gitea: don't check webhook signature if not sent

old versions of gitea doesn't provide a webhook signature but just the secret in
the payload

TODO(sgotti) check the payload secret in this case
This commit is contained in:
Simone Gotti 2019-05-22 11:39:27 +02:00
parent b3867fb7ca
commit b8bdd096fe
1 changed files with 3 additions and 2 deletions

View File

@ -52,8 +52,9 @@ func (c *Client) ParseWebhook(r *http.Request, secret string) (*types.WebhookDat
}
// verify signature
if secret != "" {
signature := r.Header.Get(signatureHeader)
signature := r.Header.Get(signatureHeader)
// old versions of gitea doesn't provide a signature
if secret != "" && signature != "" {
ds, err := hex.DecodeString(signature)
if err != nil {
return nil, errors.Errorf("wrong webhook signature")