From 421fc2cbcd0637f6992435d7ae70731a4af7dd92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adnan=20Hajdarevi=C4=87?= <adnanh@gmail.com>
Date: Thu, 25 Aug 2016 23:42:33 +0200
Subject: [PATCH] Hotfix backmerge (#89)

* fixes #76, fixes #78, fixes #82, fixes #83 (#84)

* Never disclose expected payload signature (#86)

Fixes #85
---
 hook/hook.go      | 2 +-
 hook/hook_test.go | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/hook/hook.go b/hook/hook.go
index d4d1d48..9699f39 100644
--- a/hook/hook.go
+++ b/hook/hook.go
@@ -93,7 +93,7 @@ func CheckPayloadSignature(payload []byte, secret string, signature string) (str
 	expectedMAC := hex.EncodeToString(mac.Sum(nil))
 
 	if !hmac.Equal([]byte(signature), []byte(expectedMAC)) {
-		return expectedMAC, &SignatureError{expectedMAC}
+		return expectedMAC, &SignatureError{signature}
 	}
 	return expectedMAC, err
 }
diff --git a/hook/hook_test.go b/hook/hook_test.go
index 472787a..f9ae1f7 100644
--- a/hook/hook_test.go
+++ b/hook/hook_test.go
@@ -2,6 +2,7 @@ package hook
 
 import (
 	"reflect"
+	"strings"
 	"testing"
 )
 
@@ -25,6 +26,10 @@ func TestCheckPayloadSignature(t *testing.T) {
 		if (err == nil) != tt.ok || mac != tt.mac {
 			t.Errorf("failed to check payload signature {%q, %q, %q}:\nexpected {mac:%#v, ok:%#v},\ngot {mac:%#v, ok:%#v}", tt.payload, tt.secret, tt.signature, tt.mac, tt.ok, mac, (err == nil))
 		}
+
+		if err != nil && strings.Contains(err.Error(), tt.mac) {
+			t.Errorf("error message should not disclose expected mac: %s", err)
+		}
 	}
 }