mirrors/webhook
1
0
Fork 0
mirror of https://github.com/adnanh/webhook.git synced 2025-06-17 10:02:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Never disclose expected payload signature (#86)

Browse source 
Fixes #85
This commit is contained in:
Cameron Moore 2016-08-25 16:41:05 -05:00 committed by Adnan Hajdarević
parent 54a9dbe1d6
commit 10d65dd2fd
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hook/hook.go
View file

@ -93,7 +93,7 @@ func CheckPayloadSignature(payload []byte, secret string, signature string) (str
expectedMAC := hex.EncodeToString(mac.Sum(nil))
if !hmac.Equal([]byte(signature), []byte(expectedMAC)) {
return expectedMAC, &SignatureError{expectedMAC}
return expectedMAC, &SignatureError{signature}
}
return expectedMAC, err
}