Page MenuHomeDevCentral

Reject requests without X-Hub-Signature when needed
ClosedPublic

Authored by dereckson on Jan 24 2016, 07:07.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 14, 22:00
Unknown Object (File)
Tue, Nov 12, 19:46
Unknown Object (File)
Fri, Nov 8, 19:12
Unknown Object (File)
Fri, Nov 8, 01:58
Unknown Object (File)
Thu, Nov 7, 17:16
Unknown Object (File)
Thu, Nov 7, 16:58
Unknown Object (File)
Sat, Oct 26, 17:12
Unknown Object (File)
Sat, Oct 26, 17:12
Subscribers

Details

Summary

A request to /gate/GitHub/<service with secret defined> must has
a X-Hub-Signature header, so we can directly consider not legit
those without.

This fixes the following exception:

ErrorException in XHubSignature.php line 83:
hash_equals(): Expected user_string to be a string, null given
Test Plan

Fire a Phabricator payload to /gate/GitHub/<door with secret>

Diff Detail

Repository
rNOTIF Notifications center
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson retitled this revision from to Reject requests without X-Hub-Signature when needed.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added a reviewer: dereckson.
dereckson added inline comments.
app/Http/Controllers/Gate/GitHubGateController.php
130

"signature is missing" or "no signature is included"

131

… perform any other validation

dereckson marked 2 inline comments as done.
dereckson edited edge metadata.

Improve code comment

dereckson edited edge metadata.
This revision is now accepted and ready to land.Jan 24 2016, 07:11
This revision was automatically updated to reflect the committed changes.