a
/
agola
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

gitea: don't check webhook signature if not sent 

old versions of gitea doesn't provide a webhook signature but just the secret in
the payload

TODO(sgotti) check the payload secret in this case
This commit is contained in:
Simone Gotti 2019-05-22 11:39:27 +02:00
parent b3867fb7ca
commit b8bdd096fe
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/gitsources/gitea/parse.go
View File

@ -52,8 +52,9 @@ func (c *Client) ParseWebhook(r *http.Request, secret string) (*types.WebhookDat
} }
// verify signature // verify signature
if secret != "" { signature := r.Header.Get(signatureHeader)
signature := r.Header.Get(signatureHeader) // old versions of gitea doesn't provide a signature
if secret != "" && signature != "" {
ds, err := hex.DecodeString(signature) ds, err := hex.DecodeString(signature)
if err != nil { if err != nil {
return nil, errors.Errorf("wrong webhook signature") return nil, errors.Errorf("wrong webhook signature")