From b9083c492cd3e50971bbbca9a549b81c4781efe3 Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:26:39 -0300 Subject: [PATCH 1/4] fix: presencia --- app/controllers/api/v1/webhooks_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index ab2fce6b..23bfae22 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -34,13 +34,13 @@ module Api @token ||= begin # Gitlab - if request.headers['X-Gitlab-Token'] + if request.headers['X-Gitlab-Token'].present? request.headers['X-Gitlab-Token'] # Github - elsif request.headers['X-Hub-Signature-256'] + elsif request.headers['X-Hub-Signature-256'].present? token_from_signature(request.headers['X_Hub_Signature_256'], 'sha256=') # Gitea - elsif request.headers['X_Gitea_Signature'] + elsif request.headers['X_Gitea_Signature'].present? token_from_signature(request.headers['X_Gitea_Signature']) else raise ActiveRecord::RecordNotFound, 'proveedor no soportado' From a2678c3e81f7943368edf9a51e9de80354af603f Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:35:36 -0300 Subject: [PATCH 2/4] fix: no ignorar excepciones como record not found --- config/environments/production.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 4cc1cb39..5e089ff9 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -142,7 +142,7 @@ Rails.application.configure do } config.action_mailer.default_options = { from: ENV.fetch('DEFAULT_FROM', "noreply@sutty.nl") } - config.middleware.use ExceptionNotification::Rack, gitlab: {}, ignore_exceptions: (['DeployJob::DeployAlreadyRunningException'] + ExceptionNotifier.ignored_exceptions) + config.middleware.use ExceptionNotification::Rack, gitlab: {}, ignore_exceptions: ['DeployJob::DeployAlreadyRunningException'] Rails.application.routes.default_url_options[:host] = "panel.#{ENV.fetch('SUTTY', 'sutty.nl')}" Rails.application.routes.default_url_options[:protocol] = 'https' From ef8ed271d75dd1e4bdf079c11f8bcaf450af25ac Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 16:46:11 -0300 Subject: [PATCH 3/4] fix: consistencia al llamar a headers --- app/controllers/api/v1/webhooks_controller.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 23bfae22..95439cd4 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -38,10 +38,10 @@ module Api request.headers['X-Gitlab-Token'] # Github elsif request.headers['X-Hub-Signature-256'].present? - token_from_signature(request.headers['X_Hub_Signature_256'], 'sha256=') + token_from_signature(request.headers['X-Hub-Signature-256'], 'sha256=') # Gitea - elsif request.headers['X_Gitea_Signature'].present? - token_from_signature(request.headers['X_Gitea_Signature']) + elsif request.headers['X-Gitea-Signature'].present? + token_from_signature(request.headers['X-Gitea-Signature']) else raise ActiveRecord::RecordNotFound, 'proveedor no soportado' end From 4a7ac981e5029ce8c23fa0c54c5ba99268dcb3ee Mon Sep 17 00:00:00 2001 From: f Date: Wed, 16 Aug 2023 17:04:34 -0300 Subject: [PATCH 4/4] fix: no fallar si la firma es nil closes #14089 --- app/controllers/api/v1/webhooks_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/v1/webhooks_controller.rb b/app/controllers/api/v1/webhooks_controller.rb index 95439cd4..1730034e 100644 --- a/app/controllers/api/v1/webhooks_controller.rb +++ b/app/controllers/api/v1/webhooks_controller.rb @@ -55,7 +55,7 @@ module Api payload = request.body.read site.roles.where(temporal: false, rol: 'usuarie').pluck(:token).find do |token| new_signature = prepend + OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), token, payload) - ActiveSupport::SecurityUtils.secure_compare(new_signature, signature) + ActiveSupport::SecurityUtils.secure_compare(new_signature, signature.to_s) end.tap do |t| raise ActiveRecord::RecordNotFound, 'token no encontrado' if t.nil? end