Merge pull request #1169 from McFoggy/issue-1168

correct empty security token usage, fixes #1168
2025-11-11 16:05:49 +01:00 · 2016-04-14 14:03:36 +09:00
parent 443498433d 5d7346db91
commit ec307b84d3
2 changed files with 7 additions and 3 deletions
--- a/src/main/scala/gitbucket/core/service/WebHookService.scala
+++ b/src/main/scala/gitbucket/core/service/WebHookService.scala
@@ -109,10 +109,10 @@ trait WebHookService {
            def postContent = new UrlEncodedFormEntity(params, "UTF-8")
            httpPost.setEntity(postContent)

-            if (!webHook.token.isEmpty) {
+            if (webHook.token.exists(_.trim.nonEmpty)) {
              // TODO find a better way and see how to extract content from postContent
              val contentAsBytes = URLEncodedUtils.format(params, "UTF-8").getBytes("UTF-8")
-              httpPost.addHeader("X-Hub-Signature", XHub.generateHeaderXHubToken(XHubConverter.HEXA_LOWERCASE, XHubDigest.SHA1, webHook.token.orNull, contentAsBytes))
+              httpPost.addHeader("X-Hub-Signature", XHub.generateHeaderXHubToken(XHubConverter.HEXA_LOWERCASE, XHubDigest.SHA1, webHook.token.get, contentAsBytes))
            }

            val res = httpClient.execute(httpPost)
--- a/src/main/twirl/gitbucket/core/settings/edithooks.scala.html
+++ b/src/main/twirl/gitbucket/core/settings/edithooks.scala.html
@@ -136,9 +136,13 @@ $(function(){
    $("#test-modal-url").text(url)
    $("#test-report-modal").modal('show')
    $("#test-report").hide();
+    var targetUrl = '@url(repository)/settings/hooks/test?url=' + encodeURIComponent(url) + '&token=';
+    if (token) {
+      targetUrl = targetUrl + encodeURIComponent(token);
+    }
    $.ajax({
      method:'POST',
-      url:'@url(repository)/settings/hooks/test?url=' + encodeURIComponent(url) + '&token=' + encodeURIComponent(token),
+      url:targetUrl,
      success: function(e){
        //console.log(e);
        $('#test-report-tab a:first').tab('show');