diff options
| author | Oliver Poignant <oliver@poignant.se> | 2016-05-29 10:39:53 +0200 |
|---|---|---|
| committer | Oliver Poignant <oliver@poignant.se> | 2016-05-29 10:39:53 +0200 |
| commit | b2f95fa7a1f12ea4b8029320db4c7458a9a32feb (patch) | |
| tree | 2258bb6d704d19e0a8bd7a043781bfa4f4ae214e /gitautodeploy/parsers/github.py | |
| parent | 110be3c3ea3d34c5cd686061f9dda7e69222e536 (diff) | |
| parent | 84e99d89e75b4c2e5e5e8678a15adb9d391daa44 (diff) | |
| download | Git-Auto-Deploy-b2f95fa7a1f12ea4b8029320db4c7458a9a32feb.zip Git-Auto-Deploy-b2f95fa7a1f12ea4b8029320db4c7458a9a32feb.tar.gz Git-Auto-Deploy-b2f95fa7a1f12ea4b8029320db4c7458a9a32feb.tar.bz2 | |
Merge branch 'master' into development
Diffstat (limited to 'gitautodeploy/parsers/github.py')
| -rw-r--r-- | gitautodeploy/parsers/github.py | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/gitautodeploy/parsers/github.py b/gitautodeploy/parsers/github.py index 028663d..7077def 100644 --- a/gitautodeploy/parsers/github.py +++ b/gitautodeploy/parsers/github.py @@ -15,7 +15,7 @@ class GitHubRequestParser(WebhookRequestParser): github_event = 'x-github-event' in request_headers and request_headers['x-github-event'] - logger.info("Received '%s' event from GitHub" % github_event) + logger.debug("Received '%s' event from GitHub" % github_event) if 'repository' not in data: logger.error("Unable to recognize data format") @@ -30,16 +30,34 @@ class GitHubRequestParser(WebhookRequestParser): if 'base' in data['pull_request']: if 'ref' in data['pull_request']['base']: ref = data['pull_request']['base']['ref'] - logger.info("Pull request to branch '%s' was fired" % ref) + logger.debug("Pull request to branch '%s' was fired" % ref) elif 'ref' in data: ref = data['ref'] - logger.info("Push to branch '%s' was fired" % ref) + logger.debug("Push to branch '%s' was fired" % ref) if 'action' in data: action = data['action'] - logger.info("Action '%s' was fired" % action) + logger.debug("Action '%s' was fired" % action) # Get a list of configured repositories that matches the incoming web hook reqeust - repo_configs = self.get_matching_repo_configs(repo_urls) + items = self.get_matching_repo_configs(repo_urls) - return repo_configs, ref or "master", action
\ No newline at end of file + repo_configs = [] + for repo_config in items: + + # Validate secret token if present + if 'secret-token' in repo_config and 'x-hub-signature' in request_headers: + if not self.verify_signature(repo_config['secret-token'], request_body, request_headers['x-hub-signature']): + logger.warning("Request signature does not match the 'secret-token' configured for repository %s." % repo_config['url']) + continue + + repo_configs.append(repo_config) + + return repo_configs, ref or "master", action, repo_urls + + def verify_signature(self, token, body, signature): + import hashlib + import hmac + + result = "sha1=" + hmac.new(str(token), body, hashlib.sha1).hexdigest() + return result == signature |