Diffusion Notifications center 47efed1d9a30

Reject requests without X-Hub-Signature when needed
47efed1d9a30
Actions

Description

Reject requests without X-Hub-Signature when needed

Summary:
A request to /gate/GitHub/<service with secret defined> must has
a X-Hub-Signature header, so we can directly consider not legit
those without.

This fixes the following exception:

ErrorException in XHubSignature.php line 83:
hash_equals(): Expected user_string to be a string, null given

Test Plan: Fire a Phabricator payload to /gate/GitHub/<door with secret>

Reviewers: dereckson

Subscribers: alken-orin

Maniphest Tasks: T695

Differential Revision: http://devcentral.nasqueron.org/D260

Details

Provenance

dereckson

Authored on Jan 24 2016, 07:00

Differential Revision

D260: Reject requests without X-Hub-Signature when needed

Parents

rNOTIF087c82957076: Integration test: 404 for not existing Phabricator door

Branches

Unknown

Tags

Unknown

Tasks

T695: Send a non JSON error to /gate/GitHub should fail sooner

Event Timeline

dereckson committed rNOTIF47efed1d9a30: Reject requests without X-Hub-Signature when needed (authored by dereckson).Jan 24 2016, 07:52

dereckson added a task: T695: Send a non JSON error to /gate/GitHub should fail sooner.Jan 24 2016, 08:08

Changes (1)

Path

Size

app/

Http/

Controllers/

Gate/

GitHubGateController.php

rNOTIF47efed1d9a30

View Options

app/Http/Controllers/Gate/GitHubGateController.php