Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request verification using SHA1 and secret fails #29

Open
jakubgs opened this issue Mar 15, 2021 · 1 comment
Open

Request verification using SHA1 and secret fails #29

jakubgs opened this issue Mar 15, 2021 · 1 comment

Comments

@jakubgs
Copy link

jakubgs commented Mar 15, 2021
edited
Loading

I tried using this to handle webhook requests and I kept seeing 400 Bad Request responses:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>Invalid signature</p>

After a bit of investigation I found out that this fails because request.data is empty:

python-github-webhook/github_webhook/webhook.py

Lines 56 to 59 in 61e713c

def _get_digest(self):
"""Return message digest if a secret key was provided"""
return hmac.new(self._secret, request.data, hashlib.sha1).hexdigest() if self._secret else None

And what should be used instead is request.get_data(), since it returns value regardless off payload format used:

Request.get_data(cache=True, as_text=False, parse_form_data=False)
This reads the buffered incoming data from the client into one bytestring. By default this is cached but that behavior can be changed by setting cache to False.
https://tedboy.github.io/flask/generated/generated/flask.Request.get_data.html

Not sure how this worked before...
@csik
Copy link

csik commented Dec 23, 2021

Thanks, @ jakubgs, this worked for me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@csik @jakubgs