
18
18
 
19
- json = JSON.parse(content)
19
+ json = JSON.parse(params['payload'])
20
20
  case event_type
21
21
  when Event::PULL_REQUEST
22
22
  on_pull_request(owner, repo_name, json['number'], json['action'], json['pull_request'])
23
23
  when Event::ISSUE
24
24
  on_issue(owner, repo_name, json['action'], json['issue'])
25
25
  else
26
- halt 500
26
+ halt 500, "Server bug"
27
27
  end
28
28
  end
29
29
 
@@ -34,7 +34,9 @@ module RightHook
34
34
 
35
35
  # http://pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.4.html#authednotify
36
36
  # "If the signature does not match, subscribers MUST still return a 2xx success response to acknowledge receipt, but locally ignore the message as invalid."
37
- halt 202 unless request.env['X-Hub-Signature'] == "sha1=#{expected_signature}"
37
+ received_signature = request.env['HTTP_X_HUB_SIGNATURE']
38
+ calculated_signature = "sha1=#{expected_signature}"
39
+ halt 202, "Signature mismatch" unless received_signature == calculated_signature
38
40
  end
39
41
  end
40
42
  end
@@ -1,3 +1,3 @@
1
1
  module RightHook
2
- VERSION = "0.3.2"
2
+ VERSION = "0.4.0"
3
3
  end
@@ -31,7 +31,9 @@ describe RightHook::App do
31
31
  end
32
32
 
33
33
  it 'captures the interesting data' do
34
- post '/hook/mark-rushakoff/right_hook/issue', ISSUE_JSON, generate_secret_header('issue', ISSUE_JSON)
34
+ post '/ignore', {payload: ISSUE_JSON}
35
+ body = last_request.body.read
36
+ post '/hook/mark-rushakoff/right_hook/issue', {payload: ISSUE_JSON}, generate_secret_header('issue', body)
35
37
  expect(last_response.status).to eq(200)
36
38
  expect(app.owner).to eq('mark-rushakoff')
37
39
  expect(app.repo_name).to eq('right_hook')
@@ -42,7 +44,7 @@ describe RightHook::App do
42
44
  end
43
45
 
44
46
  it 'fails when the secret is wrong' do
45
- post '/hook/mark-rushakoff/right_hook/issue', ISSUE_JSON, generate_secret_header('wrong', ISSUE_JSON)
47
+ post '/hook/mark-rushakoff/right_hook/issue', {payload: ISSUE_JSON}, generate_secret_header('wrong', 'stuff')
46
48
  expect(last_response.status).to eq(202)
47
49
  expect(app.owner).to be_nil
48
50
  end
@@ -32,7 +32,9 @@ describe RightHook::App do
32
32
  end
33
33
 
34
34
  it 'captures the interesting data' do
35
- post '/hook/mark-rushakoff/right_hook/pull_request', PULL_REQUEST_JSON, generate_secret_header('pull_request', PULL_REQUEST_JSON)
35
+ post '/ignore', {payload: PULL_REQUEST_JSON}
36
+ body = last_request.body.read
37
+ post '/hook/mark-rushakoff/right_hook/pull_request', {payload: PULL_REQUEST_JSON}, generate_secret_header('pull_request', body)
36
38
  expect(last_response.status).to eq(200)
37
39
  expect(app.owner).to eq('mark-rushakoff')
38
40
  expect(app.repo_name).to eq('right_hook')
@@ -44,7 +46,7 @@ describe RightHook::App do
44
46
  end
45
47
 
46
48
  it 'fails when the secret is wrong' do
47
- post '/hook/mark-rushakoff/right_hook/pull_request', PULL_REQUEST_JSON, generate_secret_header('wrong', PULL_REQUEST_JSON)
49
+ post '/hook/mark-rushakoff/right_hook/pull_request', {payload: PULL_REQUEST_JSON}, generate_secret_header('wrong', 'stuff')
48
50
  expect(last_response.status).to eq(202)
49
51
  expect(app.owner).to be_nil
50
52
  end
@@ -4,7 +4,8 @@ module RightHook
4
4
  module SpecHelpers
5
5
  def generate_secret_header(secret, body)
6
6
  sha = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha1'), secret, body)
7
- {'X-Hub-Signature' => "sha1=#{sha}"}
7
+ # GitHub sends it as 'X-Hub-Signature', but Rack provides it as HTTP_X_HUB_SIGNATURE... :/
8
+ {'HTTP_X_HUB_SIGNATURE' => "sha1=#{sha}"}
8
9
  end
9
10
  end
10
11
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: right_hook
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-09-30 00:00:00.000000000 Z
12
+ date: 2013-10-01 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler