Skip to content

GitHub POST to webhook receives 403 "Invalid signature" response #1

New issue
New issue
Open
Open
GitHub POST to webhook receives 403 "Invalid signature" response#1
@exarkun

Description

@exarkun
exarkun
opened on Oct 22, 2019

Expected Behavior

I expected GitHub to be able to sent events to codebot so codebot could announce them on IRC.

Actual Behavior

Codebot rejected GitHub's event with this response:

Connection: Keep-Alive
Content-Length: 17
Content-Type: text/html;charset=utf-8
Date: Tue, 22 Oct 2019 16:42:17 GMT
Server: WEBrick/1.3.1 (Ruby/2.3.1/2016-04-26)
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

Invalid signature

and codebot posted nothing to IRC.

Steps to Reproduce

I set up a new bot using the README for guidance. Essentially like this:

codebot network create freenode --host chat.freenode.net --nick lafs-gh --secure
codebot network update freenode --sasl-username lafs-gh --sasl-password .... --disable-nickserv
codebot integration create tahoe-lafs -c freenode/#tahoe-lafs

I took the endpoint and secret from the integration create output and plugged them in to GitHub. After some fiddling to get codebot to bind to the right address, I clicked the redeliver button on the GitHub webhook page.

It says it sent this request:

Request URL: http://tahoe-lafs.org:4567/2d3eb4c6-352e-4248-910b-67be65135997
Request method: POST
content-type: application/x-www-form-urlencoded
Expect: 
User-Agent: GitHub-Hookshot/795f661
X-GitHub-Delivery: 5492af00-f4e8-11e9-8612-cfdd4bb694a6
X-GitHub-Event: ping
X-Hub-Signature: sha1=74417aef889550452a96b878dee85f744355ca59

{
  "zen": "Non-blocking is better than blocking.",
  "hook_id": 151245967,
  "hook": {
    "type": "Repository",
    "id": 151245967,
    "name": "web",
    "active": true,
    "events": [
      "*"
    ],
    "config": {
      "content_type": "form",
      "insecure_ssl": "0",
      "secret": "********",
      "url": "http://tahoe-lafs.org:4567/REDACTED_ENDPOINT"
    },
    "updated_at": "2019-10-22T16:23:50Z",
    "created_at": "2019-10-22T16:23:50Z",
    "url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/hooks/151245967",
    "test_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/hooks/151245967/test",
    "ping_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/hooks/151245967/pings",
    "last_response": {
      "code": null,
      "status": "unused",
      "message": null
    }
  },
  "repository": {
    "id": 3007569,
    "node_id": "MDEwOlJlcG9zaXRvcnkzMDA3NTY5",
    "name": "tahoe-lafs",
    "full_name": "tahoe-lafs/tahoe-lafs",
    "private": false,
    "owner": {
      "login": "tahoe-lafs",
      "id": 1156454,
      "node_id": "MDEyOk9yZ2FuaXphdGlvbjExNTY0NTQ=",
      "avatar_url": "https://avatars1.githubusercontent.com/u/1156454?v=4",
      "gravatar_id": "",
      "url": "https://api.github.com/users/tahoe-lafs",
      "html_url": "https://github.com/tahoe-lafs",
      "followers_url": "https://api.github.com/users/tahoe-lafs/followers",
      "following_url": "https://api.github.com/users/tahoe-lafs/following{/other_user}",
      "gists_url": "https://api.github.com/users/tahoe-lafs/gists{/gist_id}",
      "starred_url": "https://api.github.com/users/tahoe-lafs/starred{/owner}{/repo}",
      "subscriptions_url": "https://api.github.com/users/tahoe-lafs/subscriptions",
      "organizations_url": "https://api.github.com/users/tahoe-lafs/orgs",
      "repos_url": "https://api.github.com/users/tahoe-lafs/repos",
      "events_url": "https://api.github.com/users/tahoe-lafs/events{/privacy}",
      "received_events_url": "https://api.github.com/users/tahoe-lafs/received_events",
      "type": "Organization",
      "site_admin": false
    },
    "html_url": "https://github.com/tahoe-lafs/tahoe-lafs",
    "description": "The Tahoe-LAFS decentralized secure filesystem.",
    "fork": false,
    "url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs",
    "forks_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/forks",
    "keys_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/keys{/key_id}",
    "collaborators_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/collaborators{/collaborator}",
    "teams_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/teams",
    "hooks_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/hooks",
    "issue_events_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/issues/events{/number}",
    "events_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/events",
    "assignees_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/assignees{/user}",
    "branches_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/branches{/branch}",
    "tags_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/tags",
    "blobs_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/git/blobs{/sha}",
    "git_tags_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/git/tags{/sha}",
    "git_refs_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/git/refs{/sha}",
    "trees_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/git/trees{/sha}",
    "statuses_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/statuses/{sha}",
    "languages_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/languages",
    "stargazers_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/stargazers",
    "contributors_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/contributors",
    "subscribers_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/subscribers",
    "subscription_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/subscription",
    "commits_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/commits{/sha}",
    "git_commits_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/git/commits{/sha}",
    "comments_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/comments{/number}",
    "issue_comment_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/issues/comments{/number}",
    "contents_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/contents/{+path}",
    "compare_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/compare/{base}...{head}",
    "merges_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/merges",
    "archive_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/{archive_format}{/ref}",
    "downloads_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/downloads",
    "issues_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/issues{/number}",
    "pulls_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/pulls{/number}",
    "milestones_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/milestones{/number}",
    "notifications_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/notifications{?since,all,participating}",
    "labels_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/labels{/name}",
    "releases_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/releases{/id}",
    "deployments_url": "https://api.github.com/repos/tahoe-lafs/tahoe-lafs/deployments",
    "created_at": "2011-12-18T19:33:55Z",
    "updated_at": "2019-10-22T15:00:34Z",
    "pushed_at": "2019-10-21T13:24:30Z",
    "git_url": "git://github.com/tahoe-lafs/tahoe-lafs.git",
    "ssh_url": "git@github.com:tahoe-lafs/tahoe-lafs.git",
    "clone_url": "https://github.com/tahoe-lafs/tahoe-lafs.git",
    "svn_url": "https://github.com/tahoe-lafs/tahoe-lafs",
    "homepage": "https://tahoe-lafs.org/",
    "size": 70991,
    "stargazers_count": 919,
    "watchers_count": 919,
    "language": "Python",
    "has_issues": false,
    "has_projects": false,
    "has_downloads": true,
    "has_wiki": false,
    "has_pages": false,
    "forks_count": 215,
    "mirror_url": null,
    "archived": false,
    "disabled": false,
    "open_issues_count": 18,
    "license": {
      "key": "other",
      "name": "Other",
      "spdx_id": "NOASSERTION",
      "url": null,
      "node_id": "MDc6TGljZW5zZTA="
    },
    "forks": 215,
    "open_issues": 18,
    "watchers": 919,
    "default_branch": "master"
  },
  "sender": {
    "login": "exarkun",
    "id": 254565,
    "node_id": "MDQ6VXNlcjI1NDU2NQ==",
    "avatar_url": "https://avatars1.githubusercontent.com/u/254565?v=4",
    "gravatar_id": "",
    "url": "https://api.github.com/users/exarkun",
    "html_url": "https://github.com/exarkun",
    "followers_url": "https://api.github.com/users/exarkun/followers",
    "following_url": "https://api.github.com/users/exarkun/following{/other_user}",
    "gists_url": "https://api.github.com/users/exarkun/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/exarkun/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/exarkun/subscriptions",
    "organizations_url": "https://api.github.com/users/exarkun/orgs",
    "repos_url": "https://api.github.com/users/exarkun/repos",
    "events_url": "https://api.github.com/users/exarkun/events{/privacy}",
    "received_events_url": "https://api.github.com/users/exarkun/received_events",
    "type": "User",
    "site_admin": false
  }
}

Ruby Version

ruby 2.3.1p112 (2016-04-26) [i386-linux-gnu]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions