Warn on failed validate of empty payload signature

If signature validation fails on an empty payload, append a note to the end of the error message. Updates #423
2025-05-31 09:42:28 +00:00 · 2020-05-21 18:02:52 -05:00 · 2020-05-21 18:02:52 -05:00 · 41ac427a89
commit 41ac427a89
parent a75ab4f92f
5 changed files with 95 additions and 21 deletions
--- a/webhook_test.go
+++ b/webhook_test.go
@ -77,7 +77,7 @@ func TestWebhook(t *testing.T) {
 		for _, tt := range hookHandlerTests {
 			t.Run(tt.desc+"@"+hookTmpl, func(t *testing.T) {
 				ip, port := serverAddress(t)
-				args := []string{fmt.Sprintf("-hooks=%s", configPath), fmt.Sprintf("-ip=%s", ip), fmt.Sprintf("-port=%s", port), "-verbose"}
+				args := []string{fmt.Sprintf("-hooks=%s", configPath), fmt.Sprintf("-ip=%s", ip), fmt.Sprintf("-port=%s", port), "-debug"}

 				if len(tt.cliMethods) != 0 {
 					args = append(args, "-http-methods="+strings.Join(tt.cliMethods, ","))
@ -111,6 +111,7 @@ func TestWebhook(t *testing.T) {
 				var res *http.Response

 				req.Header.Add("Content-Type", tt.contentType)
+				req.ContentLength = int64(len(tt.body))

 				client := &http.Client{}
 				res, err = client.Do(req)
@ -663,6 +664,19 @@ env: HOOK_head_commit.timestamp=2013-03-12T08:14:29-07:00
 		``,
 	},

+	{
+		"empty-payload-signature", // allow empty payload signature validation
+		"empty-payload-signature",
+		nil,
+		"POST",
+		map[string]string{"X-Hub-Signature": "33f9d709782f62b8b4a0178586c65ab098a39fe2"},
+		"application/json",
+		``,
+		http.StatusOK,
+		``,
+		``,
+	},
+
 	// test with disallowed global HTTP method
 	{"global disallowed method", "bitbucket", []string{"Post "}, "GET", nil, `{}`, "application/json", http.StatusMethodNotAllowed, ``, ``},
 	// test with disallowed HTTP method