From 6cd36d112152e09b798e3195382f031548d45199 Mon Sep 17 00:00:00 2001 From: David Bonner Date: Sun, 19 Feb 2017 16:36:03 -0500 Subject: [PATCH] Fix signature verificaton for Python 3.6 (#1) Signed-Off-By: David Bonner --- github_webhook/webhook.py | 7 ++++++- setup.py | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/github_webhook/webhook.py b/github_webhook/webhook.py index ee63241..24cabc1 100644 --- a/github_webhook/webhook.py +++ b/github_webhook/webhook.py @@ -3,6 +3,7 @@ import hmac import logging +import six from flask import abort, request @@ -21,6 +22,8 @@ def __init__(self, app, endpoint='/postreceive', secret=None): self._hooks = collections.defaultdict(list) self._logger = logging.getLogger('webhook') + if secret is not None and not isinstance(secret, six.binary_type): + secret = secret.encode('utf-8') self._secret = secret def hook(self, event_type='push'): @@ -50,9 +53,11 @@ def _postreceive(self): if digest is not None: sig_parts = _get_header('X-Hub-Signature').split('=', 1) + if not isinstance(digest, six.text_type): + digest = six.text_type(digest) if (len(sig_parts) < 2 or sig_parts[0] != 'sha1' - or not hmac.compare_digest(sig_parts[1], unicode(digest))): + or not hmac.compare_digest(sig_parts[1], digest)): abort(400, 'Invalid signature') event_type = _get_header('X-Github-Event') diff --git a/setup.py b/setup.py index 388ea76..647a1e3 100644 --- a/setup.py +++ b/setup.py @@ -8,7 +8,8 @@ author_email="achamberlai9@bloomberg.net, fphillips7@bloomberg.net, dkiss1@bloomberg.net, dbeer1@bloomberg.net", license='Apache 2.0', packages=["github_webhook"], - install_requires=['flask'], + install_requires=['flask', 'six'], + tests_require=['mock', 'nose'], classifiers=[ 'Development Status :: 4 - Beta',